Report - downloadtg.com/

Report Overview

Submitted URL
downloadtg.com/
IP
206.119.175.104
ASN
#133199 SonderCloud Limited
Submitted
2024-04-16 16:34:11
Access
public
Website Title
纸飞机下载安装包-电报Tg-Telegram中文版下载
Final URL
www.downloadtg.com/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
76

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
downloadtg.com	unknown	unknown	No data	No data	1.5 kB	1.6 kB	206.119.175.104
ocsp.trust-provider.cn	unknown	2015-04-09	2022-02-10	2024-04-16	1.3 kB	5.8 kB	150.139.142.18
www.downloadtg.com	unknown	2023-11-13	2023-11-14	2024-04-05	7.5 kB	884 kB	206.119.175.104
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-16	512 B	1.2 kB	35.244.181.201
hm.baidu.com	8254	1999-10-11	2012-05-26	2024-04-16	1.2 kB	12 kB	14.215.183.79

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	downloadtg.com/	Telegram
2024-04-16	medium	downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-04-16	medium	downloadtg.com/	Telegram
2024-04-16	medium	downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram
2024-03-15	medium	www.downloadtg.com/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed
2024-04-16	medium	downloadtg.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	www.downloadtg.com/	254 B	2024-04-05	2024-04-16
Pretty URL www.downloadtg.com/ IP 206.119.175.104 ASN #133199 SonderCloud Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-05 01:55:24 Last Seen2024-04-16 18:34:17 Times Seen3 Hash cc179636545fc3c778e52ccc15837e3a 6b425ea06c21fb8887d6fc56651b23cf8ecee78b a2ae8dbdd7821c49b449bb2165ddb81c4efb97115bb795f745d0d520c40a15ba Loading...

	hm.baidu.com/hm.js?f3c859e90a894baf9f90ab2ad41a8c0e	30 kB	2024-04-16	2024-04-16
Pretty URL hm.baidu.com/hm.js?f3c859e90a894baf9f90ab2ad41a8c0e IP 14.215.183.79 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 18:34:17 Last Seen2024-04-16 18:34:17 Times Seen2 Hash 52b8e6b9a25b76760b6218f4a69874f9 1429a38076b435ccc15b4bb32345e2a8039dcb96 14513d11cea2561227232628eab0a3fcc6ee3a0924b115673f2c4d3ff71fa8a6 Loading...

	unknown	37 B	2023-04-11	2024-04-29
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:49:14 Last Seen2024-04-29 19:52:17 Times Seen22027 Hash 1c5c9160600df2d96d69a4ea16cec7ed 3cf678c9135cc952ba6970ef545035bb757a443f a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808 Loading...

	unknown	396 B	2024-04-16	2024-04-16
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-04-16 18:34:17 Last Seen2024-04-16 18:34:17 Times Seen1 Hash 0550b02663e65902bbacca8a97e4fdad 723053f1c4466ddaad9cd0f1206d2b21bc47fcd1 b0f9c7b41a0ded9393255fcdce4a134974622fcb5e2e6646b4f0a99ba3c19f29 Loading...

HTTP Transactions (26)

URL IP Response Size

downloadtg.com/

206.119.175.104

301 Moved Permanently

162 B

URL User Request GET HTTP/2
downloadtg.com/
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 16 Apr 2024 16:33:54 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://downloadtg.com/
Strict-Transport-Security: max-age=31536000

ocsp.trust-provider.cn/

150.139.142.18

600 B

URL
ocsp.trust-provider.cn/
IP
150.139.142.18:0
ASN
#136195 Qingdao, Shandong Province, P.R.China.

File type
data
Size
600 B (600 bytes)
Hash
69fbfb72be78676c71bd2585ddba1542
ae076768b40479b74d47eb7402e0f611bfe55e85
552a6c007d994fc197b89195ef3fc28b0cf1f82f121deb57d01854c38e26c02b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
last-modified: Mon, 15 Apr 2024 15:30:49 GMT
cf-ray: 874d3044ac123e26-SIN
x-frame-options: SAMEORIGIN
cf-cache-status: EXPIRED
cache-control: max-age=3600
accept-ranges: bytes
age: 0
ctl-cache-status: HIT from sg-singapore2-ca13, HIT from fj-quanzhou7-ca50, HIT from zj-shaoxing1-ca15
etag: "ae076768b40479b74d47eb7402e0f611bfe55e85"
date: Tue, 16 Apr 2024 16:33:59 GMT
request-id: 661ea8775b3ce8aad15152ccfc1083d5
x-ccacdn-proxy-id: scdpinlb6
expires: Mon, 22 Apr 2024 15:30:48 GMT
via: n63-135-154.bdcdn-qdct.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 17132852394816ef65e0ae178ba46b4e15cea44fba
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=58, edge;dur=0

downloadtg.com/

206.119.175.104

301 Moved Permanently

162 B

URL User Request GET HTTP/2
downloadtg.com/
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: nginx
date: Tue, 16 Apr 2024 16:33:56 GMT
content-type: text/html
content-length: 162
location: https://www.downloadtg.com/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

www.downloadtg.com/

206.119.175.104

200 OK

4.7 kB

URL User Request GET HTTP/2
www.downloadtg.com/
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
4.7 kB (4728 bytes)
Hash
e20da266a1f1b9b25d9fa3a21c183062
f0b2b521805386156f4e6bdafaad97fe8a84d75b
078e8611cbe3cae2a2d3861ece3708abfa299854f9edbf274a1f8d539016467c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:56 GMT
content-type: text/html; charset=utf-8
content-length: 4728
x-ua-compatible: IE=edge,chrome=1
x-powered-by: PbootCMS
set-cookie: lg=cn; path=/
PbootSystem=r62n488ftftaqbhvh0su09m02n; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.trust-provider.cn/

150.139.142.18

600 B

URL
ocsp.trust-provider.cn/
IP
150.139.142.18:0
ASN
#136195 Qingdao, Shandong Province, P.R.China.

File type
data
Size
600 B (600 bytes)
Hash
69fbfb72be78676c71bd2585ddba1542
ae076768b40479b74d47eb7402e0f611bfe55e85
552a6c007d994fc197b89195ef3fc28b0cf1f82f121deb57d01854c38e26c02b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
Date: Tue, 16 Apr 2024 16:34:00 GMT
Last-Modified: Mon, 15 Apr 2024 15:30:49 GMT
Expires: Mon, 22 Apr 2024 15:30:48 GMT
Etag: "ae076768b40479b74d47eb7402e0f611bfe55e85"
Cache-Control: max-age=3600
X-CCACDN-Proxy-ID: scdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
CF-RAY: 8755948d089d6027-SIN
Age: 3
Ctl-Cache-Status: MISS from sg-singapore2-ca13, MISS from fj-quanzhou7-ca52, MISS from zj-shaoxing1-ca15
Request-Id: 661ea8770a964654b9d2e1db05385b09
via: n63-135-154.bdcdn-qdct.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1713285239f5a80e4d85b2ddff49ccf93618db31ec
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=704, edge;dur=0

downloadtg.com/

206.119.175.104

301 Moved Permanently

162 B

URL User Request GET HTTP/2
downloadtg.com/
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 16 Apr 2024 16:33:57 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://downloadtg.com/
Strict-Transport-Security: max-age=31536000

ocsp.trust-provider.cn/

150.139.142.18

600 B

URL
ocsp.trust-provider.cn/
IP
150.139.142.18:0
ASN
#136195 Qingdao, Shandong Province, P.R.China.

File type
data
Size
600 B (600 bytes)
Hash
69fbfb72be78676c71bd2585ddba1542
ae076768b40479b74d47eb7402e0f611bfe55e85
552a6c007d994fc197b89195ef3fc28b0cf1f82f121deb57d01854c38e26c02b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
date: Tue, 16 Apr 2024 16:34:01 GMT
expires: Mon, 22 Apr 2024 15:30:48 GMT
x-ccacdn-proxy-id: scdpinlb6
cf-ray: 874d3044ac123e26-SIN
last-modified: Mon, 15 Apr 2024 15:30:49 GMT
ctl-cache-status: HIT from sg-singapore2-ca13, HIT from fj-quanzhou7-ca50, HIT from he-handan1-ca14
cache-control: max-age=3600
x-frame-options: SAMEORIGIN
cf-cache-status: EXPIRED
etag: "ae076768b40479b74d47eb7402e0f611bfe55e85"
age: 0
accept-ranges: bytes
request-id: 661ea879fb881fd595dd2018fe2e4b79
via: n63-135-154.bdcdn-qdct.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1713285241a003561b1a3e04866aec1d6787d0ab06
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=65, edge;dur=0

ocsp.trust-provider.cn/

150.139.142.18

600 B

URL
ocsp.trust-provider.cn/
IP
150.139.142.18:0
ASN
#136195 Qingdao, Shandong Province, P.R.China.

File type
data
Size
600 B (600 bytes)
Hash
69fbfb72be78676c71bd2585ddba1542
ae076768b40479b74d47eb7402e0f611bfe55e85
552a6c007d994fc197b89195ef3fc28b0cf1f82f121deb57d01854c38e26c02b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
date: Tue, 16 Apr 2024 16:34:02 GMT
last-modified: Mon, 15 Apr 2024 15:30:49 GMT
cache-control: max-age=3600
cf-cache-status: EXPIRED
accept-ranges: bytes
cf-ray: 874d3044ac123e26-SIN
age: 1
ctl-cache-status: HIT from sg-singapore2-ca13, HIT from fj-quanzhou7-ca50, HIT from he-handan1-ca14
x-ccacdn-proxy-id: scdpinlb6
request-id: 661ea87a2acec0adba4b0765f720d86f
expires: Mon, 22 Apr 2024 15:30:48 GMT
x-frame-options: SAMEORIGIN
etag: "ae076768b40479b74d47eb7402e0f611bfe55e85"
via: n63-135-154.bdcdn-qdct.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 17132852428c56a53321ed2f34a53dbdf93930b003
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=24, edge;dur=0

downloadtg.com/

206.119.175.104

301 Moved Permanently

162 B

URL User Request GET HTTP/2
downloadtg.com/
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: nginx
date: Tue, 16 Apr 2024 16:33:58 GMT
content-type: text/html
content-length: 162
location: https://www.downloadtg.com/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

www.downloadtg.com/

206.119.175.104

200 OK

4.7 kB

URL User Request GET HTTP/2
www.downloadtg.com/
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
4.7 kB (4728 bytes)
Hash
e20da266a1f1b9b25d9fa3a21c183062
f0b2b521805386156f4e6bdafaad97fe8a84d75b
078e8611cbe3cae2a2d3861ece3708abfa299854f9edbf274a1f8d539016467c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: text/html; charset=utf-8
content-length: 4728
x-ua-compatible: IE=edge,chrome=1
x-powered-by: PbootCMS
set-cookie: lg=cn; path=/
PbootSystem=kt44d79dfo9teqqomlhirhms63; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

www.downloadtg.com/pc/css/home.css

206.119.175.104

200 OK

3.0 kB

URL GET HTTP/2
www.downloadtg.com/pc/css/home.css
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Requested by
https://www.downloadtg.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
3.0 kB (3017 bytes)
Hash
0d33c78158e2291ed152cec56fb3118d
3261c9a060341aa4ebc2eb3ea9c7b25a48966829
3658e2498322baf911c0eaba2877c55e09179a7b170180f5db72bff6a0abc9ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/css/home.css HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: text/css
last-modified: Wed, 15 Nov 2023 15:02:59 GMT
vary: Accept-Encoding
etag: W/"6554dda3-26bb"
expires: Wed, 17 Apr 2024 04:33:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.downloadtg.com/static/upload/image/20231110/1699607607718533.png

