Report - tw3cdi.ksdesign.pl/swrnc2

Report Overview

Visited public
2025-04-06 07:01:29
Tags
URL
tw3cdi.ksdesign.pl/swrnc2
Finishing URL
t.me/DeepFansbot?start=1191863921
IP / ASN
172.67.220.64
#13335 CLOUDFLARENET
Title
Telegram: Launch @DeepFansbot

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn4.cdn-telegram.org	unknown	2023-11-04	2023-11-04	2025-04-01	771 B	39 kB	34.111.35.152
tw3cdi.ksdesign.pl	unknown	unknown	No data	No data	1.4 kB	3.0 kB	172.67.220.64
telegram.org	5408	2003-12-15	2013-12-18	2025-04-05	837 B	124 kB	149.154.167.99
t.me	6552	2010-05-20	2015-06-29	2025-03-30	501 B	12 kB	149.154.167.99

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-06 07:01:26	low	Client IP	149.154.167.99	ET INFO Observed Telegram Domain (t .me in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	t.me/DeepFansbot?start=1191863921	ScriptElement	223 B	2025-03-26	2025-04-26
Pretty URL t.me/DeepFansbot?start=1191863921 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-26 02:02 Last Seen2025-04-26 21:23 Times Seen39740 Hash 7005e97bb1751db69a5c5e0bc9da8fad 0bceea8593c8fdfc5079aa80d3b519309ec8628c 4193e17c4ca345780938d91a8cac31c1d3095e78c1038da6b4fd964cb6bff8c6 Loading...

	t.me/DeepFansbot?start=1191863921	ScriptElement	193 B	2023-03-07	2025-05-14
Pretty URL t.me/DeepFansbot?start=1191863921 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:31 Last Seen2025-05-14 01:14 Times Seen46137 Hash 9c629a0c52a2afad699d260f673481fd a4fd0ed3e5daa31480eb6de0faa5d442f015cbf6 ea0d804370930ee958af535ce56cddf1dda419bdc676315ae8af0fbb4c733471 Loading...

HTTP Transactions (7)

	URL	IP	Response	Size
	tw3cdi.ksdesign.pl/swrnc2	172.67.220.64	200 OK	520 B
URL User Request GET tw3cdi.ksdesign.pl/swrnc2 IP 172.67.220.64:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectksdesign.pl Fingerprint77:32:8C:98:29:43:35:07:5B:9D:70:F7:82:60:4C:7C:A0:D2:D1:48 ValidityThu, 13 Feb 2025 11:30:32 GMT - Wed, 14 May 2025 12:29:09 GMT File type HTML document, ASCII text, with very long lines (568), with no line terminators Size 520 B (520 bytes) Hash 202de39e53e5649b48d2265db0998255 1717c0aa11d4daedb6d054c50645c92eb1f3ab71 c68751192c9646a97c2ffe0c409f243c41eabf232ae886ee438367392ab7cf81 HTTP Headers `GET /swrnc2 HTTP/1.1 Host: tw3cdi.ksdesign.pl User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sun, 06 Apr 2025 07:01:26 GMT content-type: text/html; charset=UTF-8 cf-cache-status: DYNAMIC vary: accept-encoding report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AnxahwANUlRTWL4euENtnDerITD20XdxyXptAWkEiiDjcm%2FPjHvIrKCYv0n2pXg5uP5gfd8kbxFJmQDo4kJFOTbNhyaZFVkcbgauqs2vXihtKmVpqy5KlOdb1D4RIo%2F43pGn1GM%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 92bf69f89ed05684-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=5178&min_rtt=486&rtt_var=9365&sent=10&recv=14&lost=0&retrans=0&sent_bytes=3349&recv_bytes=1202&delivery_rate=6939297&cwnd=255&unsent_bytes=0&cid=4608472157cd1519&ts=19971&x=0" X-Firefox-Spdy: h2

	telegram.org/css/telegram.css?244	149.154.167.99	200 OK	120 kB
URL GET telegram.org/css/telegram.css?244 IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Requested by https://t.me/DeepFansbot?start=1191863921 Certificate IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT File type ASCII text, with very long lines (1267) Size 120 kB (120286 bytes) Hash 4e0791b1984bad4ea1508a16f05a6e84 4570b0448ba5948df913ea44a1cc7b1285cb0de3 0cf97183ee212ba10361a59d4341abb0ce8b8631b0adfe4c83c7af8ab1ecec70 HTTP Headers `GET /css/telegram.css?244 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/css,/*;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 date: Sun, 06 Apr 2025 07:01:27 GMT content-type: text/css last-modified: Thu, 23 Jan 2025 23:18:00 GMT etag: W/"6792ce28-1d5de" expires: Thu, 10 Apr 2025 07:01:27 GMT cache-control: max-age=345600 strict-transport-security: max-age=31536000; includeSubDomains; preload content-encoding: gzip X-Firefox-Spdy: h2`

	telegram.org/js/tgwallpaper.min.js?3	149.154.167.99	200 OK	3.0 kB
URL GET telegram.org/js/tgwallpaper.min.js?3 IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Requested by https://t.me/DeepFansbot?start=1191863921 Certificate IssuerGoDaddy.com, Inc. Subject.telegram.org FingerprintC8:B7:84:85:FF:8F:0B:CA:9A:D6:E7:3E:81:F1:1E:94:39:D1:11:0A ValiditySat, 10 Aug 2024 13:33:14 GMT - Thu, 11 Sep 2025 13:33:14 GMT File type ASCII text, with very long lines (2998), with no line terminators Size 3.0 kB (2979 bytes) Hash f03422dc797fd26a3834b1ec041128ed a6e88f4fe48b749c2b7360e8e004f64b6cfffb1a 046ec6b7909d0ca5cc6ef271a1b57b2f2be0bd88e3495fd8c496f1524e8ffaac HTTP Headers `GET /js/tgwallpaper.min.js?3 HTTP/1.1 Host: telegram.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.18.0 date: Sun, 06 Apr 2025 07:01:27 GMT content-type: application/javascript last-modified: Thu, 03 Mar 2022 19:57:25 GMT etag: W/"62211da5-ba3" expires: Thu, 10 Apr 2025 07:01:27 GMT cache-control: max-age=345600 strict-transport-security: max-age=31536000; includeSubDomains; preload content-encoding: gzip X-Firefox-Spdy: h2`

	tw3cdi.ksdesign.pl/swrnc2	172.67.220.64	522 No Reason Phrase	0 B
URL User Request GET tw3cdi.ksdesign.pl/swrnc2 IP 172.67.220.64:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectksdesign.pl Fingerprint77:32:8C:98:29:43:35:07:5B:9D:70:F7:82:60:4C:7C:A0:D2:D1:48 ValidityThu, 13 Feb 2025 11:30:32 GMT - Wed, 14 May 2025 12:29:09 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /swrnc2 HTTP/1.1 Host: tw3cdi.ksdesign.pl User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 522 No Reason Phrase date: Sun, 06 Apr 2025 07:01:26 GMT content-length: 0 server: cloudflare cache-control: private, no-store cf-cache-status: DYNAMIC cf-ray: 92bf697d08225684-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2`

	tw3cdi.ksdesign.pl/swrnc2	172.67.220.64	301 Moved Permanently	520 B
URL User Request GET tw3cdi.ksdesign.pl/swrnc2 IP 172.67.220.64:80 ASN #13335 CLOUDFLARENET File type Size 520 B (520 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /swrnc2 HTTP/1.1 Host: tw3cdi.ksdesign.pl User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 301 Moved Permanently Date: Sun, 06 Apr 2025 07:01:26 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Sun, 06 Apr 2025 08:01:26 GMT Location: https://tw3cdi.ksdesign.pl/swrnc2 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gMSD6g1uFRECbHiqeySN4ibY7ccCclh42AYyIitQV8SPPxDpITqUimPwhMPzsU4MMyWi%2BgXE%2Bus0o7DQQUAtZWuRcAJ2th54AhshYoMU5MDQ6z0elFQi6eCU8QXSAs3gX3DtnPU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 92bf69f85ce456aa-OSL alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=646&min_rtt=646&rtt_var=323&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=409&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

	t.me/DeepFansbot?start=1191863921	149.154.167.99	200 OK	12 kB
URL User Request GET t.me/DeepFansbot?start=1191863921 IP 149.154.167.99:443 ASN #62041 Telegram Messenger Inc Certificate IssuerGoDaddy.com, Inc. Subject.t.me FingerprintBA:44:79:96:41:99:29:DF:8F:08:73:A9:D4:90:C4:0D:7D:02:8F:9B ValiditySun, 06 Oct 2024 19:51:28 GMT - Fri, 07 Nov 2025 19:51:28 GMT File type Size 12 kB (11587 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /DeepFansbot?start=1191863921 HTTP/1.1 Host: t.me User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: nginx/1.18.0 date: Sun, 06 Apr 2025 07:01:27 GMT content-type: text/html; charset=utf-8 content-length: 4316 set-cookie: stel_ssid=d02cf2fe2bc8a3258c_14172420583783967214; expires=Mon, 07 Apr 2025 07:01:27 GMT; path=/; samesite=None; secure; HttpOnly pragma: no-cache cache-control: no-store x-frame-options: ALLOW-FROM https://web.telegram.org content-security-policy: frame-ancestors https://web.telegram.org content-encoding: gzip strict-transport-security: max-age=35768000 X-Firefox-Spdy: h2

