urlscan.io logo urlscan.io
SecurityTrails logo

desktop.download-telegram.app Open in urlscan Pro
188.114.97.3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://download-telegram.app/
Effective URL: https://desktop.download-telegram.app/
Submission: On November 18 via automatic, source certstream-suspicious — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is desktop.download-telegram.app.
TLS certificate: Issued by GTS CA 1P5 on November 17th 2023. Valid for: 3 months.
This is the only time desktop.download-telegram.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
1 5 188.114.97.3 13335 (CLOUDFLAR...)
2 188.114.96.3 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
7 4
Domain Requested by
6 desktop.download-telegram.app desktop.download-telegram.app
1 darknetlinks.wiki desktop.download-telegram.app
1 download-telegram.app 1 redirects
7 3

This site contains links to these domains. Also see Links.

Domain
twitter.com
download-telegram.app
core.download-telegram.app
github.com
Subject Issuer Validity Valid
download-telegram.app
GTS CA 1P5		 2023-11-17 -
2024-02-15		 3 months crt.sh
darknetlinks.wiki
GTS CA 1P5		 2023-11-13 -
2024-02-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://desktop.download-telegram.app/
Frame ID: 6F51BB25C957AE0333EF4818972398AE
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Telegram Desktop

Page URL History Show full URLs

  1. https://download-telegram.app/ HTTP 302
    https://desktop.download-telegram.app/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

7
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

3
Subdomains

4
IPs

2
Countries

241 kB
Transfer

407 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://download-telegram.app/ HTTP 302
    https://desktop.download-telegram.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
desktop.download-telegram.app/
Redirect Chain
  • https://download-telegram.app/
  • https://desktop.download-telegram.app/
44 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://desktop.download-telegram.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84ff5909d032538c1dc3509072ee35dc9ee5813f997323db8b0a282f5651df6c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
no-store
cf-cache-status
DYNAMIC
cf-ray
827ed463fa2ad0d5-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Sat, 18 Nov 2023 08:26:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SZZNo7JBfVqXc72yVJ6SJdqQNnqRYECurQxnDyIybVrbwVJWouY0nABsyXc9qt0bScPyq7dFyV3SeL0sdlVIIY9MhpDUWtzZV%2Fd%2FIXb%2BVz4lEXjaWF0oSWLCi2JZ2VHyUaX2PR0Ob7d7Ue%2BnhBDHfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
827ed461cf8cd0d5-AMS
content-type
text/html
date
Sat, 18 Nov 2023 08:26:37 GMT
location
https://desktop.download-telegram.app/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OmYiSCSiHbSTl6DXgE%2BDJdXDSyS0ItUU2NIW80tnpHHr5RJq3X50rCOi8hGYUl3l0ff02G6coouzgNvce0ibF7DHvCii%2FwlAV1PJcDGZb3vhe96dZgVgd3FD7%2ByR6mliRb0FyhyVNyA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
bootstrap.min.css
desktop.download-telegram.app/css/ 		42 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://desktop.download-telegram.app/css/bootstrap.min.css?3
Requested by
Host: desktop.download-telegram.app
URL: https://desktop.download-telegram.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://desktop.download-telegram.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 18 Nov 2023 08:26:38 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Fri, 10 Nov 2017 17:54:14 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"5a05e7c6-a61b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n1hEWYgIFjZg07bfuH703%2FeU4k4gMkZHnPKS3r2CO4JFgSgOrmsVNEYPzoi9AedoI806Hpxcp0YCobi%2BDDPOzdNDmitmISp69Oq5vAPcBJMUS1Yqw%2FtUwnwnOfqzgZGLWDuK33FYmEM2%2BaSYVbJ2Jw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=345600
cf-ray
827ed464eb39d0d5-AMS
alt-svc
h3=":443"; ma=86400
expires
Wed, 22 Nov 2023 08:26:38 GMT
telegram.css
desktop.download-telegram.app/css/ 		112 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://desktop.download-telegram.app/css/telegram.css?236
Requested by
Host: desktop.download-telegram.app
URL: https://desktop.download-telegram.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
acd326a9263ee8c4cbc757fed46333732a0e3f8f48d398cbd4f8e36a09fdaf76

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://desktop.download-telegram.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 18 Nov 2023 08:26:38 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Mon, 20 Mar 2023 10:58:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"64183c6f-1c0b3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9WB2jEWIHTIq1oT6ewMqvMM7VYIPCegvirlJ6QoBaKXP96VxaRYmLDg3k9o7SCFWDp0UFAAWJwTwIfXWLysoZ%2FTS2Ra0FIm%2FMfZKa2dqNYGH5hsRAjm8d3lhB8R0iU6es53rPxMauD24G2Hnbs8BPA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=345600
cf-ray
827ed464fb3bd0d5-AMS
alt-svc
h3=":443"; ma=86400
expires
Wed, 22 Nov 2023 08:26:38 GMT
main.js
desktop.download-telegram.app/js/ 		21 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://desktop.download-telegram.app/js/main.js?47
Requested by
Host: desktop.download-telegram.app
URL: https://desktop.download-telegram.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5dc34336315f041a95829679eb3224e2fd187765666e68b53ec55d18ae3ce52

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://desktop.download-telegram.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 18 Nov 2023 08:26:38 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Sat, 10 Dec 2022 23:01:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"63950fe2-53e6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fz0E7dJtLDJOfdUUFnfjNJ%2Fj7Ln8JhEBKWDasd7Eqza8GFh2Nle8I%2FFxP2QXXSbKRjUAoyxWbCCRPtXW2zT3N80laBbk9qBzYNlAFV3UZ%2BBigdxkIKl2Z6mxrJuAPAlNniv3uON6pIqqtQkMDOSnVA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=345600
cf-ray
827ed4650b5dd0d5-AMS
alt-svc
h3=":443"; ma=86400
expires
Wed, 22 Nov 2023 08:26:38 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
20f4c7a3a145bb8bd7bbed583088379b30196e62437926bb0433042b81102e19

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/svg+xml
twitter.png
desktop.download-telegram.app/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://desktop.download-telegram.app/img/twitter.png
Requested by
Host: desktop.download-telegram.app
URL: https://desktop.download-telegram.app/css/telegram.css?236
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7d23b06a4ffd600558e5443d1e32daaaf13a27cf7bb8b7cc163a92b4054aaf2

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://desktop.download-telegram.app/css/telegram.css?236
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 18 Nov 2023 08:26:38 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
1272
last-modified
Fri, 10 Nov 2017 17:54:14 GMT
server
cloudflare
etag
"5a05e7c6-4f8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LtNJ%2F4BS67pgJVLFbWQoCALRijfspDNkaPkFO8KcIFA2v93yqWz1YHtojtK29fBlf4Vic4gaML5hqepyF%2FV6FTVND1rg3hbVcX7BgRTGNm6iHxxYjBf25TuxJrYCR0NiqGJLBA%2F8WwOsWWYvsxr6MA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=345600
accept-ranges
bytes
cf-ray
827ed4663dca0b48-AMS
expires
Wed, 22 Nov 2023 08:26:38 GMT
td_laptop.png
desktop.download-telegram.app/img/ 		185 KB
186 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://desktop.download-telegram.app/img/td_laptop.png
Requested by
Host: desktop.download-telegram.app
URL: https://desktop.download-telegram.app/css/telegram.css?236
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a1d4890b3e91a01c20c65b75f1ae028e3c445cad1fd2d249dd0868876dfe4b4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://desktop.download-telegram.app/css/telegram.css?236
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 18 Nov 2023 08:26:38 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
189734
last-modified
Fri, 10 Nov 2017 17:54:14 GMT
server
cloudflare
etag
"5a05e7c6-2e526"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SZ82F9UbAmVdDgBXD37DJjK4gnjsX7HoJyT4ee56sJqNroQGl2T7vSlyIB9sLNP7neafMMTr0iJnDIGyUT51Yd6G3rxX2H0ct2WPsAmN%2BN%2FcL6eE4Bq3a38TJ9rxg07zPcF9HDFdZ6bPOMad1W0ibA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=345600
accept-ranges
bytes
cf-ray
827ed4663dcb0b48-AMS
expires
Wed, 22 Nov 2023 08:26:38 GMT
fp.php
darknetlinks.wiki/ 		0
453 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://darknetlinks.wiki/fp.php
Requested by
Host: desktop.download-telegram.app
URL: https://desktop.download-telegram.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:4c21 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://desktop.download-telegram.app/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sat, 18 Nov 2023 08:26:39 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EvAP34LITN8SHQC2HOhp9aSPMaS55UqWbs5BXTropan9SgLb3yAF%2BBo393%2F%2FL41dKT9cE7I1m6Yg4Q4f%2FnyLTIg3yP3sVwxQmpHZoVT729ZT38fsmfrcPtWe%2BvmHLoi%2BMIvzKF8YLXAabnrLR5mfKA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cf-ray
827ed4671df806be-AMS
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| ClientJS object| FingerprintJS function| getCookie function| initFingerprintJS function| setCookie number| seekButtonSelectors string| downloadLink string| cL function| df number| setClickHandlers number| startTime function| dT object| jsonpCallbacks function| twitterCustomShareInit function| blogRecentNewsInit function| blogSideImageUpdate function| blogSideImageInit function| cancelEvent function| trackDlClick undefined| toTopWrapEl undefined| toTopEl object| pageContentWrapEl undefined| curVisible boolean| curShown function| backToTopInit function| backToTopGo function| backToTopResize function| backToTopScroll function| removePreloadInit function| getXY undefined| onDdBodyClick undefined| currentDd function| dropdownClick function| dropdownHide function| dropdownPageClick function| escapeHTML function| videoTogglePlay function| getDevPageNav function| showTitleIfOverflows function| initDevPageNav function| updateDevPageNav function| updateMenuAffix function| initScrollVideos function| checkScrollVideos function| videoPreloadPosterDimensions function| isVisibleEnough function| getFullOffsetY function| redraw function| initRipple function| mainInitRetinaVideos function| mainInitDemoAutoplay function| mainDemoVideoHover function| mainDemoVideoDoHover function| mainInitLogo function| mainInitTgStickers function| mainScrollTo function| setCookie33 object| elem

5 Cookies

Domain/Path Name / Value
.download-telegram.app/ Name: prfasessid
Value: ec813f7c4fcab688e4c52effed8334188e2784794318c89a2e4df2b456a7fb3b
desktop.download-telegram.app/ Name: stel_ssid
Value: f340a9db81db0265c4_7855044257576636232
desktop.download-telegram.app/ Name: extspecck_v9u382hIMpq0MS2palcm
Value: 0
desktop.download-telegram.app/ Name: extspecck_9cj328JSmqOote92K3av
Value: 5047228
desktop.download-telegram.app/ Name: FPID
Value: 078d5f5fd34fcc8ca2626115fbd4c3ca