support-telegram.info Open in urlscan Pro
2606:4700:3033::ac43:d31e Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://support-telegram.info/rmo8msiT
Submission: On September 28 via automatic, source openphish (September 28th 2024, 1:23:21 pm UTC) — Scanned from CA

Summary HTTP 18 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3033::ac43:d31e, located in United States and belongs to CLOUDFLARENET, US. The main domain is support-telegram.info.
TLS certificate: Issued by WE1 on September 22nd 2024. Valid for: 3 months.

This is the only time support-telegram.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
15	2606:4700:303... 2606:4700:3033::ac43:d31e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:400... 2a04:4e42:400::729	54113 (FASTLY) (FASTLY)
18	3

15 2606:4700:3033::ac43:d31e (United States)

ASN13335 (CLOUDFLARENET, US)

support-telegram.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::729 (United States)

ASN54113 (FASTLY, US)

js.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	support-telegram.info support-telegram.info	189 KB
1	sentry-cdn.com js.sentry-cdn.com — Cisco Umbrella Rank: 5616	2 KB
18	2

	Domain	Requested by
15	support-telegram.info	support-telegram.info
1	js.sentry-cdn.com	support-telegram.info
18	2

This site contains links to these domains. Also see Links.

Domain
telegram.org

Subject Issuer	Validity	Valid
support-telegram.info WE1	`2024-09-22` - `2024-12-21`	3 months	crt.sh
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA 2024 Q2	`2024-06-04` - `2025-07-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://support-telegram.info/rmo8msiT
Frame ID: C0797C6FC1C24572A0F95D31214D2D0F
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telegram

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

18
Requests

89 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

191 kB
Transfer

642 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://telegram.org/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request rmo8msiT Show response
support-telegram.info/ 8 KB
4 KB 1025ms
529ms Document
text/html 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/rmo8msiT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8db577334cc1476d2532de57e0ca27a30f5f0918186dc7eebd000d19c31e00d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8ca40bff99f9ac2e-YYZ
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 28 Sep 2024 13:23:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MgzTOJbyf67UxWeNoAPyTyW0qQuk6e3PJWkpi6xgYW%2BlPf%2Fw4%2F5Jc3z8QxRODPvYE86%2Fr2h0Sa89MP0H5PX0TgFgi52o4KxlR2uEodjCvo8dDvHUsbXjARiXbVjCR9piymnSJkawYqq9KBJJ1qv5G6YiD4Q%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Origin
x-railway-request-id: r4VJUeGYQPqromidH12lzQ_3118653284
x-request-start: 1727529794554

GET
H3 200 speculation
support-telegram.info/cdn-cgi/ 128 B
563 B 49ms
49ms Other
application/speculationrules+json 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://support-telegram.info
Referer: https://support-telegram.info/rmo8msiT

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=21ES%2BDADBJZdnrNgNExBBUyorceJhA%2BozmCuwjXlbhK3jNZjepEAmU9fddRh7e7sNefNwBXzKffSl9F6nxaOaP3QwFJKiLNixdPMlTcAbvsK9jCbOgpSJ%2B95BwP2XEXzybnOQnxLd%2FJGw1fbvAkfegPpMiw%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ca40c02fcd1ac2e-YYZ
access-control-allow-origin: https://support-telegram.info
content-length: 128
date: Sat, 28 Sep 2024 13:23:15 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

GET
H3 200 font-roboto.css
support-telegram.info/static/css/ 496 B
758 B 370ms
369ms Stylesheet
text/css 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/static/css/font-roboto.css?1
Requested by: Host: support-telegram.info
URL: https://support-telegram.info/rmo8msiT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 703414937509316b779f2c21df64e2c3a5d18edea349afd4cae2cfed787e37cf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://support-telegram.info/rmo8msiT

Response headers

content-encoding: br
x-request-start: 1727518447626
etag: W/"1727435298.0-496-570953407"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tfNQQjgA%2Br1e%2BJwDlVGx2TbFsyqg22rZFH0%2FGTtY1M8wrDCwNTl4ghrUUlMbmijXaR%2BEr9eWxPIt9KkfCFDFvo6ZZQp%2F5ZrxsCBq19mhlQ7P4gN3dbpTbB87xofqWmWY2hxlGnAwGKx3F48zmVFE2cxVJ54%3D"}],"group":"cf-nel","max_age":604800}
expires: Sat, 28 Sep 2024 13:23:15 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 28 Sep 2024 13:23:15 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 27 Sep 2024 11:08:18 GMT
vary: Origin, Accept-Encoding
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8ca40c02fcd2ac2e-YYZ
x-railway-request-id: YnhXuEWISXKekfZODhmupg_2020806880
server: cloudflare

GET
H3 200 bootstrap.min.css
support-telegram.info/static/css/ 42 KB
9 KB 210ms
209ms Stylesheet
text/css 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/static/css/bootstrap.min.css?3
Requested by: Host: support-telegram.info
URL: https://support-telegram.info/rmo8msiT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://support-telegram.info/rmo8msiT

Response headers

server: cloudflare
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-request-start: 1727518447626
etag: W/"1727435298.0-42523-1116147606"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hB2Ycp3BBHxrZ2uR1lJ1qMV3hwZWG0py2rKOMAd21ZED%2Bpeo7JjfChgvzN0kCancDLlFna7bKG4zxHCla7B0hpgvEkV1%2BPFyi6344kWb7UAZuKdFdyfhtHwOux%2FIcrYbuiFuRBrl0bnfSlVNPvbFFcAxgMc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ca40c02fcd5ac2e-YYZ
expires: Sat, 28 Sep 2024 13:23:15 GMT
date: Sat, 28 Sep 2024 13:23:15 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 27 Sep 2024 11:08:18 GMT
vary: Origin, Accept-Encoding
x-railway-request-id: C2Hv0CpHToG4mwFNuU4Mng_1654200396

GET
H3 200 telegram.css
support-telegram.info/static/css/ 112 KB
23 KB 426ms
424ms Stylesheet
text/css 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/static/css/telegram.css?236
Requested by: Host: support-telegram.info
URL: https://support-telegram.info/rmo8msiT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8a29b30af2c9c3572c146c7d2f5682539de517452043b31671650fabd177e16

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://support-telegram.info/rmo8msiT

Response headers

server: cloudflare
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-request-start: 1727518447625
etag: W/"1727435298.0-114877-4152167831"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o2Cd54IAQm7tcYf3Y8NR6sCKKSvOI%2B%2FrxIHcHuva33HS2GZnLQa3RJAigtwT9NwLurjO6HZnQGHJx0ViocM4KQ2n0VIRQElqhz61nZ5S%2FIi6WgkWRA2KDTk21ZhMAEQoLptjuweOZTUN1U3gFy%2FQZ0VAtDI%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ca40c02fcd7ac2e-YYZ
expires: Sat, 28 Sep 2024 13:23:15 GMT
date: Sat, 28 Sep 2024 13:23:15 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 27 Sep 2024 11:08:18 GMT
vary: Origin, Accept-Encoding
x-railway-request-id: lAzWJFeSRkiocmTg_-eUTg_882434190

GET
H3 200 t-me.css
support-telegram.info/static/css/ 12 KB
4 KB 385ms
384ms Stylesheet
text/css 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/static/css/t-me.css?1
Requested by: Host: support-telegram.info
URL: https://support-telegram.info/rmo8msiT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7002cf14e93caeb4f4b35a4eb66cf64ae7648aeb16d832f14909c0cf6770ceb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://support-telegram.info/rmo8msiT

Response headers

server: cloudflare
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-request-start: 1727518447629
etag: W/"1727435314.0-12720-3243903929"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=79VJyvBwWDObudGjT8bWx33hmzm%2BA22sxmo9eMFnQ2r9eSULZm3VbZFvGnc5Z4FriBwojWYRk5%2B0FwWTIhXHMswQYSJUMb%2F9g%2Fl%2BSdlNCL9oRvFQTEhgsl4HbYsHXuvXrUTAXKDNMmd%2BW30jLUP2qtEo%2BHE%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ca40c02fcd8ac2e-YYZ
expires: Sat, 28 Sep 2024 13:23:15 GMT
date: Sat, 28 Sep 2024 13:23:15 GMT
content-type: text/css; charset=utf-8
last-modified: Fri, 27 Sep 2024 11:08:34 GMT
vary: Origin, Accept-Encoding
x-railway-request-id: 17WhJkdPR8qklKN-sSFCkA_2020806880

GET
H2 200 c32279e5d12a9c56dda2825ef85cacce.min.js Show response
js.sentry-cdn.com/ 3 KB
2 KB 270ms
70ms Script
text/javascript 2a04:4e42:400::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.sentry-cdn.com/c32279e5d12a9c56dda2825ef85cacce.min.js

Requested by

Host: support-telegram.info
URL: https://support-telegram.info/rmo8msiT

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b8a388ae094ee29d199f82e532de1dada9fd99098a75ad86265299b35a0bdc4a

Security Headers

Name	Value
Content-Security-Policy	media-src ; frame-ancestors 'self' .sentry.io; worker-src blob:; style-src * 'unsafe-inline'; object-src 'none'; connect-src 'self' .algolia.net .algolianet.com .algolia.io sentry.io .sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; base-uri 'none'; script-src 'self' 'unsafe-inline' 'report-sample' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; img-src * blob: data:; font-src * data:; default-src 'none'; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=8bf7e1e3be87c491d1d520b0b483ff4e769c2a9e
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://support-telegram.info
Referer: https://support-telegram.info/

Response headers

content-encoding: gzip
age: 7987
x-envoy-attempt-count: 1
x-content-type-options: nosniff
date: Sat, 28 Sep 2024 13:23:15 GMT
content-type: text/javascript
x-served-by: getsentry-web-default-common-production-547c748d-h4j7w, cache-chi-kigq8000146-CHI, cache-yyz4539-YYZ
vary: Accept-Encoding
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: media-src *; frame-ancestors 'self' *.sentry.io; worker-src blob:; style-src * 'unsafe-inline'; object-src 'none'; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io sentry.io *.sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; base-uri 'none'; script-src 'self' 'unsafe-inline' 'report-sample' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; img-src * blob: data:; font-src * data:; default-src 'none'; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=8bf7e1e3be87c491d1d520b0b483ff4e769c2a9e
cache-control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
timing-allow-origin: *
x-envoy-upstream-service-time: 27
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1298
x-xss-protection: 1; mode=block

GET
H3 200 tgwallpaper.min.js Show response
support-telegram.info/static/js/ 3 KB
2 KB 419ms
418ms Script
text/javascript 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/static/js/tgwallpaper.min.js?3
Requested by: Host: support-telegram.info
URL: https://support-telegram.info/rmo8msiT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://support-telegram.info/rmo8msiT

Response headers

server: cloudflare
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-request-start: 1727518447627
etag: W/"1727435298.0-2979-1109200771"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WlKaU8GBjOuZV0aRlNjtxUv3CCJ5zQEQe7yzUHtmcSeORKQZqsGjeLpXlC07MEqbxXFKBmSoiODcwG5kF8A0GLcw0kkAjCs5EIZVj6enWy8yzaAd2xnaIymuvvw216kg4Vq9Fu5Uy5BRtOuc7PLfNNUqabM%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ca40c02fcd9ac2e-YYZ
expires: Sat, 28 Sep 2024 13:23:15 GMT
date: Sat, 28 Sep 2024 13:23:15 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 27 Sep 2024 11:08:18 GMT
vary: Origin, Accept-Encoding
x-railway-request-id: pUUYieaVTpymBWgEKbVa1Q_603524580

GET
H3 200 t-me.js Show response
support-telegram.info/static/js/ 233 KB
72 KB 481ms
481ms Script
text/javascript 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/static/js/t-me.js?00df1eb6b9b9449185e185a88bb6950e
Requested by: Host: support-telegram.info
URL: https://support-telegram.info/rmo8msiT
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4166d026d4ccd190d14d8f2c5a38182abf52ecd0cc19cb972c0460d2824beaca

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://support-telegram.info/rmo8msiT

Response headers

server: cloudflare
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-request-start: 1727518447652
etag: W/"1727435313.0-238090-2847738593"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E6IG80SZVpOXyvn625ChoCh7AJ3mFQPNhHvDj%2FBiq2OAxTiGxwlU6KfhrySonMUtsuHKUZBUrXP%2B0bXLMB%2BzMRz4To3RafSHXqldlFQX0fF8MBKEqX%2FZWgAJqpmXYOZEjqHjveUWjcyJtNKRrMEWMyUoczU%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ca40c038d51ac2e-YYZ
expires: Sat, 28 Sep 2024 13:23:15 GMT
date: Sat, 28 Sep 2024 13:23:15 GMT
content-type: text/javascript; charset=utf-8
last-modified: Fri, 27 Sep 2024 11:08:33 GMT
vary: Origin, Accept-Encoding
x-railway-request-id: SICOaDwXS7CzFGTeOfqqTw_1654200396

GET
H3 200 pattern.svg
support-telegram.info/static/img/tgme/ 226 KB
69 KB 317ms
317ms Image
image/svg+xml 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://support-telegram.info/static/img/tgme/pattern.svg
Requested by: Host: support-telegram.info
URL: https://support-telegram.info/static/css/telegram.css?236
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://support-telegram.info/static/css/telegram.css?236

Response headers

server: cloudflare
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-request-start: 1727518448370
etag: W/"1727435298.0-231706-810422043"
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1EcrZlZIFkqE%2Bu0vpqHFz3w3vM%2FND8eAs0RdZDqyys0lj%2Fh5hIk0Hn7jgWxds2DUa1aLtFaNLLWe9VyCVWuOqoc7naZush6E%2F%2FzCea8hIIv9ceZ%2BRsGsaB81dhVzjIGRdyA9FHiTOO%2BD%2BrkU5giPd35%2FkDI%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ca40c077882ac2e-YYZ
expires: Sat, 28 Sep 2024 13:23:15 GMT
date: Sat, 28 Sep 2024 13:23:16 GMT
content-type: image/svg+xml; charset=utf-8
last-modified: Fri, 27 Sep 2024 11:08:18 GMT
vary: Origin, Accept-Encoding
x-railway-request-id: T33HZb8gSv6IeDC_bb4Lpg_2020806880

POST
H3 500 request_code Show response
support-telegram.info/api/ 265 B
725 B 2669ms
2668ms Fetch
text/html 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/api/request_code
Requested by: Host: support-telegram.info
URL: https://support-telegram.info/static/js/t-me.js?00df1eb6b9b9449185e185a88bb6950e
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae5163256b944013e27cbef0d2bcd33a6dacbb92463509f91d5f3df782142910

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type: application/json
Referer: https://support-telegram.info/rmo8msiT

Response headers

access-control-expose-headers: ""
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-request-start: 1727529795948
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lPnG6wvDljDdt6wNvimoMXGZ9NLLD69wOhKZm2%2BsUoQq%2Fapv22dujoD0CkHfK8M%2Bwfa2QRuxyr8e2qtk%2FpSNEfVq7a75IfyQCONv3AlI0pqf1rfsmKB57KE9wJgcWLPn%2BXsqQXQ9gCI26hSpn3%2FmpE5xTtw%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ca40c089960ac2e-YYZ
access-control-allow-origin: *
date: Sat, 28 Sep 2024 13:23:18 GMT
content-type: text/html; charset=utf-8
x-railway-request-id: NX12Um1KQ_enb-E9jfMjEw_3118653284
server: cloudflare

POST
H3 204 track
support-telegram.info/api/ 0
448 B 439ms
437ms Ping
text/html 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/api/track
Requested by: Host: support-telegram.info
URL: https://support-telegram.info/static/js/t-me.js?00df1eb6b9b9449185e185a88bb6950e
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary6IOoDA6fGMGVLffw
Referer: https://support-telegram.info/rmo8msiT

Response headers

access-control-expose-headers: ""
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-request-start: 1727529795950
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MtKNgVTwolC%2FutmmVE4jSBpV%2BYbVurdtxpVduVp8iJbca5UREQeMLnyBoLAmDWLBwQ5t8kKxjjnDaFQ4karXTPufwSRX6uWhpCj6zwL5RNRfOaQyoef5vLt17Wf1ZSsqra3OkA2jXPtAbklrkLu3RD%2BJKZY%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ca40c089961ac2e-YYZ
access-control-allow-origin: *
date: Sat, 28 Sep 2024 13:23:16 GMT
content-type: text/html; charset=utf-8
x-railway-request-id: 1RfnNuLAQxilIpCHt1tPOA_3118653284
server: cloudflare

GET
H3 404 favicon.ico
support-telegram.info/static/img/ 207 B
666 B 415ms
415ms Other
text/html 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/static/img/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e9639e3c4681ce85f852fbac48e2eeee5ba51296dbfec57c200d59b76237ab80

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://support-telegram.info/rmo8msiT

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: EXPIRED
x-request-start: 1727529796216
speculation-rules: "/cdn-cgi/speculation"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NQsmXVgnrVeCdNawTAFmWFifv26IrpYzNnbgrrDefK6OuJ9T7DJWg69cnw%2BfwGb0MHujHuVPkw%2Fa4yYqu9WMXrvQQNTq3%2FfFdVO4NTSsve%2B93zCSAuuKpUt884JR9gPcRu2T28BweKqFR%2FDYL0k516OdP5w%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ca40c09fa77ac2e-YYZ
date: Sat, 28 Sep 2024 13:23:16 GMT
content-type: text/html; charset=utf-8
vary: Origin, Accept-Encoding
server: cloudflare
x-railway-request-id: C8W3D4bZSjuybd9CP1GKIQ_3165824431

GET
H3 200 website_icon.svg
support-telegram.info/static/img/ 2 KB
2 KB 394ms
393ms Other
image/svg+xml 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/static/img/website_icon.svg?4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 02539f76cf915f40b75a4d9a9006b65265e533f21a6606f1ecb7186280b9a525

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://support-telegram.info/rmo8msiT

Response headers

server: cloudflare
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-request-start: 1727529796646
etag: W/"1727435298.0-1870-844304188"
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j27rUX8lbilf%2F2UItoNieDpKuWql2fU4ZOnJmgjgVMl%2BhPoTfpok0RqxQ8J3SDLcdakePPeCmYJvEozHxeqedl0u%2B%2Bo9zUm2suznGLdf%2BeczjyWMoF9%2FXh5eIGnNM6VUS3RuhZiZIiVBZnDI65LszHz1fGo%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ca40c0cad2dac2e-YYZ
expires: Sat, 28 Sep 2024 13:23:16 GMT
date: Sat, 28 Sep 2024 13:23:16 GMT
content-type: image/svg+xml; charset=utf-8
last-modified: Fri, 27 Sep 2024 11:08:18 GMT
vary: Origin, Accept-Encoding
x-railway-request-id: AB7D3q8TSFibsD4qK6T0Cw_2020806880

POST
H3 204 track
support-telegram.info/api/ 0
455 B 464ms
464ms Ping
text/html 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/api/track
Requested by: Host: support-telegram.info
URL: https://support-telegram.info/static/js/t-me.js?00df1eb6b9b9449185e185a88bb6950e
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryu9cBOl1sluK50ktI
Referer: https://support-telegram.info/rmo8msiT

Response headers

access-control-expose-headers: ""
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-request-start: 1727529798640
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2BH%2F4aq5UprJOfpfIVh6W9Yi8fXDeRS8Nonjsju49Qew%2B8zxcnh6CvXB5KvADLVVZwZxM34Pok4RocnHJ9%2FWp%2BY%2BXU6pcNLK1Q1f7gnOTmymZljYs%2BRTGePTyGlmlqe27r5aDH5egO4K70TK%2BCn601hWdv8%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ca40c196f09ac2e-YYZ
access-control-allow-origin: *
date: Sat, 28 Sep 2024 13:23:18 GMT
content-type: text/html; charset=utf-8
x-railway-request-id: qAB82as5SKmv7DmuVMVCUw_3118653284
server: cloudflare

POST request_code
support-telegram.info/api/ 0
0

POST
H3 204 track
support-telegram.info/api/ 0
454 B 259ms
258ms Ping
text/html 2606:4700:3033::ac43:d31e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://support-telegram.info/api/track
Requested by: Host: support-telegram.info
URL: https://support-telegram.info/static/js/t-me.js?00df1eb6b9b9449185e185a88bb6950e
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:d31e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryjCBpPzUtorYqvegA
Referer: https://support-telegram.info/rmo8msiT

Response headers

access-control-expose-headers: ""
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-request-start: 1727529799923
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ErJzc00jUbdITkBNjP91guj5XnmnstpPdC1oOOVWqoLgDOafx6E7nQSZRbeARxTExmLhsPT4l27qZoe44h3Pp8RM%2BrnNz%2BHPNiDETMAdNydnc%2Bp7mHGwZpj3iR78zG%2F47cSkb%2BGlvc%2FWjt8BcSo6NIODXA4%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8ca40c216d55ac2e-YYZ
access-control-allow-origin: *
date: Sat, 28 Sep 2024 13:23:20 GMT
content-type: text/html; charset=utf-8
x-railway-request-id: LRRH9ZRRQTurukYzYlzSRA_3118653284
server: cloudflare

POST request_code
support-telegram.info/api/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: support-telegram.info
URL: https://support-telegram.info/api/request_code

Domain: support-telegram.info
URL: https://support-telegram.info/api/request_code

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://support-telegram.info/static/img/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://support-telegram.info/api/request_code Message: Failed to load resource: the server responded with a status of 500 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

js.sentry-cdn.com
support-telegram.info
support-telegram.info
2606:4700:3033::ac43:d31e
2a04:4e42:400::729
02539f76cf915f40b75a4d9a9006b65265e533f21a6606f1ecb7186280b9a525
118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6
4166d026d4ccd190d14d8f2c5a38182abf52ecd0cc19cb972c0460d2824beaca
703414937509316b779f2c21df64e2c3a5d18edea349afd4cae2cfed787e37cf
a8a29b30af2c9c3572c146c7d2f5682539de517452043b31671650fabd177e16
ae5163256b944013e27cbef0d2bcd33a6dacbb92463509f91d5f3df782142910
b8a388ae094ee29d199f82e532de1dada9fd99098a75ad86265299b35a0bdc4a
c7002cf14e93caeb4f4b35a4eb66cf64ae7648aeb16d832f14909c0cf6770ceb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9639e3c4681ce85f852fbac48e2eeee5ba51296dbfec57c200d59b76237ab80
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3
f8db577334cc1476d2532de57e0ca27a30f5f0918186dc7eebd000d19c31e00d

support-telegram.info Open in urlscan Pro 2606:4700:3033::ac43:d31e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

89 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

191 kBTransfer

642 kBSize

0 Cookies

1 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

support-telegram.info Open in urlscan Pro
2606:4700:3033::ac43:d31e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

89 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

191 kB
Transfer

642 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!