94.130.244.181 Open in urlscan Pro
94.130.244.181 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://94.130.244.181/
Submission: On February 21 via manual (February 21st 2018, 1:07:24 pm UTC) from US

Summary HTTP 20 Redirects Links 1 Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 3 IPs in 2 countries across 1 domains to perform 20 HTTP transactions. The main IP is 94.130.244.181, located in Ukraine and belongs to HETZNER-AS, DE. The main domain is 94.130.244.181.

This is the only time 94.130.244.181 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
15	94.130.244.181 94.130.244.181		24940 (HETZNER-AS) (HETZNER-AS)
4	149.154.167.24 149.154.167.24		62041 (TELEGRAM) (TELEGRAM)
20	3

15 94.130.244.181 (Ukraine)

ASN24940 (HETZNER-AS, DE)
PTR: static.181.244.130.94.clients.your-server.de

94.130.244.181	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 149.154.167.24 (United Kingdom)

ASN62041 (TELEGRAM, GB)

venus.web.telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	telegram.org venus.web.telegram.org	3 KB
20	1

	Domain	Requested by
4	venus.web.telegram.org	94.130.244.181
20	1

This site contains links to these domains. Also see Links.

Domain
telegram.org

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://94.130.244.181/
Frame ID: (5476FC5C19B5829F95C23CF3ABD59748)
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Win32|Win64/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

env /^angular$/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

20
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

3
IPs

2
Countries

1775 kB
Transfer

1769 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://telegram.org/
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
94.130.244.181/ 1 KB
2 KB 3ms
2ms Document
text/html 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://94.130.244.181/
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: 277d4b5dd1e8fff99a6476038abe56855b08ed970452b0222b105100d03580db

Request headers

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Connection: keep-alive
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:16 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "564-52b77f3fb7980"
Content-Type: text/html
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1380

GET
H/1.1 200
OK app.css
94.130.244.181/css/ 171 KB
171 KB 4ms
4ms Stylesheet
text/css 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://94.130.244.181/css/app.css
Requested by: Host: 94.130.244.181
URL: http://94.130.244.181/
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: cfd935da894a1a9eaff667264f8e7c6cc0414676757b6e3ea9138756b98810f9

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://94.130.244.181/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://94.130.244.181/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:16 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "2ab1d-52b77f3fb7980"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 174877

GET
H/1.1 200
OK app.js Show response
94.130.244.181/js/ 1 MB
1 MB 5ms
4ms Script
application/javascript 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://94.130.244.181/js/app.js
Requested by: Host: 94.130.244.181
URL: http://94.130.244.181/
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: 0f82ae053bf40b3925c42206beb8acbff553bf7fff1c7932179049c116f7f2ec

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://94.130.244.181/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://94.130.244.181/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:16 GMT
Last-Modified: Sat, 24 Jun 2017 22:03:46 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "143c9b-552bbe44a7480"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1326235

GET
H/1.1 200
OK desktop.css
94.130.244.181/css/ 40 KB
40 KB 1ms
1ms Stylesheet
text/css 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://94.130.244.181/css/desktop.css
Requested by: Host: 94.130.244.181
URL: http://94.130.244.181/js/app.js
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: f0a4241f60d5cafe41c816dcab4d452dd10c3d91bf3bcd1776a9dfca7c0f3306

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://94.130.244.181/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://94.130.244.181/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:16 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "9efc-52b77f3fb7980"
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 40700

GET
H/1.1 200
OK en-us.json Show response
94.130.244.181/js/locales/ 41 KB
41 KB 1ms
1ms XHR
application/json 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://94.130.244.181/js/locales/en-us.json
Requested by: Host: 94.130.244.181
URL: http://94.130.244.181/js/app.js
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: 56829156fb99bf9312652b4c49c82d610cbfb9dc1ff08782952bde1517bb4de5

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://94.130.244.181/
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Cache-Control: no-cache
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://94.130.244.181/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:16 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "a2a7-52b77f3fb7980"
Content-Type: application/json
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 41639

