Report - teleagram.icu/

Report Overview

Visited public
2024-07-24 10:50:06
Tags
telegram phishing
Submit Tags
URL
teleagram.icu/
Finishing URL
teleagram.icu/web
IP / ASN
103.140.126.137
#55933 Cloudie Limited
Title
Telegram Web
Phishing - Telegram

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-07-23 18:24:07	650 B	1.4 kB	142.250.74.131
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-07-23 19:10:13	522 B	15 kB	216.58.207.227
ipinfo.io	8136	2013-04-23	2013-12-16 08:25:53	2024-07-23 18:13:15	458 B	650 B	34.117.59.81
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-23 18:12:04	2.9 kB	8.0 kB	23.36.76.226
teleagram.icu	unknown	unknown	No data	No data	6.0 kB	647 kB	103.140.126.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-24 10:49:41	medium	Client IP	34.117.59.81	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram
2024-07-23	medium	teleagram.icu/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	teleagram.icu/polyfills.9225875df2b05e64.js	ScriptElement	38 kB	2023-05-09	2025-06-08
Pretty URL teleagram.icu/polyfills.9225875df2b05e64.js IP 103.140.126.137 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 05:29 Last Seen2025-06-08 13:30 Times Seen1455 Hash d9e615229bebe9d2ffca657bf396b5a0 1610b7036eafbc4507aeba3fc0769381fb6fc51d a110fdb5148ce482e99821228f6653fce4142cf45540b0816c3e1af012c86fe2 Loading...

	unknown	EventHandler	16 B	2023-04-10	2025-07-16
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-10 15:57 Last Seen2025-07-16 09:45 Times Seen74023 Hash 7c3c3ddeb80438dcbb3d081d2d00e152 5a4016732ee72ec77b4f6ab17047bcea6d2ea34d 321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187 Loading...

	teleagram.icu/runtime.d0a0d8313f8d1e00.js	ScriptElement	920 B	2023-07-02	2025-06-08
Pretty URL teleagram.icu/runtime.d0a0d8313f8d1e00.js IP 103.140.126.137 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-02 13:06 Last Seen2025-06-08 13:30 Times Seen1054 Hash 605959eb10832f7eb0568dba9cce07cc 1464546ef446dc40ff30e234baff327cebd87542 b77f40ebf5ebb6e9771cf3af13c44e7de72650b59d3dbff7d3e2b2395fe78f88 Loading...

	teleagram.icu/assets/layui-v2.6.8/layui/layui.js	ScriptElement	530 kB	2023-05-09	2025-06-08
Pretty URL teleagram.icu/assets/layui-v2.6.8/layui/layui.js IP 103.140.126.137 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 05:29 Last Seen2025-06-08 13:30 Times Seen1450 Hash c2c8dd4c98816096d648f76f68344815 3b79b4e7c862d97b1eb5f0bcf87dce5aa445ddb3 c530fb9c66eef94ef5905c4cf3a9548eddca3155dc3dbb942840f251b94eebf4 Loading...

	teleagram.icu/assets/download/filename.js	ScriptElement	65 B	2023-06-28	2025-06-08
Pretty URL teleagram.icu/assets/download/filename.js IP 103.140.126.137 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-28 23:35 Last Seen2025-06-08 13:30 Times Seen1274 Hash a6d1304541fda1e265432a0993951251 ef07ff3c0a0e18efcf3313179a573a34e0ef43b2 f4754b61ec80001793e16fc47508a87579cf153abef66be058e706c2c65ec2b6 Loading...

	teleagram.icu/main.f36f4ad93856e434.js	ScriptElement	764 kB	2024-03-21	2024-09-20
Pretty URL teleagram.icu/main.f36f4ad93856e434.js IP 103.140.126.137 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-21 17:11 Last Seen2024-09-20 20:15 Times Seen196 Hash 42179c0406845cc76ef6872fb1e2362c 6e148471d0d5c66f7c7cd67963d43bebc0a998d6 521925ea5c60a4a7aa620546895c71238d44413b2ea8a87ca27db2df73bce4f2 Loading...

	teleagram.icu/assets/js/jquery-3.5.1.min.js	ScriptElement	168 kB	2023-05-09	2025-06-08
Pretty URL teleagram.icu/assets/js/jquery-3.5.1.min.js IP 103.140.126.137 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-09 05:29 Last Seen2025-06-08 13:30 Times Seen1462 Hash cbe069d8a96235f23c787ed23fe5860c f9760aa86067bdcd205c7db86cd8048ccd5dba71 8008e8bb3f40911b2bb78dc86ed60ff87bcd063a712bb7b269ceeb3f0be8a7f8 Loading...

HTTP Transactions (30)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
1a3151e6a7926a025c9127a47e72768f
522b2faf56d95d71b65bec8872d69b2ba18f7ed0
594db80a906d294cde663e68eeb0bf0a03dec7ee05f778e56f0730242ada26ed

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "594DB80A906D294CDE663E68EEB0BF0A03DEC7EE05F778E56F0730242ADA26ED"
Last-Modified: Tue, 23 Jul 2024 08:21:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3112
Expires: Wed, 24 Jul 2024 11:41:29 GMT
Date: Wed, 24 Jul 2024 10:49:37 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
924327fa04d108458b0225e7ebe4183b
93e78c953751bfdf53094ddb3cce58550d953bbf
8b733a635618582dda467895c8500629631e4e1b57fa0a2005ed094ca7eae3cf

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8B733A635618582DDA467895C8500629631E4E1B57FA0A2005ED094CA7EAE3CF"
Last-Modified: Tue, 23 Jul 2024 07:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2210
Expires: Wed, 24 Jul 2024 11:26:27 GMT
Date: Wed, 24 Jul 2024 10:49:37 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
712b83dd93b25c422e76a0874e40d710
f87414bc899d7af9bd1b60a5b8c616b43b7cad00
a1aa4fb80b41b76f8c2f837eef8495b3029d8012bfe126002ed0c161546c697f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A1AA4FB80B41B76F8C2F837EEF8495B3029D8012BFE126002ED0C161546C697F"
Last-Modified: Tue, 23 Jul 2024 08:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2527
Expires: Wed, 24 Jul 2024 11:31:45 GMT
Date: Wed, 24 Jul 2024 10:49:38 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c8259c463773b8bacd8cb5c66f9b285c
6afbbe02b1e4e3f8e1ec64085c1697a6532522da
ec10833b9fb7c5780eb8fc408e29234895f7170cafc513a4ae80fe27d515e04d

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "EC10833B9FB7C5780EB8FC408E29234895F7170CAFC513A4AE80FE27D515E04D"
Last-Modified: Tue, 23 Jul 2024 08:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6773
Expires: Wed, 24 Jul 2024 12:42:31 GMT
Date: Wed, 24 Jul 2024 10:49:38 GMT
Connection: keep-alive

GET teleagram.icu/

103.140.126.137

200 OK

40 kB

URL User Request GET HTTP/1.1
teleagram.icu/
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

File type
HTML document, Unicode text, UTF-8 text, with very long lines (62711)
Size
40 kB (40159 bytes)
Hash
077d860a4fc8a6a361c867ea10d5f0ae
58b04cf9de5a0422f4434de1d23ff665c54b61f8
cd7b7a0c2d3eb453663d1194c6c0f9ac05bdc8ac8399d14e4d3e628dd895902a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET / HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:16:23 GMT
Accept-Ranges: bytes
ETag: "6c17c7dce77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:34 GMT
Content-Length: 40159

GET teleagram.icu/assets/js/jquery-3.5.1.min.js

103.140.126.137

200 OK

53 kB

URL GET HTTP/1.1
teleagram.icu/assets/js/jquery-3.5.1.min.js
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
JavaScript source, ASCII text
Size
53 kB (53059 bytes)
Hash
cbe069d8a96235f23c787ed23fe5860c
f9760aa86067bdcd205c7db86cd8048ccd5dba71
8008e8bb3f40911b2bb78dc86ed60ff87bcd063a712bb7b269ceeb3f0be8a7f8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /assets/js/jquery-3.5.1.min.js HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:16:46 GMT
Accept-Ranges: bytes
ETag: "5165401bce77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:34 GMT
Content-Length: 53059

GET teleagram.icu/assets/download/filename.js

103.140.126.137

200 OK

191 B

URL GET HTTP/1.1
teleagram.icu/assets/download/filename.js
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
JavaScript source, Unicode text, UTF-8 text
Size
191 B (191 bytes)
Hash
a6d1304541fda1e265432a0993951251
ef07ff3c0a0e18efcf3313179a573a34e0ef43b2
f4754b61ec80001793e16fc47508a87579cf153abef66be058e706c2c65ec2b6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /assets/download/filename.js HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:16:25 GMT
Accept-Ranges: bytes
ETag: "3e62eaece77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:34 GMT
Content-Length: 191

GET teleagram.icu/runtime.d0a0d8313f8d1e00.js

103.140.126.137

200 OK

772 B

URL GET HTTP/1.1
teleagram.icu/runtime.d0a0d8313f8d1e00.js
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
JavaScript source, ASCII text, with very long lines (920), with no line terminators
Size
772 B (772 bytes)
Hash
605959eb10832f7eb0568dba9cce07cc
1464546ef446dc40ff30e234baff327cebd87542
b77f40ebf5ebb6e9771cf3af13c44e7de72650b59d3dbff7d3e2b2395fe78f88

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /runtime.d0a0d8313f8d1e00.js HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:16:24 GMT
Accept-Ranges: bytes
ETag: "75464fece77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:34 GMT
Content-Length: 772

GET teleagram.icu/polyfills.9225875df2b05e64.js

103.140.126.137

200 OK

16 kB

URL GET HTTP/1.1
teleagram.icu/polyfills.9225875df2b05e64.js
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
JavaScript source, ASCII text, with very long lines (37755), with no line terminators
Size
16 kB (16138 bytes)
Hash
d9e615229bebe9d2ffca657bf396b5a0
1610b7036eafbc4507aeba3fc0769381fb6fc51d
a110fdb5148ce482e99821228f6653fce4142cf45540b0816c3e1af012c86fe2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /polyfills.9225875df2b05e64.js HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:16:24 GMT
Accept-Ranges: bytes
ETag: "20aa32ece77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:34 GMT
Content-Length: 16138

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
40fddf2c68d16c233d33b4aa3346d094
742a80db38073ddbb885bcf49596bbe4233a4855
18ea2ffdf504aaa8501d4a6de9d56b8811c442cd1d36e4be4d4ef96599d56ce0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18EA2FFDF504AAA8501D4A6DE9D56B8811C442CD1D36E4BE4D4EF96599D56CE0"
Last-Modified: Tue, 23 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4507
Expires: Wed, 24 Jul 2024 12:04:47 GMT
Date: Wed, 24 Jul 2024 10:49:40 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
40fddf2c68d16c233d33b4aa3346d094
742a80db38073ddbb885bcf49596bbe4233a4855
18ea2ffdf504aaa8501d4a6de9d56b8811c442cd1d36e4be4d4ef96599d56ce0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18EA2FFDF504AAA8501D4A6DE9D56B8811C442CD1D36E4BE4D4EF96599D56CE0"
Last-Modified: Tue, 23 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4507
Expires: Wed, 24 Jul 2024 12:04:47 GMT
Date: Wed, 24 Jul 2024 10:49:40 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
40fddf2c68d16c233d33b4aa3346d094
742a80db38073ddbb885bcf49596bbe4233a4855
18ea2ffdf504aaa8501d4a6de9d56b8811c442cd1d36e4be4d4ef96599d56ce0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "18EA2FFDF504AAA8501D4A6DE9D56B8811C442CD1D36E4BE4D4EF96599D56CE0"
Last-Modified: Tue, 23 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4507
Expires: Wed, 24 Jul 2024 12:04:47 GMT
Date: Wed, 24 Jul 2024 10:49:40 GMT
Connection: keep-alive

GET teleagram.icu/main.f36f4ad93856e434.js

103.140.126.137

200 OK

267 kB

URL GET HTTP/1.1
teleagram.icu/main.f36f4ad93856e434.js
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
267 kB (266820 bytes)
Hash
42179c0406845cc76ef6872fb1e2362c
6e148471d0d5c66f7c7cd67963d43bebc0a998d6
521925ea5c60a4a7aa620546895c71238d44413b2ea8a87ca27db2df73bce4f2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /main.f36f4ad93856e434.js HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:16:24 GMT
Accept-Ranges: bytes
ETag: "319d16ece77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:34 GMT

GET teleagram.icu/assets/layui-v2.6.8/layui/layui.js

103.140.126.137

200 OK

160 kB

URL GET HTTP/1.1
teleagram.icu/assets/layui-v2.6.8/layui/layui.js
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
JavaScript source, ASCII text
Size
160 kB (160267 bytes)
Hash
c2c8dd4c98816096d648f76f68344815
3b79b4e7c862d97b1eb5f0bcf87dce5aa445ddb3
c530fb9c66eef94ef5905c4cf3a9548eddca3155dc3dbb942840f251b94eebf4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /assets/layui-v2.6.8/layui/layui.js HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:17:29 GMT
Accept-Ranges: bytes
ETag: "38abd834ce77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:34 GMT

GET teleagram.icu/assets/css/font-awesome.min.css

103.140.126.137

200 OK

6.2 kB

URL GET HTTP/1.1
teleagram.icu/assets/css/font-awesome.min.css
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
troff or preprocessor input, ASCII text
Size
6.2 kB (6202 bytes)
Hash
33ab425205ede257e17e9f9f67a1f2d7
9ac3caa06c9a19a3bfb9c4d971eb2b8bc0938304
c908df9056bdf49233996dab5a0f031ea61b608654aad6cf63828ded87f91a22

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /assets/css/font-awesome.min.css HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:16:25 GMT
Accept-Ranges: bytes
ETag: "435d0ece77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:36 GMT
Content-Length: 6202

GET teleagram.icu/assets/layui-v2.6.8/layui/css/modules/laydate/default/laydate.css?v=5.3.1

103.140.126.137

200 OK

2.3 kB

URL GET HTTP/1.1
teleagram.icu/assets/layui-v2.6.8/layui/css/modules/laydate/default/laydate.css?v=5.3.1
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
ASCII text
Size
2.3 kB (2345 bytes)
Hash
a777c30898587521ccd07c5b429e4c02
8e9884271e67213a37cc531d783381ca7e855efa
505127fe93cdcdd4cf04ac4e8a34a115800d00182b454f3b629e445e04723fab

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /assets/layui-v2.6.8/layui/css/modules/laydate/default/laydate.css?v=5.3.1 HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:17:30 GMT
Accept-Ranges: bytes
ETag: "3485b235ce77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:36 GMT
Content-Length: 2345

GET teleagram.icu/assets/layui-v2.6.8/layui/css/modules/layer/default/layer.css?v=3.5.1

103.140.126.137

200 OK

4.2 kB

URL GET HTTP/1.1
teleagram.icu/assets/layui-v2.6.8/layui/css/modules/layer/default/layer.css?v=3.5.1
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
ASCII text
Size
4.2 kB (4173 bytes)
Hash
a0a9391332fa52fb7965cb162e37487b
3c6ee7cb8979ee47cbf7c85b951efc39ec0979f5
25fc17aba4a3d31222673cb72097329ea347739ed335f130eff384af2c18ea60

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /assets/layui-v2.6.8/layui/css/modules/layer/default/layer.css?v=3.5.1 HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:17:31 GMT
Accept-Ranges: bytes
ETag: "1ab4036ce77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:36 GMT
Content-Length: 4173

GET teleagram.icu/assets/layui-v2.6.8/layui/css/modules/code.css?v=2

103.140.126.137

200 OK

678 B

URL GET HTTP/1.1
teleagram.icu/assets/layui-v2.6.8/layui/css/modules/code.css?v=2
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
ASCII text
Size
678 B (678 bytes)
Hash
2c6ced625980e19b9ce7415d11dfb677
11f84a0810c88250a66a053921c640fd5f798067
743be0166f043b1e6227f3a53ae1e69827e049d5cba27687ae33fbe4b021aead

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /assets/layui-v2.6.8/layui/css/modules/code.css?v=2 HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:17:30 GMT
Accept-Ranges: bytes
ETag: "4d4b9835ce77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:36 GMT
Content-Length: 678

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0025c1ef54e225ecbbdb6b879f8c9ee1
c97bd493f64c302fdb2165bc3bc35e1f3c747036
17261ea15d090f8b800027d495ad15136486d964935e8d580b47e78257e125a6

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 Jul 2024 10:49:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2

216.58.207.227

200 OK

14 kB

URL GET HTTP/2
fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://teleagram.icu/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintEE:FE:75:C9:E5:09:76:EB:38:E8:5F:5F:31:DF:88:D1:BF:9A:93:09
ValidityMon, 24 Jun 2024 07:40:48 GMT - Mon, 16 Sep 2024 07:40:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13980, version 1.0
Size
14 kB (13980 bytes)
Hash
b7d6b48d8d12946dc808ff39aed6c460
3f18028a04b3fb39bb1cc33dce401d04e9207970
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0

HTTP Headers

GET /s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://teleagram.icu
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13980
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 22 Jul 2024 09:29:49 GMT
expires: Tue, 22 Jul 2025 09:29:49 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:17:19 GMT
content-type: font/woff2
age: 177592
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0025c1ef54e225ecbbdb6b879f8c9ee1
c97bd493f64c302fdb2165bc3bc35e1f3c747036
17261ea15d090f8b800027d495ad15136486d964935e8d580b47e78257e125a6

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 24 Jul 2024 10:49:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET teleagram.icu/assets/datas/countries/phoneCode.json

103.140.126.137

200 OK

3.8 kB

URL GET HTTP/1.1
teleagram.icu/assets/datas/countries/phoneCode.json
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
JSON text data
Size
3.8 kB (3756 bytes)
Hash
19551c0b56dc31d495fc8ad9375b3044
6fbcae618638a57482344c28228a1daedc41d4c4
0ced196a8f08e4b904863d19b618bbfbc87882d8e95befa5b6599a9708dca790

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /assets/datas/countries/phoneCode.json HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/web
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/json
Last-Modified: Sat, 16 Mar 2024 18:17:25 GMT
Accept-Ranges: bytes
ETag: "9ce3d32ce77da1:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:36 GMT
Content-Length: 3756

GET teleagram.icu/assets/images/logo.jpg

103.140.126.137

200 OK

6.3 kB

URL GET HTTP/1.1
teleagram.icu/assets/images/logo.jpg
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 96x96, segment length 16, baseline, precision 8, 128x128, components 3
Size
6.3 kB (6328 bytes)
Hash
b6804a49a117cb8b5eb86cd489a93a36
3304eb19bfd257989d94d5217196c129c3244696
2a1f3de21a6685e08138c0d562de525d765ef14999b143085e678fc4d7517a4d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /assets/images/logo.jpg HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/web
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/jpeg
Last-Modified: Sat, 16 Mar 2024 18:17:18 GMT
Accept-Ranges: bytes
ETag: "b4b0992ece77da1:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:36 GMT
Content-Length: 6328

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
08fecfc5235f92d28407094f0f43036e
545b3518cce9de0f44699c100f8c54f032ccb8d4
89ba6972c14438f87ac5cd91d1b236c1970917d5f5942e8cafe5e53856da5d2f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "89BA6972C14438F87AC5CD91D1B236C1970917D5F5942E8CAFE5E53856DA5D2F"
Last-Modified: Tue, 23 Jul 2024 07:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3833
Expires: Wed, 24 Jul 2024 11:53:34 GMT
Date: Wed, 24 Jul 2024 10:49:41 GMT
Connection: keep-alive

GET teleagram.icu/assets/layui-v2.6.8/layui/css/layui.css

103.140.126.137

200 OK

15 kB

URL GET HTTP/1.1
teleagram.icu/assets/layui-v2.6.8/layui/css/layui.css
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
ASCII text
Size
15 kB (15097 bytes)
Hash
fbf5fcf853079a9f486f7e5bb5899fb7
eb59ff5dc9cbb843259cab198af6e366d40cf8f8
8e04484b0071d1bbbfac2183a329b6f88432c455474978d52fd7bab4bf89a658

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /assets/layui-v2.6.8/layui/css/layui.css HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:17:29 GMT
Accept-Ranges: bytes
ETag: "8029534ce77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:36 GMT
Content-Length: 15097

GET ipinfo.io/?token=ad76fbd92e6bbb

34.117.59.81

429 Too Many Requests

136 B

URL GET HTTP/2
ipinfo.io/?token=ad76fbd92e6bbb
IP
34.117.59.81:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
http://teleagram.icu/
Certificate
IssuerLet's Encrypt
Subjectipinfo.io
Fingerprint9C:A9:23:3F:9C:2C:9B:14:4D:E9:49:71:5C:A0:DB:7E:9B:F5:0B:E9
ValidityWed, 03 Jul 2024 16:04:01 GMT - Tue, 01 Oct 2024 16:04:00 GMT

File type
JSON text data
Size
136 B (136 bytes)
Hash
3319a200adef63cfb155c84ad6a1bcc1
ced752e1f3903015159f1f18ac409a6373d027b0
60b59a85b456eea5ea7b0d592088fbb7416f938598bf39aaaf2b56c45a02783e

HTTP Headers

GET /?token=ad76fbd92e6bbb HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://teleagram.icu
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 429 Too Many Requests
access-control-allow-origin: *
content-encoding: br
content-type: application/json; charset=utf-8
date: Wed, 24 Jul 2024 10:49:41 GMT
referrer-policy: strict-origin-when-cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 136
via: 1.1 google
strict-transport-security: max-age=2592000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET teleagram.icu/styles.e2974b719a0acf9b.css

103.140.126.137

200 OK

25 kB

URL GET HTTP/1.1
teleagram.icu/styles.e2974b719a0acf9b.css
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
ASCII text, with very long lines (62185)
Size
25 kB (24726 bytes)
Hash
7979cf7a21187bdc639adca62183e908
2a8732d80fafa18d32a69092e0781d083bcb25d9
3d5b133530265db10112be8bc46eb7764530cecc02d76ea3808c502d8bae7d1a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /styles.e2974b719a0acf9b.css HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:16:24 GMT
Accept-Ranges: bytes
ETag: "0ccd6dce77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:36 GMT
Content-Length: 24726

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
08fecfc5235f92d28407094f0f43036e
545b3518cce9de0f44699c100f8c54f032ccb8d4
89ba6972c14438f87ac5cd91d1b236c1970917d5f5942e8cafe5e53856da5d2f

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "89BA6972C14438F87AC5CD91D1B236C1970917D5F5942E8CAFE5E53856DA5D2F"
Last-Modified: Tue, 23 Jul 2024 07:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3833
Expires: Wed, 24 Jul 2024 11:53:34 GMT
Date: Wed, 24 Jul 2024 10:49:41 GMT
Connection: keep-alive

GET teleagram.icu/favicon.ico

103.140.126.137

200 OK

15 kB

URL GET HTTP/1.1
teleagram.icu/favicon.ico
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
15 kB (15086 bytes)
Hash
4c7161b2ff1db8e15c7e47f8639c5f86
30260efcdaf269977cf3e8a2280a9c6d4c93b583
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/x-icon
Last-Modified: Sat, 16 Mar 2024 18:16:21 GMT
Accept-Ranges: bytes
ETag: "cad3a1cce77da1:0"
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:37 GMT
Content-Length: 15086

GET teleagram.icu/assets/css/bootstrap.min.css

103.140.126.137

200 OK

26 kB

URL GET HTTP/1.1
teleagram.icu/assets/css/bootstrap.min.css
IP
103.140.126.137:80
ASN
#55933 Cloudie Limited

Requested by
http://teleagram.icu/

File type
ASCII text, with very long lines (335)
Size
26 kB (26177 bytes)
Hash
6ab84cbbd44a52f4fd48f1fa5b4178ac
ef1070e3ee88a7056a5c74173c77c4c4982bc05a
6842b2619cc388e31500b22f62403f658d6c15ad74c3d255c15473fd7cbc9a5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Telegram
OpenPhish	phishing	Telegram

HTTP Headers

GET /assets/css/bootstrap.min.css HTTP/1.1
Host: teleagram.icu
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://teleagram.icu/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sat, 16 Mar 2024 18:16:25 GMT
Accept-Ranges: bytes
ETag: "80626fece77da1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Wed, 24 Jul 2024 10:49:36 GMT
Content-Length: 26177

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (30)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash