web.tlgrm.app
Open in
urlscan Pro
188.114.97.3
Malicious Activity!
Public Scan
Effective URL: https://web.tlgrm.app/
Submission: On April 17 via api from BY — Scanned from NL
Summary
TLS certificate: Issued by E1 on April 16th 2024. Valid for: 3 months.
This is the only time web.tlgrm.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 2a02:6b8::1:119 2a02:6b8::1:119 | 13238 (YANDEX) (YANDEX) | |
2 | 2001:67c:4e8:... 2001:67c:4e8:f004::9 | 62041 (TELEGRAM) (TELEGRAM) | |
23 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
tlgrm.app
web.tlgrm.app |
530 KB |
2 |
yandex.ru
1 redirects
mc.yandex.ru — Cisco Umbrella Rank: 4409 |
1 KB |
1 |
telegram.me
telegram.me — Cisco Umbrella Rank: 41616 |
359 B |
1 |
t.me
t.me — Cisco Umbrella Rank: 18314 |
359 B |
1 |
tlgrm.eu
1 redirects
web2.tlgrm.eu |
462 B |
23 | 5 |
Domain | Requested by | |
---|---|---|
17 | web.tlgrm.app |
web.tlgrm.app
|
2 | mc.yandex.ru |
1 redirects
web.tlgrm.app
|
1 | telegram.me |
web.tlgrm.app
|
1 | t.me |
web.tlgrm.app
|
1 | web2.tlgrm.eu | 1 redirects |
23 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.tlgrm.app E1 |
2024-04-16 - 2024-07-15 |
3 months | crt.sh |
*.t.me Go Daddy Secure Certificate Authority - G2 |
2023-10-06 - 2024-11-06 |
a year | crt.sh |
*.telegram.me Go Daddy Secure Certificate Authority - G2 |
2023-09-20 - 2024-10-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://web.tlgrm.app/
Frame ID: B0F8775499269683643A6C0686EF5F32
Requests: 25 HTTP requests in this frame
Screenshot
Page Title
TelegramPage URL History Show full URLs
-
https://web2.tlgrm.eu/
HTTP 301
https://web.tlgrm.app/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://web2.tlgrm.eu/
HTTP 301
https://web.tlgrm.app/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://mc.yandex.ru/watch/50921747 HTTP 302
- https://mc.yandex.ru/watch/50921747/1?redirnss=1
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
web.tlgrm.app/ Redirect Chain
|
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
redirect.js
web.tlgrm.app/ |
325 B 677 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.d9ab5788a4b75c69716d.js
web.tlgrm.app/ |
378 KB 126 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.5e926e53b804308de57b.css
web.tlgrm.app/ |
107 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
compatTest.js
web.tlgrm.app/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1
mc.yandex.ru/watch/50921747/ Redirect Chain
|
43 B 93 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1915.44f46b9209d4c21e2dae.js
web.tlgrm.app/ |
18 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
chat-bg-br.f34cc96fbfb048812820.png
web.tlgrm.app/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
chat-bg-pattern-light.ee148af944f6580293ae.png
web.tlgrm.app/ |
266 KB 267 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
307 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
notification.mp3
web.tlgrm.app/ |
11 KB 11 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_websync_
t.me/ |
4 B 359 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_websync_
telegram.me/ |
4 B 359 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6839.01a53cbedf5d86d252ec.js
web.tlgrm.app/ |
45 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3748.9a383b0e9475cf32f44c.js
web.tlgrm.app/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4680.576825f543555dd2467c.js
web.tlgrm.app/ |
10 KB 5 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4680.576825f543555dd2467c.js
web.tlgrm.app/ |
10 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4680.576825f543555dd2467c.js
web.tlgrm.app/ |
10 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4680.576825f543555dd2467c.js
web.tlgrm.app/ |
10 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2385.6f0f83ec9f68bc8de538.js
web.tlgrm.app/ |
244 KB 66 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
web.tlgrm.app/ |
2 KB 3 KB |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
blank.8dd283bceccca95a48d8.png
web.tlgrm.app/ |
68 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
blank.8dd283bceccca95a48d8.png
web.tlgrm.app/ |
0 0 |
Fetch
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
blank.8dd283bceccca95a48d8.png
web.tlgrm.app/ |
0 0 |
Fetch
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
68 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| compatTest boolean| isCompatTestPassed object| webpackChunktelegram_t8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
mc.yandex.ru/ | Name: yabs-sid Value: 1575142211713312960 |
|
.yandex.ru/ | Name: i Value: cJ5YZZIXdhvjDGS4zR6+cMiOvvs7PaSMCtHJQan9qDVUYwzRyKp13ov+2lvjveqg6KCDMn2VPDwNEy+EQJMblsKkbr0= |
|
.yandex.ru/ | Name: yandexuid Value: 5959882181713312960 |
|
.yandex.ru/ | Name: yuidss Value: 5959882181713312960 |
|
.yandex.ru/ | Name: ymex Value: 1744848960.yrts.1713312960#1744848960.yrtsi.1713312960 |
|
.yandex.ru/ | Name: receive-cookie-deprecation Value: 1 |
|
.yandex.ru/ | Name: bh Value: EkAiR29vZ2xlIENocm9tZSI7dj0iMTIzIiwgIk5vdDpBLUJyYW5kIjt2PSI4IiwgIkNocm9taXVtIjt2PSIxMjMiKgI/MDoHIldpbjMyIg== |
|
mc.yandex.ru/ | Name: bh Value: EkAiR29vZ2xlIENocm9tZSI7dj0iMTIzIiwgIk5vdDpBLUJyYW5kIjt2PSI4IiwgIkNocm9taXVtIjt2PSIxMjMiKgI/MDoHIldpbjMyIg== |
18 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mc.yandex.ru
t.me
telegram.me
web.tlgrm.app
web2.tlgrm.eu
188.114.96.3
188.114.97.3
2001:67c:4e8:f004::9
2a02:6b8::1:119
00745db819d91c37bf0f59bee00ab2efe9766fddcb726ff1bcb6847748b2bbc7
0aa33cc81ea838c2ceeb56b8c468958a65bba68579310ea7971d8f021bac397f
15c1ef9cd9fdb434037819e232b667c7d68a52ca118f05777ebaa1241b0511db
166b9c140da17864486aaa8e6d53ad4169ffaac1b2101c73680550f9331c926f
1e253d3f513bbf831c7e7da3e513cf8d4177f7f398c1fad87809d393a58c1697
22c6b05f0b138dddb5711fdb998be90abf8093e271085bda6448bd6bc72c95d2
26002839ead2c635db49680c1899ecffbb53edc20ed340da5b0f7887461bcdd1
3151f7930d821bccf4a76cbbe4a3533e2b56bdff696f260c864ab639ac7526ea
375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b6c86a1141d40dab302db38ed85bec50cafd6e0d01b96d7d29688132f5bca051
bfcf00e1e44b7b609f21dfc4e50f7c2d0046ef7222e8d7b1d7daede6cfc2be9d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e64fe7500375590eb939625390955f9add6a8a0405db5976cb2b3bcbdb513b7b
f1febffd3eff2163fb038f9778c06f6def451560adabff5ee04de2a269269e9e
f693fccbb0f64594079d492db05d3bced69a6c6cab7514d4b78733570fd592a1