GET
H/1.1 200
OK crypto_worker.js
94.130.244.181/js/lib/ 1 KB
1 KB 1ms
1ms Other
application/javascript 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://94.130.244.181/js/lib/crypto_worker.js
Requested by: Host: 94.130.244.181
URL: http://94.130.244.181/js/app.js
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: 7966a6dc46db571005e6f327b499a0c6c70679429b68db3a64a8fe3ae69e3f50

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://94.130.244.181/
Connection: keep-alive
Cache-Control: no-cache
Referer: http://94.130.244.181/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:16 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "4b4-52b77f3fb7980"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1204

GET
H/1.1 200
OK General.png
94.130.244.181/img/icons/ 7 KB
8 KB 1ms
1ms Image
image/png 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://94.130.244.181/img/icons/General.png
Requested by: Host: 94.130.244.181
URL: http://94.130.244.181/js/app.js
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: 583a4353fee64b45737787edbf6c2d94a1f78f249181d744f3e6404279ba169e

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://94.130.244.181/css/app.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://94.130.244.181/css/app.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:16 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "1d0c-52b77f3fb7980"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 7436

GET
H/1.1 200
OK Telegram.svg
94.130.244.181/img/ 5 KB
6 KB 1ms
1ms Image
image/svg+xml 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://94.130.244.181/img/Telegram.svg
Requested by: Host: 94.130.244.181
URL: http://94.130.244.181/js/app.js
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: bd24e2e781d27a24a5b689e340f6acfd17069cf48814d563160c8c9265382d77

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://94.130.244.181/css/app.css
Connection: keep-alive
Cache-Control: no-cache
Referer: http://94.130.244.181/css/app.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:16 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "14c9-52b77f3fb7980"
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 5321

GET
DATA 200
OK truncated
/ 58 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fef5a41be1b827a1729f19bcd123a57ee3f2cb8dc9074fffa4ab5b807f503514

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/webp

POST
H/1.1 200
OK apiw1 Show response
venus.web.telegram.org/ 84 B
496 B 86ms
23ms XHR
application/octet-stream 149.154.167.24
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://venus.web.telegram.org/apiw1

Requested by

Host: 94.130.244.181
URL: http://94.130.244.181/js/app.js

Protocol

HTTP/1.1

Server

149.154.167.24 , United Kingdom, ASN62041 (TELEGRAM, GB),

Reverse DNS

Software

nginx/1.12.2 /

Resource Hash

251b0bcddcee7d3f1bd606a8e137537c01122029bd6ce3d37b4e88099bf587b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: http://94.130.244.181/
Origin: http://94.130.244.181

Response headers

Pragma: no-cache
Date: Wed, 21 Feb 2018 13:07:14 GMT
Server: nginx/1.12.2
Strict-Transport-Security: max-age=15768000
Access-Control-Allow-Methods: POST, OPTIONS
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Cache-control: no-store
Connection: keep-alive
Access-Control-Allow-Headers: origin, content-type
Content-Length: 84

GET
H/1.1 200
OK polyfill.js
94.130.244.181/js/lib/ 4 KB
4 KB 1ms
1ms Other
application/javascript 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://94.130.244.181/js/lib/polyfill.js
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: aabf085d378da0fa8ab7671b4b6b8ab93c6cf46e14b42567f06cf0558e2a1c80

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://94.130.244.181/js/lib/crypto_worker.js
Connection: keep-alive
Cache-Control: no-cache
Referer: http://94.130.244.181/js/lib/crypto_worker.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:16 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "ef3-52b77f3fb7980"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 3827

GET
H/1.1 200
OK bin_utils.js
94.130.244.181/js/lib/ 15 KB
16 KB 1ms
1ms Other
application/javascript 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://94.130.244.181/js/lib/bin_utils.js
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: cf60978b09553210d81c2539cbe29c11f9d612e2910b0c768e6f19e1a6cb2c09

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://94.130.244.181/js/lib/crypto_worker.js
Connection: keep-alive
Cache-Control: no-cache
Referer: http://94.130.244.181/js/lib/crypto_worker.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:16 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "3d33-52b77f3fb7980"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 15667

GET
H/1.1 200
OK jsbn_combined.js
94.130.244.181/vendor/jsbn/ 36 KB
37 KB 1ms
1ms Other
application/javascript 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://94.130.244.181/vendor/jsbn/jsbn_combined.js
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: bf35737ecb19f93b2e4c411eb6a3ce6e6b9398d14c199cccec272e70865807ed

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://94.130.244.181/js/lib/crypto_worker.js
Connection: keep-alive
Cache-Control: no-cache
Referer: http://94.130.244.181/js/lib/crypto_worker.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:16 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "90c8-52b77f3fb7980"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 37064

GET
H/1.1 200
OK bigint.js
94.130.244.181/vendor/leemon_bigint/ 48 KB
48 KB 1ms
1ms Other
application/javascript 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://94.130.244.181/vendor/leemon_bigint/bigint.js
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: 358c053657f1248c79d797b02c00660d8c5e9a11c786cabcd45f58d11e723dec

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://94.130.244.181/js/lib/crypto_worker.js
Connection: keep-alive
Cache-Control: no-cache
Referer: http://94.130.244.181/js/lib/crypto_worker.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:17 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "bf99-52b77f3fb7980"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 49049

GET
H/1.1 200
OK long.js
94.130.244.181/vendor/closure/ 23 KB
23 KB 1ms
1ms Other
application/javascript 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://94.130.244.181/vendor/closure/long.js
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: aa33fd722e9ffa58aca046c34ba1d850bbccc689b6eceaaef4700337cfa7a597

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://94.130.244.181/js/lib/crypto_worker.js
Connection: keep-alive
Cache-Control: no-cache
Referer: http://94.130.244.181/js/lib/crypto_worker.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:17 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "5bfe-52b77f3fb7980"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 23550

GET
H/1.1 200
OK crypto.js
94.130.244.181/vendor/cryptoJS/ 64 KB
64 KB 1ms
1ms Other
application/javascript 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://94.130.244.181/vendor/cryptoJS/crypto.js
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: 3f0843eec5370cfa3e77ed908dc39353f1c8ba6facdfd88105605e6807a4dde2

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://94.130.244.181/js/lib/crypto_worker.js
Connection: keep-alive
Cache-Control: no-cache
Referer: http://94.130.244.181/js/lib/crypto_worker.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:17 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "10096-52b77f3fb7980"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 65686

GET
H/1.1 200
OK rusha.js
94.130.244.181/vendor/rusha/ 17 KB
17 KB 1ms
1ms Other
application/javascript 94.130.244.181
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://94.130.244.181/vendor/rusha/rusha.js
Protocol: HTTP/1.1
Server: 94.130.244.181 , Ukraine, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.181.244.130.94.clients.your-server.de
Software: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19 /
Resource Hash: 94352db37951f2a1b8194b8261171c2984d57d5999726c607ccc912895540f5b

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: 94.130.244.181
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Accept: */*
Referer: http://94.130.244.181/js/lib/crypto_worker.js
Connection: keep-alive
Cache-Control: no-cache
Referer: http://94.130.244.181/js/lib/crypto_worker.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date: Wed, 21 Feb 2018 13:07:17 GMT
Last-Modified: Thu, 11 Feb 2016 05:37:58 GMT
Server: Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19
ETag: "424a-52b77f3fb7980"
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 16970

POST
H/1.1 200
OK apiw1 Show response
venus.web.telegram.org/ 652 B
1 KB 37ms
36ms XHR
application/octet-stream 149.154.167.24
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://venus.web.telegram.org/apiw1

Requested by

Host: 94.130.244.181
URL: http://94.130.244.181/js/app.js

Protocol

HTTP/1.1

Server

149.154.167.24 , United Kingdom, ASN62041 (TELEGRAM, GB),

Reverse DNS

Software

nginx/1.12.2 /

Resource Hash

d6bfd95f465835a490d197bcdeca54141cad663e8bcfeb8998f1b15d0bd0d6e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: http://94.130.244.181/
Origin: http://94.130.244.181

Response headers

Pragma: no-cache
Date: Wed, 21 Feb 2018 13:07:16 GMT
Server: nginx/1.12.2
Strict-Transport-Security: max-age=15768000
Access-Control-Allow-Methods: POST, OPTIONS
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Cache-control: no-store
Connection: keep-alive
Access-Control-Allow-Headers: origin, content-type
Content-Length: 652

POST
H/1.1 200
OK apiw1 Show response
venus.web.telegram.org/ 72 B
484 B 229ms
229ms XHR
application/octet-stream 149.154.167.24
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://venus.web.telegram.org/apiw1

Requested by

Host: 94.130.244.181
URL: http://94.130.244.181/js/app.js

Protocol

HTTP/1.1

Server

149.154.167.24 , United Kingdom, ASN62041 (TELEGRAM, GB),

Reverse DNS

Software

nginx/1.12.2 /

Resource Hash

7ac12880c261bc3f4f6e598774684205d621cbd69ef7c3b8ba8307a2afcecfb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: http://94.130.244.181/
Origin: http://94.130.244.181

Response headers

Pragma: no-cache
Date: Wed, 21 Feb 2018 13:07:16 GMT
Server: nginx/1.12.2
Strict-Transport-Security: max-age=15768000
Access-Control-Allow-Methods: POST, OPTIONS
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Cache-control: no-store
Connection: keep-alive
Access-Control-Allow-Headers: origin, content-type
Content-Length: 72

POST
H/1.1 200
OK apiw1 Show response
venus.web.telegram.org/ 152 B
565 B 178ms
178ms XHR
application/octet-stream 149.154.167.24
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://venus.web.telegram.org/apiw1

Requested by

Host: 94.130.244.181
URL: http://94.130.244.181/js/app.js

Protocol

HTTP/1.1

Server

149.154.167.24 , United Kingdom, ASN62041 (TELEGRAM, GB),

Reverse DNS

Software

nginx/1.12.2 /

Resource Hash

e48d4386bb9e9d8b4953e07d8ffe2c8bce64f4b632401fdce533712607a1c064

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
Referer: http://94.130.244.181/
Origin: http://94.130.244.181

Response headers

Pragma: no-cache
Date: Wed, 21 Feb 2018 13:07:17 GMT
Server: nginx/1.12.2
Strict-Transport-Security: max-age=15768000
Access-Control-Allow-Methods: POST, OPTIONS
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 1728000
Cache-control: no-store
Connection: keep-alive
Access-Control-Allow-Headers: origin, content-type
Content-Length: 152

POST apiw1
venus.web.telegram.org/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: venus.web.telegram.org
URL: https://venus.web.telegram.org/apiw1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

344 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| BigInteger function| nbi function| am1 function| am2 function| am3 function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| bnClone function| bnIntValue function| bnByteValue function| bnShortValue function| bnpChunkSize function| bnSigNum function| bnpToRadix function| bnpFromRadix function| bnpFromNumber function| bnToByteArray function| bnEquals function| bnMin function| bnMax function| bnpBitwiseTo function| op_and function| bnAnd function| op_or function| bnOr function| op_xor function| bnXor function| op_andnot function| bnAndNot function| bnNot function| bnShiftLeft function| bnShiftRight function| lbit function| bnGetLowestSetBit function| cbit function| bnBitCount function| bnTestBit function| bnpChangeBit function| bnSetBit function| bnClearBit function| bnFlipBit function| bnpAddTo function| bnAdd function| bnSubtract function| bnMultiply function| bnSquare function| bnDivide function| bnRemainder function| bnDivideAndRemainder function| bnpDMultiply function| bnpDAddOffset function| NullExp function| nNop function| nMulTo function| nSqrTo function| bnPow function| bnpMultiplyLowerTo function| bnpMultiplyUpperTo function| Barrett function| barrettConvert function| barrettRevert function| barrettReduce function| barrettSqrTo function| barrettMulTo function| bnModPow function| bnGCD function| bnpModInt function| bnModInverse function| bnIsProbablePrime function| bnpMillerRabin function| rng_seed_int function| rng_seed_time function| rng_get_byte function| rng_get_bytes function| SecureRandom function| Arcfour function| ARC4init function| ARC4next function| prng_newstate function| findPrimes function| millerRabinInt function| millerRabin function| bitSize function| expand function| randTruePrime function| randProbPrime function| randProbPrimeRounds function| mod function| addInt function| mult function| powMod function| sub function| add function| inverseMod function| multMod function| randTruePrime_ function| randBigInt function| randBigInt_ function| GCD function| GCD_ function| inverseMod_ function| inverseModInt function| inverseModInt_ function| eGCD_ function| negative function| greaterShift function| greater function| divide_ function| carry_ function| modInt function| int2bigInt function| str2bigInt function| equalsInt function| equals function| isZero function| bigInt2str function| dup function| copy_ function| copyInt_ function| addInt_ function| rightShift_ function| halve_ function| leftShift_ function| multInt_ function| divInt_ function| linComb_ function| linCombShift_ function| addShift_ function| subShift_ function| sub_ function| add_ function| mult_ function| mod_ function| multMod_ function| squareMod_ function| trim function| powMod_ function| mont_ function| dT function| checkClick function| isInDOM function| checkDragEvent function| cancelEvent function| hasOnlick function| getScrollWidth function| onCtrlEnter function| setFieldSelection function| getFieldSelection function| getRichValue function| getRichValueWithCaret function| getRichElementValue function| setRichFocus function| getSelectedText function| scrollToNode function| onContentLoaded function| tsNow function| safeReplaceObject function| listMergeSorted function| listUniqSorted function| templateUrl function| encodeEntities function| calcImageInBox function| versionCompare function| bigint function| bigStringInt function| dHexDump function| bytesToHex function| bytesFromHex function| bytesToBase64 function| uint6ToBase64 function| base64ToBlob function| dataUrlToBlob function| blobConstruct function| bytesCmp function| bytesXor function| bytesToWords function| bytesFromWords function| bytesFromBigInt function| bytesFromLeemonBigInt function| bytesToArrayBuffer function| convertToArrayBuffer function| convertToUint8Array function| convertToByteArray function| bytesFromArrayBuffer function| bufferConcat function| longToInts function| longToBytes function| longFromInts function| intToUint function| uintToInt function| sha1HashSync function| sha1BytesSync function| sha256HashSync function| rsaEncrypt function| addPadding function| aesEncryptSync function| aesDecryptSync function| gzipUncompress function| nextRandomInt function| pqPrimeFactorization function| pqPrimeBigInteger function| gcdLong function| pqPrimeLong function| pqPrimeLeemon function| bytesModPow function| TLSerialization function| TLDeserialization function| EmojiTooltip function| EmojiPanel function| MessageComposer function| jsonCaller function| Scroller number| dbits number| canary boolean| j_lm number| BI_FP string| BI_RM object| BI_RC number| rr number| vv object| lowprimes number| lplim object| rng_state object| rng_pool number| rng_pptr object| global object| t object| ua undefined| z number| rng_psize object| CryptoJS number| _logTimer object| extraModules undefined| scopeHolder function| setZeroTimeout function| $ function| jQuery object| Config object| ConfigStorage function| safeConfirm object| angular function| Rusha object| Zlib object| goog number| bpe number| mask number| radix string| digitsStr object| buff object| one object| ss object| s0 object| s1 object| s2 object| s3 object| s4 object| s5 object| s6 object| s7 object| T object| sa object| mr_x1 object| mr_r object| mr_a object| eg_v object| eg_u object| eg_A object| eg_B object| eg_C object| eg_D object| md_q1 object| md_q2 object| md_q3 object| md_r object| md_r1 object| md_r2 object| md_tt object| primes object| pows object| s_i object| s_i2 object| s_R object| s_rm object| s_q object| s_n1 object| s_a object| s_r2 object| s_n object| s_b object| s_d object| s_x1 object| s_x2 object| s_aa object| rpprb function| WebPDecoder function| onAnimationFrameCallback object| SearchIndexManager object| EmojiHelper object| jQuery111104887251130615593 undefined| BlobBuilder undefined| requestFileSystem object| rushaInstance object| db object| sha1a object| sha1b object| sha1c object| sha1d number| checkConnectionPeriod

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://94.130.244.181/js/app.js(Line 1) Message: [0.099]
console-api	warning	URL: http://94.130.244.181/js/app.js(Line 1) Message: performing idb upgrade from
console-api	log	URL: http://94.130.244.181/js/app.js(Line 1) Message: [0.190]
console-api	log	URL: http://94.130.244.181/js/app.js(Line 1) Message: [0.190]
console-api	log	URL: http://94.130.244.181/js/app.js(Line 1) Message: [1.498]
console-api	log	URL: http://94.130.244.181/js/app.js(Line 1) Message: [1.513]
console-api	log	URL: http://94.130.244.181/js/app.js(Line 1) Message: [1.553]
console-api	log	URL: http://94.130.244.181/js/app.js(Line 1) Message: [1.554]
console-api	log	URL: http://94.130.244.181/js/app.js(Line 1) Message: [1.850]
console-api	log	URL: http://94.130.244.181/js/app.js(Line 1) Message: [2.369]
console-api	log	URL: http://94.130.244.181/js/app.js(Line 1) Message: [2.371]
console-api	log	URL: http://94.130.244.181/js/app.js(Line 1) Message: [2.563]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

venus.web.telegram.org
venus.web.telegram.org
149.154.167.24
94.130.244.181
0f82ae053bf40b3925c42206beb8acbff553bf7fff1c7932179049c116f7f2ec
251b0bcddcee7d3f1bd606a8e137537c01122029bd6ce3d37b4e88099bf587b2
277d4b5dd1e8fff99a6476038abe56855b08ed970452b0222b105100d03580db
358c053657f1248c79d797b02c00660d8c5e9a11c786cabcd45f58d11e723dec
3f0843eec5370cfa3e77ed908dc39353f1c8ba6facdfd88105605e6807a4dde2
56829156fb99bf9312652b4c49c82d610cbfb9dc1ff08782952bde1517bb4de5
583a4353fee64b45737787edbf6c2d94a1f78f249181d744f3e6404279ba169e
7966a6dc46db571005e6f327b499a0c6c70679429b68db3a64a8fe3ae69e3f50
7ac12880c261bc3f4f6e598774684205d621cbd69ef7c3b8ba8307a2afcecfb3
94352db37951f2a1b8194b8261171c2984d57d5999726c607ccc912895540f5b
aa33fd722e9ffa58aca046c34ba1d850bbccc689b6eceaaef4700337cfa7a597
aabf085d378da0fa8ab7671b4b6b8ab93c6cf46e14b42567f06cf0558e2a1c80
bd24e2e781d27a24a5b689e340f6acfd17069cf48814d563160c8c9265382d77
bf35737ecb19f93b2e4c411eb6a3ce6e6b9398d14c199cccec272e70865807ed
cf60978b09553210d81c2539cbe29c11f9d612e2910b0c768e6f19e1a6cb2c09
cfd935da894a1a9eaff667264f8e7c6cc0414676757b6e3ea9138756b98810f9
d6bfd95f465835a490d197bcdeca54141cad663e8bcfeb8998f1b15d0bd0d6e8
e48d4386bb9e9d8b4953e07d8ffe2c8bce64f4b632401fdce533712607a1c064
f0a4241f60d5cafe41c816dcab4d452dd10c3d91bf3bcd1776a9dfca7c0f3306
fef5a41be1b827a1729f19bcd123a57ee3f2cb8dc9074fffa4ab5b807f503514