web.telegram.org.et
Open in
urlscan Pro
75.119.204.132
Malicious Activity!
Public Scan
Submission Tags: @phish_report
Submission: On April 23 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by R3 on March 20th 2024. Valid for: 3 months.
This is the only time web.telegram.org.et was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
15 | 75.119.204.132 75.119.204.132 | 26347 (DREAMHOST-AS) (DREAMHOST-AS) | |
21 | 2 |
ASN26347 (DREAMHOST-AS, US)
PTR: apache2-pat.pdx1-shared-a1-17.dreamhost.com
web.telegram.org.et |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
telegram.org.et
web.telegram.org.et |
237 KB |
21 | 1 |
Domain | Requested by | |
---|---|---|
15 | web.telegram.org.et |
web.telegram.org.et
|
21 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.web.telegram.org.et R3 |
2024-03-20 - 2024-06-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://web.telegram.org.et/k/
Frame ID: 6FBCA0E1AD86EC8E025E459DB106073D
Requests: 20 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
web.telegram.org.et/k/ |
13 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-RQeF36MX.js
web.telegram.org.et/k/ |
131 KB 47 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-rRV5aYAD.css
web.telegram.org.et/k/ |
444 KB 79 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mtproto.worker-Zarh_8Go.js
web.telegram.org.et/k/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
crypto.worker-T8uEdtAd.js
web.telegram.org.et/k/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
369 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crypto.worker-T8uEdtAd.js
web.telegram.org.et/k/ |
67 KB 23 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
59 B 59 B |
Image
image/jxl |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
311 B 0 |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
web.telegram.org.et/k/assets/img/ |
15 KB 15 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lang-6_YFwd9o.js
web.telegram.org.et/k/ |
117 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
langSign-lcKrqmwM.js
web.telegram.org.et/k/ |
2 KB 864 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
countries-lRU-UavE.js
web.telegram.org.et/k/ |
24 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pageSignQR-Rh1W7gMf.js
web.telegram.org.et/k/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page-V9-HUtbb.js
web.telegram.org.et/k/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
button-LOUMcwkx.js
web.telegram.org.et/k/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
putPreloader-FuLpGYCp.js
web.telegram.org.et/k/ |
699 B 528 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
textToSvgURL-Z4O-nL1S.js
web.telegram.org.et/k/ |
357 B 334 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
9e1acf7a-01ee-42a8-9a34-d31e6d142435
https://web.telegram.org.et/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
119c0572-6bcf-404d-9d7a-8d92f68b93a6
https://web.telegram.org.et/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
189c4da4-2f81-4405-8807-7337f1b91866
https://web.telegram.org.et/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qr-code-styling-ogpV7fl-.js
web.telegram.org.et/k/ |
65 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_commonjsHelpers-5-cIlDoe.js
web.telegram.org.et/k/ |
290 B 280 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_padded.svg
web.telegram.org.et/k/assets/img/ |
1 KB 0 |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- web.telegram.org.et
- URL
- https://web.telegram.org.et/k/mtproto.worker-Zarh_8Go.js
- Domain
- web.telegram.org.et
- URL
- https://web.telegram.org.et/k/crypto.worker-T8uEdtAd.js
- Domain
- web.telegram.org.et
- URL
- blob:https://web.telegram.org.et/9e1acf7a-01ee-42a8-9a34-d31e6d142435
- Domain
- web.telegram.org.et
- URL
- blob:https://web.telegram.org.et/119c0572-6bcf-404d-9d7a-8d92f68b93a6
- Domain
- web.telegram.org.et
- URL
- blob:https://web.telegram.org.et/189c4da4-2f81-4405-8807-7337f1b91866
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)30 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| rootScope function| deferredPromise function| AppStorage object| stateStorage function| wrapUrl object| I18n object| webpWorkerController object| appStorage object| appNavigationController object| singleInstance object| webPushApiManager object| telegramMeWebManager object| opusDecodeController object| cryptoMessagePort object| mtprotoMessagePort object| serviceMessagePort object| apiManagerProxy function| calcImageInBox object| mediaSizes object| customProperties object| windowSize object| liteMode object| themeController object| overlayCounter function| formatDateAccordingToTodayNew function| fillTipDates function| dispatchHeavyAnimationEvent object| pagesManager object| sequentialDom function| putPreloader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
web.telegram.org.et
web.telegram.org.et
75.119.204.132
04dfc8e1a6e59e36a3a3a5c15443a97a92a6d2a7da9d276b050d58be3c7952a7
06dee93122dd123d52a2860b3ba1e617a85ef893298efb9f6798f0025a281428
19fb2e2b1a73081d0be43d40c28e85d6875138f1f0b89c8a1837c3e806d578b3
26cb94e8188b97af200a0f982ace544ddf7a35d2f53b48458baeada0c5ee61c5
36cb02e59322028c02c5365bd56cbd129b3eb2fb4aaec625160ca2dc9786a4bd
6c4900d40f3335423817340edddd7655d96e707156923fcf3cbf5a6520008d6e
6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4
75fe821bc451433c2a795b7a2ba7fee10d0e902693ea36f2371e1051e7d710c0
78502e8b5ce846ae27ba99e708ad6a78942145c35ebc9d158df033fded762ec4
7e2388ec283fe17472ef02829a93da550af8f3ad4a975f50a0110bff61afe523
8528a55ba5d25bb2b6463f369b7a2046c08ced5f20256978a06119c0d50d08a2
900f22723c45f67600638812021437a089daa7c2f0a559ebb85a0726183cee79
a6e317cd1f20a5b3cf2ab451af1f1257c351dea185161ffe204ada5eb5dd8d44
a8df41d98a0fa3d1cb8c8661377ac1a572beb9cd0b68e968f92d69f7c8331483
a90bc32f1fee900cdc1cfe4e3a08238410388efa10dc703dac950645538155b8
cdaf81404acd9cc7bf823c5247c6ef10427244dc76519fa3a1f083db57e417e3
cf964b73d0d8f9bf8cabc8881a185adfa66cb940d66fc86fe751f93cd56fb2c4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4