| redirect.jscript.workers.dev/ | 104.21.3.120 | 301 Moved Permanently | 0 B |
URL User Request GET HTTP/2redirect.jscript.workers.dev/ IP104.21.3.120:443
CertificateIssuerLet's Encrypt Subjectjscript.workers.dev FingerprintEF:0C:65:84:B6:F5:28:CA:0C:29:2D:D6:26:8C:68:F0:0A:E5:7A:6A ValidityFri, 22 Mar 2024 08:37:09 GMT - Thu, 20 Jun 2024 08:37:08 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | OpenPhish | phishing | Telegram |
GET / HTTP/1.1
Host: redirect.jscript.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Thu, 25 Apr 2024 16:05:46 GMT
content-length: 0
location: https://telegramsoft.cn/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wDQTyrVs%2FRUFkItwAXfFfLiVAaBM5t7LllnDhtXWe%2Bz0NivqPJsXB6US05IeKbq%2BYfRTDCK8zYlQDfmzXbwZN4wnQP7GgZQ7GyTW%2B6sSmImnEpuLHfqpMmQnsdnaaGWf7rcErWm9TpJgp%2F%2Bry5l6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879f9394da9a56a8-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| telegramsoft.cn/file/464001897/3/f0Go0rLpEwk.11343.png/dd4eeb46cc5efc0688 | 104.21.11.130 | 200 OK | 11 kB |
URL GET HTTP/3telegramsoft.cn/file/464001897/3/f0Go0rLpEwk.11343.png/dd4eeb46cc5efc0688 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typePNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced Hash4e06d87c860ba8e8a804350f42632217 31d3f89ae95d6f25660020b21e49114aaecfdd59 6b081cb199e67a43ddcd7ddac0b528c93cc72bb82641937368a41b0aece43125
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001897/3/f0Go0rLpEwk.11343.png/dd4eeb46cc5efc0688 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 11343
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "8d5021517d5cc116641dc5501781f8ce"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fu770qEGAKymACSgkVJUcr0qt%2BCBmpTqnn2lPt7%2BLvTJlSdjMCfloEvtelTBLZw9qBV1F0CaMjQkoiGYIc6HcNPgUAxkHYK6LKFDgrn9EWgtfH3J%2FPqBJU5aK5hbj6ovE5U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aadab521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001402/5/eOMSj3GzJXo.13579.png/f3cec6c451d023c109 | 104.21.11.130 | 200 OK | 14 kB |
URL GET HTTP/3telegramsoft.cn/file/464001402/5/eOMSj3GzJXo.13579.png/f3cec6c451d023c109 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typePNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced Hasheb46ced34f8cd5637a3ca911bd12f300 a26b44e6e634e4d670a38549033d3539a981e415 df53d5b90c9e669236f8593b7fc941a6da753ee8eec79a64c6955a4a67dcb45f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001402/5/eOMSj3GzJXo.13579.png/f3cec6c451d023c109 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 13579
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "dfb7b8e122803b2b6a01a00602ed28fc"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2yAd9sp%2FB2FCkF8LpThmIw1iGCtVbZaHkBvOoNPYDJzG9bUcLBpNiC4hgu3r7sZQAfxC88kwvX%2FVNtK6F%2BqwIRQzyqxha55PrwRA8hdtB2xRqBWryZGee25Nn52%2F6jCjdzE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397bae7b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001560/2/n7EACfx4FPY.16465.png/7318c11715aa2ec45b | 104.21.11.130 | 200 OK | 16 kB |
URL GET HTTP/3telegramsoft.cn/file/464001560/2/n7EACfx4FPY.16465.png/7318c11715aa2ec45b IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typePNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced Hash77ffe8b3dff795ea0734bf4b35a94357 2d545ffb0877993dd227d528638a336cd3b9e32c ad37907e335e7c5d2692b682401f4520753ab539fadedf74962c6a004b3a179f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001560/2/n7EACfx4FPY.16465.png/7318c11715aa2ec45b HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 16465
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "6a0c6505da8d3243a32c034be2bb8064"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OtBczIdG1hHC7TrQB6boMNcewIcPYlHnDeIWHJ3xRJ16HZF6ece2wkpPol%2FJ7iua5ZiOv36apkNYm86ndUO%2BwW4piR%2FpachAAeppqllu%2FsB3U7VdRCyHXP%2FfMuYOGJKskZY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aaddb521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001132/3/-1qvqKPZsQQ.17975.png/7d57d7159cf4fbe9b2 | 104.21.11.130 | 200 OK | 18 kB |
URL GET HTTP/3telegramsoft.cn/file/464001132/3/-1qvqKPZsQQ.17975.png/7d57d7159cf4fbe9b2 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typePNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced Hash1d581b72d19bc828654229a0773a5300 ff517c8bb4b37351ff3dd72f7ec66fc584e90d5c d2b3858e94ed122782de9028f668334438649e46e5d2c6d761e3359c8e3de200
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001132/3/-1qvqKPZsQQ.17975.png/7d57d7159cf4fbe9b2 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 17975
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "e8f9da809af041aa8f69ac35178df0ea"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o0B2av1rbSFV1LdOUk97fZHl%2FRwkLOJBbnJSuteiQynrnjjdvFTiZtPQYaezjtQNkReWTy4uJ4PPoR%2FCVsp%2BthXnMXp3e3LVb9aXm2nG2TXVVl9Z8QjpOrdzJIqd56cNG2Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aadfb521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001737/4/Fn57W9l3xI0.15286.png/d4b936ecc2c939f4fa | 104.21.11.130 | 200 OK | 15 kB |
URL GET HTTP/3telegramsoft.cn/file/464001737/4/Fn57W9l3xI0.15286.png/d4b936ecc2c939f4fa IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typePNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced Hash5f245ac9016657dfafcbdbf61b61e514 4033c942a333f667ef26c5d45ed5e233bd83b8b9 006d88e7389f56f925cdac325a2d6fc7956bbdcc30e46214bdd97b43274bd78e
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001737/4/Fn57W9l3xI0.15286.png/d4b936ecc2c939f4fa HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 15286
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "73ff344f9dc38194c64f46c55293d4d7"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hocvQg1OZSfhQRAl2KKXSkEiJo65kHaKFkPzaj1ePnBYoTt9ExHO89cLoTr3WT6NZ2ekesfozGF1EQN3yczgTuzhPXXX8YjoUXWqr27pqZQSovDS0PBgxaEMg%2B6eejf3StY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aadbb521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001880/3/xOpm7ohoHQ0.12690.png/feb1e161b1d3608613 | 104.21.11.130 | 200 OK | 13 kB |
