the-telegram.net Open in urlscan Pro
172.67.190.112 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://the-telegram.net/prem
Effective URL:
https://the-telegram.net/prem
Submission: On July 02 via api (July 2nd 2024, 6:19:39 am UTC) from US — Scanned from DE

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 21 HTTP transactions. The main IP is 172.67.190.112, located in United States and belongs to CLOUDFLARENET, US. The main domain is the-telegram.net.
TLS certificate: Issued by WE1 on June 26th 2024. Valid for: 3 months.

This is the only time the-telegram.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
16	172.67.190.112 172.67.190.112		13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2

16 172.67.190.112 (United States)

ASN13335 (CLOUDFLARENET, US)

the-telegram.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	the-telegram.net the-telegram.net	230 KB
21	1

	Domain	Requested by
16	the-telegram.net	the-telegram.net
21	1

This site contains no links.

Subject Issuer	Validity	Valid
the-telegram.net WE1	`2024-06-26` - `2024-09-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://the-telegram.net/prem
Frame ID: 7661313B41B11CB5CFA74152A5C0C281
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telegram Web

Page URL History Show full URLs

http://the-telegram.net/prem HTTP 307
https://the-telegram.net/prem Page URL

Page Statistics

21
Requests

76 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

230 kB
Transfer

895 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://the-telegram.net/prem HTTP 307
https://the-telegram.net/prem Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request prem Show response the-telegram.net/ Redirect Chain http://the-telegram.net/prem https://the-telegram.net/prem	13 KB 5 KB	604ms 139ms	Document text/html	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/prem Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `73f9a0081230b0251949be0e2bbbc810ced64ef3e5b35110cf3512ad47fca70b` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 89cc8662997c5d69-FRA content-encoding br content-type text/html; charset=utf-8 date Tue, 02 Jul 2024 06:19:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WH8tj5WQrcG4EI0O7FQ4kpbZdHw7Pfx%2BL1irAFO2RvOsyIqlfh4OW1I3GFcbqi0TM9ADxcl9jia%2BiLNEwiyyY2lKqNhDPTxZWStYmxhdNezxAaUNJJHE4wHo7lbUOd%2BQ380k"}],"group":"cf-nel","max_age":604800} server cloudflare Redirect headers Location https://the-telegram.net/prem Non-Authoritative-Reason HttpsUpgrades
GET H3	200	index-gp8T3XyW.js Show response the-telegram.net/static/	128 KB 46 KB	85ms 79ms	Script application/javascript	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/static/index-gp8T3XyW.js Requested by Host: the-telegram.net URL: https://the-telegram.net/prem Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `16cc8aefa7fba84c342010a227aa9481a098500013fea97812b7689721e0d3d7` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://the-telegram.net/prem Origin https://the-telegram.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:34 GMT content-encoding br cf-cache-status HIT last-modified Mon, 01 Jul 2024 00:14:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 552 etag W/"7d4288d547f1fd2dfc6d129659ddab58" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=56NDxKAPlp9Ru8mT67Tpzg3x0dl%2FzZS8Sq41fvVCTVrv7xgOVncq78I8gu0ilZyM05LLfBPX8ORosd6XKpN1%2FnQp2JNjYUJF0KD5Y%2BTqA8mThzxYNKgUnfZmeKUQMup7I%2FUy"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 89cc8663aa7b5d69-FRA alt-svc h3=":443"; ma=86400
GET H3	200	index-pzR5gIOz.css the-telegram.net/static/	440 KB 79 KB	165ms 159ms	Stylesheet text/css	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/static/index-pzR5gIOz.css Requested by Host: the-telegram.net URL: https://the-telegram.net/prem Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6e8f2da9c344b748747fe5b0c3c3e6ff3fe08e1829f2a6aee736dd6697d9ea0c` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://the-telegram.net/prem Origin https://the-telegram.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:34 GMT content-encoding br cf-cache-status HIT last-modified Wed, 29 May 2024 12:03:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 552 etag W/"8c0e3260ea6a59235960ac564c74cc1f" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ebb0PvRbM4SKMrwiGmUrAgXuWoiJjMnYaF%2F7tttC6S3MKfH%2BxTNGaXmFQTv4yGgjuyNt3fhPgasjg9CdpQNtOUGGZ4aO76gs2uHqUJS80qTu%2BpE14U6wnYTJ82i2pSNpv4Pb"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 cache-control max-age=14400 cf-ray 89cc8663aa7c5d69-FRA alt-svc h3=":443"; ma=86400
GET		mtproto.worker-rzg51R8Z.js the-telegram.net/static/	0 0

