telega.info

anonymous · 2026-04-08T16:02:35.428064+00:00

**URL:** https://api.telega.info/v1/dc-proxy **User Assessment:** Dangerous **AI Verdict:** SAFE (70% confidence) **Analysis:** The URL returns a standard JSON response, which is typical for API endpoints and does not indicate a malicious web page or phishing attempt. **Key Findings:** - The URL serves a JSON data response rather than a web page. - No login forms, download prompts, or deceptive content were detected. - The domain has been active for over a year with no signs of malicious activity. **User Comment:** Telega is an alternative Telegram client promoted in Russia and closely associated with VK LLC. Since March 18, Telega carries out a MITM attack on its users. The client requests (via Telega API) a list of IPs of Telega DCs in order to replaces the IPs of legitimate Telegram DCs with them. This provides the attacker with a complete users' Telegram account access.

Potentially Malicious

Malicious infrastructure used for Telegram traffic interception

telega.info

Malicious infrastructure used for Telegram traffic interception

Potentially Malicious Malicious Traffic Interception

Telega.info is identified as the backend infrastructure for a malicious application that performs Man-in-the-Middle (MITM) attacks. It reroutes traffic from legitimate Telegram servers to intercept and decrypt user communications.

Operated By

AO TELEGA

Classification Confidence

high

Technical Vitals

Global Rank

#19,144

Registered

Feb 2025

about 1 year ago

Primary Hosting

YandexCloud Yandex.Cloud LLC

Topics (Themes)

malwaremitm attacksecurity threattelegramdata interception

Full Domain Report