Report - telegram18.mypict1.com/

Report Overview

Visited public
2023-08-17 10:23:51
Tags
URL
telegram18.mypict1.com/
Finishing URL
telegram18.mypict1.com/
IP / ASN
172.67.185.69
#13335 CLOUDFLARENET
Title
HOT VIDEO 18+

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
i.ibb.co	13485	2010-07-20	2018-11-25 11:13:48	2023-08-16 17:54:05	444 B	118 kB	162.19.58.159
ocsp.godaddy.com	698	1999-03-02	2012-05-20 21:28:57	2023-08-16 18:21:30	330 B	2.6 kB	192.124.249.23
telegram18.mypict1.com	unknown	2023-05-07	2023-07-17 13:21:57	2023-08-17 11:37:56	5.8 kB	187 kB	104.21.19.57
telegram.org	5408	2003-12-15	2013-12-18 14:14:30	2023-08-16 19:13:23	441 B	2.2 kB	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-08-16	medium	telegram18.mypict1.com/	Telegram
2023-08-16	medium	telegram18.mypict1.com/	Telegram
2023-08-16	medium	telegram18.mypict1.com/	Telegram
2023-08-16	medium	telegram18.mypict1.com/	Telegram
2023-08-16	medium	telegram18.mypict1.com/	Telegram
2023-08-16	medium	telegram18.mypict1.com/	Telegram
2023-08-16	medium	telegram18.mypict1.com/	Telegram
2023-08-16	medium	telegram18.mypict1.com/	Telegram
2023-08-16	medium	telegram18.mypict1.com/	Telegram
2023-08-16	medium	telegram18.mypict1.com/	Telegram
2023-08-16	medium	telegram18.mypict1.com/	Telegram
2023-08-16	medium	telegram18.mypict1.com/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	telegram18.mypict1.com/	ScriptElement	193 B	2023-03-07	2025-06-07
Pretty URL telegram18.mypict1.com/ IP 104.21.19.57 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:31 Last Seen2025-06-07 18:27 Times Seen47654 Hash 9c629a0c52a2afad699d260f673481fd a4fd0ed3e5daa31480eb6de0faa5d442f015cbf6 ea0d804370930ee958af535ce56cddf1dda419bdc676315ae8af0fbb4c733471 Loading...

	telegram18.mypict1.com/haykaljb/js/tgwallpaper.mineccb.js	ScriptElement	3.0 kB	2023-03-07	2025-06-07
Pretty URL telegram18.mypict1.com/haykaljb/js/tgwallpaper.mineccb.js IP 104.21.19.57 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-06-07 18:27 Times Seen50643 Hash 2b89d34702716a8ad2cc3977718f53a3 04406ebd6a9e2ce79dbac5e5048cfe1384e4574a 2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6 Loading...

	telegram18.mypict1.com/	ScriptElement	0 B	0001-01-01	2025-06-08
Pretty URL telegram18.mypict1.com/ IP 104.21.19.57 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-08 03:59 Times Seen4881194 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (15)

URL IP Response Size

i.ibb.co/bH1j1n9/IMG-20230717-WA0027.jpg

162.19.58.159

200 OK

118 kB

URL GET HTTP/2
i.ibb.co/bH1j1n9/IMG-20230717-WA0027.jpg
IP
162.19.58.159:443
ASN
#16276 OVH SAS

Requested by
https://telegram18.mypict1.com/
Certificate
IssuerLet's Encrypt
Subjectibb.co
Fingerprint50:CB:B5:6F:02:F0:9F:45:8F:09:E7:EA:BE:BB:CB:DD:A8:F6:D1:99
ValidityThu, 10 Aug 2023 13:47:06 GMT - Wed, 08 Nov 2023 13:47:05 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1280, components 3\012- data
Size
118 kB (117591 bytes)
Hash
9e15bc6901cb3173bb18172f4af76f74
a217a4f19524aabc9acaf3002d3454600df1d83b
09f2786295a28e9e21854e36ef1465955cf735d207fa673e545deb15c314092a

HTTP Headers

GET /bH1j1n9/IMG-20230717-WA0027.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram18.mypict1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 17 Aug 2023 10:23:36 GMT
content-type: image/jpeg
content-length: 117591
last-modified: Mon, 17 Jul 2023 09:57:06 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.23

2.1 kB

URL
ocsp.godaddy.com/
IP
192.124.249.23:0
ASN
#30148 SUCURI-SEC

File type
data
Size
2.1 kB (2107 bytes)
Hash
6aeac7a52f6dfb33c37139dbf388f3cc
8d56483d7f7a1061ac369b6e749b7e939fec5e60
315be2147541cae04eded2c6cef9e4899e9a42f57ed029d5b5dbfd99957a188e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 17 Aug 2023 10:23:37 GMT
Content-Type: application/ocsp-response
Content-Length: 2107
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 16 Aug 2023 22:51:54 GMT
Expires: Thu, 17 Aug 2023 22:51:54 GMT
ETag: "8d56483d7f7a1061ac369b6e749b7e939fec5e60"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

telegram18.mypict1.com/haykaljb/css/telegram0116.css

104.21.19.57

200 OK

116 kB

URL GET HTTP/3
telegram18.mypict1.com/haykaljb/css/telegram0116.css
IP
104.21.19.57:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegram18.mypict1.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmypict1.com
Fingerprint98:10:5E:3E:F1:E7:5D:25:58:A1:06:32:8A:88:CD:60:E9:73:FE:8A
ValidityWed, 05 Jul 2023 11:57:49 GMT - Tue, 03 Oct 2023 11:57:48 GMT

File type
ASCII text, with very long lines (1267)
Size
116 kB (115583 bytes)
Hash
b3fd0030266137eaa8da43673ac0ee92
a4b03dd5d1166e6d234955b89b7c0fdedb864118
b9efbe5d820d9076dd1611d0f1cad78fa323bd28ee95a48e6e6f8c366f04afb6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /haykaljb/css/telegram0116.css HTTP/1.1
Host: telegram18.mypict1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram18.mypict1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 17 Aug 2023 10:23:37 GMT
content-type: text/css
last-modified: Fri, 07 Jul 2023 16:03:18 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZceneQsHBWygtE3rIc3sx6vug7LQeduYc3NLOm9y5neftmLODrKehGijfUZa0OpTEa1t7T8bM2iDdpvxnVpnadPXhd%2BXIQRfat2resjCFab6qYe3sqO4BK3SYGFV3NP8zYFCAZ3OnBhZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f8133dad8cb0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegram18.mypict1.com/external.html?link=http://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

104.21.19.57

404 Not Found

315 B

URL GET HTTP/3
telegram18.mypict1.com/external.html?link=http://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
IP
104.21.19.57:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegram18.mypict1.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmypict1.com
Fingerprint98:10:5E:3E:F1:E7:5D:25:58:A1:06:32:8A:88:CD:60:E9:73:FE:8A
ValidityWed, 05 Jul 2023 11:57:49 GMT - Tue, 03 Oct 2023 11:57:48 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /external.html?link=http://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegram18.mypict1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegram18.mypict1.com/haykaljb/css/font-robotoc4ca.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 17 Aug 2023 10:23:39 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2D10h3TojDh9GFBs79XQeoF8NtVr46N3TY4hcSslK1WjwemvEIYelhCKNWHx1M%2BQNpeny5S0nvQy3bxl2ftt52ZrC9dPjmk3aGKOj7h3iakg1372SyC31LU39X9K0Vyqh7Wcw2lPoI7v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f8133e45a590afe-OSL
alt-svc: h3=":443"; ma=86400

telegram18.mypict1.com/haykaljb/css/font-robotoc4ca.css

104.21.19.57

200 OK

7.0 kB

URL GET HTTP/3
telegram18.mypict1.com/haykaljb/css/font-robotoc4ca.css
IP
104.21.19.57:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegram18.mypict1.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmypict1.com
Fingerprint98:10:5E:3E:F1:E7:5D:25:58:A1:06:32:8A:88:CD:60:E9:73:FE:8A
ValidityWed, 05 Jul 2023 11:57:49 GMT - Tue, 03 Oct 2023 11:57:48 GMT

