Report - tw-dj0.pages.dev/

Report Overview

Submitted URL
tw-dj0.pages.dev/
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 04:32:49
Access
public
Website Title
Telegram Web
Final URL
tw-dj0.pages.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
96

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
tw-dj0.pages.dev	unknown	unknown	No data	No data	10 kB	1.2 MB	188.114.97.1
twv.gonewest.topmoto.pl	unknown	2011-07-09	2024-03-27	2024-03-27	838 B	1.2 kB	76.76.21.93
kws2.web.telegram.org	49675	2003-12-15	2021-06-23	2024-04-15	2.3 kB	872 B	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram
2024-04-16	medium	tw-dj0.pages.dev/	Telegram

PhishTank

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	tw-dj0.pages.dev/index-KevWqk89.js	Other
2024-04-16	medium	tw-dj0.pages.dev/crypto.worker-9wi-02Dm.js	Other
2024-04-16	medium	tw-dj0.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry	Other
2024-04-16	medium	tw-dj0.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry	Other
2024-04-16	medium	tw-dj0.pages.dev/textToSvgURL-Z4O-nL1S.js	Other
2024-04-16	medium	tw-dj0.pages.dev/page-h4-JFMdU.js	Other
2024-04-16	medium	tw-dj0.pages.dev/mtproto.worker-g-qIvUmp.js	Other
2024-04-16	medium	tw-dj0.pages.dev/pageSignQR-9_AZc9Zh.js	Other
2024-04-16	medium	tw-dj0.pages.dev/	Other
2024-04-16	medium	tw-dj0.pages.dev/_commonjsHelpers-5-cIlDoe.js	Other
2024-04-16	medium	tw-dj0.pages.dev/qr-code-styling-ogpV7fl-.js	Other
2024-04-16	medium	tw-dj0.pages.dev/index-a3UEjh-7.css	Other
2024-04-16	medium	tw-dj0.pages.dev/lang-zHzLTv6f.js	Other
2024-04-16	medium	tw-dj0.pages.dev/countries-lRU-UavE.js	Other
2024-04-16	medium	tw-dj0.pages.dev/qr-code-styling-ogpV7fl-.js	Other
2024-04-16	medium	tw-dj0.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2	Other
2024-04-16	medium	tw-dj0.pages.dev/langSign-lcKrqmwM.js	Other
2024-04-16	medium	tw-dj0.pages.dev/putPreloader-UPXgnht_.js	Other
2024-04-16	medium	tw-dj0.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2	Other
2024-04-16	medium	tw-dj0.pages.dev/button-2EiMqoep.js	Other
2024-04-16	medium	tw-dj0.pages.dev/putPreloader-UPXgnht_.js	Other
2024-04-16	medium	tw-dj0.pages.dev/_commonjsHelpers-5-cIlDoe.js	Other
2024-04-16	medium	tw-dj0.pages.dev/assets/img/logo_padded.svg	Other
2024-04-16	medium	tw-dj0.pages.dev/button-2EiMqoep.js	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	tw-dj0.pages.dev/countries-lRU-UavE.js	24 kB	2024-01-17	2024-04-29
Pretty URL tw-dj0.pages.dev/countries-lRU-UavE.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-17 06:06:06 Last Seen2024-04-29 19:54:47 Times Seen210 Hash 8629decc51355f74113da86fd8068fe8 d15ccf55d00895dc5d608570afc32348f92904d4 8528a55ba5d25bb2b6463f369b7a2046c08ced5f20256978a06119c0d50d08a2 Loading...

	tw-dj0.pages.dev/page-h4-JFMdU.js	10 kB	2024-04-17	2024-04-17
Pretty URL tw-dj0.pages.dev/page-h4-JFMdU.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-17 06:32:56 Last Seen2024-04-17 06:32:56 Times Seen2 Hash ce10f25ca7abcecc4b3619f85fef181e cfc9ac15ac52239c6c0164c1014ab3af0455bec3 d813b32d2e72eac30aec8e8ca5316b1d89c1fe921a2e6e34cf7deb0266c5f176 Loading...

	tw-dj0.pages.dev/textToSvgURL-Z4O-nL1S.js	357 B	2024-01-17	2024-04-29
Pretty URL tw-dj0.pages.dev/textToSvgURL-Z4O-nL1S.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-01-17 06:06:07 Last Seen2024-04-29 19:54:47 Times Seen320 Hash cca1508d96dbfce74dcbaed756d04955 c539ff84caf27c4b22e498662644c07e6893c19a 36cb02e59322028c02c5365bd56cbd129b3eb2fb4aaec625160ca2dc9786a4bd Loading...

	tw-dj0.pages.dev/pageSignQR-9_AZc9Zh.js	5.7 kB	2024-04-17	2024-04-17
Pretty URL tw-dj0.pages.dev/pageSignQR-9_AZc9Zh.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 06:32:56 Last Seen2024-04-17 06:32:56 Times Seen2 Hash 112d42f86d11a91c015bff5d765098b1 7c54af3076512daba57f12b3a19f0139cd36ab93 996785acfb0bf84bc3d2a424b2cfbbb41139d8ccf0dbf3fb9017f34806be2be5 Loading...

	tw-dj0.pages.dev/_commonjsHelpers-5-cIlDoe.js	290 B	2024-01-17	2024-04-28
Pretty URL tw-dj0.pages.dev/_commonjsHelpers-5-cIlDoe.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-01-17 06:06:06 Last Seen2024-04-28 06:04:05 Times Seen250 Hash fbb884c7112ff8c4ddb8edc410daae6f 299a8b374572849f5028264e3a7f2e71273f1d06 a8df41d98a0fa3d1cb8c8661377ac1a572beb9cd0b68e968f92d69f7c8331483 Loading...

	tw-dj0.pages.dev/qr-code-styling-ogpV7fl-.js	66 kB	2024-01-17	2024-04-28
Pretty URL tw-dj0.pages.dev/qr-code-styling-ogpV7fl-.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-17 06:06:07 Last Seen2024-04-28 06:04:05 Times Seen190 Hash 692f467d3bba699553f0dbf68094d72f 67582d4bc87b34a61c43ae8f7f3862562d65efa8 6c4900d40f3335423817340edddd7655d96e707156923fcf3cbf5a6520008d6e Loading...

	tw-dj0.pages.dev/index-KevWqk89.js	131 kB	2024-04-17	2024-04-17
Pretty URL tw-dj0.pages.dev/index-KevWqk89.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 06:32:56 Last Seen2024-04-17 06:32:56 Times Seen2 Hash 6867c5123bc060de024a45f53c4b13e3 aad5cb01918d434062d18bec3ace47d9949b65b8 15cc80dc07602e9328a1875e6e3561d8d13ca2f5e0861da3289818a30fcce4f5 Loading...

	tw-dj0.pages.dev/langSign-lcKrqmwM.js	1.6 kB	2024-01-17	2024-04-29
Pretty URL tw-dj0.pages.dev/langSign-lcKrqmwM.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-17 06:06:06 Last Seen2024-04-29 19:54:47 Times Seen114 Hash 044169c42b6e355439c8fcc5fa4ecc57 5933a11ae125770fe2e3e2deb907af978ceff0e8 900f22723c45f67600638812021437a089daa7c2f0a559ebb85a0726183cee79 Loading...

	tw-dj0.pages.dev/lang-zHzLTv6f.js	116 kB	2024-02-22	2024-04-17
Pretty URL tw-dj0.pages.dev/lang-zHzLTv6f.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-22 13:14:15 Last Seen2024-04-17 06:32:56 Times Seen19 Hash 1615ba77c210f0a08ab0ff7c7db70287 7404e70031ec968b5ceded9262b3aebc067ebadd 1139ab37f623ada2efe662fb8ee99946e43499a134eed788ba2499ed886b6e0c Loading...

	tw-dj0.pages.dev/button-2EiMqoep.js	8.8 kB	2024-04-17	2024-04-17
Pretty URL tw-dj0.pages.dev/button-2EiMqoep.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-17 06:32:56 Last Seen2024-04-17 06:32:56 Times Seen1 Hash ed9ae5a93cd2cfafb236648eb623a615 cba6a502d3b2829ca19f5c0b949dd9f93612ff72 7894a786797c1f42f4b5f3e6f02b8d494574f8d1a52c489ed194b45d7bd1cdb7 Loading...

	tw-dj0.pages.dev/putPreloader-UPXgnht_.js	699 B	2024-04-17	2024-04-17
Pretty URL tw-dj0.pages.dev/putPreloader-UPXgnht_.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by importedModule Embedded in HTML false Observations First Seen2024-04-17 06:32:56 Last Seen2024-04-17 06:32:56 Times Seen1 Hash 8300c0e9bd91c658cdcdea2b53f7d3c3 05ac647b675ce1233c0f8cfab42540008a7ceb0a bc50be456f589ba8b62618af3c57b1f10aa84025a2b08ad4d91f82266a54037d Loading...

