tg-g.net.ru
Open in
urlscan Pro
2606:4700:3034::ac43:c8ef
Malicious Activity!
Public Scan
Submission: On February 16 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by E1 on February 9th 2024. Valid for: 3 months.
This is the only time tg-g.net.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 2606:4700:303... 2606:4700:3034::ac43:c8ef | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
21 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
net.ru
tg-g.net.ru |
307 KB |
21 | 1 |
Domain | Requested by | |
---|---|---|
16 | tg-g.net.ru |
tg-g.net.ru
|
21 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
tg-g.net.ru E1 |
2024-02-09 - 2024-05-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://tg-g.net.ru/deaebe1169831164dc5c314e66302ba4
Frame ID: 88C9A8F11ACBD57A563E77D6A88D794C
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
WebPage URL History Show full URLs
- https://tg-g.net.ru/deaebe1169831164dc5c314e66302ba4 Page URL
- https://tg-g.net.ru/deaebe1169831164dc5c314e66302ba4 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://tg-g.net.ru/deaebe1169831164dc5c314e66302ba4 Page URL
- https://tg-g.net.ru/deaebe1169831164dc5c314e66302ba4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
deaebe1169831164dc5c314e66302ba4
tg-g.net.ru/ |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-f4e30377.js
tg-g.net.ru/auth/ |
101 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-220aaf7e.css
tg-g.net.ru/auth/ |
397 KB 72 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
deaebe1169831164dc5c314e66302ba4
tg-g.net.ru/ |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-f4e30377.js
tg-g.net.ru/auth/ |
101 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
index-220aaf7e.css
tg-g.net.ru/auth/ |
397 KB 72 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mtproto.worker-3c075898.js
tg-g.net.ru/auth/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
crypto.worker-9d5beacd.js
tg-g.net.ru/auth/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
crypto.worker-9d5beacd.js
tg-g.net.ru/auth/ |
67 KB 24 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
lang-c1c2a466.js
tg-g.net.ru/auth/ |
76 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
langSign-f5a5610c.js
tg-g.net.ru/auth/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
countries-5301fc59.js
tg-g.net.ru/auth/ |
24 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pageSignQR-a7512de5.js
tg-g.net.ru/auth/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
page-2bc02b7f.js
tg-g.net.ru/auth/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bytesCmp-33849f4a.js
tg-g.net.ru/auth/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
putPreloader-f1aca9bc.js
tg-g.net.ru/auth/ |
697 B 901 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
89a1b4ba-84af-4086-8898-1da38773045e
https://tg-g.net.ru/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
a8de9fc9-60fa-42dd-aea6-2c2023be67c3
https://tg-g.net.ru/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
1f25d455-b536-428e-ae26-ac52c346c726
https://tg-g.net.ru/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
qr-code-styling-c40cd486.js
tg-g.net.ru/auth/ |
65 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_padded.svg
tg-g.net.ru/auth/assets/img/ |
1 KB 1 KB |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- tg-g.net.ru
- URL
- https://tg-g.net.ru/auth/mtproto.worker-3c075898.js
- Domain
- tg-g.net.ru
- URL
- https://tg-g.net.ru/auth/crypto.worker-9d5beacd.js
- Domain
- tg-g.net.ru
- URL
- blob:https://tg-g.net.ru/89a1b4ba-84af-4086-8898-1da38773045e
- Domain
- tg-g.net.ru
- URL
- blob:https://tg-g.net.ru/a8de9fc9-60fa-42dd-aea6-2c2023be67c3
- Domain
- tg-g.net.ru
- URL
- blob:https://tg-g.net.ru/1f25d455-b536-428e-ae26-ac52c346c726
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)26 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| rootScope function| AppStorage object| stateStorage function| wrapUrl object| I18n object| webpWorkerController object| appStorage object| singleInstance object| webPushApiManager object| telegramMeWebManager object| opusDecodeController object| cryptoMessagePort object| mtprotoMessagePort object| serviceMessagePort object| apiManagerProxy function| calcImageInBox object| mediaSizes object| customProperties object| themeController function| formatDateAccordingToTodayNew function| fillTipDates function| dispatchHeavyAnimationEvent object| liteMode object| pagesManager object| sequentialDom function| putPreloader1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
tg-g.net.ru/ | Name: PHPSESSID Value: aii8pd8og8nai1pofh0t0aj4l3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
tg-g.net.ru
tg-g.net.ru
2606:4700:3034::ac43:c8ef
0e2cae44aa0b417f66c4b6b0d03ee83ccfc40a9ed80667aebd28ee89849ad6f8
11ca618d8837ebe9691487335a53e7d3fd5edc7428a56e3b8ceb2e9c200b77bd
220aaf7ecb349275e87712148c3a60fe8bf438b430775494faf6f5d55c83c3ca
48d812700c5555c6823724cb0ce93936e5067175e37a41b6f3edd1ceecea2bfc
619a25522f0cc792312457176406cd47fad0ad6659bf9606740d7ad50341ace7
6c9845a3ba553f6e042a690214a12e7bcc596686b10f511c638c5d177cbc4f05
75b2b1645da9407793d922a19e00801b031593e54e1f9f8aa5644621daaeb495
76070b61f4b1a734176b561671a3fe24d21d383fe568e0b45f3acad2c016a4a2
7b4921656e143af35794b7fc9d4d23580fa232ffcf179bc8569317e424032d80
81c729b08b379474a1ef86ec52925b727ce8adf2d3c2155af09043fe143f0596
9f4dba2a9d17f76bd9ee4c45c574f7aeae643cf90b7736a6cd6bb8bb987a2ff4
a93ba6185363c7afa7225d8c447e2de682576f04c732a09929232e29a2569a32
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4