| tgtgtg.pages.dev/crypto.worker.1e1106c2eed88d1bff05.chunk.js | 172.66.46.213 | 200 OK | 0 B |
URL GET HTTP/3tgtgtg.pages.dev/crypto.worker.1e1106c2eed88d1bff05.chunk.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /crypto.worker.1e1106c2eed88d1bff05.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
Connection: keep-alive
Sec-Fetch-Dest: sharedworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-None-Match: W/"ddf7a0dc0aae19ef26710e79460b2db9"
TE: trailers
HTTP/3 304 Not Modified
date: Wed, 24 Apr 2024 04:57:14 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=htoE9JL%2B%2BZqhdgRv%2B%2BZHOiKQdio3IzYODOiPR9b%2Be2dNoEpUtM7rB2KsDgdcoBfc1Clg920JKZS1Y%2FOnwRsdwuWzM%2FVm37uiofun%2F1xDqq34BAEXhjQOTwe23F0SmIM5i%2B6h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e6cdfdb51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/npm.pako.f16d6f756c34f3914132.chunk.js | 172.66.46.213 | | 0 B |
URL tgtgtg.pages.dev/npm.pako.f16d6f756c34f3914132.chunk.js IP172.66.46.213:0
CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /npm.pako.f16d6f756c34f3914132.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tgtgtg.pages.dev/mtproto.worker.a7353b4d09f7ae6723a5.chunk.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"0692c248336f3fcd0f19d0cb32e6b550"
TE: trailers
HTTP/3 304 Not Modified
date: Wed, 24 Apr 2024 04:57:14 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z47MrXYCQy%2B2Jez7655o%2Fdwcpgnq%2Bj%2F%2FuI1FhxSRhjqfjqBT75V02pSjdJGF7Ys0tI5WceKqThOwzF0nHnSV5caE3ph2Nr9c%2FW8et3L68aidZlRHW7oOgGW0OpF5ZCEDL%2FEF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e77e6bb51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry | 172.66.46.213 | 200 OK | 1.0 kB |
URL GET HTTP/3tgtgtg.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashe3ce05eb00b3215df220efaf0fd06e21 d1533966f79dc2984c34317035f31cf3c91298c9 0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /assets/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: image/png
content-length: 1012
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "164bab244d543d9719126be57e7b82f4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2BNgo0%2BZs8mw6QycPjBI%2FZhdRwHzhyxxiy5XZQVgK9j7PHu1YyEai6ZylFo28cZIW15Mhnyxn2x%2F1vNA%2BYLjJnmmgMwpwRAM3EiA%2FM0ivTYaTZMnOfTf93hey6edoShGZJ%2BG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e72e3ab51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry | 172.66.46.213 | 200 OK | 9.0 kB |
URL GET HTTP/3tgtgtg.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
File typePNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced Hash87fecdadac0beb95f9b7c87b3b3236f0 822f92446c0033a32462aa21208efaef1f0d8c3c 25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: image/png
content-length: 9024
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "c35bd3231a46b7b8c79b2578bdec4987"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hKSKkeW0B%2FW%2BQFaZK1TDLpjjoeB%2BTJz1bM4klfTcxFHy81RRO4lSfwa4SGqQVXjMrmsp15oAcTz%2BsZE5aA27GTev0IiTT0lRGLuM20onzxlN%2BlSodZdmkWfWYqmcUcJSxmoB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e72e39b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/npm.big-integer.a7ea0f3283af2967a6ae.chunk.js | 172.66.46.213 | | 0 B |
URL tgtgtg.pages.dev/npm.big-integer.a7ea0f3283af2967a6ae.chunk.js IP172.66.46.213:0
CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /npm.big-integer.a7ea0f3283af2967a6ae.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tgtgtg.pages.dev/mtproto.worker.a7353b4d09f7ae6723a5.chunk.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"a6adeec64b6e9d706dbc977357855ffc"
TE: trailers
HTTP/3 304 Not Modified
date: Wed, 24 Apr 2024 04:57:14 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5C8Jm0EJ5HXM5mBFMRO0ui%2BDY9J9bkBCHUTjRmCwhBdUU%2BWyYytix3Ee2NDhyFUeK1rWmm%2F9J%2B8prUkT%2F%2B%2B20%2F0ahLnbbNuV77T3CDuLvEK%2FNBkaEzh2b5dOjqvcouDCfWnc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e7feb6b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/437.c838e1c54ca086c1ad69.bundle.js | 172.66.46.213 | 200 OK | 0 B |
URL GET HTTP/3tgtgtg.pages.dev/437.c838e1c54ca086c1ad69.bundle.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /437.c838e1c54ca086c1ad69.bundle.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tgtgtg.pages.dev/crypto.worker.1e1106c2eed88d1bff05.chunk.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"f61f7c11080873bd41155d1e8b27d329"
TE: trailers
HTTP/3 304 Not Modified
date: Wed, 24 Apr 2024 04:57:14 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qvEmy1E8FGr4oMhWEWIKJcbHk%2FVS2w8aRJWVYzCc6NwMuPljra9%2FyyEoGvNPtVdiEm4KT00Y5d9CwsEwELLo6uuAAY5k4kiv3oKaH%2F8E8L9r%2ByBqQHA%2FiUSUZ3ffbvotO%2BvH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e80ebab51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/953.a9c1e444676d9797e587.chunk.js | 172.66.46.213 | 200 OK | 0 B |
URL GET HTTP/3tgtgtg.pages.dev/953.a9c1e444676d9797e587.chunk.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /953.a9c1e444676d9797e587.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tgtgtg.pages.dev/mtproto.worker.a7353b4d09f7ae6723a5.chunk.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"21a92239275eeac9901d74b0b14a1c6b"
TE: trailers
HTTP/3 304 Not Modified
date: Wed, 24 Apr 2024 04:57:14 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ekpXsPoaf4IqnUUfXXoIDqVIm0h2mBzmq8dypeJdL5FaQ0PKvwpUx5mFuT2TKmtTWzrXpduTnUrFPDIqnuabUv4rNjfoZ%2FS08nbLui7Pde63C4UgxU4tcpT69bKfI2xNeac7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e82ec7b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/194.6d86456472ba5cb9dd4b.chunk.js | 172.66.46.213 | 200 OK | 329 kB |
URL GET HTTP/3tgtgtg.pages.dev/194.6d86456472ba5cb9dd4b.chunk.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size329 kB (329218 bytes) Hash90d3ff9931a700698fc4ad666d4168fc 85b72731333179414d1e65d404bf6cfd5036dad5 822cf94f912b0ba3ea218dd4d576ee05b1feb9163f947fa0566fb05e30305f29
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /194.6d86456472ba5cb9dd4b.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"4b81721b29f436517a875d8fc235e680"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aXEaf%2BZAzeGhedq%2BGXJBwyIVQeqSVL3uXm1M4ae0It0okRjvYDjS3pgUVwZenpzRStLZ%2BaeLsZ%2BrUtj5pCoIeXAHjU3mFaM0FkgdeXxNkWPcwHarbVvlGu0VMwyFF%2Fysuv7e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e74e44b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/953.a9c1e444676d9797e587.chunk.js | 172.66.46.213 | 200 OK | 15 kB |
URL GET HTTP/3tgtgtg.pages.dev/953.a9c1e444676d9797e587.chunk.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashad75edb8cc5ae8321cd4f3980b3bb3d1 6099e4204787ce675e279de290028379bd858de3 da1658b448cb80fef5ca423868150c2a1d24224f0cd9eba02fdeec326db21259
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /953.a9c1e444676d9797e587.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"21a92239275eeac9901d74b0b14a1c6b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pxWUdjT1o1G6BE6H%2FcBTX8Ghh675fOt4VEdU2nR4TiiYb24cvRIo4Mnk1piYb6fhyr5oEUn4RMbHmuYpFWSaVSLwhDwnEKxidpw3nCGLNrW0V%2FYPgbi%2BFWHuhGKonQ1M%2FyWu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e73e40b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/npm.pako.f16d6f756c34f3914132.chunk.js | 172.66.46.213 | | 0 B |
URL tgtgtg.pages.dev/npm.pako.f16d6f756c34f3914132.chunk.js IP172.66.46.213:0
CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /npm.pako.f16d6f756c34f3914132.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tgtgtg.pages.dev/mtproto.worker.a7353b4d09f7ae6723a5.chunk.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"0692c248336f3fcd0f19d0cb32e6b550"
TE: trailers
HTTP/3 304 Not Modified
date: Wed, 24 Apr 2024 04:57:14 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2FdjgrhE6IfKbGh0DlCACXIcjY1rTjgXAEsQEU0yQctUXioLOykapJ0ivH0h7ufS4P5Arbo6vxS08zfK75virwEbOGa1xtG0c4GXq%2BmSP7SbMrFoiYgIXWJmi7yWWQJQpT9h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e95f4db51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/npm.pako.f16d6f756c34f3914132.chunk.js | 172.66.46.213 | | 0 B |
URL tgtgtg.pages.dev/npm.pako.f16d6f756c34f3914132.chunk.js IP172.66.46.213:0
CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /npm.pako.f16d6f756c34f3914132.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tgtgtg.pages.dev/mtproto.worker.a7353b4d09f7ae6723a5.chunk.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"0692c248336f3fcd0f19d0cb32e6b550"
TE: trailers
HTTP/3 304 Not Modified
date: Wed, 24 Apr 2024 04:57:14 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=97ugJFyEPVZbJIOi0Yvu5e3WcbqC0tjyMezeC7my7T%2B1anLmAgUbrL1nBx2Y6fiuAu96bQvg6scNm2ZsWrAahh6VSzYErPPnIb11YIlAcq8%2BcDF49hmPM8PvHImWxnZL1%2FFT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e96f53b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/npm.big-integer.a7ea0f3283af2967a6ae.chunk.js | 172.66.46.213 | | 7.0 kB |
URL tgtgtg.pages.dev/npm.big-integer.a7ea0f3283af2967a6ae.chunk.js IP172.66.46.213:0
CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
File typeJavaScript source, ASCII text, with very long lines (21339), with CRLF line terminators Hashb4cce16d35ecc84bbc3a449f1fcc555c 9b21f6d70dfd698593b122f257036e17a686fb97 d47b972aea1f85c2ed1bb28031d11795f78b3f00d53f276cba6a1d34128ead33
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /npm.big-integer.a7ea0f3283af2967a6ae.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tgtgtg.pages.dev/crypto.worker.1e1106c2eed88d1bff05.chunk.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"a6adeec64b6e9d706dbc977357855ffc"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OeEp%2BvcPijFtweOlLZKR7brs0UZq1iTI5lDNdM26bqgCJZjMO1WqVhm05rw3fAQMjYr42d5WRHt2aCPu3EA39jLSDV7JWgah6NSbQ711P1dbyUXV2mV2AxRIHPUuY0tp9OOr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e78e6db51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| venus.web.telegram.org/apiw1 | 149.154.167.99 | | 169 B |
URL venus.web.telegram.org/apiw1 IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashc2a982d42f89274763eef2a44fe01030 86e6d53f6478cdd0c05611093d9c55a953454af7 d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a
POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
Content-Length: 0
Origin: https://tgtgtg.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: nginx/1.18.0
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2
|
|
| tgtgtg.pages.dev/npm.big-integer.a7ea0f3283af2967a6ae.chunk.js | 172.66.46.213 | | 0 B |
URL tgtgtg.pages.dev/npm.big-integer.a7ea0f3283af2967a6ae.chunk.js IP172.66.46.213:0
CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /npm.big-integer.a7ea0f3283af2967a6ae.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tgtgtg.pages.dev/mtproto.worker.a7353b4d09f7ae6723a5.chunk.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"a6adeec64b6e9d706dbc977357855ffc"
TE: trailers
HTTP/3 304 Not Modified
date: Wed, 24 Apr 2024 04:57:14 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IZ74WenRbf9c%2FBcCfDpx1J%2F30p2o6zNo08iNfXGDvSllfrm3aGZsJuuJ9yH%2FCmCZekFrbpg8RoMhCNCsyuLptKP2V%2BAQzKTGQHDaNb9TvAgH7AyOJn1HNI8%2BL7GRJuUzVF0t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e9bf80b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| venus.web.telegram.org/apiw1 | 149.154.167.99 | | 169 B |
URL venus.web.telegram.org/apiw1 IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
File typeHTML document, ASCII text, with CRLF line terminators Hashc2a982d42f89274763eef2a44fe01030 86e6d53f6478cdd0c05611093d9c55a953454af7 d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a
POST /apiw1 HTTP/1.1
Host: venus.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
Content-Length: 0
Origin: https://tgtgtg.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: nginx/1.18.0
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: text/html
content-length: 169
pragma: no-cache