HTTP Transactions (30)

URL IP Response Size

tw-dj0.pages.dev/index-KevWqk89.js

188.114.97.1

200 OK

58 kB

URL GET HTTP/3
tw-dj0.pages.dev/index-KevWqk89.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (63446), with no line terminators
Size
58 kB (58055 bytes)
Hash
6867c5123bc060de024a45f53c4b13e3
aad5cb01918d434062d18bec3ace47d9949b65b8
15cc80dc07602e9328a1875e6e3561d8d13ca2f5e0861da3289818a30fcce4f5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /index-KevWqk89.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:23 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"06aef8925fe06bdd800663461ca79bef"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gQTO4LrajF%2FoI2jihmQcLkF1GbeiLF7DTsZEa7BtGElpVA6AIypJu2aZKlIDro14OdfN3x7Vyi93x7UPf%2BAwWr88tZSQoy7h4SGYzsWyBa9GhED2Hx3WZo8yJELf5jCVDGmQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e578a08f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/crypto.worker-9wi-02Dm.js

188.114.97.1

200 OK

0 B

URL GET HTTP/3
tw-dj0.pages.dev/crypto.worker-9wi-02Dm.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /crypto.worker-9wi-02Dm.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
Connection: keep-alive
Sec-Fetch-Dest: sharedworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-None-Match: W/"373ac5763891b4602530475372997442"
TE: trailers

HTTP/3 304 Not Modified
date: Wed, 17 Apr 2024 04:32:24 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v4FXYqnbfOhtMOyIbf7IsFfpDeT9J7zlAXZdNsT8nRKH5gusKaEAX5TQ8qbHAnLcz321%2BVJHjLrO6pzZ1OXitxBJEeO66FD%2BflSLhVYKrHE1robBL9qJDkJevwuLni4oKwbt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e83aea8f58-CPH
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry

188.114.97.1

200 OK

9.0 kB

URL GET HTTP/3
tw-dj0.pages.dev/assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
9.0 kB (9024 bytes)
Hash
87fecdadac0beb95f9b7c87b3b3236f0
822f92446c0033a32462aa21208efaef1f0d8c3c
25aa724658da8e71f5cc7c35ccbb43075866af5bed964edb09979caace667b0b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /assets/img/android-chrome-192x192.png?v=jw3mK7G9Ry HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: image/png
content-length: 9024
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "c35bd3231a46b7b8c79b2578bdec4987"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ed8EmRtPcRtvcy4NImRAYumBEnzpNgCDiSqXyS%2BonOEr7aTw%2FRN2LW7gvQ9EB485OJILzvyGCuquxVU39bEQXAcNc8Wcq%2FEreOwx%2FMJhMRFiCnPbYbWQnsXMsLuD%2BEfwJ6%2Fr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e86b0c8f58-CPH
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry

188.114.97.1

200 OK

1.0 kB

URL GET HTTP/3
tw-dj0.pages.dev/assets/img/favicon-16x16.png?v=jw3mK7G9Ry
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size
1.0 kB (1012 bytes)
Hash
e3ce05eb00b3215df220efaf0fd06e21
d1533966f79dc2984c34317035f31cf3c91298c9
0d67b7e8ea46e3c959329a0e79a8c8b236187f452edc7049524245e4aa6bee21

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /assets/img/favicon-16x16.png?v=jw3mK7G9Ry HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: image/png
content-length: 1012
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "164bab244d543d9719126be57e7b82f4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FFCpWf5OZTW7f0ZR4opwA%2FSMOt5zkdEz9YPIinwcfnJ2fVATLcrsrK4j%2FZWdQRmevUBaCIvKY0oiuOuOIvhBmPGfhLWcHHx4edNIrmPt0Xdhc2SqvqIB%2Fdg8NqVsXmaW4d68"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e86b0d8f58-CPH
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/textToSvgURL-Z4O-nL1S.js

188.114.97.1

200 OK

29 kB

URL GET HTTP/3
tw-dj0.pages.dev/textToSvgURL-Z4O-nL1S.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
ASCII text, with very long lines (306)
Size
29 kB (29002 bytes)
Hash
cca1508d96dbfce74dcbaed756d04955
c539ff84caf27c4b22e498662644c07e6893c19a
36cb02e59322028c02c5365bd56cbd129b3eb2fb4aaec625160ca2dc9786a4bd

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /textToSvgURL-Z4O-nL1S.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"cee18038c184fa3137d53bb34227dbc1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mz9zF8mDApsLgt4aLWQWetb5SFLK6V%2BfMETjgWQcodAB0MYkj0Ow5t1KcfFV8jsyuxXuAHURP8v06xg%2FUtEU5V45fpuUAz%2F9FdFo%2Bop1DuMN1Xaxvdpm0tpmVDUXSLiVUgyN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e8ab338f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/page-h4-JFMdU.js

188.114.97.1

200 OK

4.4 kB

URL GET HTTP/3
tw-dj0.pages.dev/page-h4-JFMdU.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
ASCII text, with very long lines (10301)
Size
4.4 kB (4400 bytes)
Hash
ce10f25ca7abcecc4b3619f85fef181e
cfc9ac15ac52239c6c0164c1014ab3af0455bec3
d813b32d2e72eac30aec8e8ca5316b1d89c1fe921a2e6e34cf7deb0266c5f176

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /page-h4-JFMdU.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"47bce3ee9e9631c2601b4f9f44f0a17c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pmQQWPogleDWUs2uqUCJ58xHTWJ8ZjBWwVCI6xYDb2wc2IYK%2BhPabdiCCg3p%2BrxVed5cOY%2FCP%2FCqL7vOv4LqJGGn0pbfXo2055CcM7XiqA62ynnUK6wn5EoaIrtm0pOSD3XH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e89b278f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

twv.gonewest.topmoto.pl/venus/apiw1

76.76.21.93

169 B

URL
twv.gonewest.topmoto.pl/venus/apiw1
IP
76.76.21.93:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
c2a982d42f89274763eef2a44fe01030
86e6d53f6478cdd0c05611093d9c55a953454af7
d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a

HTTP Headers

POST /venus/apiw1 HTTP/1.1
Host: twv.gonewest.topmoto.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
Content-Length: 0
Origin: https://tw-dj0.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
access-control-allow-headers: origin, content-type
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
cache-control: public, max-age=0, must-revalidate
content-type: text/html
date: Wed, 17 Apr 2024 04:32:25 GMT
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-id: arn1::qnhwn-1713328345345-5be6efe0e649
content-length: 169
X-Firefox-Spdy: h2

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tw-dj0.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 1rE5LF9zlbPe6ZhK3PukdA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 17 Apr 2024 04:32:25 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: r3NXC5XCbCWPUIqpibG3+kRUaTQ=
Sec-WebSocket-Protocol: binary

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tw-dj0.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6/JUGr0rwJZxrUjJsWSa5A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 17 Apr 2024 04:32:25 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5lKG4x/ugdNdGbh9DFPXFGdvZzY=
Sec-WebSocket-Protocol: binary

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tw-dj0.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Orvu8U7Dg+dUPdUvycijSQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 17 Apr 2024 04:32:25 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FI0X65beZPkyL0W1OvYK08LHVk0=
Sec-WebSocket-Protocol: binary

twv.gonewest.topmoto.pl/venus/apiw1

76.76.21.93

169 B

URL
twv.gonewest.topmoto.pl/venus/apiw1
IP
76.76.21.93:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
c2a982d42f89274763eef2a44fe01030
86e6d53f6478cdd0c05611093d9c55a953454af7
d8b55de3a4d5331f3b450a86bb907afe17dc964adca30f39d101a3d55a4a9d6a

HTTP Headers

POST /venus/apiw1 HTTP/1.1
Host: twv.gonewest.topmoto.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
Content-Length: 0
Origin: https://tw-dj0.pages.dev
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
access-control-allow-headers: origin, content-type
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
cache-control: no-store
content-type: text/html
date: Wed, 17 Apr 2024 04:32:25 GMT
pragma: no-cache
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-id: arn1::t6qfd-1713328345808-0b5893dddb88
content-length: 169
X-Firefox-Spdy: h2

kws2.web.telegram.org/apiws

149.154.167.99

0 B

URL
kws2.web.telegram.org/apiws
IP
149.154.167.99:0
ASN
#62041 Telegram Messenger Inc

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: kws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://tw-dj0.pages.dev
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yz+ASe+dV8eBpaeImT+aKg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Wed, 17 Apr 2024 04:32:25 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: j5+b3xRTm8EgPkspjNjcd+x4yWE=
Sec-WebSocket-Protocol: binary

tw-dj0.pages.dev/mtproto.worker-g-qIvUmp.js

188.114.97.1

265 kB

URL
tw-dj0.pages.dev/mtproto.worker-g-qIvUmp.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
data
Size
265 kB (265019 bytes)
Hash
f7a9fb8e2e3a94c6494389feeb6d5dbe
395f3a1bf66e4f524a98a006d0243070002d9383
cab9f84ba576808de208a77d84533a7cd2d95085c2c7cd9b6a0d43c73e5174e7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /mtproto.worker-g-qIvUmp.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
Connection: keep-alive
Sec-Fetch-Dest: sharedworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"2a1dab430a4a6d0027f1839a6d277ac5"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=crEa2uIQ4Bupp46xgs9KaomhOeR%2BPdTHrJRx7c7V6k4TDQ63aMhzTna2qz5LazWmK8oWj7oS%2BbMM6FsCbuCjRHBLxIWhwGFC8SRw4R7s7hSPHdgDFgHds%2BxR4gpZgSLuK1R1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e7ba8f8f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/pageSignQR-9_AZc9Zh.js

188.114.97.1

200 OK

11 kB

URL GET HTTP/3
tw-dj0.pages.dev/pageSignQR-9_AZc9Zh.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
Java source, ASCII text, with very long lines (5011)
Size
11 kB (11353 bytes)
Hash
112d42f86d11a91c015bff5d765098b1
7c54af3076512daba57f12b3a19f0139cd36ab93
996785acfb0bf84bc3d2a424b2cfbbb41139d8ccf0dbf3fb9017f34806be2be5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /pageSignQR-9_AZc9Zh.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"52ec5738d71785ba9934cf18812c5e97"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cjsuix16v4zC1fMh8GMZyq5d3j67yVW%2FpI%2Bxdb4jur0gaHf6SMo%2Bo%2FFSA%2Bv1cvDQ6oAS6f5N4mCbdXSFGsusqKky1fHWo376NQcs07lWLr4qnuVQRGj%2FoIzfcVfUrIL2Xx9G"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e89b258f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/

188.114.97.1

200 OK

14 kB

URL User Request GET HTTP/2
tw-dj0.pages.dev/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
HTML document, ASCII text, with very long lines (1757)
Size
14 kB (13603 bytes)
Hash
814f03d75ca264c0b8b3896c1d490586
a3052fb36259b30cee38db76d20d4f957b755c02
74124b00edb2aa4b4794a25b45586d32808454caa46d78ce02f08e2abfcb0bfc

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET / HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 04:32:23 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"c1505e5a759ab3d7114daddffca79adf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bZpIn1Nl4TEuRC00KsdutUBsWS%2BqgLVZB9U4guSrscH37OBEsR3U0P5nM5v3yfbXzeemczcgi92rAY%2FmLG5j7Yj25PpNiXKEyL3LEkxPNYLctDkqTXL29an7FDjVMIlzOLC9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e40d4592bb-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tw-dj0.pages.dev/_commonjsHelpers-5-cIlDoe.js

188.114.97.1

200 OK

290 B

URL GET HTTP/3
tw-dj0.pages.dev/_commonjsHelpers-5-cIlDoe.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
ASCII text, with very long lines (302), with no line terminators
Size
290 B (290 bytes)
Hash
2c4d6d27d76dee6e31a5e78877faba51
6a2773032cf08261b695305eb75b6aa25fb91d77
0d9af4fa5be8e6567f6e919c636e66546d0e1394b45f8140456512ae5dc690b0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /_commonjsHelpers-5-cIlDoe.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/qr-code-styling-ogpV7fl-.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"a3104b7dc8b495a8a4b6541a2ebf1944"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z5uA8RKAEg6q6cNPjgbNtTmM0d1H9fLn71gTOCKm5dJar8o03lOe8QAN6cHzTS3PoXvrg7R2ZyrTdbrSsRIHD9xXBPbhcna86%2FNe6mpVMmPsNYLDLYThOH65x5bYS0DUA%2Bwn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0ea6c888f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/qr-code-styling-ogpV7fl-.js

188.114.97.1

200 OK

66 kB

URL GET HTTP/3
tw-dj0.pages.dev/qr-code-styling-ogpV7fl-.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type

Size
66 kB (66132 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /qr-code-styling-ogpV7fl-.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/pageSignQR-9_AZc9Zh.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"c65e4bbee96a3ef4748771f9299f45c2"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R8jIZ4DwuRAdnhNnYAk%2FwDuZVz0fScXPd1JZemcrBSk85Ya%2BApy%2BUfEom271YgOX4yBepO6qXg2MSfGRdkHXlgGHj4dxTMATaLF0584eRl3IiLi3HHmMlEXTxz%2BrT0hN7y2f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e9bc1c8f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/index-a3UEjh-7.css

188.114.97.1

200 OK

450 kB

URL GET HTTP/3
tw-dj0.pages.dev/index-a3UEjh-7.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type

Size
450 kB (449925 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /index-a3UEjh-7.css HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"9e431100b02cf4c93cde1323776b557d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dyIM5JVtTYurAG3p9dbhQb9myEwzqopLhFM3gS50g7mfwCCUxCFYcR9%2BKoOanTQ6PNyp7kBMdiQ5vV%2BpQU2W5s03sT63Sw3cOljw6HYO4Hev%2FSi7SxXpr%2BEIAjCS7Gd6SHja"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e578a28f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/lang-zHzLTv6f.js

188.114.97.1

200 OK

116 kB

URL GET HTTP/3
tw-dj0.pages.dev/lang-zHzLTv6f.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type

Size
116 kB (116455 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /lang-zHzLTv6f.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/index-KevWqk89.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"b55dfd9f04b0fd68125b46e9926ddf31"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ecglvyWqUC12V87nCwnVOi%2BIl%2Bm0brGjNJlEtEb%2B8qSH2uUiKf0MkjuhntYRS7NnWVLPLRqhABrR0XQqp0rUYbUzAojylFkS5Kq%2BNZnTLqG9ngbi8g018ldfs9JOonD2%2Fn6g"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e7ca988f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/countries-lRU-UavE.js

188.114.97.1

200 OK

24 kB

URL GET HTTP/3
tw-dj0.pages.dev/countries-lRU-UavE.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type

Size
24 kB (24097 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /countries-lRU-UavE.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/index-KevWqk89.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"59fb56f80ffcf23bfac3be46b1d20f34"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7L3p3Yj8PbRJ%2Fh4i%2BGYPd7KcOUHE0pePPtYb6pkbYR0AOhDcjUULp6U0rXPHae45WuIXEF%2BeOK4zsj7TnNhtwpFuUe4Hzrz5kT2%2BQAwTeIJp3Fz%2BaU2MAWJBNZM9QG%2FfYS7V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e7daa48f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/qr-code-styling-ogpV7fl-.js

188.114.97.1

200 OK

66 kB

URL GET HTTP/3
tw-dj0.pages.dev/qr-code-styling-ogpV7fl-.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type

Size
66 kB (66132 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /qr-code-styling-ogpV7fl-.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"c65e4bbee96a3ef4748771f9299f45c2"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66wLf6dh1%2FmGt2NY2zDKKSjscNj%2BCMfphnmi%2FVBh1frY9EmLwgGz%2BwogjC3h%2BEXwWpMJxmf1Opf8vNrBWKu7xzTtEUlbBFc%2FWQQtEyZL8YP9okothEOxpKn%2FjTgUGNVCNCw6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e9bc1a8f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

188.114.97.1

200 OK

11 kB

URL GET HTTP/3
tw-dj0.pages.dev/assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11056, version 1.0
Size
11 kB (11056 bytes)
Hash
07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /assets/fonts/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://tw-dj0.pages.dev/index-a3UEjh-7.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: font/woff2
content-length: 11056
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "d0122a2078b736d8f34c46ec02e88eb0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YCD0TzBW7g%2FbWkm%2FHuHYujFXvbN6ftH8aXR5Q5Qg41ltzytWZdo%2Fk6C95%2BJ1xWjuXTnk1ShYWRrd4YsGEYsHPjoJZNWNxIHMTWaQDLmXnTiyx%2FhWcH2mQMVwRJJ0rl9vPLLj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0eaccbd8f58-CPH
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/langSign-lcKrqmwM.js

188.114.97.1

200 OK

1.6 kB

URL GET HTTP/3
tw-dj0.pages.dev/langSign-lcKrqmwM.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
ASCII text, with very long lines (1751), with no line terminators
Size
1.6 kB (1646 bytes)
Hash
6503e4eb7fe92e639f1398a512bdf9d5
8fe9788360af3dde5507e78d48aa5324a99c0216
fe461dd4a36a65359703e4ec0f5f2a6cfbf8bc2d73ef82a8a75b3df3f12379b8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /langSign-lcKrqmwM.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/index-KevWqk89.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"0b8cfc934941a167cd3552bc2666ff7b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r7EnQqUN0FymntfohXV%2Fbt7qi9Or8FWxT2Fiux5%2FGSmxkPQkpquX3f7xw3cRkuyjvEwCCJkRgAcQSvzrQ0LL8wSt6XWj3fd9A1zGM5SGAbACY%2BVL6dGp5ogqUGrZbmhf5Cp2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e7ca9c8f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/putPreloader-UPXgnht_.js

188.114.97.1

200 OK

699 B

URL GET HTTP/3
tw-dj0.pages.dev/putPreloader-UPXgnht_.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
ASCII text, with very long lines (736), with no line terminators
Size
699 B (699 bytes)
Hash
e7b882df454dc6de5d1f047228e47ba9
5f209b3de17265499558244201519b5f24fa06ad
99fbf8f6ae29970383a2871e8b7f71c58fc0058dbf5738f2c09be340fc26c04e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /putPreloader-UPXgnht_.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"a93e7cd704732ec98a26ab657d046e64"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jbF0bhm%2BUV7GJbQfYeYsV4R8YDSorfJ7xL8UJp5LdDQ8tw5yeMrtplMuFx632vL9aQ46XMBhZQF8Y82ji%2FiepFCTI3qFulJyRwW%2FRwty49YtZMKMwF%2F9mOTzcAiiQV09RvGv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e8ab328f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

188.114.97.1

200 OK

11 kB

URL GET HTTP/3
tw-dj0.pages.dev/assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /assets/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://tw-dj0.pages.dev/index-a3UEjh-7.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: font/woff2
content-length: 11016
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "741b4527b63febbccc571bad3f4f23cf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LnEjzVwAAC0pSkOREI%2F5VJk%2Fa8ce8hICGIpumCMQ7Msy39KjVH6LWYNnixS3CScUkv75Ko3483LTBFFEuN6QMkZrV831rq4W2bVO%2FpU%2B2cCKOpvY2BlO8ytIuYs%2FPEMal9l5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e78a618f58-CPH
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/button-2EiMqoep.js

188.114.97.1

200 OK

8.8 kB

URL GET HTTP/3
tw-dj0.pages.dev/button-2EiMqoep.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
ASCII text, with very long lines (9526), with no line terminators
Size
8.8 kB (8798 bytes)
Hash
7cb0fb418b7ff76e2116a63ce91024b3
d7cedc25bf050caf955568be86992b32f169b5ea
08a10f519f05af8f791cedf604f9e092b7442071f2a26c4eaff1abc89f89d173

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /button-2EiMqoep.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"2ea761ec58755dd571f1e41152024f50"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BA%2BptshgD3ZDM7Gqg1Kru2joQh4RTyP0Gd3jn0t6iPZZm4gcN%2Ff0jRdVCGwDV3XIk3iJh4MFRtecN61w5MagSoNeHKEkltc%2BjNHtBBKBTkAsZm69c5aa8r2UuNdApc5Ru5GX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e89b288f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/putPreloader-UPXgnht_.js

188.114.97.1

200 OK

699 B

URL GET HTTP/3
tw-dj0.pages.dev/putPreloader-UPXgnht_.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
ASCII text, with very long lines (736), with no line terminators
Size
699 B (699 bytes)
Hash
e7b882df454dc6de5d1f047228e47ba9
5f209b3de17265499558244201519b5f24fa06ad
99fbf8f6ae29970383a2871e8b7f71c58fc0058dbf5738f2c09be340fc26c04e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /putPreloader-UPXgnht_.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/pageSignQR-9_AZc9Zh.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"a93e7cd704732ec98a26ab657d046e64"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DVJALlDiyVl9HH1qUgUtSnvy9W679Py64x1U4%2FJ8emHIfBDjBnJsu5TKsja7XghSTdOGxw8Zms%2FAgDxyoyLqCJLvBpbJ1TwkZ%2B0oVNfo%2BPVYAjht2MbZqPF9VPjF2VeuyLnQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e94bcc8f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/_commonjsHelpers-5-cIlDoe.js

188.114.97.1

200 OK

290 B

URL GET HTTP/3
tw-dj0.pages.dev/_commonjsHelpers-5-cIlDoe.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
ASCII text, with very long lines (302), with no line terminators
Size
290 B (290 bytes)
Hash
2c4d6d27d76dee6e31a5e78877faba51
6a2773032cf08261b695305eb75b6aa25fb91d77
0d9af4fa5be8e6567f6e919c636e66546d0e1394b45f8140456512ae5dc690b0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /_commonjsHelpers-5-cIlDoe.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"a3104b7dc8b495a8a4b6541a2ebf1944"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6DZlaxA9cuOEyuJ6llx%2F5ZhgwwhXm9Lqa16AWqXFeRNIyEHqHt11%2FOSf9jpUXUyGld8ULFndxxhFQsbMB4Yuuhg4f2Ss2hfBXUsIY0%2FQXBnGBpLW9uyLPBfitZ5tLGowKGas"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e9bc1b8f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/assets/img/logo_padded.svg

188.114.97.1

200 OK

1.1 kB

URL GET HTTP/3
tw-dj0.pages.dev/assets/img/logo_padded.svg
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1069 bytes)
Hash
4c0b48654a4881c325148a5e00964160
d7d21756c9dd4c1bf4d97087811745aad60506a0
7583a3643a9480ab4d81dd46b700cf3a38ebdd94af1a6059d2b6a3ecff8a65c5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /assets/img/logo_padded.svg HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:27 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ddc17b460f3542cd68305d2c727dab6c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CoW1VQFGpmt0c8K9VDSCxEd4039dKyWUbSA3JzaNhn3Q86ScoY7BOQViweX0u0LDd036M7NpJhVppdqa3u%2Fkdh25%2FKBl1aYFszJirjNnI7c2LHsIVKsJ8lA7LxpX3ajYnkE6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0fab9078f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

tw-dj0.pages.dev/button-2EiMqoep.js

188.114.97.1

200 OK

8.8 kB

URL GET HTTP/3
tw-dj0.pages.dev/button-2EiMqoep.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tw-dj0.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecttw-dj0.pages.dev
Fingerprint1F:25:96:2F:CE:6F:67:78:98:2F:8B:EB:60:09:8F:21:EA:BE:E4:18
ValidityTue, 16 Apr 2024 11:40:38 GMT - Mon, 15 Jul 2024 11:40:37 GMT

File type
ASCII text, with very long lines (9526), with no line terminators
Size
8.8 kB (8798 bytes)
Hash
7cb0fb418b7ff76e2116a63ce91024b3
d7cedc25bf050caf955568be86992b32f169b5ea
08a10f519f05af8f791cedf604f9e092b7442071f2a26c4eaff1abc89f89d173

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
PhishTank	phishing	Other

HTTP Headers

GET /button-2EiMqoep.js HTTP/1.1
Host: tw-dj0.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tw-dj0.pages.dev/pageSignQR-9_AZc9Zh.js
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 04:32:24 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"2ea761ec58755dd571f1e41152024f50"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cu4QrY10nI%2Fd8pOsSijP6ZZaaDgjYUNUXF2275Cyu4e5qBdm6VpaExZhO0kfhDoz%2BpYIobze%2FsMiR%2B9Oy3jv9htxlPZMdBDj%2Fv2w6XhrvsrYnP0ZW1xFCNErLqhokfuhCqYb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759b0e94bc78f58-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML