tg.285210.xyz Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://tg.285210.xyz/
Effective URL:
https://tg.285210.xyz/
Submission: On March 19 via automatic, source phishtank (March 19th 2024, 10:35:39 am UTC) — Scanned from NL

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 21 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is tg.285210.xyz.
TLS certificate: Issued by E1 on March 19th 2024. Valid for: 3 months.

This is the only time tg.285210.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
1 17	2a06:98c1:312... 2a06:98c1:3121::3		13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2

17 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tg.285210.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	285210.xyz 1 redirects tg.285210.xyz	702 KB
21	1

	Domain	Requested by
17	tg.285210.xyz	1 redirects tg.285210.xyz
21	1

This site contains no links.

Subject Issuer	Validity	Valid
tg.285210.xyz E1	`2024-03-19` - `2024-06-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://tg.285210.xyz/
Frame ID: E15C09263579241641005D8B031487E5
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telegram Web

Page URL History Show full URLs

http://tg.285210.xyz/ HTTP 301
https://tg.285210.xyz/ Page URL

Page Statistics

21
Requests

76 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

701 kB
Transfer

2786 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tg.285210.xyz/ HTTP 301
https://tg.285210.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
tg.285210.xyz/
Redirect Chain

http://tg.285210.xyz/
https://tg.285210.xyz/

11 KB
5 KB

355ms
72ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95bccdbd4b9dc304d71128222b2dbba5b7d6bf02fe76c6236c06f0ddbfb05957

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 866cd109c8c61cb6-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 19 Mar 2024 10:35:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dN4GjAmI%2FobPwCz0nqLIfOhi4i7wIa4F8RJEIAowA33Vsk32EWub2nPn8%2FDFF7c76NQnDPqEoEptwcPLLC1z6ucpiqqh5qaw2sR41w0hfkRiAtXQrsjFy9DmxxWGJBQzcycYigkwVtGGnHsy"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

CF-RAY: 866cd107cdd26578-AMS
Cache-Control: max-age=3600
Connection: keep-alive
Date: Tue, 19 Mar 2024 10:35:35 GMT
Expires: Tue, 19 Mar 2024 11:35:35 GMT
Location: https://tg.285210.xyz/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AzFoZkf3ijSMOKMLYYP0G5%2BJEnOQzq%2BI6t1ejboM7uLYESCSK0TWzmUFDVpMrAVf9f8WJ3OM7PanKnw45nEyrOGHFqGCXUvDwnlMjDptW1PqxO4zqZ2o4j%2Fcs11Rxbve%2FhbgrrsN5keLtmml"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 main.206d21d2eeb8d8de72d3.css
tg.285210.xyz/ 411 KB
71 KB 40ms
39ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/main.206d21d2eeb8d8de72d3.css

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71bc5b0f34378298513686e02396c912be96809c7a140db7856caacb4b6a86e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6174
cf-polished: origSize=420693
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"ccea85321aab7f28fe810995899e61ff"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2n0I0hdU131CDIZU8BbFxrhilNUO1HgWhzGxb7ZMlWAL55vqB7p%2BytGTAfKhnIdqWDQefWiFPc1xXPdv0%2FLsYV3pUep8lf5z2LDHfnKXEK2%2BEPf0eUgbTxqLzQgvK%2BFlONRyFzm%2B6lyIplRp"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10a39721cb6-AMS

GET
H2 200 style-desktop.7ec8ed3b19fabb19d057.css
tg.285210.xyz/ 272 B
493 B 38ms
38ms Stylesheet
text/css 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/style-desktop.7ec8ed3b19fabb19d057.css

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ca002eb8abdb7424768ad2f69a2d207c89cf3a097f775821a6b79fabb9bab57

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6174
cf-polished: origSize=338
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"6db6abb1c4f30dddae0a94a9069c51ab"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dt5hHxztgeJk3iIrgV0hHEf%2F%2FqTm3u6Pnx6itMwezqg7P%2Fz2Jr%2FlKc8OwzIykCTPwqvy23Ed6VvHuxx1iO1IatVGZhkZ%2Bh9vd7l9H8pVgIkV%2BQgKYzdFxWrXG%2FAxZ7TGfJcN8gygEQqhGUzg"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10a39751cb6-AMS

GET
H2 200 mtproto.worker.937ee1bf2e19f6826ebc.chunk.js Show response
tg.285210.xyz/ 709 KB
162 KB 51ms
51ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/mtproto.worker.937ee1bf2e19f6826ebc.chunk.js

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2dad10763d92f171c8a4602243544a79a5c29a95a279bbef07a62657e14a1bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://tg.285210.xyz/
Origin: https://tg.285210.xyz
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6174
cf-polished: origSize=725619
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"02f64bc4a89c25e8db9018edc9d7d56e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1EEB7DLy7jBWmTCHjdjx5kaujjRY4Pf7nF3wnUC88bMLIMtEVqH8BsxOrHhZvRj%2BWY%2BERnAGwgaZM%2B6a7UnI1CN0vJ8kLP8stEVVlN6KDVFQptBVYt%2Bdrm4zsBuiT8MVZjMfze9p%2BS0QL%2F8U"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10a397c1cb6-AMS

GET
H2 200 85.952a9f12a6b3dcdd3f0e.bundle.js Show response
tg.285210.xyz/ 7 KB
3 KB 35ms
34ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/85.952a9f12a6b3dcdd3f0e.bundle.js

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eac509fa5e2a8a96eb9750f69dea828f55d4c4f96e5fd98dfafd5537e91ff123

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1
cf-polished: origSize=7684
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"883a2858d4d2b196dfd50dc10c782093"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rpTdsYWK2aI%2BNTorJZ3gQ22IVUVjnsVEqMHKmkT0wTeUYP45kWQ38fbJ%2BJRZEOxdjs7k68v6EPiKfmcx6%2BGY47GZNymh%2FV9peu%2FMAuU1hJDL5WnrFfGIf4%2BULFVGMLKk4bFDVkBQEBWyABSu"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10a39801cb6-AMS

GET
H2 200 946.ee5b7c972556a387aa20.bundle.js Show response
tg.285210.xyz/ 24 KB
8 KB 31ms
31ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/946.ee5b7c972556a387aa20.bundle.js

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0fa3e7ae54db4429de3f8b1635f08a03097fc0c2d37ce65a8b50be392b41c40

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6174
cf-polished: origSize=24816
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"afbc4681b5032c7a2d1e5062633e7dd9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ydnbK9yZ9ltaq5ob%2BNfOuNeTtFVU%2Bx6e%2FSErgRf%2BvMZKO%2FrFZuD1LOF52mSzJkM7dpLmr7tWQBbkY8MykkwP7sh%2FdovKDHqvOJAH6Ez%2Bch2yd3ktSw2%2BaP0ehedaQM%2Fqi2yvVHhONQ29W%2BKV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10a39821cb6-AMS

GET
H2 200 main.6f7e27a33f682e88ac29.bundle.js Show response
tg.285210.xyz/ 68 KB
25 KB 36ms
36ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/main.6f7e27a33f682e88ac29.bundle.js

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa72c9c2f8577586dfce7ebbd188e2821fc79a70cf5f1f8f7c18e1f6f7c33247

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6174
cf-polished: origSize=70117
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"746d06aa78811edbc90eb786f5b92a1a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=soaL9fwOSuYSkQmqFWgMFwnT%2F7JDsC%2BGUSmULUbQR%2BbAJJ3zECRlqeR98xM6v5pduvPJowzSI9MTyVt%2Bcqk7TysyjWuh8Bula2SsaIc7oOAvtNF917yZzdzedVCk4yxZ%2Bzb%2FFARng0yjOjuj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10a39831cb6-AMS

GET mtproto.worker.937ee1bf2e19f6826ebc.chunk.js
tg.285210.xyz/ 0
0

GET crypto.worker.97275dc4bbabd34138f8.chunk.js
tg.285210.xyz/ 0
0

GET
H3 200 crypto.worker.97275dc4bbabd34138f8.chunk.js Show response
tg.285210.xyz/ 23 KB
9 KB 39ms
39ms Fetch
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/crypto.worker.97275dc4bbabd34138f8.chunk.js

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/main.6f7e27a33f682e88ac29.bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1502596d4cdb523adbb4b060706a7fb183205ceaf3b00a66e343c003a258dc1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6173
cf-polished: origSize=24111
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"552eb5e2e5308cf75b67b3bed2d79c26"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FlEhh5EZ%2B4HeB44MQLqr3DwiqqjSWDT9hUpRTMe7yyiLxx%2Bw%2B1zJTXmN0P%2BKqjAdcfnrlO7TLFBAdi105OOqmcyFjFGrN5%2FCQkVu9xoea2EENxbMajRa1udMgMax0Q7tph%2Fh5H4Xip89fqvP"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10adc277748-AMS

GET
H3 200 104.1c27a33ef648955a6e92.chunk.js Show response
tg.285210.xyz/ 59 KB
18 KB 37ms
36ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/104.1c27a33ef648955a6e92.chunk.js

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/main.6f7e27a33f682e88ac29.bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5d0461b60f90f8a92bde0c8b3c0a20179cf8d0582d79b91599e86d8cef99e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6173
cf-polished: origSize=60715
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"7613c2219fb2ac7b897e365b3196e287"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m9taZ4kmTL2pad9Uj2nqIrXqSOt9fSJomodaR2O%2BzAv9m1i6LMvXOulKPxOtPaVgt8Xhe9KpBZ6mILklbqIPfZ%2F0wSNqZ2PHFRLfVp%2FuCHfPnTOrGdWF33LABu5%2FnZiU1tg2UHygMJR8oH1A"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10b1c5c7748-AMS

GET
H3 200 301.42dc636f96a62f6a08c8.chunk.js Show response
tg.285210.xyz/ 2 KB
1 KB 38ms
38ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/301.42dc636f96a62f6a08c8.chunk.js

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/main.6f7e27a33f682e88ac29.bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ed2fd9e62d88f77e6ddef7a1a574e651588130ab424ea0307f760fd17baf8bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6173
cf-polished: origSize=1764
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"8266070567f5707e3e58daa8cadf81f2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hUnZtkJaxPlqOEcWwV8l1YEKpWvUNESGDENuBuI%2FVJM64O9v%2Ffgnxb3qTTZTo9u2UuQFOc%2FAbua68dO3QCGBoriYOWb1sJQup71mk2tAMLWmndEGtF5UUjOpijRL4BMys%2F8GOz7N%2BiQjl7PA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10b1c5f7748-AMS

GET
H3 200 8.570e6da51a125009c156.chunk.js Show response
tg.285210.xyz/ 24 KB
4 KB 26ms
26ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/8.570e6da51a125009c156.chunk.js

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/main.6f7e27a33f682e88ac29.bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9656ba3de870459aa199de9523dc7efe105c8bf0014f0340abfb1ea3c6a19e7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6173
cf-polished: origSize=24208
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"3f34b972aeb43d5f1ad327848f3be76c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6M54M2w7bNUSO45KD0QJqxv38L2ILH2dQgHTouXbw93Pidpw2OHLDEz778RDX4Sn0LmC5LWBIFSVmK%2BF6YLJ7qwCIeK%2B9i46P3Sv50fLx%2BhHHYXd5ffIiGEyDGgrylg3%2FqV4ZyRaZrR%2BnpZV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10b1c627748-AMS

GET
H3 200 539.17a0b07b4e6476f19654.chunk.js Show response
tg.285210.xyz/ 35 KB
15 KB 25ms
25ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/539.17a0b07b4e6476f19654.chunk.js

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/main.6f7e27a33f682e88ac29.bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

021ed253fdf4626fda530676ad0fe4c4db5040f80b9b80c8ea24b84b36e162c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6171
cf-polished: origSize=35877
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"813bee5d21f3ae241b5abc28daaf3df4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yfscQ4pWUYOTh7kljEjWjhUG77fiHw66LcZ6%2BU4nuknrKLgTY%2BcYtEbVjM4fUrkl9WSwcFs8wplK2k3d3zUZqiOkqtrBtuc0Xp40vzTgCVC0ONVspaYbwB455ZWWsHLlu57%2BCusvTzE%2BWTUL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10b7cd37748-AMS

GET
H3 200 460.825ce6bcea186b0b7570.chunk.js Show response
tg.285210.xyz/ 1 MB
359 KB 41ms
40ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/460.825ce6bcea186b0b7570.chunk.js

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/main.6f7e27a33f682e88ac29.bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ddb6749a43ef653fb729cd5ac878732c408859729aac719f0cf1590ce7dd14a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6171
cf-polished: origSize=1373417
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"f395f4f7ef9cabee1eb7feb3af8c1a01"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nZ1mbz0ZdW0deXTciYdw3FWaA%2FQy1K0gZss66EcnJiOzutJekLLQtFcE6c8RUcy60Rl1qmTbFRDJanzJyyy6q2iLUgdWDU9JsH9LicKtNVbVdnoNUVJA0LCZmzoSBVgPHn1kYOSz6KTIUh4W"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10b7cd77748-AMS

GET
H3 200 709.73c949c4c6702cdf349b.chunk.js Show response
tg.285210.xyz/ 5 KB
3 KB 26ms
25ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/709.73c949c4c6702cdf349b.chunk.js

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/main.6f7e27a33f682e88ac29.bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

710943753690722a510c9b80543e54a9cb6cf76723c2bb5b7140e882b73c16e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6171
cf-polished: origSize=5151
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"e3535159ae032fb8642a3ee06d63dd9f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ThuqtCgJtuJUOi4xHDzTIbA%2Fy2EnwraKiq7yTZ49BMYkkx%2FUcg0vXt6b1BZ45BF991eYWjcYmXYaHAQHQoDUcF0TcGWZxIavmYNKuMaLUvZMq42NMAs2pwWdk6RSarbkxXOaFlbxoC%2BC4iPT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10b7cdc7748-AMS

GET 5434cf22-bb22-470c-b0bb-41618ee74e8e
https://tg.285210.xyz/ 0
0

GET eda6903c-cd5c-42ba-89e6-21c951dac866
https://tg.285210.xyz/ 0
0

GET 0eb50cd6-4ba2-4f94-9db4-6ed03f6f1162
https://tg.285210.xyz/ 0
0

GET
H3 200 npm.qr-code-styling.2c5d57550714b1a9e42e.chunk.js Show response
tg.285210.xyz/ 64 KB
16 KB 28ms
27ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/npm.qr-code-styling.2c5d57550714b1a9e42e.chunk.js

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/main.6f7e27a33f682e88ac29.bundle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ab97615b7a05daf4ec62fd69e230eb95561c625454a02d08bc85520f5059be8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6170
cf-polished: origSize=65358
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"fe4da9502f39f9b4856b7be705eb606e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ugt58BytwNeiac4NM6dJh9JyTl3EpZ0rCriHTV5FHrGqC%2FZqKY3H%2F5zckgWpNTQY0gXEs2Zzt9VPVwU5YCflzO86K7s8qgpcvMLVIeZ50qvg4L%2F7Psdjz0u4sDadxOm00%2FbzoW3rypBJiO9w"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd10c4dc47748-AMS

GET
H3 200 logo_padded.svg Show response
tg.285210.xyz/assets/img/ 1 KB
1 KB 24ms
23ms Fetch
image/svg+xml 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.285210.xyz/assets/img/logo_padded.svg

Requested by

Host: tg.285210.xyz
URL: https://tg.285210.xyz/709.73c949c4c6702cdf349b.chunk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://tg.285210.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 10:35:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"ddc17b460f3542cd68305d2c727dab6c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YBTx7lqIy%2FCPVyjBy69F1UriqnM6ofMDehtWSu0KWO%2BS0ny%2FYPuQkWBR%2FzlL%2BXToIFCi%2F3H5CrJR2l79hzkE%2BSQc5yxLzAqpKrSeZXbpcM0amW%2F7Ivqobi1Q7YilWyHbv14gmuyHCT%2BK7n5m"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-ray: 866cd11658657748-AMS

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tg.285210.xyz
URL: https://tg.285210.xyz/mtproto.worker.937ee1bf2e19f6826ebc.chunk.js

Domain: tg.285210.xyz
URL: https://tg.285210.xyz/crypto.worker.97275dc4bbabd34138f8.chunk.js

Domain: tg.285210.xyz
URL: blob:https://tg.285210.xyz/5434cf22-bb22-470c-b0bb-41618ee74e8e

Domain: tg.285210.xyz
URL: blob:https://tg.285210.xyz/eda6903c-cd5c-42ba-89e6-21c951dac866

Domain: tg.285210.xyz
URL: blob:https://tg.285210.xyz/0eb50cd6-4ba2-4f94-9db4-6ed03f6f1162

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

tg.285210.xyz
tg.285210.xyz
2a06:98c1:3121::3
021ed253fdf4626fda530676ad0fe4c4db5040f80b9b80c8ea24b84b36e162c5
1502596d4cdb523adbb4b060706a7fb183205ceaf3b00a66e343c003a258dc1e
1ab97615b7a05daf4ec62fd69e230eb95561c625454a02d08bc85520f5059be8
1ca002eb8abdb7424768ad2f69a2d207c89cf3a097f775821a6b79fabb9bab57
710943753690722a510c9b80543e54a9cb6cf76723c2bb5b7140e882b73c16e8
71bc5b0f34378298513686e02396c912be96809c7a140db7856caacb4b6a86e1
7ed2fd9e62d88f77e6ddef7a1a574e651588130ab424ea0307f760fd17baf8bd
95bccdbd4b9dc304d71128222b2dbba5b7d6bf02fe76c6236c06f0ddbfb05957
9656ba3de870459aa199de9523dc7efe105c8bf0014f0340abfb1ea3c6a19e7f
9ddb6749a43ef653fb729cd5ac878732c408859729aac719f0cf1590ce7dd14a
a0fa3e7ae54db4429de3f8b1635f08a03097fc0c2d37ce65a8b50be392b41c40
a5d0461b60f90f8a92bde0c8b3c0a20179cf8d0582d79b91599e86d8cef99e51
aa72c9c2f8577586dfce7ebbd188e2821fc79a70cf5f1f8f7c18e1f6f7c33247
b2dad10763d92f171c8a4602243544a79a5c29a95a279bbef07a62657e14a1bf
eac509fa5e2a8a96eb9750f69dea828f55d4c4f96e5fd98dfafd5537e91ff123
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4

tg.285210.xyz Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

21 Requests

76 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

701 kBTransfer

2786 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

51 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

tg.285210.xyz Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

76 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

701 kB
Transfer

2786 kB
Size

0
Cookies

21 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!