telegramlogin.benjifox.gay Open in urlscan Pro
172.67.162.204 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://telegramlogin.benjifox.gay/
Submission: On May 18 via automatic, source certstream-suspicious (May 18th 2024, 11:06:32 am UTC) — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 11 HTTP transactions. The main IP is 172.67.162.204, located in United States and belongs to CLOUDFLARENET, US. The main domain is telegramlogin.benjifox.gay.
TLS certificate: Issued by E1 on May 18th 2024. Valid for: 3 months.

This is the only time telegramlogin.benjifox.gay was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 6	172.67.162.204 172.67.162.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2001:67c:4e8:... 2001:67c:4e8:f004::9	62041 (TELEGRAM) (TELEGRAM)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c1d::9a	15169 (GOOGLE) (GOOGLE)
1	142.250.185.100 142.250.185.100	15169 (GOOGLE) (GOOGLE)
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	6

6 172.67.162.204 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

telegramlogin.benjifox.gay	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:67c:4e8:f004::9 (Amsterdam, Netherlands)

ASN62041 (TELEGRAM, VG)

telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
oauth.telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.mechapower.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1d::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

status.mechapower.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	benjifox.gay 1 redirects telegramlogin.benjifox.gay	15 KB
2	mechapower.eu cdn.mechapower.eu status.mechapower.eu	4 KB
2	telegram.org telegram.org — Cisco Umbrella Rank: 11351 oauth.telegram.org — Cisco Umbrella Rank: 273055	6 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 89	253 B
11	5

	Domain	Requested by
6	telegramlogin.benjifox.gay	1 redirects telegramlogin.benjifox.gay
1	status.mechapower.eu	cdn.mechapower.eu
1	www.google.com	telegramlogin.benjifox.gay
1	stats.g.doubleclick.net	telegramlogin.benjifox.gay
1	cdn.mechapower.eu	telegramlogin.benjifox.gay
1	oauth.telegram.org	telegram.org
1	telegram.org	telegramlogin.benjifox.gay
11	7

This site contains no links.

Subject Issuer	Validity	Valid
benjifox.gay E1	`2024-05-18` - `2024-08-16`	3 months	crt.sh
*.telegram.org Go Daddy Secure Certificate Authority - G2	`2023-08-11` - `2024-09-11`	a year	crt.sh
cdn.mechapower.eu E1	`2024-05-11` - `2024-08-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-05-06` - `2024-07-29`	3 months	crt.sh
*.google.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
status.mechapower.eu GTS CA 1P5	`2024-04-15` - `2024-07-14`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://telegramlogin.benjifox.gay/
Frame ID: B058B459A67B814D07D8D6B45EE2939A
Requests: 8 HTTP requests in this frame

Frame: https://telegramlogin.benjifox.gay/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
Frame ID: 231EB26BD401E643815E2C26856C2CD6
Requests: 2 HTTP requests in this frame

Frame: https://oauth.telegram.org/embed/MPAuthentication_bot?origin=https%3A%2F%2Ftelegramlogin.benjifox.gay&return_to=https%3A%2F%2Ftelegramlogin.benjifox.gay%2F&size=large&request_access=write
Frame ID: FC81A09651FA478B271625850BC823CA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telegram Login

Page Statistics

11
Requests

91 %
HTTPS

50 %
IPv6

5
Domains

7
Subdomains

6
IPs

3
Countries

26 kB
Transfer

58 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://telegramlogin.benjifox.gay/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://telegramlogin.benjifox.gay/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
telegramlogin.benjifox.gay/ 4 KB
2 KB 373ms
283ms Document
text/html 172.67.162.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://telegramlogin.benjifox.gay/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.162.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1d17e245160b2957a30956592b11586332fb047d2fe0519893844040d75ba6e

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-ray: 885b60b7585a362d-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 18 May 2024 11:06:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ivdNoSOGY8s6fFZEXyq73W0fZSmAsd2hfFPUw%2BXXxEGxQ6%2BLNgCtFU4TTBQ5ENts1LwwnFPc838y2WNmd8T9GW5AvIcLHQ1kByFrMmew2r%2FpmFMTshrojpmdEv1FCcHB2vKji1lNrgV7%2FBY2jw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 telegram-widget.js Show response
telegram.org/js/ 20 KB
6 KB 256ms
70ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/telegram-widget.js?22

Requested by

Host: telegramlogin.benjifox.gay
URL: https://telegramlogin.benjifox.gay/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

0f6cdd09b3bbebf50c4e1679aff6f021f5e183a4ba2dea3a0801394599ff6afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://telegramlogin.benjifox.gay/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 18 May 2024 11:06:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Mon, 03 Apr 2023 11:46:12 GMT
server: nginx/1.18.0
etag: W/"642abc84-4ff5"
content-type: application/javascript
cache-control: max-age=345600
expires: Wed, 22 May 2024 11:06:26 GMT

GET
H3

200

main.js Show response
telegramlogin.benjifox.gay/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/ Frame 231E
Redirect Chain

https://telegramlogin.benjifox.gay/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://telegramlogin.benjifox.gay/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js

8 KB
4 KB

107ms
96ms

Script
application/javascript

172.67.162.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://telegramlogin.benjifox.gay/cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js

Requested by

Host: telegramlogin.benjifox.gay
URL: https://telegramlogin.benjifox.gay/

Protocol

Server

172.67.162.204 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14e97f8beb373febaa0702cf5c4715118deadc87fd2bc9d400b7192072962b1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Sat, 18 May 2024 11:06:26 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1UT4NWe4%2By5J0Or1%2BqffLsh7OAi3gz%2FJYEu4pw73P9sbcfVK3xqxWyyVgkSb6o8P0LgdjpOWeYXFymrEijIjhynVOZi361wISX8lhWILUm4KNECJTd7xGOOof5qZOzwCQX3GP3fBzxz5%2FKkmaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 885b60bc7ef1362d-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Sat, 18 May 2024 11:06:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6CCQMtXtrqTUjWWohd1PkPzAATxJlo7wHZvTjTOuE01EdE4CBCKv2BidF8BDohQGgJv9ZHubY%2FsDxlMbiNBM%2FTzGTf04OhX6cTsF7DLOST8ZmcFCBWh3MLq8td3Ys0ZdMbsuvEoZPXVtXXTZMw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/695da7821231/main.js
cache-control: max-age=300, public
cf-ray: 885b60bb8d94362d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 s.js Show response
telegramlogin.benjifox.gay/cdn-cgi/zaraz/ 17 KB
8 KB 114ms
114ms Script
text/javascript 172.67.162.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://telegramlogin.benjifox.gay/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyVGVsZWdyYW0lMjBMb2dpbiUyMiUyQyUyMnglMjIlM0EwLjMyOTEwODc2MjU3NTAzOTUlMkMlMjJ3JTIyJTNBMTYwMCUyQyUyMmglMjIlM0ExMjAwJTJDJTIyaiUyMiUzQTEyMDAlMkMlMjJlJTIyJTNBMTYwMCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnRlbGVncmFtbG9naW4uYmVuamlmb3guZ2F5JTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EtMTIwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==
Requested by: Host: telegramlogin.benjifox.gay
URL: https://telegramlogin.benjifox.gay/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.162.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 620f53169e76979d054329f7305f831901bb2c368fb4ea3318106445b564c251

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://telegramlogin.benjifox.gay/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 18 May 2024 11:06:26 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-max-age: 600
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: https://telegramlogin.benjifox.gay
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UIVEzg8Gstcw9vrmFuezrk%2FAUx5ttYqMDiw97HWKSDMeQ2UU23jOUtjxF7fyKQFQHrxB8prcw2khWZaJeF3hEWKT7x%2F7OQOSH8GuEZkyNjCZ4gtnuMagayvbSv0AJ7cSFhchliKxnG5YPaf%2Fww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
access-control-allow-credentials: true
x-robots-tag: none
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
alt-svc: h3=":443"; ma=86400
cf-ray: 885b60bb9da3362d-FRA

GET
H2 200 MPAuthentication_bot
oauth.telegram.org/embed/ Frame FC81 0
0 503ms
52ms Document
text/html 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://oauth.telegram.org/embed/MPAuthentication_bot?origin=https%3A%2F%2Ftelegramlogin.benjifox.gay&return_to=https%3A%2F%2Ftelegramlogin.benjifox.gay%2F&size=large&request_access=write

Requested by

Host: telegram.org
URL: https://telegram.org/js/telegram-widget.js?22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://telegramlogin.benjifox.gay
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	ALLOW-FROM https://telegramlogin.benjifox.gay

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://telegramlogin.benjifox.gay/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-store
content-encoding: gzip
content-length: 713
content-security-policy: frame-ancestors https://telegramlogin.benjifox.gay
content-type: text/html; charset=utf-8
date: Sat, 18 May 2024 11:06:27 GMT
pragma: no-cache
server: nginx/1.18.0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: ALLOW-FROM https://telegramlogin.benjifox.gay

GET
H2 200 dialog-benjiblog-2.js Show response
cdn.mechapower.eu/status/ 3 KB
2 KB 284ms
128ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.mechapower.eu/status/dialog-benjiblog-2.js

Requested by

Host: telegramlogin.benjifox.gay
URL: https://telegramlogin.benjifox.gay/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

506836562f1c34dfb2db9f736e7cfb2d51eacdaef15d236888a13b2ac107e8ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://telegramlogin.benjifox.gay/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 18 May 2024 11:06:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=3793
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"2d7f908a1c3f01092719bf161137924b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BrXT%2FlYqR0M%2BoCG5ZcUV0%2F3hnDGqWdcyvTZ3aNrdNVJWRNL44ly%2Bx0qvScFhEAx1pIrkCL%2FGbt0g4xsZN2nnDwDnjAF9MV3Rtu84LhN4XMO82q%2BPn2jMOJejukay6868hV1dyh76Yr0dVYK7Jm31sw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800, must-revalidate
x-robots-tag: noindex
cf-ray: 885b60bd8a8630db-FRA

POST
H2 204 collect Show response
stats.g.doubleclick.net/g/ 0
253 B 211ms
58ms XHR
text/plain 2a00:1450:400c:c1d::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?t=dc&aip=1&_r=3&v=1&_v=j86&tid=G-4Z3XQZ253X&cid=b5e6f175-a7f0-4a70-ba62-e27f8e322c32&_u=KGDAAEADQAAAAC%7E&z=1837604862
Requested by: Host: telegramlogin.benjifox.gay
URL: https://telegramlogin.benjifox.gay/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c1d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://telegramlogin.benjifox.gay/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 18 May 2024 11:06:26 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://telegramlogin.benjifox.gay
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
0 182ms
66ms Fetch
image/gif 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&v=1&_v=j86&tid=G-4Z3XQZ253X&cid=b5e6f175-a7f0-4a70-ba62-e27f8e322c32&_u=KGDAAEADQAAAAC%7E&z=1837604862&slf_rd=1

Requested by

Host: telegramlogin.benjifox.gay
URL: https://telegramlogin.benjifox.gay/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyVGVsZWdyYW0lMjBMb2dpbiUyMiUyQyUyMnglMjIlM0EwLjMyOTEwODc2MjU3NTAzOTUlMkMlMjJ3JTIyJTNBMTYwMCUyQyUyMmglMjIlM0ExMjAwJTJDJTIyaiUyMiUzQTEyMDAlMkMlMjJlJTIyJTNBMTYwMCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRnRlbGVncmFtbG9naW4uYmVuamlmb3guZ2F5JTJGJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EtMTIwJTJDJTIycSUyMiUzQSU1QiU1RCU3RA==

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://telegramlogin.benjifox.gay/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Sat, 18 May 2024 11:06:26 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: https://telegramlogin.benjifox.gay
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 885b60b7585a362d Show response
telegramlogin.benjifox.gay/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 231E 0
612 B 91ms
81ms XHR
text/plain 172.67.162.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://telegramlogin.benjifox.gay/cdn-cgi/challenge-platform/h/b/jsd/r/885b60b7585a362d
Requested by: Host: telegramlogin.benjifox.gay
URL: https://telegramlogin.benjifox.gay/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.162.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 18 May 2024 11:06:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T6VWrt5TCI61ivi4H76liNw%2Fj7ejF%2FO4CZv%2BrFRNPvKPIPKS2Vq9srkZQkjruMHv0uDnlDfA75qRtC1Eg2zg8PYEeWFjNyKE74k0G%2BkyrQAGCKmW%2Bf3F%2BQjr8VhSZG6bBssUMLeXfaCUp5ZmGg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 885b60bdf90a362d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 index.json Show response
status.mechapower.eu/ 7 KB
3 KB 304ms
144ms Fetch
application/json 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://status.mechapower.eu/index.json

Requested by

Host: cdn.mechapower.eu
URL: https://cdn.mechapower.eu/status/dialog-benjiblog-2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

601214a645fd7ac6347cd0dcb66200021aaadbd67be159ba00527d053f63756a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://telegramlogin.benjifox.gay/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 18 May 2024 11:06:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3ee21718f273a70be51ef6a65eb6e361"
vary: Accept-Encoding
access-control-allow-methods: "GET,OPTIONS"
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uasUhBsUL8LAIw4X2DrkQBx4NkVHNfExYm6%2BSZrgJBWAMNMew5gjwKGzNTGK6IDKwtMOTSKluRvZScfs83pZ2q5QEUr5Sv6CAkCuVx11Q1%2F9fkbf6rHgJMcQq2n1xpcdILy7UaYfJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=0, must-revalidate
x-robots-tag: noindex
access-control-allow-headers: "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version"
cf-ray: 885b60bf5a142bc9-FRA

GET
H3 404 favicon.ico
telegramlogin.benjifox.gay/ 13 B
429 B 96ms
92ms Other
text/plain 172.67.162.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://telegramlogin.benjifox.gay/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.162.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d04f7431bbfa41a04bcc7e6b98b9de0d919756c4c671c5785c99fff45f16402

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://telegramlogin.benjifox.gay/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 18 May 2024 11:06:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jvfyg8kvmQ6gdB%2BgWz4HGw30L%2B8Jmyf3ytFtGjxQQda0GNc8JV9bz26lHELq0g%2BwhLuiMedXPVV5E5Ccb2fK%2FFfXMz7zyPDIcf8utmNLNwje5Hg5I4yZazakjHobYXWNuPbEzjFH%2FwmddxPeRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 885b60c3d9b8362d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 13

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.benjifox.gay/	1970-01-21 06:16:30	Name: cfz_google-analytics Value: %7B%22RRog__ga%22%3A%7B%22v%22%3A%22f13929f3-852d-45db-bfb8-ddc29e7b84eb%22%2C%22e%22%3A1747566386510%7D%7D
.benjifox.gay/	1970-01-21 06:16:30	Name: cfz_google-analytics_v4 Value: %7B%22ymsR_engagementDuration%22%3A%7B%22v%22%3A%220%22%2C%22e%22%3A1747566386510%7D%2C%22ymsR_engagementStart%22%3A%7B%22v%22%3A%221716030386510%22%2C%22e%22%3A1747566386510%7D%2C%22ymsR_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1747566386510%7D%2C%22ymsR_ga4sid%22%3A%7B%22v%22%3A%22997070149%22%2C%22e%22%3A1716032186510%7D%2C%22ymsR_session_counter%22%3A%7B%22v%22%3A%221%22%2C%22e%22%3A1747566386510%7D%2C%22ymsR_ga4%22%3A%7B%22v%22%3A%22b5e6f175-a7f0-4a70-ba62-e27f8e322c32%22%2C%22e%22%3A1747566386510%7D%2C%22ymsR__z_ga_audiences%22%3A%7B%22v%22%3A%22b5e6f175-a7f0-4a70-ba62-e27f8e322c32%22%2C%22e%22%3A1747566386510%7D%2C%22ymsR_let%22%3A%7B%22v%22%3A%221716030386510%22%2C%22e%22%3A1747566386510%7D%7D
.benjifox.gay/	1970-01-21 05:26:06	Name: cf_clearance Value: BBJqWED5pGrsTRptpm9tMwOzHUEkKGLSD4c0aPVCTdk-1716030386-1.0.1.1-QLPk1OI41u9GEZIDmE2nr4n_OogQvHtlg2STU7X9tmIJ2t33qZmOXbxfvR5TnDWtTO9QIDYByuotaVri_Q4aEw
oauth.telegram.org/	1970-01-21 05:19:18	Name: stel_ssid Value: c4cae78efbc90fe3b6_11716096171983113976

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://telegramlogin.benjifox.gay/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://telegramlogin.benjifox.gay/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.mechapower.eu
oauth.telegram.org
stats.g.doubleclick.net
status.mechapower.eu
telegram.org
telegramlogin.benjifox.gay
www.google.com
142.250.185.100
172.67.162.204
188.114.97.3
2001:67c:4e8:f004::9
2a00:1450:400c:c1d::9a
2a06:98c1:3120::3
0f6cdd09b3bbebf50c4e1679aff6f021f5e183a4ba2dea3a0801394599ff6afd
14e97f8beb373febaa0702cf5c4715118deadc87fd2bc9d400b7192072962b1c
506836562f1c34dfb2db9f736e7cfb2d51eacdaef15d236888a13b2ac107e8ec
601214a645fd7ac6347cd0dcb66200021aaadbd67be159ba00527d053f63756a
620f53169e76979d054329f7305f831901bb2c368fb4ea3318106445b564c251
7d04f7431bbfa41a04bcc7e6b98b9de0d919756c4c671c5785c99fff45f16402
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1d17e245160b2957a30956592b11586332fb047d2fe0519893844040d75ba6e

telegramlogin.benjifox.gay Open in urlscan Pro 172.67.162.204 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

11 Requests

91 %HTTPS

50 %IPv6

5 Domains

7 Subdomains

6 IPs

3 Countries

26 kBTransfer

58 kBSize

4 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

4 Cookies

2 Console Messages

Indicators

telegramlogin.benjifox.gay Open in urlscan Pro
172.67.162.204 Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

91 %
HTTPS

50 %
IPv6

5
Domains

7
Subdomains

6
IPs

3
Countries

26 kB
Transfer

58 kB
Size

4
Cookies

11 HTTP transactions
0 data transactions