affarmonkan.com Open in urlscan Pro
89.35.125.34 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://affarmonkan.com/
Effective URL:
https://affarmonkan.com/
Submission: On November 14 via api (November 14th 2024, 7:52:07 pm UTC) from BY — Scanned from DE

Summary HTTP 14 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 5 IPs in 4 countries across 4 domains to perform 14 HTTP transactions. The main IP is 89.35.125.34, located in Karaganda, Kazakhstan and belongs to . The main domain is affarmonkan.com.
TLS certificate: Issued by R11 on October 31st 2024. Valid for: 3 months.

This is the only time affarmonkan.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
11	89.35.125.34 89.35.125.34	() ()
1	2a04:4e42:200... 2a04:4e42:200::649	() ()
1	157.240.252.13 157.240.252.13	() ()
1	2001:67c:4e8:... 2001:67c:4e8:f004::9	() ()
14	5

11 89.35.125.34 (Karaganda, Kazakhstan)

ASN- ()
PTR: cloud-3.hoster.kz

affarmonkan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN- ()

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.252.13 (Frankfurt am Main, Germany)

ASN- ()
PTR: xx-fbcdn-shv-01-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:67c:4e8:f004::9 (Amsterdam, Netherlands)

ASN- ()

telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	affarmonkan.com affarmonkan.com	262 KB
1	telegram.org telegram.org — Cisco Umbrella Rank: 8847	1 KB
1	facebook.net connect.facebook.net — Cisco Umbrella Rank: 208	61 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 923	24 KB
14	4

	Domain	Requested by
11	affarmonkan.com	affarmonkan.com
1	telegram.org
1	connect.facebook.net	affarmonkan.com
1	code.jquery.com	affarmonkan.com
14	4

This site contains links to these domains. Also see Links.

Domain
telegram.org

Subject Issuer	Validity	Valid
affarmonkan.com R11	`2024-10-31` - `2025-01-29`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-08-23` - `2024-11-21`	3 months	crt.sh
*.telegram.org Go Daddy Secure Certificate Authority - G2	`2024-08-10` - `2025-09-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://affarmonkan.com/
Frame ID: 093E56404207D5BD98FB14ACDA0FD724
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Telegram: Join Group Chat

Page URL History Show full URLs

http://affarmonkan.com/ HTTP 307
https://affarmonkan.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

4
Countries

348 kB
Transfer

870 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://telegram.org/

Search URL Search Domain Scan URL

URL: https://telegram.org/apps
Title: Скачать

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://affarmonkan.com/ HTTP 307
https://affarmonkan.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
affarmonkan.com/
Redirect Chain

http://affarmonkan.com/
https://affarmonkan.com/

8 KB
4 KB

419ms
106ms

Document
text/html

89.35.125.34

General

Check archive.org

Show headers Download Go to

Full URL: https://affarmonkan.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.35.125.34 Karaganda, Kazakhstan, ASN (),
Reverse DNS: cloud-3.hoster.kz
Software: nginx / PleskLin
Resource Hash: eea0e3185dbe1881c19cec577ced0f037bbf89e290ba6c2417769c868f3486a2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 14 Nov 2024 19:51:52 GMT
etag: W/"66f7b40e-21c0"
last-modified: Sat, 28 Sep 2024 07:45:18 GMT
server: nginx
x-powered-by: PleskLin

Redirect headers

Location: https://affarmonkan.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 jquery-3.4.1.slim.min.js Show response
code.jquery.com/ 69 KB
24 KB 67ms
18ms Script
application/javascript 2a04:4e42:200::649

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.slim.min.js
Requested by: Host: affarmonkan.com
URL: https://affarmonkan.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: a5ab2a00a0439854f8787a0dda775dea5377ef4905886505c938941d6854ee4f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://affarmonkan.com
Referer: https://affarmonkan.com/