cache-control: no-store
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: origin, content-type
access-control-max-age: 1728000
X-Firefox-Spdy: h2
|
|
| tgtgtg.pages.dev/npm.big-integer.a7ea0f3283af2967a6ae.chunk.js | 172.66.46.213 | | 0 B |
URL tgtgtg.pages.dev/npm.big-integer.a7ea0f3283af2967a6ae.chunk.js IP172.66.46.213:0
CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /npm.big-integer.a7ea0f3283af2967a6ae.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tgtgtg.pages.dev/mtproto.worker.a7353b4d09f7ae6723a5.chunk.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"a6adeec64b6e9d706dbc977357855ffc"
TE: trailers
HTTP/3 304 Not Modified
date: Wed, 24 Apr 2024 04:57:14 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qf3HdZlteeO3wzb5NQPreoKjqvmJEH%2Fta58qmLGdNzJUfdI0LsuyC8RAjnuoM2AoVzWPXJv%2F%2FZvMqbfnn2EwTkRVRxhTyOrsHhP8b10mTMinY1i6TKJIOx4lj5knR7L1ia8Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e9df89b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/437.c838e1c54ca086c1ad69.bundle.js | 172.66.46.213 | 200 OK | 0 B |
URL GET HTTP/3tgtgtg.pages.dev/437.c838e1c54ca086c1ad69.bundle.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /437.c838e1c54ca086c1ad69.bundle.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tgtgtg.pages.dev/mtproto.worker.a7353b4d09f7ae6723a5.chunk.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"f61f7c11080873bd41155d1e8b27d329"
TE: trailers
HTTP/3 304 Not Modified
date: Wed, 24 Apr 2024 04:57:14 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O3Zs1ThRgfRRpyzdPcxqbDrKN45aKZPZtKNSgZuPYPWQqIrbOTg4H88%2Bplqlt50hucdC6AbkrCGiDp9rWk9xyTWP7g7tskbNArt0puSwZAvgy4LJ06NJtd36yye3%2BJelaPE2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e9df90b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tgtgtg.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LyeU7Ne6p4BCmGoLJXwyKA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 04:57:14 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HwfYzw1FNJXDyPtqz4wx5efsjUo=
Sec-WebSocket-Protocol: binary
|
|
| tgtgtg.pages.dev/npm.big-integer.a7ea0f3283af2967a6ae.chunk.js | 172.66.46.213 | | 0 B |
URL tgtgtg.pages.dev/npm.big-integer.a7ea0f3283af2967a6ae.chunk.js IP172.66.46.213:0
CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /npm.big-integer.a7ea0f3283af2967a6ae.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tgtgtg.pages.dev/mtproto.worker.a7353b4d09f7ae6723a5.chunk.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"a6adeec64b6e9d706dbc977357855ffc"
TE: trailers
HTTP/3 304 Not Modified
date: Wed, 24 Apr 2024 04:57:14 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K7zYI%2BHlnHEd8%2FIlHGhSmhuVdppCX0S%2Bzx1G7gLcCu5fUA62FnvZrd4IZ0ER5CgbyIctsGOzSy%2BnVBi2ZkyAnukAO093%2BsVr2SfwYesrb4jNbe4wlWY8lucShQeylkiUdhFq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e9ffa3b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/437.c838e1c54ca086c1ad69.bundle.js | 172.66.46.213 | 200 OK | 0 B |
URL GET HTTP/3tgtgtg.pages.dev/437.c838e1c54ca086c1ad69.bundle.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /437.c838e1c54ca086c1ad69.bundle.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tgtgtg.pages.dev/mtproto.worker.a7353b4d09f7ae6723a5.chunk.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"f61f7c11080873bd41155d1e8b27d329"
TE: trailers
HTTP/3 304 Not Modified
date: Wed, 24 Apr 2024 04:57:14 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pt2fY%2F6m7xIjZGcR1DteO1SA%2FqNaERmzMn4Kf6uFTYC115k6iDYmMaK1%2BdnF7lebxavUJ62e7nA4wN5KI6YTpeQ942KMSf4NWGEbA%2Bz8iXw5ACoQH6i5xersCphGx%2BsKWiQv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e9ffabb51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/437.c838e1c54ca086c1ad69.bundle.js | 172.66.46.213 | 200 OK | 0 B |
URL GET HTTP/3tgtgtg.pages.dev/437.c838e1c54ca086c1ad69.bundle.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /437.c838e1c54ca086c1ad69.bundle.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tgtgtg.pages.dev/mtproto.worker.a7353b4d09f7ae6723a5.chunk.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"f61f7c11080873bd41155d1e8b27d329"
