urlscan.io logo urlscan.io
SecurityTrails logo

pfejzmnb0a.mba Open in urlscan Pro
172.67.179.30  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://pfejzmnb0a.mba/
Submission: On January 09 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 172.67.179.30, located in United States and belongs to CLOUDFLARENET, US. The main domain is pfejzmnb0a.mba.
TLS certificate: Issued by WE1 on January 5th 2025. Valid for: 3 months.
This is the only time pfejzmnb0a.mba was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
1 12 172.67.179.30 13335 (CLOUDFLAR...)
16 2
Apex Domain
Subdomains		 Transfer
12 pfejzmnb0a.mba
pfejzmnb0a.mba
79 KB
16 1
Domain Requested by
12 pfejzmnb0a.mba 1 redirects pfejzmnb0a.mba
16 1

This site contains links to these domains. Also see Links.

Domain
core.telegram.org
Subject Issuer Validity Valid
pfejzmnb0a.mba
WE1		 2025-01-05 -
2025-04-05		 3 months crt.sh

This page contains 2 frames:

Frame: https://pfejzmnb0a.mba/k/
Frame ID: 125106D460B384424E54C37D77CD1F9C
Requests: 10 HTTP requests in this frame

Frame: https://pfejzmnb0a.mba/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js
Frame ID: 7F956C5637944E2BD500E02016DF285D
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Telegram Support

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

16
Requests

63 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

78 kB
Transfer

264 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://pfejzmnb0a.mba/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://pfejzmnb0a.mba/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
pfejzmnb0a.mba/ 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pfejzmnb0a.mba/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.179.30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
757b8fac509396bbf773f0df2f0757914d287c51be56fcdfc66fa845ed916f1a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8ff4cc9569f89116-FRA
content-encoding
zstd
content-type
text/html
date
Thu, 09 Jan 2025 13:33:27 GMT
last-modified
Mon, 30 Dec 2024 18:42:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6oHF7AZB1oCZknibYzEqgbIp%2FHjE%2BA2e5chZ7zHOsnO2AiF99p85DqD7SrWsk32S2S%2Bl5cySsf78o%2FgKuPLNQd0p3J0Z34MKS1c4kuaQZNtbbatXE7x1%2BuRDXDudHEz4zw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=7153&min_rtt=6590&rtt_var=1773&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4201&recv_bytes=4535&delivery_rate=868&cwnd=12000&unsent_bytes=0&cid=f871fa9a58a29c44&ts=516&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
x-cache
MISS
bootstrap.min.css
pfejzmnb0a.mba/files/ 		42 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pfejzmnb0a.mba/files/bootstrap.min.css
Requested by
Host: pfejzmnb0a.mba
URL: https://pfejzmnb0a.mba/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.179.30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pfejzmnb0a.mba/

Response headers

content-encoding
gzip
cf-cache-status
REVALIDATED
etag
W/"6772e98b-a61b"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VJycYxylis33zSAXD5oWcGa2y1cZ6i2QYrxKwurdXdcH5WC4%2BHgOZxprkd%2Bx38OfYpzUC%2Fmhmw0DAZsWF%2FkyaDHNQt5Jg%2BaGJgQm7OhwijQdIHLrDIc69GS1mmakDJXHgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=9374&min_rtt=6590&rtt_var=4095&sent=19&recv=20&lost=0&retrans=0&sent_bytes=9660&recv_bytes=6454&delivery_rate=394619&cwnd=12000&unsent_bytes=0&cid=f871fa9a58a29c44&ts=1163&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 09 Jan 2025 13:33:28 GMT
content-type
text/css
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8ff4cc998c519116-FRA
server
cloudflare
index.css
pfejzmnb0a.mba/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pfejzmnb0a.mba/index.css
Requested by
Host: pfejzmnb0a.mba
URL: https://pfejzmnb0a.mba/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.179.30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c212d7f877e37e31e5f815aff89652da368f22981004a7e9d3cf867e9c96599

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pfejzmnb0a.mba/

Response headers

content-encoding
gzip
cf-cache-status
REVALIDATED
etag
W/"6772e98c-580"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sk%2FDNTreDbSnUlgdhocnLh37o6nU6y67VeYluuGa%2FbjFY6Yk%2BMy4V%2BQu5oamWqqJ6kjIIaxUv700Rq5eaQ2SyVMQ4e4U4ZIhvPDfaFCFrWPfWyeIWYIjlprCzbEbpaOATQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=9374&min_rtt=6590&rtt_var=4095&sent=30&recv=20&lost=0&retrans=0&sent_bytes=21660&recv_bytes=6454&delivery_rate=394619&cwnd=12000&unsent_bytes=0&cid=f871fa9a58a29c44&ts=1176&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 09 Jan 2025 13:33:28 GMT
content-type
text/css
last-modified
Mon, 30 Dec 2024 18:42:20 GMT
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8ff4cc998c529116-FRA
server
cloudflare
telegram.css
pfejzmnb0a.mba/files/ 		113 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pfejzmnb0a.mba/files/telegram.css
Requested by
Host: pfejzmnb0a.mba
URL: https://pfejzmnb0a.mba/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.179.30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0fed69363a40e503cfcb65023e8bfdb9b98de62b1b7d938fcfb727fd16066580

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pfejzmnb0a.mba/

Response headers

content-encoding
gzip
cf-cache-status
REVALIDATED
etag
W/"6772e98b-1c21c"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xxRmyogduFfIQN16CD2zC9P9T4wZUy8ndQKwPjqK6%2BESnK7IKrGH0i6HNw6FwkL0k2YCRc%2BfMDpcQtPPkBcnPABEGTKVA0cyrk77mPH7XkBs0Wu0ffZ5QEFom54qN9UTGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=10802&min_rtt=6590&rtt_var=3185&sent=47&recv=24&lost=0&retrans=0&sent_bytes=38903&recv_bytes=6626&delivery_rate=19783&cwnd=21600&unsent_bytes=0&cid=f871fa9a58a29c44&ts=1185&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 09 Jan 2025 13:33:28 GMT
content-type
text/css
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8ff4cc998c539116-FRA
server
cloudflare
i18n.js
pfejzmnb0a.mba/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pfejzmnb0a.mba/js/i18n.js
Requested by
Host: pfejzmnb0a.mba
URL: https://pfejzmnb0a.mba/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.179.30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fad7e5604b38a58e74ebfcf5208551752c671234341958e3b1585bd7eea42e9e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pfejzmnb0a.mba/

Response headers

content-encoding
gzip
cf-cache-status
REVALIDATED
etag
W/"6772e98b-d1c"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S6QFRZJbezhLNMjKsgwS612n68ODsFKgwH0juJdBzianmT%2BQ0fdkJ1IBsE2RRCioFMzgAmQdQcLoZnLKzgFGQydGrrTNMWw3FoS6ctlLgBXGdelAtVs3TEM8RHfwkqskPg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=9374&min_rtt=6590&rtt_var=4095&sent=30&recv=20&lost=0&retrans=0&sent_bytes=21660&recv_bytes=6454&delivery_rate=394619&cwnd=12000&unsent_bytes=0&cid=f871fa9a58a29c44&ts=1172&x=1", cfExtPri, cfHdrFlush;dur=4
date
Thu, 09 Jan 2025 13:33:28 GMT
content-type
application/javascript
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
priority
u=1,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8ff4cc998c549116-FRA
server
cloudflare
main.js
pfejzmnb0a.mba/files/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pfejzmnb0a.mba/files/main.js
Requested by
Host: pfejzmnb0a.mba
URL: https://pfejzmnb0a.mba/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.179.30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51c4d88fd78f3b8efb16f845e75be7f1bb288fdf2fd39d033868a0346db7fadb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pfejzmnb0a.mba/

Response headers

content-encoding
gzip
cf-cache-status
REVALIDATED
etag
W/"6772e98b-53e6"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sN29ix2zbyclcOWHY0%2FE811ZR%2BXefJByKjKw9xl3GCresI70vqOfTkrDogJ%2FWkIyjL4BVPvQBGPSh%2BoXzNmFWGWKvAFGAmuFyF6SP86BkHX%2BHAFvCZ41eo8g3Onhjh6FFw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=9374&min_rtt=6590&rtt_var=4095&sent=28&recv=20&lost=0&retrans=0&sent_bytes=20133&recv_bytes=6454&delivery_rate=394619&cwnd=12000&unsent_bytes=0&cid=f871fa9a58a29c44&ts=1165&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 09 Jan 2025 13:33:28 GMT
content-type
application/javascript
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
priority
u=1,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8ff4cc998c559116-FRA
server
cloudflare
tgsticker.js
pfejzmnb0a.mba/files/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pfejzmnb0a.mba/files/tgsticker.js
Requested by
Host: pfejzmnb0a.mba
URL: https://pfejzmnb0a.mba/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.179.30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f843ec50116b144b274c206d7fe25d70328ea6cf38bfcd349c1647f400c284b2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pfejzmnb0a.mba/

Response headers

content-encoding
gzip
cf-cache-status
REVALIDATED
etag
W/"6772e98b-6019"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yHGT9Sea1HWk1ZY6RZ9XBxuWqVWEBAeCS63rPNvtUIgVgGE4YzdltVUvGWbBV81G3i6HhC7ircdnOzzRhBIWk7TeJL%2BJQAzMNEbE488oOypb1xp08qZiYTYroM9VD27qPA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=10802&min_rtt=6590&rtt_var=3185&sent=40&recv=24&lost=0&retrans=0&sent_bytes=31545&recv_bytes=6626&delivery_rate=19783&cwnd=21600&unsent_bytes=0&cid=f871fa9a58a29c44&ts=1181&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 09 Jan 2025 13:33:28 GMT
content-type
application/javascript
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
priority
u=1,i=?0
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8ff4cc998c569116-FRA
server
cloudflare
tgsticker-worker.js
pfejzmnb0a.mba/js/ Frame 		0
0
t_logo_sprite.svg
pfejzmnb0a.mba/img/ 		23 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pfejzmnb0a.mba/img/t_logo_sprite.svg
Requested by
Host: pfejzmnb0a.mba
URL: https://pfejzmnb0a.mba/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.179.30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
832fbefd7a4fe8f651058597d9f1910883d1cbd56d0ceb343e7d6170aeecf982

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pfejzmnb0a.mba/

Response headers

content-encoding
zstd
cf-cache-status
REVALIDATED
etag
W/"6772e98b-5a4c"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PsmBD3WxiU%2BaNZv6qCL9YkPTJ%2BcVp7rKTuNns1SmbzLU5QsjZ8rj23UbpErYti30tEoF7%2F9uZVqBhrdsy0GX%2BbYpM1RwK2oNfBRJ%2BRPRfNHB6uhEGk0zKRKbOgDty5Xi5g%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=25921&min_rtt=6590&rtt_var=7632&sent=90&recv=71&lost=0&retrans=0&sent_bytes=78001&recv_bytes=26195&delivery_rate=19877&cwnd=38700&unsent_bytes=0&cid=f871fa9a58a29c44&ts=1730&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 09 Jan 2025 13:33:28 GMT
content-type
image/svg+xml
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
priority
u=3,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8ff4cc9d0ee49116-FRA
server
cloudflare
main.js
pfejzmnb0a.mba/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/ Frame 7F95
Redirect Chain
  • https://pfejzmnb0a.mba/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://pfejzmnb0a.mba/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js?
9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pfejzmnb0a.mba/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js?
Requested by
Host: pfejzmnb0a.mba
URL: https://pfejzmnb0a.mba/
Protocol
H3
Server
172.67.179.30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
574f7a81dbc798fa975cc59e32d8656354ec6b1f167d06f0cd0d1012e350cef7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OZeeEOn%2BwzdMP0PDXy6k9n5w78KCzNDRvVUmLFA3MCvG4pWlE56CQq0LOZ1wnfyUUdIhQ57x%2FHipPOWiVBkorCbYJyS15Braopg%2F0jk6gt2aqMWUswb%2F2%2FI%2BK0wkxBNkRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8ff4cc9d5f1d9116-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=30344&min_rtt=6590&rtt_var=8693&sent=80&recv=52&lost=0&retrans=0&sent_bytes=68715&recv_bytes=8870&delivery_rate=15835&cwnd=38700&unsent_bytes=0&cid=f871fa9a58a29c44&ts=1307&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 09 Jan 2025 13:33:28 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0

Redirect headers

cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/849bfe45bf45/main.js?
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q8pUpddSp0fE0EQvsE%2Bl5D4B28Jt0PAmNIGqh9YnzuxFz7CiPXgMVrW1QuR3iRETQQeUfPy1xOPmFqwRzE1Ez8GJ7QY8wTkyNETI3%2FGt77Ocl%2BIeimfWJnTlvHxTJUJYEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ff4cc9d2f019116-FRA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
0
server-timing
cfL4;desc="?proto=QUIC&rtt=33343&min_rtt=6590&rtt_var=3594&sent=78&recv=51&lost=0&retrans=0&sent_bytes=67966&recv_bytes=8581&delivery_rate=905919&cwnd=38700&unsent_bytes=0&cid=f871fa9a58a29c44&ts=1290&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 09 Jan 2025 13:33:28 GMT
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0
8ff4cc9569f89116
pfejzmnb0a.mba/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 7F95 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pfejzmnb0a.mba/cdn-cgi/challenge-platform/h/g/jsd/r/8ff4cc9569f89116
Requested by
Host: pfejzmnb0a.mba
URL: https://pfejzmnb0a.mba/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.179.30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7w%2BtPd%2BzN1mVsjlooYjNu%2Ft4%2BWsl0TxkrXByKq8I9GT9gmQptk8bcmPzAxKL9%2BPSz3vV1ibdVBIY2ZQKPMLOiIaKu7FaugP0lPa9gX6DQwKO%2BRZ%2BRTwF7H2H8nyVFMOX6A%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8ff4cc9ebff69116-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=26110&min_rtt=6590&rtt_var=9670&sent=86&recv=70&lost=0&retrans=0&sent_bytes=73756&recv_bytes=26150&delivery_rate=379697&cwnd=38700&unsent_bytes=0&cid=f871fa9a58a29c44&ts=1526&x=1", cfExtPri, cfHdrFlush;dur=0
content-length
0
date
Thu, 09 Jan 2025 13:33:28 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
priority
u=1,i
favicon.ico
pfejzmnb0a.mba/files/img/ 		15 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://pfejzmnb0a.mba/files/img/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.179.30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ff54bc38c267dc3a8c95f6ed4590336baaec70433ef15d027ddca608c391e78

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pfejzmnb0a.mba/

Response headers

content-encoding
zstd
cf-cache-status
REVALIDATED
etag
W/"6772e98b-3aee"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2riM5w1VWgbQORuCNEwPBqmU7FvVArSk9vu8AbX%2FcBx8DiMh2Y9J%2BSqF5OdTm%2BIvoKjqmc0puvqqx7eOkaSupGap01zM7VX2n47LHd6WZFIVyr%2BGS2FDJ0Z8Ah2Av%2FkHZA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
MISS
server-timing
cfL4;desc="?proto=QUIC&rtt=17876&min_rtt=6590&rtt_var=10651&sent=99&recv=78&lost=0&retrans=0&sent_bytes=85555&recv_bytes=27818&delivery_rate=1571009&cwnd=38700&unsent_bytes=0&cid=f871fa9a58a29c44&ts=2221&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 09 Jan 2025 13:33:29 GMT
content-type
image/x-icon
last-modified
Mon, 30 Dec 2024 18:42:19 GMT
vary
Accept-Encoding
priority
u=1,i
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8ff4cca028d79116-FRA
server
cloudflare
tgsticker-worker.js
pfejzmnb0a.mba/js/ Frame 		0
0
tgsticker-worker.js
pfejzmnb0a.mba/js/ Frame 		0
0
tgsticker-worker.js
pfejzmnb0a.mba/js/ Frame 		0
0
/
pfejzmnb0a.mba/k/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
pfejzmnb0a.mba
URL
https://pfejzmnb0a.mba/js/tgsticker-worker.js
Domain
pfejzmnb0a.mba
URL
https://pfejzmnb0a.mba/js/tgsticker-worker.js
Domain
pfejzmnb0a.mba
URL
https://pfejzmnb0a.mba/js/tgsticker-worker.js
Domain
pfejzmnb0a.mba
URL
https://pfejzmnb0a.mba/js/tgsticker-worker.js
Domain
pfejzmnb0a.mba
URL
https://pfejzmnb0a.mba/k/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| updateLanguage number| startTime function| dT object| jsonpCallbacks function| twitterCustomShareInit function| blogRecentNewsInit function| blogSideImageUpdate function| blogSideImageInit function| cancelEvent function| trackDlClick function| backToTopInit function| backToTopGo function| backToTopResize function| backToTopScroll function| removePreloadInit function| getXY function| dropdownClick function| dropdownHide function| dropdownPageClick function| escapeHTML function| videoTogglePlay function| getDevPageNav function| showTitleIfOverflows function| initDevPageNav function| updateDevPageNav function| updateMenuAffix function| initScrollVideos function| checkScrollVideos function| videoPreloadPosterDimensions function| isVisibleEnough function| getFullOffsetY function| redraw function| initRipple function| mainInitRetinaVideos function| mainInitDemoAutoplay function| mainDemoVideoHover function| mainDemoVideoDoHover function| mainInitLogo function| mainInitTgStickers function| setCookie function| getCookie function| mainScrollTo object| RLottie object| QueryableWorkerProxy function| QueryableWorker function| FrameQueue function| triggerEvent string| key

1 Cookies

Domain/Path Name / Value
.pfejzmnb0a.mba/ Name: cf_clearance
Value: N3.3OjpgbCTXXqEG0wJt4S3MEMSF1kQ40UM.pV0tjk8-1736429608-1.2.1.1-A.Jd4GHu5Ba1mlt5XOp1zFRcpe58mI5kUlxe2AUzI8eAz00efrAxMhF_GyZajjzH6ZjlQ2p12ZNneAhEreQ5Hi7QWM5RjSqxHz4RTAucYyXmxySyczYV1ouoXFoUH.eovK8i0JasAKBHFt7BNyFYDRhkVpeiHLgAVdDf2lAnCqR1phK9X6qgybTbtEX.o1mO7Crt6qLNX2kUm51pzrJ0SNzG_nQNvnDuXyL0qN3y6dIXZVUip9pRAPfggsPzYXin4lzHmbeZK_hlUxaZhjf7LpjNdwWmKtEB8I9vpGMdtsFp_JGo4AfvfXhmXlyc5KCOqogEsJIRFYjegEQ7UV.bsG_FVvuPG7X_0AVo9XKONOCFeudN9C.dlPZKjpjurq6W