File type
ASCII text, with very long lines (7236), with no line terminators
Size
7.0 kB (7048 bytes)
Hash
cef6c02bdb4e9d76e2c12a06555de854
91b0cbd7539650d53d908785a074584c8e18a576
d408c8b4c89457754f4632707c1ec58b5c2f4c9970429b80f6efad5b7f6f7ea8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /haykaljb/css/font-robotoc4ca.css HTTP/1.1
Host: telegram18.mypict1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram18.mypict1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 17 Aug 2023 10:23:36 GMT
content-type: text/css
last-modified: Fri, 07 Jul 2023 16:03:10 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=avY7SK0wfV1DPDZcKBHnEePCAbTgsl3Ac4V9YfVEgDmTCic%2BqkLceEcR9duLJgHuVDhKOCYz0MY9sfZV7cWS7%2FbCRXPpmYgdT0dxcYgvt3g1sz28OPo6ZNGUUztBnoM2amkHMQ7WSyr6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f8133dad8bd0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegram18.mypict1.com/external.html?link=http://telegram.org/img/tgme/pattern.svg?1

104.21.19.57

404 Not Found

315 B

URL GET HTTP/3
telegram18.mypict1.com/external.html?link=http://telegram.org/img/tgme/pattern.svg?1
IP
104.21.19.57:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegram18.mypict1.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmypict1.com
Fingerprint98:10:5E:3E:F1:E7:5D:25:58:A1:06:32:8A:88:CD:60:E9:73:FE:8A
ValidityWed, 05 Jul 2023 11:57:49 GMT - Tue, 03 Oct 2023 11:57:48 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /external.html?link=http://telegram.org/img/tgme/pattern.svg?1 HTTP/1.1
Host: telegram18.mypict1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram18.mypict1.com/haykaljb/css/telegram0116.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 17 Aug 2023 10:23:38 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6W39tjAxnJfkZFQe%2B6ItQBMetQWiYjxFeJmrvsA1Df4pu3%2Fl2FxlMN47aY%2BFYPIT43Sv8QnYPX2cHbV0nDfepqPQ6A5Ci0TTO3K4mETdTyEDB5Xtz6CgHZ56Q68poOpn51VtyParNT8M"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f8133e43a370afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegram18.mypict1.com/

104.21.19.57

200 OK

9.2 kB

URL User Request GET HTTP/2
telegram18.mypict1.com/
IP
104.21.19.57:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectmypict1.com
Fingerprint98:10:5E:3E:F1:E7:5D:25:58:A1:06:32:8A:88:CD:60:E9:73:FE:8A
ValidityWed, 05 Jul 2023 11:57:49 GMT - Tue, 03 Oct 2023 11:57:48 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9571), with no line terminators
Size
9.2 kB (9179 bytes)
Hash
ef2fd316b46f53db24d550cb2f8b521f
ecf12934f2a416434f0c7d3601ee7e830ccb4517
16aa680b4f7ae826a512d6127ba97c276439a879846e3bdcc18eb7ad23717dff

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET / HTTP/1.1
Host: telegram18.mypict1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 17 Aug 2023 10:23:35 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5%2BfdSoeqC5vBCYsvzCaNiIAdnwSBucwr4xZDRqSF9NtN2LYxv%2BuAtg%2BAUFljd3MkWZVIumfKICVzghMV3ls1MKe0F9iKAqIKadI7dT1kbWTiAAbf2mFMLrQrWS5yba6q0lGfdzrnDNk8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7f8133d1edbab517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

telegram18.mypict1.com/ast/css/main.html

104.21.19.57

404 Not Found

315 B

URL GET HTTP/3
telegram18.mypict1.com/ast/css/main.html
IP
104.21.19.57:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegram18.mypict1.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmypict1.com
Fingerprint98:10:5E:3E:F1:E7:5D:25:58:A1:06:32:8A:88:CD:60:E9:73:FE:8A
ValidityWed, 05 Jul 2023 11:57:49 GMT - Tue, 03 Oct 2023 11:57:48 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /ast/css/main.html HTTP/1.1
Host: telegram18.mypict1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram18.mypict1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 17 Aug 2023 10:23:37 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2BIOTvJIzRvXQWkLQkjLwx5S5ET8QwHbU1PPwh8cy5dEbYrMDgKOdKncEhtLWk0E5TpFzAzAI700prwtYmQNFU99Feoz%2BJL4mPMEn8J78ilN6Lwc3BudA1d8j33jyuwuK4PXQjj3DbW3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7f8133dad8ba0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegram18.mypict1.com/haykaljb/css/bootstrap.mineccb.css

104.21.19.57

200 OK

42 kB

URL GET HTTP/3
telegram18.mypict1.com/haykaljb/css/bootstrap.mineccb.css
IP
104.21.19.57:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegram18.mypict1.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmypict1.com
Fingerprint98:10:5E:3E:F1:E7:5D:25:58:A1:06:32:8A:88:CD:60:E9:73:FE:8A
ValidityWed, 05 Jul 2023 11:57:49 GMT - Tue, 03 Oct 2023 11:57:48 GMT

File type
ASCII text, with very long lines (42164)
Size
42 kB (42523 bytes)
Hash
c2656e265ef58a9cc9f4b70b15da5fb9
85c5ebdb89d4574d72688c2650d4b84b9b09770a
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /haykaljb/css/bootstrap.mineccb.css HTTP/1.1
Host: telegram18.mypict1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram18.mypict1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 17 Aug 2023 10:23:36 GMT
content-type: text/css
last-modified: Fri, 07 Jul 2023 16:03:08 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SA3NUinZsm0edV4ZZwJEtQkT%2FgliT%2FtiHn%2BPomKxfcNveCG9oyRPcDJnQQeUUsrcad447M3UEgufyU4l6tqY4XhIrQhgxScNZWqGrAX2QTkzeGEIPlHaDCK1Yj17SlLNiU7i6EUeVCN9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f8133dad8ca0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegram.org/img/website_icon.svg?4

149.154.167.99

200 OK

1.9 kB

URL GET HTTP/2
telegram.org/img/website_icon.svg?4
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://telegram18.mypict1.com/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
Fingerprint6B:78:D0:29:DF:A1:B1:16:30:8C:F2:FB:C5:BA:E6:EB:C6:21:C2:A5
ValidityWed, 10 Aug 2022 15:56:28 GMT - Mon, 11 Sep 2023 15:56:28 GMT

File type
SVG Scalable Vector Graphics image\012- XML document, ASCII text, with very long lines (1968), with no line terminators
Size
1.9 kB (1896 bytes)
Hash
5caca7ae1cffb3da0b06150a15020005
04cfb934f238d33209406393a3fbf78454815739
1ea747a06fbc240c2594a8c523cb248bbda4784f0fcad9d0f06334f1a378604f

HTTP Headers

GET /img/website_icon.svg?4 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram18.mypict1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Thu, 17 Aug 2023 10:23:38 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jul 2020 20:41:37 GMT
etag: W/"5f160181-768"
expires: Mon, 21 Aug 2023 10:23:38 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

telegram18.mypict1.com/code.jquery.com/jquery-3.5.1.min.js

104.21.19.57

404 Not Found

315 B

URL GET HTTP/3
telegram18.mypict1.com/code.jquery.com/jquery-3.5.1.min.js
IP
104.21.19.57:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegram18.mypict1.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmypict1.com
Fingerprint98:10:5E:3E:F1:E7:5D:25:58:A1:06:32:8A:88:CD:60:E9:73:FE:8A
ValidityWed, 05 Jul 2023 11:57:49 GMT - Tue, 03 Oct 2023 11:57:48 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /code.jquery.com/jquery-3.5.1.min.js HTTP/1.1
Host: telegram18.mypict1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram18.mypict1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 17 Aug 2023 10:23:37 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ch%2BTAArVMsoXLDdx1WAZUwTh5kkHVvZxmeWVg3DA%2FLtRY6nELjzJnzUljSy0QxKPdidtcb2FjcyM6uO9XxnWwFsry9OGpZ352HbOLDhpoahJt7ng1qYFdYOrhIgmZSQMlSualmwO88Ua"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f8133dad8bb0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegram18.mypict1.com/haykaljb/js/tgwallpaper.mineccb.js

104.21.19.57

200 OK

3.0 kB

URL GET HTTP/3
telegram18.mypict1.com/haykaljb/js/tgwallpaper.mineccb.js
IP
104.21.19.57:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegram18.mypict1.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmypict1.com
Fingerprint98:10:5E:3E:F1:E7:5D:25:58:A1:06:32:8A:88:CD:60:E9:73:FE:8A
ValidityWed, 05 Jul 2023 11:57:49 GMT - Tue, 03 Oct 2023 11:57:48 GMT

File type
ASCII text, with very long lines (2998), with no line terminators
Size
3.0 kB (2979 bytes)
Hash
f03422dc797fd26a3834b1ec041128ed
a6e88f4fe48b749c2b7360e8e004f64b6cfffb1a
046ec6b7909d0ca5cc6ef271a1b57b2f2be0bd88e3495fd8c496f1524e8ffaac

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /haykaljb/js/tgwallpaper.mineccb.js HTTP/1.1
Host: telegram18.mypict1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram18.mypict1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 17 Aug 2023 10:23:36 GMT
content-type: application/javascript
last-modified: Fri, 07 Jul 2023 16:02:50 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P9zeclfBeDhzEAesP6A7RyjWmXZReJZxQqy3OH9sh%2BIPauowXOcYvIKKoppnKKlv0GWF0QBe7E93grDmnuUeFWJotCrSMTgbo4%2FvKdolDBiSFFveNNWI3DUbDqmUCf23gdDLOnZxPB1%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f8133dad8cc0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegram18.mypict1.com/haykaljb/css/watermark.css

104.21.19.57

200 OK

104 B

URL GET HTTP/3
telegram18.mypict1.com/haykaljb/css/watermark.css
IP
104.21.19.57:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegram18.mypict1.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmypict1.com
Fingerprint98:10:5E:3E:F1:E7:5D:25:58:A1:06:32:8A:88:CD:60:E9:73:FE:8A
ValidityWed, 05 Jul 2023 11:57:49 GMT - Tue, 03 Oct 2023 11:57:48 GMT

File type
ASCII text, with no line terminators
Size
104 B (104 bytes)
Hash
67874335471aa420e1656b72fe759a06
2ea83f40d873934064b86f48664eb0c05b31244f
1067b485ad7b76ed9339332cd5e7f5b922e0a210dc390d38a272598889cd2c72

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /haykaljb/css/watermark.css HTTP/1.1
Host: telegram18.mypict1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram18.mypict1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 17 Aug 2023 10:23:36 GMT
content-type: text/css
last-modified: Sun, 16 Jul 2023 01:33:21 GMT
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hRV19VgaYLeGKhk4O4GWQ4lKT6t23LTlFZQMSwoEKx95rDPE8naKjDpH3wifQ1WUPEmAVKL7CBpNQluofuUjyBkk1Yyrl62g75rfod6%2B63BcNrxAOv0zsyLGk%2BBiQ5Rij5fk7lvR%2B1Hd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f8133dad8cd0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegram18.mypict1.com/external.html?link=http://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

104.21.19.57

404 Not Found

315 B

URL GET HTTP/3
telegram18.mypict1.com/external.html?link=http://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP
104.21.19.57:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegram18.mypict1.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmypict1.com
Fingerprint98:10:5E:3E:F1:E7:5D:25:58:A1:06:32:8A:88:CD:60:E9:73:FE:8A
ValidityWed, 05 Jul 2023 11:57:49 GMT - Tue, 03 Oct 2023 11:57:48 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /external.html?link=http://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegram18.mypict1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegram18.mypict1.com/haykaljb/css/font-robotoc4ca.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 17 Aug 2023 10:23:39 GMT
content-type: text/html; charset=iso-8859-1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wO00Ppyvdnqq3BYOlQ3Y3qKuU0udP%2BwbBxc6GnAWMviA6tQjKRUl9qsKwQuuJWdJgwX6BDusBG0peWnim5PqBajkPT%2BTW7J9t0w766jirmjSjnBB2Kw3Y1EX34tpqKG5pMh4ZYraXX1Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f8133e44a500afe-OSL
alt-svc: h3=":443"; ma=86400

telegram18.mypict1.com/haykaljb/img/apple-touch-icon.png

104.21.19.57

404 Not Found

315 B

URL GET HTTP/3
telegram18.mypict1.com/haykaljb/img/apple-touch-icon.png
IP
104.21.19.57:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegram18.mypict1.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectmypict1.com
Fingerprint98:10:5E:3E:F1:E7:5D:25:58:A1:06:32:8A:88:CD:60:E9:73:FE:8A
ValidityWed, 05 Jul 2023 11:57:49 GMT - Tue, 03 Oct 2023 11:57:48 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /haykaljb/img/apple-touch-icon.png HTTP/1.1
Host: telegram18.mypict1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram18.mypict1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 17 Aug 2023 10:23:39 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ge6n4XTiqQa%2FIvI3YPC53%2BJpFY8esEznt0wcpODS4MPAZ2Z%2BoqPUvbMNED6w9U2GLLQPHiNcEsyyvW%2FHvZ0dn1NswN4BdXUa2G6BW7TAH1R4FsMGa7VKYRSyrM2jP3zhfXIZkqyuRruy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7f8133e68cd50afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections