telegrampremiumfree.website

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 3 HTTP transactions. The main IP is 2606:4700:3030::ac43:c6d6, located in United States and belongs to CLOUDFLARENET, US. The main domain is telegrampremiumfree.website.
TLS certificate: Issued by GTS CA 1P5 on February 16th 2024. Valid for: 3 months.

This is the only time telegrampremiumfree.website was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3030::ac43:c6d6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.1.167 151.101.1.167	54113 (FASTLY) (FASTLY)
1	2001:67c:4e8:... 2001:67c:4e8:f004::9	62041 (TELEGRAM) (TELEGRAM)
3	3

1 2606:4700:3030::ac43:c6d6 (United States)

ASN13335 (CLOUDFLARENET, US)

telegrampremiumfree.website	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.167 (United States)

ASN54113 (FASTLY, US)

t4.ftcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:67c:4e8:f004::9 (Amsterdam, Netherlands)

ASN62041 (TELEGRAM, VG)

telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	telegram.org telegram.org — Cisco Umbrella Rank: 7399	81 KB
1	ftcdn.net t4.ftcdn.net — Cisco Umbrella Rank: 48372	17 KB
1	telegrampremiumfree.website telegrampremiumfree.website	24 KB
3	3

	Domain	Requested by
1	telegram.org	telegrampremiumfree.website
1	t4.ftcdn.net	telegrampremiumfree.website
1	telegrampremiumfree.website
3	3

This site contains no links.

Subject Issuer	Validity	Valid
telegrampremiumfree.website GTS CA 1P5	`2024-02-16` - `2024-05-16`	3 months	crt.sh
*.ftcdn.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-08-23` - `2024-09-23`	a year	crt.sh
*.telegram.org Go Daddy Secure Certificate Authority - G2	`2023-08-11` - `2024-09-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://telegrampremiumfree.website/tme
Frame ID: 1E20D971135178EC567C1A0C2E5B43F9
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telegram Premium

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

3
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

121 kB
Transfer

361 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request tme Show response
telegrampremiumfree.website/ 118 KB
24 KB 150ms
75ms Document
text/html 2606:4700:3030::ac43:c6d6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://telegrampremiumfree.website/tme
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:c6d6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59910ff89b3605ffa7a349a3d4962d292e6234991d2ce905d69cb5d8ed2a4ccc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 867dee5b3daa5be5-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 21 Mar 2024 12:26:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Skhu4BV0Q4w9lph%2BFpAQX5Ef0EqieBbKS8IrDD5R%2FSv7ODWBqw6c3sVvT8GoeYCGL%2BzYKT6RZpJYqH1cgyRsm5hSRzqBrdPrUJFI%2Bh1ztyjNXsJBMMQuKeIuugfej%2F0q1mNZZ2L0bxoi%2Bcqr8O5vrJIL%2Fx%2FvfqQojBc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 360_F_533753588_1krxEE0SDZWl0ZKd9cUzCL6HaTRo9UxK.jpg
t4.ftcdn.net/jpg/05/33/75/35/ 17 KB
17 KB 39ms
7ms Image
image/jpeg 151.101.1.167
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t4.ftcdn.net/jpg/05/33/75/35/360_F_533753588_1krxEE0SDZWl0ZKd9cUzCL6HaTRo9UxK.jpg

Requested by

Host: telegrampremiumfree.website
URL: https://telegrampremiumfree.website/tme

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.167 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

/

Resource Hash

d8c4e6ac1e865d9ade5e101993baf2695ce33366e96cb8fd6e5b48dcc1ecd0f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://telegrampremiumfree.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-served-by: cache-lhr7321-LHR, cache-fra-etou8220037-FRA
date: Thu, 21 Mar 2024 12:26:34 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 27 Sep 2022 18:42:48 GMT
age: 612285
etag: "597ce98ad3088920c2070cd4a63227ff"
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 17071
x-cache-hits: 1, 1

GET
H2 200 pattern.svg
telegram.org/img/tgme/ 226 KB
81 KB 51ms
13ms Image
image/svg+xml 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/tgme/pattern.svg?1
Requested by: Host: telegrampremiumfree.website
URL: https://telegrampremiumfree.website/tme
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://telegrampremiumfree.website/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 12:26:34 GMT
content-encoding: gzip
last-modified: Thu, 05 Jan 2023 17:52:04 GMT
server: nginx/1.18.0
etag: W/"63b70e44-3891a"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=345600
expires: Mon, 25 Mar 2024 12:26:34 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| TWallpaper object| tme_bg function| toggleTheme object| darkMedia

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

t4.ftcdn.net
telegram.org
telegrampremiumfree.website
151.101.1.167
2001:67c:4e8:f004::9
2606:4700:3030::ac43:c6d6
118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4
59910ff89b3605ffa7a349a3d4962d292e6234991d2ce905d69cb5d8ed2a4ccc
d8c4e6ac1e865d9ade5e101993baf2695ce33366e96cb8fd6e5b48dcc1ecd0f0

telegrampremiumfree.website Open in urlscan Pro 2606:4700:3030::ac43:c6d6 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

121 kBTransfer

361 kBSize

0 Cookies

0 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

telegrampremiumfree.website Open in urlscan Pro
2606:4700:3030::ac43:c6d6 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

121 kB
Transfer

361 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!