grupgrup.c2dx.xyz Open in urlscan Pro
172.67.213.131 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://grupgrup.c2dx.xyz/grup01
Effective URL:
https://grupgrup.c2dx.xyz/grup01/
Submission Tags: @phish_report
Submission: On October 26 via api (October 26th 2024, 5:09:02 am UTC) from FI — Scanned from FI

Summary HTTP 13 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 172.67.213.131, located in United States and belongs to CLOUDFLARENET, US. The main domain is grupgrup.c2dx.xyz.
TLS certificate: Issued by WE1 on October 22nd 2024. Valid for: 3 months.

This is the only time grupgrup.c2dx.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
1 13	172.67.213.131 172.67.213.131	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:67c:4e8:... 2001:67c:4e8:f004::9	62041 (TELEGRAM) (TELEGRAM)
13	2

13 172.67.213.131 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

grupgrup.c2dx.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:67c:4e8:f004::9 (Amsterdam, Netherlands)

ASN62041 (TELEGRAM, VG)

telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	c2dx.xyz 1 redirects grupgrup.c2dx.xyz	98 KB
1	telegram.org telegram.org — Cisco Umbrella Rank: 10577	15 KB
13	2

	Domain	Requested by
13	grupgrup.c2dx.xyz	1 redirects grupgrup.c2dx.xyz
1	telegram.org
13	2

This site contains links to these domains. Also see Links.

Domain
telegram.org

Subject Issuer	Validity	Valid
c2dx.xyz WE1	`2024-10-22` - `2025-01-20`	3 months	crt.sh
*.telegram.org Go Daddy Secure Certificate Authority - G2	`2024-08-10` - `2025-09-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://grupgrup.c2dx.xyz/grup01/
Frame ID: 52ECE63347C2B5BC8B8826B878B811B8
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

REQUIREMENT

Page URL History Show full URLs

http://grupgrup.c2dx.xyz/grup01 HTTP 307
https://grupgrup.c2dx.xyz/grup01 HTTP 301
http://grupgrup.c2dx.xyz/grup01/ HTTP 307
https://grupgrup.c2dx.xyz/grup01/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

112 kB
Transfer

244 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://telegram.org/dl?tme=dcb35ed3700eccc38f_6622701878519939188
Title: Download

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://grupgrup.c2dx.xyz/grup01 HTTP 307
https://grupgrup.c2dx.xyz/grup01 HTTP 301
http://grupgrup.c2dx.xyz/grup01/ HTTP 307
https://grupgrup.c2dx.xyz/grup01/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
grupgrup.c2dx.xyz/grup01/
Redirect Chain

http://grupgrup.c2dx.xyz/grup01
https://grupgrup.c2dx.xyz/grup01
http://grupgrup.c2dx.xyz/grup01/
https://grupgrup.c2dx.xyz/grup01/

9 KB
4 KB

257ms
257ms

Document
text/html

172.67.213.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grupgrup.c2dx.xyz/grup01/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.213.131 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e5f9c05cb72fe44241345f2528a5a2578d48e1de9a7c5b2779749d2d210f381

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8d87ee71eec32d8b-KBP
content-encoding: br
content-type: text/html
date: Sat, 26 Oct 2024 05:08:57 GMT
last-modified: Tue, 15 Oct 2024 22:45:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UaNdWpvRhB1azNbTW2Xw%2F7MNwvfiWTczlAvAgOoGQ6alG3xvgQrdTez9K4TwFYwA1yWmEg1OtMi2L0Z4%2Br5bKlZIy0R894lbm0uwK3%2F20nuvV%2ByF7CAY86Tm46icuNK3ogAMjA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=57087&sent=14&recv=13&lost=0&retrans=0&sent_bytes=5116&recv_bytes=5035&delivery_rate=355&cwnd=12000&unsent_bytes=0&cid=24a8cc9347971740&ts=722&x=1" cfExtPri cfHdrFlush;dur=0
vary: Accept-Encoding