GET		crypto.worker-T8uEdtAd.js the-telegram.net/static/	0 0

GET DATA	200 OK	truncated /	369 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml
GET H3	200	crypto.worker-T8uEdtAd.js Show response the-telegram.net/static/	67 KB 24 KB	176ms 175ms	Fetch application/javascript	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/static/crypto.worker-T8uEdtAd.js Requested by Host: the-telegram.net URL: https://the-telegram.net/static/index-gp8T3XyW.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `19fb2e2b1a73081d0be43d40c28e85d6875138f1f0b89c8a1837c3e806d578b3` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://the-telegram.net/prem Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:34 GMT content-encoding br cf-cache-status MISS last-modified Wed, 29 May 2024 12:03:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"cca907d8143df8953a877f0049575adf" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tGwW77jFPDvnjDRJLV5aH5eKrUn%2BIo0RKbWL84Yw8feSzyYBzFIJL%2FnoWJq5ngOZhmp5Pw8XySV7%2BwgQ%2F0DrxKleKZV96vFpPXD%2Bcq2XLX4Omha15OP3KA2pxAgtQZfsX%2BY7"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 89cc86658be75d69-FRA alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	59 B 59 B		Image image/jxl
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/jxl
GET DATA	200 OK	truncated /	311 B 0		Image image/avif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `04dfc8e1a6e59e36a3a3a5c15443a97a92a6d2a7da9d276b050d58be3c7952a7` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/avif
GET H3	200	favicon.ico the-telegram.net/assets/img/	15 KB 4 KB	153ms 153ms	Other image/vnd.microsoft.icon	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/assets/img/favicon.ico?v=jw3mK7G9Ry Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://the-telegram.net/prem Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:34 GMT content-encoding br cf-cache-status MISS last-modified Wed, 29 May 2024 12:03:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"40e4ad7ae9ec6033ae0db1ca36438b6d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j0csNSiwyOnolIyykhHzr4Jwo1XKK7RZ%2Biwmuu%2F%2F%2FG2atq9xSBljgz0nFGSN4sOq8cz56ohFiTacvK80KIh4t1UUvOGEofGnMd6XbV8ee%2FPuwKbAgFJuYvmrkw%2BTW5szSYlC"}],"group":"cf-nel","max_age":604800} content-type image/vnd.microsoft.icon cache-control max-age=14400 cf-ray 89cc8665bc1a5d69-FRA alt-svc h3=":443"; ma=86400
GET H3	200	lang-Y4EV1698.js Show response the-telegram.net/static/	114 KB 33 KB	201ms 200ms	Script application/javascript	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/static/lang-Y4EV1698.js Requested by Host: the-telegram.net URL: https://the-telegram.net/static/index-gp8T3XyW.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b16cfc78065c0a3848ca1fd44831e2792d5371dd614cbeb4aacfed1440963eae` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://the-telegram.net/static/index-gp8T3XyW.js Origin https://the-telegram.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:34 GMT content-encoding br cf-cache-status MISS last-modified Wed, 29 May 2024 12:03:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"dbecbbc8d00c95391b8ea34de335d86e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yn31biVG4A1i9rmfF96XVDoorYx%2B5I3VBTYwU%2BVw%2FPAPwgsHCUT5ut%2Bl%2FSmIdqQP7OOQFxjAXtKKvCQTAIYJXtEmSB1%2B1Ek5p4OlExT7kpUCcFNs09Y6AdvjD8BHyWdbrYbW"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 89cc8665cc205d69-FRA alt-svc h3=":443"; ma=86400
GET H3	200	langSign-lcKrqmwM.js Show response the-telegram.net/static/	2 KB 1 KB	128ms 127ms	Script application/javascript	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/static/langSign-lcKrqmwM.js Requested by Host: the-telegram.net URL: https://the-telegram.net/static/index-gp8T3XyW.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `900f22723c45f67600638812021437a089daa7c2f0a559ebb85a0726183cee79` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://the-telegram.net/static/index-gp8T3XyW.js Origin https://the-telegram.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:34 GMT content-encoding br cf-cache-status MISS last-modified Wed, 29 May 2024 12:03:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"a71302f8c216e6664642f7bca4098a47" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HE%2Bc9cz4ZqWKHLj8MYhOtf4WIRh1WxdNbWPpYk%2BR15kD39Ksw2%2F5REUZZTqhdeVrbj%2ByuYHIBvpv5ge8kp99cDprZGtm05300V1fHs1YYWoSLMAlha7ytdKE2mcRTRCoBQYS"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 89cc8665cc235d69-FRA alt-svc h3=":443"; ma=86400