TE: trailers
HTTP/3 304 Not Modified
date: Wed, 24 Apr 2024 04:57:14 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wtV1dYu28tfRRjB1IdZS3XTJj5aY4ZIfI%2F7M9smD%2BrdepU%2FFZwH9u5JwYolM7bydNxTM%2BafwKbXK2dmJuiGvyM1nUkcspT1FI1dq5pLEw3bA70mkdzqZZjYAfgW9xgIB1OB7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382ea1fb7b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tgtgtg.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AWHymP0F73BL5ajsqwJbTg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 04:57:14 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: uW+Lqt1rVbJJFFFjdPC06fjChNk=
Sec-WebSocket-Protocol: binary
|
|
| kws2.web.telegram.org/apiws | 149.154.167.99 | | 0 B |
URL kws2.web.telegram.org/apiws IP149.154.167.99:0 ASN#62041 Telegram Messenger Inc
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tgtgtg.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: I7xe283USFJM0S+rLTM5/A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 24 Apr 2024 04:57:14 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hl7vlT+GWpnj0rZj34cgO+gG0Sg=
Sec-WebSocket-Protocol: binary
|
|
| tgtgtg.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 | 172.66.46.213 | 200 OK | 11 kB |
URL GET HTTP/3tgtgtg.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11056, version 1.0 Hash07db243db21ed0a6b4ff05ff429686b7 5d62925fdd7ed8e80f206d095ed093994f13d276 ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://tgtgtg.pages.dev/main.cfeec47247082afdfa73.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: font/woff2
content-length: 11056
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "d0122a2078b736d8f34c46ec02e88eb0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vn17mheqHMQzDEvjXki95OZkKm5%2FW85fy2QDpT%2FCb5dycyL8%2BpQHxcHq36NIUAy%2FWGpZdd0U3rNXDjyYcbE8kXqUMogDPaDv847Ou2TsryQiIbsA7tNaXKzlN%2BtsAn7vWGRQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382ea7fefb51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 | 172.66.46.213 | 200 OK | 11 kB |
URL GET HTTP/3tgtgtg.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11016, version 1.0 Hash15fa3062f8929bd3b05fdca5259db412 6ff06a34f68ad0324ddec1bbe4d453c959178b36 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://tgtgtg.pages.dev/main.cfeec47247082afdfa73.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: font/woff2
content-length: 11016
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "741b4527b63febbccc571bad3f4f23cf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PWxn0vx%2BmOcMqDI3EtCdhXY88kTedyEdxXtkt%2BMTil5wsiMNKmeCcH4rwatgqAUBd5Gd0RR05NVTJh%2BprS%2FY7KTU4XZzWBo65HThq8N2shsG%2BtzMj6hBwSNjv6ip0SSZFPzI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382ea8ff2b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/assets/img/logo_padded.svg | 172.66.46.213 | 200 OK | 1.1 kB |
URL GET HTTP/3tgtgtg.pages.dev/assets/img/logo_padded.svg IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
File typeSVG Scalable Vector Graphics image Hash60c58dcbb2ef9968748fe3878a2c6dff dacac165b656bf03221f85b1843e1c7d8cb0b2ac 6fd7169d2c3cbfeed8e04a542d371c3d8504d5a69268b78deb6691703216f502
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /assets/img/logo_padded.svg HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:16 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"a1f590bae69ca5471ebc6fdea4a2caca"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vXZ3SmUtJDmvWL7PpZaxIUVODeVweBRdkkzUy65qAuDtX235BeQrp8yo2Tw8%2F%2BlBbO0EOAarnpiPcij3ntcGzl590hO0S50bapQLBfqVKbnqpe2%2FNc7ff2L0H2ov4joT24pQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382f7ff4db51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/style-desktop.de205d0ae0e0c2493363.css | 172.66.46.213 | 200 OK | 355 B |
URL GET HTTP/3tgtgtg.pages.dev/style-desktop.de205d0ae0e0c2493363.css IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
File typeASCII text, with very long lines (359), with no line terminators Hash036f80f6cbfcaa3758d8e54b9eaf8343 c620b81e475542d67babd2fba890fe1e9439daaa 4bb8b3f4fab47ff92478b25ccf8c858fbb03606f48074f6dae337a3c16332b51
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /style-desktop.de205d0ae0e0c2493363.css HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:13 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"dc06036d61940796b1f9aac1c5884718"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FOPEaNf3e%2FVATxM1MIIbz6qfHLfx4P1mLadVJNoBpaK8VL6%2BfMwwddS0qe10sQMv23y%2BBdfsoj3K6d2MXImx2TD9cjR%2FVuMRHrf%2BUpeEtuVNwdZdH00ORkdjaMjR8tyDfDYP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e4cbe0b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/npm.qr-code-styling.5c8af6e9c411419a66e1.chunk.js | 172.66.46.213 | 200 OK | 65 kB |
URL GET HTTP/3tgtgtg.pages.dev/npm.qr-code-styling.5c8af6e9c411419a66e1.chunk.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /npm.qr-code-styling.5c8af6e9c411419a66e1.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ef83bb1578576608ae15394a2d3d6fb0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0vzOcirU55Uxb30%2BbcS4EbSKkrDSpl6Xm%2BOl3l%2BrO6sOSyOzPHdxAqtuFDXY91XSCB1ctAu9%2F2S9HrF58mJNqD9tr1O%2BSm%2Ftmot1qt6jmvIqB5kuj5dnc6cF8y%2BwRKhRcbPW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e9bf79b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 172.66.46.213 | 200 OK | 11 kB |
URL User Request GET HTTP/2IP172.66.46.213:443
CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
File typeHTML document, ASCII text, with very long lines (8250), with CRLF line terminators Hash8ec4b9f7172ca2313be2e8faf4def343 36acb5a7ad7cacd33d878c18d33b960494dc4cbc 30f1431f1bb9907ac494b130596267475d74937a0673a4692e1337fc94cf9d26
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET / HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 04:57:13 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"6b6159be027f347bf53d74b40aa21e37"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nJvWQHPEAG2z6nSPktxM2fBOXSZjKEpRzis681Pog6iYYmzZV14ics9XDMz%2B9kNfExEBl7YqmeR9nK%2BFtu0jFsCDeJzqQqZvvrG7qRKqVziusLKZxMVmPXC6aNTulWdtiwuW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e2dc66b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| tgtgtg.pages.dev/main.cfeec47247082afdfa73.css | 172.66.46.213 | 200 OK | 387 kB |
URL GET HTTP/3tgtgtg.pages.dev/main.cfeec47247082afdfa73.css IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Size387 kB (387381 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /main.cfeec47247082afdfa73.css HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:13 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"164bc3db6d3f0f145c4a3dcca26b3cc4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tMWPE6wMJVW7H7OioTjQzMLOTWY7YQerXpd7ynLy1cYb%2FxLbWHQtWtH6asNfCStah%2B94fCkqI8XlGbKMMot8f561%2BzOwYQB1l54QcWw6plQQDjVw7T0DlIVbUvY%2Bqjamr3WI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e4cbdfb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/709.4c2facc565490ae3dd33.chunk.js | 172.66.46.213 | 200 OK | 5.3 kB |
URL GET HTTP/3tgtgtg.pages.dev/709.4c2facc565490ae3dd33.chunk.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
File typeJavaScript source, ASCII text, with very long lines (5449), with no line terminators Hasheef5ef388b548e42ae12734ab2dd4d5b 96e0b3e1247782586c80e1fd9948d3c898135195 42aa981376d2291593a581405f304312597f56482e0cc68db95f63af963174cb
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /709.4c2facc565490ae3dd33.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b67e7c1eb0bb00043db6ec7f6c1c35d9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5qw2WxlMLn60dUGQclmSwwcMYTOCNBNhgSxS3tj4us9EhTq05nEn%2FaQUFpe4yPlruMZ2YFMFKfpxvZ8hb%2F0DdE%2FOu9uFbMZGw9wX4QrCYZ0KgVLkMBb6NtiXqKE%2F%2BVtUFbHq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e74e45b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/773.e1a126c156026a9a591c.bundle.js | 172.66.46.213 | 200 OK | 26 kB |
URL GET HTTP/3tgtgtg.pages.dev/773.e1a126c156026a9a591c.bundle.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /773.e1a126c156026a9a591c.bundle.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:13 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"20baf6dd2981ed60ccc5f3bb7db3b686"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LEMaX94MhZAgD8ijUNH61U4zUqnqBIgo2WZkf%2BD12A5XNxvvtAT%2BddV2e6VbkVWcEGqiOTloOfQk%2F2XDUVYaK7jLsodqdb%2FtO0duW4XdgKF2f%2BEbxG%2F3%2F0Zk6SK%2FxJvqKAjV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e4dbe2b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/104.d2dcaecf3096868faf56.chunk.js | 172.66.46.213 | 200 OK | 53 kB |
URL GET HTTP/3tgtgtg.pages.dev/104.d2dcaecf3096868faf56.chunk.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /104.d2dcaecf3096868faf56.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"d834fd040bd908b3c02bf24a2bcb4088"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ceiji4Dp9%2BRly5SWB1k9k8VR47FXETKAdMvpcPa3dkRCq5TJgmYq06XocZuorINsoBEtPBRcVJ3takTFrLg47gPZNI0a6My6UK7Zk4b5r6BLWPuqfZp66uebrQOqqRnD8nhX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e69dbbb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/8.2a5c88b8ffabc366242b.chunk.js | 172.66.46.213 | 200 OK | 23 kB |
URL GET HTTP/3tgtgtg.pages.dev/8.2a5c88b8ffabc366242b.chunk.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /8.2a5c88b8ffabc366242b.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"53be4d5f7e8c1e981d16b353fd46b182"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XiJiPgnTm0XZBl9%2Biz3YwP1dFAFXDP5cPam0AryommjweLAh7iAmQ8GNNQMAWVR8AbQkjQlS8Jy8ox0%2F7agXRpoGdkH4Uw%2Fh3QiCRW5u3Db73ZaVSJynlikFAtNp8UuRL1tx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e69dc0b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/main.01fb870dd61b44a0b199.bundle.js | 172.66.46.213 | 200 OK | 61 kB |
URL GET HTTP/3tgtgtg.pages.dev/main.01fb870dd61b44a0b199.bundle.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /main.01fb870dd61b44a0b199.bundle.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:13 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"9b1a267011a066170bb6f33bb7e3a68f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sooC4UxnZeCulqO4gL7%2F5IYvwiFhJ%2BaI1tWAzvS0yYFjOyVSVIWRJoEhuSOWpIjKrpF%2F4oKwomRN%2BXFKzrnkaE4lKw9T7KbiuV91vQ4dcYO4DltX6Mwi6QeCyehf8IaCiqaa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e4dbe4b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| tgtgtg.pages.dev/301.5beb25e1ca4f91ab78d0.chunk.js | 172.66.46.213 | 200 OK | 1.7 kB |
URL GET HTTP/3tgtgtg.pages.dev/301.5beb25e1ca4f91ab78d0.chunk.js IP172.66.46.213:443
Requested byhttps://tgtgtg.pages.dev/ CertificateIssuerGoogle Trust Services LLC Subjecttgtgtg.pages.dev FingerprintD6:D7:91:87:3B:02:DB:B1:A7:07:CC:CC:F6:53:5F:75:7A:77:DF:A8 ValiditySat, 23 Mar 2024 17:19:37 GMT - Fri, 21 Jun 2024 17:19:36 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (1781), with no line terminators Hashc254060c1916f5d79e1a3bc6220a812a 9492209f2842adbf2c32665f74b918a52602f588 c6cef9e323586b8ff5f4d7c8aad1d661aab65bcbe3bf71831c976310a45c74b6
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /301.5beb25e1ca4f91ab78d0.chunk.js HTTP/1.1
Host: tgtgtg.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tgtgtg.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 24 Apr 2024 04:57:14 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"94dd38ba55c835993d4b52d99051c07d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCZFzPIX15GgIYUF2DHxODohncP4785HEFgFh0uUl%2BpTRd1nwNy%2B4kQ%2FsHH9PM8YH%2FSp5Tx4X%2BtJlrUAMkKJBaYDvJLdF66lVizTYFZVaet3VcxJC7k3wHVs%2Fe4M%2FSVrPBth"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879382e69dbeb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|