Back to Tool

About

About this page

This website is a one-stop tool to analyze Telegram bot tokens. Telegram bot tokens are authentication tokens used to control a Telegram bot. Sadly, Telegram does not take enough actions against abuse of their platform. As such, Telegram bots are often abused as malware C2 infrastructure. This tool allows security researchers to analyze those tokens and extract information about the configuration and operators of such tokens.

How to

Telegram tokens can often be identified as part of the following URL scheme:

https://api.telegram.org/bot<TOKENHERE>/

In order to use this tool you need to copy the <TOKENHERE> part. You can analyze multiple tokens at ones. Please enter one token per line.

Tokens should always have the format:

[0-9]{8,10}:[A-Za-z0-9_-]{35}

If your token does not match this format, you likely only recovered a partial token. Feel free to reach out for help.

The main tool will give you the following information:

  • Status: 200 indicates working token, 400 and 401 indicate an invalid token
  • ID: The unique Telegram Bot ID
  • Username: The current username associated with the bot (use this to search the bot in the Telegram application)
  • First Name: The configured "First Name" of the bot
  • Advanced Info (must be toggled): If you have a valid access token you will receive additional information if the token has been analyzed by the teletoken info backend. See Section "Advanced Features".
  • Permissions: Shows a selected set of permissions of the bot that might be useful for further analysis.

Advanced Features

requires Access Token

Users that have a valid token can see the following additional information:

  • Advanced Bot Information page containing
    • Bot Information
    • Webhook information
      • Can be used to identify additional Threatactor infrastructure
    • Discovered sources of the token (both binary file hashes and urls)
      • Can be used to identify to additional Threatactor infrastructure
    • All Chat Users logged by the system
      • Can be used to identify Telegram accounts of Threatactors
      • Each user identified will be listed with additional information such as
        • Username or Chatname
        • First and Last Name
        • ChatType
        • Profile Image (if available)
        • Bio Information (if available)
        • Location details (if available)
        • Phone number (if available)
    • Additionally, some advanced info pages will give you an invite link to join the threatactors channel

Most information presented here comes from internal collection systems. It is maintained and listed even if the token itself has been invalidated, allowing for longterm analysis and evidence collection.

Disclaimer

  1. All tokens entered into the teletoken info page are analysed by our backend. Information is used to enrich the teletoken info database. No intentional logging of submission data beyond the token is stored.
  2. This page is intended for malware analysts and security practitioners. By using this page you acknowledge that the information entered is used to improve the security of the web. PLEASE DO NOT SUBMIT TOKENS YOU USE IN DEVELOPMENT! We do not care about your private information, only about hunting bad guys.
  3. The developer of this page declares that he is working with best intend for the internet and its users. Data is solely used to increase the security of the www and its users.
  4. All Terms and Conditions on this website are subject to change. Longterm Service can not be guaranteed.

Contact

In case of any issues or questions, please contact me:

I welcome collaboration with security researchers and organizations working to combat cyber threats. If you have ideas for improving this tool or want to contribute to the project, please reach out.

Security issues should be reported directly via email with the subject line "Security Report - teletoken.info". I take security seriously and follow responsible disclosure practices. All security reports will be investigated promptly and credited appropriately if desired.