206.119.175.104

200 OK

30 kB

URL GET HTTP/2
www.downloadtg.com/static/upload/image/20231110/1699607607718533.png
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Requested by
https://www.downloadtg.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
30 kB (30471 bytes)
Hash
1ed7ee92df9fc65a7281ea73bf6f64a4
e6d68bd4828cac14d5f0ed9a7faf3db97feba59c
eb3f85d61828a6f752305bb2712e6a22515115f9c68f67ed958e21317d26d75b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/upload/image/20231110/1699607607718533.png HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/png
content-length: 30471
last-modified: Fri, 10 Nov 2023 09:13:27 GMT
etag: "654df437-7707"
expires: Thu, 16 May 2024 16:33:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=m1tXkqxO_u6SAkf4YunZUO_zLUFEQp4cg9O2VwUUK9RDCSsc73YaxI52arGvSzFFbmBu0hNl8nhYHavbeU6n-ohCN8-Y95RTQ0TnpweTd2ZqPmxs_Jx3YcuetaK3svAK
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: HIT
content-encoding: gzip
via: 1.1 google
date: Tue, 16 Apr 2024 16:33:15 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 49
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

www.downloadtg.com/pc/images/cloud-basic.webp

206.119.175.104

200 OK

14 kB

URL GET HTTP/2
www.downloadtg.com/pc/images/cloud-basic.webp
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Requested by
https://www.downloadtg.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
14 kB (13722 bytes)
Hash
1d501e3c477722134ed32346eccd75fc
83e85b6492b92604c809080617b050217ae7356b
c897f2a6d2a3158aee948c68231024db222e22d7adc60c6b650a2706faa0f5b9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/images/cloud-basic.webp HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/webp
content-length: 13722
last-modified: Fri, 10 Nov 2023 06:47:39 GMT
etag: "654dd20b-359a"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.downloadtg.com/pc/images/private.webp

206.119.175.104

200 OK

13 kB

URL GET HTTP/2
www.downloadtg.com/pc/images/private.webp
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Requested by
https://www.downloadtg.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
13 kB (12842 bytes)
Hash
4b155f7864acc11bcc86a6c0fd1e1240
0967ba8e82be733decbe1af9d7dd40ec5aed6280
45191fd100fb675f4601545de5e66741aa67e7bfc586d7a525da0a43254dd9b9

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/images/private.webp HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/webp
content-length: 12842
last-modified: Fri, 10 Nov 2023 06:47:38 GMT
etag: "654dd20a-322a"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.downloadtg.com/pc/images/creative.webp

206.119.175.104

200 OK

10 kB

URL GET HTTP/2
www.downloadtg.com/pc/images/creative.webp
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Requested by
https://www.downloadtg.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
10 kB (10388 bytes)
Hash
8612a70113dab2b045b368412947e6f2
6c1365289802a796b6366b11c8fa12af17971ca5
22ecfbdb1c2df6dae78571644dfc27d97278434ce984352fcf0682a770577f6b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/images/creative.webp HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/webp
content-length: 10388
last-modified: Fri, 10 Nov 2023 06:47:39 GMT
etag: "654dd20b-2894"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.downloadtg.com/pc/images/powerful.webp

206.119.175.104

200 OK

11 kB

URL GET HTTP/2
www.downloadtg.com/pc/images/powerful.webp
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Requested by
https://www.downloadtg.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
11 kB (10894 bytes)
Hash
2631143e003e127df6caa40139ae6ff0
c8ae8d072ccf9b0b985cca5f64255b83090058b0
19cba44c75bc987d7213cefc23c5c1988464b0f0acae9177d4088b91b0059e92

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/images/powerful.webp HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:34:00 GMT
content-type: image/webp
content-length: 10894
last-modified: Fri, 10 Nov 2023 06:47:38 GMT
etag: "654dd20a-2a8e"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.downloadtg.com/pc/images/tgmac.png

206.119.175.104

200 OK

106 kB

URL GET HTTP/2
www.downloadtg.com/pc/images/tgmac.png
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Requested by
https://www.downloadtg.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
PNG image data, 450 x 300, 8-bit/color RGBA, non-interlaced
Size
106 kB (105466 bytes)
Hash
8b5e74d8a7ea1b4993e66533d18a8de7
e4ec7ae55ae8d00dbd6c42dc6716715e8b2e2cf7
b386b8f4b22d68f1a23b9ac0826df43a761a9b967a07ae27bff89314c73c052d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/images/tgmac.png HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/png
content-length: 105466
last-modified: Fri, 10 Nov 2023 07:01:58 GMT
etag: "654dd566-19bfa"
expires: Thu, 16 May 2024 16:33:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.downloadtg.com/pc/images/fast.png

206.119.175.104

200 OK

78 kB

URL GET HTTP/2
www.downloadtg.com/pc/images/fast.png
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Requested by
https://www.downloadtg.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
PNG image data, 300 x 225, 8-bit/color RGBA, non-interlaced
Size
78 kB (78283 bytes)
Hash
0f3a638f31a30499b505030092909c59
9f3606f39e98b26272f817eafef3a6bea6f4abca
0d62efd88d721fff35940040a767beca15a8edd785e1aaa75eeb6aa4e1cd943b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/images/fast.png HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/png
content-length: 78283
last-modified: Fri, 10 Nov 2023 06:34:38 GMT
etag: "654dcefe-131cb"
expires: Thu, 16 May 2024 16:33:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.downloadtg.com/pc/images/secure.png

206.119.175.104

200 OK

128 kB

URL GET HTTP/2
www.downloadtg.com/pc/images/secure.png
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Requested by
https://www.downloadtg.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
PNG image data, 400 x 300, 8-bit/color RGBA, non-interlaced
Size
128 kB (127461 bytes)
Hash
d9c0ad04b060ad5920d825d65ca34b32
8c816b0f4ce92dae53436dff257bb2bb0598f302
f9525aa8109f4b6d76943a19e97f1c4b63f4c16718c2dffc7b9f984b02d1064e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/images/secure.png HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/png
content-length: 127461
last-modified: Fri, 10 Nov 2023 06:38:47 GMT
etag: "654dcff7-1f1e5"
expires: Thu, 16 May 2024 16:33:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.downloadtg.com/pc/images/tg_laptop.png

206.119.175.104

200 OK

190 kB

URL GET HTTP/2
www.downloadtg.com/pc/images/tg_laptop.png
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Requested by
https://www.downloadtg.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
PNG image data, 840 x 487, 8-bit/color RGBA, non-interlaced
Size
190 kB (189734 bytes)
Hash
40d4266e5aadc87cceec1ab420dc2692
266c56990a106b6e9efb0f9ef2a1a752aa6fa0fc
3a1d4890b3e91a01c20c65b75f1ae028e3c445cad1fd2d249dd0868876dfe4b4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/images/tg_laptop.png HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:34:00 GMT
content-type: image/png
content-length: 189734
last-modified: Fri, 10 Nov 2023 07:03:16 GMT
etag: "654dd5b4-2e526"
expires: Thu, 16 May 2024 16:34:00 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.downloadtg.com/static/upload/image/20231110/1699594590564303.png

206.119.175.104

200 OK

270 kB

URL GET HTTP/2
www.downloadtg.com/static/upload/image/20231110/1699594590564303.png
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Requested by
https://www.downloadtg.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
PNG image data, 450 x 700, 8-bit/color RGBA, non-interlaced
Size
270 kB (269859 bytes)
Hash
f8bc3e1e176ff4b7012d0a45301bc052
a2928798aefda092196e332a2300d7c8b994e3e8
8d886f30374567562448b4e0bf7b9df3361e5464fa862f48d5b76fd5f65aee61

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/upload/image/20231110/1699594590564303.png HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/png
content-length: 269859
last-modified: Fri, 10 Nov 2023 05:36:30 GMT
etag: "654dc15e-41e23"
expires: Thu, 16 May 2024 16:33:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.downloadtg.com/favicon.ico

206.119.175.104

200 OK

4.3 kB

URL GET HTTP/2
www.downloadtg.com/favicon.ico
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Requested by
https://www.downloadtg.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Size
4.3 kB (4286 bytes)
Hash
d033b561a0ceef2dece1898ea65e8558
2f33184d0d37f3bc7b8f929ed440388598c991bc
4bd3c7a6f9ba87a5f479fc534b4debcab2ae5455134ab871b49b2cdc766b690c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:34:02 GMT
content-type: image/x-icon
content-length: 4286
last-modified: Sat, 11 Nov 2023 08:53:53 GMT
etag: "654f4121-10be"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

hm.baidu.com/hm.js?f3c859e90a894baf9f90ab2ad41a8c0e

14.215.183.79

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?f3c859e90a894baf9f90ab2ad41a8c0e
IP
14.215.183.79:443
ASN
#4134 Chinanet

Requested by
https://www.downloadtg.com/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
JavaScript source, ASCII text, with very long lines (729)
Size
11 kB (11367 bytes)
Hash
52b8e6b9a25b76760b6218f4a69874f9
1429a38076b435ccc15b4bb32345e2a8039dcb96
14513d11cea2561227232628eab0a3fcc6ee3a0924b115673f2c4d3ff71fa8a6

HTTP Headers

GET /hm.js?f3c859e90a894baf9f90ab2ad41a8c0e HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11367
Content-Type: application/javascript
Date: Tue, 16 Apr 2024 16:34:06 GMT
Etag: 5292def68bcb696403eaf03ba4ae1a15
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=F24729F562583E5E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1244464854&si=f3c859e90a894baf9f90ab2ad41a8c0e&v=1.3.0&lv=1&sn=3741&r=0&ww=1280&u=https%3A%2F%2Fwww.downloadtg.com%2F&tt=%E7%BA%B8%E9%A3%9E%E6%9C%BA%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85%E5%8C%85-%E7%94%B5%E6%8A%A5Tg-Telegram%E4%B8%AD%E6%96%87%E7%89%88%E4%B8%8B%E8%BD%BD

14.215.183.79

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1244464854&si=f3c859e90a894baf9f90ab2ad41a8c0e&v=1.3.0&lv=1&sn=3741&r=0&ww=1280&u=https%3A%2F%2Fwww.downloadtg.com%2F&tt=%E7%BA%B8%E9%A3%9E%E6%9C%BA%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85%E5%8C%85-%E7%94%B5%E6%8A%A5Tg-Telegram%E4%B8%AD%E6%96%87%E7%89%88%E4%B8%8B%E8%BD%BD
IP
14.215.183.79:443
ASN
#4134 Chinanet

Requested by
https://www.downloadtg.com/
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1244464854&si=f3c859e90a894baf9f90ab2ad41a8c0e&v=1.3.0&lv=1&sn=3741&r=0&ww=1280&u=https%3A%2F%2Fwww.downloadtg.com%2F&tt=%E7%BA%B8%E9%A3%9E%E6%9C%BA%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85%E5%8C%85-%E7%94%B5%E6%8A%A5Tg-Telegram%E4%B8%AD%E6%96%87%E7%89%88%E4%B8%8B%E8%BD%BD HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 16 Apr 2024 16:34:06 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F03E4868699A3105; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

www.downloadtg.com/pc/css/global.css

206.119.175.104

200 OK

12 kB

URL GET HTTP/2
www.downloadtg.com/pc/css/global.css
IP
206.119.175.104:443
ASN
#133199 SonderCloud Limited

Requested by
https://www.downloadtg.com/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT

File type
ASCII text, with very long lines (5401)
Size
12 kB (12495 bytes)
Hash
8dafa66bb3ed9a192583a8c3ed837548
c1b369345d54f0cdbb327e32ce51582b3a340470
02ca3ec2788437098a1cb340ac22f8cfc57f13bb3bb5109063a3ce78c97c5d8e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pc/css/global.css HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: text/css
last-modified: Tue, 14 Nov 2023 05:43:20 GMT
vary: Accept-Encoding
etag: W/"655308f8-30cf"
expires: Wed, 17 Apr 2024 04:33:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (26)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size