Report - web.tlgrm.eu/

Report Overview

Submitted URL
web.tlgrm.eu/
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-16 17:34:10
Access
public
Website Title
Telegram
Final URL
web.tlgrm.app/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
78

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
web.tlgrm.eu	unknown	unknown	2018-05-05	2024-03-16	467 B	828 B	188.114.96.1
web.tlgrm.app	unknown	2019-10-04	2020-06-18	2024-03-12	17 kB	2.2 MB	172.67.216.165
t.me	6552	2010-05-20	2015-06-29	2024-04-15	414 B	493 B	0.0.0.0
telegram.me	11938	2014-01-07	2013-10-13	2024-04-07	421 B	493 B	0.0.0.0
zws2.web.telegram.org	144268	2003-12-15	2021-06-24	2024-03-23	583 B	220 B	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	web.tlgrm.eu/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram
2024-04-06	medium	web.tlgrm.app/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	web.tlgrm.app/1915.44f46b9209d4c21e2dae.js	18 kB	2024-02-22	2024-04-24
Pretty URL web.tlgrm.app/1915.44f46b9209d4c21e2dae.js IP 172.67.216.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-22 12:46:05 Last Seen2024-04-24 17:53:33 Times Seen24 Hash fd4abffe4de6fa1955cb7c9df7c0a808 860f583e5ef2f6ddcc0c464fb4a87d7e6eb955b8 166b9c140da17864486aaa8e6d53ad4169ffaac1b2101c73680550f9331c926f Loading...

	web.tlgrm.app/3748.9a383b0e9475cf32f44c.js	9.8 kB	2024-03-31	2024-04-16
Pretty URL web.tlgrm.app/3748.9a383b0e9475cf32f44c.js IP 172.67.216.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-31 17:38:53 Last Seen2024-04-16 19:34:11 Times Seen10 Hash 9e23ef2b27153d9ed758553ec7df676d bb89a7464504099c6951d8ce2fe5952b6d504787 b6c86a1141d40dab302db38ed85bec50cafd6e0d01b96d7d29688132f5bca051 Loading...

	web.tlgrm.app/6839.01a53cbedf5d86d252ec.js	46 kB	2023-10-19	2024-04-29
Pretty URL web.tlgrm.app/6839.01a53cbedf5d86d252ec.js IP 172.67.216.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-19 01:38:58 Last Seen2024-04-29 06:39:07 Times Seen110 Hash 2075f46f0950d8614b73045505b7aafc 34da1902bc42580deab249ac8ef5c4901d243a43 f693fccbb0f64594079d492db05d3bced69a6c6cab7514d4b78733570fd592a1 Loading...

	t.me/_websync_?authed=0&version=10.9.2+A	4 B	2023-03-07	2024-04-30
Pretty URL t.me/_websync_?authed=0&version=10.9.2+A IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:44 Last Seen2024-04-30 00:46:20 Times Seen23392 Hash b326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b Loading...

	web.tlgrm.app/redirect.js	325 B	2023-07-27	2024-04-29
Pretty URL web.tlgrm.app/redirect.js IP 172.67.216.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-27 09:32:34 Last Seen2024-04-29 06:39:07 Times Seen179 Hash 17773b57b87a678c98e26a7cac72df6c 7422857aa75ee81cabcec2eed6c4a6168f363ee1 375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f Loading...

	web.tlgrm.app/compatTest.js	2.2 kB	2024-02-24	2024-04-24
Pretty URL web.tlgrm.app/compatTest.js IP 172.67.216.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 23:46:30 Last Seen2024-04-24 17:53:33 Times Seen20 Hash b328e15f89116105372eddac365cb6f2 da1979ab60b891ec53dd318be90a09a83124bd87 22c6b05f0b138dddb5711fdb998be90abf8093e271085bda6448bd6bc72c95d2 Loading...

	web.tlgrm.app/main.d9ab5788a4b75c69716d.js	388 kB	2024-04-06	2024-04-16
Pretty URL web.tlgrm.app/main.d9ab5788a4b75c69716d.js IP 172.67.216.165 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-06 19:09:51 Last Seen2024-04-16 19:34:11 Times Seen4 Hash 5e3a8f8a4eecb1be83781c8a8c30d747 0da3676401b4af8c14370cd327d4bad57ad8d434 bfcf00e1e44b7b609f21dfc4e50f7c2d0046ef7222e8d7b1d7daede6cfc2be9d Loading...

HTTP Transactions (42)

URL IP Response Size

web.tlgrm.eu/

188.114.96.1

301 Moved Permanently

167 B

URL User Request GET HTTP/2
web.tlgrm.eu/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjecttlgrm.eu
Fingerprint54:17:92:47:AF:1A:86:AE:A1:EF:F3:D8:6A:5F:D7:78:32:13:6F:67
ValidityTue, 16 Apr 2024 01:35:51 GMT - Mon, 15 Jul 2024 01:35:50 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET / HTTP/1.1
Host: web.tlgrm.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 16 Apr 2024 17:33:43 GMT
content-type: text/html
content-length: 167
location: https://web.tlgrm.app
cache-control: max-age=3600
expires: Tue, 16 Apr 2024 18:33:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q21mvCCXHtHgzSNPrt1hxkTC3cg15Pj%2FmXQ%2BBfwOOGph60xb%2Bkr2lVQs3SD85GLgXehUOIDqbGvFVBee0xpAoYGIz2BNTSKY%2BWfnMNUTrqP62ToBkhqp69gpWgDGNGc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8755ec0aed81568b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

web.tlgrm.app/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2

172.67.216.165

200 OK

11 kB

URL GET HTTP/3
web.tlgrm.app/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://web.tlgrm.app/main.5e926e53b804308de57b.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: font/woff2
content-length: 11016
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "741b4527b63febbccc571bad3f4f23cf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2odLg%2F95G1%2BScmSVBIs0D1QFgcJOretNRP6HApqsXmpZhZf7Ar6%2BW%2BvsdGWOKjOVQyQB1aJF4m6OH6nf5srcuTIdfKZEA7b%2Fvg1adOr80LFH%2BUjyEfucbaHwy7Rp%2Bxig"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 746
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec0ebd0f568b-OSL
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/1915.44f46b9209d4c21e2dae.js

172.67.216.165

200 OK

8.4 kB

URL GET HTTP/3
web.tlgrm.app/1915.44f46b9209d4c21e2dae.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (18106)
Size
8.4 kB (8386 bytes)
Hash
fd4abffe4de6fa1955cb7c9df7c0a808
860f583e5ef2f6ddcc0c464fb4a87d7e6eb955b8
166b9c140da17864486aaa8e6d53ad4169ffaac1b2101c73680550f9331c926f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /1915.44f46b9209d4c21e2dae.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"e3f8b7d4b627a2a6d6b26f1ff82c07d8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rNrWjpTPu4fE129AXHAiCvDCBK2ZxVeyCpZcHlHD13w7XD%2Bpr5LGBPNm6kb7X1ng5HNO8MrQk9egQqNIdmSY349JyoUI4ni79oFnGxkzl1uJjbj4y%2BIhBZYBQ5qT89Pp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5240
server: cloudflare
cf-ray: 8755ec0eed69568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2

172.67.216.165

200 OK

11 kB

URL GET HTTP/3
web.tlgrm.app/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11056, version 1.0
Size
11 kB (11056 bytes)
Hash
07db243db21ed0a6b4ff05ff429686b7
5d62925fdd7ed8e80f206d095ed093994f13d276
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://web.tlgrm.app/main.5e926e53b804308de57b.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: font/woff2
content-length: 11056
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "d0122a2078b736d8f34c46ec02e88eb0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Yeenmyz9yqAeoDjfkKz61FdDJPj5gEMLZDlCHPto9iTra7X5jPasracGfsP3DrhdFobzY3R%2FYofKGOnl36jK0UUtRXk2v3kZFx6X4usea%2Fxdt%2BEzJX1lgNxteMwfeJR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 669
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec0f0db1568b-OSL
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/chat-bg-pattern-light.ee148af944f6580293ae.png

172.67.216.165

200 OK

273 kB

URL GET HTTP/3
web.tlgrm.app/chat-bg-pattern-light.ee148af944f6580293ae.png
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
PNG image data, 1123 x 2307, 4-bit colormap, non-interlaced
Size
273 kB (272875 bytes)
Hash
3d558d8de7082a2b2355076c8988c3fd
d74980e29b0ec2f102b0dcd614503fd42a255b85
00745db819d91c37bf0f59bee00ab2efe9766fddcb726ff1bcb6847748b2bbc7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /chat-bg-pattern-light.ee148af944f6580293ae.png HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/main.5e926e53b804308de57b.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: image/png
content-length: 272875
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "7ecd785f0675960e25e3acfe969d5e78"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hWbhRk%2Fei12FgUT7KXqILF2qBJcEElNyTGtxs1SnySTvTFJoEXMqiR1q3Jz3h0XFB%2FDyOLkL0d09uBiv4ALsVKNmPKNzeMcCMB%2FwP%2BhG2LfKojGM5pfVIakrYjJngttA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5093
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec0f0dae568b-OSL
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/notification.mp3

172.67.216.165

206 Partial Content

11 kB

URL GET HTTP/3
web.tlgrm.app/notification.mp3
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
Size
11 kB (10880 bytes)
Hash
eba09b6a457792c52fc610b5f9f974b3
95e6e0f7648e28ea21bc434054ea59aba3a35aea
86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /notification.mp3 HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://web.tlgrm.app/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: audio/mpeg
content-length: 10880
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "0a92cb1fe03590e956b4e206001f1a3b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dfwjif7zBWVxnbKyzgRJRZqgpqY11X8hVe3ZufGpPzzy87RPn7jr%2FwW5nQe5dTeZ%2BqAfUcv0YuFnHQUaft7bV9v4kD7m%2FOWyWy%2F2%2BdqbahDzKZ%2Bt%2BVvouugFnPSlUEyBHaiUtjRZy8j6G%2B8N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5285
content-range: bytes 0-10879/10880
server: cloudflare
cf-ray: 8755ec0f6e6d568b-OSL
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/icon-192x192.png

172.67.216.165

200 OK

3.1 kB

URL GET HTTP/3
web.tlgrm.app/icon-192x192.png
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced
Size
3.1 kB (3059 bytes)
Hash
1a1650d2c76bfc1ac484646c19e495b9
fe58d66042ce9241226f5da9370230285ff604fc
6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /icon-192x192.png HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: image/png
content-length: 3059
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "92c7c04a05d4809e93743960f1628e8f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aGhLvO0qp8qWcRx%2F7hgmhXMivCw0RyiawX1ABLqMwO%2FZ5FyUt0TwYqdYsPA0Y2o12GB%2BgcGh5SKcT%2BmP0wrgd984YefHfNzSKGorfThB0JX3CLWdGddfRkg%2BHI6JxuzsD9jIR7HruEWQ%2FoaA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5111
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec0f8eb2568b-OSL
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/main.5e926e53b804308de57b.css

172.67.216.165

200 OK

22 kB

URL GET HTTP/3
web.tlgrm.app/main.5e926e53b804308de57b.css
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
ASCII text, with very long lines (11172)
Size
22 kB (22467 bytes)
Hash
1f303ef1e2b46fe13fd84dfd0bb2e002
8542a59b9b5ef54414626d014b728b7548fc25cd
0aa33cc81ea838c2ceeb56b8c468958a65bba68579310ea7971d8f021bac397f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /main.5e926e53b804308de57b.css HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:43 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"2d29fbfacc0126dfde31517469da2e21"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=COD47ENVPP7Cff7nCEOdyZAXMG1VuRVr%2Bz2SvFvXqFZLzNDtXry7I0Nlc9kxg27fZpVAAK7w6s%2FJ3AgdjSOjkBDUuVvjd7hA7%2Bsk0OnCrizcXSF8CpFrYG4mRt3MtHMPM34dDX9jbraN1Ayy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 6879
server: cloudflare
cf-ray: 8755ec0daaff568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/main.d9ab5788a4b75c69716d.js

172.67.216.165

200 OK

128 kB

URL GET HTTP/3
web.tlgrm.app/main.d9ab5788a4b75c69716d.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Size
128 kB (128374 bytes)
Hash
5e3a8f8a4eecb1be83781c8a8c30d747
0da3676401b4af8c14370cd327d4bad57ad8d434
bfcf00e1e44b7b609f21dfc4e50f7c2d0046ef7222e8d7b1d7daede6cfc2be9d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /main.d9ab5788a4b75c69716d.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:43 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"12083a653c603869f664de99401fdd4b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0hNGCiCxFp3J9T1dYkvXfNYsqoJWLZhF1Y4PV51Qo9zMx5y%2Fmhof%2FSQhBtKrzibOoO0pQeek91WlHmWKSYXMNWmlesvK59zxyU7BEnnejCnCFYSXsdMiCnY64r6Koj0Y%2BM5cretr7JecwcTx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 6879
server: cloudflare
cf-ray: 8755ec0daafb568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/5802.36a9971f58c808c4a974.js

172.67.216.165

200 OK

7.9 kB

URL GET HTTP/3
web.tlgrm.app/5802.36a9971f58c808c4a974.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/4680.576825f543555dd2467c.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (21394)
Size
7.9 kB (7892 bytes)
Hash
377d06c30eebd149e43e37a12f0bc3a6
0bedfd302e5fc849518158b650612361fc160e99
a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /5802.36a9971f58c808c4a974.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"02a5d2834240fec01d23675f38c49eb9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dqxvs4uKKY0jlonl2EZS4lcBPjPD2xF2ZftMxZgAeXRXF7pXjeVXa7SIKok8nenaAd%2Fkb50QZR9tcrVm8uHGIYZQIxagQuNPXt1XPBStxWmnGVoCxnji0gaxKGMB2fsqcaMmj5WOrPp60OsY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 1141
server: cloudflare
cf-ray: 8755ec102830568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/5802.36a9971f58c808c4a974.js

172.67.216.165

200 OK

48 kB

URL GET HTTP/3
web.tlgrm.app/5802.36a9971f58c808c4a974.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/4680.576825f543555dd2467c.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (21394)
Size
48 kB (48164 bytes)
Hash
377d06c30eebd149e43e37a12f0bc3a6
0bedfd302e5fc849518158b650612361fc160e99
a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /5802.36a9971f58c808c4a974.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"02a5d2834240fec01d23675f38c49eb9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dqxvs4uKKY0jlonl2EZS4lcBPjPD2xF2ZftMxZgAeXRXF7pXjeVXa7SIKok8nenaAd%2Fkb50QZR9tcrVm8uHGIYZQIxagQuNPXt1XPBStxWmnGVoCxnji0gaxKGMB2fsqcaMmj5WOrPp60OsY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 1141
server: cloudflare
cf-ray: 8755ec101ffa568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/QrPlane.a921709f266564f65b7e.tgs

172.67.216.165

2.1 kB

URL
web.tlgrm.app/QrPlane.a921709f266564f65b7e.tgs
IP
172.67.216.165:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
gzip compressed data, was "PlaneLogoPlain.json", last modified: Fri Dec 17 11:58:31 2021, from Unix
Size
2.1 kB (2101 bytes)
Hash
9fe5425a55be5cfd60c1ee5f2ca2c733
6055dbe3afe9575b921a9863534e91428a847021
486cbe566d05f023f3c72ec00b55f921deb1f7aed2efb630fe717425e2d98d0a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /QrPlane.a921709f266564f65b7e.tgs HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: null
content-length: 2101
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "890d9ac85cbbe6b57fc0f9b22d309e09"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N231dwvqfMed82BRq%2FgQDImuC9kicZa3iymb9e%2FsMzsYCS4kQm6MS6t4DxwTyvuOKio47W0GHiHvo%2F9%2BHaWjVmljyVqgk6IE%2FQTxkmCglCDbXSYHMRcXz9y3YXRu%2BzLp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8755ec119b7a568b-OSL
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/1649.23ef32650e96d33d6586.js

172.67.216.165

200 OK

93 kB

URL GET HTTP/3
web.tlgrm.app/1649.23ef32650e96d33d6586.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (44841)
Size
93 kB (93333 bytes)
Hash
d185f3823bb419e0227eb45b85facdca
b50068ba63e52fd9d71dbfa7cb42fe82a6f4af16
fbcc1367611f1d387d2b7340f92b66b4a0a5311742ec3d806d848692b98e78c9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /1649.23ef32650e96d33d6586.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"bca211a28e3bf3bb8205c56852c6247e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZS2g0yfD3inV%2FPdYj0HzbOP2TmFRM9zm23O45L2ZF5Zkqs3ckZg2LTQX0%2BMWgg08Uvs1gReRDq%2B1BpD1rneND9eLVPzIVlLcCIZcq7vSKts3TN2qq75Ar15l4Ite0W5slmfwhWh6mRUlzmQf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5812
server: cloudflare
cf-ray: 8755ec10c9cb568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/5802.36a9971f58c808c4a974.js

172.67.216.165

200 OK

48 kB

URL GET HTTP/3
web.tlgrm.app/5802.36a9971f58c808c4a974.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/4680.576825f543555dd2467c.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (21394)
Size
48 kB (47472 bytes)
Hash
377d06c30eebd149e43e37a12f0bc3a6
0bedfd302e5fc849518158b650612361fc160e99
a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /5802.36a9971f58c808c4a974.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"02a5d2834240fec01d23675f38c49eb9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dqxvs4uKKY0jlonl2EZS4lcBPjPD2xF2ZftMxZgAeXRXF7pXjeVXa7SIKok8nenaAd%2Fkb50QZR9tcrVm8uHGIYZQIxagQuNPXt1XPBStxWmnGVoCxnji0gaxKGMB2fsqcaMmj5WOrPp60OsY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 1141
server: cloudflare
cf-ray: 8755ec101ff2568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/blank.8dd283bceccca95a48d8.png

172.67.216.165

200 OK

68 B

URL GET HTTP/3
web.tlgrm.app/blank.8dd283bceccca95a48d8.png
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:47 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "ef2020b9b3ec6bc4c4c60d36848b22cd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=scmkWNf55amyyHUaWnWCYNma7Eus6CoSD9hd0YBaqADYF6iNP7Ef7okjxnurYGpyJ1u14VZ1to8bY23bEvWv%2FxcNC0Djh4Fbif6ODyUcDtgZ2UlmFCEb0hpE15AclXvs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5220
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec24eead568b-OSL
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/blank.8dd283bceccca95a48d8.png

172.67.216.165

200 OK

68 B

URL GET HTTP/3
web.tlgrm.app/blank.8dd283bceccca95a48d8.png
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:47 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "ef2020b9b3ec6bc4c4c60d36848b22cd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=scmkWNf55amyyHUaWnWCYNma7Eus6CoSD9hd0YBaqADYF6iNP7Ef7okjxnurYGpyJ1u14VZ1to8bY23bEvWv%2FxcNC0Djh4Fbif6ODyUcDtgZ2UlmFCEb0hpE15AclXvs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5220
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec255f96568b-OSL
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/blank.8dd283bceccca95a48d8.png

172.67.216.165

200 OK

68 B

URL GET HTTP/3
web.tlgrm.app/blank.8dd283bceccca95a48d8.png
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:47 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "ef2020b9b3ec6bc4c4c60d36848b22cd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=scmkWNf55amyyHUaWnWCYNma7Eus6CoSD9hd0YBaqADYF6iNP7Ef7okjxnurYGpyJ1u14VZ1to8bY23bEvWv%2FxcNC0Djh4Fbif6ODyUcDtgZ2UlmFCEb0hpE15AclXvs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5220
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec259ff9568b-OSL
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/4680.576825f543555dd2467c.js

172.67.216.165

200 OK

10 kB

URL GET HTTP/3
web.tlgrm.app/4680.576825f543555dd2467c.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (10226)
Size
10 kB (10280 bytes)
Hash
3b52bb297f0dab88c1d71f2834059343
f43b98d6a3cb7a7cc95ef23ec2ad470efb42c890
e64fe7500375590eb939625390955f9add6a8a0405db5976cb2b3bcbdb513b7b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /4680.576825f543555dd2467c.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"df0d291e2ecd442eb139be9d8cfd7700"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bdDe%2FlgGnJN7R39aF0wTmoM1U4U5vXxsM5CCiBeKBeF0vHOodSkM7TXU6gjhltI7l2fW0SprBPur1GIl7BYtIThmLeircUraY%2Fe59gafgeke1UV1tgPYmCCIX5pM5gI7Ioho3U4Ohlq74moF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5237
server: cloudflare
cf-ray: 8755ec0fcf4a568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/2041.5fe028b52e13d7a937b4.js

172.67.216.165

200 OK

140 kB

URL GET HTTP/3
web.tlgrm.app/2041.5fe028b52e13d7a937b4.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/4680.576825f543555dd2467c.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140234 bytes)
Hash
39c6ccbfd0be3bc43e412a138b4c9f89
440310a69dfb81c245f3cfeb4014a001db4ca72a
c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"88847817ff5ee5f3e7906785a0e6840d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhnuShCtecWYY6%2F7MYyAgKM4FBgILnWlz04SRcMZJvDVz0aBEqoJKESoqHd2Wx8imaDhA3nWyzdPRdUghyP%2FzL3AXrQDAhDZTQHD5VECdcsMtrKLQ6wjrrrQcp1CsKAi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec1058c5568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/redirect.js

172.67.216.165

200 OK

325 B

URL GET HTTP/3
web.tlgrm.app/redirect.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
ASCII text, with very long lines (336), with no line terminators
Size
325 B (325 bytes)
Hash
0f4bee764cf7e7080cc0c1a836d6c85a
7cdea3a612218fe6898aa117eb4598d7d0dce420
9d8ec261dba46e501288de7aee04435dfe1d8728b0bf65a4a79c08e5c90a5b54

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /redirect.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:43 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"5290fd99debbfcd7ffac7bafdfc4fcc4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SPwhIPBYT6jmfy0V86PdvsJbqd%2B25NLC2ew1UhxtUyuwCZzaO42P%2FF8ZCY8KJ2XNlFVN95ONYb3x5Htx1AhFBPyRZfwvMgIzdgKtBDWA8oP5OAzaKUnBH%2BT%2FSVF9ijGN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5634
server: cloudflare
cf-ray: 8755ec0daaf2568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/3748.9a383b0e9475cf32f44c.js

172.67.216.165

200 OK

9.8 kB

URL GET HTTP/3
web.tlgrm.app/3748.9a383b0e9475cf32f44c.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (9947), with no line terminators
Size
9.8 kB (9834 bytes)
Hash
6831555a3e9d155e86dcfa4440125a17
abd1a249ca915e5576205ee9bf310137db15db78
84660a8e9655e94167399b340112011733de79907f6f005e2d640a7ba78e7b8c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /3748.9a383b0e9475cf32f44c.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"e254c7743e1f6bf89b9afc65a9c3d504"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oFQrHaPqerhuBk61tvh3K3gLKZxM2GlHzt2INTlVnNqtzK80xaGuWGSNaK6KEnZsQpvRe%2B1gZ5mkbSYu%2BYRG0ofrShtoaRHSFTe6WORT7mQOhhf88bTiaiRp2nSbTQDOSJCI29Nc0S1i6wzd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5705
server: cloudflare
cf-ray: 8755ec0f2ddc568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/4680.576825f543555dd2467c.js

172.67.216.165

200 OK

10 kB

URL GET HTTP/3
web.tlgrm.app/4680.576825f543555dd2467c.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (10226)
Size
10 kB (10280 bytes)
Hash
3b52bb297f0dab88c1d71f2834059343
f43b98d6a3cb7a7cc95ef23ec2ad470efb42c890
e64fe7500375590eb939625390955f9add6a8a0405db5976cb2b3bcbdb513b7b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /4680.576825f543555dd2467c.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"df0d291e2ecd442eb139be9d8cfd7700"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bdDe%2FlgGnJN7R39aF0wTmoM1U4U5vXxsM5CCiBeKBeF0vHOodSkM7TXU6gjhltI7l2fW0SprBPur1GIl7BYtIThmLeircUraY%2Fe59gafgeke1UV1tgPYmCCIX5pM5gI7Ioho3U4Ohlq74moF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5237
server: cloudflare
cf-ray: 8755ec0fdf5c568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/2041.5fe028b52e13d7a937b4.js

172.67.216.165

200 OK

140 kB

URL GET HTTP/3
web.tlgrm.app/2041.5fe028b52e13d7a937b4.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/4680.576825f543555dd2467c.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140234 bytes)
Hash
39c6ccbfd0be3bc43e412a138b4c9f89
440310a69dfb81c245f3cfeb4014a001db4ca72a
c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"88847817ff5ee5f3e7906785a0e6840d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhnuShCtecWYY6%2F7MYyAgKM4FBgILnWlz04SRcMZJvDVz0aBEqoJKESoqHd2Wx8imaDhA3nWyzdPRdUghyP%2FzL3AXrQDAhDZTQHD5VECdcsMtrKLQ6wjrrrQcp1CsKAi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec10792d568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js

172.67.216.165

200 OK

66 kB

URL GET HTTP/3
web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/4680.576825f543555dd2467c.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65630 bytes)
Hash
3559b2b89d032ebe64593c61c4ce75a0
0f6cb82095dfedfff7a1eb3d320e6c991ff5f479
8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"1024cf3a0ee437c327108ef4275af38b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVq3LezONn4SowKzdcSITEIcrySY1SjXCqgLHnhBut13ZCY%2B3ZCd2T3T3aFABs6B9hFu%2B7%2BsFFq4ZHlL6wLOCi8JGlfMVB%2B9oFeLMoaEvaXeirkMGuAjYLL2yjTOm9%2F1xRzDeBpJcb5ruRus"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec109963568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js

172.67.216.165

200 OK

66 kB

URL GET HTTP/3
web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/4680.576825f543555dd2467c.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65630 bytes)
Hash
3559b2b89d032ebe64593c61c4ce75a0
0f6cb82095dfedfff7a1eb3d320e6c991ff5f479
8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"1024cf3a0ee437c327108ef4275af38b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVq3LezONn4SowKzdcSITEIcrySY1SjXCqgLHnhBut13ZCY%2B3ZCd2T3T3aFABs6B9hFu%2B7%2BsFFq4ZHlL6wLOCi8JGlfMVB%2B9oFeLMoaEvaXeirkMGuAjYLL2yjTOm9%2F1xRzDeBpJcb5ruRus"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec10b99b568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/

172.67.216.165

200 OK

3.2 kB

URL User Request GET HTTP/2
web.tlgrm.app/
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (3265), with no line terminators
Size
3.2 kB (3227 bytes)
Hash
0f9a1f2f337cb765dd91ad0fa4cb78a9
cab714023e1d57f179950e91b2c76f456d74c4a9
3b0d6d316241d4a7b24192dbd181714ddbd0cdf951786246cae74e5d940f9c18

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET / HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 17:33:43 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jcgulqhx5%2BrRzNTXOE3cw7TB3jnusOVOGyKbjncn4nIH75pnKtfG4od6KFiG2jEraKd%2FgYbOdQtP8cGP0XkU314pW3Z9zv5SdzZg8U7xDlVoIZuIzP%2Fn5l8gJa%2FWttA3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8755ec0b6ab0712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

t.me/_websync_?authed=0&version=10.9.2+A

0.0.0.0

0 B

URL GET
t.me/_websync_?authed=0&version=10.9.2+A
IP
0.0.0.0:0
ASN
#0

Requested by
https://web.tlgrm.app/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.t.me
FingerprintD7:CC:2A:92:7B:DC:AE:6A:D7:92:51:20:49:AD:3B:AC:F9:27:F8:16
ValidityFri, 06 Oct 2023 19:50:31 GMT - Wed, 06 Nov 2024 19:50:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_websync_?authed=0&version=10.9.2+A HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

web.tlgrm.app/2041.5fe028b52e13d7a937b4.js

172.67.216.165

200 OK

140 kB

URL GET HTTP/3
web.tlgrm.app/2041.5fe028b52e13d7a937b4.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/4680.576825f543555dd2467c.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140234 bytes)
Hash
39c6ccbfd0be3bc43e412a138b4c9f89
440310a69dfb81c245f3cfeb4014a001db4ca72a
c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"88847817ff5ee5f3e7906785a0e6840d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhnuShCtecWYY6%2F7MYyAgKM4FBgILnWlz04SRcMZJvDVz0aBEqoJKESoqHd2Wx8imaDhA3nWyzdPRdUghyP%2FzL3AXrQDAhDZTQHD5VECdcsMtrKLQ6wjrrrQcp1CsKAi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec1068f2568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/6839.01a53cbedf5d86d252ec.js

172.67.216.165

200 OK

46 kB

URL GET HTTP/3
web.tlgrm.app/6839.01a53cbedf5d86d252ec.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type

Size
46 kB (45754 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /6839.01a53cbedf5d86d252ec.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"f9d559c9090621ddd9f396e9b47b31d4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PN9qtq%2FaOQ%2F%2FBkfU5lPXJWm%2F1ErffuNXkh4yRfsp7YpIB9oTjtU0%2FN4FHYdkzEmUhQWskEt%2FywqR07esZGrgWIpl34NQiqHfhJkBv5R2w0Ok9XU5Esy%2BBfUvV7qZ7Ao6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 6772
server: cloudflare
cf-ray: 8755ec0f2dd8568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegram.me/_websync_?authed=0&version=10.9.2+A

0.0.0.0

0 B

URL GET
telegram.me/_websync_?authed=0&version=10.9.2+A
IP
0.0.0.0:0
ASN
#0

Requested by
https://web.tlgrm.app/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.me
FingerprintCA:AA:65:FE:33:CD:9C:CC:BB:2D:14:C7:05:66:C5:F7:7C:8D:63:2E
ValidityWed, 20 Sep 2023 01:49:33 GMT - Mon, 21 Oct 2024 01:49:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /_websync_?authed=0&version=10.9.2+A HTTP/1.1
Host: telegram.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js

172.67.216.165

200 OK

250 kB

URL GET HTTP/3
web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type

Size
250 kB (249926 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2385.6f0f83ec9f68bc8de538.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"7aaab73d27503c7e51f6ba0e782f840d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qhquACcoqAJVTWqBtY%2B089vUNYu28OtlPTWhxxFzIyMnaA9lCLd%2Bt3Kms%2F8EcqlDGhMlmGdtMqq%2F8s%2Bv%2BjrUH9BHHCAasg9HGG3UxCdOHDIBEyXQY3q9lttOV%2B3g5sQntImg1i6PvPEdq%2FvF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5813
server: cloudflare
cf-ray: 8755ec0fef81568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js

172.67.216.165

200 OK

66 kB

URL GET HTTP/3
web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/4680.576825f543555dd2467c.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65630 bytes)
Hash
3559b2b89d032ebe64593c61c4ce75a0
0f6cb82095dfedfff7a1eb3d320e6c991ff5f479
8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"1024cf3a0ee437c327108ef4275af38b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVq3LezONn4SowKzdcSITEIcrySY1SjXCqgLHnhBut13ZCY%2B3ZCd2T3T3aFABs6B9hFu%2B7%2BsFFq4ZHlL6wLOCi8JGlfMVB%2B9oFeLMoaEvaXeirkMGuAjYLL2yjTOm9%2F1xRzDeBpJcb5ruRus"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec10c9c5568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/1637.e6f824bce956dfcea81d.js

172.67.216.165

200 OK

295 kB

URL GET HTTP/3
web.tlgrm.app/1637.e6f824bce956dfcea81d.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type

Size
295 kB (294603 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /1637.e6f824bce956dfcea81d.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"0be78a67369ae25c1677a899e5943116"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fOPyeFW9KLemknj84T1ZRmihCmJ7dZXrQbQnrVBhemYdyPK6uX%2FHXRVPQS3hXNDj5ICoNT65tgHi0VYvYlouG7wsbut8hYLV3GMgFiqaXfNosYiSQmVqptZzOnWFqkuTwatig4jt2MmvrZ62"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5811
server: cloudflare
cf-ray: 8755ec117b48568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/chat-bg-br.f34cc96fbfb048812820.png

172.67.216.165

200 OK

1.9 kB

URL GET HTTP/3
web.tlgrm.app/chat-bg-br.f34cc96fbfb048812820.png
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
PNG image data, 50 x 50, 8-bit/color RGB, non-interlaced
Size
1.9 kB (1920 bytes)
Hash
ff2989744d4813c906047582226abd28
41b973276f7a99af05115b89b401aceb02f573c8
3151f7930d821bccf4a76cbbe4a3533e2b56bdff696f260c864ab639ac7526ea

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /chat-bg-br.f34cc96fbfb048812820.png HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/main.5e926e53b804308de57b.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: image/png
content-length: 1920
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "b44cd1d1a18ff5f302ca64f29cca3b27"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YLisHIlUP5ZDhQp7Q9cyMUjw56aBKlIqg9wOORQgYyxiZl51HjdRqDwTwn%2FD83fdFFF%2BPUWio6VVYaI36BNlG893vIQT12DFMJe4d53Icmhve5Hl%2BpL%2Fkb0Gpn%2B3N7mJrJskNxbpn%2Fba9zcp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5693
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec0f0dab568b-OSL
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/2041.5fe028b52e13d7a937b4.js

172.67.216.165

200 OK

140 kB

URL GET HTTP/3
web.tlgrm.app/2041.5fe028b52e13d7a937b4.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/4680.576825f543555dd2467c.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
140 kB (140234 bytes)
Hash
39c6ccbfd0be3bc43e412a138b4c9f89
440310a69dfb81c245f3cfeb4014a001db4ca72a
c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"88847817ff5ee5f3e7906785a0e6840d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhnuShCtecWYY6%2F7MYyAgKM4FBgILnWlz04SRcMZJvDVz0aBEqoJKESoqHd2Wx8imaDhA3nWyzdPRdUghyP%2FzL3AXrQDAhDZTQHD5VECdcsMtrKLQ6wjrrrQcp1CsKAi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec1058d7568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

zws2.web.telegram.org/apiws

149.154.167.99

101 Switching Protocols

0 B

URL GET HTTP/1.1
zws2.web.telegram.org/apiws
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://web.tlgrm.app/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.web.telegram.org
Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B
ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiws HTTP/1.1
Host: zws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://web.tlgrm.app
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: F+j5Wmyq2QcNdE4WgvbQzg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Tue, 16 Apr 2024 17:33:45 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cLDsMgj0AY3rteJakPP2YbxiX6o=
Sec-WebSocket-Protocol: binary

web.tlgrm.app/4680.576825f543555dd2467c.js

172.67.216.165

200 OK

10 kB

URL GET HTTP/3
web.tlgrm.app/4680.576825f543555dd2467c.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (10226)
Size
10 kB (10280 bytes)
Hash
3b52bb297f0dab88c1d71f2834059343
f43b98d6a3cb7a7cc95ef23ec2ad470efb42c890
e64fe7500375590eb939625390955f9add6a8a0405db5976cb2b3bcbdb513b7b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /4680.576825f543555dd2467c.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"df0d291e2ecd442eb139be9d8cfd7700"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bdDe%2FlgGnJN7R39aF0wTmoM1U4U5vXxsM5CCiBeKBeF0vHOodSkM7TXU6gjhltI7l2fW0SprBPur1GIl7BYtIThmLeircUraY%2Fe59gafgeke1UV1tgPYmCCIX5pM5gI7Ioho3U4Ohlq74moF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5237
server: cloudflare
cf-ray: 8755ec0fcf4e568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/8764.58763b7a689318950e51.js

172.67.216.165

200 OK

27 kB

URL GET HTTP/3
web.tlgrm.app/8764.58763b7a689318950e51.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (27305)
Size
27 kB (27442 bytes)
Hash
0198d988a3400c6f4abdcd15352e954d
27b573f135096fc85ce78ddd2dae6071de71bcd5
b38c94050169465563c915a3ca347af2cbf5cb981995a5bc3bc88b5cfe017ba9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /8764.58763b7a689318950e51.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"e26271191fc86ec63bb0b1b73a30478e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=61sucYAxP9PlCXPCSDAWEYVg%2FlQrCONbqJ%2FNhO55kGHai5k7m1ZQ9K0RtYp0VGBlzzxZOPKlDQ3bwopeeZfJhUGrRaXlldZz5RZIWdgjh1QAQ4NSpwFEEoS1rzZe8H3k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5812
server: cloudflare
cf-ray: 8755ec108941568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js

172.67.216.165

200 OK

66 kB

URL GET HTTP/3
web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/4680.576825f543555dd2467c.js
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65630 bytes)
Hash
3559b2b89d032ebe64593c61c4ce75a0
0f6cb82095dfedfff7a1eb3d320e6c991ff5f479
8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"1024cf3a0ee437c327108ef4275af38b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVq3LezONn4SowKzdcSITEIcrySY1SjXCqgLHnhBut13ZCY%2B3ZCd2T3T3aFABs6B9hFu%2B7%2BsFFq4ZHlL6wLOCi8JGlfMVB%2B9oFeLMoaEvaXeirkMGuAjYLL2yjTOm9%2F1xRzDeBpJcb5ruRus"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec10a97a568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/compatTest.js

172.67.216.165

200 OK

2.2 kB

URL GET HTTP/3
web.tlgrm.app/compatTest.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (2307), with no line terminators
Size
2.2 kB (2245 bytes)
Hash
b792e6991f514bc5008dcd7f2e42963b
81c34ba1b4d273df45b0a5980c8d7c677e63ba31
7ba328c8eb841cc060c30835a2c4bc2cbd08a35c8377df7bae6722d12d1f3307

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /compatTest.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:43 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"7c48263eed82897ab4fcf6ded4f63318"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CMYgyMyKYix9c5VPybqLAkZ%2FaTzFBjHJEPLOTPy4BYDwcWXS%2FCSxHahBu2chaB88EY81ZjnJPpF7eSAypMWBn9owq6N9HmtjfTlf34goEIE%2B4%2BVsmHU12aq9vN4VOm3q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5741
server: cloudflare
cf-ray: 8755ec0dbb07568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/favicon.svg

172.67.216.165

200 OK

892 B

URL GET HTTP/3
web.tlgrm.app/favicon.svg
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
SVG Scalable Vector Graphics image
Size
892 B (892 bytes)
Hash
fbfd454715d8180275b32bd48770a483
0716abb57416f83cfad3e17ff830039c0607b313
788c238be3597ef42c549caff599bb84e584790f43f7d6013d6a1987264bdbe1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /favicon.svg HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"b9c8a14eeb3e9a9392f5e93eca494a93"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gKTR5MyG1E3wMariDlIbbLti6Sjd7nNftMcF7P%2BT26%2BAWZX72Ty1PJnxK8KGqE90OdKxx%2FTLZLqsQYqwqa0oa48rntxKEt%2FU6wpmS2ehlWRHugMhwdjfXO%2BKxjTYBCuD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 4266
server: cloudflare
cf-ray: 8755ec0f8eb7568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

web.tlgrm.app/4680.576825f543555dd2467c.js

172.67.216.165

200 OK

10 kB

URL GET HTTP/3
web.tlgrm.app/4680.576825f543555dd2467c.js
IP
172.67.216.165:443
ASN
#13335 CLOUDFLARENET

Requested by
https://web.tlgrm.app/
Certificate
IssuerLet's Encrypt
Subjectweb.tlgrm.app
FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22
ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT

File type
JavaScript source, ASCII text, with very long lines (10226)
Size
10 kB (10280 bytes)
Hash
3b52bb297f0dab88c1d71f2834059343
f43b98d6a3cb7a7cc95ef23ec2ad470efb42c890
e64fe7500375590eb939625390955f9add6a8a0405db5976cb2b3bcbdb513b7b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /4680.576825f543555dd2467c.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"df0d291e2ecd442eb139be9d8cfd7700"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bdDe%2FlgGnJN7R39aF0wTmoM1U4U5vXxsM5CCiBeKBeF0vHOodSkM7TXU6gjhltI7l2fW0SprBPur1GIl7BYtIThmLeircUraY%2Fe59gafgeke1UV1tgPYmCCIX5pM5gI7Ioho3U4Ohlq74moF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5237
server: cloudflare
cf-ray: 8755ec0fcf45568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (42)

URL User Request GET HTTP/2

IP

ASN

Certificate