URL GET HTTP/3telegramsoft.cn/file/464001880/3/xOpm7ohoHQ0.12690.png/feb1e161b1d3608613 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typePNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced Hash9c2a194ee50807ae9342b60634be2445 553dfd2ba2a5e11468a3b57aba897995f2f4d676 ec1788bcdd05595bbcd16e5c7c13bce6481b620ebbc4200b2e6598c02c82aa78
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001880/3/xOpm7ohoHQ0.12690.png/feb1e161b1d3608613 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 12690
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "a4b696ae63c1e58db72d2668f80f5111"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=trvHkUbXdr%2BBcuIcslqkbrA6J3Eb30CEzaGxc2DXNCQFYoNZi15b5ZR%2Blfmksx5DQtJdUainkMsUVLhVSaW1eFuUvC4EoATFzGXDhBOOjlgVr8fvBu9wWRJxn1RxHSNNM1M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aae4b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001453/3/mNzXWC3RX0c.15740.png/9ce5fa5f3fb74460b4 | 104.21.11.130 | 200 OK | 16 kB |
URL GET HTTP/3telegramsoft.cn/file/464001453/3/mNzXWC3RX0c.15740.png/9ce5fa5f3fb74460b4 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typePNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced Hash4e59e61b2a0205e09dafad24da174530 0dc2adba2fbe4f1cd195364ef4f1ab4dc1641993 269f20eb63db3ece8035886ebc69112ef94339da867d47f815237800555e508a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001453/3/mNzXWC3RX0c.15740.png/9ce5fa5f3fb74460b4 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 15740
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "87db02cc05dccd78adcb8c4021ca666f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zo24LcFwW1Zg%2FTi3M6eZ3%2Bda4e4j00XRpRTG1f7j7S48%2F5J%2BYkIy51%2Fh4ZccbdwgWpgR3SBwEHebZRXQtFSwNqkY4iOy0AUJKuO29sE3frMNE7AOJpoP4ZLV5bkiDH1ERbI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aae5b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001166/2/FzTl8_M5mQA.19325.png/b6c5dbc0e4f6553805 | 104.21.11.130 | 200 OK | 19 kB |
URL GET HTTP/3telegramsoft.cn/file/464001166/2/FzTl8_M5mQA.19325.png/b6c5dbc0e4f6553805 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typePNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced Hashda1ff638a4141eed84327e20f936496f 91e5410531539b53c3aefcc5774413e8a665a57a b66de388c12d6611870503c34c5db37fe079313c4292177435fd8dc7ed6cbe67
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001166/2/FzTl8_M5mQA.19325.png/b6c5dbc0e4f6553805 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 19325
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "118ac163129b53111061a49e5181533a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZfnAZNFuNpn6Lsba4KkJfvBF0qR86ueZr92kyoRpd5WH5lI0ce8xZeB04NKlz21lMWYYAyAzg3UOhXOcOHOe%2FaSLrSjmoiEFRuZ9qjKOOeHqTfcWQzoOT0cJ9pI9kivMQ0k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397bae8b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/img/hot.png?1 | 104.21.11.130 | 200 OK | 598 B |
URL GET HTTP/3telegramsoft.cn/assets/img/hot.png?1 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typePNG image data, 44 x 24, 8-bit colormap, non-interlaced Hash1ee8ceb2af942c35b19e958e9d77f913 929c4895b33ba865ed93978e4e730234091edd21 84d56694929d9a61b94bf7fe814f8b1c0f9457d2d7afb8faf7b72322a6507646
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/hot.png?1 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: image/png
content-length: 598
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "08920f2480502a2cc5d704e1591aab8a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8SS%2FysStSYg81eYhOmryAqPdjg24ZGfg1RQzOArIdq%2B4tGZEBCKcMGgEX88DQR1%2FK5m0dcVd2%2FkL5FOuMtf6GkFcXetUg27bH38E6JYz0%2BUZbTZRppT53Y2jGT%2BYwlU0Z%2FE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aad4b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001871/3/Uyg3R7LmX1I.17628.png/911807f65dfb4f8f20 | 104.21.11.130 | 200 OK | 18 kB |
URL GET HTTP/3telegramsoft.cn/file/464001871/3/Uyg3R7LmX1I.17628.png/911807f65dfb4f8f20 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typePNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced Hashb1b335ef3116be9e1e4cd88b91e63581 3f729a0397768d41e4a6ea349787a61d8b63225e f6e5a71f6bd4a6af4813838f68f21e114e6582fbbf0edcd94f40745251937015
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001871/3/Uyg3R7LmX1I.17628.png/911807f65dfb4f8f20 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 17628
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "c9d50188423a8d159e7b0cfdbfd21e19"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XGebPjMpSjJa6AL56sHRvVaCjVFw3JmGQL48yCJ220xLFGI0yA%2FE7BKdk4OnOtTe%2FRbQiWDHsh8T2OJwT%2FWTia0pcgnWB4NADIDj%2Fqvkci6qwzBFx0xUI3jgoOiYTezMJjE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aae1b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/img/SiteiOS.jpg?2 | 104.21.11.130 | 200 OK | 22 kB |
URL GET HTTP/3telegramsoft.cn/assets/img/SiteiOS.jpg?2 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 442x270, components 3 Hashc6ab29db9022501345ced11e961dfbf8 02e58a7a5a36776a525ef4ef9f178b54a4292d80 70d3271c59728ccebd503276e8b34e6971537d08e0514d003757897e19abf935
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/SiteiOS.jpg?2 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/css/telegram.css?81
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: image/jpeg
content-length: 21975
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "b1e42eab41bd46c1a913e4475e5ed187"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DA%2BN17fNltF3aujC7w0P5fVJjQQeVpnvp50rpESiBvTdYc4zt08kVBEm5JAtjHDjFWnSHYPdK5cpBa5ByPArhN1VuCUU0fIbFZckOuN9CyK4b3ucnYUmer4bRTNNrrMXfvc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9398abc3b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/img/SiteLogos.png | 104.21.11.130 | 200 OK | 1.6 kB |
URL GET HTTP/3telegramsoft.cn/assets/img/SiteLogos.png IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typePNG image data, 21 x 120, 8-bit/color RGBA, non-interlaced Hashe18e0100ab1656ba4730b0e65680da89 216bc4cf5748678f9df8a604a6df4cb69a5060f9 db38e056d9e2ee9ebd98aaaf89aec6d2a0e79c1f8423ceb424e2acec5bec1202
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/SiteLogos.png HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/css/telegram.css?81
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: image/png
content-length: 1618
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "000caea691b78b5f59b432c59d8076b5"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OWUytWBEWv07EEKTkH9hHE62oppXZMpoWodUBurnlgbgIrTiVtX2zidshBC11B3JaZcsPxuchBXz%2FmnDdJ9DjqQFffvmooOtAEd4BLnr1Vz5WsKgylem%2FFA0vvNV%2F8r4R0s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9398abbdb521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/cdn-cgi/challenge-platform/scripts/jsd/main.js | 104.21.11.130 | 302 Found | 0 B |
URL GET HTTP/3telegramsoft.cn/cdn-cgi/challenge-platform/scripts/jsd/main.js IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Thu, 25 Apr 2024 16:05:47 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gc1bW4IAnGxQ7IyjPUZUUjpeKKJotTeR45R5jQ9X7ToZQnYWXG1rXIFpPvNefa1aTIBy%2Bu0BodvkrTse3WorIDTvLIa5IkfpcWYUGq263dR2LD01GGHxsnMxPMrB9xOPScc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879f93993c45b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/img/SiteAndroid.jpg?2 | 104.21.11.130 | 200 OK | 19 kB |
URL GET HTTP/3telegramsoft.cn/assets/img/SiteAndroid.jpg?2 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 290x270, components 3 Hash351859704fb9ff89731d66d991b8dd8d 3958489b958374eae85f67c4cd2148cbe5f11a68 5fd05b109e8a19d207305aef28f45881b8ecd53c92f680c5dd1c5af0292aafb1
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/SiteAndroid.jpg?2 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/css/telegram.css?81
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: image/jpeg
content-length: 19430
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "d58759e494dd433f79f8e9c49fec9294"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u9vgmal0ZsiAS3tosw3mnOBrFljAMtT5jGX0OsduhkqLt2Q7BYPh%2FuSrE1uHV%2FS4DFfARch3xPzIdPxCQsGxNCBEuh8jPWzMnyj3IR0xHo%2FI4%2BW0SJ1TFyA5gm6lkUI7Nyw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9398abc0b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/img/SiteDesktop.jpg?2 | 104.21.11.130 | 200 OK | 46 kB |
URL GET HTTP/3telegramsoft.cn/assets/img/SiteDesktop.jpg?2 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1246x260, components 3 Hash073cbb1b0a394b4d7cf378af07633f95 c67a5f25637e13d86c43d6512873b8f62b462452 6665894cfbe4253528b7198f1131510d4b4dfbf87aafeba2f11b693677c180d3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/SiteDesktop.jpg?2 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/css/telegram.css?81
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: image/jpeg
content-length: 45839
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "c16c488697ff95c2dcb82322e29b124b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SdTiga80iiioSm%2FLgJV3KGlVN%2FoEeYvy7Iz2YUeTCF1Qzsg5MD4pNKmMQFaiaGwnIaz3JdiG6xpyc8Qw0zYfN%2BOnctfoJb%2FAj7nPdKE8Km2e4mwsHwfsFvWZ6dZYDtEL2dc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9398abc9b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/img/Telegram_1x.png | 104.21.11.130 | 200 OK | 942 B |
URL GET HTTP/3telegramsoft.cn/assets/img/Telegram_1x.png IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typePNG image data, 144 x 36, 8-bit gray+alpha, non-interlaced Hash99fc6a06e89acd81a9adc2dc0be74a2f 54583be2fa398e9a1cd723651aba0c5c75be5564 e701fdb27d19c8c6683a4920c554027ff330646efe20e6d4bf8722da549d9751
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/Telegram_1x.png HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/css/telegram.css?81
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: image/png
content-length: 942
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "eb6e94897b19a6924d52f51f29cd2401"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sM3dYj1Iekv%2FVfTlM0OogA7DTSzAnuGP3W54Z4bzazwkuPXrndfqEFTSdLuPKr4guWN9C9Q10f1oq5qHxUrUCVazQY1AkMSdo2VCr2I%2BqSUPPW%2FmPJbSe2LNGDKWCE4sbPY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9398abbcb521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| www.googletagmanager.com/gtag/js?id=G-13SHC4KKEQ | 142.250.74.168 | 200 OK | 101 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-13SHC4KKEQ IP142.250.74.168:443
CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT
File typeJavaScript source, ASCII text, with very long lines (5945) Size101 kB (100598 bytes) Hash1897040a639da3cf39abd864c53acfab 6fd6bed6df2eb4206fefc505dac9ab6d19b423d6 335ba9e4e5757ad9c6a943b8c6ad285e6f04fd913ef3151aaad3b2687d0f7ff4
GET /gtag/js?id=G-13SHC4KKEQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 Apr 2024 16:05:47 GMT
expires: Thu, 25 Apr 2024 16:05:47 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 100598
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| telegramsoft.cn/cdn-cgi/challenge-platform/h/b/jsd/r/879f93959d7e56bb | 104.21.11.130 | 200 OK | 0 B |
URL POST HTTP/3telegramsoft.cn/cdn-cgi/challenge-platform/h/b/jsd/r/879f93959d7e56bb IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/jsd/r/879f93959d7e56bb HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12151
Origin: https://telegramsoft.cn
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w; path=/; expires=Fri, 25-Apr-25 16:05:47 GMT; domain=.telegramsoft.cn; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AdnXMXLOhgubLrszeAnAwnsYcoGXws4tj%2BI%2FjnxXFNeoi%2B1I5KvTbyrdReqH6i9ePCXzEA6soqKUNaaw98LVwGKcRmzgA6ZtyoE65Yt1zbieA80Ehh%2BmaaOOo08I%2FWoPWdk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879f939a5d56b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/cdn-cgi/challenge-platform/scripts/jsd/main.js | 104.21.11.130 | 302 Found | 0 B |
URL GET HTTP/3telegramsoft.cn/cdn-cgi/challenge-platform/scripts/jsd/main.js IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Thu, 25 Apr 2024 16:05:47 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k1W5HWxtjB0So1CUjmkHMNfP8%2FhGdGe8Rwm9IeN%2BEqJUSYnNgMxvEUonsU%2FwLibSsNDO8657Cq9x%2F7XHrmjPlce70BWLFucBLsQUo%2FWU15thjT7vB0lEDMIxW8xQ9WDpLrE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879f939aadb3b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/cdn-cgi/rum? | 104.21.11.130 | 204 No Content | 0 B |
URL POST HTTP/3telegramsoft.cn/cdn-cgi/rum? IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/rum? HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
content-type: application/json
Content-Length: 1033
Origin: https://telegramsoft.cn
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Thu, 25 Apr 2024 16:05:47 GMT
access-control-allow-origin: https://telegramsoft.cn
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 879f939aede9b521-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| telegramsoft.cn/assets/img/t_main_Android_demo.mp4 | 104.21.11.130 | 206 Partial Content | 251 kB |
URL GET HTTP/3telegramsoft.cn/assets/img/t_main_Android_demo.mp4 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeISO Media, MP4 v2 [ISO 14496-14] Size251 kB (250838 bytes) Hash36bebc24f7516d37cbfbb4ee2aedf6f6 c40bb63cbe7c48f67faf8db89240fd60f912e1ce 03b2ae439d25e00e297b01942883f4ef8a6a5c87e01dd0faec6f1eef24b92816
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/t_main_Android_demo.mp4 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://telegramsoft.cn/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 206 Partial Content
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: video/mp4
content-length: 250838
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "c8d19b01d791b59f32aab3a6d8877cfd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5lAtOiHzkU9C273487YKBVXnwvyfsgXmDoRS1g6eBWah5rA0qduK4lsWa19dnpzvuIRYzZWzf8anITdI8jewZ%2BRlrkBxqTdN%2FdQ61gFPu1NfM%2FgKpjeYjZkau%2BbxCTbdOEY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
content-range: bytes 0-250837/250838
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939aedecb521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/img/t_main_iOS_demo.mp4 | 104.21.11.130 | 206 Partial Content | 245 kB |
URL GET HTTP/3telegramsoft.cn/assets/img/t_main_iOS_demo.mp4 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeISO Media, MP4 v2 [ISO 14496-14] Size245 kB (244748 bytes) Hash91daa37e09df8b688f7832e7d6d80aa6 fc59e29275e98dd5dce1efc9b982ec1ba5ad4276 eaf99fdddbab6953d53df2a7e81b5275e90e221e0a7ebd3d99f42cf4b6aba6d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/t_main_iOS_demo.mp4 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://telegramsoft.cn/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 206 Partial Content
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: video/mp4
content-length: 244748
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "c0bc76fa81ed386cad4a942112b61796"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TaDKjhMOUn6Rw6UQT2POatff4fGBypa3CUyQoykBSMw8BRoVP3CigCZYYMRGqT%2BtmA09%2FTozNdpMh3yn8Iw2aMf6gynhXA9URqFJ%2FMHU%2BGJoeYMDyVNAIw1ehNCy2U7fqrM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
content-range: bytes 0-244747/244748
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939aedf0b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/cdn-cgi/challenge-platform/h/b/jsd/r/879f93959d7e56bb | 104.21.11.130 | 200 OK | 0 B |
URL POST HTTP/3telegramsoft.cn/cdn-cgi/challenge-platform/h/b/jsd/r/879f93959d7e56bb IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/jsd/r/879f93959d7e56bb HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12150
Origin: https://telegramsoft.cn
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; path=/; expires=Fri, 25-Apr-25 16:05:47 GMT; domain=.telegramsoft.cn; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zlsQa4oF7aJCNar4vEFPrLQhV15TSX%2B5yo7S0inRWipBDvfV8x3xDy6ZY%2F641PppPOG%2FbqKSet3WpgU3V7Tcga4HHd7LIC2uzq1PyQZz5zd5pWqR3TJ0kOuZwmx842cntwU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879f939c4f38b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/js/tgsticker-worker.js?14 | 104.21.11.130 | 200 OK | 29 kB |
URL GET HTTP/3telegramsoft.cn/assets/js/tgsticker-worker.js?14 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJavaScript source, ASCII text, with very long lines (716) Hasha11248f567a0b314cd0e2e3ebad4d238 a2da89e903742246e7748ce0bfc0ea767a3d7b52 755ea46c6b1cf3ef6c1c9b1d8d9569ffd29b00840b703f3c1d13251481494098
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/tgsticker-worker.js?14 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-bgj: minify
cf-polished: origSize=5880
etag: W/"38ee93f2eac01baac8d031ac4b7a6265"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jcPj5zIiYvuySB78eD8mU1K4deYYHxT8zY22M3nGfvqEmkK2Oo%2Fqx7CJnDDMb3qrmSswqRjhPYxRsmbiwV34DekmHHdTtugWD7ayK%2BbARwKwitB%2BeaPE2bvkIJkpWKVpVJg%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939d3820b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/js/rlottie-wasm.js | 104.21.11.130 | 200 OK | 198 kB |
URL GET HTTP/3telegramsoft.cn/assets/js/rlottie-wasm.js IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size198 kB (198123 bytes) Hash5d2eddf0c08ec026b620c69329d65f20 5dad311e4a24d562be4158feea1b8c9944d1949a adbb864477b7e6272774eee1369c89c5a2dc7a068c1a0323c388f67c7f421460
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/rlottie-wasm.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"deacbabdcf20d95026e115ef031c21c1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7vtoW7MJl17JIl7Fv%2FXb%2Fh4IzUrcTB0VP24pq55s0vZcAPw7JECDJEdPjprMlr4oaaZxu7Vag22ZRGOL5dGrdZWD8itrbbRXU2xJX7fFaHaWSPL1RD2CV85%2BNTreVYl006g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939b5e6bb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/js/rlottie-wasm.wasm | 104.21.11.130 | | 0 B |
URL telegramsoft.cn/assets/js/rlottie-wasm.wasm IP104.21.11.130:0
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/rlottie-wasm.wasm HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"503334af370d617d1ae80a61310a869f"
TE: trailers
HTTP/3 304 Not Modified
date: Thu, 25 Apr 2024 16:05:47 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=72N1UbhuyXFE5odYtkq66QTeh2BDE4cXpIZ43jyIQdE54Y5IXo%2BqL0KF8k7esC%2ByTWG%2Bt62BKBvC1DDJHDsU8iiG3c4axoG2%2Bj50CyDj%2F0UagK5lCt77pBro7BNu4BsrLVk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939de8f4b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001418/1/fabnJFzygPY.17422/bc9dec9fd8bd26e00e | 104.21.11.130 | 200 OK | 17 kB |
URL GET HTTP/3telegramsoft.cn/file/464001418/1/fabnJFzygPY.17422/bc9dec9fd8bd26e00e IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typegzip compressed data, max compression, from Unix Hash86d83d04e8cbdced71f34637c23c1eb6 2ae58f60868535644ceb753735db7191d65a6723 91286a9f171e3435452f7fc0523f2fc626a142c1eb3f29bdc38b74335e229cce
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001418/1/fabnJFzygPY.17422/bc9dec9fd8bd26e00e HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 17422
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "5dbc34334890d533090d4f968aaa8aed"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8RNkRDOTgC9%2Fol93E%2BVX%2FjnOQYlXScjqrJI4sN4rIxy7IoPt7p%2F7JdS3%2FJ%2FrL70XKJIi0UcJ0yh0rygJRykArilNCPGXfSS8lARHzD%2B3aP46AmyIhvA1M9YJyESmrPa7Ejc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e4959b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001560/1/zLlKYgeDLoA.14496/62085b07461f2d87e4 | 104.21.11.130 | 200 OK | 14 kB |
URL GET HTTP/3telegramsoft.cn/file/464001560/1/zLlKYgeDLoA.14496/62085b07461f2d87e4 IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typegzip compressed data, max compression, from Unix Hash78d3bcd9609c319c6ab7fc403d7f0180 49d91136fa50933ff1b9e52e23f214e578dc93eb 7987bba1a813626330b373ba05d4644d665378bb8f6a782d2297c101aeed1161
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001560/1/zLlKYgeDLoA.14496/62085b07461f2d87e4 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 14496
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "c71dbd44b11ced13252973ac64f04e3c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xlcwG9FqwaQ8my7YwcIt4QFbpFSYoaFSXIIey1H7VKpZNFgkr3UevbHpdZgG8DIqr3i9qK%2BlzBvbEhc%2Br79oqzq4V4iLQ8e7Lhg63nKspSOAifCLZe%2FSMCU%2B7%2BarbBQ14bM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e4971b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001484/1/bzi7gr7XRGU.10147/815df2ef527132dd23 | 104.21.11.130 | 200 OK | 10 kB |
URL GET HTTP/3telegramsoft.cn/file/464001484/1/bzi7gr7XRGU.10147/815df2ef527132dd23 IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typegzip compressed data, max compression, from Unix Hash4c55012442a6cc9653dcadbbb528cd22 ae83b62952ff7e4428c85793289d7423ece52f05 cf2d5fbee6986544da6202828c01898bcb8e8debc50611e0c7433e8066834c61
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001484/1/bzi7gr7XRGU.10147/815df2ef527132dd23 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 10147
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "7e5f8ab5482598dc083339ae01ca8367"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=raN94zoDifX2xzXwr41iMuM7ZRSQhOIPSrO6IwP5pKjtY7IzvD7Ngyaw4miSJLybnzq8cPzm7wUC26aSTEkZKZUrdNhe2z8qVJOhBhHVxs4E01oUZSkpARk3Uk7bGvc80m4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e394ab521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001880/2/VGTLBN3QuYM.10959/8940838e7dddc787d8 | 104.21.11.130 | 200 OK | 11 kB |
URL GET HTTP/3telegramsoft.cn/file/464001880/2/VGTLBN3QuYM.10959/8940838e7dddc787d8 IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typegzip compressed data, max compression, from Unix Hashfcf0262beb96c58fd7aeb5c0bb8fc4af 22c51ed3eb77fc79ac3fe8131f8cb08c9afd532e e81ea8894a34c2673dc7e7afa5055eded2622f15dab8f452ea79c240c6969f3f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001880/2/VGTLBN3QuYM.10959/8940838e7dddc787d8 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 10959
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "7bb5579af2be212dcd98c632debb5ba8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W6uvwMmB2WU1KArthnVS4kE1Qa3KbfGhXR7TTSFm7UvKj0kOGV3qtY0hKv1yqhgLlcqOE1h72ookoGYLnVb%2BSUkaIOkfmMZZJbPu81B0w0Fiu6XBUBhqyGG79m%2BZD%2FZ2wUg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e4977b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001453/2/eW_MzRhUGoM.10926/fe1f3bc3dd08367c0a | 104.21.11.130 | 200 OK | 11 kB |
URL GET HTTP/3telegramsoft.cn/file/464001453/2/eW_MzRhUGoM.10926/fe1f3bc3dd08367c0a IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typegzip compressed data, max compression, from Unix Hashbf88a2e44ae44de60408010047aa2534 644fba3dbb11bfacca45f72d098cd16ee3679f58 3b2e89fec8654e1f8d5b45b794f310f9f287e0e9b249b0e3279016e5d5873409
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001453/2/eW_MzRhUGoM.10926/fe1f3bc3dd08367c0a HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 10926
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "f91f940ee92f40389b3f5b6934a56d48"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DYDggzSFfiItnlCm%2Ba4gyQEjhX%2FmYadwm0cYIK3lXwcMzNvgn22tb64BbQ74o9QsW2yXf1gyBE5HVtOE5InBIXevRpt%2B%2FjEkgsYc2NQFGvbWl96rAUu109tsyMDt6FGZ2vA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e597eb521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/img/t_logo.svg?1 | 104.21.11.130 | 200 OK | 57 kB |
URL GET HTTP/3telegramsoft.cn/assets/img/t_logo.svg?1 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeSVG Scalable Vector Graphics image Hash4b4a3a06325228547931e7cb8e51aea6 169621982d68a1012609da95094a365acf48ed24 db0157b8f226a82177ae547b0437c82b22f4669e7df6561c44e13e4d590b79bc
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/t_logo.svg?1 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"bafe50a0a8d9b2d4248bb8ecc6770da7"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OFKLY%2FsVPqXhtmVnQE6UgA2kkQZbAmAmdUZqdAfpL35sjD6GY8FBtTzh0eRexYyoj5FPA6yk8Tn7y%2BoDWzhydfIGnmhAGkAhVmFGm5tKYllKd80vKgDKjwmQlKGllBQZf7s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aad9b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001812/2/kLAK2TPyvUU.12545/f68c1caf735a2ea3db | 104.21.11.130 | 200 OK | 12 kB |
URL GET HTTP/3telegramsoft.cn/file/464001812/2/kLAK2TPyvUU.12545/f68c1caf735a2ea3db IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typegzip compressed data, max compression, from Unix Hash6ffe0373e13c95e1253ee372a3d7fedb bb6c4764e927a8ed8cbf14babea3e28ff1f07d4b 1f0b318040b210a65b48d386d9680b29212da0d01dee9cc9f56d485334bdc11a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001812/2/kLAK2TPyvUU.12545/f68c1caf735a2ea3db HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 12545
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "e9b748dca30cb11c5f4c77ebc93e001c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MFthQFCz5jJlsJgSX4gmwPBQd82ws4G6DKfAcuV4q2uU6NBQBRSAIhIUf6eK8K6syAPFM7iMO998S6YMMKC7ZkQzUxsjr%2BuKdAsrR1%2FGNGXNSoaU27j1QcfRflotAOl7Evc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e597fb521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/js/jquery.min.js?79 | 104.21.11.130 | 200 OK | 47 kB |
URL GET HTTP/3telegramsoft.cn/assets/js/jquery.min.js?79 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJavaScript source, ASCII text, with very long lines (32086) Hash27a0b8102cba17e8fb9b139c33349a78 065d438536296e9b48ae7f350427e55b352a65c2 bef417b2cd5f24df5ff599a87aae57f94a61d4e5c705e8f916f1cee283a0ead7
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/jquery.min.js?79 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"b9d2463a390aa92a80743700a5bdc9f8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p7TWAzmrxfUjL%2F11l5bV066i9So4eCZXXO%2FlW4HPZ9ETWCx%2BVnn8m186%2BeKRRnzP50AEKz92mbuGaRuIT45qJSF7TaZVn%2FOJzxnged4eIMdUalj3IMM54p7nQOqEcPtGMRI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f93991c2fb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001166/1/01aTJ2ISKeU.21801/24028c7b6d07639794 | 104.21.11.130 | 200 OK | 22 kB |
URL GET HTTP/3telegramsoft.cn/file/464001166/1/01aTJ2ISKeU.21801/24028c7b6d07639794 IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typegzip compressed data, max compression, from Unix Hashede943d9bf34428ef8fb13948912141d f06bd9fe51bf32fbefa0acefbddaa464f6a64f13 1782968f6f9eb42bc5689b3a2956ce8c45672e126427b870eb5e2ffc415cbc0d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001166/1/01aTJ2ISKeU.21801/24028c7b6d07639794 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 21801
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "ddd2f9075296fda7745016eac52a074b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WdGYWAFlK9KrJ7Ij5xFV5Or24VESp7dCH1GZ5ZyqsXBIoDRZE0aLpZ%2BN%2FG80HtXNqgppdtiPnjUVTaDbagmUjCwcuK6jrc%2BCF43YGOGoLySZDmu%2FsDi80m4HUPpaPPx2TSI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e5981b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js | 104.21.11.130 | 200 OK | 12 kB |
URL GET HTTP/3telegramsoft.cn/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typegzip compressed data, from Unix Hash19d5458dc38e9f556f8113cf127e8143 a572539bae1db3c2b6b66a2576fe64561b9ab951 9fc99873f0a48e29ad4b14595e97ffdad371b1c2fdd25b984343e9d78e2d2b7f
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/javascript
last-modified: Fri, 19 Apr 2024 20:54:07 GMT
etag: W/"6622d9ef-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=evj1jy9AlKMWWMzUN2xD%2BAFrKgYYtOaWNG8w4uiy9xfibqqs%2FPicrVPtveu3u4jvkhwb%2ByPAD8IobpuZZaYg0u7YQNrS4DAQe1Sw28gERitxkHOz4M4si43yxcksepbZq6c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879f9397baeab521-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sat, 27 Apr 2024 16:05:46 GMT
cache-control: max-age=172800, public
content-encoding: gzip
|
|
| telegramsoft.cn/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js | 104.21.11.130 | 200 OK | 12 kB |
URL GET HTTP/3telegramsoft.cn/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJavaScript source, ASCII text, with very long lines (7806), with no line terminators Hashb2ce7fd65cb5594651a9e7569e01380f 6be8bae7801eb1fe0ac8f7c44fd12f8782eaa802 18c8868f8fbe741a1a4ac7b8a1505135849af0d15b3d7572a537c31df0887f49
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
content-encoding: br
x-content-type-options: nosniff
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pvavv4ktva88XC60O%2FladrHp1hGgejpMOdtcZKymufz4q7Qqr0rkkTivZN6TF97AeWQH2mw6JH9nFCNsYH9Mivw3wkkaha04pBhQCn24H5vKxHuFoC%2F7R%2Bvn6i9Kpsd%2Fti4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879f939b5e69b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/js/telegram.js?98 | 104.21.11.130 | 200 OK | 846 B |
URL GET HTTP/3telegramsoft.cn/assets/js/telegram.js?98 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
Hash4beb166de402d568e0b592758b125c6f a8ab0c3563a8135083de8e1b2c0316878a1dbede 20f3a4cf271c5dcf34b4cb039d342d8a78f3f8cc7225933ac2e14cb374f93836
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/telegram.js?98 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-bgj: minify
cf-polished: origSize=1591
etag: W/"00ada27ec07f96afc15c0a9a033c5fb4"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i23U5zuEzU87Yl8Uo8J9LAxmUx7eOp2APTxUu83xtj77EjpJKPdM2CL0%2BsWqujxqHYNbVrIkoiFj3EVOH3cncakuImfn8%2BbHNkV%2FQXhjJ98WLmAw1kfopxOYfnWRxx8TRJI%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f93991c2ab521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 | 104.16.79.73 | 200 OK | 7.1 kB |
URL GET HTTP/2static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 IP104.16.79.73:443
CertificateIssuerGoogle Trust Services LLC Subjectcloudflareinsights.com Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00 ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT
File typegzip compressed data, from Unix Hashebe4376f4e1281c96694fd5cc7393fc7 4e243971f33ca815ee9ae7806280bea5e4b11c28 2f16e64ff27ffad1a74c1a2023bf9633daf8e06b9339425441613881f16c9778
GET /beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://telegramsoft.cn
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.0"
last-modified: Tue, 23 Apr 2024 12:12:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 879f9397ca3956c5-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| telegramsoft.cn/assets/js/main.js?59 | 104.21.11.130 | 200 OK | 15 kB |
URL GET HTTP/3telegramsoft.cn/assets/js/main.js?59 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJavaScript source, ASCII text Hashffe94f88225a6b16bf1e834eb4c102f0 e9e10ea3230fa5c042e3c5dcc561fa4c03734e95 9154cdbda9656074cbbcba1b3057a3fc8b115926112e7f99e03192b15d285f86
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/main.js?59 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"201b21cafcba2186ee0f9a1e52ea94a6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=onplcst%2F7Y05N1dx%2F9Et9HT8ytWUSbLB%2FCTVSgD83Q%2FbdWgqK5XFK9kgwAGC6CZV3ynBO5VMEaJWKfYm7qMrINzXZAGGgMZH83%2Fj2IVKvYRTwRAFjQswjjYskG1ONHEFDwA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f93991c2db521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js | 104.21.11.130 | 200 OK | 13 kB |
URL GET HTTP/3telegramsoft.cn/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJavaScript source, ASCII text, with very long lines (7857), with no line terminators Hashad50e315d4242492606141e9eb452c9e 72617f9c2d50a28ea36d5368c092305616b14cd1 74211ad2afa5fe590ee4c15bd95ce2d85d8ce92f7ea525a265630878361c13ae
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: br
vary: accept-encoding
x-content-type-options: nosniff
cache-control: max-age=14400, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9OqEugrlPk2NViPDDXpNL%2BzcrxGr2sI64xG4PTKokl4bCL77DfqG16rHWXc7lEJFfh4BB%2FieNf%2FG6J%2FNTq2%2BPriXTVTCyVETegbIufnrVJeA8LmsCMOlTUwu%2BAIwSm7oZm8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879f93994c5db521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/cdn-cgi/rum? | 104.21.11.130 | 204 No Content | 0 B |
URL POST HTTP/3telegramsoft.cn/cdn-cgi/rum? IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/rum? HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
Content-Type: application/json
Content-Length: 454
Origin: https://telegramsoft.cn
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/3 204 No Content
date: Thu, 25 Apr 2024 16:06:10 GMT
access-control-allow-origin: https://telegramsoft.cn
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 879f942d18a3b521-OSL
x-frame-options: DENY
x-content-type-options: nosniff
|
|
| telegramsoft.cn/assets/js/pako-inflate.min.js | 104.21.11.130 | 200 OK | 23 kB |
URL GET HTTP/3telegramsoft.cn/assets/js/pako-inflate.min.js IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJavaScript source, ASCII text, with very long lines (22681) Hash6054e20fa01477f33a263b506af5228d 678fd5843bbeb55a4c127d776ef9dac6f9ca870a 6853445f31f18e811ae58c96d75e7332e01f08a79feb1e1be8368bfdbcb2f920
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/pako-inflate.min.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"aec818b70b479a3778a334845db8936b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4tG1AK831glYeOomBH5RmDeYak1el4BqayOwWXgxjrzNEd36iKvokZEvbj4btzy0eYRSBbD2haco7gHvMxMFOpmTWN%2BR7jHMgTLNwY7PvGq9mxaARMVRhF%2BS9PWfKuIMOfo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939c6f59b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| | 104.21.11.130 | 200 OK | 18 kB |
URL User Request GET HTTP/2IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET / HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4N5Pa61dEnk0OD63hHbzlJYG9dM9Qumnnkv3Cy1E8jG15STey3zwGfHo3npzkLVWivZCfg3Wa0NrjNT0n3y41Ph%2BgtSIKnVBkJKiJzW7xMgBNy1eQ5ccWbKKlM23yjQ3kl8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 879f93959d7e56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| telegramsoft.cn/assets/js/pako-inflate.min.js | 104.21.11.130 | 200 OK | 23 kB |
URL GET HTTP/3telegramsoft.cn/assets/js/pako-inflate.min.js IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJavaScript source, ASCII text, with very long lines (22681) Hash6054e20fa01477f33a263b506af5228d 678fd5843bbeb55a4c127d776ef9dac6f9ca870a 6853445f31f18e811ae58c96d75e7332e01f08a79feb1e1be8368bfdbcb2f920
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/pako-inflate.min.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"aec818b70b479a3778a334845db8936b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4tG1AK831glYeOomBH5RmDeYak1el4BqayOwWXgxjrzNEd36iKvokZEvbj4btzy0eYRSBbD2haco7gHvMxMFOpmTWN%2BR7jHMgTLNwY7PvGq9mxaARMVRhF%2BS9PWfKuIMOfo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939da8a3b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/css/bootstrap-extra.css?06 | 104.21.11.130 | 200 OK | 71 kB |
URL GET HTTP/3telegramsoft.cn/assets/css/bootstrap-extra.css?06 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeASCII text, with very long lines (540) Hashb241778b05c8d0a68df19e6d3863f558 5fc7f267d92539d3d35a626a3957d033806bc318 2cf01371df15c24d345f2bc5659e748d5c15d64bbb4475e44679ba363a395381
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/css/bootstrap-extra.css?06 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"fc2c72180a20e4937b1713da2df2cd6f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mSWNiCHxxefchneSPZbjzKf3Q59O6xg3YQHhRm%2FDraCIWZWyr%2FRfII7fZpkx%2BUeXGNBGr4j7Vj0zK01n103J0tvjNObTByjxfPcXWEm0IDrfSsu9zX55zLKIspsyH9PCdFQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
priority: u=2,i=?0
server: cloudflare
cf-ray: 879f93979ad0b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/css/telegram.css?81 | 104.21.11.130 | 200 OK | 113 kB |
URL GET HTTP/3telegramsoft.cn/assets/css/telegram.css?81 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeASCII text, with very long lines (1267) Size113 kB (112862 bytes) Hash541cf98ef3c9da7083eae92864ec2869 b919b0f40f01ab2a4de7210746c9074239c509d9 0b2ce288e35a1d525ef4638d5c21dfdc457c6a7ea1dc44cae31f13e1cf0e61b2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/css/telegram.css?81 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"d1fcd6d3c42d1fed09d4bc3a5c248364"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RWoKT%2B8JWQdE2q2ENVF8hz%2B9l1ZwG%2B7nb1pzPSX1s0tPC%2FHgkWrDqitEOUm7IjAeY7pLjiBkoN%2FQN%2FHAb%2F2UpNQAgGQUDqGF6Rk2cYdxSEp3Lt%2FwiOGlXUGwGs%2Fl2owBPQU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
priority: u=2,i=?0
server: cloudflare
cf-ray: 879f93979ad3b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/js/tgsticker.js?47 | 104.21.11.130 | 200 OK | 18 kB |
URL GET HTTP/3telegramsoft.cn/assets/js/tgsticker.js?47 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJavaScript source, ASCII text, with very long lines (1152) Hash4bcc5d9ce2530e0a270382ed04e7d82a 7cee7deb5219575524e2e5d4c0fb800ac18f0b1b a1937de1c2e816d85e144a5ec46a6610a806a40917230b2f8bc4c75da878bb77
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/tgsticker.js?47 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-bgj: minify
cf-polished: origSize=24651
etag: W/"b4feb2aa33ab3b90c585db7c31ec1c3c"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nCroiE4ZPeFNan8RuBwVvht6ihUrOKgfSbGoC%2B9zPEHwM7rEftnPQBX3Uqzqyrx9mXwGaeeYBxpsaUwnjOplYCrOHNVG1g8TmHLpoeJf4pdhRFhpb7i1LNvUDYnZFQpiduU%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f93991c2cb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001493/2/hV6uPcaHk_E.17388/dcccb066a7b4fe44ee | 104.21.11.130 | 200 OK | 17 kB |
URL GET HTTP/3telegramsoft.cn/file/464001493/2/hV6uPcaHk_E.17388/dcccb066a7b4fe44ee IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typegzip compressed data, max compression, from Unix Hash88c7ce379c5d6a55e0133a0b85feab54 af1723d1cbfc88ac39b878645e82b1675d760f05 38a05617438ded40db7fae3f70efe9cd3adfd0a14c0ec4af08f1d73019a10663
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001493/2/hV6uPcaHk_E.17388/dcccb066a7b4fe44ee HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 17388
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "2e7448369b935c24418ea69cb056295f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BlddJBchO2iR83ycAbhTxLrUBOGVTzf%2FOnET%2B1ZQezI7JELCBcI0HclVkYRrAuPaWhTqrshamBqD%2FTC6j%2FFyLbfoJh3Sx9jNdnC%2FKoVdDWDcqWwmcy4WuUCBX8ZUt7AJGUo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e4973b521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/js/pako-inflate.min.js | 104.21.11.130 | 200 OK | 23 kB |
URL GET HTTP/3telegramsoft.cn/assets/js/pako-inflate.min.js IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJavaScript source, ASCII text, with very long lines (22681) Hash6054e20fa01477f33a263b506af5228d 678fd5843bbeb55a4c127d776ef9dac6f9ca870a 6853445f31f18e811ae58c96d75e7332e01f08a79feb1e1be8368bfdbcb2f920
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/pako-inflate.min.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"aec818b70b479a3778a334845db8936b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4tG1AK831glYeOomBH5RmDeYak1el4BqayOwWXgxjrzNEd36iKvokZEvbj4btzy0eYRSBbD2haco7gHvMxMFOpmTWN%2BR7jHMgTLNwY7PvGq9mxaARMVRhF%2BS9PWfKuIMOfo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939da89db521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/file/464001803/1/cnqy4KrA5bE.12755/b97780ca9da88b4f84 | 104.21.11.130 | 200 OK | 13 kB |
URL GET HTTP/3telegramsoft.cn/file/464001803/1/cnqy4KrA5bE.12755/b97780ca9da88b4f84 IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typegzip compressed data, max compression, from Unix Hashbadb2b8bb6abe3cb19ddd0b319b39c19 ceda4415df0b6a50bbc934b246fb00bc92216e20 ddd0394267fea16d0c590724f59bb2cbd8c9e7ee63a7757e9ea89f36a1c97546
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /file/464001803/1/cnqy4KrA5bE.12755/b97780ca9da88b4f84 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 12755
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "26c5b25fd18c03d218c322a43a14f2d8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8h07Ju2o9Mwr0zLXwr%2Fn%2F4zJc%2FqwK4duS%2FETN6ockf6r7KWfFl4m8yDIr%2FJTeb2Zr%2Bs4YnMEuG%2FPQ5k85QcvUI3b2XZPvdiU9Y1904Ogo3HD%2BuYmlfKcy8QgW2SUWEUtjYA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e597cb521-OSL
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/css/bootstrap.min.css?07 | 104.21.11.130 | 200 OK | 43 kB |
URL GET HTTP/3telegramsoft.cn/assets/css/bootstrap.min.css?07 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeASCII text, with very long lines (42204) Hash0f6a6c649ec9869867789d85eb6ccbb8 a9d5ea9d9fc05125b6a37ff4f545d266408aab87 01a1cb74194e04c00a19337ae78805c9d673c3e6873e6f882d164a623bb00705
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/css/bootstrap.min.css?07 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"97cb2ef4a523fe78ea3ec80a4c3979f3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K0bgj3uPE8aNt%2FHeYFyNxQWX2i6%2BjROMLyN6v4JsnjreHZzQ0xmlzIvyMAuw6jmUtx87Zx3zyekAATn%2B66Q3naqESUjbVokrGe5R%2F2FhQ5KW8GQaIRmtxwOUerC%2BKBS2v7A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
priority: u=2,i=?0
server: cloudflare
cf-ray: 879f93979acbb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/img/website_icon.svg?53 | 104.21.11.130 | 200 OK | 1.9 kB |
URL GET HTTP/3telegramsoft.cn/assets/img/website_icon.svg?53 IP104.21.11.130:443
CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeSVG Scalable Vector Graphics image Hash8b1d5a3a40497bd61a8f2138ae683cc4 733652daff5307d7b4b62ec6edf8c967dfb5f8f5 65f5cf5d1c3af89ed7120cd62134ae7b5345edb3cadc48255d18d176f7c52bfa
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/img/website_icon.svg?53 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"c936c1fd163deb08636439fdbd125c0d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n3yTU5jzERG2%2Faep52Pc2kb6%2BHSmbWUS%2FCvKlpM2qMGFmLxTG8gNVIaN57EyjJu0issgnTomSMdhHDq5v2go2k6qZzvb3rgzP6yZw%2FYPVtvdItNsPXx6hMyfUTeBBYN%2BL38%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
priority: u=6,i=?0
server: cloudflare
cf-ray: 879f939a4d48b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| telegramsoft.cn/assets/js/pako-inflate.min.js | 104.21.11.130 | 200 OK | 23 kB |
URL GET HTTP/3telegramsoft.cn/assets/js/pako-inflate.min.js IP104.21.11.130:443
Requested byhttps://telegramsoft.cn/assets/js/tgsticker-worker.js?14 CertificateIssuerLet's Encrypt Subjecttelegramsoft.cn FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8 ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT
File typeJavaScript source, ASCII text, with very long lines (22681) Hash6054e20fa01477f33a263b506af5228d 678fd5843bbeb55a4c127d776ef9dac6f9ca870a 6853445f31f18e811ae58c96d75e7332e01f08a79feb1e1be8368bfdbcb2f920
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /assets/js/pako-inflate.min.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"aec818b70b479a3778a334845db8936b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4tG1AK831glYeOomBH5RmDeYak1el4BqayOwWXgxjrzNEd36iKvokZEvbj4btzy0eYRSBbD2haco7gHvMxMFOpmTWN%2BR7jHMgTLNwY7PvGq9mxaARMVRhF%2BS9PWfKuIMOfo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939da895b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|