	cdn4.cdn-telegram.org/file/WF6Lc9h7pgHLtt5gBe5egvdfgLc1_fEotft3x5E4NKUEGn0GcLvYJnOKCrJ1EbPykbyTGHoCPBff-rrT-GFix5D_zX4LtKVcKWTzNkrcFi1Qw7ZVXf9XIBxXllBCxn3oxu8I3Tk3z0vUmH1GNy1qUW-khrsZLRjNMFHARjw-U2jqYBvVM9UqpskQKfvYQtxSZm2WwQJSMlAYkiAgHBVKHwEh2zUAv7H4zf-boI1Pe4iIG1MYyT_-GaPy2DUmmYGdwB_xpn0jYlIs5pqOZrCdzEKBx-HjvC_EzsriU4SiRIQ4a470HFIhJ9Mybq5i9cd4LmCPp7pM_-GIjtzat2VNMw.jpg	34.111.35.152	200 OK	38 kB
URL GET cdn4.cdn-telegram.org/file/WF6Lc9h7pgHLtt5gBe5egvdfgLc1_fEotft3x5E4NKUEGn0GcLvYJnOKCrJ1EbPykbyTGHoCPBff-rrT-GFix5D_zX4LtKVcKWTzNkrcFi1Qw7ZVXf9XIBxXllBCxn3oxu8I3Tk3z0vUmH1GNy1qUW-khrsZLRjNMFHARjw-U2jqYBvVM9UqpskQKfvYQtxSZm2WwQJSMlAYkiAgHBVKHwEh2zUAv7H4zf-boI1Pe4iIG1MYyT_-GaPy2DUmmYGdwB_xpn0jYlIs5pqOZrCdzEKBx-HjvC_EzsriU4SiRIQ4a470HFIhJ9Mybq5i9cd4LmCPp7pM_-GIjtzat2VNMw.jpg IP 34.111.35.152:443 ASN #396982 GOOGLE-CLOUD-PLATFORM Requested by https://t.me/DeepFansbot?start=1191863921 Certificate IssuerGoogle Trust Services Subjectcdn1.cdn-telegram.org Fingerprint71:B9:A6:59:57:FC:7C:53:2D:A2:10:F2:89:A4:83:AA:6B:93:1B:4E ValidityThu, 13 Feb 2025 05:40:23 GMT - Wed, 14 May 2025 06:34:57 GMT File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x320, components 3 Size 38 kB (38390 bytes) Hash 686b7dfcd7c630dee4329b7aa9c0a599 b831af9a946ea5159780f28d6cd1fadbc24c22ed 16841d30d8b0b091b097d6b834731f36cfe5c23b0f82c98bc76d5239d2bbc9e8 HTTP Headers GET /file/WF6Lc9h7pgHLtt5gBe5egvdfgLc1_fEotft3x5E4NKUEGn0GcLvYJnOKCrJ1EbPykbyTGHoCPBff-rrT-GFix5D_zX4LtKVcKWTzNkrcFi1Qw7ZVXf9XIBxXllBCxn3oxu8I3Tk3z0vUmH1GNy1qUW-khrsZLRjNMFHARjw-U2jqYBvVM9UqpskQKfvYQtxSZm2WwQJSMlAYkiAgHBVKHwEh2zUAv7H4zf-boI1Pe4iIG1MYyT_-GaPy2DUmmYGdwB_xpn0jYlIs5pqOZrCdzEKBx-HjvC_EzsriU4SiRIQ4a470HFIhJ9Mybq5i9cd4LmCPp7pM_-GIjtzat2VNMw.jpg HTTP/1.1 Host: cdn4.cdn-telegram.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://t.me/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK server: nginx/1.18.0 content-length: 38390 access-control-allow-origin: * x-content-type-options: nosniff content-security-policy: default-src 'none'; sandbox x-frame-options: DENY x-xss-protection: 1; mode=block access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length accept-ranges: bytes, bytes strict-transport-security: max-age=31536000; includeSubDomains; preload via: 1.1 google date: Sun, 06 Apr 2025 05:34:16 GMT cache-control: public,max-age=7200 etag: "b0ecac45d648495680f211537dac69bd164c2f18" content-type: image/jpeg age: 5231 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by