web.tel.onl
Open in
urlscan Pro
116.203.203.206
Malicious Activity!
Public Scan
Effective URL: https://web.tel.onl/
Submission: On January 04 via api from US — Scanned from NL
Summary
TLS certificate: Issued by R3 on November 10th 2023. Valid for: 3 months.
This is the only time web.tel.onl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 116.203.203.206 116.203.203.206 | 24940 (HETZNER-AS) (HETZNER-AS) | |
21 | 2 |
ASN24940 (HETZNER-AS, DE)
PTR: static.206.203.203.116.clients.your-server.de
web.tel.onl |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
tel.onl
web.tel.onl — Cisco Umbrella Rank: 663979 |
290 KB |
21 | 1 |
Domain | Requested by | |
---|---|---|
16 | web.tel.onl |
web.tel.onl
|
21 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
github.com |
core.telegram.org |
telegram.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
tel.onl R3 |
2023-11-10 - 2024-02-08 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://web.tel.onl/
Frame ID: 4CB0D78209E5069510DBD55FD014F186
Requests: 18 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Title: WebK
Search URL Search Domain Scan URL
Title: Telegram API
Search URL Search Domain Scan URL
Title: User Agreement with Telegram
Search URL Search Domain Scan URL
Title: https://telegram.org/apps
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
web.tel.onl/ |
15 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-8d210174.js
web.tel.onl/ |
125 KB 44 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index-4d11df40.css
web.tel.onl/ |
421 KB 72 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mtproto.worker-60c1fdba.js
web.tel.onl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
crypto.worker-b2b2021e.js
web.tel.onl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
369 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
crypto.worker-b2b2021e.js
web.tel.onl/ |
67 KB 24 KB |
Fetch
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lang-89c9b780.js
web.tel.onl/ |
102 KB 30 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
langSign-66e8939d.js
web.tel.onl/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
countries-5301fc59.js
web.tel.onl/ |
24 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
a013f7f1-8b2d-4097-8408-35b969984e4f
https://web.tel.onl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
820d6a01-e59c-4bd4-b5ee-dfc4b3d6150a
https://web.tel.onl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
cc682e28-8654-4205-aa03-1162fb47010a
https://web.tel.onl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pageSignQR-6e152a99.js
web.tel.onl/ |
5 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
page-440660e1.js
web.tel.onl/ |
9 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
button-c2053848.js
web.tel.onl/ |
6 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
putPreloader-01b48c66.js
web.tel.onl/ |
649 B 742 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
textToSvgURL-c6ebb454.js
web.tel.onl/ |
357 B 584 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qr-code-styling-8a04fb73.js
web.tel.onl/ |
65 KB 17 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_commonjsHelpers-725317a4.js
web.tel.onl/ |
290 B 534 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tgico.ttf
web.tel.onl/assets/fonts/ |
80 KB 80 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_padded.svg
web.tel.onl/assets/img/ |
1 KB 961 B |
Fetch
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- web.tel.onl
- URL
- https://web.tel.onl/mtproto.worker-60c1fdba.js
- Domain
- web.tel.onl
- URL
- https://web.tel.onl/crypto.worker-b2b2021e.js
- Domain
- web.tel.onl
- URL
- blob:https://web.tel.onl/a013f7f1-8b2d-4097-8408-35b969984e4f
- Domain
- web.tel.onl
- URL
- blob:https://web.tel.onl/820d6a01-e59c-4bd4-b5ee-dfc4b3d6150a
- Domain
- web.tel.onl
- URL
- blob:https://web.tel.onl/cc682e28-8654-4205-aa03-1162fb47010a
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| modal object| btn object| span undefined| kbuild object| rootScope function| deferredPromise function| AppStorage object| stateStorage function| wrapUrl object| I18n object| webpWorkerController object| appStorage object| singleInstance object| webPushApiManager object| telegramMeWebManager object| opusDecodeController object| cryptoMessagePort object| mtprotoMessagePort object| serviceMessagePort object| apiManagerProxy function| calcImageInBox object| mediaSizes object| customProperties object| windowSize object| liteMode object| themeController object| overlayCounter function| formatDateAccordingToTodayNew function| fillTipDates object| sequentialDom function| dispatchHeavyAnimationEvent object| pagesManager function| putPreloader0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
web.tel.onl
web.tel.onl
116.203.203.206
0184a87ae601ead73e11d37c66ec0930c2c7c48b140ed09c2dad885bd4c3b867
13ebe25535220052e72add4bfbc4014dd62d6583bb9cea4b4b34873f0e357f7c
1b58f13a4a6a472ae93c91076b73ff754e8f7d4b3573764aed63a13e184d6fb1
2ffec73694f79063035f221b469c6fcbb4bffa60750368d88e10b08be79f7c99
4d11df40ba31e56a021c19a05db32ed0afd242a0b622db0c648ce2e91ab47979
57fd88dfe3996f990f33a841ca258e1ed63f44a918b54ce490db94e7c47eaf38
58fafa3a075d804360271b6b081e9c3c46ba344659ef3cb10d5561afc1147448
62ba5e078c4aaa3ff5c8c24cb8216de89afaa7dd10bfd364a0396913bbd34663
6f2cf0c99091af44641cb27eee6a0f32a56aa85f446f60a9482864f2ade413d4
7285632faf1a90db84b6da17536028924fd77630408e7ba20172637dd2b7fe32
76f51bf44f7fec231fddaaca6a5b2edee1ac7aea1ea3b3f09b474a642b96bb14
7b4921656e143af35794b7fc9d4d23580fa232ffcf179bc8569317e424032d80
96b148f83c5e05ad68fd3e0db922742978f95b0b3eae1c4f53ee70a714d5d66c
a68b560768e3cdc3a6e601531bb5cb10352051c3f949b0644d0358aa47441794
bd60d1770a779c86eade7d61848984d0273711a76e7b43a580ceac0f6edb8425
d05ea304fe27ee286f083d3264278f287c6b387a941e88fcd484c661b136627a
d7d3232bf40cc555ad219d6b688afe4b2427e7fa00ae719e5f7fa4152dc0857f
eeb79b0ae5da35d3433de6edeec3a0e3cce9c24f517dbad26ed97e852666c8f4