Report - redirect.jscript.workers.dev/

Report Overview

Submitted URL
redirect.jscript.workers.dev/
IP
172.67.130.173
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 16:06:13
Access
public
Website Title
新时代的消息传递方式 - Telegram中文电报官网
Final URL
telegramsoft.cn/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
106

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
redirect.jscript.workers.dev	unknown	2019-02-08	2024-01-23	2024-02-04	483 B	590 B	104.21.3.120
telegramsoft.cn	unknown	2023-11-27	2023-11-27	2024-03-03	30 kB	1.6 MB	104.21.11.130
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-25	422 B	101 kB	142.250.74.168
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2024-04-24	494 B	7.5 kB	104.16.79.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-25 16:05:46	low	Client IP	104.21.3.120	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	redirect.jscript.workers.dev/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed
2024-04-25	medium	telegramsoft.cn	Sinkholed

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	unknown	74 B	2023-05-19	2024-04-25
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-19 21:44:44 Last Seen2024-04-25 18:06:14 Times Seen45 Hash 0ae82f836ad54e6d020b2873d0d05b05 1ff3a544508e5b4ac6140dd1381b5c4a81efd553 5275d59187594dec40706090562567fbac6243aec2555da55f2b4ec5c0ce2575 Loading...

	telegramsoft.cn/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.9 kB	2024-04-25	2024-04-25
Pretty URL telegramsoft.cn/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.11.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:06:14 Last Seen2024-04-25 18:06:15 Times Seen2 Hash ad50e315d4242492606141e9eb452c9e 72617f9c2d50a28ea36d5368c092305616b14cd1 74211ad2afa5fe590ee4c15bd95ce2d85d8ce92f7ea525a265630878361c13ae Loading...

	unknown	172 B	2023-11-12	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-12 14:11:00 Last Seen2024-04-25 18:06:14 Times Seen48 Hash 4158018ed7444ac9b09b6955a23fc147 b04b13fad515129de287e2a7beedd69521bfffb3 76dd2b687a784a6a6421068ed44f4eb23a5bc035eb64262daa64380ed0d1d8a5 Loading...

	telegramsoft.cn/	1.1 kB	2024-04-25	2024-04-25
Pretty URL telegramsoft.cn/ IP 104.21.11.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 18:06:14 Last Seen2024-04-25 18:06:14 Times Seen1 Hash eccb33b460ef264c62ffdbf163a42726 d90a4b12c4ca3e64fdecc26144fc53bf7b4765c2 04364f83c22745e2edc36a353b69f7d45650f4ec489515130f9bc0bf6183727d Loading...

	unknown	76 B	2023-05-19	2024-04-25
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-19 21:44:44 Last Seen2024-04-25 18:06:14 Times Seen43 Hash 0a1c02f4230d583ac517375e25de6b86 5ff80925f184f1ff873f3574d39506360083e7d4 89ed081c9a5b3bdceb70f44e30292f7ea3883e5faea42072a5898edcac47dcec Loading...

	telegramsoft.cn/assets/js/main.js?59	21 kB	2023-12-05	2024-04-25
Pretty URL telegramsoft.cn/assets/js/main.js?59 IP 104.21.11.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 12:47:58 Last Seen2024-04-25 18:06:15 Times Seen19 Hash ffe94f88225a6b16bf1e834eb4c102f0 e9e10ea3230fa5c042e3c5dcc561fa4c03734e95 9154cdbda9656074cbbcba1b3057a3fc8b115926112e7f99e03192b15d285f86 Loading...

	unknown	247 B	2024-04-25	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:06:14 Last Seen2024-04-25 18:06:14 Times Seen1 Hash d212b4d48767ce8e3bd4942d75cfda73 c7bc9ac67dd99ea2cf6f1ac56fba0dd9927f69ed 9c5cb7aede40a9d061a2d85f6d286f72174764867d3a92f9eb7825da4028f3f2 Loading...

	telegramsoft.cn/assets/js/jquery.min.js?79	96 kB	2023-12-05	2024-04-25
Pretty URL telegramsoft.cn/assets/js/jquery.min.js?79 IP 104.21.11.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 12:47:58 Last Seen2024-04-25 18:06:15 Times Seen26 Hash 27a0b8102cba17e8fb9b139c33349a78 065d438536296e9b48ae7f350427e55b352a65c2 bef417b2cd5f24df5ff599a87aae57f94a61d4e5c705e8f916f1cee283a0ead7 Loading...

	unknown	82 B	2023-05-19	2024-04-25
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-19 21:44:44 Last Seen2024-04-25 18:06:14 Times Seen43 Hash 53aa1cb4adbd89cdc9e6d866610cfcee ae39341a2c8388248bcb98b33988fb633b93bacd ee84c52841b09e6280caef2271d88049d3a99e2b31dc67cb740e31f8f4f2da41 Loading...

	static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793	19 kB	2024-04-17	2024-05-03
Pretty URL static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 IP 104.16.79.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 04:05:01 Last Seen2024-05-03 04:44:29 Times Seen1486 Hash 3be93fd15d2f7dee2fc0c8981c6fa5c6 8cd88c36fad3e96641dbc4d781f5ddbe5123312f 17106bf803d42bcf2f2bdf778ece084d3f91c68e7ea41dae7bff61fefa573dee Loading...

	unknown	105 B	2023-11-28	2024-04-25
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-11-28 15:07:06 Last Seen2024-04-25 18:06:14 Times Seen42 Hash 01e5896127abb380976339f19e5a4852 1ba3661d53bf35f133e6f689ca7d99e844eaebe5 b923300851fe697a00fce2bc1caf7f69ecf53649ae53464ad8bda027a042351a Loading...

	telegramsoft.cn/assets/js/tgsticker.js?47	18 kB	2024-01-04	2024-04-25
Pretty URL telegramsoft.cn/assets/js/tgsticker.js?47 IP 104.21.11.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-04 16:40:28 Last Seen2024-04-25 18:06:15 Times Seen16 Hash 4bcc5d9ce2530e0a270382ed04e7d82a 7cee7deb5219575524e2e5d4c0fb800ac18f0b1b a1937de1c2e816d85e144a5ec46a6610a806a40917230b2f8bc4c75da878bb77 Loading...

	telegramsoft.cn/assets/js/telegram.js?98	676 B	2024-01-04	2024-04-25
Pretty URL telegramsoft.cn/assets/js/telegram.js?98 IP 104.21.11.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-04 16:40:28 Last Seen2024-04-25 18:06:15 Times Seen9 Hash 4beb166de402d568e0b592758b125c6f a8ab0c3563a8135083de8e1b2c0316878a1dbede 20f3a4cf271c5dcf34b4cb039d342d8a78f3f8cc7225933ac2e14cb374f93836 Loading...

	telegramsoft.cn/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	12 kB	2023-03-07	2024-05-05
Pretty URL telegramsoft.cn/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 104.21.11.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-05 04:52:47 Times Seen43640 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	unknown	196 B	2023-05-19	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-19 21:44:44 Last Seen2024-04-25 18:06:14 Times Seen52 Hash 78843d6203b1d46c10f01b5830e1394e 42dcedacecc6e60088b0dc09cb01c8d605356cfb 6c237f20a5ab8385a830562355d4aea877830dc00fb582b2dbc2443bf4cc9cee Loading...

	telegramsoft.cn/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.8 kB	2024-04-25	2024-04-25
Pretty URL telegramsoft.cn/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.11.130 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:06:14 Last Seen2024-04-25 18:06:15 Times Seen2 Hash b2ce7fd65cb5594651a9e7569e01380f 6be8bae7801eb1fe0ac8f7c44fd12f8782eaa802 18c8868f8fbe741a1a4ac7b8a1505135849af0d15b3d7572a537c31df0887f49 Loading...

	www.googletagmanager.com/gtag/js?id=G-13SHC4KKEQ	302 kB	2024-04-25	2024-04-25
Pretty URL www.googletagmanager.com/gtag/js?id=G-13SHC4KKEQ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 18:06:14 Last Seen2024-04-25 18:06:15 Times Seen2 Hash 1897040a639da3cf39abd864c53acfab 6fd6bed6df2eb4206fefc505dac9ab6d19b423d6 335ba9e4e5757ad9c6a943b8c6ad285e6f04fd913ef3151aaad3b2687d0f7ff4 Loading...

	unknown	76 B	2023-05-19	2024-04-25
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-19 21:44:44 Last Seen2024-04-25 18:06:14 Times Seen43 Hash e88c0f341f60237822198a7d6435bcff c80d1d5a2fe94e3145c311912f044488d11fa053 a6f1bb9108114069bb23e16ccddf0f482cadc1bacfe9fae9bfcebc70a4e6b4b9 Loading...

