Known malicious kitcriticalphishing
Fake-Telegram Phishing Kit — redirect.js
family: fake-telegram-dashan
Massive 139-host Telegram brand-impersonation operation. ONE operator running random-letter hostnames across .icu/.sbs/.xyz/.top/.lat/.homes/.shop/.cn/.com/.org/.love/.life TLDs (dashan.icu, danvato.icu, eldravox.icu, claw111a.xyz, ai123h.xyz, bot789c.xyz, euhe-tg.com, htrx-tg.com, hujli.shop, telegarm-jp.org, yfhmg.love, fdshfgjd.{lat,homes}, …). Pages titled "Telegram" or "Secure Messenger". Operator-built Vue.js SPA. The "-tg" suffix in domain names and Japan/JP brand hints suggest Telegram-Japan credential-harvest focus.
Fingerprint anchors
Provenance
Added by: analyst
Added: 2026-05-27 07:26
Anchor #1 of 4. redirect.js — smallest, most diagnostic chunk (60 nodes). 139 hosts in cluster.
Sightings (115)
| Host | Scan | Script | Match | When |
|---|---|---|---|---|
| tgleyfgm.com | 6155ba60… | https://tgleyfgm.com/redirect.js | byte | 2026-05-24 23:45 |
| tgleyfgm.com | 6155ba60… | https://tgleyfgm.com/ZH/redirect.js | byte | 2026-05-24 23:45 |
| tglegaim.com | 198137a2… | https://tglegaim.com/redirect.js | byte | 2026-05-24 23:40 |
| tglegaim.com | 198137a2… | https://tglegaim.com/ZH/redirect.js | byte | 2026-05-24 23:40 |
| tsvlgiam.com | 0e8035b5… | https://tsvlgiam.com/redirect.js | byte | 2026-05-24 21:52 |
| tsvlgiam.com | 0e8035b5… | https://tsvlgiam.com/ZH/redirect.js | byte | 2026-05-24 21:52 |
| telopucm.com | 69f2868e… | https://telopucm.com/redirect.js | byte | 2026-05-24 21:27 |
| telopucm.com | 69f2868e… | https://telopucm.com/ZH/redirect.js | byte | 2026-05-24 21:27 |
| teleadom.com | 519d7e6c… | https://teleadom.com/redirect.js | byte | 2026-05-24 21:10 |
| teleadom.com | 519d7e6c… | https://teleadom.com/ZH/redirect.js | byte | 2026-05-24 21:10 |
| tklegaim.com | 8fca73a4… | https://tklegaim.com/redirect.js | byte | 2026-05-24 21:08 |
| tklegaim.com | 8fca73a4… | https://tklegaim.com/ZH/redirect.js | byte | 2026-05-24 21:08 |
| txlegxam.com | ac851e56… | https://txlegxam.com/redirect.js | byte | 2026-05-24 21:07 |
| txlegxam.com | ac851e56… | https://txlegxam.com/ZH/redirect.js | byte | 2026-05-24 21:07 |
| tsleglam.com | e355d308… | https://tsleglam.com/redirect.js | byte | 2026-05-24 21:00 |
| tsleglam.com | e355d308… | https://tsleglam.com/ZH/redirect.js | byte | 2026-05-24 21:00 |
| teleqtnvbed.com | 7c5073f9… | https://teleqtnvbed.com/redirect.js | byte | 2026-05-24 20:47 |
| teleqtnvbnet.com | 57dfdd68… | https://teleqtnvbnet.com/redirect.js | byte | 2026-05-24 20:35 |
| trtegiam.com | a4427d64… | https://trtegiam.com/redirect.js | byte | 2026-05-24 20:28 |
| trtegiam.com | a4427d64… | https://trtegiam.com/ZH/redirect.js | byte | 2026-05-24 20:28 |
| titegalm.com | 0b66937c… | https://titegalm.com/redirect.js | byte | 2026-05-24 20:15 |
| titegalm.com | 0b66937c… | https://titegalm.com/ZH/redirect.js | byte | 2026-05-24 20:15 |
| ttlegiam.com | 193613ba… | https://ttlegiam.com/redirect.js | byte | 2026-05-24 20:14 |
| ttlegiam.com | 193613ba… | https://ttlegiam.com/ZH/redirect.js | byte | 2026-05-24 20:14 |
| teluadrm.com | 8dcae2f5… | https://teluadrm.com/redirect.js | byte | 2026-05-24 19:57 |
| teluadrm.com | 8dcae2f5… | https://teluadrm.com/ZH/redirect.js | byte | 2026-05-24 19:57 |
| triegvam.com | dcd909a4… | https://triegvam.com/redirect.js | byte | 2026-05-24 19:55 |
| triegvam.com | dcd909a4… | https://triegvam.com/ZH/redirect.js | byte | 2026-05-24 19:55 |
| triegvam.com | efb27d49… | https://triegvam.com/redirect.js | byte | 2026-05-24 19:54 |
| triegvam.com | efb27d49… | https://triegvam.com/ZH/redirect.js | byte | 2026-05-24 19:54 |
| ttlegiam.com | dde94a19… | https://ttlegiam.com/ZH/redirect.js | byte | 2026-05-24 19:45 |
| ttlegiam.com | dde94a19… | https://ttlegiam.com/redirect.js | byte | 2026-05-24 19:45 |
| tleigiam.com | e579ca23… | https://tleigiam.com/redirect.js | byte | 2026-05-24 19:38 |
| tleigiam.com | e579ca23… | https://tleigiam.com/ZH/redirect.js | byte | 2026-05-24 19:38 |
| telegarm-jp.org | 5f77026c… | https://telegarm-jp.org/redirect.js | byte | 2026-05-24 19:21 |
| telogykm.com | 67e92e91… | https://telogykm.com/redirect.js | byte | 2026-05-24 18:07 |
| telogykm.com | 67e92e91… | https://telogykm.com/ZH/redirect.js | byte | 2026-05-24 18:07 |
| telegge.club | 3b035e1f… | https://telegge.club/redirect.js | byte | 2026-05-24 17:48 |
| tege.club | 8131e581… | https://tege.club/redirect.js | byte | 2026-05-24 17:33 |
| telanigm.com | 42e54b1c… | https://telanigm.com/redirect.js | byte | 2026-05-24 17:28 |
| telanigm.com | 581cc9ea… | https://telanigm.com/redirect.js | byte | 2026-05-24 17:22 |
| tege.club | 18d16c05… | https://tege.club/redirect.js | byte | 2026-05-24 17:13 |
| teielrom.com | a28372f7… | https://teielrom.com/redirect.js | byte | 2026-05-24 17:12 |
| teielrom.com | a28372f7… | https://teielrom.com/ZH/redirect.js | byte | 2026-05-24 17:12 |
| telrotgm.com | 4dc63ae0… | https://telrotgm.com/redirect.js | byte | 2026-05-24 17:10 |
| telrotgm.com | 4dc63ae0… | https://telrotgm.com/ZH/redirect.js | byte | 2026-05-24 17:10 |
| telqging.com | c897d45f… | https://telqging.com/redirect.js | byte | 2026-05-24 17:09 |
| telqging.com | c897d45f… | https://telqging.com/ZH/redirect.js | byte | 2026-05-24 17:09 |
| tileganm.com | 6d6091cc… | https://tileganm.com/redirect.js | byte | 2026-05-24 16:12 |
| tileganm.com | 6d6091cc… | https://tileganm.com/ZH/redirect.js | byte | 2026-05-24 16:12 |
| bztgtest.top | 51483c00… | https://bztgtest.top/redirect.js | byte | 2026-05-24 15:36 |
| bztgtest.top | 51483c00… | https://bztgtest.top/ZH/redirect.js | byte | 2026-05-24 15:36 |
| trlegaim.com | 8031c543… | https://trlegaim.com/redirect.js | byte | 2026-05-24 15:31 |
| trlegaim.com | 8031c543… | https://trlegaim.com/ZH/redirect.js | byte | 2026-05-24 15:31 |
| telrogdm.com | 3dfeb702… | https://telrogdm.com/ZH/redirect.js | byte | 2026-05-24 14:52 |
| telrogdm.com | 3dfeb702… | https://telrogdm.com/redirect.js | byte | 2026-05-24 14:52 |
| tielrglm.com | 2cd1959f… | https://tielrglm.com/ZH/redirect.js | byte | 2026-05-24 14:46 |
| tielrglm.com | 2cd1959f… | https://tielrglm.com/redirect.js | byte | 2026-05-24 14:46 |
| tielrglm.com | 20f7078b… | https://tielrglm.com/ZH/redirect.js | byte | 2026-05-24 14:43 |
| tielrglm.com | 20f7078b… | https://tielrglm.com/redirect.js | byte | 2026-05-24 14:43 |
| telrougm.com | e46c320a… | https://telrougm.com/ZH/redirect.js | byte | 2026-05-24 14:40 |
| telrougm.com | e46c320a… | https://telrougm.com/redirect.js | byte | 2026-05-24 14:40 |
| telrougm.com | 43cbd373… | https://telrougm.com/redirect.js | byte | 2026-05-24 14:15 |
| telrougm.com | 43cbd373… | https://telrougm.com/ZH/redirect.js | byte | 2026-05-24 14:15 |
| euhe-tg.com | c64b5a99… | https://euhe-tg.com/redirect.js | byte | 2026-05-24 14:14 |
| tg-tnnr.com | b9e32ec7… | https://tg-tnnr.com/redirect.js | byte | 2026-05-24 14:03 |
| telagirm.com | 7d2b688f… | https://telagirm.com/redirect.js | byte | 2026-05-24 13:44 |
| telagirm.com | 7d2b688f… | https://telagirm.com/ZH/redirect.js | byte | 2026-05-24 13:44 |
| telrohlg.com | 57737401… | https://telrohlg.com/redirect.js | byte | 2026-05-24 13:27 |
| telrohlg.com | 57737401… | https://telrohlg.com/ZH/redirect.js | byte | 2026-05-24 13:27 |
| teleglvm.com | 1f1610ee… | https://teleglvm.com/redirect.js | byte | 2026-05-24 13:24 |
| teleglvm.com | 1f1610ee… | https://teleglvm.com/ZH/redirect.js | byte | 2026-05-24 13:24 |
| teleglom.com | bffc5ac7… | http://teleglom.com/redirect.js | byte | 2026-05-24 13:16 |
| teleglom.com | bffc5ac7… | http://teleglom.com/ZH/redirect.js | byte | 2026-05-24 13:16 |
| teidqglm.com | cb42409e… | https://teidqglm.com/redirect.js | byte | 2026-05-24 13:16 |
| teidqglm.com | cb42409e… | https://teidqglm.com/ZH/redirect.js | byte | 2026-05-24 13:16 |
| telopymg.com | 465ae762… | https://telopymg.com/ZH/redirect.js | byte | 2026-05-24 13:03 |
| telopymg.com | 465ae762… | https://telopymg.com/redirect.js | byte | 2026-05-24 13:03 |
| govlexta.one | ad34edc0… | https://govlexta.one/redirect.js | byte | 2026-05-24 12:51 |
| teliagivg.com | 5fef05ac… | https://teliagivg.com/redirect.js | byte | 2026-05-24 12:44 |
| teliagivg.com | 5fef05ac… | https://teliagivg.com/ZH/redirect.js | byte | 2026-05-24 12:44 |
| mornvex.lol | 7b370d83… | https://mornvex.lol/redirect.js | byte | 2026-05-24 11:46 |
| sylvornex.sbs | 1ba6eddf… | https://sylvornex.sbs/redirect.js | byte | 2026-05-24 11:24 |
| eldravox.icu | 03b394a3… | https://eldravox.icu/redirect.js | byte | 2026-05-24 11:22 |
| mornvex.lol | 73a0a3f1… | https://mornvex.lol/redirect.js | byte | 2026-05-24 11:19 |
| treantboz.cfd | 2c920261… | https://treantboz.cfd/redirect.js | byte | 2026-05-24 11:17 |
| teleqarnn.com | f2b1e965… | https://teleqarnn.com/redirect.js | byte | 2026-05-24 00:47 |
| teleqarnn.com | a5f9878a… | https://teleqarnn.com/redirect.js | byte | 2026-05-24 00:29 |
| ufhsmijgfkjbk.lol | af1e0d4b… | http://ufhsmijgfkjbk.lol/redirect.js | byte | 2026-05-23 23:46 |
| gsdrtkllkjln.xyz | 36bfddd8… | https://gsdrtkllkjln.xyz/redirect.js | byte | 2026-05-23 22:22 |
| gsdrtkllkjln.xyz | 8aea3ccf… | https://gsdrtkllkjln.xyz/redirect.js | byte | 2026-05-23 21:51 |
| gsdrtkllkjln.buzz | b6330be2… | https://gsdrtkllkjln.buzz/redirect.js | byte | 2026-05-23 21:50 |
| fdshfgjd.homes | aca97805… | https://fdshfgjd.homes/redirect.js | byte | 2026-05-23 21:45 |
| fdshdfjghkf.lat | b5710354… | https://fdshdfjghkf.lat/redirect.js | byte | 2026-05-23 21:41 |
| fdshfgjd.lat | 9e3d4162… | https://fdshfgjd.lat/redirect.js | byte | 2026-05-23 21:39 |
| fdshfsjd.lat | ce801f24… | https://fdshfsjd.lat/redirect.js | byte | 2026-05-23 21:22 |
| hujli.shop | 7bb75002… | https://hujli.shop/redirect.js | byte | 2026-05-23 08:27 |
| sdfc-tg.com | 1ce2befd… | https://sdfc-tg.com/redirect.js | byte | 2026-05-23 06:40 |
| yfhmg.love | 6fa48a57… | https://yfhmg.love/redirect.js | byte | 2026-05-23 05:45 |
| yfhmg.love | 61d25463… | https://yfhmg.love/redirect.js | byte | 2026-05-23 03:42 |
| wulpg.help | e465ecc8… | https://wulpg.help/redirect.js | byte | 2026-05-23 02:25 |
| hudf.qpon | d92d2630… | http://hudf.qpon/redirect.js | byte | 2026-05-23 01:54 |
| usjgf.click | 4bb685d7… | https://usjgf.click/redirect.js | byte | 2026-05-23 01:52 |
| wulpg.help | 353d31ba… | https://wulpg.help/redirect.js | byte | 2026-05-23 01:40 |
| kdgaj.love | d81e4af2… | https://kdgaj.love/redirect.js | byte | 2026-05-23 01:34 |
| zhongwen.love | 6439699c… | https://zhongwen.love/redirect.js | byte | 2026-05-22 20:18 |
| zhongwen.love | 6439699c… | https://zhongwen.love/redirect.js | byte | 2026-05-22 20:18 |
| wanghaha.click | 7e5ab7bd… | https://wanghaha.click/redirect.js | byte | 2026-05-22 18:01 |
| htrx-tg.com | 47736ef0… | https://htrx-tg.com/redirect.js | byte | 2026-05-22 17:56 |
| zhongwen.love | d69f4d92… | https://zhongwen.love/redirect.js | byte | 2026-05-22 17:35 |
| yangguang.my.id | ecad07f3… | https://yangguang.my.id/redirect.js | byte | 2026-05-22 17:14 |
| wangghj.club | aa6156ef… | https://wangghj.club/redirect.js | byte | 2026-05-22 15:23 |
| dashan.icu | a659ca5f… | https://dashan.icu/redirect.js | byte | 2026-05-22 14:41 |
| hkaiyinn.my.id | c45292d6… | https://hkaiyinn.my.id/redirect.js | byte | 2026-05-22 13:49 |
| hujiang.me | 2e247b97… | https://hujiang.me/redirect.js | byte | 2026-05-22 13:06 |