urlscan.io logo urlscan.io
SecurityTrails logo

milhanews.com.br Open in urlscan Pro
200.98.164.66  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://milhanews.com.br/
Submission: On April 11 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 4 countries across 9 domains to perform 18 HTTP transactions. The main IP is 200.98.164.66, located in Brazil and belongs to Universo Online S.A., BR. The main domain is milhanews.com.br.
This is the only time milhanews.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
3 200.98.164.66 7162 (Universo ...)
2 3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 23.22.144.165 14618 (AMAZON-AES)
1 107.189.14.235 53667 (PONYNET)
7 2001:67c:4e8:... 62041 (TELEGRAM)
1 34.111.15.3 396982 (GOOGLE-CL...)
18 8
3    200.98.164.66 (Brazil)

ASN7162 (Universo Online S.A., BR)
PTR: 200-98-164-66.clouduol.com.br
milhanews.com.br
3    2606:4700::6810:7aaf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
1    2606:4700::6810:10c2 (United States)

ASN13335 (CLOUDFLARENET, US)
m.milhanews.com.br
1    23.22.144.165 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-22-144-165.compute-1.amazonaws.com
cors-anywhere.herokuapp.com
1    107.189.14.235 (Luxembourg, Luxembourg)

ASN53667 (PONYNET, US)
api.codetabs.com
7    2001:67c:4e8:f004::9 (Virgin Islands (British))

ASN62041 (TELEGRAM, VG)
telegram.org
1    34.111.15.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.15.111.34.bc.googleusercontent.com
cdn1.telegram-cdn.org
Apex Domain
Subdomains		 Transfer
7 telegram.org
telegram.org — Cisco Umbrella Rank: 10009
144 KB
4 milhanews.com.br
milhanews.com.br
m.milhanews.com.br
5 KB
3 unpkg.com
unpkg.com — Cisco Umbrella Rank: 933
2 KB
1 telegram-cdn.org
cdn1.telegram-cdn.org — Cisco Umbrella Rank: 110493
31 KB
1 codetabs.com
api.codetabs.com
4 KB
1 herokuapp.com
cors-anywhere.herokuapp.com — Cisco Umbrella Rank: 76017
239 B
0 Failed
function sub() { [native code] }. Failed
0 yacdn.org Failed
yacdn.org Failed
0 t.me Failed
t.me Failed
18 9
Domain Requested by
7 telegram.org srcdoc
telegram.org
3 unpkg.com 2 redirects milhanews.com.br
3 milhanews.com.br milhanews.com.br
1 cdn1.telegram-cdn.org srcdoc
1 api.codetabs.com milhanews.com.br
1 cors-anywhere.herokuapp.com milhanews.com.br
1 m.milhanews.com.br milhanews.com.br
0 resolve Failed srcdoc
0 yacdn.org Failed milhanews.com.br
0 t.me Failed milhanews.com.br
18 10

This site contains no links.

Subject Issuer Validity Valid
m.milhanews.com.br
Cloudflare Inc ECC CA-3		 2023-03-16 -
2024-03-14		 a year crt.sh
*.herokuapp.com
Amazon RSA 2048 M02		 2023-04-02 -
2024-04-30		 a year crt.sh
codetabs.com
R3		 2023-02-10 -
2023-05-11		 3 months crt.sh
*.telegram.org
Go Daddy Secure Certificate Authority - G2		 2022-08-10 -
2023-09-11		 a year crt.sh
cdn1.telegram-cdn.org
GTS CA 1D4		 2023-02-19 -
2023-05-20		 3 months crt.sh

This page contains 3 frames:

Primary Page: http://milhanews.com.br/
Frame ID: E34D6BF79BCD79C0B463A12074A1B3A3
Requests: 7 HTTP requests in this frame

Frame: https://m.milhanews.com.br/optin1678462190517
Frame ID: BB5C6783881B9AE515BB7C30BBA100E1
Requests: 1 HTTP requests in this frame

Frame: tg://resolve?domain=MilhaNews
Frame ID: A76A08D7BCCE370BA4CAE9F61AA13ED8
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

18
Requests

61 %
HTTPS

43 %
IPv6

9
Domains

10
Subdomains

8
IPs

4
Countries

186 kB
Transfer

459 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://unpkg.com/@ungap/custom-elements-builtin HTTP 302
  • https://unpkg.com/@ungap/custom-elements-builtin@0.6.5 HTTP 302
  • https://unpkg.com/@ungap/custom-elements-builtin@0.6.5/min.js

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
milhanews.com.br/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://milhanews.com.br/
Protocol
HTTP/1.1
Server
200.98.164.66 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS
200-98-164-66.clouduol.com.br
Software
Microsoft-IIS/8.0 /
Resource Hash
b074705e523344e66589ffc016c68bb8a5c407db250e5bae42a2a32cab7f17e6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache
Content-Length
1283
Content-Type
text/html; Charset=utf-8
Date
Tue, 11 Apr 2023 20:48:58 GMT
Expires
Tue, 11 Apr 2023 20:47:58 GMT
Pragma
no-cache
Server
Microsoft-IIS/8.0
base.css
milhanews.com.br/assets/css/ 		235 B
458 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://milhanews.com.br/assets/css/base.css
Requested by
Host: milhanews.com.br
URL: http://milhanews.com.br/
Protocol
HTTP/1.1
Server
200.98.164.66 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS
200-98-164-66.clouduol.com.br
Software
Microsoft-IIS/8.0 /
Resource Hash
3ea7216c6cbb675d3477f9df1ba64916ed9888323cc1ccf01ff705fb965a946f

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://milhanews.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Tue, 11 Apr 2023 20:48:58 GMT
Last-Modified
Thu, 09 Mar 2023 16:29:07 GMT
Server
Microsoft-IIS/8.0
Accept-Ranges
bytes
ETag
"4a592845a452d91:0"
Content-Length
235
Content-Type
text/css
min.js
unpkg.com/@ungap/custom-elements-builtin@0.6.5/
Redirect Chain
  • https://unpkg.com/@ungap/custom-elements-builtin
  • https://unpkg.com/@ungap/custom-elements-builtin@0.6.5
  • https://unpkg.com/@ungap/custom-elements-builtin@0.6.5/min.js
3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/@ungap/custom-elements-builtin@0.6.5/min.js
Requested by
Host: milhanews.com.br
URL: http://milhanews.com.br/
Protocol
H2
Server
2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c226073a8935761439e5638028b49d180f072e1936f639daed65c9f6accc1b07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://milhanews.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 20:49:03 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
5768085
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01GRD4CEHNTPBGVG0VXY6V2G8C-fra
server
cloudflare
etag
W/"c21-bikpPrGKFSa63gUSdMjSFgcBrCk"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
7b66180ceb372bd6-FRA

Redirect headers

date
Tue, 11 Apr 2023 20:49:03 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01GMZ2AY5Q9GBXXH780T4XMPS2-fra
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
9461221
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/@ungap/custom-elements-builtin@0.6.5/min.js
cache-control
public, max-age=31536000
cf-ray
7b66180c9ac52bd6-FRA
x-frame-bypass.js
milhanews.com.br/assets/lib/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://milhanews.com.br/assets/lib/x-frame-bypass.js
Requested by
Host: milhanews.com.br
URL: http://milhanews.com.br/
Protocol
HTTP/1.1
Server
200.98.164.66 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS
200-98-164-66.clouduol.com.br
Software
Microsoft-IIS/8.0 /
Resource Hash
44b9df037be6bf54942d76f271f5cd3a55123ebc41a996380a5c067718cc2b7f

Request headers

Referer
http://milhanews.com.br/
Origin
http://milhanews.com.br
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date
Tue, 11 Apr 2023 20:48:58 GMT
Last-Modified
Thu, 16 Mar 2023 15:23:20 GMT
Server
Microsoft-IIS/8.0
Accept-Ranges
bytes
ETag
"90505e3d1b58d91:0"
Content-Length
2680
Content-Type
application/javascript
optin1678462190517
m.milhanews.com.br/ Frame BB5C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://m.milhanews.com.br/optin1678462190517
Requested by
Host: milhanews.com.br
URL: http://milhanews.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6810:10c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://milhanews.com.br/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
7b6618128cdc91d7-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Tue, 11 Apr 2023 20:49:04 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
permissions-policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy
same-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
MilhaNews
t.me/ Frame A76A 		0
0
MilhaNews
cors-anywhere.herokuapp.com/https://t.me/ 		28 B
239 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cors-anywhere.herokuapp.com/https://t.me/MilhaNews
Requested by
Host: milhanews.com.br
URL: http://milhanews.com.br/assets/lib/x-frame-bypass.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.22.144.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-23-22-144-165.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
bd3add342f9c516d88887fb88451dc9ce72b90b6ebac13a46f2b0ee0b7a697b7

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://milhanews.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Location
/corsdemo
Date
Tue, 11 Apr 2023 20:49:03 GMT
Via
1.1 vegur
Server
Cowboy
Connection
keep-alive
Transfer-Encoding
chunked
MilhaNews
yacdn.org/proxy/https://t.me/ 		0
0
/
api.codetabs.com/v1/proxy/ 		11 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.codetabs.com/v1/proxy/?quest=https://t.me/MilhaNews
Requested by
Host: milhanews.com.br
URL: http://milhanews.com.br/assets/lib/x-frame-bypass.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.189.14.235 Luxembourg, Luxembourg, ASN53667 (PONYNET, US),
Reverse DNS
Software
nginx /
Resource Hash
c1fcdcb4c3e03e3e2b662c42c3a137d85cd9708b3ee448e0a048e14ce9ce6afa

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://milhanews.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 11 Apr 2023 20:49:04 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
text/plain
font-roboto.css
telegram.org/css/ Frame A76A 		6 KB
894 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://telegram.org/css/font-roboto.css?1
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://milhanews.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 20:49:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
last-modified
Thu, 20 Oct 2022 11:05:33 GMT
server
nginx/1.18.0
etag
W/"63512b7d-1816"
content-type
text/css
cache-control
max-age=345600
expires
Sat, 15 Apr 2023 20:49:05 GMT
bootstrap.min.css
telegram.org/css/ Frame A76A 		42 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://telegram.org/css/bootstrap.min.css?3
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://milhanews.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 20:49:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
last-modified
Fri, 10 Nov 2017 17:54:14 GMT
server
nginx/1.18.0
etag
W/"5a05e7c6-a61b"
content-type
text/css
cache-control
max-age=345600
expires
Sat, 15 Apr 2023 20:49:05 GMT
telegram.css
telegram.org/css/ Frame A76A 		112 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://telegram.org/css/telegram.css?236
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
acd326a9263ee8c4cbc757fed46333732a0e3f8f48d398cbd4f8e36a09fdaf76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://milhanews.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 20:49:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
last-modified
Mon, 20 Mar 2023 10:58:55 GMT
server
nginx/1.18.0
etag
W/"64183c6f-1c0b3"
content-type
text/css
cache-control
max-age=345600
expires
Sat, 15 Apr 2023 20:49:05 GMT
lfFYIRftTldKL-gtPLnlhXr-pyjoYS4ky1NmFDk9x64wndWUapOUbWyRWLN18pzHnIp-UNWshKw2GaEnHVt5OpA-AF9_9HN6Tqw5UijuwFO87hHNWw2IXDFthzKzj9A4YT_sn5wm32ToQAvPy3bxdr_IQNcBEZbcWVj22kB4GXEiJFsqUKbYsV5Ju6y9_WhFCA6aO...
cdn1.telegram-cdn.org/file/ Frame A76A 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn1.telegram-cdn.org/file/lfFYIRftTldKL-gtPLnlhXr-pyjoYS4ky1NmFDk9x64wndWUapOUbWyRWLN18pzHnIp-UNWshKw2GaEnHVt5OpA-AF9_9HN6Tqw5UijuwFO87hHNWw2IXDFthzKzj9A4YT_sn5wm32ToQAvPy3bxdr_IQNcBEZbcWVj22kB4GXEiJFsqUKbYsV5Ju6y9_WhFCA6aOcxauv4n5fguLs8V9Hkp4BiFLdEUiufqKn3-VWsQ6lam-cKdYgwvZr-9Asfi34Ag-HvGeceCpMQvz4e8lyJpa3uw24E5v7IFxfPhF-_orsEdly-yPzP3oNKCBEgsSywaMdPHoHtDXNHrQ4abuw.jpg
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.15.3 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
3.15.111.34.bc.googleusercontent.com
Software
nginx/1.18.0 /
Resource Hash
76ad71b70eea3226b2037190bf08d3e351a6373d4326e2cd547bd48c000eb474
Security Headers
Name Value
Content-Security-Policy default-src 'none'; sandbox
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://milhanews.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 20:49:05 GMT
content-security-policy
default-src 'none'; sandbox
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31314
x-xss-protection
1; mode=block
server
nginx/1.18.0
etag
"546c303b012d7355df3f6570f611bee4bea3133f"
x-frame-options
DENY
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Accept-Ranges, Content-Range, Content-Length
cache-control
public,max-age=7200
accept-ranges
bytes, bytes
tgwallpaper.min.js
telegram.org/js/ Frame A76A 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://telegram.org/js/tgwallpaper.min.js?3
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://milhanews.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 20:49:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 19:57:25 GMT
server
nginx/1.18.0
etag
W/"62211da5-ba3"
content-type
application/javascript
cache-control
max-age=345600
expires
Sat, 15 Apr 2023 20:49:05 GMT
pattern.svg
telegram.org/img/tgme/ Frame A76A 		226 KB
81 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://telegram.org/img/tgme/pattern.svg?1
Requested by
Host: telegram.org
URL: https://telegram.org/css/telegram.css?236
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://telegram.org/css/telegram.css?236
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 20:49:05 GMT
content-encoding
gzip
last-modified
Thu, 05 Jan 2023 17:52:04 GMT
server
nginx/1.18.0
etag
W/"63b70e44-3891a"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=345600
expires
Sat, 15 Apr 2023 20:49:05 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
telegram.org/fonts/Roboto/ Frame A76A 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: telegram.org
URL: https://telegram.org/css/font-roboto.css?1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

Request headers

Referer
https://telegram.org/css/font-roboto.css?1
Origin
http://milhanews.com.br
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 20:49:05 GMT
last-modified
Thu, 20 Oct 2022 11:05:33 GMT
server
nginx/1.18.0
etag
"63512b7d-2b20"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=345600
accept-ranges
bytes
content-length
11040
expires
Sat, 15 Apr 2023 20:49:05 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
telegram.org/fonts/Roboto/ Frame A76A 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: telegram.org
URL: https://telegram.org/css/font-roboto.css?1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

Request headers

Referer
https://telegram.org/css/font-roboto.css?1
Origin
http://milhanews.com.br
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 20:49:05 GMT
last-modified
Thu, 20 Oct 2022 11:05:33 GMT
server
nginx/1.18.0
etag
"63512b7d-2b14"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
max-age=345600
accept-ranges
bytes
content-length
11028
expires
Sat, 15 Apr 2023 20:49:05 GMT
tg://resolve?domain=MilhaNews
tg://resolve?domain=MilhaNews Frame A76A 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
t.me
URL
https://t.me/MilhaNews
Domain
yacdn.org
URL
https://yacdn.org/proxy/https://t.me/MilhaNews
Domain
resolve
URL
tg://resolve?domain=MilhaNews

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| credentialless

2 Cookies

Domain/Path Name / Value
milhanews.com.br/ Name: ASPSESSIONIDAACTSABD
Value: MPKKOMICIHHKMHOGPHFIJLJO
.m.milhanews.com.br/ Name: __cf_bm
Value: _tP7vL2LD.VY6DoxUGf8nnw54kBH0Rmvj1_fAEkWUAg-1681246144-0-AYaVjkjxPlBtPU1/FhwjZ4S7PGXptMNj2zY26ldPQ4I4VaQc7hqVkDi+jLcYHj2iHONfauMR2rP3qIulVFiFRHHY+Bqscpk9Q0NhCuFzdiX4

7 Console Messages

Source Level URL
Text
network error URL: https://cors-anywhere.herokuapp.com/https://t.me/MilhaNews
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
network error URL: chrome-error://chromewebdata/
Message:
Failed to load resource: the server responded with a status of 403 ()
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://m.milhanews.com.br/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
javascript error URL: http://milhanews.com.br/
Message:
Access to fetch at 'https://yacdn.org/proxy/https://t.me/MilhaNews' from origin 'http://milhanews.com.br' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network error URL: https://yacdn.org/proxy/https://t.me/MilhaNews
Message:
Failed to load resource: net::ERR_FAILED
security warning URL: about:srcdoc
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security error URL: about:srcdoc(Line 26)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://web.telegram.org') does not match the recipient window's origin ('http://milhanews.com.br').