HTTP Transactions (55)

URL IP Response Size

redirect.jscript.workers.dev/

104.21.3.120

301 Moved Permanently

0 B

URL User Request GET HTTP/2
redirect.jscript.workers.dev/
IP
104.21.3.120:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectjscript.workers.dev
FingerprintEF:0C:65:84:B6:F5:28:CA:0C:29:2D:D6:26:8C:68:F0:0A:E5:7A:6A
ValidityFri, 22 Mar 2024 08:37:09 GMT - Thu, 20 Jun 2024 08:37:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET / HTTP/1.1
Host: redirect.jscript.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 25 Apr 2024 16:05:46 GMT
content-length: 0
location: https://telegramsoft.cn/
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wDQTyrVs%2FRUFkItwAXfFfLiVAaBM5t7LllnDhtXWe%2Bz0NivqPJsXB6US05IeKbq%2BYfRTDCK8zYlQDfmzXbwZN4wnQP7GgZQ7GyTW%2B6sSmImnEpuLHfqpMmQnsdnaaGWf7rcErWm9TpJgp%2F%2Bry5l6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879f9394da9a56a8-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

telegramsoft.cn/file/464001897/3/f0Go0rLpEwk.11343.png/dd4eeb46cc5efc0688

104.21.11.130

200 OK

11 kB

URL GET HTTP/3
telegramsoft.cn/file/464001897/3/f0Go0rLpEwk.11343.png/dd4eeb46cc5efc0688
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced
Size
11 kB (11343 bytes)
Hash
4e06d87c860ba8e8a804350f42632217
31d3f89ae95d6f25660020b21e49114aaecfdd59
6b081cb199e67a43ddcd7ddac0b528c93cc72bb82641937368a41b0aece43125

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001897/3/f0Go0rLpEwk.11343.png/dd4eeb46cc5efc0688 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 11343
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "8d5021517d5cc116641dc5501781f8ce"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fu770qEGAKymACSgkVJUcr0qt%2BCBmpTqnn2lPt7%2BLvTJlSdjMCfloEvtelTBLZw9qBV1F0CaMjQkoiGYIc6HcNPgUAxkHYK6LKFDgrn9EWgtfH3J%2FPqBJU5aK5hbj6ovE5U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aadab521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001402/5/eOMSj3GzJXo.13579.png/f3cec6c451d023c109

104.21.11.130

200 OK

14 kB

URL GET HTTP/3
telegramsoft.cn/file/464001402/5/eOMSj3GzJXo.13579.png/f3cec6c451d023c109
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced
Size
14 kB (13579 bytes)
Hash
eb46ced34f8cd5637a3ca911bd12f300
a26b44e6e634e4d670a38549033d3539a981e415
df53d5b90c9e669236f8593b7fc941a6da753ee8eec79a64c6955a4a67dcb45f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001402/5/eOMSj3GzJXo.13579.png/f3cec6c451d023c109 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 13579
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "dfb7b8e122803b2b6a01a00602ed28fc"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2yAd9sp%2FB2FCkF8LpThmIw1iGCtVbZaHkBvOoNPYDJzG9bUcLBpNiC4hgu3r7sZQAfxC88kwvX%2FVNtK6F%2BqwIRQzyqxha55PrwRA8hdtB2xRqBWryZGee25Nn52%2F6jCjdzE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397bae7b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001560/2/n7EACfx4FPY.16465.png/7318c11715aa2ec45b

104.21.11.130

200 OK

16 kB

URL GET HTTP/3
telegramsoft.cn/file/464001560/2/n7EACfx4FPY.16465.png/7318c11715aa2ec45b
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced
Size
16 kB (16465 bytes)
Hash
77ffe8b3dff795ea0734bf4b35a94357
2d545ffb0877993dd227d528638a336cd3b9e32c
ad37907e335e7c5d2692b682401f4520753ab539fadedf74962c6a004b3a179f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001560/2/n7EACfx4FPY.16465.png/7318c11715aa2ec45b HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 16465
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "6a0c6505da8d3243a32c034be2bb8064"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OtBczIdG1hHC7TrQB6boMNcewIcPYlHnDeIWHJ3xRJ16HZF6ece2wkpPol%2FJ7iua5ZiOv36apkNYm86ndUO%2BwW4piR%2FpachAAeppqllu%2FsB3U7VdRCyHXP%2FfMuYOGJKskZY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aaddb521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001132/3/-1qvqKPZsQQ.17975.png/7d57d7159cf4fbe9b2

104.21.11.130

200 OK

18 kB

URL GET HTTP/3
telegramsoft.cn/file/464001132/3/-1qvqKPZsQQ.17975.png/7d57d7159cf4fbe9b2
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced
Size
18 kB (17975 bytes)
Hash
1d581b72d19bc828654229a0773a5300
ff517c8bb4b37351ff3dd72f7ec66fc584e90d5c
d2b3858e94ed122782de9028f668334438649e46e5d2c6d761e3359c8e3de200

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001132/3/-1qvqKPZsQQ.17975.png/7d57d7159cf4fbe9b2 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 17975
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "e8f9da809af041aa8f69ac35178df0ea"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o0B2av1rbSFV1LdOUk97fZHl%2FRwkLOJBbnJSuteiQynrnjjdvFTiZtPQYaezjtQNkReWTy4uJ4PPoR%2FCVsp%2BthXnMXp3e3LVb9aXm2nG2TXVVl9Z8QjpOrdzJIqd56cNG2Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aadfb521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001737/4/Fn57W9l3xI0.15286.png/d4b936ecc2c939f4fa

104.21.11.130

200 OK

15 kB

URL GET HTTP/3
telegramsoft.cn/file/464001737/4/Fn57W9l3xI0.15286.png/d4b936ecc2c939f4fa
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced
Size
15 kB (15286 bytes)
Hash
5f245ac9016657dfafcbdbf61b61e514
4033c942a333f667ef26c5d45ed5e233bd83b8b9
006d88e7389f56f925cdac325a2d6fc7956bbdcc30e46214bdd97b43274bd78e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001737/4/Fn57W9l3xI0.15286.png/d4b936ecc2c939f4fa HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 15286
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "73ff344f9dc38194c64f46c55293d4d7"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hocvQg1OZSfhQRAl2KKXSkEiJo65kHaKFkPzaj1ePnBYoTt9ExHO89cLoTr3WT6NZ2ekesfozGF1EQN3yczgTuzhPXXX8YjoUXWqr27pqZQSovDS0PBgxaEMg%2B6eejf3StY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aadbb521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001880/3/xOpm7ohoHQ0.12690.png/feb1e161b1d3608613

104.21.11.130

200 OK

13 kB

URL GET HTTP/3
telegramsoft.cn/file/464001880/3/xOpm7ohoHQ0.12690.png/feb1e161b1d3608613
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced
Size
13 kB (12690 bytes)
Hash
9c2a194ee50807ae9342b60634be2445
553dfd2ba2a5e11468a3b57aba897995f2f4d676
ec1788bcdd05595bbcd16e5c7c13bce6481b620ebbc4200b2e6598c02c82aa78

