| | 188.114.96.1 | 301 Moved Permanently | 167 B |
URL User Request GET HTTP/2IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjecttlgrm.eu Fingerprint54:17:92:47:AF:1A:86:AE:A1:EF:F3:D8:6A:5F:D7:78:32:13:6F:67 ValidityTue, 16 Apr 2024 01:35:51 GMT - Mon, 15 Jul 2024 01:35:50 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash0104c301c5e02bd6148b8703d19b3a73 7436e0b4b1f8c222c38069890b75fa2baf9ca620 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET / HTTP/1.1
Host: web.tlgrm.eu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Tue, 16 Apr 2024 17:33:43 GMT
content-type: text/html
content-length: 167
location: https://web.tlgrm.app
cache-control: max-age=3600
expires: Tue, 16 Apr 2024 18:33:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q21mvCCXHtHgzSNPrt1hxkTC3cg15Pj%2FmXQ%2BBfwOOGph60xb%2Bkr2lVQs3SD85GLgXehUOIDqbGvFVBee0xpAoYGIz2BNTSKY%2BWfnMNUTrqP62ToBkhqp69gpWgDGNGc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8755ec0aed81568b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| web.tlgrm.app/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 | 172.67.216.165 | 200 OK | 11 kB |
URL GET HTTP/3web.tlgrm.app/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11016, version 1.0 Hash15fa3062f8929bd3b05fdca5259db412 6ff06a34f68ad0324ddec1bbe4d453c959178b36 5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://web.tlgrm.app/main.5e926e53b804308de57b.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: font/woff2
content-length: 11016
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "741b4527b63febbccc571bad3f4f23cf"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2odLg%2F95G1%2BScmSVBIs0D1QFgcJOretNRP6HApqsXmpZhZf7Ar6%2BW%2BvsdGWOKjOVQyQB1aJF4m6OH6nf5srcuTIdfKZEA7b%2Fvg1adOr80LFH%2BUjyEfucbaHwy7Rp%2Bxig"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 746
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec0ebd0f568b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/1915.44f46b9209d4c21e2dae.js | 172.67.216.165 | 200 OK | 8.4 kB |
URL GET HTTP/3web.tlgrm.app/1915.44f46b9209d4c21e2dae.js IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (18106) Hashfd4abffe4de6fa1955cb7c9df7c0a808 860f583e5ef2f6ddcc0c464fb4a87d7e6eb955b8 166b9c140da17864486aaa8e6d53ad4169ffaac1b2101c73680550f9331c926f
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /1915.44f46b9209d4c21e2dae.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"e3f8b7d4b627a2a6d6b26f1ff82c07d8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rNrWjpTPu4fE129AXHAiCvDCBK2ZxVeyCpZcHlHD13w7XD%2Bpr5LGBPNm6kb7X1ng5HNO8MrQk9egQqNIdmSY349JyoUI4ni79oFnGxkzl1uJjbj4y%2BIhBZYBQ5qT89Pp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5240
server: cloudflare
cf-ray: 8755ec0eed69568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 | 172.67.216.165 | 200 OK | 11 kB |
URL GET HTTP/3web.tlgrm.app/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 11056, version 1.0 Hash07db243db21ed0a6b4ff05ff429686b7 5d62925fdd7ed8e80f206d095ed093994f13d276 ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.324b1e6d0f5ae7c6ab42.woff2 HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://web.tlgrm.app/main.5e926e53b804308de57b.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: font/woff2
content-length: 11056
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "d0122a2078b736d8f34c46ec02e88eb0"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Yeenmyz9yqAeoDjfkKz61FdDJPj5gEMLZDlCHPto9iTra7X5jPasracGfsP3DrhdFobzY3R%2FYofKGOnl36jK0UUtRXk2v3kZFx6X4usea%2Fxdt%2BEzJX1lgNxteMwfeJR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 669
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec0f0db1568b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/chat-bg-pattern-light.ee148af944f6580293ae.png | 172.67.216.165 | 200 OK | 273 kB |
URL GET HTTP/3web.tlgrm.app/chat-bg-pattern-light.ee148af944f6580293ae.png IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typePNG image data, 1123 x 2307, 4-bit colormap, non-interlaced Size273 kB (272875 bytes) Hash3d558d8de7082a2b2355076c8988c3fd d74980e29b0ec2f102b0dcd614503fd42a255b85 00745db819d91c37bf0f59bee00ab2efe9766fddcb726ff1bcb6847748b2bbc7
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /chat-bg-pattern-light.ee148af944f6580293ae.png HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/main.5e926e53b804308de57b.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: image/png
content-length: 272875
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "7ecd785f0675960e25e3acfe969d5e78"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hWbhRk%2Fei12FgUT7KXqILF2qBJcEElNyTGtxs1SnySTvTFJoEXMqiR1q3Jz3h0XFB%2FDyOLkL0d09uBiv4ALsVKNmPKNzeMcCMB%2FwP%2BhG2LfKojGM5pfVIakrYjJngttA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5093
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec0f0dae568b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/notification.mp3 | 172.67.216.165 | 206 Partial Content | 11 kB |
URL GET HTTP/3web.tlgrm.app/notification.mp3 IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeAudio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo Hasheba09b6a457792c52fc610b5f9f974b3 95e6e0f7648e28ea21bc434054ea59aba3a35aea 86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /notification.mp3 HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://web.tlgrm.app/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 206 Partial Content
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: audio/mpeg
content-length: 10880
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "0a92cb1fe03590e956b4e206001f1a3b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dfwjif7zBWVxnbKyzgRJRZqgpqY11X8hVe3ZufGpPzzy87RPn7jr%2FwW5nQe5dTeZ%2BqAfUcv0YuFnHQUaft7bV9v4kD7m%2FOWyWy%2F2%2BdqbahDzKZ%2Bt%2BVvouugFnPSlUEyBHaiUtjRZy8j6G%2B8N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5285
content-range: bytes 0-10879/10880
server: cloudflare
cf-ray: 8755ec0f6e6d568b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/icon-192x192.png | 172.67.216.165 | 200 OK | 3.1 kB |
URL GET HTTP/3web.tlgrm.app/icon-192x192.png IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typePNG image data, 192 x 192, 8-bit colormap, non-interlaced Hash1a1650d2c76bfc1ac484646c19e495b9 fe58d66042ce9241226f5da9370230285ff604fc 6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /icon-192x192.png HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: image/png
content-length: 3059
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "92c7c04a05d4809e93743960f1628e8f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aGhLvO0qp8qWcRx%2F7hgmhXMivCw0RyiawX1ABLqMwO%2FZ5FyUt0TwYqdYsPA0Y2o12GB%2BgcGh5SKcT%2BmP0wrgd984YefHfNzSKGorfThB0JX3CLWdGddfRkg%2BHI6JxuzsD9jIR7HruEWQ%2FoaA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5111
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec0f8eb2568b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/main.5e926e53b804308de57b.css | 172.67.216.165 | 200 OK | 22 kB |
URL GET HTTP/3web.tlgrm.app/main.5e926e53b804308de57b.css IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeASCII text, with very long lines (11172) Hash1f303ef1e2b46fe13fd84dfd0bb2e002 8542a59b9b5ef54414626d014b728b7548fc25cd 0aa33cc81ea838c2ceeb56b8c468958a65bba68579310ea7971d8f021bac397f
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /main.5e926e53b804308de57b.css HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:43 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"2d29fbfacc0126dfde31517469da2e21"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=COD47ENVPP7Cff7nCEOdyZAXMG1VuRVr%2Bz2SvFvXqFZLzNDtXry7I0Nlc9kxg27fZpVAAK7w6s%2FJ3AgdjSOjkBDUuVvjd7hA7%2Bsk0OnCrizcXSF8CpFrYG4mRt3MtHMPM34dDX9jbraN1Ayy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 6879
server: cloudflare
cf-ray: 8755ec0daaff568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/main.d9ab5788a4b75c69716d.js | 172.67.216.165 | 200 OK | 128 kB |
URL GET HTTP/3web.tlgrm.app/main.d9ab5788a4b75c69716d.js IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators Size128 kB (128374 bytes) Hash5e3a8f8a4eecb1be83781c8a8c30d747 0da3676401b4af8c14370cd327d4bad57ad8d434 bfcf00e1e44b7b609f21dfc4e50f7c2d0046ef7222e8d7b1d7daede6cfc2be9d
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /main.d9ab5788a4b75c69716d.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:43 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"12083a653c603869f664de99401fdd4b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0hNGCiCxFp3J9T1dYkvXfNYsqoJWLZhF1Y4PV51Qo9zMx5y%2Fmhof%2FSQhBtKrzibOoO0pQeek91WlHmWKSYXMNWmlesvK59zxyU7BEnnejCnCFYSXsdMiCnY64r6Koj0Y%2BM5cretr7JecwcTx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 6879
server: cloudflare
cf-ray: 8755ec0daafb568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/5802.36a9971f58c808c4a974.js | 172.67.216.165 | 200 OK | 7.9 kB |
URL GET HTTP/3web.tlgrm.app/5802.36a9971f58c808c4a974.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/4680.576825f543555dd2467c.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (21394) Hash377d06c30eebd149e43e37a12f0bc3a6 0bedfd302e5fc849518158b650612361fc160e99 a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /5802.36a9971f58c808c4a974.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"02a5d2834240fec01d23675f38c49eb9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dqxvs4uKKY0jlonl2EZS4lcBPjPD2xF2ZftMxZgAeXRXF7pXjeVXa7SIKok8nenaAd%2Fkb50QZR9tcrVm8uHGIYZQIxagQuNPXt1XPBStxWmnGVoCxnji0gaxKGMB2fsqcaMmj5WOrPp60OsY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 1141
server: cloudflare
cf-ray: 8755ec102830568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/5802.36a9971f58c808c4a974.js | 172.67.216.165 | 200 OK | 48 kB |
URL GET HTTP/3web.tlgrm.app/5802.36a9971f58c808c4a974.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/4680.576825f543555dd2467c.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (21394) Hash377d06c30eebd149e43e37a12f0bc3a6 0bedfd302e5fc849518158b650612361fc160e99 a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /5802.36a9971f58c808c4a974.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"02a5d2834240fec01d23675f38c49eb9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dqxvs4uKKY0jlonl2EZS4lcBPjPD2xF2ZftMxZgAeXRXF7pXjeVXa7SIKok8nenaAd%2Fkb50QZR9tcrVm8uHGIYZQIxagQuNPXt1XPBStxWmnGVoCxnji0gaxKGMB2fsqcaMmj5WOrPp60OsY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 1141
server: cloudflare
cf-ray: 8755ec101ffa568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/QrPlane.a921709f266564f65b7e.tgs | 172.67.216.165 | | 2.1 kB |
URL web.tlgrm.app/QrPlane.a921709f266564f65b7e.tgs IP172.67.216.165:0
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typegzip compressed data, was "PlaneLogoPlain.json", last modified: Fri Dec 17 11:58:31 2021, from Unix Hash9fe5425a55be5cfd60c1ee5f2ca2c733 6055dbe3afe9575b921a9863534e91428a847021 486cbe566d05f023f3c72ec00b55f921deb1f7aed2efb630fe717425e2d98d0a
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /QrPlane.a921709f266564f65b7e.tgs HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: null
content-length: 2101
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "890d9ac85cbbe6b57fc0f9b22d309e09"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N231dwvqfMed82BRq%2FgQDImuC9kicZa3iymb9e%2FsMzsYCS4kQm6MS6t4DxwTyvuOKio47W0GHiHvo%2F9%2BHaWjVmljyVqgk6IE%2FQTxkmCglCDbXSYHMRcXz9y3YXRu%2BzLp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8755ec119b7a568b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/1649.23ef32650e96d33d6586.js | 172.67.216.165 | 200 OK | 93 kB |
URL GET HTTP/3web.tlgrm.app/1649.23ef32650e96d33d6586.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (44841) Hashd185f3823bb419e0227eb45b85facdca b50068ba63e52fd9d71dbfa7cb42fe82a6f4af16 fbcc1367611f1d387d2b7340f92b66b4a0a5311742ec3d806d848692b98e78c9
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /1649.23ef32650e96d33d6586.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"bca211a28e3bf3bb8205c56852c6247e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZS2g0yfD3inV%2FPdYj0HzbOP2TmFRM9zm23O45L2ZF5Zkqs3ckZg2LTQX0%2BMWgg08Uvs1gReRDq%2B1BpD1rneND9eLVPzIVlLcCIZcq7vSKts3TN2qq75Ar15l4Ite0W5slmfwhWh6mRUlzmQf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5812
server: cloudflare
cf-ray: 8755ec10c9cb568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/5802.36a9971f58c808c4a974.js | 172.67.216.165 | 200 OK | 48 kB |
URL GET HTTP/3web.tlgrm.app/5802.36a9971f58c808c4a974.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/4680.576825f543555dd2467c.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (21394) Hash377d06c30eebd149e43e37a12f0bc3a6 0bedfd302e5fc849518158b650612361fc160e99 a6456f4285ecaf7f44d25cde45f56f6afefbb7fea2e36633e4bb4e0e5ebb8779
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /5802.36a9971f58c808c4a974.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"02a5d2834240fec01d23675f38c49eb9"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dqxvs4uKKY0jlonl2EZS4lcBPjPD2xF2ZftMxZgAeXRXF7pXjeVXa7SIKok8nenaAd%2Fkb50QZR9tcrVm8uHGIYZQIxagQuNPXt1XPBStxWmnGVoCxnji0gaxKGMB2fsqcaMmj5WOrPp60OsY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 1141
server: cloudflare
cf-ray: 8755ec101ff2568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/blank.8dd283bceccca95a48d8.png | 172.67.216.165 | 200 OK | 68 B |
URL GET HTTP/3web.tlgrm.app/blank.8dd283bceccca95a48d8.png IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typePNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced Hash91e42db1c66c0b276abf6234dc50b2eb c1986af3c26609b8b7d8933f99c51c1a89e9ea6b 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:47 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "ef2020b9b3ec6bc4c4c60d36848b22cd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=scmkWNf55amyyHUaWnWCYNma7Eus6CoSD9hd0YBaqADYF6iNP7Ef7okjxnurYGpyJ1u14VZ1to8bY23bEvWv%2FxcNC0Djh4Fbif6ODyUcDtgZ2UlmFCEb0hpE15AclXvs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5220
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec24eead568b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/blank.8dd283bceccca95a48d8.png | 172.67.216.165 | 200 OK | 68 B |
URL GET HTTP/3web.tlgrm.app/blank.8dd283bceccca95a48d8.png IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typePNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced Hash91e42db1c66c0b276abf6234dc50b2eb c1986af3c26609b8b7d8933f99c51c1a89e9ea6b 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:47 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "ef2020b9b3ec6bc4c4c60d36848b22cd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=scmkWNf55amyyHUaWnWCYNma7Eus6CoSD9hd0YBaqADYF6iNP7Ef7okjxnurYGpyJ1u14VZ1to8bY23bEvWv%2FxcNC0Djh4Fbif6ODyUcDtgZ2UlmFCEb0hpE15AclXvs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5220
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec255f96568b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/blank.8dd283bceccca95a48d8.png | 172.67.216.165 | 200 OK | 68 B |
URL GET HTTP/3web.tlgrm.app/blank.8dd283bceccca95a48d8.png IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typePNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced Hash91e42db1c66c0b276abf6234dc50b2eb c1986af3c26609b8b7d8933f99c51c1a89e9ea6b 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /blank.8dd283bceccca95a48d8.png HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:47 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "ef2020b9b3ec6bc4c4c60d36848b22cd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=scmkWNf55amyyHUaWnWCYNma7Eus6CoSD9hd0YBaqADYF6iNP7Ef7okjxnurYGpyJ1u14VZ1to8bY23bEvWv%2FxcNC0Djh4Fbif6ODyUcDtgZ2UlmFCEb0hpE15AclXvs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5220
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec259ff9568b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/4680.576825f543555dd2467c.js | 172.67.216.165 | 200 OK | 10 kB |
URL GET HTTP/3web.tlgrm.app/4680.576825f543555dd2467c.js IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (10226) Hash3b52bb297f0dab88c1d71f2834059343 f43b98d6a3cb7a7cc95ef23ec2ad470efb42c890 e64fe7500375590eb939625390955f9add6a8a0405db5976cb2b3bcbdb513b7b
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /4680.576825f543555dd2467c.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"df0d291e2ecd442eb139be9d8cfd7700"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bdDe%2FlgGnJN7R39aF0wTmoM1U4U5vXxsM5CCiBeKBeF0vHOodSkM7TXU6gjhltI7l2fW0SprBPur1GIl7BYtIThmLeircUraY%2Fe59gafgeke1UV1tgPYmCCIX5pM5gI7Ioho3U4Ohlq74moF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5237
server: cloudflare
cf-ray: 8755ec0fcf4a568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/2041.5fe028b52e13d7a937b4.js | 172.67.216.165 | 200 OK | 140 kB |
URL GET HTTP/3web.tlgrm.app/2041.5fe028b52e13d7a937b4.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/4680.576825f543555dd2467c.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size140 kB (140234 bytes) Hash39c6ccbfd0be3bc43e412a138b4c9f89 440310a69dfb81c245f3cfeb4014a001db4ca72a c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"88847817ff5ee5f3e7906785a0e6840d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhnuShCtecWYY6%2F7MYyAgKM4FBgILnWlz04SRcMZJvDVz0aBEqoJKESoqHd2Wx8imaDhA3nWyzdPRdUghyP%2FzL3AXrQDAhDZTQHD5VECdcsMtrKLQ6wjrrrQcp1CsKAi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec1058c5568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/redirect.js | 172.67.216.165 | 200 OK | 325 B |
URL GET HTTP/3web.tlgrm.app/redirect.js IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeASCII text, with very long lines (336), with no line terminators Hash0f4bee764cf7e7080cc0c1a836d6c85a 7cdea3a612218fe6898aa117eb4598d7d0dce420 9d8ec261dba46e501288de7aee04435dfe1d8728b0bf65a4a79c08e5c90a5b54
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /redirect.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:43 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"5290fd99debbfcd7ffac7bafdfc4fcc4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SPwhIPBYT6jmfy0V86PdvsJbqd%2B25NLC2ew1UhxtUyuwCZzaO42P%2FF8ZCY8KJ2XNlFVN95ONYb3x5Htx1AhFBPyRZfwvMgIzdgKtBDWA8oP5OAzaKUnBH%2BT%2FSVF9ijGN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5634
server: cloudflare
cf-ray: 8755ec0daaf2568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/3748.9a383b0e9475cf32f44c.js | 172.67.216.165 | 200 OK | 9.8 kB |
URL GET HTTP/3web.tlgrm.app/3748.9a383b0e9475cf32f44c.js IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (9947), with no line terminators Hash6831555a3e9d155e86dcfa4440125a17 abd1a249ca915e5576205ee9bf310137db15db78 84660a8e9655e94167399b340112011733de79907f6f005e2d640a7ba78e7b8c
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /3748.9a383b0e9475cf32f44c.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"e254c7743e1f6bf89b9afc65a9c3d504"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oFQrHaPqerhuBk61tvh3K3gLKZxM2GlHzt2INTlVnNqtzK80xaGuWGSNaK6KEnZsQpvRe%2B1gZ5mkbSYu%2BYRG0ofrShtoaRHSFTe6WORT7mQOhhf88bTiaiRp2nSbTQDOSJCI29Nc0S1i6wzd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5705
server: cloudflare
cf-ray: 8755ec0f2ddc568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/4680.576825f543555dd2467c.js | 172.67.216.165 | 200 OK | 10 kB |
URL GET HTTP/3web.tlgrm.app/4680.576825f543555dd2467c.js IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (10226) Hash3b52bb297f0dab88c1d71f2834059343 f43b98d6a3cb7a7cc95ef23ec2ad470efb42c890 e64fe7500375590eb939625390955f9add6a8a0405db5976cb2b3bcbdb513b7b
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /4680.576825f543555dd2467c.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"df0d291e2ecd442eb139be9d8cfd7700"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bdDe%2FlgGnJN7R39aF0wTmoM1U4U5vXxsM5CCiBeKBeF0vHOodSkM7TXU6gjhltI7l2fW0SprBPur1GIl7BYtIThmLeircUraY%2Fe59gafgeke1UV1tgPYmCCIX5pM5gI7Ioho3U4Ohlq74moF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5237
server: cloudflare
cf-ray: 8755ec0fdf5c568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/2041.5fe028b52e13d7a937b4.js | 172.67.216.165 | 200 OK | 140 kB |
URL GET HTTP/3web.tlgrm.app/2041.5fe028b52e13d7a937b4.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/4680.576825f543555dd2467c.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size140 kB (140234 bytes) Hash39c6ccbfd0be3bc43e412a138b4c9f89 440310a69dfb81c245f3cfeb4014a001db4ca72a c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"88847817ff5ee5f3e7906785a0e6840d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhnuShCtecWYY6%2F7MYyAgKM4FBgILnWlz04SRcMZJvDVz0aBEqoJKESoqHd2Wx8imaDhA3nWyzdPRdUghyP%2FzL3AXrQDAhDZTQHD5VECdcsMtrKLQ6wjrrrQcp1CsKAi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec10792d568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js | 172.67.216.165 | 200 OK | 66 kB |
URL GET HTTP/3web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/4680.576825f543555dd2467c.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash3559b2b89d032ebe64593c61c4ce75a0 0f6cb82095dfedfff7a1eb3d320e6c991ff5f479 8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"1024cf3a0ee437c327108ef4275af38b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVq3LezONn4SowKzdcSITEIcrySY1SjXCqgLHnhBut13ZCY%2B3ZCd2T3T3aFABs6B9hFu%2B7%2BsFFq4ZHlL6wLOCi8JGlfMVB%2B9oFeLMoaEvaXeirkMGuAjYLL2yjTOm9%2F1xRzDeBpJcb5ruRus"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec109963568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js | 172.67.216.165 | 200 OK | 66 kB |
URL GET HTTP/3web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/4680.576825f543555dd2467c.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash3559b2b89d032ebe64593c61c4ce75a0 0f6cb82095dfedfff7a1eb3d320e6c991ff5f479 8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"1024cf3a0ee437c327108ef4275af38b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVq3LezONn4SowKzdcSITEIcrySY1SjXCqgLHnhBut13ZCY%2B3ZCd2T3T3aFABs6B9hFu%2B7%2BsFFq4ZHlL6wLOCi8JGlfMVB%2B9oFeLMoaEvaXeirkMGuAjYLL2yjTOm9%2F1xRzDeBpJcb5ruRus"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec10b99b568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 172.67.216.165 | 200 OK | 3.2 kB |
URL User Request GET HTTP/2IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (3265), with no line terminators Hash0f9a1f2f337cb765dd91ad0fa4cb78a9 cab714023e1d57f179950e91b2c76f456d74c4a9 3b0d6d316241d4a7b24192dbd181714ddbd0cdf951786246cae74e5d940f9c18
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET / HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 16 Apr 2024 17:33:43 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jcgulqhx5%2BrRzNTXOE3cw7TB3jnusOVOGyKbjncn4nIH75pnKtfG4od6KFiG2jEraKd%2FgYbOdQtP8cGP0XkU314pW3Z9zv5SdzZg8U7xDlVoIZuIzP%2Fn5l8gJa%2FWttA3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8755ec0b6ab0712b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| t.me/_websync_?authed=0&version=10.9.2+A | 0.0.0.0 | | 0 B |
URL GET t.me/_websync_?authed=0&version=10.9.2+A IP0.0.0.0:0
CertificateIssuerGoDaddy.com, Inc. Subject*.t.me FingerprintD7:CC:2A:92:7B:DC:AE:6A:D7:92:51:20:49:AD:3B:AC:F9:27:F8:16 ValidityFri, 06 Oct 2023 19:50:31 GMT - Wed, 06 Nov 2024 19:50:31 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_websync_?authed=0&version=10.9.2+A HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2
|
|
| web.tlgrm.app/2041.5fe028b52e13d7a937b4.js | 172.67.216.165 | 200 OK | 140 kB |
URL GET HTTP/3web.tlgrm.app/2041.5fe028b52e13d7a937b4.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/4680.576825f543555dd2467c.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size140 kB (140234 bytes) Hash39c6ccbfd0be3bc43e412a138b4c9f89 440310a69dfb81c245f3cfeb4014a001db4ca72a c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"88847817ff5ee5f3e7906785a0e6840d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhnuShCtecWYY6%2F7MYyAgKM4FBgILnWlz04SRcMZJvDVz0aBEqoJKESoqHd2Wx8imaDhA3nWyzdPRdUghyP%2FzL3AXrQDAhDZTQHD5VECdcsMtrKLQ6wjrrrQcp1CsKAi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec1068f2568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/6839.01a53cbedf5d86d252ec.js | 172.67.216.165 | 200 OK | 46 kB |
URL GET HTTP/3web.tlgrm.app/6839.01a53cbedf5d86d252ec.js IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /6839.01a53cbedf5d86d252ec.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"f9d559c9090621ddd9f396e9b47b31d4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PN9qtq%2FaOQ%2F%2FBkfU5lPXJWm%2F1ErffuNXkh4yRfsp7YpIB9oTjtU0%2FN4FHYdkzEmUhQWskEt%2FywqR07esZGrgWIpl34NQiqHfhJkBv5R2w0Ok9XU5Esy%2BBfUvV7qZ7Ao6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 6772
server: cloudflare
cf-ray: 8755ec0f2dd8568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegram.me/_websync_?authed=0&version=10.9.2+A | 0.0.0.0 | | 0 B |
URL GET telegram.me/_websync_?authed=0&version=10.9.2+A IP0.0.0.0:0
CertificateIssuerGoDaddy.com, Inc. Subject*.telegram.me FingerprintCA:AA:65:FE:33:CD:9C:CC:BB:2D:14:C7:05:66:C5:F7:7C:8D:63:2E ValidityWed, 20 Sep 2023 01:49:33 GMT - Mon, 21 Oct 2024 01:49:33 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /_websync_?authed=0&version=10.9.2+A HTTP/1.1
Host: telegram.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/json; charset=utf-8
content-length: 24
set-cookie: stel_web_auth=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
stel_web_force=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2
|
|
| web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js | 172.67.216.165 | 200 OK | 250 kB |
URL GET HTTP/3web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
Size250 kB (249926 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /2385.6f0f83ec9f68bc8de538.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"7aaab73d27503c7e51f6ba0e782f840d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qhquACcoqAJVTWqBtY%2B089vUNYu28OtlPTWhxxFzIyMnaA9lCLd%2Bt3Kms%2F8EcqlDGhMlmGdtMqq%2F8s%2Bv%2BjrUH9BHHCAasg9HGG3UxCdOHDIBEyXQY3q9lttOV%2B3g5sQntImg1i6PvPEdq%2FvF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5813
server: cloudflare
cf-ray: 8755ec0fef81568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js | 172.67.216.165 | 200 OK | 66 kB |
URL GET HTTP/3web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/4680.576825f543555dd2467c.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash3559b2b89d032ebe64593c61c4ce75a0 0f6cb82095dfedfff7a1eb3d320e6c991ff5f479 8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"1024cf3a0ee437c327108ef4275af38b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVq3LezONn4SowKzdcSITEIcrySY1SjXCqgLHnhBut13ZCY%2B3ZCd2T3T3aFABs6B9hFu%2B7%2BsFFq4ZHlL6wLOCi8JGlfMVB%2B9oFeLMoaEvaXeirkMGuAjYLL2yjTOm9%2F1xRzDeBpJcb5ruRus"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec10c9c5568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/1637.e6f824bce956dfcea81d.js | 172.67.216.165 | 200 OK | 295 kB |
URL GET HTTP/3web.tlgrm.app/1637.e6f824bce956dfcea81d.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
Size295 kB (294603 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /1637.e6f824bce956dfcea81d.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"0be78a67369ae25c1677a899e5943116"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fOPyeFW9KLemknj84T1ZRmihCmJ7dZXrQbQnrVBhemYdyPK6uX%2FHXRVPQS3hXNDj5ICoNT65tgHi0VYvYlouG7wsbut8hYLV3GMgFiqaXfNosYiSQmVqptZzOnWFqkuTwatig4jt2MmvrZ62"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5811
server: cloudflare
cf-ray: 8755ec117b48568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/chat-bg-br.f34cc96fbfb048812820.png | 172.67.216.165 | 200 OK | 1.9 kB |
URL GET HTTP/3web.tlgrm.app/chat-bg-br.f34cc96fbfb048812820.png IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typePNG image data, 50 x 50, 8-bit/color RGB, non-interlaced Hashff2989744d4813c906047582226abd28 41b973276f7a99af05115b89b401aceb02f573c8 3151f7930d821bccf4a76cbbe4a3533e2b56bdff696f260c864ab639ac7526ea
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /chat-bg-br.f34cc96fbfb048812820.png HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/main.5e926e53b804308de57b.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: image/png
content-length: 1920
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "b44cd1d1a18ff5f302ca64f29cca3b27"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YLisHIlUP5ZDhQp7Q9cyMUjw56aBKlIqg9wOORQgYyxiZl51HjdRqDwTwn%2FD83fdFFF%2BPUWio6VVYaI36BNlG893vIQT12DFMJe4d53Icmhve5Hl%2BpL%2Fkb0Gpn%2B3N7mJrJskNxbpn%2Fba9zcp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5693
accept-ranges: bytes
server: cloudflare
cf-ray: 8755ec0f0dab568b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/2041.5fe028b52e13d7a937b4.js | 172.67.216.165 | 200 OK | 140 kB |
URL GET HTTP/3web.tlgrm.app/2041.5fe028b52e13d7a937b4.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/4680.576825f543555dd2467c.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeASCII text, with very long lines (65536), with no line terminators Size140 kB (140234 bytes) Hash39c6ccbfd0be3bc43e412a138b4c9f89 440310a69dfb81c245f3cfeb4014a001db4ca72a c16171043dbabab93f501b594c1a988e99b034cd39dc6c50b1809a47d64036a4
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /2041.5fe028b52e13d7a937b4.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"88847817ff5ee5f3e7906785a0e6840d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PhnuShCtecWYY6%2F7MYyAgKM4FBgILnWlz04SRcMZJvDVz0aBEqoJKESoqHd2Wx8imaDhA3nWyzdPRdUghyP%2FzL3AXrQDAhDZTQHD5VECdcsMtrKLQ6wjrrrQcp1CsKAi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec1058d7568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| zws2.web.telegram.org/apiws | 149.154.167.99 | 101 Switching Protocols | 0 B |
URL GET HTTP/1.1zws2.web.telegram.org/apiws IP149.154.167.99:443 ASN#62041 Telegram Messenger Inc
CertificateIssuerGoDaddy.com, Inc. Subject*.web.telegram.org Fingerprint74:51:4A:F8:C5:D2:E1:36:68:30:25:98:05:27:E8:6F:57:FC:E0:3B ValidityWed, 30 Aug 2023 00:40:43 GMT - Mon, 30 Sep 2024 00:40:43 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /apiws HTTP/1.1
Host: zws2.web.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://web.tlgrm.app
Sec-WebSocket-Protocol: binary
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: F+j5Wmyq2QcNdE4WgvbQzg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx/1.18.0
Date: Tue, 16 Apr 2024 17:33:45 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: cLDsMgj0AY3rteJakPP2YbxiX6o=
Sec-WebSocket-Protocol: binary
|
|
| web.tlgrm.app/4680.576825f543555dd2467c.js | 172.67.216.165 | 200 OK | 10 kB |
URL GET HTTP/3web.tlgrm.app/4680.576825f543555dd2467c.js IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (10226) Hash3b52bb297f0dab88c1d71f2834059343 f43b98d6a3cb7a7cc95ef23ec2ad470efb42c890 e64fe7500375590eb939625390955f9add6a8a0405db5976cb2b3bcbdb513b7b
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /4680.576825f543555dd2467c.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"df0d291e2ecd442eb139be9d8cfd7700"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bdDe%2FlgGnJN7R39aF0wTmoM1U4U5vXxsM5CCiBeKBeF0vHOodSkM7TXU6gjhltI7l2fW0SprBPur1GIl7BYtIThmLeircUraY%2Fe59gafgeke1UV1tgPYmCCIX5pM5gI7Ioho3U4Ohlq74moF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5237
server: cloudflare
cf-ray: 8755ec0fcf4e568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/8764.58763b7a689318950e51.js | 172.67.216.165 | 200 OK | 27 kB |
URL GET HTTP/3web.tlgrm.app/8764.58763b7a689318950e51.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (27305) Hash0198d988a3400c6f4abdcd15352e954d 27b573f135096fc85ce78ddd2dae6071de71bcd5 b38c94050169465563c915a3ca347af2cbf5cb981995a5bc3bc88b5cfe017ba9
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /8764.58763b7a689318950e51.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/2385.6f0f83ec9f68bc8de538.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"e26271191fc86ec63bb0b1b73a30478e"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=61sucYAxP9PlCXPCSDAWEYVg%2FlQrCONbqJ%2FNhO55kGHai5k7m1ZQ9K0RtYp0VGBlzzxZOPKlDQ3bwopeeZfJhUGrRaXlldZz5RZIWdgjh1QAQ4NSpwFEEoS1rzZe8H3k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5812
server: cloudflare
cf-ray: 8755ec108941568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js | 172.67.216.165 | 200 OK | 66 kB |
URL GET HTTP/3web.tlgrm.app/rlottie-wasm.5e3833cedb8fb71c8d8e.js IP172.67.216.165:443
Requested byhttps://web.tlgrm.app/4680.576825f543555dd2467c.js CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hash3559b2b89d032ebe64593c61c4ce75a0 0f6cb82095dfedfff7a1eb3d320e6c991ff5f479 8524c2222885bf761b5f366d8e1d465a668f7061f8fcc2f01250d446b2dc554a
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /rlottie-wasm.5e3833cedb8fb71c8d8e.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://web.tlgrm.app/4680.576825f543555dd2467c.js
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"1024cf3a0ee437c327108ef4275af38b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVq3LezONn4SowKzdcSITEIcrySY1SjXCqgLHnhBut13ZCY%2B3ZCd2T3T3aFABs6B9hFu%2B7%2BsFFq4ZHlL6wLOCi8JGlfMVB%2B9oFeLMoaEvaXeirkMGuAjYLL2yjTOm9%2F1xRzDeBpJcb5ruRus"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5746
server: cloudflare
cf-ray: 8755ec10a97a568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/compatTest.js | 172.67.216.165 | 200 OK | 2.2 kB |
URL GET HTTP/3web.tlgrm.app/compatTest.js IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (2307), with no line terminators Hashb792e6991f514bc5008dcd7f2e42963b 81c34ba1b4d273df45b0a5980c8d7c677e63ba31 7ba328c8eb841cc060c30835a2c4bc2cbd08a35c8377df7bae6722d12d1f3307
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /compatTest.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:43 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"7c48263eed82897ab4fcf6ded4f63318"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CMYgyMyKYix9c5VPybqLAkZ%2FaTzFBjHJEPLOTPy4BYDwcWXS%2FCSxHahBu2chaB88EY81ZjnJPpF7eSAypMWBn9owq6N9HmtjfTlf34goEIE%2B4%2BVsmHU12aq9vN4VOm3q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5741
server: cloudflare
cf-ray: 8755ec0dbb07568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/favicon.svg | 172.67.216.165 | 200 OK | 892 B |
URL GET HTTP/3web.tlgrm.app/favicon.svg IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeSVG Scalable Vector Graphics image Hashfbfd454715d8180275b32bd48770a483 0716abb57416f83cfad3e17ff830039c0607b313 788c238be3597ef42c549caff599bb84e584790f43f7d6013d6a1987264bdbe1
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /favicon.svg HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"b9c8a14eeb3e9a9392f5e93eca494a93"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gKTR5MyG1E3wMariDlIbbLti6Sjd7nNftMcF7P%2BT26%2BAWZX72Ty1PJnxK8KGqE90OdKxx%2FTLZLqsQYqwqa0oa48rntxKEt%2FU6wpmS2ehlWRHugMhwdjfXO%2BKxjTYBCuD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 4266
server: cloudflare
cf-ray: 8755ec0f8eb7568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| web.tlgrm.app/4680.576825f543555dd2467c.js | 172.67.216.165 | 200 OK | 10 kB |
URL GET HTTP/3web.tlgrm.app/4680.576825f543555dd2467c.js IP172.67.216.165:443
CertificateIssuerLet's Encrypt Subjectweb.tlgrm.app FingerprintFD:59:5D:BD:99:DD:25:9A:3E:94:71:1C:D7:CB:05:0A:FB:F8:41:22 ValidityTue, 16 Apr 2024 10:36:36 GMT - Mon, 15 Jul 2024 10:36:35 GMT
File typeJavaScript source, ASCII text, with very long lines (10226) Hash3b52bb297f0dab88c1d71f2834059343 f43b98d6a3cb7a7cc95ef23ec2ad470efb42c890 e64fe7500375590eb939625390955f9add6a8a0405db5976cb2b3bcbdb513b7b
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET /4680.576825f543555dd2467c.js HTTP/1.1
Host: web.tlgrm.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://web.tlgrm.app/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 16 Apr 2024 17:33:44 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"df0d291e2ecd442eb139be9d8cfd7700"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bdDe%2FlgGnJN7R39aF0wTmoM1U4U5vXxsM5CCiBeKBeF0vHOodSkM7TXU6gjhltI7l2fW0SprBPur1GIl7BYtIThmLeircUraY%2Fe59gafgeke1UV1tgPYmCCIX5pM5gI7Ioho3U4Ohlq74moF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 5237
server: cloudflare
cf-ray: 8755ec0fcf45568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|