GET H3	200	countries-lRU-UavE.js Show response the-telegram.net/static/	24 KB 4 KB	168ms 167ms	Script application/javascript	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/static/countries-lRU-UavE.js Requested by Host: the-telegram.net URL: https://the-telegram.net/static/index-gp8T3XyW.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8528a55ba5d25bb2b6463f369b7a2046c08ced5f20256978a06119c0d50d08a2` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://the-telegram.net/static/index-gp8T3XyW.js Origin https://the-telegram.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:34 GMT content-encoding br cf-cache-status MISS last-modified Wed, 29 May 2024 12:03:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"0195f128c87767a4a45c51dc0e58d627" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KFPM%2FITlqrDkQ8Xlp%2BCHLsKBNCuxfNyG1ZfkcR4Tb3LMyZpCFyW1Q%2BlgZhggMb9dCc0eUe8NuDnbs6%2FVcKNEikCVEOhLKk5gIV8H8Xn8KKGBXOA6Z4Tio%2BrzGXb%2BAgqIltYW"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 89cc8665cc245d69-FRA alt-svc h3=":443"; ma=86400
GET H3	200	pageSignQR-qrkOhXA9.js Show response the-telegram.net/static/	6 KB 3 KB	241ms 148ms	Script application/javascript	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/static/pageSignQR-qrkOhXA9.js Requested by Host: the-telegram.net URL: https://the-telegram.net/static/index-gp8T3XyW.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ae2dfcfbe272ff1571c50bb4656a585ecab21473aff7fb3fff35cb05b0608b4a` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://the-telegram.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:35 GMT content-encoding br cf-cache-status MISS last-modified Wed, 29 May 2024 12:03:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"0568895a201a97fc38ac39cad49f7335" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v7AjMns0Iq9LJN8cKrY%2FYEn0Zl28CAQaYdVz9uCaNGq932PayrxfX7SY62SZm9AziLqddiy%2FnEOnd6L2eL1iVan8XqOx%2FR9yBMqNA4e%2FdhAbo4uuHHUtR4NFW%2BZwkEKDusqK"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 89cc8667edea5d69-FRA alt-svc h3=":443"; ma=86400
GET H3	200	page-Reex8MgT.js Show response the-telegram.net/static/	10 KB 5 KB	237ms 144ms	Script application/javascript	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/static/page-Reex8MgT.js Requested by Host: the-telegram.net URL: https://the-telegram.net/static/index-gp8T3XyW.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7405f76691ce6b88795adec27f7bbdc1d8071102eb6fd1924c584407c885e965` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://the-telegram.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:35 GMT content-encoding br cf-cache-status MISS last-modified Wed, 29 May 2024 12:03:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"4f146be2b2ea9eb535c92bfcf8df6bfd" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lLQaZCvPfNAXKbcXzIBZYws4q7ih6Ops3NBocHio2yxzZgnI6a2cN39Z7%2Fq2Of6S8UXA1%2Fl34JkDeYV2Tx7aHmeOFYeJUTJarplm6l087%2FBdDmfZHUqYc2u7RzIws7C790Qz"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 89cc8667eded5d69-FRA alt-svc h3=":443"; ma=86400
GET H3	200	button-9EPYVaB4.js Show response the-telegram.net/static/	9 KB 4 KB	239ms 146ms	Script application/javascript	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/static/button-9EPYVaB4.js Requested by Host: the-telegram.net URL: https://the-telegram.net/static/index-gp8T3XyW.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a9bb81a0b6ba28daa048788979595e5556f15d9ecbdbf03e66646c4b6a6ae283` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://the-telegram.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:35 GMT content-encoding br cf-cache-status MISS last-modified Wed, 29 May 2024 12:03:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"bd2d7c22101222ce9c332ebe78b50a7c" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qeRJlC7po0qipCAJsFQRw2aMUM6cQrG%2B7hjkVLASKgYA7tYQb3%2BfDbLSrL5hI37DksUbCOWzhE2TFT4FEAppU0%2Ffyo7F5oXbWkLBnnSFSQpHpTmNp%2BgSd3gNRqccOmLKv0qC"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 89cc8667fdf05d69-FRA alt-svc h3=":443"; ma=86400
GET H3	200	putPreloader-JIYavpWD.js Show response the-telegram.net/static/	699 B 894 B	248ms 155ms	Script application/javascript	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/static/putPreloader-JIYavpWD.js Requested by Host: the-telegram.net URL: https://the-telegram.net/static/index-gp8T3XyW.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `831d9aa3b212fab668711a4ce9731a36df0394c146bd0991bde20e0c9d298f19` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://the-telegram.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:35 GMT content-encoding br cf-cache-status MISS last-modified Wed, 29 May 2024 12:03:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"ce99376f78b586b598bc80f6a953e264" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C%2BWalR2ZYz8bSTRdhsRDATdJN2ZtgZy%2FAcy2Ew1Eqr%2BoNrzZAs%2BKQJ3ulXHgm%2B8xOF8SyLYf%2Fq1YUBMAuA1u%2B7yXLtkPnVR6y6XMgF2FszvQE%2FO4cNdp5f96pnviI1tO1wL%2B"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 89cc8667fdf15d69-FRA alt-svc h3=":443"; ma=86400
GET H3	200	textToSvgURL-Z4O-nL1S.js Show response the-telegram.net/static/	357 B 730 B	238ms 138ms	Script application/javascript	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/static/textToSvgURL-Z4O-nL1S.js Requested by Host: the-telegram.net URL: https://the-telegram.net/static/index-gp8T3XyW.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `36cb02e59322028c02c5365bd56cbd129b3eb2fb4aaec625160ca2dc9786a4bd` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://the-telegram.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:35 GMT content-encoding br cf-cache-status MISS last-modified Wed, 29 May 2024 12:03:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"e98484d6a45e521288028248b2077b7e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qV77RAJ9jz4xINC%2FLT%2Bm8hgesNl7HcwI1lkKKkV%2BHK5drkivzhORIDE6%2FL%2FtZy3kj888wbGTrVI1%2ByeexneI%2BAvs0VEwG3ZNQb%2F9Dwk2ktnwtrlYdc65RaZW8tvi6SuRWCFG"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 89cc8667fdf35d69-FRA alt-svc h3=":443"; ma=86400
GET H3	200	qr-code-styling-ogpV7fl-.js Show response the-telegram.net/static/	65 KB 17 KB	166ms 165ms	Script application/javascript	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/static/qr-code-styling-ogpV7fl-.js Requested by Host: the-telegram.net URL: https://the-telegram.net/static/index-gp8T3XyW.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6c4900d40f3335423817340edddd7655d96e707156923fcf3cbf5a6520008d6e` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://the-telegram.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:35 GMT content-encoding br cf-cache-status MISS last-modified Wed, 29 May 2024 12:03:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"92534ba41a2bc7ea495e14aa58cf0c32" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pq5oKdBce8o2jeO2xLbMxqLGaRenqPOURrdDlakOzuLzPAENoibcqG%2BhQUHgoMzbAFM4dLRM%2FE%2BIfpM08AX%2Bw0GUKJ%2BidizT13tDjJhJP2HTsz9rCYJACJVayhScS3hG8n%2Bq"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 89cc8668ff185d69-FRA alt-svc h3=":443"; ma=86400
GET H3	200	_commonjsHelpers-5-cIlDoe.js Show response the-telegram.net/static/	290 B 657 B	127ms 127ms	Script application/javascript	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/static/_commonjsHelpers-5-cIlDoe.js Requested by Host: the-telegram.net URL: https://the-telegram.net/static/index-gp8T3XyW.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a8df41d98a0fa3d1cb8c8661377ac1a572beb9cd0b68e968f92d69f7c8331483` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://the-telegram.net Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:35 GMT content-encoding br cf-cache-status MISS last-modified Wed, 29 May 2024 12:03:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"b9a77555ad8de3e95c30843212b8fc6e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xnQl1e6H7fk3s7n%2Fv%2FnaogjTBq8%2BhTg4A4bcjQtBIzYderzNGdvGuWMdS6WXErkjIAHiGsfFCI0xlptmAENWSBTTU1SGikluLIpVUp8vs2gwiCy%2F4yyKm5u87KH05H0qI5br"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 89cc8668ff1e5d69-FRA alt-svc h3=":443"; ma=86400
GET		e78f49b5-21f8-431b-b54a-8507ded3bc82 https://the-telegram.net/	0 0

GET		c495fda3-a233-45a8-8ea7-1bfb479d688b https://the-telegram.net/	0 0

GET		23dc79e0-ed87-497e-b2cc-6aa4549919a5 https://the-telegram.net/	0 0

GET H3	200	logo_padded.svg Show response the-telegram.net/assets/img/	1 KB 1 KB	134ms 133ms	Fetch image/svg+xml	172.67.190.112 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://the-telegram.net/assets/img/logo_padded.svg Requested by Host: the-telegram.net URL: https://the-telegram.net/static/pageSignQR-qrkOhXA9.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.190.112 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://the-telegram.net/prem Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 02 Jul 2024 06:19:37 GMT content-encoding br cf-cache-status MISS last-modified Wed, 29 May 2024 12:03:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"59613cc616f15e988a0bf9617c807501" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yzhDyTQF1xgF%2FWLDuUncUTY42rodIso9%2FDHkHbOzIa2NF1QTJpWrl9jQp1UufDL3ywHW5g%2Fa1OE4tCD4JuxMB4UVXfgdLMJAmrC1AxUzYBwsbBUxWK574E7%2BdASKe2UZ%2B%2BYI"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 89cc8674faf25d69-FRA alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: the-telegram.net
URL: https://the-telegram.net/static/mtproto.worker-rzg51R8Z.js

Domain: the-telegram.net
URL: https://the-telegram.net/static/crypto.worker-T8uEdtAd.js

Domain: the-telegram.net
URL: blob:https://the-telegram.net/e78f49b5-21f8-431b-b54a-8507ded3bc82

Domain: the-telegram.net
URL: blob:https://the-telegram.net/c495fda3-a233-45a8-8ea7-1bfb479d688b

Domain: the-telegram.net
URL: blob:https://the-telegram.net/23dc79e0-ed87-497e-b2cc-6aa4549919a5

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	Message: The path of the provided scope ('/') is not under the max scope allowed ('/static/'). Adjust the scope, move the Service Worker script, or use the Service-Worker-Allowed HTTP header to allow the scope.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

the-telegram.net
the-telegram.net
172.67.190.112
04dfc8e1a6e59e36a3a3a5c15443a97a92a6d2a7da9d276b050d58be3c7952a7
16cc8aefa7fba84c342010a227aa9481a098500013fea97812b7689721e0d3d7
19fb2e2b1a73081d0be43d40c28e85d6875138f1f0b89c8a1837c3e806d578b3
36cb02e59322028c02c5365bd56cbd129b3eb2fb4aaec625160ca2dc9786a4bd
6c4900d40f3335423817340edddd7655d96e707156923fcf3cbf5a6520008d6e
6e8f2da9c344b748747fe5b0c3c3e6ff3fe08e1829f2a6aee736dd6697d9ea0c
6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4
73f9a0081230b0251949be0e2bbbc810ced64ef3e5b35110cf3512ad47fca70b
7405f76691ce6b88795adec27f7bbdc1d8071102eb6fd1924c584407c885e965
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523
831d9aa3b212fab668711a4ce9731a36df0394c146bd0991bde20e0c9d298f19
8528a55ba5d25bb2b6463f369b7a2046c08ced5f20256978a06119c0d50d08a2
900f22723c45f67600638812021437a089daa7c2f0a559ebb85a0726183cee79
a8df41d98a0fa3d1cb8c8661377ac1a572beb9cd0b68e968f92d69f7c8331483
a9bb81a0b6ba28daa048788979595e5556f15d9ecbdbf03e66646c4b6a6ae283
ae2dfcfbe272ff1571c50bb4656a585ecab21473aff7fb3fff35cb05b0608b4a
b16cfc78065c0a3848ca1fd44831e2792d5371dd614cbeb4aacfed1440963eae
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4

the-telegram.net Open in urlscan Pro 172.67.190.112 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

21 Requests

76 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

230 kBTransfer

895 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

32 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

the-telegram.net Open in urlscan Pro
172.67.190.112 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

76 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

230 kB
Transfer

895 kB
Size

0
Cookies

21 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!