{"report_id":"faeb34c2-a18c-4596-96ab-9fb091572679","version":6,"status":"done","tags":[],"date":"2026-03-24T02:53:57Z","url":{"schema":"https","addr":"telegram.autentifikator.ru/","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"title":"Unsupported Browser","dom":{"size":8503,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3804)","md5":"431ebb0acc61a7e243455d67f1b1471c","sha1":"acaac3a30a176ad3a2c50935186ecf1cc7bb2715","sha256":"90ff3ac3059c4d8db934a6cc2af189fa43851196800475cd13c3d3c8a3caa7c3","sha512":"0cfad277bd28af9e119b07f6d671f42ecb2e983f2fccfef5e11ffb74eb66c7430245c6f8dfeb4f8a5f7c52ea19ccd21337a9a4f70a86af50da93cc8a8a10ecda","ssdeep":"96:Rujt7WPkMcHP3CnPdI8D9kgwvAfz03pYxCG+msBTHSVTJQJnEzFBXtBLU:Ejt7WPkMc/CnTDwG03pY4lBTy1JQJuRW","tlshash":"ce022e12f758a43a33d7027930a1f04d52d2f487a3c4ba61b8fd65e15f0f9aa90f7a25","dom_hash":"domhash1ef3191b9cd007064457c22b6e78b42f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"telegram.autentifikator.ru/","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-28T02:53:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-24","alert":"Hunting_JS_WebAssembly","trigger":"telegram.autentifikator.ru/telegram-assets/rlottie-wasm.b8cd14b929a7127811bd.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null},"summary":[{"fqdn":"telegram.autentifikator.ru","ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2026-03-19","domain_rank":0,"first_seen":"2026-03-24T02:53:59.665329Z","last_seen":"2026-03-24T02:53:59.665329Z","alert_count":4,"request_count":35,"received_data":1950064,"sent_data":16018,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/6708.10cdbed8e69045b46718.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e07492952f9060c10269ae586dee7e10","sha1":"8ffcfc3b3986bbabd07079af658e780f22cb246e","sha256":"a900e2662b31447dbc6ef2385d165883ab8d3dc19d7a50510d9807c029bc1649","sha512":"a095b9c94ea11573b6f281d2d327fa572b5cffb3753b7d178fcaba39dd5b730b2e21eea7ce3f7b46857573f9f67853a02896fe489c4b6cef39a84948e7e2389a","ssdeep":"192:OeIKfyWQPKy61/Za7mBP+WiYUpahWqPBdLKM/GtiV0D1UYc1T:xIwyWFy6XtB+XYUshDPBRKMFY1UYc1T","tlshash":"2f12e996a131747e62aa84d5e2100b127a36d5587c09a2bdf73c7cfb2c9640a34bcf3c","size":9393,"data":"","first_seen":"2026-02-24T12:54:22.539958Z","last_seen":"2026-03-24T03:21:46.496465Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/redirect.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"17773b57b87a678c98e26a7cac72df6c","sha1":"7422857aa75ee81cabcec2eed6c4a6168f363ee1","sha256":"375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f","sha512":"28d9e1c2af08154e653e2291db46f4110edbf9f5591192f8d695c8852f9c3c755d69dfb5a032a45f51e0a3fc9417f16c20d0772b1225ca9b85e5531e12fa8bfc","ssdeep":"","tlshash":"e8e07dda0279030417e013f36d82b4709137c2fb604c5d028d984321a1b9b4f5b7b84f","size":325,"data":"","first_seen":"2023-07-27T09:32:34Z","last_seen":"2026-06-19T04:06:40.670544Z","times_seen":11512,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/compatTest.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f460d7154f427d10ee377c39b66f48aa","sha1":"1e84aad2bb3e4eeecdd1c62e2a12d1c6d4a159d9","sha256":"727e8544ec0cfa0aa34dc209cf38263e7cca704c5fc211f9b5c4275395c184a6","sha512":"313e3ae62c9641aec509c7774abf05e668343ce1763a5cb8e3db0a86449bd2d942b734cc841ac6ea816e51d7addfe6f5e540fed5c0f5b51dbf510a0b11c59fc7","ssdeep":"","tlshash":"e061162a4cb16171906d5126ef1fb24336298577160ceb7ca220cf397fb185b855fee8","size":3199,"data":"","first_seen":"2026-02-24T12:54:22.569026Z","last_seen":"2026-06-19T04:06:40.656707Z","times_seen":77,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram/tracker-init.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"97cac6dc20a7ba861562055f65915d3e","sha1":"1fa99af5f1ed7bfe50168e6ce7839654b68d7100","sha256":"a1b4d172df66f0f933a26007cf4ffa0ecd8c1b0f40a3fccd4fc74f24dcbbf264","sha512":"ce2cf9f43bf3c20fbfea0cf6b882be32879931e82dd20ed94847f6cbc1bbee3ffb2b9e0903604d720d450d31828e6312374fc8d88b4855616d55f5f8a20832ca","ssdeep":"","tlshash":"6351228119e310a2053b953787af820433bcd407484ee9123e5ce3787f65eae03babe0","size":3070,"data":"","first_seen":"2026-03-24T02:54:03.968838Z","last_seen":"2026-03-24T03:21:46.491413Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram/auth-flow.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"47a1690d1cf8137a7bd4dcc275a0a26c","sha1":"f8e3f4799cc829cea94b8c5a06ed60f1fa9cbd9f","sha256":"7130f6d88ee75596cec2002ffe8c8ad62d1dcdc34a2aa60424196c2ea2f9f6e8","sha512":"46f56b47913707161521a64da7dea6e825c8b6cdf9155b2303ed0f06a5d56eb1be77cedf072ea83111ba40c3bd667f46579fc8d9d32ee1dfa7cf6173bc12c327","ssdeep":"768:xiQnWKKVuc/K/khMuQi9AhUE0iomVkEbMS2USMfSo3tO:4QnWKKVuc/K5LuE0iDVkEbMS2USMfSoA","tlshash":"fde2726422f215618167b1b907df00057934e4177886cc583e6cc7892fabd6ad7f2bee","size":33613,"data":"","first_seen":"2026-03-24T02:54:03.956568Z","last_seen":"2026-03-24T03:21:46.49927Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/main.39a8a2cda48f23d84fcf.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c755e6b9cf00a5616246af7749f5baa0","sha1":"424733c8027012097e2c963e1a4b07d13c3cfd37","sha256":"e7a007990f966a45895a5381e681717ee56ff6cea75620e8783d66c51bd15abd","sha512":"da82117b27f5d87e9e8eae922b9073a9196befa0e560a312095391364afee85f2c9e95f12f5ba6b14520cadbc698e8f0e070401afccf37bfe7ee0d74f7093762","ssdeep":"12288:rgSb5oYhZDItfCg9rKLqbLnaLIqQi66KZM6KdW/QuQjv49Hk+EZm94ekH7VIi15b:/by2ZEfTf/Cf","tlshash":"2bb43cc571d674ea63e309e6a4ab0098b7395944380dc4a0f16dfce93d364aaa373f5c","size":538987,"data":"","first_seen":"2026-03-03T12:19:27.011282Z","last_seen":"2026-03-24T03:21:46.489539Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/shared-sdk.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ba3cc722db095fd1008ee568dd0eff8c","sha1":"a9050b0209aac291b89885631909018d85e8bf3c","sha256":"0d1c800772c2996714c078a146494bd732b952c8d7ed03b3f5252fbbe49b7912","sha512":"55f4032d5c9e2f6efe028e363704a30d9db7a999776bd15a384cf4ae9abc672057b741b3498e1ec231e581037e59e9dcf1acf1d2a2b237fb1ac6ac148f216fbe","ssdeep":"192:DfQMmoOoD9Q/CK5K4EiLVnamqAMtdJfGbzxIsu:Dh9TDBK5HEiL0xjI6su","tlshash":"60e1208a1df758301913602e87ff90553539a5033a4dec14bf6c8748af2dbae81b6e9c","size":7131,"data":"","first_seen":"2026-03-24T02:54:03.964956Z","last_seen":"2026-03-24T03:21:46.481065Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/app-config.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"aa0038053b48a460bf4fafc0d8ca9c8f","sha1":"0d698c866199cc6cae63276503e60bbfe95a0b39","sha256":"305abad4d3f0454d5ff9782f404c1442f95dc81a2ff463144a039b131e979024","sha512":"2581e6fe544790774e6d73502b4b25eb983da8be433819c2059a780a2ee544fe53f02016d40ff5a28851a6db2b13eba475ab0e25b601052c8dd52d67d5185fe6","ssdeep":"","tlshash":"6ac080d80f5d75f13c65d4104118ba4a3573c8725100b51461c4d4a709ede9155145f7","size":172,"data":"","first_seen":"2026-03-24T02:54:03.963587Z","last_seen":"2026-03-24T03:21:46.498135Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram/lottie.min.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"55bf86203909151984bef8cbe4739d64","sha1":"543e646b2ff86405b77bd2514b1aede8a8b4cbd8","sha256":"a0757321f974527bda3cc2593bf56cc7ffe4578421249ced6ae49ffb1c529f90","sha512":"8c49ee0edea37de7028ed850009f9e774313540fbee592a69547260c606fdaf508fd1127e85b88762c4b367413faf2aeb04da18539368acddc16fbf9c00f9282","ssdeep":"3072:xnEwejqNqAvPSIoPayIYzfq526QGK2y0mbsZmml+39xzKMTlB6k:xUjqNqAvPSIoPayIYzfq52tU1l4fRRBl","tlshash":"a85419597254343805c540a9806f0a4bb736292e246ac49cb76cf4ffacbde8d31beb75","size":305543,"data":"","first_seen":"2023-07-18T12:10:25Z","last_seen":"2026-06-19T08:27:18.301989Z","times_seen":2090,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/umami/script.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"191315be80746226f807d10f1eb2bad1","sha1":"c30c616414dabeb026a5d0f7583479a517e15187","sha256":"a1471487eb3e8eb93b1a9e056386019ff5eedadea29bbb725b5494fb2e9ad90a","sha512":"62ed43d4a5312894ef30bf9f4579778e8e40833c6321262eb23da81dce2ad0dd9046ff85fccf98f9b60084b170b43566bff83e23763b47dd63b9ae3f18901117","ssdeep":"","tlshash":"f851d7f53185f1f07f692490d17aa620b9392e73b81e4890a6fb4c462b2e40e9431d2c","size":2688,"data":"","first_seen":"2025-12-04T18:46:55.384354Z","last_seen":"2026-06-19T10:29:38.851394Z","times_seen":4461,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"telegram.autentifikator.ru/umami/api/send","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"POST /umami/api/send HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 729\r\nOrigin: https://telegram.autentifikator.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":729,"data":"{\"type\":\"event\",\"payload\":{\"website\":\"8a62abc5-2259-45dc-bd7d-d85da8fe9670\",\"screen\":\"1280x1024\",\"language\":\"en-US\",\"title\":\"Unsupported Browser\",\"hostname\":\"telegram.autentifikator.ru\",\"url\":\"https://telegram.autentifikator.ru/telegram\",\"referrer\":\"\",\"name\":\"step_phone_view\",\"data\":{\"variant_id\":\"telegram\",\"campaign_id\":null,\"source\":null,\"session_id\":\"e3359c42-60fd-4748-a42c-8403418d25e6\",\"user_id\":null,\"url_path\":\"/telegram\",\"url_query\":\"\",\"referrer\":null,\"locale\":\"en-US\",\"timezone\":\"UTC\",\"platform\":\"Win32\",\"user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"viewport\":\"1280x1024\",\"screen\":\"phone\",\"tg_platform\":null,\"tg_version\":null,\"status\":\"visible\",\"code_length\":null}}}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:37 GMT\r\nContent-Type: application/json\r\nContent-Length: 419\r\nConnection: keep-alive\r\nCache-Control: no-store\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":419,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f1e9c68e01ff71d5590d6fe9d1830e10","sha1":"030441b415ec058e692911ddb790565672cd0fc6","sha256":"73117527374ad492bd4734ec204f48a21d10412f00d7869384178ff7b5499940","sha512":"72f51e5ab9358fcdb7536ebff9a269c9e5b1492f7e1be64cd88d6bc99bbf544ea5863fe29cbeaffb512a6223e0962194dd6f0b3751eaa3f1bdce94197eaeb325","ssdeep":"","tlshash":"31e0abb214935aea702db6d195e04b294f89a996a669103920ee2504e824be3500bcee","first_seen":"2026-03-24T02:54:03.949461Z","last_seen":"2026-03-24T02:54:03.949461Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1068,"timings":{"blocked":77,"dns":1,"connect":38,"send":0,"wait":910,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:39.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/6805.2312af5a53e37863a680.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 7349\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7349,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (7295)","md5":"6b47308379004a8be391f392774afe22","sha1":"e4aa16d9de729116d4b2ce880ecc3e6b692addf4","sha256":"9781f714d90aefbff5afc86120f88078f9c050af0f3f5b2531e3b7cb73350e75","sha512":"b5fc14376ec727e84479cf147b298779e4f068534a0b3aaa3a468cf97fb83acc62fecf8c892f4207ef850739a062ee789a4e07e653d244830711051094ca4a38","ssdeep":"96:SiW936N68UBUKFGE7ZqZTFZ+dQupaX976INDgr2Bst41jpKZIMAbEzFWbBTtiDVk:SiMq8pK602DYh6Ej/EYbBTwxoXbJvos","tlshash":"d0e1b4d63752553ee3969dc9ad3e004360b2d92c39188164772a6cdb3d27dc1e0b2f93","first_seen":"2026-02-24T12:54:22.573899Z","last_seen":"2026-03-24T03:21:46.455393Z","times_seen":21,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/3345.31d084d1c18e002c811e.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js","date":"2026-03-24T02:53:40.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/3345.31d084d1c18e002c811e.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 2862\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2862,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2808)","md5":"8756788010fae58bb5ef0da83cf3b4d0","sha1":"9f03a4b72db207163c0f162b2e8a3f29441dfcbb","sha256":"1279fc624e2decb61e1a5ad96024c065d1d987981c55b8c9cd2d976189e25968","sha512":"18abd4453e99d98f4fa3f67d96e30a679711e1782e0ff3ef9544098e1c4d3e29084f81a268a1293e932b8939365badfa2e181327153d52c27be7bdfc26f691d3","ssdeep":"","tlshash":"89512b482a73387a2c6347a7f45737120d2413b23819f48316099eef8a7724f4b03f49","first_seen":"2026-02-24T12:54:22.544893Z","last_seen":"2026-03-24T03:21:46.494197Z","times_seen":21,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/rlottie-wasm.b8cd14b929a7127811bd.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js","date":"2026-03-24T02:53:40.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/rlottie-wasm.b8cd14b929a7127811bd.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 65537\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65537,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f9197a18681b7cc4f51b1911286902b0","sha1":"3f585990b02c98c9d787cb74c2a52fdf5d753b98","sha256":"bed5811a3341e35e206eaf3a0518c50edfe50ee9da37480286ac38ff29813c0d","sha512":"9679389c7ae84ee258a31c28e0da91ca3885c491f3e15e544d04c0bbb73c820e03ef8a834d96be0d29305534b18302f2b0110d9361e1d5f34a0fed38912550cd","ssdeep":"768:O6g4cP2yQ6eO0PDlgTdxHzvszXIn2B1ARnv76AeuFYNYjYxRrqhlr3NKR:O1Q6eOyQ5UzXpmK8y1alr8R","tlshash":"2c53e88535d9b0ab42837878946f310bf1ab6d52681c8410db1dd4dabcb4e49e63ffe8","first_seen":"2025-08-04T01:39:06.738468Z","last_seen":"2026-06-19T04:06:40.665223Z","times_seen":183,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":63,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-24","alert":"Hunting_JS_WebAssembly","trigger":"telegram.autentifikator.ru/telegram-assets/rlottie-wasm.b8cd14b929a7127811bd.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/main.0902f0cf255d884a7994.css","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/main.0902f0cf255d884a7994.css HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: text/css; charset=utf-8\r\nContent-Length: 128728\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":128728,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (12358)","md5":"f3bbd6d8490274212921cf19d65114d5","sha1":"c7957125a5fc5934fa39c2583874004d0d796ced","sha256":"490bd09634b88aa37ab93e5517f3fd264c0df8971abaffec1a23a96355d92888","sha512":"0a1f3553a0270968e668e31155291118f4de90f0233ce9248ffd0be44e4e933bb82d8dc5836f129a1e9fa208c039f6911f959431427a5970a7ebc0701f0be58e","ssdeep":"1536:JifxzJrsPQPsMkhQpRvIU8W+HYOpeRjfXGIs:YFJrsPQXEQWwg","tlshash":"6fc3e799e94411f9a723c23e97c4e76c9938e481de210fafb247615c07cb7ea12d2b58","first_seen":"2026-03-03T12:19:27.01216Z","last_seen":"2026-03-24T03:21:46.485569Z","times_seen":20,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":19,"dns":0,"connect":0,"send":0,"wait":186,"receive":58,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram/lottie.min.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram/lottie.min.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 305543\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":305543,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"55bf86203909151984bef8cbe4739d64","sha1":"543e646b2ff86405b77bd2514b1aede8a8b4cbd8","sha256":"a0757321f974527bda3cc2593bf56cc7ffe4578421249ced6ae49ffb1c529f90","sha512":"8c49ee0edea37de7028ed850009f9e774313540fbee592a69547260c606fdaf508fd1127e85b88762c4b367413faf2aeb04da18539368acddc16fbf9c00f9282","ssdeep":"3072:xnEwejqNqAvPSIoPayIYzfq526QGK2y0mbsZmml+39xzKMTlB6k:xUjqNqAvPSIoPayIYzfq52tU1l4fRRBl","tlshash":"a85419597254343805c540a9806f0a4bb736292e246ac49cb76cf4ffacbde8d31beb75","first_seen":"2023-07-18T12:10:25Z","last_seen":"2026-06-19T08:27:18.301989Z","times_seen":2090,"resource_available":true,"data":null}},"time_used":336,"timings":{"blocked":68,"dns":1,"connect":31,"send":0,"wait":74,"receive":109,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/3345.31d084d1c18e002c811e.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js","date":"2026-03-24T02:53:40.164Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/3345.31d084d1c18e002c811e.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 2862\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2862,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2808)","md5":"8756788010fae58bb5ef0da83cf3b4d0","sha1":"9f03a4b72db207163c0f162b2e8a3f29441dfcbb","sha256":"1279fc624e2decb61e1a5ad96024c065d1d987981c55b8c9cd2d976189e25968","sha512":"18abd4453e99d98f4fa3f67d96e30a679711e1782e0ff3ef9544098e1c4d3e29084f81a268a1293e932b8939365badfa2e181327153d52c27be7bdfc26f691d3","ssdeep":"","tlshash":"89512b482a73387a2c6347a7f45737120d2413b23819f48316099eef8a7724f4b03f49","first_seen":"2026-02-24T12:54:22.544893Z","last_seen":"2026-03-24T03:21:46.494197Z","times_seen":21,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/rlottie-wasm.b8cd14b929a7127811bd.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js","date":"2026-03-24T02:53:40.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/rlottie-wasm.b8cd14b929a7127811bd.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 65537\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65537,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f9197a18681b7cc4f51b1911286902b0","sha1":"3f585990b02c98c9d787cb74c2a52fdf5d753b98","sha256":"bed5811a3341e35e206eaf3a0518c50edfe50ee9da37480286ac38ff29813c0d","sha512":"9679389c7ae84ee258a31c28e0da91ca3885c491f3e15e544d04c0bbb73c820e03ef8a834d96be0d29305534b18302f2b0110d9361e1d5f34a0fed38912550cd","ssdeep":"768:O6g4cP2yQ6eO0PDlgTdxHzvszXIn2B1ARnv76AeuFYNYjYxRrqhlr3NKR:O1Q6eOyQ5UzXpmK8y1alr8R","tlshash":"2c53e88535d9b0ab42837878946f310bf1ab6d52681c8410db1dd4dabcb4e49e63ffe8","first_seen":"2025-08-04T01:39:06.738468Z","last_seen":"2026-06-19T04:06:40.665223Z","times_seen":183,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":64,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-24","alert":"Hunting_JS_WebAssembly","trigger":"telegram.autentifikator.ru/telegram-assets/rlottie-wasm.b8cd14b929a7127811bd.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-24T02:53:35.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:35 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLocation: /telegram\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8433,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-19T17:09:05.643349Z","times_seen":16553245,"resource_available":true,"data":null}},"time_used":314,"timings":{"blocked":138,"dns":73,"connect":30,"send":0,"wait":33,"receive":2,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-24T02:53:35.982Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8433,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3753)","md5":"109d29fb2a0142245296aa5f0adcd946","sha1":"dbefc1b7ed1b25b2577d11b4034de6402985838f","sha256":"d8365e5c063a6d96e08f37fd470cff91e088fbdd4234edd9e7f85955c8aa31ce","sha512":"2658eb0144482dad69e43f3fca884dad9887fef80b068a861d830c9502cee6f0b36871ce596a5a980f899b7ae83a9f9ffb25c1b1290af477daae2c44a43e98af","ssdeep":"96:538jXeWPkMcHP3Cn7dI8D9kgwE87TG+msxSZTJQJnEGA//6hqBLU:yjXeWPkMc/CnvDwjPlYRJQJy/6hqu","tlshash":"94022e12f794e43a32d7027930a1f00d42d2f487a384ba69b8fd65e11f0f9a991f7a60","first_seen":"2026-03-24T02:54:03.954409Z","last_seen":"2026-03-24T03:21:46.487684Z","times_seen":2,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/app-inactive.da3925145f0a7111c0f1.png","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:37.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/app-inactive.da3925145f0a7111c0f1.png HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:37 GMT\r\nContent-Type: image/png\r\nContent-Length: 66877\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":66877,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 682 x 524, 8-bit/color RGBA, non-interlaced","md5":"f3c200399b068d6ab7a5457dafd462bd","sha1":"b85ed73e0153a2714a63267146df85dc9ae68f74","sha256":"eb0b971681a01fdcba2c3c75fe90dc5c3acf4a892ea4c84ab7731d707ba5deb2","sha512":"51f1646c6388ffb5a3365f2e098cfd46bdd17c9ff7cabf9771d9368405fd65cb94d17e5c4980bf428523050f683d3af63dfd8d6a583a69fa96a74640044bcf16","ssdeep":"1536:Ue6WWKmoxiruzwb2CcAtcHsQfNApY8w8xzGcY:KQm+Auzwa3AtQsCA+8w8xdY","tlshash":"d363010a9015045bd0517aaf2dc51dcfab89c4cc3b593ff9505baa32f1e95187f8c8b2","first_seen":"2026-03-24T02:54:03.955429Z","last_seen":"2026-03-24T03:21:46.492989Z","times_seen":2,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":62,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/3345.31d084d1c18e002c811e.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js","date":"2026-03-24T02:53:40.170Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/3345.31d084d1c18e002c811e.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 2862\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2862,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2808)","md5":"8756788010fae58bb5ef0da83cf3b4d0","sha1":"9f03a4b72db207163c0f162b2e8a3f29441dfcbb","sha256":"1279fc624e2decb61e1a5ad96024c065d1d987981c55b8c9cd2d976189e25968","sha512":"18abd4453e99d98f4fa3f67d96e30a679711e1782e0ff3ef9544098e1c4d3e29084f81a268a1293e932b8939365badfa2e181327153d52c27be7bdfc26f691d3","ssdeep":"","tlshash":"89512b482a73387a2c6347a7f45737120d2413b23819f48316099eef8a7724f4b03f49","first_seen":"2026-02-24T12:54:22.544893Z","last_seen":"2026-03-24T03:21:46.494197Z","times_seen":21,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/rlottie-wasm.b8cd14b929a7127811bd.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js","date":"2026-03-24T02:53:40.216Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/rlottie-wasm.b8cd14b929a7127811bd.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 65537\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65537,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f9197a18681b7cc4f51b1911286902b0","sha1":"3f585990b02c98c9d787cb74c2a52fdf5d753b98","sha256":"bed5811a3341e35e206eaf3a0518c50edfe50ee9da37480286ac38ff29813c0d","sha512":"9679389c7ae84ee258a31c28e0da91ca3885c491f3e15e544d04c0bbb73c820e03ef8a834d96be0d29305534b18302f2b0110d9361e1d5f34a0fed38912550cd","ssdeep":"768:O6g4cP2yQ6eO0PDlgTdxHzvszXIn2B1ARnv76AeuFYNYjYxRrqhlr3NKR:O1Q6eOyQ5UzXpmK8y1alr8R","tlshash":"2c53e88535d9b0ab42837878946f310bf1ab6d52681c8410db1dd4dabcb4e49e63ffe8","first_seen":"2025-08-04T01:39:06.738468Z","last_seen":"2026-06-19T04:06:40.665223Z","times_seen":183,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":61,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-24","alert":"Hunting_JS_WebAssembly","trigger":"telegram.autentifikator.ru/telegram-assets/rlottie-wasm.b8cd14b929a7127811bd.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram/auth-flow.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram/auth-flow.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 33613\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33613,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"47a1690d1cf8137a7bd4dcc275a0a26c","sha1":"f8e3f4799cc829cea94b8c5a06ed60f1fa9cbd9f","sha256":"7130f6d88ee75596cec2002ffe8c8ad62d1dcdc34a2aa60424196c2ea2f9f6e8","sha512":"46f56b47913707161521a64da7dea6e825c8b6cdf9155b2303ed0f06a5d56eb1be77cedf072ea83111ba40c3bd667f46579fc8d9d32ee1dfa7cf6173bc12c327","ssdeep":"768:xiQnWKKVuc/K/khMuQi9AhUE0iomVkEbMS2USMfSo3tO:4QnWKKVuc/K5LuE0iDVkEbMS2USMfSoA","tlshash":"fde2726422f215618167b1b907df00057934e4177886cc583e6cc7892fabd6ad7f2bee","first_seen":"2026-03-24T02:54:03.956568Z","last_seen":"2026-03-24T03:21:46.49927Z","times_seen":2,"resource_available":true,"data":null}},"time_used":187,"timings":{"blocked":112,"dns":0,"connect":0,"send":0,"wait":73,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/pattern.fa865e0fbfbe1e9b54e7.svg","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/pattern.fa865e0fbfbe1e9b54e7.svg HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 507420\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":507420,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"dad5d137fd49d6f77c9b6f57a22e38dc","sha1":"195b9cc18ae08ccc83334b29223699345fa5e2fa","sha256":"20ab743df20e869076d07d4ede3ca20d8b24acce9bb7f8c6defdfe04f48c3389","sha512":"06be7961e5bb7a27feb400359d2656abff6d4cdfd9f2292d1cf4fb0e4cb9dfa0acf69ec756e43b68caacdb403d7b48dd620bdfa859844fac273a0633d694461d","ssdeep":"1536:r6dVa5Wuk9H6kR9EieWel5LSkX4U5u3I/5BPvZEEmVTcH2GQHn3auGT4TvfoFH9z:kJMiA9sK","tlshash":"e0b478174311c7bafea9452ca8402498b5d0eddbe4b4f1d4bb6b6406d88c4e4ba8c7fd","first_seen":"2026-03-24T02:54:03.957627Z","last_seen":"2026-06-19T04:06:40.650696Z","times_seen":17,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":105,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/umami/script.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /umami/script.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 2688\r\nConnection: keep-alive\r\nCache-Control: public, max-age=300\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2688,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2687)","md5":"191315be80746226f807d10f1eb2bad1","sha1":"c30c616414dabeb026a5d0f7583479a517e15187","sha256":"a1471487eb3e8eb93b1a9e056386019ff5eedadea29bbb725b5494fb2e9ad90a","sha512":"62ed43d4a5312894ef30bf9f4579778e8e40833c6321262eb23da81dce2ad0dd9046ff85fccf98f9b60084b170b43566bff83e23763b47dd63b9ae3f18901117","ssdeep":"","tlshash":"f851d7f53185f1f07f692490d17aa620b9392e73b81e4890a6fb4c462b2e40e9431d2c","first_seen":"2025-12-04T18:46:55.384354Z","last_seen":"2026-06-19T10:29:38.851394Z","times_seen":4461,"resource_available":true,"data":null}},"time_used":52,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/umami/api/send","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"POST /umami/api/send HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 712\r\nOrigin: https://telegram.autentifikator.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":712,"data":"{\"type\":\"event\",\"payload\":{\"website\":\"8a62abc5-2259-45dc-bd7d-d85da8fe9670\",\"screen\":\"1280x1024\",\"language\":\"en-US\",\"title\":\"Unsupported Browser\",\"hostname\":\"telegram.autentifikator.ru\",\"url\":\"https://telegram.autentifikator.ru/telegram\",\"referrer\":\"\",\"name\":\"session_start\",\"data\":{\"variant_id\":\"telegram\",\"campaign_id\":null,\"source\":null,\"session_id\":\"e3359c42-60fd-4748-a42c-8403418d25e6\",\"user_id\":null,\"url_path\":\"/telegram\",\"url_query\":\"\",\"referrer\":null,\"locale\":\"en-US\",\"timezone\":\"UTC\",\"platform\":\"Win32\",\"user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"viewport\":\"1280x1024\",\"screen\":\"1280x1024\",\"tg_platform\":null,\"tg_version\":null,\"status\":\"started\"}}}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:37 GMT\r\nContent-Type: application/json\r\nContent-Length: 419\r\nConnection: keep-alive\r\nCache-Control: no-store\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":419,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f1e9c68e01ff71d5590d6fe9d1830e10","sha1":"030441b415ec058e692911ddb790565672cd0fc6","sha256":"73117527374ad492bd4734ec204f48a21d10412f00d7869384178ff7b5499940","sha512":"72f51e5ab9358fcdb7536ebff9a269c9e5b1492f7e1be64cd88d6bc99bbf544ea5863fe29cbeaffb512a6223e0962194dd6f0b3751eaa3f1bdce94197eaeb325","ssdeep":"","tlshash":"31e0abb214935aea702db6d195e04b294f89a996a669103920ee2504e824be3500bcee","first_seen":"2026-03-24T02:54:03.949461Z","last_seen":"2026-03-24T02:54:03.949461Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1087,"timings":{"blocked":82,"dns":1,"connect":42,"send":0,"wait":922,"receive":0,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/inline-icon.svg","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:37.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/inline-icon.svg HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:37 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 307\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":307,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e10aa2f81d600c1f643c86d481af51d2","sha1":"e963e40b057b8a295c15c19b218a591fc832de6f","sha256":"1e253d3f513bbf831c7e7da3e513cf8d4177f7f398c1fad87809d393a58c1697","sha512":"279554fcd216c54b8a8d8f6628e80eaf5d531c395964b80ee101789658e936f46336b32cb6c47cbe63a61021154545212e895bbb7aa0a83ddbc24393542af06f","ssdeep":"","tlshash":"1ee072bac3488a28922af33ceb342130200fa0ae40a707ab42808b3022e70c2e5080d4","first_seen":"2024-11-26T07:10:40.966853Z","last_seen":"2026-05-09T11:42:32.52934Z","times_seen":526,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:39.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/6805.2312af5a53e37863a680.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 7349\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7349,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (7295)","md5":"6b47308379004a8be391f392774afe22","sha1":"e4aa16d9de729116d4b2ce880ecc3e6b692addf4","sha256":"9781f714d90aefbff5afc86120f88078f9c050af0f3f5b2531e3b7cb73350e75","sha512":"b5fc14376ec727e84479cf147b298779e4f068534a0b3aaa3a468cf97fb83acc62fecf8c892f4207ef850739a062ee789a4e07e653d244830711051094ca4a38","ssdeep":"96:SiW936N68UBUKFGE7ZqZTFZ+dQupaX976INDgr2Bst41jpKZIMAbEzFWbBTtiDVk:SiMq8pK602DYh6Ej/EYbBTwxoXbJvos","tlshash":"d0e1b4d63752553ee3969dc9ad3e004360b2d92c39188164772a6cdb3d27dc1e0b2f93","first_seen":"2026-02-24T12:54:22.573899Z","last_seen":"2026-03-24T03:21:46.455393Z","times_seen":21,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:39.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/6805.2312af5a53e37863a680.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 7349\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7349,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (7295)","md5":"6b47308379004a8be391f392774afe22","sha1":"e4aa16d9de729116d4b2ce880ecc3e6b692addf4","sha256":"9781f714d90aefbff5afc86120f88078f9c050af0f3f5b2531e3b7cb73350e75","sha512":"b5fc14376ec727e84479cf147b298779e4f068534a0b3aaa3a468cf97fb83acc62fecf8c892f4207ef850739a062ee789a4e07e653d244830711051094ca4a38","ssdeep":"96:SiW936N68UBUKFGE7ZqZTFZ+dQupaX976INDgr2Bst41jpKZIMAbEzFWbBTtiDVk:SiMq8pK602DYh6Ej/EYbBTwxoXbJvos","tlshash":"d0e1b4d63752553ee3969dc9ad3e004360b2d92c39188164772a6cdb3d27dc1e0b2f93","first_seen":"2026-02-24T12:54:22.573899Z","last_seen":"2026-03-24T03:21:46.455393Z","times_seen":21,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/3345.31d084d1c18e002c811e.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js","date":"2026-03-24T02:53:40.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/3345.31d084d1c18e002c811e.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 2862\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2862,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2808)","md5":"8756788010fae58bb5ef0da83cf3b4d0","sha1":"9f03a4b72db207163c0f162b2e8a3f29441dfcbb","sha256":"1279fc624e2decb61e1a5ad96024c065d1d987981c55b8c9cd2d976189e25968","sha512":"18abd4453e99d98f4fa3f67d96e30a679711e1782e0ff3ef9544098e1c4d3e29084f81a268a1293e932b8939365badfa2e181327153d52c27be7bdfc26f691d3","ssdeep":"","tlshash":"89512b482a73387a2c6347a7f45737120d2413b23819f48316099eef8a7724f4b03f49","first_seen":"2026-02-24T12:54:22.544893Z","last_seen":"2026-03-24T03:21:46.494197Z","times_seen":21,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/main.39a8a2cda48f23d84fcf.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/main.39a8a2cda48f23d84fcf.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 538994\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":538994,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65488), with no line terminators","md5":"c755e6b9cf00a5616246af7749f5baa0","sha1":"424733c8027012097e2c963e1a4b07d13c3cfd37","sha256":"e7a007990f966a45895a5381e681717ee56ff6cea75620e8783d66c51bd15abd","sha512":"da82117b27f5d87e9e8eae922b9073a9196befa0e560a312095391364afee85f2c9e95f12f5ba6b14520cadbc698e8f0e070401afccf37bfe7ee0d74f7093762","ssdeep":"12288:rgSb5oYhZDItfCg9rKLqbLnaLIqQi66KZM6KdW/QuQjv49Hk+EZm94ekH7VIi15b:/by2ZEfTf/Cf","tlshash":"2bb43cc571d674ea63e309e6a4ab0098b7395944380dc4a0f16dfce93d364aaa373f5c","first_seen":"2026-03-03T12:19:27.011282Z","last_seen":"2026-03-24T03:21:46.489539Z","times_seen":20,"resource_available":true,"data":null}},"time_used":517,"timings":{"blocked":57,"dns":1,"connect":28,"send":0,"wait":81,"receive":308,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/unsupported.png","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /unsupported.png HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"9e076f5885f5cc16a4b5aeb8de4adff5","sha1":"475c848673a3f79fa778f01c2bd5a721d4c41707","sha256":"e3ebaa16dd9d9b9fc107c42183fb6cf9d22927e1af03dbbdfa0ccc38e4e4ac31","sha512":"4d384838c78c74f56de20de3fe125b9fe4d40b7c9fb5d767b647f05aede6bf63431f4f08ac464e188e77b227becc3ab4ba86272f30b53d91b15003d814e06d2e","ssdeep":"","tlshash":"4a50000c3000030c0000003000c00030000c03000c0000300000c00c000000000000cc","first_seen":"2023-04-05T14:05:15Z","last_seen":"2026-06-19T17:17:06.036152Z","times_seen":9117,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:39.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/6805.2312af5a53e37863a680.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: worker\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 7349\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7349,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (7295)","md5":"6b47308379004a8be391f392774afe22","sha1":"e4aa16d9de729116d4b2ce880ecc3e6b692addf4","sha256":"9781f714d90aefbff5afc86120f88078f9c050af0f3f5b2531e3b7cb73350e75","sha512":"b5fc14376ec727e84479cf147b298779e4f068534a0b3aaa3a468cf97fb83acc62fecf8c892f4207ef850739a062ee789a4e07e653d244830711051094ca4a38","ssdeep":"96:SiW936N68UBUKFGE7ZqZTFZ+dQupaX976INDgr2Bst41jpKZIMAbEzFWbBTtiDVk:SiMq8pK602DYh6Ej/EYbBTwxoXbJvos","tlshash":"d0e1b4d63752553ee3969dc9ad3e004360b2d92c39188164772a6cdb3d27dc1e0b2f93","first_seen":"2026-02-24T12:54:22.573899Z","last_seen":"2026-03-24T03:21:46.455393Z","times_seen":21,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/rlottie-wasm.b8cd14b929a7127811bd.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js","date":"2026-03-24T02:53:40.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/rlottie-wasm.b8cd14b929a7127811bd.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://telegram.autentifikator.ru/telegram-assets/6805.2312af5a53e37863a680.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:40 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 65537\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65537,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f9197a18681b7cc4f51b1911286902b0","sha1":"3f585990b02c98c9d787cb74c2a52fdf5d753b98","sha256":"bed5811a3341e35e206eaf3a0518c50edfe50ee9da37480286ac38ff29813c0d","sha512":"9679389c7ae84ee258a31c28e0da91ca3885c491f3e15e544d04c0bbb73c820e03ef8a834d96be0d29305534b18302f2b0110d9361e1d5f34a0fed38912550cd","ssdeep":"768:O6g4cP2yQ6eO0PDlgTdxHzvszXIn2B1ARnv76AeuFYNYjYxRrqhlr3NKR:O1Q6eOyQ5UzXpmK8y1alr8R","tlshash":"2c53e88535d9b0ab42837878946f310bf1ab6d52681c8410db1dd4dabcb4e49e63ffe8","first_seen":"2025-08-04T01:39:06.738468Z","last_seen":"2026-06-19T04:06:40.665223Z","times_seen":183,"resource_available":true,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":60,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-24","alert":"Hunting_JS_WebAssembly","trigger":"telegram.autentifikator.ru/telegram-assets/rlottie-wasm.b8cd14b929a7127811bd.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/chat-bg-br.3b09afa867133135546b.png","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.495Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/chat-bg-br.3b09afa867133135546b.png HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: image/png\r\nContent-Length: 2940\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2940,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGB, non-interlaced","md5":"62c84901e6ca1a7482e887933ed47e42","sha1":"5cb5d22bf54822592642d227da05654ac02dbb3e","sha256":"fb7781569d340ed0adb36ca52828a66115a3a8d52293590dcac9fc8db2c57866","sha512":"c10718e3abbc5bcad2d058ad853b0d056a346e60a0cedddf05d50f859d1495799e840ff90c6bb458f7768d819bf35a809ace5f98e43eaf227d223075332e6540","ssdeep":"","tlshash":"45514b48bd0727c0cd4d1b7942de4601cf63c25196a4f6adf2aeea522fb03c1269609b","first_seen":"2026-03-24T02:54:03.961414Z","last_seen":"2026-06-19T04:06:40.662063Z","times_seen":17,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/api/event","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"POST /api/event HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 164\r\nOrigin: https://telegram.autentifikator.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":164,"data":"{\"session_id\":\"e3359c42-60fd-4748-a42c-8403418d25e6\",\"user_id\":null,\"variant_id\":\"telegram\",\"campaign_id\":null,\"source\":null,\"step\":\"phone_view\",\"status\":\"visible\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 11\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET,POST,OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type, X-Admin-Token, X-Leads-Token\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"82380d1e263b6093f3c7535690fcdd75","sha1":"022d91f218046ab2e61cac1eb13d6a718f75df2b","sha256":"4062edaf750fb8074e7e83e0c9028c94e32468a8b6f1614774328ef045150f93","sha512":"180ea3cf6e7a00cb12ecff7ce095b8cef1921621de681a64e5e53e3efc0cf6053e557205f2bdb9b9d5af4de3d54c79d1c9b1c474b83897590c647b1e92d9c93a","ssdeep":"","tlshash":"2a500003000c0030c00003000300ff30000300300000000c000c3000033000c0003c03","first_seen":"2023-04-05T15:24:10Z","last_seen":"2026-06-19T17:10:04.366102Z","times_seen":10996,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/notification.mp3","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /notification.mp3 HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: audio/mpeg\r\nContent-Length: 0\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"audio/mpeg","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-19T17:09:05.643349Z","times_seen":16553245,"resource_available":true,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":52,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/app-config.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /app-config.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 172\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":172,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"aa0038053b48a460bf4fafc0d8ca9c8f","sha1":"0d698c866199cc6cae63276503e60bbfe95a0b39","sha256":"305abad4d3f0454d5ff9782f404c1442f95dc81a2ff463144a039b131e979024","sha512":"2581e6fe544790774e6d73502b4b25eb983da8be433819c2059a780a2ee544fe53f02016d40ff5a28851a6db2b13eba475ab0e25b601052c8dd52d67d5185fe6","ssdeep":"","tlshash":"6ac080d80f5d75f13c65d4104118ba4a3573c8725100b51461c4d4a709ede9155145f7","first_seen":"2026-03-24T02:54:03.963587Z","last_seen":"2026-03-24T03:21:46.498135Z","times_seen":2,"resource_available":true,"data":null}},"time_used":202,"timings":{"blocked":67,"dns":1,"connect":38,"send":0,"wait":49,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/shared-sdk.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /shared-sdk.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 7131\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7131,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"ba3cc722db095fd1008ee568dd0eff8c","sha1":"a9050b0209aac291b89885631909018d85e8bf3c","sha256":"0d1c800772c2996714c078a146494bd732b952c8d7ed03b3f5252fbbe49b7912","sha512":"55f4032d5c9e2f6efe028e363704a30d9db7a999776bd15a384cf4ae9abc672057b741b3498e1ec231e581037e59e9dcf1acf1d2a2b237fb1ac6ac148f216fbe","ssdeep":"192:DfQMmoOoD9Q/CK5K4EiLVnamqAMtdJfGbzxIsu:Dh9TDBK5HEiL0xjI6su","tlshash":"60e1208a1df758301913602e87ff90553539a5033a4dec14bf6c8748af2dbae81b6e9c","first_seen":"2026-03-24T02:54:03.964956Z","last_seen":"2026-03-24T03:21:46.481065Z","times_seen":2,"resource_available":true,"data":null}},"time_used":195,"timings":{"blocked":67,"dns":1,"connect":39,"send":0,"wait":44,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/6708.10cdbed8e69045b46718.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:39.823Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/6708.10cdbed8e69045b46718.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:39 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 9393\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9393,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (9339)","md5":"e07492952f9060c10269ae586dee7e10","sha1":"8ffcfc3b3986bbabd07079af658e780f22cb246e","sha256":"a900e2662b31447dbc6ef2385d165883ab8d3dc19d7a50510d9807c029bc1649","sha512":"a095b9c94ea11573b6f281d2d327fa572b5cffb3753b7d178fcaba39dd5b730b2e21eea7ce3f7b46857573f9f67853a02896fe489c4b6cef39a84948e7e2389a","ssdeep":"192:OeIKfyWQPKy61/Za7mBP+WiYUpahWqPBdLKM/GtiV0D1UYc1T:xIwyWFy6XtB+XYUshDPBRKMFY1UYc1T","tlshash":"2f12e996a131747e62aa84d5e2100b127a36d5587c09a2bdf73c7cfb2c9640a34bcf3c","first_seen":"2026-02-24T12:54:22.539958Z","last_seen":"2026-03-24T03:21:46.496465Z","times_seen":21,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/redirect.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/redirect.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 325\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":325,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text","md5":"17773b57b87a678c98e26a7cac72df6c","sha1":"7422857aa75ee81cabcec2eed6c4a6168f363ee1","sha256":"375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f","sha512":"28d9e1c2af08154e653e2291db46f4110edbf9f5591192f8d695c8852f9c3c755d69dfb5a032a45f51e0a3fc9417f16c20d0772b1225ca9b85e5531e12fa8bfc","ssdeep":"","tlshash":"e8e07dda0279030417e013f36d82b4709137c2fb604c5d028d984321a1b9b4f5b7b84f","first_seen":"2023-07-27T09:32:34Z","last_seen":"2026-06-19T04:06:40.670544Z","times_seen":11512,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram-assets/compatTest.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram-assets/compatTest.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 3199\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3199,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (413)","md5":"f460d7154f427d10ee377c39b66f48aa","sha1":"1e84aad2bb3e4eeecdd1c62e2a12d1c6d4a159d9","sha256":"727e8544ec0cfa0aa34dc209cf38263e7cca704c5fc211f9b5c4275395c184a6","sha512":"313e3ae62c9641aec509c7774abf05e668343ce1763a5cb8e3db0a86449bd2d942b734cc841ac6ea816e51d7addfe6f5e540fed5c0f5b51dbf510a0b11c59fc7","ssdeep":"","tlshash":"e061162a4cb16171906d5126ef1fb24336298577160ceb7ca220cf397fb185b855fee8","first_seen":"2026-02-24T12:54:22.569026Z","last_seen":"2026-06-19T04:06:40.656707Z","times_seen":77,"resource_available":true,"data":null}},"time_used":276,"timings":{"blocked":61,"dns":1,"connect":33,"send":0,"wait":137,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/telegram/tracker-init.js","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"GET /telegram/tracker-init.js HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:36 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 3070\r\nConnection: keep-alive\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3070,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"97cac6dc20a7ba861562055f65915d3e","sha1":"1fa99af5f1ed7bfe50168e6ce7839654b68d7100","sha256":"a1b4d172df66f0f933a26007cf4ffa0ecd8c1b0f40a3fccd4fc74f24dcbbf264","sha512":"ce2cf9f43bf3c20fbfea0cf6b882be32879931e82dd20ed94847f6cbc1bbee3ffb2b9e0903604d720d450d31828e6312374fc8d88b4855616d55f5f8a20832ca","ssdeep":"","tlshash":"6351228119e310a2053b953787af820433bcd407484ee9123e5ce3787f65eae03babe0","first_seen":"2026-03-24T02:54:03.968838Z","last_seen":"2026-03-24T03:21:46.491413Z","times_seen":2,"resource_available":true,"data":null}},"time_used":142,"timings":{"blocked":110,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"telegram.autentifikator.ru/umami/api/send","fqdn":"telegram.autentifikator.ru","domain":"autentifikator.ru","tld":"ru"},"ip":{"addr":"141.98.190.101","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://telegram.autentifikator.ru/telegram","date":"2026-03-24T02:53:36.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"telegram.autentifikator.ru","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Mar 2026 16:39:31 GMT","end":"Wed, 17 Jun 2026 16:39:30 GMT"},"fingerprint":{"sha1":"5E:61:B3:E4:7C:E5:09:8A:06:6E:E5:44:A5:B7:35:FD:F2:3B:B6:9E","sha256":"7B:6E:7F:AD:78:1F:2B:8E:19:C2:44:3A:46:65:23:F7:95:36:BC:E6:DA:4B:A7:80:C9:A3:40:C7:43:E0:99:71"}}},"request":{"raw":"POST /umami/api/send HTTP/1.1\r\nHost: telegram.autentifikator.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 253\r\nOrigin: https://telegram.autentifikator.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":253,"data":"{\"type\":\"event\",\"payload\":{\"website\":\"8a62abc5-2259-45dc-bd7d-d85da8fe9670\",\"screen\":\"1280x1024\",\"language\":\"en-US\",\"title\":\"Unsupported Browser\",\"hostname\":\"telegram.autentifikator.ru\",\"url\":\"https://telegram.autentifikator.ru/telegram\",\"referrer\":\"\"}}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Tue, 24 Mar 2026 02:53:38 GMT\r\nContent-Type: application/json\r\nContent-Length: 419\r\nConnection: keep-alive\r\nCache-Control: no-store\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains; preload\r\nX-Frame-Options: SAMEORIGIN, DENY\r\nX-Content-Type-Options: nosniff, nosniff\r\nX-XSS-Protection: 1; mode=block, 1; mode=block\r\nReferrer-Policy: no-referrer-when-downgrade, no-referrer\r\nPermissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), interest-cohort=()\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":419,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f1e9c68e01ff71d5590d6fe9d1830e10","sha1":"030441b415ec058e692911ddb790565672cd0fc6","sha256":"73117527374ad492bd4734ec204f48a21d10412f00d7869384178ff7b5499940","sha512":"72f51e5ab9358fcdb7536ebff9a269c9e5b1492f7e1be64cd88d6bc99bbf544ea5863fe29cbeaffb512a6223e0962194dd6f0b3751eaa3f1bdce94197eaeb325","ssdeep":"","tlshash":"31e0abb214935aea702db6d195e04b294f89a996a669103920ee2504e824be3500bcee","first_seen":"2026-03-24T02:54:03.949461Z","last_seen":"2026-03-24T02:54:03.949461Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1125,"timings":{"blocked":85,"dns":2,"connect":28,"send":0,"wait":951,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}