web.teleqram.at Open in urlscan Pro
172.67.211.128 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://web.teleqram.at/?code=e56d98d08be443cd41d0dec28d157987
Submission Tags: @phish_report
Submission: On May 14 via api (May 14th 2024, 8:10:30 pm UTC) from FI — Scanned from AT

Summary HTTP 8 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 172.67.211.128, located in United States and belongs to CLOUDFLARENET, US. The main domain is web.teleqram.at.
TLS certificate: Issued by GTS CA 1P5 on April 28th 2024. Valid for: 3 months.

This is the only time web.teleqram.at was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	172.67.211.128 172.67.211.128	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.21.72.124 104.21.72.124	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2

7 172.67.211.128 (United States)

ASN13335 (CLOUDFLARENET, US)

web.teleqram.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.72.124 (None, )

ASN13335 (CLOUDFLARENET, US)

fonts.cdnfonts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	teleqram.at web.teleqram.at	842 KB
1	cdnfonts.com fonts.cdnfonts.com — Cisco Umbrella Rank: 8084	792 B
8	2

	Domain	Requested by
7	web.teleqram.at	web.teleqram.at
1	fonts.cdnfonts.com	web.teleqram.at
8	2

This site contains links to these domains. Also see Links.

Domain
telegram.org

Subject Issuer	Validity	Valid
teleqram.at GTS CA 1P5	`2024-04-28` - `2024-07-27`	3 months	crt.sh
cdnfonts.com GTS CA 1P5	`2024-03-27` - `2024-06-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://web.teleqram.at/?code=e56d98d08be443cd41d0dec28d157987
Frame ID: C1EB2886443FDFC10CB31D4E3F7070CB
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Телеграм

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

842 kB
Transfer

2578 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://telegram.org/support
Title: свяжитесь со службой поддержки.

Search URL Search Domain Scan URL

URL: https://telegram.org/faq
Title: О Telegram

Search URL Search Domain Scan URL

URL: https://telegram.org/blog
Title: Блог

Search URL Search Domain Scan URL

URL: https://telegram.org/apps
Title: Приложения

Search URL Search Domain Scan URL

URL: https://telegram.org/core.telegram.org/
Title: Платформы

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
web.teleqram.at/ 7 KB
4 KB 182ms
114ms Document
text/html 172.67.211.128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://web.teleqram.at/?code=e56d98d08be443cd41d0dec28d157987
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.211.128 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 81d9800e8746654b80696fc4ce72940fae1f90c92bba2385a42061dc80a02efb

Request headers

Accept-Language: de-AT,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 883d8812aa7b5a6b-VIE
content-encoding: br
content-type: text/html
date: Tue, 14 May 2024 20:10:25 GMT
last-modified: Mon, 01 Apr 2024 12:37:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NELwTktDfye1VeH1pvVybyR4aUamXb9%2BrStOf42oHdAq6wSZ5DucYY9CFAzxmkx6DsXGg%2BD3ZULdFbvjnlSFUc9bkf6TmuiLeKnxfwMeCC0FsiVho8Jj23SDPgxm80FLhrQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 roboto
fonts.cdnfonts.com/css/ 2 KB
792 B 76ms
33ms Stylesheet
text/css 104.21.72.124
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.cdnfonts.com/css/roboto
Requested by: Host: web.teleqram.at
URL: https://web.teleqram.at/?code=e56d98d08be443cd41d0dec28d157987
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.72.124 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c88270fded5c2d3184e3d65eb91d2d45b43a2a5e378b0fb31e4738aac9232b9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://web.teleqram.at/
Accept-Language: de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:10:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3631905
cf-polished: origSize=2409
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 02 Apr 2024 19:18:40 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jxiQhQ546I4NdUEMba5OEpf6z3Qnyt32dmsUQ7uJnWA3B8D90l6757%2B5IRQV5H5dOK076Gt1SfBo5ABWBV1HIVJluLZq0B4rjyHy0%2Fz9CLUez98sPoufIq6gTyg5fofW6Q%2BdJ2o%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=2678400
cf-ray: 883d8813adb6c24f-VIE

GET
H2 200 main.2422bf64.js Show response
web.teleqram.at/static/js/ 1 MB
314 KB 172ms
171ms Script
application/javascript 172.67.211.128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://web.teleqram.at/static/js/main.2422bf64.js
Requested by: Host: web.teleqram.at
URL: https://web.teleqram.at/?code=e56d98d08be443cd41d0dec28d157987
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.211.128 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b67bd2be9dca537ffd8347316f76fdc013dd6a67f666ecc2aeca808877955afa

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://web.teleqram.at/?code=e56d98d08be443cd41d0dec28d157987
Accept-Language: de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:10:25 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Mon, 01 Apr 2024 12:37:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"660aaa74-104b3c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3GInFgSnrJjQcc1oAdYnrEE1WgHY9vU0pVmJogv0H%2BSLQQ8a6zyHBVSQifZeWGlxwnW%2BkoVX5zrmI80e9FbeK0Fq%2F6Na98mEgKQUpJO8umwMBb4XhfC9XUGYLIpPJeZpMw4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 883d88136af05a6b-VIE
alt-svc: h3=":443"; ma=86400

GET
H2 200 main.1c1e086f.css
web.teleqram.at/static/css/ 4 KB
2 KB 117ms
116ms Stylesheet
text/css 172.67.211.128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://web.teleqram.at/static/css/main.1c1e086f.css
Requested by: Host: web.teleqram.at
URL: https://web.teleqram.at/?code=e56d98d08be443cd41d0dec28d157987
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.211.128 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bdd32f9f53f51923fd58f916dbc737b91a9edd0f15ce9a4bc439940f16abd8d8

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://web.teleqram.at/?code=e56d98d08be443cd41d0dec28d157987
Accept-Language: de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:10:25 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Mon, 01 Apr 2024 12:37:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"660aaa74-f9c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9JskgLuI5PW42L6F3TLDgdTk0esst4ZuSR%2Bzrckx9SEPmRmf%2BIxxemvF65w6am3E%2BVJWB6LEGiSje6%2B%2FfwrzYd3Snx49%2BRww8Jqni19wGmi%2BDp5yrTsNyCHTPwQ%2FRo6jIHk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 883d88136aee5a6b-VIE
alt-svc: h3=":443"; ma=86400

GET
H2 200 telegram.js Show response
web.teleqram.at/ 1 MB
382 KB 192ms
191ms Script
application/javascript 172.67.211.128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://web.teleqram.at/telegram.js
Requested by: Host: web.teleqram.at
URL: https://web.teleqram.at/?code=e56d98d08be443cd41d0dec28d157987
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.211.128 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c27d798303e67d6c6e312e602847328293705503d32eaf0db12ba88cdcc68e9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://web.teleqram.at/?code=e56d98d08be443cd41d0dec28d157987
Accept-Language: de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:10:25 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Mon, 01 Apr 2024 12:36:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"660aaa32-159fce"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iouom9Xdw6Xk9Qm3uMh8%2FGhLnWbJY4NDyx5fE50rR142AcPjHsZuLgIGfPEpDUy8FXZo2UpM88FHjIhugc%2BvMV08FztJWaPLLBesvYqfsNs52NiWN%2BwoRmoptid7W0FyH6o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 883d88136aef5a6b-VIE
alt-svc: h3=":443"; ma=86400

POST
H3 502 init Show response
web.teleqram.at/api/flow/ 6 KB
7 KB 266ms
266ms XHR
text/html 172.67.211.128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.teleqram.at/api/flow/init

Requested by

Host: web.teleqram.at
URL: https://web.teleqram.at/static/js/main.2422bf64.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.211.128 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49e5871da73be433a04177093bf303d3465208fdc75d7a957bf9c566a697d6fb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json
Accept: application/json, text/plain, */*
Referer: https://web.teleqram.at/?code=e56d98d08be443cd41d0dec28d157987
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:10:26 GMT
referrer-policy: same-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a662CUJkL5TNhwU8NIfGNHfUeO7DUjR2e7a8xpSHwiOhaU0XQZWxsZGYXTHQHQeyS2FrRy6x%2F6JXGEtwaLu7zQXph6%2BvvBy6amfEFQjxZiAuELkj3Xd8aWvkCM3sMwke0gE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 883d8818b8205afa-VIE
alt-svc: h3=":443"; ma=86400
content-length: 6330
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 200 favicon.svg
web.teleqram.at/ 826 B
939 B 117ms
117ms Other
image/svg+xml 172.67.211.128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://web.teleqram.at/favicon.svg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.211.128 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba5a1de42c7a72bab42028fecb714416965405060851fb1a0176f089837ac3d3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://web.teleqram.at/?code=e56d98d08be443cd41d0dec28d157987
Accept-Language: de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:10:26 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 01 Apr 2024 12:36:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"660aaa32-33a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rSmN7Sgi7dSZbHd%2BQS1FBaKeyBwhycTGdlif7sZYCYWkZBY9NOZNBG0PnxjzcY3cSNaRj%2Fgnwo5ERTIR4RPbm%2F4eT%2BZR%2FupBIBa5fljhLACYdRZd0xqHDvnPjngIQLiCRHA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 883d8818b8235afa-VIE
alt-svc: h3=":443"; ma=86400

GET
H3 200 logo1.36cb25e517efd92416f8.jpeg
web.teleqram.at/static/media/ 132 KB
133 KB 196ms
196ms Image
image/jpeg 172.67.211.128
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://web.teleqram.at/static/media/logo1.36cb25e517efd92416f8.jpeg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.211.128 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b4274e8f6558966c9423dd1e2fbd5d9eefdfd9060a64f78e680491bda3282bb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://web.teleqram.at/?code=e56d98d08be443cd41d0dec28d157987
Accept-Language: de-AT,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 20:10:26 GMT
cf-cache-status: MISS
last-modified: Mon, 01 Apr 2024 12:37:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "660aaa74-21030"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=364oayCiwr6q%2Bvwgfqq5TUuZ5bP3cFrguKT1w6L9ifJ6ee8h5NK%2F8i66r5NLu0NLhT%2BnHWNkWpVCOwR2XZbS%2F6wsSqa1fKI4koWItnKKJEEDYr3%2FTQ%2BNbwuLsDOgC5UV8CY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 883d881a79dd5afa-VIE
alt-svc: h3=":443"; ma=86400
content-length: 135216

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| telegram object| webpackChunkreact_frontend string| version

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://web.teleqram.at/api/flow/init Message: Failed to load resource: the server responded with a status of 502 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.cdnfonts.com
web.teleqram.at
104.21.72.124
172.67.211.128
49e5871da73be433a04177093bf303d3465208fdc75d7a957bf9c566a697d6fb
4b4274e8f6558966c9423dd1e2fbd5d9eefdfd9060a64f78e680491bda3282bb
7c27d798303e67d6c6e312e602847328293705503d32eaf0db12ba88cdcc68e9
81d9800e8746654b80696fc4ce72940fae1f90c92bba2385a42061dc80a02efb
9c88270fded5c2d3184e3d65eb91d2d45b43a2a5e378b0fb31e4738aac9232b9
b67bd2be9dca537ffd8347316f76fdc013dd6a67f666ecc2aeca808877955afa
ba5a1de42c7a72bab42028fecb714416965405060851fb1a0176f089837ac3d3
bdd32f9f53f51923fd58f916dbc737b91a9edd0f15ce9a4bc439940f16abd8d8

web.teleqram.at Open in urlscan Pro 172.67.211.128 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

842 kBTransfer

2578 kBSize

0 Cookies

5 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

web.teleqram.at Open in urlscan Pro
172.67.211.128 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

842 kB
Transfer

2578 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions