{"report_id":"80106809-e809-43b0-ab04-76aee933d05e","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-05-29T10:52:30Z","url":{"schema":"http","addr":"securewebapps.azurewebsites.net","fqdn":"securewebapps.azurewebsites.net","domain":"securewebapps.azurewebsites.net","tld":"azurewebsites.net"},"ip":{"addr":"20.215.12.4","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Poland","country_code":"PL"},"final":{"url":{"schema":"https","addr":"securewebapps.azurewebsites.net/","fqdn":"securewebapps.azurewebsites.net","domain":"securewebapps.azurewebsites.net","tld":"azurewebsites.net"},"title":"Enter Password","dom":{"size":79247,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (59196)","md5":"02d06b2f98d5fa5f1a6174036bd7b5a2","sha1":"f4ad7c73d4da82917f14b2e9dc7b6e548b570a6a","sha256":"4067e8d15611695c1c66c30242f28d075ef3e2fc512f62294f43d04be8288a75","sha512":"44618d8f5aef74a394beda13e102729c138aa51d1aeccadbba1d0f36f209bc63722d855bfa9787e938fb778a7a93c31c7297e652e3b68c1434993aa1a0419ebc","ssdeep":"1536:EFvwR2AwPTZ79o4GWc8mVR7wh+oVp5fmmwnmJlLmQMw0YmMo0nke8IgRhprL3LLV:EFvwR2AwPTZ79o4GWc8mVR7wh+oVp5fc","tlshash":"7c73f96242db20284e357637c5eb3e002164e6471d62f598befe51c94f1abf250e22fe","dom_hash":"domhash1b17c4ba35d26f4be63d43241fff6f2a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"securewebapps.azurewebsites.net","fqdn":"securewebapps.azurewebsites.net","domain":"securewebapps.azurewebsites.net","tld":"azurewebsites.net"},"ip":{"addr":"20.215.12.4","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Poland","country_code":"PL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-03T10:52:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":3,"urlquery":2,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-29T10:52:09Z","timestamp":1780051929,"ip_dst":{"addr":"20.215.12.4","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Poland","country_code":"PL"},"ip_src":{"addr":"Client IP","port":53970,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Abused Hosting Domain (azurewebsites .net) in TLS SNI","source":"{\"timestamp\":\"2026-05-29T10:52:09.109559+0000\",\"flow_id\":1698895517820205,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":53970,\"dest_ip\":\"20.215.12.4\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2063118,\"rev\":1,\"signature\":\"ET INFO Abused Hosting Domain (azurewebsites .net) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2025_06_20\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0011\"],\"mitre_tactic_name\":[\"Command_And_Control\"],\"mitre_technique_id\":[\"T1102\"],\"mitre_technique_name\":[\"Web_Service\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2025_06_20\"]}},\"tls\":{\"sni\":\"securewebapps.azurewebsites.net\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":933,\"bytes_toclient\":7644,\"start\":\"2026-05-29T10:52:09.042285+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-29T10:52:11Z","timestamp":1780051931,"ip_dst":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"ip_src":{"addr":"Client IP","port":49902,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)","source":"{\"timestamp\":\"2026-05-29T10:52:11.126408+0000\",\"flow_id\":1471614438549609,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":49902,\"dest_ip\":\"149.154.166.110\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033967,\"rev\":1,\"signature\":\"ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_09_16\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_09_16\"]}},\"tls\":{\"sni\":\"api.telegram.org\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":918,\"bytes_toclient\":4500,\"start\":\"2026-05-29T10:52:11.075881+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-05-29T10:52:11Z","timestamp":1780051931,"ip_dst":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"ip_src":{"addr":"Client IP","port":49886,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)","source":"{\"timestamp\":\"2026-05-29T10:52:11.133508+0000\",\"flow_id\":1753454487480240,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":49886,\"dest_ip\":\"149.154.166.110\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033967,\"rev\":1,\"signature\":\"ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2021_09_16\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_09_16\"]}},\"tls\":{\"sni\":\"api.telegram.org\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":789,\"bytes_toclient\":4500,\"start\":\"2026-05-29T10:52:11.075696+0000\"}}"}],"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-29","alert":"Detects file containing Telegram Bot API","trigger":"securewebapps.azurewebsites.net/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"securewebapps.azurewebsites.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"aadcdn.msauth.net","ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"domain_registered":"2018-10-25","domain_rank":5248,"first_seen":"2018-11-19T10:50:03Z","last_seen":"2026-05-27T14:10:18.134233Z","alert_count":0,"request_count":1,"received_data":1290,"sent_data":516,"comment":"","tags":null,"fingerprints":[{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]},{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]}]},{"fqdn":"api.ip2location.io","ip":{"addr":"172.67.73.142","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-07-26","domain_rank":1376782,"first_seen":"2023-03-31T12:36:37Z","last_seen":"2026-05-29T10:47:30.652306Z","alert_count":0,"request_count":1,"received_data":714,"sent_data":517,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ipapi.co","ip":{"addr":"172.67.69.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-04-19","domain_rank":7936,"first_seen":"2017-01-31T09:07:01Z","last_seen":"2026-05-27T20:22:56.234416Z","alert_count":0,"request_count":1,"received_data":2506,"sent_data":463,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"api.telegram.org","ip":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"domain_registered":"2003-12-15","domain_rank":206724,"first_seen":"2015-06-25T10:09:00Z","last_seen":"2026-05-24T15:28:15.138524Z","alert_count":0,"request_count":2,"received_data":745,"sent_data":1195,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.30.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"securewebapps.azurewebsites.net","ip":{"addr":"20.215.12.4","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Poland","country_code":"PL"},"domain_registered":"2012-01-24","domain_rank":0,"first_seen":"2026-05-29T10:47:30.107895Z","last_seen":"2026-05-29T10:47:30.107896Z","alert_count":3,"request_count":1,"received_data":80442,"sent_data":500,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"upload.wikimedia.org","ip":{"addr":"185.15.59.240","port":443,"asn":14907,"as":"WIKIMEDIA","country":"United States","country_code":"US"},"domain_registered":"2003-03-16","domain_rank":4329,"first_seen":"2012-05-21T09:39:45Z","last_seen":"2026-05-25T11:44:43.975747Z","alert_count":0,"request_count":1,"received_data":1610,"sent_data":487,"comment":"","tags":null,"fingerprints":[{"name":"Apache Traffic Server:9.2.13","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"securewebapps.azurewebsites.net/","fqdn":"securewebapps.azurewebsites.net","domain":"securewebapps.azurewebsites.net","tld":"azurewebsites.net"},"ip":{"addr":"20.215.12.4","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Poland","country_code":"PL"},"md5":"040e2e25f6e02714e7747bdb44e035fc","sha1":"00a625368e4ae38d4e62fe326fd611e4224c78bf","sha256":"f13582c5e7893af60533821034e61740808bf2a7e49f96da559d28f1f4e1c2b3","sha512":"7370586b4f3aefa080d82affac28090d8fea6dfd5756ca743ef6220dee16d35530b29af203564624cc13c9f66b1793f6e4dfd05234bbda0bda4dbddeb4b8a867","size":10919,"token":"8914737363:AAEpglBgoo6tZuww93eFqCgGX4GxlCYtiBo","is_revoked":false,"bot":{"token":"8914737363:AAEpglBgoo6tZuww93eFqCgGX4GxlCYtiBo","user_id":"8914737363","username":"HOTFAMSMAY2K26_bot","first_name":"HOTFAMSMAY2K26_bot","last_name":"","chat":{"chat_id":"","title":"","type":"","bot_is":"","total_users":0,"active_members":null,"admins":null},"pending_messages":6}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"securewebapps.azurewebsites.net/","fqdn":"securewebapps.azurewebsites.net","domain":"securewebapps.azurewebsites.net","tld":"azurewebsites.net"},"ip":{"addr":"20.215.12.4","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Poland","country_code":"PL"},"introduction_type":"scriptElement","is_inline":true,"md5":"040e2e25f6e02714e7747bdb44e035fc","sha1":"00a625368e4ae38d4e62fe326fd611e4224c78bf","sha256":"f13582c5e7893af60533821034e61740808bf2a7e49f96da559d28f1f4e1c2b3","sha512":"7370586b4f3aefa080d82affac28090d8fea6dfd5756ca743ef6220dee16d35530b29af203564624cc13c9f66b1793f6e4dfd05234bbda0bda4dbddeb4b8a867","ssdeep":"192:eONoIg0WU2/5Q+zgEiYIifiMiRisiO12EiYIifiQibiLibiMa2WlrznvJn00xujH:eOy90A5Hz7iLifiMiRisi+JiLifiQib5","tlshash":"f632630a31a624a50742f2793be363093172d2172c52c6947f1d831d2f6af3976b6fe8","size":10919,"data":"","first_seen":"2026-05-29T10:47:34.149452Z","last_seen":"2026-05-30T12:53:56.38806Z","times_seen":4,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-29","alert":"Detects file containing Telegram Bot API","trigger":"securewebapps.azurewebsites.net/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"api.telegram.org/bot8932119458:AAFWPe3K7-RrAlUoljLINwTZ1BpVscTS3NA/sendMessage","fqdn":"api.telegram.org","domain":"telegram.org","tld":"org"},"ip":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://securewebapps.azurewebsites.net/","date":"2026-05-29T10:52:11.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.telegram.org","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Tue, 11 Nov 2025 15:14:09 GMT","end":"Sun, 13 Dec 2026 15:14:09 GMT"},"fingerprint":{"sha1":"EC:27:13:72:1E:6C:94:9F:47:59:A4:24:4F:AB:9B:02:E3:6E:54:41","sha256":"64:47:03:9A:C9:ED:B9:03:8C:07:6E:AA:3D:BF:75:4B:4C:C1:4E:C1:A5:8C:83:2D:3E:FD:0C:E7:F7:82:C2:71"}}},"request":{"raw":"OPTIONS /bot8932119458:AAFWPe3K7-RrAlUoljLINwTZ1BpVscTS3NA/sendMessage HTTP/1.1\r\nHost: api.telegram.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://securewebapps.azurewebsites.net/\r\nOrigin: https://securewebapps.azurewebsites.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.30.1\r\ndate: Fri, 29 May 2026 10:52:11 GMT\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: content-type\r\naccess-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.30.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T01:09:46.71643Z","times_seen":16198612,"resource_available":true,"data":null}},"time_used":447,"timings":{"blocked":211,"dns":13,"connect":23,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.telegram.org/bot8932119458:AAFWPe3K7-RrAlUoljLINwTZ1BpVscTS3NA/sendMessage","fqdn":"api.telegram.org","domain":"telegram.org","tld":"org"},"ip":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://securewebapps.azurewebsites.net/","date":"2026-05-29T10:52:11.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.telegram.org","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Tue, 11 Nov 2025 15:14:09 GMT","end":"Sun, 13 Dec 2026 15:14:09 GMT"},"fingerprint":{"sha1":"EC:27:13:72:1E:6C:94:9F:47:59:A4:24:4F:AB:9B:02:E3:6E:54:41","sha256":"64:47:03:9A:C9:ED:B9:03:8C:07:6E:AA:3D:BF:75:4B:4C:C1:4E:C1:A5:8C:83:2D:3E:FD:0C:E7:F7:82:C2:71"}}},"request":{"raw":"POST /bot8932119458:AAFWPe3K7-RrAlUoljLINwTZ1BpVscTS3NA/sendMessage HTTP/1.1\r\nHost: api.telegram.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://securewebapps.azurewebsites.net/\r\nContent-Type: application/json\r\nContent-Length: 279\r\nOrigin: https://securewebapps.azurewebsites.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 400 Bad Request\r\nserver: nginx/1.30.1\r\ndate: Fri, 29 May 2026 10:52:11 GMT\r\ncontent-type: application/json\r\ncontent-length: 56\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.30.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":56,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d948d5845276032d39194409db9ad97b","sha1":"475fe4e71224df85d494e34e0cb8ed799afcdb0d","sha256":"a0a1e0f24b392c6da875c10977d169497a47f669b7e671e62330e125a56721fb","sha512":"3e538a78d85dc32eb47db705c97d627ed8851f6dd87904e2e39aa1d5357cdeaea2a7746fc2ccddbde9bcbcab66ddcceff4ab5cf8db169c49e0f81c592104c67f","ssdeep":"","tlshash":"22900244098ed56744da11605935954855b756b8641964404d95611d56421ea58f240a","first_seen":"2023-07-28T20:34:41Z","last_seen":"2026-06-05T17:32:24.536796Z","times_seen":416,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"securewebapps.azurewebsites.net/","fqdn":"securewebapps.azurewebsites.net","domain":"securewebapps.azurewebsites.net","tld":"azurewebsites.net"},"ip":{"addr":"20.215.12.4","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Poland","country_code":"PL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-29T10:52:08.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.azurewebsites.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft TLS G2 RSA CA OCSP 16","organization":"Microsoft Corporation"},"validity":{"start":"Sun, 03 May 2026 06:27:31 GMT","end":"Tue, 17 Nov 2026 06:27:31 GMT"},"fingerprint":{"sha1":"98:51:64:3A:0E:40:38:68:64:CC:69:AC:DC:CA:51:8F:00:4E:AB:22","sha256":"D7:53:AC:7A:98:0A:F8:96:BA:ED:35:65:E0:6D:55:B4:69:6E:89:8D:45:B4:EE:DE:D9:0C:C9:C9:30:5C:A5:B6"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: securewebapps.azurewebsites.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nDate: Fri, 29 May 2026 10:52:09 GMT\r\nServer: nginx/1.28.1\r\nContent-Encoding: gzip\r\nETag: W/\"6a1758da-13957\"\r\nLast-Modified: Wed, 27 May 2026 20:49:30 GMT\r\nTransfer-Encoding: chunked\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":80215,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (59196), with CRLF line terminators","md5":"db30ea3e31e33e4e2b80ca981060638b","sha1":"186839a6edc006699a66af1702599a9a2e4a3f3d","sha256":"cd95baf31317e2a0d95c41a79ef116920de423f1bea9184df0c314a973c29670","sha512":"226f740329a59e5748dde7add89df247abb7657171e119ab3859386aa5d6a58a5506c17e68e75d3cf7f53a649efe325e4f19f549554b80914c6a2678913afce3","ssdeep":"1536:gFvwR2AwPTZ79o4GWc8mVR7wh+oVp5fmmwnmJlLmQMw0YmMo0nke8IgRhprL3LLU:gFvwR2AwPTZ79o4GWc8mVR7wh+oVp5fj","tlshash":"fb73096142d7203c4f357727c5eb2e04a25597471d62f898bafe51c90b3aaf250e22fe","first_seen":"2026-05-29T10:47:34.147472Z","last_seen":"2026-05-30T12:53:56.38215Z","times_seen":4,"resource_available":true,"data":null}},"time_used":425,"timings":{"blocked":194,"dns":117,"connect":31,"send":0,"wait":36,"receive":1,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-29","alert":"Detects file containing Telegram Bot API","trigger":"securewebapps.azurewebsites.net/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"securewebapps.azurewebsites.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"upload.wikimedia.org/wikipedia/commons/4/44/Microsoft_logo.svg","fqdn":"upload.wikimedia.org","domain":"wikimedia.org","tld":"org"},"ip":{"addr":"185.15.59.240","port":443,"asn":14907,"as":"WIKIMEDIA","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://securewebapps.azurewebsites.net/","date":"2026-05-29T10:52:09.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.wikimedia.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Apr 2026 05:51:37 GMT","end":"Sun, 12 Jul 2026 05:51:36 GMT"},"fingerprint":{"sha1":"62:23:EE:89:97:A6:C1:A5:65:7A:8F:23:C2:68:CA:70:93:B3:AA:FF","sha256":"5A:21:64:0C:22:9B:01:A0:D2:BC:CA:02:4F:E8:51:ED:BA:CC:51:27:0E:87:6A:6E:E6:0D:88:64:AB:D1:3F:30"}}},"request":{"raw":"GET /wikipedia/commons/4/44/Microsoft_logo.svg HTTP/1.1\r\nHost: upload.wikimedia.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://securewebapps.azurewebsites.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 28 May 2026 21:31:27 GMT\r\nserver: ATS/9.2.13\r\netag: W/363fdd53d34303b727d9dab161b8e88b\r\ncontent-type: image/svg+xml\r\nx-object-meta-sha1base36: an1udxuweqh76ugogpdy8qhw9zzoroi\r\nlast-modified: Thu, 29 Jul 2021 02:10:50 GMT\r\ncontent-encoding: gzip\r\nage: 48042\r\naccept-ranges: bytes\r\nx-cache: cp3076 hit, cp3076 hit/800\r\nx-cache-status: hit-front\r\nserver-timing: cache;desc=\"hit-front\", host;desc=\"cp3076\"\r\nstrict-transport-security: max-age=106384710; includeSubDomains; preload\r\nreport-to: { \"group\": \"wm_nel\", \"max_age\": 604800, \"endpoints\": [{ \"url\": \"https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error\u0026schema_uri=/w3c/reportingapi/network_error/1.0.0\" }] }\r\nnel: { \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 0.0}\r\nx-client-ip: 91.90.42.154\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache\r\ntiming-allow-origin: *\r\nset-cookie: WMF-Uniq=OHoDOWT0cmda72J7J3KA3QNvAAAAAFvdS_TCM7HiYQ_LIfTFB1M71NfEc5oOU8yL;Domain=upload.wikimedia.org;Path=/;HttpOnly;secure;SameSite=None;Expires=Sat, 29 May 2027 00:00:00 GMT\r\ncontent-length: 164\r\nx-request-id: 3de58303-7a8c-4f40-a221-abd09abb9eac\r\nx-analytics: \r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache Traffic Server:9.2.13","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":272,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"363fdd53d34303b727d9dab161b8e88b","sha1":"5b170117926ae5a5e451aa24676b5a124c2fa122","sha256":"3d41251f93127b4b42c2f69fa423d204946cf9c307d786ea36b8d9bef4179282","sha512":"6369e9e3b0f49d5be6c43724c01d34e7b9871e9d709c628ed0963b94183729aabb2d9778eed4405d87c5080dea19156970dab6b8d69edb860adc5c1a400fafb3","ssdeep":"","tlshash":"7cd05be5727c7544c9324375ae9c70d544c2756a310541ecb3d40564238c78f7d53b65","first_seen":"2023-08-18T12:32:14Z","last_seen":"2026-06-07T01:21:24.754187Z","times_seen":1250,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":126,"dns":70,"connect":23,"send":0,"wait":24,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg","fqdn":"aadcdn.msauth.net","domain":"msauth.net","tld":"net"},"ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://securewebapps.azurewebsites.net/","date":"2026-05-29T10:52:09.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aadcdn.msauth.net","organization":"Microsoft Corporation"},"issuer":{"commonName":"Microsoft TLS G2 RSA CA OCSP 04","organization":"Microsoft Corporation"},"validity":{"start":"Fri, 06 Mar 2026 19:39:46 GMT","end":"Wed, 02 Sep 2026 19:39:46 GMT"},"fingerprint":{"sha1":"90:D1:7D:09:02:B5:35:F1:FD:F7:6C:6A:EF:1D:B2:99:60:B0:E2:0C","sha256":"9C:1A:83:B2:23:49:7D:D8:8A:D4:AE:F6:D2:F6:A4:AB:35:F3:21:16:30:7F:01:51:68:8C:F6:B3:04:EA:91:B0"}}},"request":{"raw":"GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1\r\nHost: aadcdn.msauth.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://securewebapps.azurewebsites.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 10:52:09 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 276\r\ncache-control: public, max-age=31536000\r\ncontent-encoding: gzip\r\nlast-modified: Fri, 17 Jan 2020 19:28:34 GMT\r\netag: 0x8D79B8371B97A82\r\nx-ms-request-id: f0354fca-701e-0003-66ed-ed2232000000\r\nx-ms-version: 2009-09-19\r\nx-ms-lease-status: unlocked\r\nx-ms-blob-type: BlockBlob\r\naccess-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,ETag,Last-Modified,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding\r\naccess-control-allow-origin: *\r\nx-azure-ref: 20260529T105209Z-r1b44c7fb77p7g8xhC1SVGexvc00000004yg00000001dmcz\r\nx-fd-int-roxy-purgeid: 0\r\nx-cache: TCP_HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]},{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]}],"data":{"size":513,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a9cc2824ef3517b6c4160dcf8ff7d410","sha1":"8db9aebad84ca6e4225bfdd2458ff3821cc4f064","sha256":"34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58","sha512":"aa3ddab0a1cff9533f9a668aba4fb5e3d75ed9f8aff8a1caa4c29f9126d85ff4529e82712c0119d2e81035d1ce1cc491ff9473384d211317d4d00e0e234ad97f","ssdeep":"","tlshash":"29f0598a41c8fb142ce08050dff8ea28540270c3fb4e5008b1922b18e2ef383f6406f5","first_seen":"2023-04-19T20:10:52Z","last_seen":"2026-06-07T00:47:48.341508Z","times_seen":30700,"resource_available":false,"data":null}},"time_used":422,"timings":{"blocked":206,"dns":181,"connect":9,"send":0,"wait":8,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.ip2location.io/?format=json\u0026key=E7A2CD2B7EAA5B09087F66FB4338F6F8","fqdn":"api.ip2location.io","domain":"ip2location.io","tld":"io"},"ip":{"addr":"172.67.73.142","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://securewebapps.azurewebsites.net/","date":"2026-05-29T10:52:09.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ip2location.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 14 Apr 2026 17:49:34 GMT","end":"Mon, 13 Jul 2026 18:49:32 GMT"},"fingerprint":{"sha1":"81:F4:E5:83:A3:51:61:54:7A:66:74:9C:D5:36:5B:B3:F4:41:1C:6B","sha256":"47:65:17:2F:0F:92:B9:21:6A:BD:AC:57:5B:3A:AA:64:D6:FE:FA:F7:A0:C8:3D:53:A5:06:02:2E:73:07:7C:67"}}},"request":{"raw":"GET /?format=json\u0026key=E7A2CD2B7EAA5B09087F66FB4338F6F8 HTTP/1.1\r\nHost: api.ip2location.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://securewebapps.azurewebsites.net/\r\nOrigin: https://securewebapps.azurewebsites.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 10:52:10 GMT\r\ncontent-type: application/json; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N7wvPh73rKi7uKjAlyWqJlNjcKtQgYDSLS2Ic0d1RvqtqE8k4viOeBlN5KVKE8gUDRJbSL8UjpEyMLbXqm2OOEoanf4XjFM3cUPBai0SjAI4eYWh5OsRaWCmxs283inamfg9mg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: a034f2b208ed2678-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":241,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ab49201fb03d20ab875ca6e81004a335","sha1":"68268587456439e43618ce188f0d36205a56fff6","sha256":"8806d878df63ab4e9a296c46a65d462c444d861d4eec6608cc4ef783611e1918","sha512":"83622a85dc89eb1a9228bd6dc7e59701e19e7cff93c130f45adb46570524f04058d7b18ad60abed7b27caa04920ca5d02ec508a42b4b3606782208b47e6c8ffd","ssdeep":"","tlshash":"add0951d149c7f0e983a4204c33cc3472179400695c9f9924f95ff40d0c834d3080609","first_seen":"2026-05-29T10:47:34.144838Z","last_seen":"2026-05-30T12:53:56.384933Z","times_seen":4,"resource_available":false,"data":null}},"time_used":854,"timings":{"blocked":49,"dns":22,"connect":1,"send":0,"wait":756,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ipapi.co/json/","fqdn":"ipapi.co","domain":"ipapi.co","tld":"co"},"ip":{"addr":"172.67.69.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://securewebapps.azurewebsites.net/","date":"2026-05-29T10:52:10.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ipapi.co","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 16 Apr 2026 20:25:59 GMT","end":"Wed, 15 Jul 2026 21:25:52 GMT"},"fingerprint":{"sha1":"76:B2:7F:DD:D1:3A:92:49:08:6F:F6:9D:93:7F:FA:A4:E7:AF:1E:04","sha256":"D3:90:F8:60:D1:C0:1C:19:C5:12:68:B2:54:72:DC:42:A3:9F:4C:D8:10:D6:0D:5B:71:0C:1C:EB:AF:AA:AF:F1"}}},"request":{"raw":"GET /json/ HTTP/1.1\r\nHost: ipapi.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://securewebapps.azurewebsites.net/\r\nOrigin: https://securewebapps.azurewebsites.net\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 29 May 2026 10:52:11 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nallow: OPTIONS, HEAD, OPTIONS, GET, POST\r\nx-frame-options: DENY\r\nvary: Host, origin\r\naccess-control-allow-origin: https://securewebapps.azurewebsites.net\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\ncross-origin-opener-policy: same-origin\r\ncontent-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://*.paddle.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.paddle.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://ipapi.co https://maps.gstatic.com https://maps.googleapis.com https://*.stripe.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://*.stripe.com https://*.paddle.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; connect-src 'self' https://ipapi.co/ https://*.paddle.com https://*.stripe.com https://maps.googleapis.com https://www.google.com/recaptcha/; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7ibCVhEYZO9ltxTAaId7cYyfXqChL18V1VxbTPKjVm8QsU8rdaHZ4t3wHbzhBsEgEsk%2BdGjWSOBf123QWb%2BIVdZRvhtXt9Eq7VpEsTdGKCykxx5V0J%2FMxNn1\"}]}\r\ncontent-encoding: br\r\ncf-ray: a034f2b77caf56a2-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":736,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"873d9f01b0c8b3cefe93ae64cef15289","sha1":"820693adcc2ddc5915badb0f94a4f1f50d99ac5c","sha256":"f28077328c47297f07e458f9c7552abf5acbf088ad016083d80335dea792120d","sha512":"0516b7dc21c12a64bea64c586a2223ee2f513ac9e61aab1aed7837e2751c0a40190907d10532a78ff03f85d670b3b3914b0a69ec30fcedb7ffbe9c63517af3d3","ssdeep":"","tlshash":"1e01df68e4680f7b9cb81358b4386907126422175f56398e7fd0974d0f8e8bf31b134e","first_seen":"2026-05-27T23:41:07.67695Z","last_seen":"2026-06-07T00:33:51.70594Z","times_seen":597,"resource_available":false,"data":null}},"time_used":324,"timings":{"blocked":42,"dns":23,"connect":1,"send":0,"wait":237,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}