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001880/3/xOpm7ohoHQ0.12690.png/feb1e161b1d3608613 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 12690
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "a4b696ae63c1e58db72d2668f80f5111"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=trvHkUbXdr%2BBcuIcslqkbrA6J3Eb30CEzaGxc2DXNCQFYoNZi15b5ZR%2Blfmksx5DQtJdUainkMsUVLhVSaW1eFuUvC4EoATFzGXDhBOOjlgVr8fvBu9wWRJxn1RxHSNNM1M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aae4b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001453/3/mNzXWC3RX0c.15740.png/9ce5fa5f3fb74460b4

104.21.11.130

200 OK

16 kB

URL GET HTTP/3
telegramsoft.cn/file/464001453/3/mNzXWC3RX0c.15740.png/9ce5fa5f3fb74460b4
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced
Size
16 kB (15740 bytes)
Hash
4e59e61b2a0205e09dafad24da174530
0dc2adba2fbe4f1cd195364ef4f1ab4dc1641993
269f20eb63db3ece8035886ebc69112ef94339da867d47f815237800555e508a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001453/3/mNzXWC3RX0c.15740.png/9ce5fa5f3fb74460b4 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 15740
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "87db02cc05dccd78adcb8c4021ca666f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zo24LcFwW1Zg%2FTi3M6eZ3%2Bda4e4j00XRpRTG1f7j7S48%2F5J%2BYkIy51%2Fh4ZccbdwgWpgR3SBwEHebZRXQtFSwNqkY4iOy0AUJKuO29sE3frMNE7AOJpoP4ZLV5bkiDH1ERbI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aae5b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001166/2/FzTl8_M5mQA.19325.png/b6c5dbc0e4f6553805

104.21.11.130

200 OK

19 kB

URL GET HTTP/3
telegramsoft.cn/file/464001166/2/FzTl8_M5mQA.19325.png/b6c5dbc0e4f6553805
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced
Size
19 kB (19325 bytes)
Hash
da1ff638a4141eed84327e20f936496f
91e5410531539b53c3aefcc5774413e8a665a57a
b66de388c12d6611870503c34c5db37fe079313c4292177435fd8dc7ed6cbe67

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001166/2/FzTl8_M5mQA.19325.png/b6c5dbc0e4f6553805 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 19325
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "118ac163129b53111061a49e5181533a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZfnAZNFuNpn6Lsba4KkJfvBF0qR86ueZr92kyoRpd5WH5lI0ce8xZeB04NKlz21lMWYYAyAzg3UOhXOcOHOe%2FaSLrSjmoiEFRuZ9qjKOOeHqTfcWQzoOT0cJ9pI9kivMQ0k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397bae8b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/img/hot.png?1

104.21.11.130

200 OK

598 B

URL GET HTTP/3
telegramsoft.cn/assets/img/hot.png?1
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
PNG image data, 44 x 24, 8-bit colormap, non-interlaced
Size
598 B (598 bytes)
Hash
1ee8ceb2af942c35b19e958e9d77f913
929c4895b33ba865ed93978e4e730234091edd21
84d56694929d9a61b94bf7fe814f8b1c0f9457d2d7afb8faf7b72322a6507646

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/hot.png?1 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: image/png
content-length: 598
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "08920f2480502a2cc5d704e1591aab8a"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8SS%2FysStSYg81eYhOmryAqPdjg24ZGfg1RQzOArIdq%2B4tGZEBCKcMGgEX88DQR1%2FK5m0dcVd2%2FkL5FOuMtf6GkFcXetUg27bH38E6JYz0%2BUZbTZRppT53Y2jGT%2BYwlU0Z%2FE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aad4b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001871/3/Uyg3R7LmX1I.17628.png/911807f65dfb4f8f20

104.21.11.130

200 OK

18 kB

URL GET HTTP/3
telegramsoft.cn/file/464001871/3/Uyg3R7LmX1I.17628.png/911807f65dfb4f8f20
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced
Size
18 kB (17628 bytes)
Hash
b1b335ef3116be9e1e4cd88b91e63581
3f729a0397768d41e4a6ea349787a61d8b63225e
f6e5a71f6bd4a6af4813838f68f21e114e6582fbbf0edcd94f40745251937015

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001871/3/Uyg3R7LmX1I.17628.png/911807f65dfb4f8f20 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/octet-stream
content-length: 17628
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "c9d50188423a8d159e7b0cfdbfd21e19"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XGebPjMpSjJa6AL56sHRvVaCjVFw3JmGQL48yCJ220xLFGI0yA%2FE7BKdk4OnOtTe%2FRbQiWDHsh8T2OJwT%2FWTia0pcgnWB4NADIDj%2Fqvkci6qwzBFx0xUI3jgoOiYTezMJjE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aae1b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/img/SiteiOS.jpg?2

104.21.11.130

200 OK

22 kB

URL GET HTTP/3
telegramsoft.cn/assets/img/SiteiOS.jpg?2
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 442x270, components 3
Size
22 kB (21975 bytes)
Hash
c6ab29db9022501345ced11e961dfbf8
02e58a7a5a36776a525ef4ef9f178b54a4292d80
70d3271c59728ccebd503276e8b34e6971537d08e0514d003757897e19abf935

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/SiteiOS.jpg?2 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/css/telegram.css?81
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: image/jpeg
content-length: 21975
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "b1e42eab41bd46c1a913e4475e5ed187"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DA%2BN17fNltF3aujC7w0P5fVJjQQeVpnvp50rpESiBvTdYc4zt08kVBEm5JAtjHDjFWnSHYPdK5cpBa5ByPArhN1VuCUU0fIbFZckOuN9CyK4b3ucnYUmer4bRTNNrrMXfvc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9398abc3b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/img/SiteLogos.png

104.21.11.130

200 OK

1.6 kB

URL GET HTTP/3
telegramsoft.cn/assets/img/SiteLogos.png
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
PNG image data, 21 x 120, 8-bit/color RGBA, non-interlaced
Size
1.6 kB (1618 bytes)
Hash
e18e0100ab1656ba4730b0e65680da89
216bc4cf5748678f9df8a604a6df4cb69a5060f9
db38e056d9e2ee9ebd98aaaf89aec6d2a0e79c1f8423ceb424e2acec5bec1202

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/SiteLogos.png HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/css/telegram.css?81
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: image/png
content-length: 1618
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "000caea691b78b5f59b432c59d8076b5"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OWUytWBEWv07EEKTkH9hHE62oppXZMpoWodUBurnlgbgIrTiVtX2zidshBC11B3JaZcsPxuchBXz%2FmnDdJ9DjqQFffvmooOtAEd4BLnr1Vz5WsKgylem%2FFA0vvNV%2F8r4R0s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9398abbdb521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.11.130

302 Found

0 B

URL GET HTTP/3
telegramsoft.cn/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Thu, 25 Apr 2024 16:05:47 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gc1bW4IAnGxQ7IyjPUZUUjpeKKJotTeR45R5jQ9X7ToZQnYWXG1rXIFpPvNefa1aTIBy%2Bu0BodvkrTse3WorIDTvLIa5IkfpcWYUGq263dR2LD01GGHxsnMxPMrB9xOPScc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879f93993c45b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/img/SiteAndroid.jpg?2

104.21.11.130

200 OK

19 kB

URL GET HTTP/3
telegramsoft.cn/assets/img/SiteAndroid.jpg?2
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 290x270, components 3
Size
19 kB (19430 bytes)
Hash
351859704fb9ff89731d66d991b8dd8d
3958489b958374eae85f67c4cd2148cbe5f11a68
5fd05b109e8a19d207305aef28f45881b8ecd53c92f680c5dd1c5af0292aafb1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/SiteAndroid.jpg?2 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/css/telegram.css?81
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: image/jpeg
content-length: 19430
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "d58759e494dd433f79f8e9c49fec9294"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u9vgmal0ZsiAS3tosw3mnOBrFljAMtT5jGX0OsduhkqLt2Q7BYPh%2FuSrE1uHV%2FS4DFfARch3xPzIdPxCQsGxNCBEuh8jPWzMnyj3IR0xHo%2FI4%2BW0SJ1TFyA5gm6lkUI7Nyw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9398abc0b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/img/SiteDesktop.jpg?2

104.21.11.130

200 OK

46 kB

URL GET HTTP/3
telegramsoft.cn/assets/img/SiteDesktop.jpg?2
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1246x260, components 3
Size
46 kB (45839 bytes)
Hash
073cbb1b0a394b4d7cf378af07633f95
c67a5f25637e13d86c43d6512873b8f62b462452
6665894cfbe4253528b7198f1131510d4b4dfbf87aafeba2f11b693677c180d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/SiteDesktop.jpg?2 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/css/telegram.css?81
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: image/jpeg
content-length: 45839
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "c16c488697ff95c2dcb82322e29b124b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SdTiga80iiioSm%2FLgJV3KGlVN%2FoEeYvy7Iz2YUeTCF1Qzsg5MD4pNKmMQFaiaGwnIaz3JdiG6xpyc8Qw0zYfN%2BOnctfoJb%2FAj7nPdKE8Km2e4mwsHwfsFvWZ6dZYDtEL2dc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9398abc9b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/img/Telegram_1x.png

104.21.11.130

200 OK

942 B

URL GET HTTP/3
telegramsoft.cn/assets/img/Telegram_1x.png
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
PNG image data, 144 x 36, 8-bit gray+alpha, non-interlaced
Size
942 B (942 bytes)
Hash
99fc6a06e89acd81a9adc2dc0be74a2f
54583be2fa398e9a1cd723651aba0c5c75be5564
e701fdb27d19c8c6683a4920c554027ff330646efe20e6d4bf8722da549d9751

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/Telegram_1x.png HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/css/telegram.css?81
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: image/png
content-length: 942
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "eb6e94897b19a6924d52f51f29cd2401"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sM3dYj1Iekv%2FVfTlM0OogA7DTSzAnuGP3W54Z4bzazwkuPXrndfqEFTSdLuPKr4guWN9C9Q10f1oq5qHxUrUCVazQY1AkMSdo2VCr2I%2BqSUPPW%2FmPJbSe2LNGDKWCE4sbPY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9398abbcb521-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-13SHC4KKEQ

142.250.74.168

200 OK

101 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-13SHC4KKEQ
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://telegramsoft.cn/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint1E:33:2E:4B:C3:51:05:B7:73:DC:21:BF:3E:02:B3:16:D8:0B:AB:BB
ValidityMon, 18 Mar 2024 19:37:14 GMT - Mon, 10 Jun 2024 19:37:13 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
101 kB (100598 bytes)
Hash
1897040a639da3cf39abd864c53acfab
6fd6bed6df2eb4206fefc505dac9ab6d19b423d6
335ba9e4e5757ad9c6a943b8c6ad285e6f04fd913ef3151aaad3b2687d0f7ff4

HTTP Headers

GET /gtag/js?id=G-13SHC4KKEQ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 25 Apr 2024 16:05:47 GMT
expires: Thu, 25 Apr 2024 16:05:47 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 100598
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

telegramsoft.cn/cdn-cgi/challenge-platform/h/b/jsd/r/879f93959d7e56bb

104.21.11.130

200 OK

0 B

URL POST HTTP/3
telegramsoft.cn/cdn-cgi/challenge-platform/h/b/jsd/r/879f93959d7e56bb
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/879f93959d7e56bb HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12151
Origin: https://telegramsoft.cn
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w; path=/; expires=Fri, 25-Apr-25 16:05:47 GMT; domain=.telegramsoft.cn; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AdnXMXLOhgubLrszeAnAwnsYcoGXws4tj%2BI%2FjnxXFNeoi%2B1I5KvTbyrdReqH6i9ePCXzEA6soqKUNaaw98LVwGKcRmzgA6ZtyoE65Yt1zbieA80Ehh%2BmaaOOo08I%2FWoPWdk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879f939a5d56b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.11.130

302 Found

0 B

URL GET HTTP/3
telegramsoft.cn/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Thu, 25 Apr 2024 16:05:47 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k1W5HWxtjB0So1CUjmkHMNfP8%2FhGdGe8Rwm9IeN%2BEqJUSYnNgMxvEUonsU%2FwLibSsNDO8657Cq9x%2F7XHrmjPlce70BWLFucBLsQUo%2FWU15thjT7vB0lEDMIxW8xQ9WDpLrE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879f939aadb3b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/cdn-cgi/rum?

104.21.11.130

204 No Content

0 B

URL POST HTTP/3
telegramsoft.cn/cdn-cgi/rum?
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
content-type: application/json
Content-Length: 1033
Origin: https://telegramsoft.cn
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Thu, 25 Apr 2024 16:05:47 GMT
access-control-allow-origin: https://telegramsoft.cn
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 879f939aede9b521-OSL
x-frame-options: DENY
x-content-type-options: nosniff

telegramsoft.cn/assets/img/t_main_Android_demo.mp4

104.21.11.130

206 Partial Content

251 kB

URL GET HTTP/3
telegramsoft.cn/assets/img/t_main_Android_demo.mp4
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
ISO Media, MP4 v2 [ISO 14496-14]
Size
251 kB (250838 bytes)
Hash
36bebc24f7516d37cbfbb4ee2aedf6f6
c40bb63cbe7c48f67faf8db89240fd60f912e1ce
03b2ae439d25e00e297b01942883f4ef8a6a5c87e01dd0faec6f1eef24b92816

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/t_main_Android_demo.mp4 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://telegramsoft.cn/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: video/mp4
content-length: 250838
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "c8d19b01d791b59f32aab3a6d8877cfd"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5lAtOiHzkU9C273487YKBVXnwvyfsgXmDoRS1g6eBWah5rA0qduK4lsWa19dnpzvuIRYzZWzf8anITdI8jewZ%2BRlrkBxqTdN%2FdQ61gFPu1NfM%2FgKpjeYjZkau%2BbxCTbdOEY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
content-range: bytes 0-250837/250838
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939aedecb521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/img/t_main_iOS_demo.mp4

104.21.11.130

206 Partial Content

245 kB

URL GET HTTP/3
telegramsoft.cn/assets/img/t_main_iOS_demo.mp4
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
ISO Media, MP4 v2 [ISO 14496-14]
Size
245 kB (244748 bytes)
Hash
91daa37e09df8b688f7832e7d6d80aa6
fc59e29275e98dd5dce1efc9b982ec1ba5ad4276
eaf99fdddbab6953d53df2a7e81b5275e90e221e0a7ebd3d99f42cf4b6aba6d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/t_main_iOS_demo.mp4 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://telegramsoft.cn/
Range: bytes=0-
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: video/mp4
content-length: 244748
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: "c0bc76fa81ed386cad4a942112b61796"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TaDKjhMOUn6Rw6UQT2POatff4fGBypa3CUyQoykBSMw8BRoVP3CigCZYYMRGqT%2BtmA09%2FTozNdpMh3yn8Iw2aMf6gynhXA9URqFJ%2FMHU%2BGJoeYMDyVNAIw1ehNCy2U7fqrM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
content-range: bytes 0-244747/244748
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939aedf0b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/cdn-cgi/challenge-platform/h/b/jsd/r/879f93959d7e56bb

104.21.11.130

200 OK

0 B

URL POST HTTP/3
telegramsoft.cn/cdn-cgi/challenge-platform/h/b/jsd/r/879f93959d7e56bb
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/879f93959d7e56bb HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12150
Origin: https://telegramsoft.cn
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; path=/; expires=Fri, 25-Apr-25 16:05:47 GMT; domain=.telegramsoft.cn; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zlsQa4oF7aJCNar4vEFPrLQhV15TSX%2B5yo7S0inRWipBDvfV8x3xDy6ZY%2F641PppPOG%2FbqKSet3WpgU3V7Tcga4HHd7LIC2uzq1PyQZz5zd5pWqR3TJ0kOuZwmx842cntwU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879f939c4f38b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/js/tgsticker-worker.js?14

104.21.11.130

200 OK

29 kB

URL GET HTTP/3
telegramsoft.cn/assets/js/tgsticker-worker.js?14
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JavaScript source, ASCII text, with very long lines (716)
Size
29 kB (28797 bytes)
Hash
a11248f567a0b314cd0e2e3ebad4d238
a2da89e903742246e7748ce0bfc0ea767a3d7b52
755ea46c6b1cf3ef6c1c9b1d8d9569ffd29b00840b703f3c1d13251481494098

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/tgsticker-worker.js?14 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-bgj: minify
cf-polished: origSize=5880
etag: W/"38ee93f2eac01baac8d031ac4b7a6265"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jcPj5zIiYvuySB78eD8mU1K4deYYHxT8zY22M3nGfvqEmkK2Oo%2Fqx7CJnDDMb3qrmSswqRjhPYxRsmbiwV34DekmHHdTtugWD7ayK%2BbARwKwitB%2BeaPE2bvkIJkpWKVpVJg%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939d3820b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/js/rlottie-wasm.js

104.21.11.130

200 OK

198 kB

URL GET HTTP/3
telegramsoft.cn/assets/js/rlottie-wasm.js
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
198 kB (198123 bytes)
Hash
5d2eddf0c08ec026b620c69329d65f20
5dad311e4a24d562be4158feea1b8c9944d1949a
adbb864477b7e6272774eee1369c89c5a2dc7a068c1a0323c388f67c7f421460

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/rlottie-wasm.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"deacbabdcf20d95026e115ef031c21c1"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7vtoW7MJl17JIl7Fv%2FXb%2Fh4IzUrcTB0VP24pq55s0vZcAPw7JECDJEdPjprMlr4oaaZxu7Vag22ZRGOL5dGrdZWD8itrbbRXU2xJX7fFaHaWSPL1RD2CV85%2BNTreVYl006g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939b5e6bb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/js/rlottie-wasm.wasm

104.21.11.130

0 B

URL
telegramsoft.cn/assets/js/rlottie-wasm.wasm
IP
104.21.11.130:0
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/rlottie-wasm.wasm HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"503334af370d617d1ae80a61310a869f"
TE: trailers

HTTP/3 304 Not Modified
date: Thu, 25 Apr 2024 16:05:47 GMT
access-control-allow-origin: *
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=72N1UbhuyXFE5odYtkq66QTeh2BDE4cXpIZ43jyIQdE54Y5IXo%2BqL0KF8k7esC%2ByTWG%2Bt62BKBvC1DDJHDsU8iiG3c4axoG2%2Bj50CyDj%2F0UagK5lCt77pBro7BNu4BsrLVk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939de8f4b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001418/1/fabnJFzygPY.17422/bc9dec9fd8bd26e00e

104.21.11.130

200 OK

17 kB

URL GET HTTP/3
telegramsoft.cn/file/464001418/1/fabnJFzygPY.17422/bc9dec9fd8bd26e00e
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
gzip compressed data, max compression, from Unix
Size
17 kB (17422 bytes)
Hash
86d83d04e8cbdced71f34637c23c1eb6
2ae58f60868535644ceb753735db7191d65a6723
91286a9f171e3435452f7fc0523f2fc626a142c1eb3f29bdc38b74335e229cce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001418/1/fabnJFzygPY.17422/bc9dec9fd8bd26e00e HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 17422
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "5dbc34334890d533090d4f968aaa8aed"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8RNkRDOTgC9%2Fol93E%2BVX%2FjnOQYlXScjqrJI4sN4rIxy7IoPt7p%2F7JdS3%2FJ%2FrL70XKJIi0UcJ0yh0rygJRykArilNCPGXfSS8lARHzD%2B3aP46AmyIhvA1M9YJyESmrPa7Ejc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e4959b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001560/1/zLlKYgeDLoA.14496/62085b07461f2d87e4

104.21.11.130

200 OK

14 kB

URL GET HTTP/3
telegramsoft.cn/file/464001560/1/zLlKYgeDLoA.14496/62085b07461f2d87e4
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
gzip compressed data, max compression, from Unix
Size
14 kB (14496 bytes)
Hash
78d3bcd9609c319c6ab7fc403d7f0180
49d91136fa50933ff1b9e52e23f214e578dc93eb
7987bba1a813626330b373ba05d4644d665378bb8f6a782d2297c101aeed1161

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001560/1/zLlKYgeDLoA.14496/62085b07461f2d87e4 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 14496
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "c71dbd44b11ced13252973ac64f04e3c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xlcwG9FqwaQ8my7YwcIt4QFbpFSYoaFSXIIey1H7VKpZNFgkr3UevbHpdZgG8DIqr3i9qK%2BlzBvbEhc%2Br79oqzq4V4iLQ8e7Lhg63nKspSOAifCLZe%2FSMCU%2B7%2BarbBQ14bM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e4971b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001484/1/bzi7gr7XRGU.10147/815df2ef527132dd23

104.21.11.130

200 OK

10 kB

URL GET HTTP/3
telegramsoft.cn/file/464001484/1/bzi7gr7XRGU.10147/815df2ef527132dd23
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
gzip compressed data, max compression, from Unix
Size
10 kB (10147 bytes)
Hash
4c55012442a6cc9653dcadbbb528cd22
ae83b62952ff7e4428c85793289d7423ece52f05
cf2d5fbee6986544da6202828c01898bcb8e8debc50611e0c7433e8066834c61

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001484/1/bzi7gr7XRGU.10147/815df2ef527132dd23 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 10147
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "7e5f8ab5482598dc083339ae01ca8367"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=raN94zoDifX2xzXwr41iMuM7ZRSQhOIPSrO6IwP5pKjtY7IzvD7Ngyaw4miSJLybnzq8cPzm7wUC26aSTEkZKZUrdNhe2z8qVJOhBhHVxs4E01oUZSkpARk3Uk7bGvc80m4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e394ab521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001880/2/VGTLBN3QuYM.10959/8940838e7dddc787d8

104.21.11.130

200 OK

11 kB

URL GET HTTP/3
telegramsoft.cn/file/464001880/2/VGTLBN3QuYM.10959/8940838e7dddc787d8
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
gzip compressed data, max compression, from Unix
Size
11 kB (10959 bytes)
Hash
fcf0262beb96c58fd7aeb5c0bb8fc4af
22c51ed3eb77fc79ac3fe8131f8cb08c9afd532e
e81ea8894a34c2673dc7e7afa5055eded2622f15dab8f452ea79c240c6969f3f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001880/2/VGTLBN3QuYM.10959/8940838e7dddc787d8 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 10959
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "7bb5579af2be212dcd98c632debb5ba8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W6uvwMmB2WU1KArthnVS4kE1Qa3KbfGhXR7TTSFm7UvKj0kOGV3qtY0hKv1yqhgLlcqOE1h72ookoGYLnVb%2BSUkaIOkfmMZZJbPu81B0w0Fiu6XBUBhqyGG79m%2BZD%2FZ2wUg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e4977b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001453/2/eW_MzRhUGoM.10926/fe1f3bc3dd08367c0a

104.21.11.130

200 OK

11 kB

URL GET HTTP/3
telegramsoft.cn/file/464001453/2/eW_MzRhUGoM.10926/fe1f3bc3dd08367c0a
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
gzip compressed data, max compression, from Unix
Size
11 kB (10926 bytes)
Hash
bf88a2e44ae44de60408010047aa2534
644fba3dbb11bfacca45f72d098cd16ee3679f58
3b2e89fec8654e1f8d5b45b794f310f9f287e0e9b249b0e3279016e5d5873409

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001453/2/eW_MzRhUGoM.10926/fe1f3bc3dd08367c0a HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 10926
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "f91f940ee92f40389b3f5b6934a56d48"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DYDggzSFfiItnlCm%2Ba4gyQEjhX%2FmYadwm0cYIK3lXwcMzNvgn22tb64BbQ74o9QsW2yXf1gyBE5HVtOE5InBIXevRpt%2B%2FjEkgsYc2NQFGvbWl96rAUu109tsyMDt6FGZ2vA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e597eb521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/img/t_logo.svg?1

104.21.11.130

200 OK

57 kB

URL GET HTTP/3
telegramsoft.cn/assets/img/t_logo.svg?1
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
SVG Scalable Vector Graphics image
Size
57 kB (56893 bytes)
Hash
4b4a3a06325228547931e7cb8e51aea6
169621982d68a1012609da95094a365acf48ed24
db0157b8f226a82177ae547b0437c82b22f4669e7df6561c44e13e4d590b79bc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/t_logo.svg?1 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"bafe50a0a8d9b2d4248bb8ecc6770da7"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OFKLY%2FsVPqXhtmVnQE6UgA2kkQZbAmAmdUZqdAfpL35sjD6GY8FBtTzh0eRexYyoj5FPA6yk8Tn7y%2BoDWzhydfIGnmhAGkAhVmFGm5tKYllKd80vKgDKjwmQlKGllBQZf7s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f9397aad9b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001812/2/kLAK2TPyvUU.12545/f68c1caf735a2ea3db

104.21.11.130

200 OK

12 kB

URL GET HTTP/3
telegramsoft.cn/file/464001812/2/kLAK2TPyvUU.12545/f68c1caf735a2ea3db
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
gzip compressed data, max compression, from Unix
Size
12 kB (12545 bytes)
Hash
6ffe0373e13c95e1253ee372a3d7fedb
bb6c4764e927a8ed8cbf14babea3e28ff1f07d4b
1f0b318040b210a65b48d386d9680b29212da0d01dee9cc9f56d485334bdc11a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001812/2/kLAK2TPyvUU.12545/f68c1caf735a2ea3db HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 12545
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "e9b748dca30cb11c5f4c77ebc93e001c"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MFthQFCz5jJlsJgSX4gmwPBQd82ws4G6DKfAcuV4q2uU6NBQBRSAIhIUf6eK8K6syAPFM7iMO998S6YMMKC7ZkQzUxsjr%2BuKdAsrR1%2FGNGXNSoaU27j1QcfRflotAOl7Evc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e597fb521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/js/jquery.min.js?79

104.21.11.130

200 OK

47 kB

URL GET HTTP/3
telegramsoft.cn/assets/js/jquery.min.js?79
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JavaScript source, ASCII text, with very long lines (32086)
Size
47 kB (47116 bytes)
Hash
27a0b8102cba17e8fb9b139c33349a78
065d438536296e9b48ae7f350427e55b352a65c2
bef417b2cd5f24df5ff599a87aae57f94a61d4e5c705e8f916f1cee283a0ead7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/jquery.min.js?79 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"b9d2463a390aa92a80743700a5bdc9f8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p7TWAzmrxfUjL%2F11l5bV066i9So4eCZXXO%2FlW4HPZ9ETWCx%2BVnn8m186%2BeKRRnzP50AEKz92mbuGaRuIT45qJSF7TaZVn%2FOJzxnged4eIMdUalj3IMM54p7nQOqEcPtGMRI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f93991c2fb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001166/1/01aTJ2ISKeU.21801/24028c7b6d07639794

104.21.11.130

200 OK

22 kB

URL GET HTTP/3
telegramsoft.cn/file/464001166/1/01aTJ2ISKeU.21801/24028c7b6d07639794
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
gzip compressed data, max compression, from Unix
Size
22 kB (21801 bytes)
Hash
ede943d9bf34428ef8fb13948912141d
f06bd9fe51bf32fbefa0acefbddaa464f6a64f13
1782968f6f9eb42bc5689b3a2956ce8c45672e126427b870eb5e2ffc415cbc0d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001166/1/01aTJ2ISKeU.21801/24028c7b6d07639794 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 21801
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "ddd2f9075296fda7745016eac52a074b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WdGYWAFlK9KrJ7Ij5xFV5Or24VESp7dCH1GZ5ZyqsXBIoDRZE0aLpZ%2BN%2FG80HtXNqgppdtiPnjUVTaDbagmUjCwcuK6jrc%2BCF43YGOGoLySZDmu%2FsDi80m4HUPpaPPx2TSI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e5981b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

104.21.11.130

200 OK

12 kB

URL GET HTTP/3
telegramsoft.cn/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
gzip compressed data, from Unix
Size
12 kB (12485 bytes)
Hash
19d5458dc38e9f556f8113cf127e8143
a572539bae1db3c2b6b66a2576fe64561b9ab951
9fc99873f0a48e29ad4b14595e97ffdad371b1c2fdd25b984343e9d78e2d2b7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: application/javascript
last-modified: Fri, 19 Apr 2024 20:54:07 GMT
etag: W/"6622d9ef-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=evj1jy9AlKMWWMzUN2xD%2BAFrKgYYtOaWNG8w4uiy9xfibqqs%2FPicrVPtveu3u4jvkhwb%2ByPAD8IobpuZZaYg0u7YQNrS4DAQe1Sw28gERitxkHOz4M4si43yxcksepbZq6c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879f9397baeab521-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sat, 27 Apr 2024 16:05:46 GMT
cache-control: max-age=172800, public
content-encoding: gzip

telegramsoft.cn/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js

104.21.11.130

200 OK

12 kB

URL GET HTTP/3
telegramsoft.cn/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JavaScript source, ASCII text, with very long lines (7806), with no line terminators
Size
12 kB (12329 bytes)
Hash
b2ce7fd65cb5594651a9e7569e01380f
6be8bae7801eb1fe0ac8f7c44fd12f8782eaa802
18c8868f8fbe741a1a4ac7b8a1505135849af0d15b3d7572a537c31df0887f49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
content-encoding: br
x-content-type-options: nosniff
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pvavv4ktva88XC60O%2FladrHp1hGgejpMOdtcZKymufz4q7Qqr0rkkTivZN6TF97AeWQH2mw6JH9nFCNsYH9Mivw3wkkaha04pBhQCn24H5vKxHuFoC%2F7R%2Bvn6i9Kpsd%2Fti4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879f939b5e69b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/js/telegram.js?98

104.21.11.130

200 OK

846 B

URL GET HTTP/3
telegramsoft.cn/assets/js/telegram.js?98
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
ASCII text
Size
846 B (846 bytes)
Hash
4beb166de402d568e0b592758b125c6f
a8ab0c3563a8135083de8e1b2c0316878a1dbede
20f3a4cf271c5dcf34b4cb039d342d8a78f3f8cc7225933ac2e14cb374f93836

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/telegram.js?98 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-bgj: minify
cf-polished: origSize=1591
etag: W/"00ada27ec07f96afc15c0a9a033c5fb4"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i23U5zuEzU87Yl8Uo8J9LAxmUx7eOp2APTxUu83xtj77EjpJKPdM2CL0%2BsWqujxqHYNbVrIkoiFj3EVOH3cncakuImfn8%2BbHNkV%2FQXhjJ98WLmAw1kfopxOYfnWRxx8TRJI%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f93991c2ab521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793

104.16.79.73

200 OK

7.1 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerGoogle Trust Services LLC
Subjectcloudflareinsights.com
Fingerprint73:92:5A:16:97:55:FC:A5:32:7C:F3:9D:0C:84:EF:F3:2F:AA:B5:00
ValiditySun, 10 Mar 2024 02:33:42 GMT - Sat, 08 Jun 2024 02:33:41 GMT

File type
gzip compressed data, from Unix
Size
7.1 kB (7108 bytes)
Hash
ebe4376f4e1281c96694fd5cc7393fc7
4e243971f33ca815ee9ae7806280bea5e4b11c28
2f16e64ff27ffad1a74c1a2023bf9633daf8e06b9339425441613881f16c9778

HTTP Headers

GET /beacon.min.js/v55bfa2fee65d44688e90c00735ed189a1713218998793 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://telegramsoft.cn
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.4.0"
last-modified: Tue, 23 Apr 2024 12:12:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 879f9397ca3956c5-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

telegramsoft.cn/assets/js/main.js?59

104.21.11.130

200 OK

15 kB

URL GET HTTP/3
telegramsoft.cn/assets/js/main.js?59
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JavaScript source, ASCII text
Size
15 kB (14620 bytes)
Hash
ffe94f88225a6b16bf1e834eb4c102f0
e9e10ea3230fa5c042e3c5dcc561fa4c03734e95
9154cdbda9656074cbbcba1b3057a3fc8b115926112e7f99e03192b15d285f86

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/main.js?59 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"201b21cafcba2186ee0f9a1e52ea94a6"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=onplcst%2F7Y05N1dx%2F9Et9HT8ytWUSbLB%2FCTVSgD83Q%2FbdWgqK5XFK9kgwAGC6CZV3ynBO5VMEaJWKfYm7qMrINzXZAGGgMZH83%2Fj2IVKvYRTwRAFjQswjjYskG1ONHEFDwA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f93991c2db521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js

104.21.11.130

200 OK

13 kB

URL GET HTTP/3
telegramsoft.cn/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JavaScript source, ASCII text, with very long lines (7857), with no line terminators
Size
13 kB (13369 bytes)
Hash
ad50e315d4242492606141e9eb452c9e
72617f9c2d50a28ea36d5368c092305616b14cd1
74211ad2afa5fe590ee4c15bd95ce2d85d8ce92f7ea525a265630878361c13ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: br
vary: accept-encoding
x-content-type-options: nosniff
cache-control: max-age=14400, public
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9OqEugrlPk2NViPDDXpNL%2BzcrxGr2sI64xG4PTKokl4bCL77DfqG16rHWXc7lEJFfh4BB%2FieNf%2FG6J%2FNTq2%2BPriXTVTCyVETegbIufnrVJeA8LmsCMOlTUwu%2BAIwSm7oZm8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879f93994c5db521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/cdn-cgi/rum?

104.21.11.130

204 No Content

0 B

URL POST HTTP/3
telegramsoft.cn/cdn-cgi/rum?
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
Content-Type: application/json
Content-Length: 454
Origin: https://telegramsoft.cn
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Thu, 25 Apr 2024 16:06:10 GMT
access-control-allow-origin: https://telegramsoft.cn
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 879f942d18a3b521-OSL
x-frame-options: DENY
x-content-type-options: nosniff

telegramsoft.cn/assets/js/pako-inflate.min.js

104.21.11.130

200 OK

23 kB

URL GET HTTP/3
telegramsoft.cn/assets/js/pako-inflate.min.js
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JavaScript source, ASCII text, with very long lines (22681)
Size
23 kB (22722 bytes)
Hash
6054e20fa01477f33a263b506af5228d
678fd5843bbeb55a4c127d776ef9dac6f9ca870a
6853445f31f18e811ae58c96d75e7332e01f08a79feb1e1be8368bfdbcb2f920

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/pako-inflate.min.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Cookie: cf_clearance=XJkhuLwUM7lRr0aI7knKkZShV0mhnyOgYn_MJKGB_DU-1714061147-1.0.1.1-YE3vvM12gvGSwlxKPFcHBHO1ygiONCLxI6lYGlu_56yDgus0SafuHhNVuzLq_UIaDyHVfab6IXBKauqwB2xb7w; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"aec818b70b479a3778a334845db8936b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4tG1AK831glYeOomBH5RmDeYak1el4BqayOwWXgxjrzNEd36iKvokZEvbj4btzy0eYRSBbD2haco7gHvMxMFOpmTWN%2BR7jHMgTLNwY7PvGq9mxaARMVRhF%2BS9PWfKuIMOfo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939c6f59b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/

104.21.11.130

200 OK

18 kB

URL User Request GET HTTP/2
telegramsoft.cn/
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type

Size
18 kB (17618 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4N5Pa61dEnk0OD63hHbzlJYG9dM9Qumnnkv3Cy1E8jG15STey3zwGfHo3npzkLVWivZCfg3Wa0NrjNT0n3y41Ph%2BgtSIKnVBkJKiJzW7xMgBNy1eQ5ccWbKKlM23yjQ3kl8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 879f93959d7e56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

telegramsoft.cn/assets/js/pako-inflate.min.js

104.21.11.130

200 OK

23 kB

URL GET HTTP/3
telegramsoft.cn/assets/js/pako-inflate.min.js
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JavaScript source, ASCII text, with very long lines (22681)
Size
23 kB (22722 bytes)
Hash
6054e20fa01477f33a263b506af5228d
678fd5843bbeb55a4c127d776ef9dac6f9ca870a
6853445f31f18e811ae58c96d75e7332e01f08a79feb1e1be8368bfdbcb2f920

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/pako-inflate.min.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"aec818b70b479a3778a334845db8936b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4tG1AK831glYeOomBH5RmDeYak1el4BqayOwWXgxjrzNEd36iKvokZEvbj4btzy0eYRSBbD2haco7gHvMxMFOpmTWN%2BR7jHMgTLNwY7PvGq9mxaARMVRhF%2BS9PWfKuIMOfo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939da8a3b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/css/bootstrap-extra.css?06

104.21.11.130

200 OK

71 kB

URL GET HTTP/3
telegramsoft.cn/assets/css/bootstrap-extra.css?06
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
ASCII text, with very long lines (540)
Size
71 kB (71280 bytes)
Hash
b241778b05c8d0a68df19e6d3863f558
5fc7f267d92539d3d35a626a3957d033806bc318
2cf01371df15c24d345f2bc5659e748d5c15d64bbb4475e44679ba363a395381

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/bootstrap-extra.css?06 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"fc2c72180a20e4937b1713da2df2cd6f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mSWNiCHxxefchneSPZbjzKf3Q59O6xg3YQHhRm%2FDraCIWZWyr%2FRfII7fZpkx%2BUeXGNBGr4j7Vj0zK01n103J0tvjNObTByjxfPcXWEm0IDrfSsu9zX55zLKIspsyH9PCdFQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
priority: u=2,i=?0
server: cloudflare
cf-ray: 879f93979ad0b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/css/telegram.css?81

104.21.11.130

200 OK

113 kB

URL GET HTTP/3
telegramsoft.cn/assets/css/telegram.css?81
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
ASCII text, with very long lines (1267)
Size
113 kB (112862 bytes)
Hash
541cf98ef3c9da7083eae92864ec2869
b919b0f40f01ab2a4de7210746c9074239c509d9
0b2ce288e35a1d525ef4638d5c21dfdc457c6a7ea1dc44cae31f13e1cf0e61b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/telegram.css?81 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"d1fcd6d3c42d1fed09d4bc3a5c248364"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RWoKT%2B8JWQdE2q2ENVF8hz%2B9l1ZwG%2B7nb1pzPSX1s0tPC%2FHgkWrDqitEOUm7IjAeY7pLjiBkoN%2FQN%2FHAb%2F2UpNQAgGQUDqGF6Rk2cYdxSEp3Lt%2FwiOGlXUGwGs%2Fl2owBPQU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
priority: u=2,i=?0
server: cloudflare
cf-ray: 879f93979ad3b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/js/tgsticker.js?47

104.21.11.130

200 OK

18 kB

URL GET HTTP/3
telegramsoft.cn/assets/js/tgsticker.js?47
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JavaScript source, ASCII text, with very long lines (1152)
Size
18 kB (17765 bytes)
Hash
4bcc5d9ce2530e0a270382ed04e7d82a
7cee7deb5219575524e2e5d4c0fb800ac18f0b1b
a1937de1c2e816d85e144a5ec46a6610a806a40917230b2f8bc4c75da878bb77

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/tgsticker.js?47 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
cf-bgj: minify
cf-polished: origSize=24651
etag: W/"b4feb2aa33ab3b90c585db7c31ec1c3c"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nCroiE4ZPeFNan8RuBwVvht6ihUrOKgfSbGoC%2B9zPEHwM7rEftnPQBX3Uqzqyrx9mXwGaeeYBxpsaUwnjOplYCrOHNVG1g8TmHLpoeJf4pdhRFhpb7i1LNvUDYnZFQpiduU%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f93991c2cb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001493/2/hV6uPcaHk_E.17388/dcccb066a7b4fe44ee

104.21.11.130

200 OK

17 kB

URL GET HTTP/3
telegramsoft.cn/file/464001493/2/hV6uPcaHk_E.17388/dcccb066a7b4fe44ee
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
gzip compressed data, max compression, from Unix
Size
17 kB (17388 bytes)
Hash
88c7ce379c5d6a55e0133a0b85feab54
af1723d1cbfc88ac39b878645e82b1675d760f05
38a05617438ded40db7fae3f70efe9cd3adfd0a14c0ec4af08f1d73019a10663

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001493/2/hV6uPcaHk_E.17388/dcccb066a7b4fe44ee HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 17388
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "2e7448369b935c24418ea69cb056295f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BlddJBchO2iR83ycAbhTxLrUBOGVTzf%2FOnET%2B1ZQezI7JELCBcI0HclVkYRrAuPaWhTqrshamBqD%2FTC6j%2FFyLbfoJh3Sx9jNdnC%2FKoVdDWDcqWwmcy4WuUCBX8ZUt7AJGUo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e4973b521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/js/pako-inflate.min.js

104.21.11.130

200 OK

23 kB

URL GET HTTP/3
telegramsoft.cn/assets/js/pako-inflate.min.js
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JavaScript source, ASCII text, with very long lines (22681)
Size
23 kB (22722 bytes)
Hash
6054e20fa01477f33a263b506af5228d
678fd5843bbeb55a4c127d776ef9dac6f9ca870a
6853445f31f18e811ae58c96d75e7332e01f08a79feb1e1be8368bfdbcb2f920

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/pako-inflate.min.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"aec818b70b479a3778a334845db8936b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4tG1AK831glYeOomBH5RmDeYak1el4BqayOwWXgxjrzNEd36iKvokZEvbj4btzy0eYRSBbD2haco7gHvMxMFOpmTWN%2BR7jHMgTLNwY7PvGq9mxaARMVRhF%2BS9PWfKuIMOfo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939da89db521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/file/464001803/1/cnqy4KrA5bE.12755/b97780ca9da88b4f84

104.21.11.130

200 OK

13 kB

URL GET HTTP/3
telegramsoft.cn/file/464001803/1/cnqy4KrA5bE.12755/b97780ca9da88b4f84
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
gzip compressed data, max compression, from Unix
Size
13 kB (12755 bytes)
Hash
badb2b8bb6abe3cb19ddd0b319b39c19
ceda4415df0b6a50bbc934b246fb00bc92216e20
ddd0394267fea16d0c590724f59bb2cbd8c9e7ee63a7757e9ea89f36a1c97546

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /file/464001803/1/cnqy4KrA5bE.12755/b97780ca9da88b4f84 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/octet-stream
content-length: 12755
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "26c5b25fd18c03d218c322a43a14f2d8"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8h07Ju2o9Mwr0zLXwr%2Fn%2F4zJc%2FqwK4duS%2FETN6ockf6r7KWfFl4m8yDIr%2FJTeb2Zr%2Bs4YnMEuG%2FPQ5k85QcvUI3b2XZPvdiU9Y1904Ogo3HD%2BuYmlfKcy8QgW2SUWEUtjYA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 879f939e597cb521-OSL
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/css/bootstrap.min.css?07

104.21.11.130

200 OK

43 kB

URL GET HTTP/3
telegramsoft.cn/assets/css/bootstrap.min.css?07
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
ASCII text, with very long lines (42204)
Size
43 kB (42563 bytes)
Hash
0f6a6c649ec9869867789d85eb6ccbb8
a9d5ea9d9fc05125b6a37ff4f545d266408aab87
01a1cb74194e04c00a19337ae78805c9d673c3e6873e6f882d164a623bb00705

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/bootstrap.min.css?07 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:46 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"97cb2ef4a523fe78ea3ec80a4c3979f3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K0bgj3uPE8aNt%2FHeYFyNxQWX2i6%2BjROMLyN6v4JsnjreHZzQ0xmlzIvyMAuw6jmUtx87Zx3zyekAATn%2B66Q3naqESUjbVokrGe5R%2F2FhQ5KW8GQaIRmtxwOUerC%2BKBS2v7A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
priority: u=2,i=?0
server: cloudflare
cf-ray: 879f93979acbb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/img/website_icon.svg?53

104.21.11.130

200 OK

1.9 kB

URL GET HTTP/3
telegramsoft.cn/assets/img/website_icon.svg?53
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1912 bytes)
Hash
8b1d5a3a40497bd61a8f2138ae683cc4
733652daff5307d7b4b62ec6edf8c967dfb5f8f5
65f5cf5d1c3af89ed7120cd62134ae7b5345edb3cadc48255d18d176f7c52bfa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/img/website_icon.svg?53 HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegramsoft.cn/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"c936c1fd163deb08636439fdbd125c0d"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n3yTU5jzERG2%2Faep52Pc2kb6%2BHSmbWUS%2FCvKlpM2qMGFmLxTG8gNVIaN57EyjJu0issgnTomSMdhHDq5v2go2k6qZzvb3rgzP6yZw%2FYPVtvdItNsPXx6hMyfUTeBBYN%2BL38%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
priority: u=6,i=?0
server: cloudflare
cf-ray: 879f939a4d48b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegramsoft.cn/assets/js/pako-inflate.min.js

104.21.11.130

200 OK

23 kB

URL GET HTTP/3
telegramsoft.cn/assets/js/pako-inflate.min.js
IP
104.21.11.130:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Certificate
IssuerLet's Encrypt
Subjecttelegramsoft.cn
FingerprintFB:D7:F2:F9:C8:F9:B5:5B:46:DD:B1:E6:34:8D:49:E8:70:93:CE:B8
ValiditySun, 24 Mar 2024 12:56:43 GMT - Sat, 22 Jun 2024 12:56:42 GMT

File type
JavaScript source, ASCII text, with very long lines (22681)
Size
23 kB (22722 bytes)
Hash
6054e20fa01477f33a263b506af5228d
678fd5843bbeb55a4c127d776ef9dac6f9ca870a
6853445f31f18e811ae58c96d75e7332e01f08a79feb1e1be8368bfdbcb2f920

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/pako-inflate.min.js HTTP/1.1
Host: telegramsoft.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegramsoft.cn/assets/js/tgsticker-worker.js?14
Cookie: cf_clearance=UCTimhWSGDqyRpkPF2vBFDRvhGHryjR2jl6sfw7nyuI-1714061147-1.0.1.1-xEuwyB7W9vnQTAxhAQjP2ucv3mXFzBIKSc.Z5qb_nW5im_GXpmILYk7yVQUOycxg_b4uiRmvngB6iC97bWXTFw; _ga_13SHC4KKEQ=GS1.1.1714061147.1.0.1714061147.0.0.0; _ga=GA1.1.34509209.1714061147
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:05:47 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"aec818b70b479a3778a334845db8936b"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4tG1AK831glYeOomBH5RmDeYak1el4BqayOwWXgxjrzNEd36iKvokZEvbj4btzy0eYRSBbD2haco7gHvMxMFOpmTWN%2BR7jHMgTLNwY7PvGq9mxaARMVRhF%2BS9PWfKuIMOfo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
server: cloudflare
cf-ray: 879f939da895b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations