Report - s.whatshelp.io/r/7999o3

Report Overview

Visited public
2024-12-30 09:30:06
Tags
URL
s.whatshelp.io/r/7999o3
Finishing URL
t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c
IP / ASN
172.67.220.136
#13335 CLOUDFLARENET
Title
Telegram: Join Group Chat

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
sba.yandex.ru	unknown	1997-09-23	2020-04-14	2024-12-23	655 B	1.2 kB	87.250.250.232
t.me	6552	2010-05-20	2015-06-29	2024-12-28	492 B	4.9 kB	149.154.167.99
cdn4.cdn-telegram.org	unknown	2023-11-04	2023-11-04	2024-12-25	771 B	34 kB	34.111.35.152
telegram.org	5408	2003-12-15	2013-12-18	2024-12-25	5.0 kB	449 kB	149.154.167.99
s.whatshelp.io	unknown	2015-08-14	2019-01-20	2024-10-25	479 B	13 kB	172.67.220.136
clck.ru	105004	2007-08-13	2017-02-01	2024-12-23	470 B	13 kB	213.180.204.221
s.bothelp.io	unknown	2019-11-11	2021-11-03	2024-12-15	475 B	1.4 kB	172.67.136.86

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-12-30 09:29:41	low	Client IP	149.154.167.99	ET INFO Observed Telegram Domain (t .me in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	telegram.org/js/tgwallpaper.min.js?3	ScriptElement	3.0 kB	2023-03-07	2025-05-09
Pretty URL telegram.org/js/tgwallpaper.min.js?3 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-09 03:37 Times Seen49065 Hash 2b89d34702716a8ad2cc3977718f53a3 04406ebd6a9e2ce79dbac5e5048cfe1384e4574a 2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6 Loading...

	t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c	ScriptElement	228 B	2024-12-30	2024-12-30
Pretty URL t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-30 09:30 Last Seen2024-12-30 09:30 Times Seen1 Hash 3f5ac2a6c183252093e0dd29fb12e9e7 ec52abd898d949e6fa379a8319365be585a58477 464922d47663e66000a172d235ce59a2662d9eb0219732d5e46acc55f9c7222b Loading...

	t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c	ScriptElement	193 B	2023-03-07	2025-05-09
Pretty URL t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:31 Last Seen2025-05-09 03:37 Times Seen46100 Hash 9c629a0c52a2afad699d260f673481fd a4fd0ed3e5daa31480eb6de0faa5d442f015cbf6 ea0d804370930ee958af535ce56cddf1dda419bdc676315ae8af0fbb4c733471 Loading...

	t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c	ScriptElement	1.3 kB	2024-12-30	2024-12-30
Pretty URL t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2024-12-30 09:30 Last Seen2024-12-30 09:30 Times Seen1 Hash 853940e2a6e7611c9811ab600fea5e41 5eabd90466ed39226a3e224eff7ef0a8d6706312 bfd4b511093e7feb0990f1bc7bd0619f01d60c0f61adab0c8f3ee176d6458fc8 Loading...

HTTP Transactions (17)

	URL	IP	Response	Size
	s.bothelp.io/r/7999o3	172.67.136.86	302 Found	616 B
URL User Request GET HTTP/2 s.bothelp.io/r/7999o3 IP 172.67.136.86:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectbothelp.io FingerprintF8:54:66:C7:B9:B5:1A:4B:51:4F:D8:2F:65:9D:59:A1:A1:28:85:7D ValidityThu, 19 Dec 2024 10:21:11 GMT - Wed, 19 Mar 2025 11:18:48 GMT File type HTML document, ASCII text, with very long lines (506) Size 616 B (616 bytes) Hash aa507b129d22af0f077786d83bc21ce1 eca8e8267942d8c783d0a818e29b0382d935d1f8 e36d5f99da300c443cf477d142c7e86b1b5f95256e9bd7ce840ec74142851fa2 HTTP Headers `GET /r/7999o3 HTTP/1.1 Host: s.bothelp.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 302 Found date: Mon, 30 Dec 2024 09:29:41 GMT content-type: text/html; charset=UTF-8 location: https://clck.ru/3FUwS2 content-encoding: none cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kXN7fXWc3SQNWRiGRNU9pIwQFpX1Pg132B8WMDtA9rD6INVpEwPoLSD7LqTOzSSLgWbKY7MI2RoCyvTXukUDaFJ%2BEN0YwzOvAFDNxy86XQvL92Z%2FrqB7wGvtyxdKVI0%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 8fa101c058387129-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=6651&min_rtt=453&rtt_var=12115&sent=10&recv=12&lost=0&retrans=1&sent_bytes=3286&recv_bytes=1296&delivery_rate=7109656&cwnd=256&unsent_bytes=0&cid=b9427311b9019b1d&ts=193&x=0" X-Firefox-Spdy: h2

	sba.yandex.ru/redirect?url=https%3A%2F%2Ft.me%2F%2B7jwWdanTGY4zMGQy%3Fclckid%3D4c8d250c&client=clck&request_id=1735550981536494-4501477915839803310&sign=d827cf52d12d139be7b1fdfbaa308a5a	87.250.250.232	302 FOUND	298 B
URL User Request GET HTTP/1.1 sba.yandex.ru/redirect?url=https%3A%2F%2Ft.me%2F%2B7jwWdanTGY4zMGQy%3Fclckid%3D4c8d250c&client=clck&request_id=1735550981536494-4501477915839803310&sign=d827cf52d12d139be7b1fdfbaa308a5a IP 87.250.250.232:443 ASN #13238 YANDEX LLC Certificate IssuerGlobalSign nv-sa Subjectsba.yandex.net Fingerprint81:BE:67:91:CB:13:E7:F1:58:2C:86:19:F0:A0:B0:68:9F:89:E7:10 ValidityWed, 27 Nov 2024 21:08:05 GMT - Wed, 28 May 2025 20:59:59 GMT File type HTML document, ASCII text Size 298 B (298 bytes) Hash 5385fc99cf613038e21d2b2f033933b7 3860adfbb3fcbc0327eb84d3b8ae2083fc51bdc4 6c291d291a992dc71d1e229698fab243c04931ed44b9f3977bb43e8e8c018106 HTTP Headers GET /redirect?url=https%3A%2F%2Ft.me%2F%2B7jwWdanTGY4zMGQy%3Fclckid%3D4c8d250c&client=clck&request_id=1735550981536494-4501477915839803310&sign=d827cf52d12d139be7b1fdfbaa308a5a HTTP/1.1 Host: sba.yandex.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Cookie: gdpr=1 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 302 FOUND Content-Length: 298 Content-Type: text/html; charset=utf-8 Date: Mon, 30 Dec 2024 09:29:41 GMT Location: https://t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c Set-Cookie: _yasc=nzM+7y2luFCfdk+bGQx9RLW8k6fit7S3fg9aLhVYoP8TXC3X6/ILrKZKJ0LPap4Q; domain=.yandex.ru; path=/; expires=Thu, 28 Dec 2034 09:29:41 GMT; secure i=oIs3PAgdlbnSS/8etF3rLuggsYgreaYNSpS9JHTDM/dkXwGYFHvbGBoTjRUBZAVQSqZONxUCveNuSIJw8lbjI5v3TBI=; Expires=Wed, 30-Dec-2026 09:29:41 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None yandexuid=1069501881735550981; Expires=Wed, 30-Dec-2026 09:29:41 GMT; Domain=.yandex.ru; Path=/; Secure; SameSite=None yashr=9321621861735550981; Path=/; Domain=.yandex.ru; Expires=Tue, 30 Dec 2025 09:29:41 GMT; SameSite=None; Secure; HttpOnly Strict-Transport-Security: max-age=3600; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block

	t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c	149.154.167.99	200 OK	4.4 kB
URL User Request GET HTTP/2 t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Certificate IssuerGoDaddy.com, Inc. Subject.t.me FingerprintBA:44:79:96:41:99:29:DF:8F:08:73:A9:D4:90:C4:0D:7D:02:8F:9B ValiditySun, 06 Oct 2024 19:51:28 GMT - Fri, 07 Nov 2025 19:51:28 GMT File type HTML document, Unicode text, UTF-8 text, with very long lines (3560) Size 4.4 kB (4394 bytes) Hash bb49fa3cb267bb14553fd40199caebdd b0bfd98bd7af923611befaa0bc4e0be4a0508262 5fea98ea7cb93567295e7e3907211516e8ff51a7b6a3997c9faff1f4d58c9afd HTTP Headers `GET /+7jwWdanTGY4zMGQy?clckid=4c8d250c HTTP/1.1 Host: t.me User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: nginx/1.18.0 date: Mon, 30 Dec 2024 09:29:41 GMT content-type: text/html; charset=utf-8 content-length: 4394 set-cookie: stel_ssid=0e0d05149c85b715f0_16461166592823133609; expires=Tue, 31 Dec 2024 09:29:41 GMT; path=/; samesite=None; secure; HttpOnly pragma: no-cache cache-control: no-store x-frame-options: ALLOW-FROM https://web.telegram.org content-security-policy: frame-ancestors https://web.telegram.org content-encoding: gzip strict-transport-security: max-age=35768000 X-Firefox-Spdy: h2

	cdn4.cdn-telegram.org/file/Kc6K6ILAP65DN41yJG-DnETm2C5MX44O5BDRrhvoO1GCTqSOXad49PBbz5-9-fz2QGu90bUUi_hQce2gdx-Lr9a9MohRj1eF2CiOQNbjwEoWRRlU8KW_flQzFQp3OmExSBxdCT94ajnPQZp93vPHy-hxO-AV3ulXaR3tq5EaaEXI7-l2Z3qc5Bwk3GkUWC4tqcEt1nHZneJDTNRv7CBxKi4bdNiKIY-59ofUalRHaiZ1iiCpnNmgzw0toJaeozUuD_2TnELaIF2a5ylZifmCmG32s6VnZbVCUCk4VnF7hf8XqSN9DBiHqaaSH71LKtn9nYK0uhpKVVexLF1p0rTyiQ.jpg	34.111.35.152	200 OK	33 kB
URL GET HTTP/2 cdn4.cdn-telegram.org/file/Kc6K6ILAP65DN41yJG-DnETm2C5MX44O5BDRrhvoO1GCTqSOXad49PBbz5-9-fz2QGu90bUUi_hQce2gdx-Lr9a9MohRj1eF2CiOQNbjwEoWRRlU8KW_flQzFQp3OmExSBxdCT94ajnPQZp93vPHy-hxO-AV3ulXaR3tq5EaaEXI7-l2Z3qc5Bwk3GkUWC4tqcEt1nHZneJDTNRv7CBxKi4bdNiKIY-59ofUalRHaiZ1iiCpnNmgzw0toJaeozUuD_2TnELaIF2a5ylZifmCmG32s6VnZbVCUCk4VnF7hf8XqSN9DBiHqaaSH71LKtn9nYK0uhpKVVexLF1p0rTyiQ.jpg IP 34.111.35.152:443 ASN #396982 GOOGLE-CLOUD-PLATFORM Requested by https://t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c Certificate IssuerGoogle Trust Services Subjectcdn1.cdn-telegram.org Fingerprint98:4F:3F:18:A6:34:FA:03:84:16:34:45:B8:B4:70:07:C5:7F:CC:1A ValidityMon, 16 Dec 2024 15:19:35 GMT - Sun, 16 Mar 2025 16:14:10 GMT File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x320, components 3 Size 33 kB (33184 bytes) Hash 6908b1bbe8e512ddb8b27332aea42d3c 4c4f07c804e71b7a3e0ba7c1d0573ee47c263544 d1f624e9ddabf0fd38d4905268c9d9617d5a4d49eeea6fd4c9984021b918ad09 HTTP Headers GET /file/Kc6K6ILAP65DN41yJG-DnETm2C5MX44O5BDRrhvoO1GCTqSOXad49PBbz5-9-fz2QGu90bUUi_hQce2gdx-Lr9a9MohRj1eF2CiOQNbjwEoWRRlU8KW_flQzFQp3OmExSBxdCT94ajnPQZp93vPHy-hxO-AV3ulXaR3tq5EaaEXI7-l2Z3qc5Bwk3GkUWC4tqcEt1nHZneJDTNRv7CBxKi4bdNiKIY-59ofUalRHaiZ1iiCpnNmgzw0toJaeozUuD_2TnELaIF2a5ylZifmCmG32s6VnZbVCUCk4VnF7hf8XqSN9DBiHqaaSH71LKtn9nYK0uhpKVVexLF1p0rTyiQ.jpg HTTP/1.1 Host: cdn4.cdn-telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK server: nginx/1.18.0 date: Mon, 30 Dec 2024 09:29:42 GMT content-type: image/jpeg content-length: 33184 access-control-allow-origin: * x-content-type-options: nosniff content-security-policy: default-src 'none'; sandbox x-frame-options: DENY x-xss-protection: 1; mode=block access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length accept-ranges: bytes, bytes cache-control: public,max-age=7200 etag: "5f69338cbfd81163df514d047dda913088759505" strict-transport-security: max-age=31536000; includeSubDomains; preload via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2	149.154.167.99	200 OK	11 kB
URL GET HTTP/2 telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Requested by https://t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c Certificate IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT File type Web Open Font Format (Version 2), TrueType, length 11028, version 1.0 Size 11 kB (11028 bytes) Hash 1f6d3cf6d38f25d83d95f5a800b8cac3 279f300ca2cbbdf9f5036ef2f438607fbf377daa 796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f HTTP Headers `GET /fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://t.me DNT: 1 Connection: keep-alive Referer: https://telegram.org/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 date: Mon, 30 Dec 2024 09:29:42 GMT content-type: application/octet-stream content-length: 11028 last-modified: Thu, 20 Oct 2022 11:05:33 GMT etag: "63512b7d-2b14" expires: Fri, 03 Jan 2025 09:29:42 GMT cache-control: max-age=345600 access-control-allow-origin: accept-ranges: bytes X-Firefox-Spdy: h2`

	telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2	149.154.167.99	200 OK	11 kB
URL GET HTTP/2 telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Requested by https://t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c Certificate IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT File type Web Open Font Format (Version 2), TrueType, length 11040, version 1.0 Size 11 kB (11040 bytes) Hash 5e22a46c04d947a36ea0cad07afcc9e1 6091d981c2a4ee975c7f6b56186ee698040bb804 0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44 HTTP Headers GET /fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://t.me DNT: 1 Connection: keep-alive Referer: https://telegram.org/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx/1.18.0 date: Mon, 30 Dec 2024 09:29:42 GMT content-type: application/octet-stream content-length: 11040 last-modified: Thu, 20 Oct 2022 11:05:33 GMT etag: "63512b7d-2b20" expires: Fri, 03 Jan 2025 09:29:42 GMT cache-control: max-age=345600 access-control-allow-origin: accept-ranges: bytes X-Firefox-Spdy: h2`

	telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfABc4AMP6lbBP.woff2	149.154.167.99	200 OK	6.6 kB
URL GET HTTP/2 telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfABc4AMP6lbBP.woff2 IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Requested by https://t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c Certificate IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT File type Web Open Font Format (Version 2), TrueType, length 6620, version 1.0 Size 6.6 kB (6620 bytes) Hash 376ffe2ca0b038d08d5e582ec13a310f ec85284f360bada79122b5dca3088103c769ca8a 2f662599cf4323a18b4f7da381a998a8873c0277fff2d866336f7ee943a102d6 HTTP Headers GET /fonts/Roboto/KFOlCnqEu92Fr1MmWUlfABc4AMP6lbBP.woff2 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://t.me DNT: 1 Connection: keep-alive Referer: https://telegram.org/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx/1.18.0 date: Mon, 30 Dec 2024 09:29:42 GMT content-type: application/octet-stream content-length: 6620 last-modified: Thu, 20 Oct 2022 11:05:33 GMT etag: "63512b7d-19dc" expires: Fri, 03 Jan 2025 09:29:42 GMT cache-control: max-age=345600 access-control-allow-origin: accept-ranges: bytes X-Firefox-Spdy: h2`

	telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2	149.154.167.99	200 OK	6.5 kB
URL GET HTTP/2 telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2 IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Requested by https://t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c Certificate IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT File type Web Open Font Format (Version 2), TrueType, length 6460, version 1.0 Size 6.5 kB (6460 bytes) Hash 491a7a9678c3cfd4f86c092c68480f23 32e18ae407d782adfd54c78c6259c7be52db6bf3 41b5c3b25f4258190937deb900fa57a6db6d450ce7dd2af2259af760119a1c41 HTTP Headers `GET /fonts/Roboto/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://t.me DNT: 1 Connection: keep-alive Referer: https://telegram.org/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 date: Mon, 30 Dec 2024 09:29:42 GMT content-type: application/octet-stream content-length: 6460 last-modified: Thu, 20 Oct 2022 11:05:33 GMT etag: "63512b7d-193c" expires: Fri, 03 Jan 2025 09:29:42 GMT cache-control: max-age=345600 access-control-allow-origin: accept-ranges: bytes X-Firefox-Spdy: h2`

	telegram.org/img/apple-touch-icon.png	149.154.167.99	200 OK	5.6 kB
URL GET HTTP/2 telegram.org/img/apple-touch-icon.png IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Requested by https://t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c Certificate IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT File type PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced Size 5.6 kB (5644 bytes) Hash 295ccdb03006b8dfef45090dafbd46ac 491ab660270e47cbac6a5731c51cca71c1c1b2b1 a51d667d4262047c23e3a2a8aac3b46dc8a58c686cc013f2354011c07bf22cf3 HTTP Headers `GET /img/apple-touch-icon.png HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 date: Mon, 30 Dec 2024 09:29:42 GMT content-type: image/png content-length: 5644 last-modified: Thu, 21 Apr 2022 13:47:47 GMT etag: "62616083-160c" expires: Fri, 03 Jan 2025 09:29:42 GMT cache-control: max-age=345600 access-control-allow-origin: * accept-ranges: bytes X-Firefox-Spdy: h2`

	telegram.org/img/website_icon.svg?4	149.154.167.99	200 OK	6.0 kB
URL GET HTTP/2 telegram.org/img/website_icon.svg?4 IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Requested by https://t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c Certificate IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT File type gzip compressed data, max speed, from Unix Size 6.0 kB (5954 bytes) Hash 3c60ff6212df78e8f150c1f3343795f8 dff72d96ddd5abde7741df781e416bff0bb86d02 36daf363b3272f5e509dd8234f521e3cd721e95707f59d421c97a854cbaf2c1b HTTP Headers `GET /img/website_icon.svg?4 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx/1.18.0 date: Mon, 30 Dec 2024 09:29:42 GMT content-type: image/svg+xml last-modified: Mon, 20 Jul 2020 20:41:37 GMT etag: W/"5f160181-768" expires: Fri, 03 Jan 2025 09:29:42 GMT cache-control: max-age=345600 access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2`

	telegram.org/css/font-roboto.css?1	149.154.167.99	200 OK	6.2 kB
URL GET HTTP/2 telegram.org/css/font-roboto.css?1 IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Requested by https://t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c Certificate IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT File type ASCII text, with very long lines (6354), with no line terminators Size 6.2 kB (6166 bytes) Hash c06318a1f377e388b69b104b4cefa1a6 151f067aae997487880e573876f96b8d598e64db 1a53363e667fffef8a82588191989d36e680b4d341c6b557e62bf207311a3d70 HTTP Headers `GET /css/font-roboto.css?1 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/*;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 date: Mon, 30 Dec 2024 09:29:42 GMT content-type: text/css last-modified: Thu, 20 Oct 2022 11:05:33 GMT etag: W/"63512b7d-1816" expires: Fri, 03 Jan 2025 09:29:42 GMT cache-control: max-age=345600 strict-transport-security: max-age=31536000; includeSubDomains; preload content-encoding: gzip X-Firefox-Spdy: h2`

	telegram.org/css/telegram.css?242	149.154.167.99	200 OK	115 kB
URL GET HTTP/2 telegram.org/css/telegram.css?242 IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Requested by https://t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c Certificate IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT File type ASCII text, with very long lines (1267) Size 115 kB (115228 bytes) Hash 5ba28042c5e29474f03b198862b53769 76e2b7d00918f3d343f85aca69f57ffbd20233fb c77769911d5a1089e652c071332e18c5411f60705ba50135c21f267ffe42b642 HTTP Headers `GET /css/telegram.css?242 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/*;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 date: Mon, 30 Dec 2024 09:29:42 GMT content-type: text/css last-modified: Thu, 28 Nov 2024 20:13:47 GMT etag: W/"6748cefb-1c21c" expires: Fri, 03 Jan 2025 09:29:42 GMT cache-control: max-age=345600 strict-transport-security: max-age=31536000; includeSubDomains; preload content-encoding: gzip X-Firefox-Spdy: h2`

	telegram.org/img/tgme/pattern.svg?1	149.154.167.99	200 OK	232 kB
URL GET HTTP/2 telegram.org/img/tgme/pattern.svg?1 IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Requested by https://t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c Certificate IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT File type SVG Scalable Vector Graphics image Size 232 kB (231706 bytes) Hash d0c22c6a97023d85ba6e644a41c44a5d 4284efb616c182da4450c123174ce0e81a322845 118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4 HTTP Headers `GET /img/tgme/pattern.svg?1 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://telegram.org/css/telegram.css?242 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 date: Mon, 30 Dec 2024 09:29:42 GMT content-type: image/svg+xml last-modified: Thu, 05 Jan 2023 17:52:04 GMT etag: W/"63b70e44-3891a" expires: Fri, 03 Jan 2025 09:29:42 GMT cache-control: max-age=345600 access-control-allow-origin: * content-encoding: gzip X-Firefox-Spdy: h2`

	s.whatshelp.io/r/7999o3	172.67.220.136	301 Moved Permanently	12 kB
URL User Request GET HTTP/2 s.whatshelp.io/r/7999o3 IP 172.67.220.136:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectwhatshelp.io Fingerprint49:66:A4:56:AB:1C:34:BA:B6:22:F6:2B:FD:15:B3:E3:B6:2C:C4:CE ValiditySat, 21 Dec 2024 01:10:59 GMT - Fri, 21 Mar 2025 02:10:57 GMT File type Size 12 kB (11888 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /r/7999o3 HTTP/1.1 Host: s.whatshelp.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 301 Moved Permanently date: Mon, 30 Dec 2024 09:29:41 GMT content-type: text/html location: https://s.bothelp.io/r/7999o3 cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TsVua%2B4UKBEUlvRYZhF%2B08X6PIC0ikc69ffLcbOq27j%2Br82T3rMiBPK%2BQAYXvEWav9eYCK7%2BHciEmlBKEBWJqiRLQU0thvK3XTImgzoQS7y0cGoZbrBQWwViQCOH%2FHKnZg%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 8fa101be2be51bfe-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=5932&min_rtt=435&rtt_var=10768&sent=10&recv=12&lost=0&retrans=1&sent_bytes=3288&recv_bytes=1299&delivery_rate=6724458&cwnd=256&unsent_bytes=0&cid=f577bb2332cc474e&ts=284&x=0" X-Firefox-Spdy: h2

	telegram.org/js/tgwallpaper.min.js?3	149.154.167.99	200 OK	3.0 kB
URL GET HTTP/2 telegram.org/js/tgwallpaper.min.js?3 IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Requested by https://t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c Certificate IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT File type ASCII text, with very long lines (2998), with no line terminators Size 3.0 kB (2979 bytes) Hash f03422dc797fd26a3834b1ec041128ed a6e88f4fe48b749c2b7360e8e004f64b6cfffb1a 046ec6b7909d0ca5cc6ef271a1b57b2f2be0bd88e3495fd8c496f1524e8ffaac HTTP Headers `GET /js/tgwallpaper.min.js?3 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 date: Mon, 30 Dec 2024 09:29:42 GMT content-type: application/javascript last-modified: Thu, 03 Mar 2022 19:57:25 GMT etag: W/"62211da5-ba3" expires: Fri, 03 Jan 2025 09:29:42 GMT cache-control: max-age=345600 strict-transport-security: max-age=31536000; includeSubDomains; preload content-encoding: gzip X-Firefox-Spdy: h2`

	clck.ru/3FUwS2	213.180.204.221	302 FOUND	12 kB
URL User Request GET HTTP/1.1 clck.ru/3FUwS2 IP 213.180.204.221:443 ASN #13238 YANDEX LLC Certificate IssuerGlobalSign nv-sa Subjectclck.ru Fingerprint47:2D:2E:CD:8A:93:64:51:2C:8A:1D:FA:C7:A2:F1:7E:CC:FA:9D:9E ValidityWed, 27 Nov 2024 21:09:44 GMT - Wed, 28 May 2025 20:59:59 GMT File type Size 12 kB (11888 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /3FUwS2 HTTP/1.1 Host: clck.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 302 FOUND Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Access-Control-Allow-Origin: * Content-Length: 616 Content-Type: text/html; charset=utf-8 Date: Mon, 30 Dec 2024 09:29:41 GMT Location: https://sba.yandex.ru/redirect?url=https%3A%2F%2Ft.me%2F%2B7jwWdanTGY4zMGQy%3Fclckid%3D4c8d250c&client=clck&request_id=1735550981536494-4501477915839803310&sign=d827cf52d12d139be7b1fdfbaa308a5a Set-Cookie: _yasc=8/aB3M06tMWmS8BNlcFhQtWI48T6SU9myowIkv+aDG0OtCKQA9K5p+eBb+ALJ3ThkQ==; domain=.clck.ru; path=/; expires=Thu, 28 Dec 2034 09:29:41 GMT; secure bh=YIXQybsGahHcyumIDvKso64EmLzxjgPcaQ==; Path=/; Domain=.clck.ru; Expires=Tue, 03 Feb 2026 09:29:41 GMT; SameSite=None; Secure Strict-Transport-Security: max-age=31536000

	telegram.org/css/bootstrap.min.css?3	149.154.167.99	200 OK	42 kB
URL GET HTTP/2 telegram.org/css/bootstrap.min.css?3 IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Requested by https://t.me/+7jwWdanTGY4zMGQy?clckid=4c8d250c Certificate IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT File type ASCII text, with very long lines (42164) Size 42 kB (42523 bytes) Hash c2656e265ef58a9cc9f4b70b15da5fb9 85c5ebdb89d4574d72688c2650d4b84b9b09770a f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3 HTTP Headers `GET /css/bootstrap.min.css?3 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/css,/*;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 date: Mon, 30 Dec 2024 09:29:42 GMT content-type: text/css last-modified: Fri, 10 Nov 2017 17:54:14 GMT etag: W/"5a05e7c6-a61b" expires: Fri, 03 Jan 2025 09:29:42 GMT cache-control: max-age=345600 strict-transport-security: max-age=31536000; includeSubDomains; preload content-encoding: gzip X-Firefox-Spdy: h2`

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type