Report - t1.invest.hdfcsecmail.com/r/?id=hc8a6a4b0,1a83d34,b856a

Report Overview

Visitedpublic

2024-07-26 17:27:35

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
t1.invest.hdfcsecmail.com	unknown	2018-05-29	2021-11-26 13:02:46	2024-02-02 16:58:05	509 B	618 B	15.206.156.100
t.me	6552	2010-05-20	2015-06-29 21:03:15	2024-07-26 18:41:48	481 B	4.7 kB	149.154.167.99
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-07-26 18:21:06	662 B	1.4 kB	142.250.74.131
telegram.org	5408	2003-12-15	2013-12-18 14:14:30	2024-07-25 20:48:24	4.0 kB	435 kB	149.154.167.99
cdn5.cdn-telegram.org	unknown	2023-11-04	2023-11-04 23:07:09	2024-07-24 19:07:32	771 B	15 kB	34.111.108.175
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-26 18:12:16	2.0 kB	5.3 kB	23.36.77.32
status.geotrust.com	3662	1999-04-04	2017-12-01 09:55:31	2024-07-26 18:23:36	331 B	735 B	192.229.221.95

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-26 16:23:00	low	Client IP	149.154.167.99	ET INFO Observed Telegram Domain (t .me in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	t.me/OfficialHDFCsecurities	ScriptElement	217 B	2024-08-19	2024-08-19
URL t.me/OfficialHDFCsecurities IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-19 Last Seen 2024-08-19 Times Seen 1 Size 217 B (217 bytes) MD5 ff257c0f8e4cd3b1c3d05de3b4344097 SHA1 d814f86f12b5b2d7f5425b8cc05b8360da4d569b SHA256 5d1c64d7aafffdae6121293c15d478acf636058ed5289356cfd8ee00b141ba42 Format Code Loading...

	telegram.org/js/tgwallpaper.min.js?3	ScriptElement	3.0 kB	2023-03-07	2025-08-01
URL telegram.org/js/tgwallpaper.min.js?3 IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-01 Times Seen 58733 Size 3.0 kB (2979 bytes) MD5 2b89d34702716a8ad2cc3977718f53a3 SHA1 04406ebd6a9e2ce79dbac5e5048cfe1384e4574a SHA256 2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6 Format Code Loading...

	t.me/OfficialHDFCsecurities	ScriptElement	193 B	2023-03-07	2025-08-01
URL t.me/OfficialHDFCsecurities IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-01 Times Seen 54588 Size 193 B (193 bytes) MD5 9c629a0c52a2afad699d260f673481fd SHA1 a4fd0ed3e5daa31480eb6de0faa5d442f015cbf6 SHA256 ea0d804370930ee958af535ce56cddf1dda419bdc676315ae8af0fbb4c733471 Format Code Loading...

	t.me/OfficialHDFCsecurities	ScriptElement	1.3 kB	2024-08-19	2024-08-19
URL t.me/OfficialHDFCsecurities IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Introduced by ScriptElement Embedded true Resource Info First Seen 2024-08-19 Last Seen 2024-08-19 Times Seen 1 Size 1.3 kB (1314 bytes) MD5 2ead5ec889a6c395447ffe43ce98caaf SHA1 7cf531256fa3f9f3999a454fe530d434d4e73515 SHA256 e15f3ed54710c2a5d9fe8dbeb21a2d28581f30840c625f5781a14c46d66a84c3 Format Code Loading...

HTTP Transactions (21)

	URL	IP	Response	Size
	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP / ASN 23.36.77.32 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-07-25 Last Seen2024-08-19 Times Seen24726 Size504 B (504 bytes) MD5577f20b1ad1240dc12215f4d93e53b8f SHA14fb6d79b9c4adb8f712073e9662ceae41a4f097c SHA256523bc00bcd3cc12a640ebce3df80c0aed9fc552c4be5bae1831c00b9027ce0c0 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "523BC00BCD3CC12A640EBCE3DF80C0AED9FC552C4BE5BAE1831C00B9027CE0C0" Last-Modified: Wed, 24 Jul 2024 18:56:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=8415 Expires: Fri, 26 Jul 2024 18:43:14 GMT Date: Fri, 26 Jul 2024 16:22:59 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP / ASN 23.36.77.32 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-07-25 Last Seen2024-08-19 Times Seen18914 Size504 B (504 bytes) MD521fba4953d0a666a4844d872097cb8f4 SHA180ac64ff700d5d02eb9901123ecd64f02c9e3ec2 SHA256f5c60f75b60eb8ef8e42e66fcad10e8df5759fe29bad30a23871fb7c1da61456 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "F5C60F75B60EB8EF8E42E66FCAD10E8DF5759FE29BAD30A23871FB7C1DA61456" Last-Modified: Wed, 24 Jul 2024 18:27:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=12805 Expires: Fri, 26 Jul 2024 19:56:24 GMT Date: Fri, 26 Jul 2024 16:22:59 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP / ASN 23.36.77.32 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-07-25 Last Seen2024-08-19 Times Seen21385 Size504 B (504 bytes) MD58f4e7b75de1ed909fa79bbcdafccceac SHA1274c1ea75520a0ea06e19a7e692c034baae2cdc1 SHA25662cc974e51b62480f576b53853f8f24bfc873687c02bc23c1713956d4b96c0b1 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "62CC974E51B62480F576B53853F8F24BFC873687C02BC23C1713956D4B96C0B1" Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=14418 Expires: Fri, 26 Jul 2024 20:23:18 GMT Date: Fri, 26 Jul 2024 16:23:00 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP / ASN 23.36.77.32 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-07-24 Last Seen2024-08-19 Times Seen20820 Size504 B (504 bytes) MD5b1e4e1a92df74669a74711c4eaef2acc SHA1a26f28116849cc857a0e31e3495f659e0cd36ac4 SHA25677f9d9afcb4a72b62085fa7ca04adb0007edaec1ab4bde5c4b82272a786a6cad HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "77F9D9AFCB4A72B62085FA7CA04ADB0007EDAEC1AB4BDE5C4B82272A786A6CAD" Last-Modified: Wed, 24 Jul 2024 18:57:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=18597 Expires: Fri, 26 Jul 2024 21:32:57 GMT Date: Fri, 26 Jul 2024 16:23:00 GMT Connection: keep-alive`

	status.geotrust.com/	192.229.221.95		471 B
URL status.geotrust.com/ IP / ASN 192.229.221.95 #15133 EDGECAST Requested byN/A Resource Info File typedata First Seen2024-08-19 Last Seen2024-08-19 Times Seen1 Size471 B (471 bytes) MD5899024f4143c4a3dcd603caa55d432d4 SHA1d6726d0bc7cbbbf0647d4ae30c10398b0be595ff SHA256fcd2f8d7215f622a54c90bda7f0adc97aa3f855c4703fdbf0d97cc90d127d92c HTTP Headers `POST / HTTP/1.1 Host: status.geotrust.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Accept-Ranges: bytes Age: 3180 Cache-Control: max-age=7200 Content-Type: application/ocsp-response Date: Fri, 26 Jul 2024 16:23:00 GMT Last-Modified: Fri, 26 Jul 2024 15:30:00 GMT Server: ECAcc (amb/6B53) X-Cache: HIT Content-Length: 471`

	GET t1.invest.hdfcsecmail.com/r/?id=hc8a6a4b0,1a83d34,b856a	15.206.156.100	302 Found	17 B
URL t1.invest.hdfcsecmail.com/r/?id=hc8a6a4b0,1a83d34,b856a IP / ASN 15.206.156.100 #16509 AMAZON-02 Requested byN/A Resource Info File typeASCII text, with no line terminators First Seen2023-04-11 Last Seen2025-02-27 Times Seen16650 Size17 B (17 bytes) MD5edf537e37d4549950774190c58f93b76 SHA14e2078632eccec8993f151be9338bbcb88ce6f58 SHA256afff9c63cfeacd26e5d4000edf576f1386d6729dca783eb45004f484a73a3514 Certificate Info IssuerDigiCert Inc Subjectm1.invest.hdfcsecmail.com Fingerprint2F:32:DB:99:83:87:90:B4:9B:DA:CD:5D:1B:EA:EE:7F:8E:DF:C1:FE ValidityTue, 05 Dec 2023 00:00:00 GMT - Fri, 06 Dec 2024 23:59:59 GMT HTTP Headers `GET /r/?id=hc8a6a4b0,1a83d34,b856a HTTP/1.1 Host: t1.invest.hdfcsecmail.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 302 Found date: Fri, 26 Jul 2024 16:23:00 GMT content-type: text/plain; charset=utf-8 content-length: 17 location: https://t.me/OfficialHDFCsecurities server: Apache x-robots-tag: noindex p3p: CP="CAO DSP COR CURa DEVa TAIa OUR BUS IND UNI COM NAV" set-cookie: AMCV_345F42B65B880CF00A495C3F%40AdobeOrg=MCMID%7C02735364165903319031863324763405942783; Domain=hdfcsecmail.com; Path=/; Expires=Wed, 20-Aug-2025 16:23:00 GMT nlid=c8a6a4b0\|1a83d34; Domain=hdfcsecmail.com; Path=/ nllastdelid=1a83d34; Domain=hdfcsecmail.com; Path=/; Expires=Wed, 20-Aug-2025 16:23:00 GMT X-Firefox-Spdy: h2

	GET t.me/OfficialHDFCsecurities	149.154.167.99	200 OK	4.2 kB
URL t.me/OfficialHDFCsecurities IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Requested byN/A Resource Info File typeHTML document, ASCII text, with very long lines (3560) First Seen2024-08-19 Last Seen2024-08-19 Times Seen1 Size4.2 kB (4205 bytes) MD5d1c04eae5438b6de8c3d330aab05e0e0 SHA1b4cd5b3e6157e7c8632941e126c03c5c22f36ce9 SHA256cc7c76633b5c59713bb80ec7c6abc2aa713d5699212320552af2c1eeea3fe90b Certificate Info IssuerGoDaddy.com, Inc. Subject.t.me FingerprintD7:CC:2A:92:7B:DC:AE:6A:D7:92:51:20:49:AD:3B:AC:F9:27:F8:16 ValidityFri, 06 Oct 2023 19:50:31 GMT - Wed, 06 Nov 2024 19:50:31 GMT HTTP Headers `GET /OfficialHDFCsecurities HTTP/1.1 Host: t.me User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: nginx/1.18.0 date: Fri, 26 Jul 2024 16:23:00 GMT content-type: text/html; charset=utf-8 content-length: 4205 set-cookie: stel_ssid=d8930c39ac78de20da_11668965091055469946; expires=Sat, 27 Jul 2024 16:23:00 GMT; path=/; samesite=None; secure; HttpOnly pragma: no-cache cache-control: no-store x-frame-options: ALLOW-FROM https://web.telegram.org content-security-policy: frame-ancestors https://web.telegram.org content-encoding: gzip strict-transport-security: max-age=35768000 X-Firefox-Spdy: h2

	o.pki.goog/s/wr3/rFU	142.250.74.131		472 B
URL o.pki.goog/s/wr3/rFU IP / ASN 142.250.74.131 #15169 GOOGLE Requested byN/A Resource Info File typedata First Seen2024-07-26 Last Seen2024-08-19 Times Seen3 Size472 B (472 bytes) MD5ef352d7b102e5b0e764c4b2fb022057f SHA155a9892eb0f3bf57a2dd460e48f63cf2b1175ab2 SHA256d4605dcd67ead18329a18025924eb53e0713f86835d584b6439de60669d89a35 HTTP Headers `POST /s/wr3/rFU HTTP/1.1 Host: o.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 26 Jul 2024 16:23:01 GMT Cache-Control: public, max-age=14400 Server: scaffolding on HTTPServer2 Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	GET telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2	149.154.167.99	200 OK	11 kB
URL telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Requested byhttps://t.me/OfficialHDFCsecurities Resource Info File typeWeb Open Font Format (Version 2), TrueType, length 11028, version 1.0 First Seen2023-04-05 Last Seen2025-08-02 Times Seen63313 Size11 kB (11028 bytes) MD51f6d3cf6d38f25d83d95f5a800b8cac3 SHA1279f300ca2cbbdf9f5036ef2f438607fbf377daa SHA256796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f Certificate Info IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30 ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT HTTP Headers `GET /fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://t.me DNT: 1 Connection: keep-alive Referer: https://telegram.org/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 date: Fri, 26 Jul 2024 16:23:01 GMT content-type: application/octet-stream content-length: 11028 last-modified: Thu, 20 Oct 2022 11:05:33 GMT etag: "63512b7d-2b14" expires: Tue, 30 Jul 2024 16:23:01 GMT cache-control: max-age=345600 access-control-allow-origin: accept-ranges: bytes X-Firefox-Spdy: h2`

	GET telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2	149.154.167.99	200 OK	11 kB
URL telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Requested byhttps://t.me/OfficialHDFCsecurities Resource Info File typeWeb Open Font Format (Version 2), TrueType, length 11040, version 1.0 First Seen2023-04-05 Last Seen2025-08-02 Times Seen58395 Size11 kB (11040 bytes) MD55e22a46c04d947a36ea0cad07afcc9e1 SHA16091d981c2a4ee975c7f6b56186ee698040bb804 SHA2560f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44 Certificate Info IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30 ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT HTTP Headers GET /fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://t.me DNT: 1 Connection: keep-alive Referer: https://telegram.org/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx/1.18.0 date: Fri, 26 Jul 2024 16:23:01 GMT content-type: application/octet-stream content-length: 11040 last-modified: Thu, 20 Oct 2022 11:05:33 GMT etag: "63512b7d-2b20" expires: Tue, 30 Jul 2024 16:23:01 GMT cache-control: max-age=345600 access-control-allow-origin: accept-ranges: bytes X-Firefox-Spdy: h2`

	GET telegram.org/img/apple-touch-icon.png	149.154.167.99	200 OK	5.6 kB
URL telegram.org/img/apple-touch-icon.png IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Requested byhttps://t.me/OfficialHDFCsecurities Resource Info File typePNG image data, 180 x 180, 8-bit/color RGB, non-interlaced First Seen2023-05-02 Last Seen2025-08-01 Times Seen60330 Size5.6 kB (5644 bytes) MD5295ccdb03006b8dfef45090dafbd46ac SHA1491ab660270e47cbac6a5731c51cca71c1c1b2b1 SHA256a51d667d4262047c23e3a2a8aac3b46dc8a58c686cc013f2354011c07bf22cf3 Certificate Info IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30 ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT HTTP Headers `GET /img/apple-touch-icon.png HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 date: Fri, 26 Jul 2024 16:23:01 GMT content-type: image/png content-length: 5644 last-modified: Thu, 21 Apr 2022 13:47:47 GMT etag: "62616083-160c" expires: Tue, 30 Jul 2024 16:23:01 GMT cache-control: max-age=345600 access-control-allow-origin: * accept-ranges: bytes X-Firefox-Spdy: h2`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP / ASN 23.36.77.32 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-07-25 Last Seen2024-08-19 Times Seen12057 Size504 B (504 bytes) MD5edb57be0536524541d7ac5d4ee6b5585 SHA1a34a54318477c70e34c9f5e27cba428b4530b05b SHA256895b01022c914d4f0facb78182c6ed0ee5c7b3c6b10516327dc5f08a54dc0204 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "895B01022C914D4F0FACB78182C6ED0EE5C7B3C6B10516327DC5F08A54DC0204" Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3822 Expires: Fri, 26 Jul 2024 17:26:43 GMT Date: Fri, 26 Jul 2024 16:23:01 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.36.77.32		504 B
URL r10.o.lencr.org/ IP / ASN 23.36.77.32 #20940 Akamai International B.V. Requested byN/A Resource Info File typedata First Seen2024-07-25 Last Seen2024-08-19 Times Seen12057 Size504 B (504 bytes) MD5edb57be0536524541d7ac5d4ee6b5585 SHA1a34a54318477c70e34c9f5e27cba428b4530b05b SHA256895b01022c914d4f0facb78182c6ed0ee5c7b3c6b10516327dc5f08a54dc0204 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "895B01022C914D4F0FACB78182C6ED0EE5C7B3C6B10516327DC5F08A54DC0204" Last-Modified: Wed, 24 Jul 2024 18:58:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=3822 Expires: Fri, 26 Jul 2024 17:26:43 GMT Date: Fri, 26 Jul 2024 16:23:01 GMT Connection: keep-alive`

	GET cdn5.cdn-telegram.org/file/ICwzTSw7yRFuJSaHNceQ6jkT_8EspiGx9ciMTsMaSJHwkbbpmpoGhKCJuQItU-wjbfW6UdZs62XzvT4VZDAZxwsFQJALpaOEYPFbZlwz_qpzrlEMpMdkcW5LWTJGvjbtwRH9i5ers2rnBa6kkEKFWloFS1Vh1-cWUSPxYuK5EXGobHFHeMLtXgZCjryd0cRuZMnqO4NNaGpJwOXWcCJ8YNPA1n_8UdZLFp31wSp_uUjgboe1vioHgAlo_cQNwVBjOo7eZu7yO_HQG9fmzjIE7l-HU61UTQ0o0zvpjYWsvRCMDB0dBVmkWcNENHeq8IL1SNEXjdSk1iK3l_6QP3bJ1A.jpg	34.111.108.175	200 OK	14 kB
URL cdn5.cdn-telegram.org/file/ICwzTSw7yRFuJSaHNceQ6jkT_8EspiGx9ciMTsMaSJHwkbbpmpoGhKCJuQItU-wjbfW6UdZs62XzvT4VZDAZxwsFQJALpaOEYPFbZlwz_qpzrlEMpMdkcW5LWTJGvjbtwRH9i5ers2rnBa6kkEKFWloFS1Vh1-cWUSPxYuK5EXGobHFHeMLtXgZCjryd0cRuZMnqO4NNaGpJwOXWcCJ8YNPA1n_8UdZLFp31wSp_uUjgboe1vioHgAlo_cQNwVBjOo7eZu7yO_HQG9fmzjIE7l-HU61UTQ0o0zvpjYWsvRCMDB0dBVmkWcNENHeq8IL1SNEXjdSk1iK3l_6QP3bJ1A.jpg IP / ASN 34.111.108.175 #396982 GOOGLE-CLOUD-PLATFORM Requested byhttps://t.me/OfficialHDFCsecurities Resource Info File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x320, components 3 First Seen2024-08-19 Last Seen2024-08-19 Times Seen1 Size14 kB (14463 bytes) MD5a182cd553669c6ee1356da0729be1f0b SHA1c322df4adaf99a3ce764efe053f87e17f70e7688 SHA2560bae5706b5f512b26e0701b4ada45c23c25389884280bfa560409ba5017da707 Certificate Info IssuerGoogle Trust Services Subjectcdn1.cdn-telegram.org Fingerprint01:0B:7F:C4:A2:29:45:F7:11:FB:2A:0E:23:FE:85:C2:85:86:97:83 ValidityTue, 25 Jun 2024 18:21:42 GMT - Mon, 23 Sep 2024 19:11:33 GMT HTTP Headers GET /file/ICwzTSw7yRFuJSaHNceQ6jkT_8EspiGx9ciMTsMaSJHwkbbpmpoGhKCJuQItU-wjbfW6UdZs62XzvT4VZDAZxwsFQJALpaOEYPFbZlwz_qpzrlEMpMdkcW5LWTJGvjbtwRH9i5ers2rnBa6kkEKFWloFS1Vh1-cWUSPxYuK5EXGobHFHeMLtXgZCjryd0cRuZMnqO4NNaGpJwOXWcCJ8YNPA1n_8UdZLFp31wSp_uUjgboe1vioHgAlo_cQNwVBjOo7eZu7yO_HQG9fmzjIE7l-HU61UTQ0o0zvpjYWsvRCMDB0dBVmkWcNENHeq8IL1SNEXjdSk1iK3l_6QP3bJ1A.jpg HTTP/1.1 Host: cdn5.cdn-telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK server: nginx/1.18.0 date: Fri, 26 Jul 2024 16:23:03 GMT content-type: image/jpeg content-length: 14463 access-control-allow-origin: * x-content-type-options: nosniff content-security-policy: default-src 'none'; sandbox x-frame-options: DENY x-xss-protection: 1; mode=block access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length accept-ranges: bytes, bytes etag: "efb1b6659a6ce25031dca11b12b4b5dee6a3854f" strict-transport-security: max-age=31536000; includeSubDomains; preload via: 1.1 google cache-control: max-age=3600,public alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	o.pki.goog/s/wr3/rFU	142.250.74.131		472 B
URL o.pki.goog/s/wr3/rFU IP / ASN 142.250.74.131 #15169 GOOGLE Requested byN/A Resource Info File typedata First Seen2024-07-26 Last Seen2024-08-19 Times Seen3 Size472 B (472 bytes) MD5ef352d7b102e5b0e764c4b2fb022057f SHA155a9892eb0f3bf57a2dd460e48f63cf2b1175ab2 SHA256d4605dcd67ead18329a18025924eb53e0713f86835d584b6439de60669d89a35 HTTP Headers `POST /s/wr3/rFU HTTP/1.1 Host: o.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Fri, 26 Jul 2024 16:23:03 GMT Cache-Control: public, max-age=14400 Server: scaffolding on HTTPServer2 Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	GET telegram.org/img/website_icon.svg?4	149.154.167.99	200 OK	5.6 kB
URL telegram.org/img/website_icon.svg?4 IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Requested byhttps://t.me/OfficialHDFCsecurities Resource Info File typegzip compressed data, max speed, from Unix First Seen2024-08-19 Last Seen2024-08-19 Times Seen1 Size5.6 kB (5587 bytes) MD5ec3127d5590a4fac1d2a42c2304794cc SHA1ca3401d56b71b81d2cbe9ed93b284da4a6f4084c SHA256e9a23afd6cb2383b7ebdf69b754711c57477bddd59e82562224ca8a5ccc501d5 Certificate Info IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30 ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT HTTP Headers `GET /img/website_icon.svg?4 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 date: Fri, 26 Jul 2024 16:23:01 GMT content-type: image/svg+xml last-modified: Mon, 20 Jul 2020 20:41:37 GMT etag: W/"5f160181-768" expires: Tue, 30 Jul 2024 16:23:01 GMT cache-control: max-age=345600 access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2`

	GET telegram.org/js/tgwallpaper.min.js?3	149.154.167.99	200 OK	3.0 kB
URL telegram.org/js/tgwallpaper.min.js?3 IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Requested byhttps://t.me/OfficialHDFCsecurities Resource Info File typeASCII text, with very long lines (2998), with no line terminators First Seen2023-04-05 Last Seen2025-04-06 Times Seen46726 Size3.0 kB (2979 bytes) MD5f03422dc797fd26a3834b1ec041128ed SHA1a6e88f4fe48b749c2b7360e8e004f64b6cfffb1a SHA256046ec6b7909d0ca5cc6ef271a1b57b2f2be0bd88e3495fd8c496f1524e8ffaac Certificate Info IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30 ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT HTTP Headers `GET /js/tgwallpaper.min.js?3 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 date: Fri, 26 Jul 2024 16:23:01 GMT content-type: application/javascript last-modified: Thu, 03 Mar 2022 19:57:25 GMT etag: W/"62211da5-ba3" expires: Tue, 30 Jul 2024 16:23:01 GMT cache-control: max-age=345600 strict-transport-security: max-age=31536000; includeSubDomains; preload content-encoding: gzip X-Firefox-Spdy: h2`

	GET telegram.org/img/tgme/pattern.svg?1	149.154.167.99	200 OK	232 kB
URL telegram.org/img/tgme/pattern.svg?1 IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Requested byhttps://t.me/OfficialHDFCsecurities Resource Info File typeSVG Scalable Vector Graphics image First Seen0001-01-01 Last Seen2025-08-01 Times Seen56167 Size232 kB (231706 bytes) MD5d0c22c6a97023d85ba6e644a41c44a5d SHA14284efb616c182da4450c123174ce0e81a322845 SHA256118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4 Certificate Info IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30 ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT HTTP Headers `GET /img/tgme/pattern.svg?1 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://telegram.org/css/telegram.css?239 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 date: Fri, 26 Jul 2024 16:23:01 GMT content-type: image/svg+xml last-modified: Thu, 05 Jan 2023 17:52:04 GMT etag: W/"63b70e44-3891a" expires: Tue, 30 Jul 2024 16:23:01 GMT cache-control: max-age=345600 access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2`

	GET telegram.org/css/bootstrap.min.css?3	149.154.167.99	200 OK	42 kB
URL telegram.org/css/bootstrap.min.css?3 IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Requested byhttps://t.me/OfficialHDFCsecurities Resource Info File typeASCII text, with very long lines (42164) First Seen2023-04-07 Last Seen2025-08-01 Times Seen59691 Size42 kB (42523 bytes) MD5c2656e265ef58a9cc9f4b70b15da5fb9 SHA185c5ebdb89d4574d72688c2650d4b84b9b09770a SHA256f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3 Certificate Info IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30 ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT HTTP Headers `GET /css/bootstrap.min.css?3 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/*;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 date: Fri, 26 Jul 2024 16:23:01 GMT content-type: text/css last-modified: Fri, 10 Nov 2017 17:54:14 GMT etag: W/"5a05e7c6-a61b" expires: Tue, 30 Jul 2024 16:23:01 GMT cache-control: max-age=345600 strict-transport-security: max-age=31536000; includeSubDomains; preload content-encoding: gzip X-Firefox-Spdy: h2`

	GET telegram.org/css/telegram.css?239	149.154.167.99	200 OK	115 kB
URL telegram.org/css/telegram.css?239 IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Requested byhttps://t.me/OfficialHDFCsecurities Resource Info File typeASCII text, with very long lines (1267) First Seen2024-06-30 Last Seen2024-09-28 Times Seen690 Size115 kB (115091 bytes) MD537d92f34412b9e125e21645099cf2475 SHA19d12151c2156c7748a53bba79bada0c53de83231 SHA2569272af226b4b815360656f6d704b77136742d3957e27d79fb1168ed0ce0226e3 Certificate Info IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30 ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT HTTP Headers `GET /css/telegram.css?239 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/*;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 date: Fri, 26 Jul 2024 16:23:01 GMT content-type: text/css last-modified: Sun, 30 Jun 2024 10:56:56 GMT etag: W/"668139f8-1c193" expires: Tue, 30 Jul 2024 16:23:01 GMT cache-control: max-age=345600 strict-transport-security: max-age=31536000; includeSubDomains; preload content-encoding: gzip X-Firefox-Spdy: h2`

	GET telegram.org/css/font-roboto.css?1	149.154.167.99	200 OK	6.2 kB
URL telegram.org/css/font-roboto.css?1 IP / ASN 149.154.167.99 #62041 Telegram Messenger Inc Requested byhttps://t.me/OfficialHDFCsecurities Resource Info File typeASCII text, with very long lines (6354), with no line terminators First Seen0001-01-01 Last Seen2025-04-06 Times Seen44551 Size6.2 kB (6166 bytes) MD5c06318a1f377e388b69b104b4cefa1a6 SHA1151f067aae997487880e573876f96b8d598e64db SHA2561a53363e667fffef8a82588191989d36e680b4d341c6b557e62bf207311a3d70 Certificate Info IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30 ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT HTTP Headers `GET /css/font-roboto.css?1 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/*;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 date: Fri, 26 Jul 2024 16:23:01 GMT content-type: text/css last-modified: Thu, 20 Oct 2022 11:05:33 GMT etag: W/"63512b7d-1816" expires: Tue, 30 Jul 2024 16:23:01 GMT cache-control: max-age=345600 strict-transport-security: max-age=31536000; includeSubDomains; preload content-encoding: gzip X-Firefox-Spdy: h2`

Detections

Host Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

HTTP Transactions (21)

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers