www.telegram.lgbt
Open in
urlscan Pro
154.82.100.194
Malicious Activity!
Public Scan
Submission: On December 10 via manual from TW — Scanned from DE
Summary
TLS certificate: Issued by R3 on December 5th 2022. Valid for: 3 months.
This is the only time www.telegram.lgbt was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Live information
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
21 | 154.82.100.194 154.82.100.194 | 399077 (TERAEXCH) (TERAEXCH) | |
3 | 2a00:1450:400... 2a00:1450:4001:829::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:812::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4860:480... 2001:4860:4802:34::36 | 15169 (GOOGLE) (GOOGLE) | |
27 | 5 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
telegram.lgbt
www.telegram.lgbt |
480 KB |
3 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 26 region1.google-analytics.com — Cisco Umbrella Rank: 2554 |
20 KB |
3 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 47 |
164 KB |
27 | 3 |
Domain | Requested by | |
---|---|---|
21 | www.telegram.lgbt |
www.telegram.lgbt
|
3 | www.googletagmanager.com |
www.telegram.lgbt
www.googletagmanager.com |
2 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
1 | region1.google-analytics.com |
www.googletagmanager.com
|
27 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
twitter.com |
tgsgp.oss-accelerate.aliyuncs.com |
telegram.org |
github.com |
desktop.telegram.org |
apps.apple.com |
download.telegram.lgbt |
macos.telegram.org |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.telegram.lgbt R3 |
2022-12-05 - 2023-03-05 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-11-07 - 2023-01-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.telegram.lgbt/TG_ZH/desktop.html
Frame ID: 8A4EC3CA48356102DF25BF349C6819B4
Requests: 28 HTTP requests in this frame
Screenshot
Page Title
Telegram中文桌面版Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
Page Statistics
15 Outgoing links
These are links going to different origins than the main page.
Title: Twitter
Search URL Search Domain Scan URL
Title: 下载 Telegram Windows x64
Search URL Search Domain Scan URL
Title: Windows x64 中文绿色版
Search URL Search Domain Scan URL
Title: 下载 Telegram macOS
Search URL Search Domain Scan URL
Title: Mac App Store
Search URL Search Domain Scan URL
Title: 下载 Telegram Linux x64
Search URL Search Domain Scan URL
Title: Flatpak
Search URL Search Domain Scan URL
Title: Snap
Search URL Search Domain Scan URL
Title: GPL v3
Search URL Search Domain Scan URL
Title: GitHub
Search URL Search Domain Scan URL
Title: 测试版
Search URL Search Domain Scan URL
Title: iPhone/iPad
Search URL Search Domain Scan URL
Title: Android
Search URL Search Domain Scan URL
Title: macOS
Search URL Search Domain Scan URL
Title: 网页版
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
desktop.html
www.telegram.lgbt/TG_ZH/ |
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
www.telegram.lgbt/TG_ZH/desktop_files/ |
42 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
telegram.css
www.telegram.lgbt/TG_ZH/desktop_files/ |
108 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js.download
www.telegram.lgbt/TG_ZH/desktop_files/ |
116 KB 55 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.telegram.lgbt/TG_ZH/desktop_files/ |
105 KB 50 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js(1)
www.telegram.lgbt/TG_ZH/desktop_files/ |
206 KB 91 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
www.telegram.lgbt/js/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tgsticker.js.download
www.telegram.lgbt/TG_ZH/desktop_files/ |
75 KB 29 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
download.js
www.telegram.lgbt/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v652eace1692a40cfa3763df669d7439c1639079717194
www.telegram.lgbt/TG_ZH/desktop_files/ |
14 KB 6 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
120 KB 47 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twitter.png
www.telegram.lgbt/TG_ZH/img/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
td_laptop.png
www.telegram.lgbt/TG_ZH/img/ |
185 KB 186 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
config.js
www.telegram.lgbt/js/ |
360 B 576 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
109 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
213 KB 75 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 349 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
collect
www.google-analytics.com/j/ |
1 B 21 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dev.js
www.telegram.lgbt/js/downloadlist/ |
598 B 687 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t101.js
www.telegram.lgbt/js/downloadlist/ |
4 KB 777 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t108.js
www.telegram.lgbt/js/downloadlist/ |
2 KB 781 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t112.js
www.telegram.lgbt/js/downloadlist/ |
481 B 617 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t158.js
www.telegram.lgbt/js/downloadlist/ |
6 KB 998 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t109.js
www.telegram.lgbt/js/downloadlist/ |
1 KB 693 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
t115.js
www.telegram.lgbt/js/downloadlist/ |
1 KB 674 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rum
www.telegram.lgbt/cdn-cgi/ |
1 KB 676 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)82 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| gtag object| dataLayer number| startTime function| dT object| jsonpCallbacks function| twitterCustomShareInit function| blogRecentNewsInit function| blogSideImageUpdate function| blogSideImageInit function| cancelEvent function| trackDlClick undefined| toTopWrapEl undefined| toTopEl object| pageContentWrapEl undefined| curVisible boolean| curShown function| backToTopInit function| backToTopGo function| backToTopResize function| backToTopScroll function| removePreloadInit function| getXY undefined| onDdBodyClick undefined| currentDd function| dropdownClick function| dropdownHide function| dropdownPageClick function| escapeHTML function| videoTogglePlay function| getDevPageNav function| showTitleIfOverflows function| initDevPageNav function| updateDevPageNav function| updateMenuAffix function| initScrollVideos function| checkScrollVideos function| videoPreloadPosterDimensions function| isVisibleEnough function| getFullOffsetY function| redraw function| initRipple function| mainInitRetinaVideos function| mainInitDemoAutoplay function| mainDemoVideoHover function| mainDemoVideoDoHover function| mainInitLogo function| mainInitTgStickers function| setCookie function| getCookie function| mainScrollTo object| RLottie function| QueryableWorker function| FrameQueue object| _0x3201 function| _0x4264 function| removeCookie function| EWExa object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady object| gaGlobal object| __cfBeacon object| gaplugins object| gaData object| urlConfigMap function| addDownloadConfig object| domains object| channal_1 object| channal_2 object| channal_3 object| channal_4 object| channal_5 object| channal_6 object| channal_1A object| channal_1B object| channal_3A object| channal_3B object| channal_3C object| channal_3D5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.telegram.lgbt/TG_ZH | Name: cks Value: |
|
.telegram.lgbt/ | Name: _ga_VE3X12E1EV Value: GS1.1.1670648901.1.0.1670648901.0.0.0 |
|
.telegram.lgbt/ | Name: _ga Value: GA1.2.62590073.1670648902 |
|
.telegram.lgbt/ | Name: _gid Value: GA1.2.534535972.1670648902 |
|
.telegram.lgbt/ | Name: _gat_gtag_UA_212845866_1 Value: 1 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubdomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
region1.google-analytics.com
www.google-analytics.com
www.googletagmanager.com
www.telegram.lgbt
154.82.100.194
2001:4860:4802:34::36
2a00:1450:4001:812::200e
2a00:1450:4001:829::2008
01f12f08f9631cb9465459c174f01587dcbf0cb3af391f7b15d9a967e8ea881c
0ffd186bca837a9cc259bf4b8570c247e14f33d6f4ef0527f930229ad0b6d2ba
20f4c7a3a145bb8bd7bbed583088379b30196e62437926bb0433042b81102e19
2162b591ebe2b8db3fa5cf15a50922fcd6ca6232d05140cf0a15b9512e3ccd45
359a7563b2f0a8b267b67399cf27223921c2e32da80a3f1ee0e6cfa82ebfca9b
377a867c84d7622e8505d60ab3f2cd91c2bee74035d45971e9fd11f904cc3da6
39a10a24888c4e0898d8c9c9ed332d88d0203c08d0f5cfbbf82c84cd9eee584f
3a1d4890b3e91a01c20c65b75f1ae028e3c445cad1fd2d249dd0868876dfe4b4
4fb138a3cdcc7da148092e84031bb22a896dd10476c56b75507dcf9644cc7530
57a8a84f533afbc33b3ca9e3bc6a896f1b9a6793817b4952ad3acb5bf7b85b03
5a93b0bce4a0f9e2c5fe4117885c4d1adec6b2ab688ebfe5a32d492ea5e75ba9
5d1a91efc17dd970435a8f6dc699d8e1220d62b78c022107b36054b41ba66972
69c4ad70fa66d36d5782532b7e007cf7a38b959a4824ceaf9ea0540046cf3794
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6cee77ef142c982054236b281b015e0cc32ea3bd1754deb11d1cca80793fb5b8
855c42dd1bb790aca2aa2ea1ca29171bf1a07530324717ddc1c1408ee20f484c
8cbaae5ea817ea19555ba3c88649f6db86533c6a0fb945042ac060b0c446199c
9d66856e33b22f79296d4615a74b43cef08bcb1fc0e1b70ae02ab7433761cf51
9e7a2740a591d2bc7d8d68ce3cd194e6e8f608704e48c6c6895ded87088b802b
a291e8c86066f8f1f2d02a1541e2969f7218297466d290cb825a6078193e2e3f
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
d21c4eae48eb3889019224c3e3bda22263d650079458ef1faeb023ab5acd5d50
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7d23b06a4ffd600558e5443d1e32daaaf13a27cf7bb8b7cc163a92b4054aaf2
e9885f72beec80104d584000fea488790bd8c910793bfb3879dc85c2fc54d98b
f1270afe5873e3065ebf44eed5f8ef592fef13fafd3778394ee4ca64bef98ffd
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505