Report - xtgyak.buchhaltungsservice-weber.de/u2psk9

Report Overview

Visited public
2025-07-05 03:52:18
Tags
Submit Tags
URL
xtgyak.buchhaltungsservice-weber.de/u2psk9
Finishing URL
t.me/DeepFansENbot?start=1191863921
IP / ASN
104.21.64.1
#13335 CLOUDFLARENET
Title
Telegram: Launch @DeepFansENbot

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
telegram.org	5408	2003-12-15	2013-12-18	2025-06-29	4.1 kB	436 kB	149.154.167.99
t.me	6552	2010-05-20	2015-06-29	2025-07-02	503 B	12 kB	149.154.167.99
cdn4.cdn-telegram.org	unknown	2023-11-04	2023-11-04	2025-07-04	771 B	39 kB	34.111.35.152
xtgyak.buchhaltungsservice-weber.de	unknown	unknown	2025-07-05	2025-07-05	510 B	1.1 kB	104.21.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-05	medium	buchhaltungsservice-weber.de	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	t.me/DeepFansENbot?start=1191863921	ScriptElement	225 B	2025-05-01	2025-07-05
Pretty URL t.me/DeepFansENbot?start=1191863921 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-01 07:59 Last Seen2025-07-05 07:22 Times Seen8844 Hash 8bf22fe41c4f40be9c7a25e9790b33b4 c4928e934ad78cdcadcb3df4c31b6de3aabf52e5 485f9f57c04eeb2185105a7f8826fcc5d686fb9706f9a826bd7572bdd7ee96c2 Loading...

	t.me/DeepFansENbot?start=1191863921	ScriptElement	193 B	2023-03-07	2025-07-05
Pretty URL t.me/DeepFansENbot?start=1191863921 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:31 Last Seen2025-07-05 07:22 Times Seen54348 Hash 9c629a0c52a2afad699d260f673481fd a4fd0ed3e5daa31480eb6de0faa5d442f015cbf6 ea0d804370930ee958af535ce56cddf1dda419bdc676315ae8af0fbb4c733471 Loading...

	telegram.org/js/tgwallpaper.min.js?3	ScriptElement	3.0 kB	2023-03-07	2025-07-05
Pretty URL telegram.org/js/tgwallpaper.min.js?3 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-07-05 07:22 Times Seen58420 Hash 2b89d34702716a8ad2cc3977718f53a3 04406ebd6a9e2ce79dbac5e5048cfe1384e4574a 2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6 Loading...

	t.me/DeepFansENbot?start=1191863921	ScriptElement	1.3 kB	2025-05-01	2025-07-05
Pretty URL t.me/DeepFansENbot?start=1191863921 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-01 07:59 Last Seen2025-07-05 07:22 Times Seen7821 Hash 4e3cebc7b9c91cb5147d3d1b0d6b26e6 956ab6fd39430581f532111c12a9cd54d960746b c848cc685625be507e120955efe5545881f3d9cdca7cca949f3a7631da3ba746 Loading...

HTTP Transactions (12)

URL IP Response Size

GET telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

149.154.167.99

200 OK

11 kB

URL GET
telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/DeepFansENbot?start=1191863921
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A
ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11028, version 1.0
Size
11 kB (11028 bytes)
Hash
1f6d3cf6d38f25d83d95f5a800b8cac3
279f300ca2cbbdf9f5036ef2f438607fbf377daa
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

HTTP Headers

GET /fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t.me
DNT: 1
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 05 Jul 2025 03:52:04 GMT
content-type: application/octet-stream
content-length: 11028
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b14"
expires: Wed, 09 Jul 2025 03:52:04 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

GET t.me/DeepFansENbot?start=1191863921

149.154.167.99

200 OK

11 kB

URL User Request GET
t.me/DeepFansENbot?start=1191863921
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Certificate
IssuerGoDaddy.com, Inc.
Subject*.t.me
FingerprintBA:44:79:96:41:99:29:DF:8F:08:73:A9:D4:90:C4:0D:7D:02:8F:9B
ValiditySun, 06 Oct 2024 19:51:28 GMT - Fri, 07 Nov 2025 19:51:28 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (3560)
Size
11 kB (11340 bytes)
Hash
8ec11ce9d41f09bf19ae7460e33175f2
89c41bd205bb4a86fc6b245df3decbcb122adb73
5347a65eec1ce921025dc08ad5c2b5803d97d6824f08b33f39893b17ae306a87

HTTP Headers

GET /DeepFansENbot?start=1191863921 HTTP/1.1
Host: t.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 05 Jul 2025 03:52:03 GMT
content-type: text/html; charset=utf-8
content-length: 4202
set-cookie: stel_ssid=da54e30511b864ab24_17533915782126493690; expires=Sun, 06 Jul 2025 03:52:03 GMT; path=/; samesite=None; secure; HttpOnly
pragma: no-cache
cache-control: no-store
x-frame-options: ALLOW-FROM https://web.telegram.org
content-security-policy: frame-ancestors https://web.telegram.org
content-encoding: gzip
strict-transport-security: max-age=35768000
X-Firefox-Spdy: h2

GET telegram.org/js/tgwallpaper.min.js?3

149.154.167.99

200 OK

3.0 kB

URL GET
telegram.org/js/tgwallpaper.min.js?3
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/DeepFansENbot?start=1191863921
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A
ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT

File type
ASCII text, with very long lines (2979), with no line terminators
Size
3.0 kB (2979 bytes)
Hash
2b89d34702716a8ad2cc3977718f53a3
04406ebd6a9e2ce79dbac5e5048cfe1384e4574a
2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6

HTTP Headers

GET /js/tgwallpaper.min.js?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 05 Jul 2025 03:52:04 GMT
content-type: application/javascript
last-modified: Thu, 03 Mar 2022 19:57:25 GMT
etag: W/"62211da5-ba3"
expires: Wed, 09 Jul 2025 03:52:04 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

GET telegram.org/css/telegram.css?244

149.154.167.99

200 OK

120 kB

URL GET
telegram.org/css/telegram.css?244
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/DeepFansENbot?start=1191863921
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A
ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT

File type
ASCII text, with very long lines (1267)
Size
120 kB (120286 bytes)
Hash
4e0791b1984bad4ea1508a16f05a6e84
4570b0448ba5948df913ea44a1cc7b1285cb0de3
0cf97183ee212ba10361a59d4341abb0ce8b8631b0adfe4c83c7af8ab1ecec70

HTTP Headers

GET /css/telegram.css?244 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 05 Jul 2025 03:52:03 GMT
content-type: text/css
last-modified: Thu, 23 Jan 2025 23:18:00 GMT
etag: W/"6792ce28-1d5de"
expires: Wed, 09 Jul 2025 03:52:03 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

GET telegram.org/img/tgme/pattern.svg?1

149.154.167.99

200 OK

232 kB

URL GET
telegram.org/img/tgme/pattern.svg?1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/DeepFansENbot?start=1191863921
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A
ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT

File type
SVG Scalable Vector Graphics image
Size
232 kB (231706 bytes)
Hash
d0c22c6a97023d85ba6e644a41c44a5d
4284efb616c182da4450c123174ce0e81a322845
118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4

HTTP Headers

GET /img/tgme/pattern.svg?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram.org/css/telegram.css?244
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 05 Jul 2025 03:52:04 GMT
content-type: image/svg+xml
last-modified: Thu, 05 Jan 2023 17:52:04 GMT
etag: W/"63b70e44-3891a"
expires: Wed, 09 Jul 2025 03:52:04 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

GET cdn4.cdn-telegram.org/file/rs8idblTUwcEWi55ZJJdjinIDnOv5mwHDVjK_ugPnPg1MPqr9KjlZ66jZRWJADUi7nzmyJGMPWroeyot0BeB21ATMqGdLYAJU99IstRXP24sx30dkkwgG6HEvRgzg-epAe5AzZGYGOnlcNCi-L_QfGIjBsyo6ny4-jUBpOJ0ELTQa73eom1ISb4-oQPtAICm1R3iYer6iIwrsIWMhIh1PvwYYDntxFgVQajxJGaTjryuFbGfvtBKmbx9iQdgX_Nn4fMa1FhdHyYP-QIZMMI1cZbHK8ZqrnUDhLdOC3ZAjuixl3iSodqvvg7bh1LPyWIQb11MiiKalozPo610bUcpUQ.jpg

34.111.35.152

200 OK

38 kB

URL GET
cdn4.cdn-telegram.org/file/rs8idblTUwcEWi55ZJJdjinIDnOv5mwHDVjK_ugPnPg1MPqr9KjlZ66jZRWJADUi7nzmyJGMPWroeyot0BeB21ATMqGdLYAJU99IstRXP24sx30dkkwgG6HEvRgzg-epAe5AzZGYGOnlcNCi-L_QfGIjBsyo6ny4-jUBpOJ0ELTQa73eom1ISb4-oQPtAICm1R3iYer6iIwrsIWMhIh1PvwYYDntxFgVQajxJGaTjryuFbGfvtBKmbx9iQdgX_Nn4fMa1FhdHyYP-QIZMMI1cZbHK8ZqrnUDhLdOC3ZAjuixl3iSodqvvg7bh1LPyWIQb11MiiKalozPo610bUcpUQ.jpg
IP
34.111.35.152:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://t.me/DeepFansENbot?start=1191863921
Certificate
IssuerGoogle Trust Services
Subjectcdn1.cdn-telegram.org
Fingerprint5A:42:3F:44:5E:E2:4F:D7:86:7B:EC:D4:C6:60:08:8F:FA:C3:C0:B2
ValidityTue, 10 Jun 2025 10:23:38 GMT - Mon, 08 Sep 2025 11:16:31 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 320x320, components 3
Size
38 kB (38181 bytes)
Hash
bb6b6818f131ac7117a6f17d8f3738d2
e6ec21cd513c63555067889dec3a36622c7a08d8
5abe4adcd42849cb2dfbecbb7014bfb9bd9dc02b30e4ebae3b2ee26a9a573d5c

HTTP Headers

GET /file/rs8idblTUwcEWi55ZJJdjinIDnOv5mwHDVjK_ugPnPg1MPqr9KjlZ66jZRWJADUi7nzmyJGMPWroeyot0BeB21ATMqGdLYAJU99IstRXP24sx30dkkwgG6HEvRgzg-epAe5AzZGYGOnlcNCi-L_QfGIjBsyo6ny4-jUBpOJ0ELTQa73eom1ISb4-oQPtAICm1R3iYer6iIwrsIWMhIh1PvwYYDntxFgVQajxJGaTjryuFbGfvtBKmbx9iQdgX_Nn4fMa1FhdHyYP-QIZMMI1cZbHK8ZqrnUDhLdOC3ZAjuixl3iSodqvvg7bh1LPyWIQb11MiiKalozPo610bUcpUQ.jpg HTTP/1.1
Host: cdn4.cdn-telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
content-length: 38181
access-control-allow-origin: *
x-content-type-options: nosniff
content-security-policy: default-src 'none'; sandbox
x-frame-options: DENY
x-xss-protection: 1; mode=block
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
accept-ranges: bytes, bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
date: Sat, 05 Jul 2025 02:48:59 GMT
cache-control: public,max-age=7200
etag: "6790d49777e6dbae1fbfe68b40f204479706816d"
content-type: image/jpeg
age: 3784
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

149.154.167.99

200 OK

11 kB

URL GET
telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/DeepFansENbot?start=1191863921
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A
ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11040, version 1.0
Size
11 kB (11040 bytes)
Hash
5e22a46c04d947a36ea0cad07afcc9e1
6091d981c2a4ee975c7f6b56186ee698040bb804
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

HTTP Headers

GET /fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t.me
DNT: 1
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 05 Jul 2025 03:52:04 GMT
content-type: application/octet-stream
content-length: 11040
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b20"
expires: Wed, 09 Jul 2025 03:52:04 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

GET telegram.org/img/website_icon.svg?4

149.154.167.99

200 OK

1.9 kB

URL GET
telegram.org/img/website_icon.svg?4
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/DeepFansENbot?start=1191863921
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A
ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1896 bytes)
Hash
02f7553e1ac3129cd1c4d0442b5a0f81
0dd8634450681fe1a2d0c1e5b02d6d0954e2772d
0019255c610cb0843c524d7995905fa5201651fcc393846bee8414f0610097f5

HTTP Headers

GET /img/website_icon.svg?4 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 05 Jul 2025 03:52:04 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jul 2020 20:41:37 GMT
etag: W/"5f160181-768"
expires: Wed, 09 Jul 2025 03:52:04 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

GET telegram.org/img/apple-touch-icon.png

149.154.167.99

200 OK

5.6 kB

URL GET
telegram.org/img/apple-touch-icon.png
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/DeepFansENbot?start=1191863921
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A
ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced
Size
5.6 kB (5644 bytes)
Hash
295ccdb03006b8dfef45090dafbd46ac
491ab660270e47cbac6a5731c51cca71c1c1b2b1
a51d667d4262047c23e3a2a8aac3b46dc8a58c686cc013f2354011c07bf22cf3

HTTP Headers

GET /img/apple-touch-icon.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 05 Jul 2025 03:52:04 GMT
content-type: image/png
content-length: 5644
last-modified: Thu, 21 Apr 2022 13:47:47 GMT
etag: "62616083-160c"
expires: Wed, 09 Jul 2025 03:52:04 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

GET xtgyak.buchhaltungsservice-weber.de/u2psk9

104.21.96.1

200 OK

522 B

URL User Request GET
xtgyak.buchhaltungsservice-weber.de/u2psk9
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectbuchhaltungsservice-weber.de
Fingerprint04:24:44:AE:11:94:AB:55:74:EC:03:B2:78:1F:39:13:C2:E0:58:64
ValiditySun, 11 May 2025 12:15:45 GMT - Sat, 09 Aug 2025 13:13:55 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
522 B (522 bytes)
Hash
36f0278b50f6b3dc4768bdadbd8ca9e9
ab39897ff994861c8b3f038e00a486b3b112c2e4
e326de0fb4292775a97b877f847f4edc88e142da7df8571b5ff00b3a8abdd90d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /u2psk9 HTTP/1.1
Host: xtgyak.buchhaltungsservice-weber.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 05 Jul 2025 03:52:02 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hNaKwGVzWuPVEBmg%2BlBqI7u2%2FkiCi%2FW%2FQAvBopw01lecYJpyJAvZ%2BMJFMjoAX0fikFxNQhf9jdrJqQgbtV0UOyeEafhdQ8YufvtwShipeDZHhaFDkXZihmARF5UpfNW2nw%3D%3D"}]}
cf-cache-status: DYNAMIC
vary: accept-encoding
content-encoding: br
cf-ray: 95a3e81d9b6d56b4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET telegram.org/css/font-roboto.css?1

149.154.167.99

200 OK

6.2 kB

URL GET
telegram.org/css/font-roboto.css?1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/DeepFansENbot?start=1191863921
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A
ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT

File type
ASCII text
Size
6.2 kB (6166 bytes)
Hash
c706681409217a14a24c7e2deb8cf423
08b443fe5bc6a223a9de08fb56282365b1d13857
84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974

HTTP Headers

GET /css/font-roboto.css?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 05 Jul 2025 03:52:03 GMT
content-type: text/css
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: W/"63512b7d-1816"
expires: Wed, 09 Jul 2025 03:52:03 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

GET telegram.org/css/bootstrap.min.css?3

149.154.167.99

200 OK

42 kB

URL GET
telegram.org/css/bootstrap.min.css?3
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://t.me/DeepFansENbot?start=1191863921
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A
ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT

File type
ASCII text, with very long lines (42164)
Size
42 kB (42523 bytes)
Hash
c2656e265ef58a9cc9f4b70b15da5fb9
85c5ebdb89d4574d72688c2650d4b84b9b09770a
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

HTTP Headers

GET /css/bootstrap.min.css?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 05 Jul 2025 03:52:04 GMT
content-type: text/css
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-a61b"
expires: Wed, 09 Jul 2025 03:52:04 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by