Redirect headers

Location: https://grupgrup.c2dx.xyz/grup01/
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 404 main.html
grupgrup.c2dx.xyz/grup01/ast/css/ 0
0 255ms
254ms Stylesheet
text/html 172.67.213.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grupgrup.c2dx.xyz/grup01/ast/css/main.html
Requested by: Host: grupgrup.c2dx.xyz
URL: https://grupgrup.c2dx.xyz/grup01/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.213.131 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://grupgrup.c2dx.xyz/grup01/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f25h7vDrTERB2uX3kCiYAZUgnHkwvziDxfIUU3tG5X4Ri0fl0GGxN5S7OFrQJfb9BLIMOnUYfcVtZCd8TLwmJpeMGIv71%2B4ZiDUNXXOq9GrhuiBl2h8h6KJd5HA0uuZeI8ibsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d87ee7399822d8b-KBP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=56969&sent=19&recv=22&lost=0&retrans=0&sent_bytes=9701&recv_bytes=7628&delivery_rate=80624&cwnd=12000&unsent_bytes=0&cid=24a8cc9347971740&ts=988&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 26 Oct 2024 05:08:57 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
server: cloudflare
priority: u=0,i=?0

GET
H3 404 jquery-3.5.1.min.js
grupgrup.c2dx.xyz/code.jquery.com/ 0
0 476ms
475ms Script
text/html 172.67.213.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grupgrup.c2dx.xyz/code.jquery.com/jquery-3.5.1.min.js
Requested by: Host: grupgrup.c2dx.xyz
URL: https://grupgrup.c2dx.xyz/grup01/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.213.131 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://grupgrup.c2dx.xyz/grup01/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jw9f%2FgPi3Bfjj2gH3Uey4De7f7maO67SrRJUkYaURyO4epvjd%2Bq9Jpb%2Blg8ctV%2FdAJs5VVM8%2BOQPpnQdgJT4TybwAwf9iqxNq61UusVHbMcaCzF%2BzBmrUbBbD8BuyZIkspbR9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d87ee7399852d8b-KBP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=56949&sent=23&recv=23&lost=0&retrans=0&sent_bytes=12764&recv_bytes=7671&delivery_rate=3589&cwnd=12000&unsent_bytes=0&cid=24a8cc9347971740&ts=1209&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 26 Oct 2024 05:08:57 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
server: cloudflare
priority: u=1,i=?0

GET
H3 200 font-robotoc4ca.css
grupgrup.c2dx.xyz/grup01/haykaljb/css/ 7 KB
1 KB 480ms
479ms Stylesheet
text/css 172.67.213.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grupgrup.c2dx.xyz/grup01/haykaljb/css/font-robotoc4ca.css
Requested by: Host: grupgrup.c2dx.xyz
URL: https://grupgrup.c2dx.xyz/grup01/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.213.131 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49d036c044394dbe84fe6c001dad1733d25fb38f11f8861e78a94f8930b8ec24

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://grupgrup.c2dx.xyz/grup01/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=roTmkeDcru92yPnz78LoEFOwicsgYaz8vFGL98RS8voM3nrkYUtppGZZxS45zJZVciNFiXL1nTX5pW4BHZc8iMIXbqzoTPywIPnVNntlGc9XC5t48iydFTJx84G3jSa7YEDXCw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d87ee73998b2d8b-KBP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=56949&sent=24&recv=23&lost=0&retrans=0&sent_bytes=13653&recv_bytes=7671&delivery_rate=3589&cwnd=12000&unsent_bytes=0&cid=24a8cc9347971740&ts=1213&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 26 Oct 2024 05:08:57 GMT
content-type: text/css
vary: Accept-Encoding
server: cloudflare
last-modified: Sat, 08 Jul 2023 07:03:10 GMT
priority: u=0,i=?0

GET
H3 200 bootstrap.mineccb.css
grupgrup.c2dx.xyz/grup01/haykaljb/css/ 42 KB
9 KB 510ms
509ms Stylesheet
text/css 172.67.213.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grupgrup.c2dx.xyz/grup01/haykaljb/css/bootstrap.mineccb.css
Requested by: Host: grupgrup.c2dx.xyz
URL: https://grupgrup.c2dx.xyz/grup01/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.213.131 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://grupgrup.c2dx.xyz/grup01/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n4Y%2FNYsF3sVSRFv03SISHQlnPibrq2ByfB360PCoJQCEswHruV%2FXv9KHjKGmJZTKgdSb5RRMMupmAJsYPsFmTy8zJdnIMl7EI%2Fl81XawHmnwVk1uttoJkJ64%2BfeOJXo%2Fiq9pNg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d87ee73998d2d8b-KBP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=56891&sent=27&recv=25&lost=0&retrans=0&sent_bytes=15027&recv_bytes=8070&delivery_rate=38378&cwnd=12000&unsent_bytes=0&cid=24a8cc9347971740&ts=1244&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 26 Oct 2024 05:08:57 GMT
content-type: text/css
vary: Accept-Encoding
server: cloudflare
last-modified: Sat, 08 Jul 2023 07:03:08 GMT
priority: u=0,i=?0

GET
H3 200 telegram0116.css
grupgrup.c2dx.xyz/grup01/haykaljb/css/ 113 KB
24 KB 656ms
655ms Stylesheet
text/css 172.67.213.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grupgrup.c2dx.xyz/grup01/haykaljb/css/telegram0116.css
Requested by: Host: grupgrup.c2dx.xyz
URL: https://grupgrup.c2dx.xyz/grup01/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.213.131 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9efbe5d820d9076dd1611d0f1cad78fa323bd28ee95a48e6e6f8c366f04afb6

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://grupgrup.c2dx.xyz/grup01/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lmqmk3tRAzX1s79U9rO7JaS0E1cAiN21v8Hrsu3NoTn7%2B06CMFrovqiJpxcR3ktTM7qICBQjA5rVFbrRXr3LADIfeQ2AU0vFcc0GVvnwlvaUYaattjMr5huX%2BzKwDebKxTxSWg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d87ee7399922d8b-KBP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=62324&sent=35&recv=31&lost=0&retrans=0&sent_bytes=24243&recv_bytes=8329&delivery_rate=180487&cwnd=12000&unsent_bytes=0&cid=24a8cc9347971740&ts=1389&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 26 Oct 2024 05:08:58 GMT
content-type: text/css
vary: Accept-Encoding
server: cloudflare
last-modified: Sat, 08 Jul 2023 07:03:18 GMT
priority: u=0,i=?0

GET
H3 200 lagi.png
grupgrup.c2dx.xyz/grup01/haykaljb/img/ 56 KB
56 KB 936ms
935ms Image
image/png 172.67.213.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://grupgrup.c2dx.xyz/grup01/haykaljb/img/lagi.png
Requested by: Host: grupgrup.c2dx.xyz
URL: https://grupgrup.c2dx.xyz/grup01/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.213.131 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28446a47dc2e43f4dbf5fadb260e100787bb844bb513de454a887cbab0154f76

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://grupgrup.c2dx.xyz/grup01/

Response headers

server: cloudflare
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jz5alhUXBSFyewQv%2BPoaqgFiAYYUKO9iw5cWPkDCO5nqm4CNLu82SUVLqKEyLOtP9xVwbqfztgfbP1zw6mjPvXJvxKFJOJk9kAu7SvPtn4fMAParCCMrnEXxnlD5dKhj%2FmS6EA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d87ee7399952d8b-KBP
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=57888&sent=59&recv=44&lost=0&retrans=0&sent_bytes=49710&recv_bytes=10051&delivery_rate=225108&cwnd=24000&unsent_bytes=0&cid=24a8cc9347971740&ts=1669&x=1", cfExtPri, cfHdrFlush;dur=0
content-length: 56965
date: Sat, 26 Oct 2024 05:08:58 GMT
content-type: image/png
last-modified: Tue, 15 Oct 2024 09:57:50 GMT
vary: Accept-Encoding
priority: u=2,i

GET
H3 200 tgwallpaper.mineccb.js Show response
grupgrup.c2dx.xyz/grup01/haykaljb/js/ 3 KB
2 KB 447ms
446ms Script
text/javascript 172.67.213.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grupgrup.c2dx.xyz/grup01/haykaljb/js/tgwallpaper.mineccb.js
Requested by: Host: grupgrup.c2dx.xyz
URL: https://grupgrup.c2dx.xyz/grup01/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.213.131 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://grupgrup.c2dx.xyz/grup01/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rZHBxBE6dCYPV7J7rwOygyk5tSalmtVrLeXZB5ne7gfrE8d4rAZ8t6GTyInJF1UYt1gzaSUmHatawwzPCOZIXHarAyTgJeYBl%2BjtXLVLunAGQQ4Eg96AqNNnCnsa%2B3PcETovQg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d87ee7399982d8b-KBP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=56949&sent=21&recv=23&lost=0&retrans=0&sent_bytes=10596&recv_bytes=7671&delivery_rate=3589&cwnd=12000&unsent_bytes=0&cid=24a8cc9347971740&ts=1181&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 26 Oct 2024 05:08:57 GMT
content-type: text/javascript
vary: Accept-Encoding
server: cloudflare
last-modified: Sat, 08 Jul 2023 07:02:50 GMT
priority: u=2,i=?0

GET
H3 200 watermark.css
grupgrup.c2dx.xyz/grup01/haykaljb/css/ 104 B
711 B 471ms
471ms Stylesheet
text/css 172.67.213.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grupgrup.c2dx.xyz/grup01/haykaljb/css/watermark.css
Requested by: Host: grupgrup.c2dx.xyz
URL: https://grupgrup.c2dx.xyz/grup01/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.213.131 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fd70332a89fc34c404227205d65a96908fdb027d1c4dadedf3acc1411ec6c64

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://grupgrup.c2dx.xyz/grup01/

Response headers

server: cloudflare
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FI9lybKHh9rEv98VEYz3%2FW4FQA6rW1kGbxlJWC5m49aXCxBpiQrYqjryXMLh6XBkh0yCCWYhI76URdkCLqFy7Z9W1j2CdGOzBJMT5m61YU30OFWAkLlCimh6R5DjwYMTUST28w%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d87ee766f432d8b-KBP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=57888&sent=58&recv=44&lost=0&retrans=0&sent_bytes=48976&recv_bytes=10051&delivery_rate=225108&cwnd=24000&unsent_bytes=0&cid=24a8cc9347971740&ts=1653&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 26 Oct 2024 05:08:58 GMT
content-type: text/css
last-modified: Sun, 16 Jul 2023 16:33:22 GMT
vary: Accept-Encoding
priority: u=2,i=?0

GET
H3 404 external.html
grupgrup.c2dx.xyz/grup01/ 315 B
315 B 335ms
335ms Image
text/html 172.67.213.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://grupgrup.c2dx.xyz/grup01/external.html?link=http://telegram.org/img/tgme/pattern.svg?1
Requested by: Host: grupgrup.c2dx.xyz
URL: https://grupgrup.c2dx.xyz/grup01/haykaljb/css/telegram0116.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.213.131 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://grupgrup.c2dx.xyz/grup01/haykaljb/css/telegram0116.css

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YKKqEF14pfgOseAfEb9Ynl1OX2Fsp2gnWHQMXEy%2BJM7TbHJA%2FJYt%2Fd5AccZ4SQYnWuvVMxjf3yXE%2FKXs8kNFiNkDL1G8khc0SR%2BHgpYU7tNCFrEq4uBt8lZOnNu%2FSaGo1UGZiA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d87ee781aec2d8b-KBP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=57888&sent=79&recv=44&lost=0&retrans=0&sent_bytes=72976&recv_bytes=10051&delivery_rate=225108&cwnd=24000&unsent_bytes=0&cid=24a8cc9347971740&ts=1714&x=1", cfExtPri, cfHdrFlush;dur=12
date: Sat, 26 Oct 2024 05:08:58 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
server: cloudflare
priority: u=3,i

GET
H3 404 external.html
grupgrup.c2dx.xyz/grup01/ 0
0 443ms
442ms Font
text/html 172.67.213.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grupgrup.c2dx.xyz/grup01/external.html?link=http://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by: Host: grupgrup.c2dx.xyz
URL: https://grupgrup.c2dx.xyz/grup01/haykaljb/css/font-robotoc4ca.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.213.131 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Origin: https://grupgrup.c2dx.xyz
Referer: https://grupgrup.c2dx.xyz/grup01/haykaljb/css/font-robotoc4ca.css

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xu9oQ9%2FGjsUrSE5Q4dAAaYdviK94tea8eiy6CQj1K6VEY7ajduYjnv3h7jlN4BiluwIJ0eCOO9qmoqEUXahO2iy%2FJnJ9RbYZ8oFLtuvp%2BTWIaeWhzun0ulWvR9CDTLi%2Fgq7v8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d87ee781b042d8b-KBP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=61369&sent=114&recv=71&lost=0&retrans=0&sent_bytes=110437&recv_bytes=11242&delivery_rate=224248&cwnd=35100&unsent_bytes=0&cid=24a8cc9347971740&ts=1901&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 26 Oct 2024 05:08:58 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
server: cloudflare
priority: u=0,i=?0

GET
H3 404 external.html
grupgrup.c2dx.xyz/grup01/ 0
0 296ms
296ms Font
text/html 172.67.213.131
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://grupgrup.c2dx.xyz/grup01/external.html?link=http://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by: Host: grupgrup.c2dx.xyz
URL: https://grupgrup.c2dx.xyz/grup01/haykaljb/css/font-robotoc4ca.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.213.131 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Origin: https://grupgrup.c2dx.xyz
Referer: https://grupgrup.c2dx.xyz/grup01/haykaljb/css/font-robotoc4ca.css

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JmpEt6huPmuOE6ix1W%2BSTIxYUtAypKdP0GsMhpfK9M%2BTPwKycf2IXkctedr1xROaZCu8IMed0mtW5krWM6lL86gASoLNBZmDxle%2BgkBmgZYwlsYhGMTglOGXog7cTB5nNygNUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d87ee781b082d8b-KBP
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=68887&sent=108&recv=54&lost=0&retrans=0&sent_bytes=106710&recv_bytes=10485&delivery_rate=109473&cwnd=34200&unsent_bytes=0&cid=24a8cc9347971740&ts=1735&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 26 Oct 2024 05:08:58 GMT
content-type: text/html; charset=iso-8859-1
vary: Accept-Encoding
server: cloudflare
priority: u=0,i=?0

GET
H2 200 favicon.ico
telegram.org/img/ 15 KB
15 KB 219ms
65ms Other
image/x-icon 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/img/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

4ff54bc38c267dc3a8c95f6ed4590336baaec70433ef15d027ddca608c391e78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer: https://grupgrup.c2dx.xyz/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=604800
etag: "62616083-3aee"
expires: Sat, 02 Nov 2024 05:08:58 GMT
accept-ranges: bytes
content-length: 15086
date: Sat, 26 Oct 2024 05:08:58 GMT
content-type: image/x-icon
last-modified: Thu, 21 Apr 2022 13:47:47 GMT
server: nginx/1.18.0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| TWallpaper object| tme_bg function| toggleTheme object| darkMedia

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://grupgrup.c2dx.xyz/grup01/ast/css/main.html Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://grupgrup.c2dx.xyz/code.jquery.com/jquery-3.5.1.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://grupgrup.c2dx.xyz/grup01/external.html?link=http://telegram.org/img/tgme/pattern.svg?1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://grupgrup.c2dx.xyz/grup01/external.html?link=http://telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://grupgrup.c2dx.xyz/grup01/external.html?link=http://telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

grupgrup.c2dx.xyz
telegram.org
172.67.213.131
2001:67c:4e8:f004::9
2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6
28446a47dc2e43f4dbf5fadb260e100787bb844bb513de454a887cbab0154f76
2e5f9c05cb72fe44241345f2528a5a2578d48e1de9a7c5b2779749d2d210f381
49d036c044394dbe84fe6c001dad1733d25fb38f11f8861e78a94f8930b8ec24
4ff54bc38c267dc3a8c95f6ed4590336baaec70433ef15d027ddca608c391e78
8fd70332a89fc34c404227205d65a96908fdb027d1c4dadedf3acc1411ec6c64
b9efbe5d820d9076dd1611d0f1cad78fa323bd28ee95a48e6e6f8c366f04afb6
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

grupgrup.c2dx.xyz Open in urlscan Pro 172.67.213.131 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

112 kBTransfer

244 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

grupgrup.c2dx.xyz Open in urlscan Pro
172.67.213.131 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

112 kB
Transfer

244 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!