tg.285210.xyz
Open in
urlscan Pro
2606:4700:3035::6815:29dd
Malicious Activity!
Public Scan
Submission: On March 19 via api from US — Scanned from US
Summary
TLS certificate: Issued by E1 on March 19th 2024. Valid for: 3 months.
This is the only time tg.285210.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 2606:4700:303... 2606:4700:3035::6815:29dd | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
21 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
285210.xyz
tg.285210.xyz |
702 KB |
21 | 1 |
Domain | Requested by | |
---|---|---|
16 | tg.285210.xyz |
tg.285210.xyz
|
21 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
tg.285210.xyz E1 |
2024-03-19 - 2024-06-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://tg.285210.xyz/
Frame ID: 7A3F387BEC6C0CD4218FE28D476B0AC5
Requests: 17 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
tg.285210.xyz/ |
11 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.206d21d2eeb8d8de72d3.css
tg.285210.xyz/ |
411 KB 71 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style-desktop.7ec8ed3b19fabb19d057.css
tg.285210.xyz/ |
338 B 529 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mtproto.worker.937ee1bf2e19f6826ebc.chunk.js
tg.285210.xyz/ |
709 KB 162 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
85.952a9f12a6b3dcdd3f0e.bundle.js
tg.285210.xyz/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
946.ee5b7c972556a387aa20.bundle.js
tg.285210.xyz/ |
24 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.6f7e27a33f682e88ac29.bundle.js
tg.285210.xyz/ |
68 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mtproto.worker.937ee1bf2e19f6826ebc.chunk.js
tg.285210.xyz/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
crypto.worker.97275dc4bbabd34138f8.chunk.js
tg.285210.xyz/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
crypto.worker.97275dc4bbabd34138f8.chunk.js
tg.285210.xyz/ |
23 KB 9 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
104.1c27a33ef648955a6e92.chunk.js
tg.285210.xyz/ |
59 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
301.42dc636f96a62f6a08c8.chunk.js
tg.285210.xyz/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
8.570e6da51a125009c156.chunk.js
tg.285210.xyz/ |
24 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
539.17a0b07b4e6476f19654.chunk.js
tg.285210.xyz/ |
35 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
460.825ce6bcea186b0b7570.chunk.js
tg.285210.xyz/ |
1 MB 359 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
709.73c949c4c6702cdf349b.chunk.js
tg.285210.xyz/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
75f9cbd2-9b3c-40a7-ad3e-620134b18628
https://tg.285210.xyz/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
c0154dd0-d77c-49b3-84dd-22258c5eda6f
https://tg.285210.xyz/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
894018f6-efc1-4c6d-96e3-c4cee07ab20d
https://tg.285210.xyz/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
npm.qr-code-styling.2c5d57550714b1a9e42e.chunk.js
tg.285210.xyz/ |
64 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_padded.svg
tg.285210.xyz/assets/img/ |
1 KB 1 KB |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- tg.285210.xyz
- URL
- https://tg.285210.xyz/mtproto.worker.937ee1bf2e19f6826ebc.chunk.js
- Domain
- tg.285210.xyz
- URL
- https://tg.285210.xyz/crypto.worker.97275dc4bbabd34138f8.chunk.js
- Domain
- tg.285210.xyz
- URL
- blob:https://tg.285210.xyz/75f9cbd2-9b3c-40a7-ad3e-620134b18628
- Domain
- tg.285210.xyz
- URL
- blob:https://tg.285210.xyz/c0154dd0-d77c-49b3-84dd-22258c5eda6f
- Domain
- tg.285210.xyz
- URL
- blob:https://tg.285210.xyz/894018f6-efc1-4c6d-96e3-c4cee07ab20d
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)51 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| webpackChunktweb object| rootScope function| AppStorage object| stateStorage function| wrapUrl object| I18n object| webpWorkerController object| appStorage object| singleInstance object| webPushApiManager object| telegramMeWebManager object| opusDecodeController object| cryptoMessagePort object| mtprotoMessagePort object| serviceMessagePort object| apiManagerProxy function| calcImageInBox object| mediaSizes function| dispatchHeavyAnimationEvent object| sequentialDom object| appDownloadManager object| appMediaPlaybackController object| appNavigationController function| formatDateAccordingToTodayNew function| fillTipDates function| getVisibleRect function| generatePathData function| p function| putPreloader function| getRichValueWithCaret function| compareNodes function| placeCaretAtEnd object| emoticonsDropdown object| appSidebarRight function| getStream function| getStreamCached object| groupCallController object| callsController object| appDialogsManager object| appSidebarLeft function| SlicedArray function| getElementByPoint function| ScrollSaver object| uiNotificationsManager object| appImManager object| syncedPlayers object| emojiRenderers function| wrapRichText object| animationIntersector object| lottieLoader object| pagesManager0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
tg.285210.xyz
tg.285210.xyz
2606:4700:3035::6815:29dd
0f378ab2b3b92a45bc4f60eb18431b1b79abb1c24023b45a18d80ff513b99ad6
1502596d4cdb523adbb4b060706a7fb183205ceaf3b00a66e343c003a258dc1e
1506ad27d47dba5bef821a634c74197d7d03498983c8cb99d8582f4edd37fcd5
3032dc063e199fe573fed63b7f002f9dc06789fd30ca035a461a2710a94a2ffa
322deb24d6d5efcf38e98818033dc373a21e67a4535703a0bae2772b13d9f5ce
3c4602f0c9135234ca30949f3310866ef12da83cb42b216279600d2df8ddbd30
43508f4710a0a5ecd6d809840f1e10e68c01700ec9e1b43a78bf04b8db0d08c3
5c88a219eaf94b5adae29d8dc791741bec1a15db7d13d4309f6c6d36415c0b82
6c4dcfdbebbad6e06a688fe5ff5f0f844128a1a18c1cb8a0f5df5a0d0129ab53
76d263b16812315505820fc8b4750e97320cdcab3c0f2e325a834e66c4035938
76f240c4be8b3ba3b4b020e0b86db95bfdcadbeb18f78707b8b6b6f7c3f22902
95bccdbd4b9dc304d71128222b2dbba5b7d6bf02fe76c6236c06f0ddbfb05957
a95c5fb7857ab8ba796f52ac3b7965c418cb2be37d17554f75ba39f5a54623ef
c292e94f5a6c7b26cd60a271cbf591e23eda7f2f3be286c7bcf97a84d1f3196f
c99f09376f075102061096b6a1de02425756f2a381b37cc3b235584c7e6fccf8
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4