Response headers

content-encoding: gzip
etag: W/"28feccc0-1157d"
age: 2006461
x-cache: HIT, HIT
date: Thu, 14 Nov 2024 19:51:52 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
x-cache-hits: 1, 854
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-served-by: cache-lga13626-LGA, cache-fra-etou8220067-FRA
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1731613913.657715,VS0,VE0
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 24328
server: nginx

GET
H2 200 font-roboto_1.css
affarmonkan.com/css/ 6 KB
713 B 457ms
455ms Stylesheet
text/css 89.35.125.34

General

Check archive.org

Show headers Download Go to

Full URL: https://affarmonkan.com/css/font-roboto_1.css
Requested by: Host: affarmonkan.com
URL: https://affarmonkan.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.35.125.34 Karaganda, Kazakhstan, ASN (),
Reverse DNS: cloud-3.hoster.kz
Software: nginx / PleskLin
Resource Hash: 84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://affarmonkan.com/

Response headers

content-encoding: br
date: Thu, 14 Nov 2024 19:51:52 GMT
etag: W/"665db841-1816"
content-type: text/css
last-modified: Mon, 03 Jun 2024 12:34:09 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 bootstrap.min_3.css
affarmonkan.com/css/ 42 KB
7 KB 635ms
634ms Stylesheet
text/css 89.35.125.34

General

Check archive.org

Show headers Download Go to

Full URL: https://affarmonkan.com/css/bootstrap.min_3.css
Requested by: Host: affarmonkan.com
URL: https://affarmonkan.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.35.125.34 Karaganda, Kazakhstan, ASN (),
Reverse DNS: cloud-3.hoster.kz
Software: nginx / PleskLin
Resource Hash: f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://affarmonkan.com/

Response headers

content-encoding: br
date: Thu, 14 Nov 2024 19:51:52 GMT
etag: W/"665db840-a61b"
content-type: text/css
last-modified: Mon, 03 Jun 2024 12:34:08 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 telegram_232.css
affarmonkan.com/css/ 115 KB
21 KB 456ms
455ms Stylesheet
text/css 89.35.125.34

General

Check archive.org

Show headers Download Go to

Full URL: https://affarmonkan.com/css/telegram_232.css
Requested by: Host: affarmonkan.com
URL: https://affarmonkan.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.35.125.34 Karaganda, Kazakhstan, ASN (),
Reverse DNS: cloud-3.hoster.kz
Software: nginx / PleskLin
Resource Hash: be0338dd57a301c314a15f12b93fbbfc3ab9878e576c3c9ef37aab94252db198

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://affarmonkan.com/

Response headers

content-encoding: br
date: Thu, 14 Nov 2024 19:51:52 GMT
etag: W/"665db840-1ca52"
content-type: text/css
last-modified: Mon, 03 Jun 2024 12:34:08 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 img1.jpg
affarmonkan.com/file/ 158 KB
158 KB 541ms
540ms Image
image/jpeg 89.35.125.34

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://affarmonkan.com/file/img1.jpg
Requested by: Host: affarmonkan.com
URL: https://affarmonkan.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.35.125.34 Karaganda, Kazakhstan, ASN (),
Reverse DNS: cloud-3.hoster.kz
Software: nginx / PleskLin
Resource Hash: cee3ed0f7aa29c92b88c2adf93b7941076e54fa15151c2cbdc125dd919f01717

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://affarmonkan.com/

Response headers

content-encoding: gzip
date: Thu, 14 Nov 2024 19:51:52 GMT
etag: W/"665dbaa9-2788e"
content-type: image/jpeg
last-modified: Mon, 03 Jun 2024 12:44:25 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 tgwallpaper.min_3.js Show response
affarmonkan.com/js/ 3 KB
1 KB 365ms
365ms Script
application/javascript 89.35.125.34

General

Check archive.org

Show headers Download Go to

Full URL: https://affarmonkan.com/js/tgwallpaper.min_3.js
Requested by: Host: affarmonkan.com
URL: https://affarmonkan.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.35.125.34 Karaganda, Kazakhstan, ASN (),
Reverse DNS: cloud-3.hoster.kz
Software: nginx / PleskLin
Resource Hash: 2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://affarmonkan.com/

Response headers

content-encoding: br
date: Thu, 14 Nov 2024 19:51:52 GMT
etag: W/"665db855-ba3"
content-type: application/javascript
last-modified: Mon, 03 Jun 2024 12:34:29 GMT
server: nginx
x-powered-by: PleskLin

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 46ms
19ms Script
application/x-javascript 157.240.252.13

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: affarmonkan.com
URL: https://affarmonkan.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.252.13 Frankfurt am Main, Germany, ASN (),

Reverse DNS

xx-fbcdn-shv-01-fra3.fbcdn.net

Software

Resource Hash

43a683165a27224ef2d2717bd57c8c203aa570ce39140504d086562eefbb0f1f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-6bAwqhZF' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://affarmonkan.com/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Thu, 14 Nov 2024 19:51:52 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-6bAwqhZF' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=17, rtx=0, c=23, mss=1232, tbw=4471, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: eRn4sY8NhqafkD9TVp9jHcXikg24v9P5NrlkEa67QBw+Kv9l6dnSbaeUB3kdo/X4oYdiXkDoX16VTBQibYeuLg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62152
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 pattern.svg
affarmonkan.com/img/tgme/ 225 KB
69 KB 506ms
505ms Image
image/svg+xml 89.35.125.34

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://affarmonkan.com/img/tgme/pattern.svg
Requested by: Host: affarmonkan.com
URL: https://affarmonkan.com/css/telegram_232.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.35.125.34 Karaganda, Kazakhstan, ASN (),
Reverse DNS: cloud-3.hoster.kz
Software: nginx / PleskLin
Resource Hash: daa086b24cbd2610eb3261446100ff513a4526c5b2bce41e758629f5cd8a6a20

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://affarmonkan.com/css/telegram_232.css

Response headers

content-encoding: gzip
date: Thu, 14 Nov 2024 19:51:53 GMT
etag: W/"665db853-385d7"
content-type: image/svg+xml
last-modified: Mon, 03 Jun 2024 12:34:27 GMT
server: nginx
x-powered-by: PleskLin

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: af86ce9fb560cdb3607305c8b8bd77c424063f168c1efc76b37aab46332f741d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/svg+xml

GET
H2 404 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
affarmonkan.com/fonts/Roboto/ 0
0 495ms
494ms Font
text/html 89.35.125.34

General

Check archive.org

Show headers Download Go to

Full URL: https://affarmonkan.com/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by: Host: affarmonkan.com
URL: https://affarmonkan.com/css/font-roboto_1.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.35.125.34 Karaganda, Kazakhstan, ASN (),
Reverse DNS: cloud-3.hoster.kz
Software: nginx /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://affarmonkan.com
Referer: https://affarmonkan.com/css/font-roboto_1.css

Response headers

content-encoding: br
date: Thu, 14 Nov 2024 19:51:53 GMT
etag: W/"328-619fb890317c0"
content-type: text/html; charset=UTF-8
last-modified: Mon, 03 Jun 2024 12:33:06 GMT
server: nginx

GET
H2 404 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
affarmonkan.com/fonts/Roboto/ 0
0 494ms
494ms Font
text/html 89.35.125.34

General

Check archive.org

Show headers Download Go to

Full URL: https://affarmonkan.com/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by: Host: affarmonkan.com
URL: https://affarmonkan.com/css/font-roboto_1.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.35.125.34 Karaganda, Kazakhstan, ASN (),
Reverse DNS: cloud-3.hoster.kz
Software: nginx /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://affarmonkan.com
Referer: https://affarmonkan.com/css/font-roboto_1.css

Response headers

content-encoding: br
date: Thu, 14 Nov 2024 19:51:53 GMT
etag: W/"328-619fb890317c0"
content-type: text/html; charset=UTF-8
last-modified: Mon, 03 Jun 2024 12:33:06 GMT
server: nginx

GET
H2 404 KFOlCnqEu92Fr1MmWUlfABc4AMP6lbBP.woff2
affarmonkan.com/fonts/Roboto/ 0
0 495ms
495ms Font
text/html 89.35.125.34

General

Check archive.org

Show headers Download Go to

Full URL: https://affarmonkan.com/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfABc4AMP6lbBP.woff2
Requested by: Host: affarmonkan.com
URL: https://affarmonkan.com/css/font-roboto_1.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.35.125.34 Karaganda, Kazakhstan, ASN (),
Reverse DNS: cloud-3.hoster.kz
Software: nginx /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://affarmonkan.com
Referer: https://affarmonkan.com/css/font-roboto_1.css

Response headers

content-encoding: br
date: Thu, 14 Nov 2024 19:51:53 GMT
etag: W/"328-619fb890317c0"
content-type: text/html; charset=UTF-8
last-modified: Mon, 03 Jun 2024 12:33:06 GMT
server: nginx

GET
H2 404 favicon.ico
affarmonkan.com/ 808 B
513 B 93ms
92ms Other
text/html 89.35.125.34

General

Check archive.org

Show headers Download Go to

Full URL: https://affarmonkan.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.35.125.34 Karaganda, Kazakhstan, ASN (),
Reverse DNS: cloud-3.hoster.kz
Software: nginx /
Resource Hash: b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://affarmonkan.com/

Response headers

content-encoding: br
date: Thu, 14 Nov 2024 19:51:53 GMT
etag: W/"328-619fb890317c0"
content-type: text/html; charset=UTF-8
last-modified: Mon, 03 Jun 2024 12:33:06 GMT
server: nginx

GET
H2 200 website_icon.svg
telegram.org/img/ 2 KB
1 KB 80ms
16ms Other
image/svg+xml 2001:67c:4e8:f004::9

General

Check archive.org

Show headers Download Go to

Full URL: https://telegram.org/img/website_icon.svg?4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 Amsterdam, Netherlands, ASN (),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 0019255c610cb0843c524d7995905fa5201651fcc393846bee8414f0610097f5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://affarmonkan.com/

Response headers

cache-control: max-age=345600
content-encoding: gzip
etag: W/"5f160181-768"
expires: Mon, 18 Nov 2024 19:51:54 GMT
access-control-allow-origin: *
date: Thu, 14 Nov 2024 19:51:54 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jul 2020 20:41:37 GMT
server: nginx/1.18.0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://affarmonkan.com/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://affarmonkan.com/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://affarmonkan.com/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfABc4AMP6lbBP.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://affarmonkan.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

affarmonkan.com
code.jquery.com
connect.facebook.net
telegram.org
157.240.252.13
2001:67c:4e8:f004::9
2a04:4e42:200::649
89.35.125.34
0019255c610cb0843c524d7995905fa5201651fcc393846bee8414f0610097f5
2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6
43a683165a27224ef2d2717bd57c8c203aa570ce39140504d086562eefbb0f1f
84b97b3fa8847b64c6d3833561e4b3146530577171e85ad226578a087db70974
a5ab2a00a0439854f8787a0dda775dea5377ef4905886505c938941d6854ee4f
af86ce9fb560cdb3607305c8b8bd77c424063f168c1efc76b37aab46332f741d
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
be0338dd57a301c314a15f12b93fbbfc3ab9878e576c3c9ef37aab94252db198
cee3ed0f7aa29c92b88c2adf93b7941076e54fa15151c2cbdc125dd919f01717
daa086b24cbd2610eb3261446100ff513a4526c5b2bce41e758629f5cd8a6a20
eea0e3185dbe1881c19cec577ced0f037bbf89e290ba6c2417769c868f3486a2
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

affarmonkan.com Open in urlscan Pro 89.35.125.34 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

5 IPs

4 Countries

348 kBTransfer

870 kBSize

0 Cookies

2 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

affarmonkan.com Open in urlscan Pro
89.35.125.34 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

4
Countries

348 kB
Transfer

870 kB
Size

0
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!