tg.teiegrom.co Open in urlscan Pro
2600:9000:2479:2800:15:f2b8:cd40:93a1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://teiegram-org.vip/
Effective URL:
https://tg.teiegrom.co/
Submission: On October 05 via api (October 5th 2024, 1:06:11 am UTC) from CN — Scanned from US

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 20 HTTP transactions. The main IP is 2600:9000:2479:2800:15:f2b8:cd40:93a1, located in United States and belongs to AMAZON-02, US. The main domain is tg.teiegrom.co.
TLS certificate: Issued by Amazon RSA 2048 M02 on September 28th 2024. Valid for: a year.

This is the only time tg.teiegrom.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
1 2	172.65.235.97 172.65.235.97	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2600:9000:247... 2600:9000:2479:2800:15:f2b8:cd40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2001:67c:4e8:... 2001:67c:4e8:f004::9	62041 (TELEGRAM) (TELEGRAM)
20	4

2 172.65.235.97 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

teiegram-org.vip	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:9000:2479:2800:15:f2b8:cd40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tg.teiegrom.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:67c:4e8:f004::9 (Amsterdam, Netherlands)

ASN62041 (TELEGRAM, VG)

t.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
telegram.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	teiegrom.co tg.teiegrom.co	480 KB
2	teiegram-org.vip 1 redirects teiegram-org.vip	456 B
1	telegram.me telegram.me — Cisco Umbrella Rank: 39410	359 B
1	t.me t.me — Cisco Umbrella Rank: 15896	359 B
20	4

	Domain	Requested by
12	tg.teiegrom.co	teiegram-org.vip tg.teiegrom.co
2	teiegram-org.vip	1 redirects
1	telegram.me	tg.teiegrom.co
1	t.me	tg.teiegrom.co
20	4

This site contains no links.

Subject Issuer	Validity	Valid
tg.teiegrom.co Amazon RSA 2048 M02	`2024-09-28` - `2025-10-27`	a year	crt.sh
*.t.me Go Daddy Secure Certificate Authority - G2	`2023-10-06` - `2024-11-06`	a year	crt.sh
*.telegram.me Go Daddy Secure Certificate Authority - G2	`2023-09-20` - `2024-10-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://tg.teiegrom.co/
Frame ID: 5BF1A5657EAD3985A410023CA7021DC1
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telegram

Page URL History Show full URLs

http://teiegram-org.vip/ HTTP 307
https://teiegram-org.vip/ HTTP 307
http://teiegram-org.vip/ Page URL
http://teiegram-org.vip/ HTTP 301
https://tg.teiegrom.co/ Page URL

Page Statistics

20
Requests

70 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

481 kB
Transfer

838 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://teiegram-org.vip/ HTTP 307
https://teiegram-org.vip/ HTTP 307
http://teiegram-org.vip/ Page URL
http://teiegram-org.vip/ HTTP 301
https://tg.teiegrom.co/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://teiegram-org.vip/ HTTP 307
https://teiegram-org.vip/ HTTP 307
http://teiegram-org.vip/

20 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

503
Service Temporarily Unavailable

/
teiegram-org.vip/
Redirect Chain

http://teiegram-org.vip/
https://teiegram-org.vip/
http://teiegram-org.vip/

55 B
307 B

213ms
212ms

Document
text/html

172.65.235.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://teiegram-org.vip/
Protocol: HTTP/1.1
Server: 172.65.235.97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Content-Type: text/html
Date: Sat, 05 Oct 2024 01:06:01 GMT
Transfer-Encoding: chunked

Redirect headers

Location: http://teiegram-org.vip/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2

200

Primary Request / Show response
tg.teiegrom.co/
Redirect Chain

http://teiegram-org.vip/
https://tg.teiegrom.co/

3 KB
1 KB

1560ms
1080ms

Document
text/html

2600:9000:2479:2800:15:f2b8:cd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.teiegrom.co/

Requested by

Host: teiegram-org.vip
URL: http://teiegram-org.vip/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2479:2800:15:f2b8:cd40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

223da9c0eb6bcf6300baa6b79a0b994a9d14a2e04bb414b4f1bdcf4a482e6ba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://teiegram-org.vip/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html
date: Sat, 05 Oct 2024 01:06:02 GMT
etag: W/"65ed7ea2-c50"
last-modified: Sun, 10 Mar 2024 09:34:26 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding
via: 1.1 c49971ad4f76a00082eb4f604c635cba.cloudfront.net (CloudFront)
x-amz-cf-id: 9xNOydjtTCdPk5SFWppdBpFif4CejYVwvyRdhhkULBxgV0J9nCpTQA==
x-amz-cf-pop: IAD61-P3
x-cache: Miss from cloudfront

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Sat, 05 Oct 2024 01:06:01 GMT
Location: https://tg.teiegrom.co/

GET
H2 200 compatTest.js Show response
tg.teiegrom.co/ 927 B
1 KB 980ms
980ms Script
application/javascript 2600:9000:2479:2800:15:f2b8:cd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.teiegrom.co/compatTest.js

Requested by

Host: tg.teiegrom.co
URL: https://tg.teiegrom.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2479:2800:15:f2b8:cd40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

c4691c694cc9ec2c292557bab2b88f1c7476b56b1eb4df50340264b0efb9db4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://tg.teiegrom.co/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
etag: "65a99438-39f"
via: 1.1 c49971ad4f76a00082eb4f604c635cba.cloudfront.net (CloudFront)
expires: Sat, 05 Oct 2024 13:06:03 GMT
accept-ranges: bytes
x-cache: Miss from cloudfront
content-length: 927
x-amz-cf-id: q_HRr6QSK0cmD3ldShyqRxjX07AblA0vcz8kmueZcAXmj40Yzi_pig==
date: Sat, 05 Oct 2024 01:06:03 GMT
content-type: application/javascript
last-modified: Thu, 18 Jan 2024 21:12:24 GMT
server: nginx
x-amz-cf-pop: IAD61-P3

GET
H2 200 redirect.js Show response
tg.teiegrom.co/ 325 B
721 B 585ms
585ms Script
application/javascript 2600:9000:2479:2800:15:f2b8:cd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.teiegrom.co/redirect.js

Requested by

Host: tg.teiegrom.co
URL: https://tg.teiegrom.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2479:2800:15:f2b8:cd40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://tg.teiegrom.co/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
etag: "65a99438-145"
via: 1.1 c49971ad4f76a00082eb4f604c635cba.cloudfront.net (CloudFront)
expires: Sat, 05 Oct 2024 13:06:04 GMT
accept-ranges: bytes
x-cache: Miss from cloudfront
content-length: 325
x-amz-cf-id: qJI1yjhXaLt_tUXTwOQt6lun-_0r6dESZvppRTqZmDxDaR_xG7r-OQ==
date: Sat, 05 Oct 2024 01:06:04 GMT
content-type: application/javascript
last-modified: Thu, 18 Jan 2024 21:12:24 GMT
server: nginx
x-amz-cf-pop: IAD61-P3

GET
H2 200 main.bcfddf515958c318bae6.js Show response
tg.teiegrom.co/ 373 KB
141 KB 1158ms
1157ms Script
application/javascript 2600:9000:2479:2800:15:f2b8:cd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.teiegrom.co/main.bcfddf515958c318bae6.js

Requested by

Host: tg.teiegrom.co
URL: https://tg.teiegrom.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2479:2800:15:f2b8:cd40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f56d5738199119a77e48d096372c4ec2269d95dd142e808eb78161bfae7e01de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://tg.teiegrom.co/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"66ffff8b-5d5b5"
via: 1.1 c49971ad4f76a00082eb4f604c635cba.cloudfront.net (CloudFront)
expires: Sat, 05 Oct 2024 13:06:05 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: Z2fG5fkGAhSeNZSVfPQSlWyky8snJtonJ-FSSIrGoLbkPUwW8omg2g==
date: Sat, 05 Oct 2024 01:06:05 GMT
content-type: application/javascript
last-modified: Fri, 04 Oct 2024 14:45:31 GMT
server: nginx
x-amz-cf-pop: IAD61-P3
vary: Accept-Encoding

GET
H2 200 main.4087993f942398d56511.css
tg.teiegrom.co/ 107 KB
26 KB 1258ms
1258ms Stylesheet
text/css 2600:9000:2479:2800:15:f2b8:cd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.teiegrom.co/main.4087993f942398d56511.css

Requested by

Host: tg.teiegrom.co
URL: https://tg.teiegrom.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2479:2800:15:f2b8:cd40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

09cca783b2738e3dacfc2bf7fb8dab72c2b1886924b2af42474a2c336819ce6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://tg.teiegrom.co/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"65ed60ac-1aab5"
via: 1.1 c49971ad4f76a00082eb4f604c635cba.cloudfront.net (CloudFront)
expires: Sat, 05 Oct 2024 13:06:05 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: BQChRW_V3bzmPcJJnE4jvPYOkvCmtg0WSN8c7K8wax3ZrCTEGRgV_Q==
date: Sat, 05 Oct 2024 01:06:05 GMT
content-type: text/css
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
server: nginx
x-amz-cf-pop: IAD61-P3
vary: Accept-Encoding

GET
H2 200 chat-bg-br.f34cc96fbfb048812820.png
tg.teiegrom.co/ 2 KB
2 KB 599ms
598ms Image
image/png 2600:9000:2479:2800:15:f2b8:cd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tg.teiegrom.co/chat-bg-br.f34cc96fbfb048812820.png

Requested by

Host: tg.teiegrom.co
URL: https://tg.teiegrom.co/main.4087993f942398d56511.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2479:2800:15:f2b8:cd40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

3151f7930d821bccf4a76cbbe4a3533e2b56bdff696f260c864ab639ac7526ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://tg.teiegrom.co/main.4087993f942398d56511.css

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=2592000
content-encoding: gzip
etag: W/"65ec2788-780"
via: 1.1 c49971ad4f76a00082eb4f604c635cba.cloudfront.net (CloudFront)
expires: Mon, 04 Nov 2024 01:06:06 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: VVlf9EHxUsFsDHE7bZL9EdlAmkj8UjewA7RdMKDj6gVTDRc_i310zQ==
date: Sat, 05 Oct 2024 01:06:06 GMT
content-type: image/png
last-modified: Sat, 09 Mar 2024 09:10:32 GMT
server: nginx
x-amz-cf-pop: IAD61-P3
vary: Accept-Encoding

GET
H2 200 chat-bg-pattern-light.ee148af944f6580293ae.png
tg.teiegrom.co/ 266 KB
267 KB 822ms
821ms Image
image/png 2600:9000:2479:2800:15:f2b8:cd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tg.teiegrom.co/chat-bg-pattern-light.ee148af944f6580293ae.png

Requested by

Host: tg.teiegrom.co
URL: https://tg.teiegrom.co/main.4087993f942398d56511.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2479:2800:15:f2b8:cd40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

00745db819d91c37bf0f59bee00ab2efe9766fddcb726ff1bcb6847748b2bbc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://tg.teiegrom.co/main.4087993f942398d56511.css

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=2592000
content-encoding: gzip
etag: W/"65ec2788-429eb"
via: 1.1 c49971ad4f76a00082eb4f604c635cba.cloudfront.net (CloudFront)
expires: Mon, 04 Nov 2024 01:06:06 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: E7SEZyciIjBWxU5fKYSsIHsxz6HQeeB05gEJUB33LgMBvkVxGEYw7w==
date: Sat, 05 Oct 2024 01:06:06 GMT
content-type: image/png
last-modified: Sat, 09 Mar 2024 09:10:32 GMT
server: nginx
x-amz-cf-pop: IAD61-P3
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ 307 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e253d3f513bbf831c7e7da3e513cf8d4177f7f398c1fad87809d393a58c1697

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 206 notification.mp3
tg.teiegrom.co/ 11 KB
11 KB 1005ms
1005ms Media
audio/mpeg 2600:9000:2479:2800:15:f2b8:cd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.teiegrom.co/notification.mp3

Requested by

Host: tg.teiegrom.co
URL: https://tg.teiegrom.co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2479:2800:15:f2b8:cd40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://tg.teiegrom.co/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Range: bytes=0-

Response headers

strict-transport-security: max-age=31536000
etag: "65a99438-2a80"
Content-Range: bytes 0-10879/10880
via: 1.1 c49971ad4f76a00082eb4f604c635cba.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
Content-Length: 10880
x-amz-cf-id: 0TKq6f4FPVGNO7DqGbON0PNUJqAGc7_ZWzJu_lqWWaAlTguMB8GBSA==
date: Sat, 05 Oct 2024 01:06:07 GMT
content-type: audio/mpeg
last-modified: Thu, 18 Jan 2024 21:12:24 GMT
server: nginx
x-amz-cf-pop: IAD61-P3

GET
H2 200 _websync_ Show response
t.me/ 4 B
359 B 664ms
208ms Script
application/json 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://t.me/_websync_?authed=0&version=10.4.5+A

Requested by

Host: tg.teiegrom.co
URL: https://tg.teiegrom.co/main.bcfddf515958c318bae6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Security Headers

Name	Value
Strict-Transport-Security	max-age=35768000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://tg.teiegrom.co/

Response headers

strict-transport-security: max-age=35768000
cache-control: no-store
content-encoding: gzip
pragma: no-cache
content-length: 24
date: Sat, 05 Oct 2024 01:06:06 GMT
content-type: application/json; charset=utf-8
server: nginx/1.18.0

GET
H2 200 _websync_ Show response
telegram.me/ 4 B
359 B 624ms
209ms Script
application/json 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.me/_websync_?authed=0&version=10.4.5+A

Requested by

Host: tg.teiegrom.co
URL: https://tg.teiegrom.co/main.bcfddf515958c318bae6.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Security Headers

Name	Value
Strict-Transport-Security	max-age=35768000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://tg.teiegrom.co/

Response headers

strict-transport-security: max-age=35768000
cache-control: no-store
content-encoding: gzip
pragma: no-cache
content-length: 24
date: Sat, 05 Oct 2024 01:06:06 GMT
content-type: application/json; charset=utf-8
server: nginx/1.18.0

GET
H2 200 6839.01a53cbedf5d86d252ec.js Show response
tg.teiegrom.co/ 45 KB
15 KB 1077ms
1076ms Script
application/javascript 2600:9000:2479:2800:15:f2b8:cd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.teiegrom.co/6839.01a53cbedf5d86d252ec.js

Requested by

Host: tg.teiegrom.co
URL: https://tg.teiegrom.co/main.bcfddf515958c318bae6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2479:2800:15:f2b8:cd40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

f693fccbb0f64594079d492db05d3bced69a6c6cab7514d4b78733570fd592a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://tg.teiegrom.co/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"65ed60ac-b2ba"
via: 1.1 c49971ad4f76a00082eb4f604c635cba.cloudfront.net (CloudFront)
expires: Sat, 05 Oct 2024 13:06:07 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: dplJhsLjuE-JSZo-Oknxi5N16mVjUNwB1mKBoZw0v0HX7T68UOao-A==
date: Sat, 05 Oct 2024 01:06:07 GMT
content-type: application/javascript
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
server: nginx
x-amz-cf-pop: IAD61-P3
vary: Accept-Encoding

GET
H2 200 3748.0fa60c5a44d4b42a0115.js Show response
tg.teiegrom.co/ 10 KB
4 KB 1089ms
1088ms Script
application/javascript 2600:9000:2479:2800:15:f2b8:cd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.teiegrom.co/3748.0fa60c5a44d4b42a0115.js

Requested by

Host: tg.teiegrom.co
URL: https://tg.teiegrom.co/main.bcfddf515958c318bae6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2479:2800:15:f2b8:cd40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

46ff1f7377f83f6826433319f1a08efbebd39b4eef483c4924416a80df01a73c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://tg.teiegrom.co/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"65ed60ac-266a"
via: 1.1 c49971ad4f76a00082eb4f604c635cba.cloudfront.net (CloudFront)
expires: Sat, 05 Oct 2024 13:06:07 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: QXef-61udSMNXlAdHOJIu5eSjgzaiWpb0Gpc7FTbCIlLqTZJjs5-lg==
date: Sat, 05 Oct 2024 01:06:07 GMT
content-type: application/javascript
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
server: nginx
x-amz-cf-pop: IAD61-P3
vary: Accept-Encoding

GET
H2 200 1915.7c097c4f98f78164d509.js Show response
tg.teiegrom.co/ 18 KB
7 KB 992ms
992ms Script
application/javascript 2600:9000:2479:2800:15:f2b8:cd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.teiegrom.co/1915.7c097c4f98f78164d509.js

Requested by

Host: tg.teiegrom.co
URL: https://tg.teiegrom.co/main.bcfddf515958c318bae6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2479:2800:15:f2b8:cd40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

207f18121e4a48210dd0aff08d57b1fb9af346a17e38d57d60be15a7f5c733f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://tg.teiegrom.co/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"65ed60ac-46da"
via: 1.1 c49971ad4f76a00082eb4f604c635cba.cloudfront.net (CloudFront)
expires: Sat, 05 Oct 2024 13:06:07 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: XzdEeBV-3umiO6qVjiPmSk27ILUjN1GGqFvS48lzWROZK9YhaFFUiA==
date: Sat, 05 Oct 2024 01:06:07 GMT
content-type: application/javascript
last-modified: Sun, 10 Mar 2024 07:26:36 GMT
server: nginx
x-amz-cf-pop: IAD61-P3
vary: Accept-Encoding

GET 8415.f3265a8085428f6feeb2.js
tg.teiegrom.co/ 0
0

GET 4680.4c2ac3941aac89823979.js
tg.teiegrom.co/ 0
0

GET
H2 200 favicon.ico
tg.teiegrom.co/ 2 KB
3 KB 711ms
711ms Other
image/x-icon 2600:9000:2479:2800:15:f2b8:cd40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tg.teiegrom.co/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2479:2800:15:f2b8:cd40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

504b4621e486970f8c1721d5297561c9f33296f516c83fbb33a0ff3f4f7c1357

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://tg.teiegrom.co/

Response headers

strict-transport-security: max-age=31536000
etag: "65a99438-969"
via: 1.1 c49971ad4f76a00082eb4f604c635cba.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Miss from cloudfront
content-length: 2409
x-amz-cf-id: 72mQNUjhykIRh0PqcgTfPNxpuXkqIyMsUOcp9Dk2zRvsu7b7kArG6g==
date: Sat, 05 Oct 2024 01:06:08 GMT
content-type: image/x-icon
last-modified: Thu, 18 Jan 2024 21:12:24 GMT
server: nginx
x-amz-cf-pop: IAD61-P3

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tg.teiegrom.co
URL: https://tg.teiegrom.co/8415.f3265a8085428f6feeb2.js

Domain: tg.teiegrom.co
URL: https://tg.teiegrom.co/4680.4c2ac3941aac89823979.js

Domain: tg.teiegrom.co
URL: https://tg.teiegrom.co/4680.4c2ac3941aac89823979.js

Domain: tg.teiegrom.co
URL: https://tg.teiegrom.co/4680.4c2ac3941aac89823979.js

Domain: tg.teiegrom.co
URL: https://tg.teiegrom.co/4680.4c2ac3941aac89823979.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| compatTest boolean| isCompatTestPassed object| webpackChunktelegram_t

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			teiegram-org.vip/	1969-12-31 23:59:59	Name: d708a0a16351927b69b659d992adcde2 Value: ffa63ea122cdc4030075925338f8c8ba

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://teiegram-org.vip/ Message: Failed to load resource: the server responded with a status of 503 (Service Temporarily Unavailable)
security	error	URL: https://tg.teiegrom.co/ Message: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' https://t.me/_websync_ https://telegram.me/_websync_". Either the 'unsafe-inline' keyword, a hash ('sha256-TkDRjtjgAvXZjl7v/m04jwsB9W+KcMn3mCJpc3KY6DE='), or a nonce ('nonce-...') is required to enable inline execution.
worker	info	URL: https://tg.teiegrom.co/8415.f3265a8085428f6feeb2.js Message: [object WebSocket] 请求

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

t.me
teiegram-org.vip
telegram.me
tg.teiegrom.co
tg.teiegrom.co
172.65.235.97
2001:67c:4e8:f004::9
2600:9000:2479:2800:15:f2b8:cd40:93a1
00745db819d91c37bf0f59bee00ab2efe9766fddcb726ff1bcb6847748b2bbc7
09cca783b2738e3dacfc2bf7fb8dab72c2b1886924b2af42474a2c336819ce6d
1e253d3f513bbf831c7e7da3e513cf8d4177f7f398c1fad87809d393a58c1697
207f18121e4a48210dd0aff08d57b1fb9af346a17e38d57d60be15a7f5c733f4
223da9c0eb6bcf6300baa6b79a0b994a9d14a2e04bb414b4f1bdcf4a482e6ba6
3151f7930d821bccf4a76cbbe4a3533e2b56bdff696f260c864ab639ac7526ea
375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f
46ff1f7377f83f6826433319f1a08efbebd39b4eef483c4924416a80df01a73c
504b4621e486970f8c1721d5297561c9f33296f516c83fbb33a0ff3f4f7c1357
86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
c4691c694cc9ec2c292557bab2b88f1c7476b56b1eb4df50340264b0efb9db4f
f56d5738199119a77e48d096372c4ec2269d95dd142e808eb78161bfae7e01de
f693fccbb0f64594079d492db05d3bced69a6c6cab7514d4b78733570fd592a1

tg.teiegrom.co Open in urlscan Pro 2600:9000:2479:2800:15:f2b8:cd40:93a1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

20 Requests

70 %HTTPS

67 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

481 kBTransfer

838 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

tg.teiegrom.co Open in urlscan Pro
2600:9000:2479:2800:15:f2b8:cd40:93a1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

70 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

481 kB
Transfer

838 kB
Size

1
Cookies

20 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!