206.119.175.104301 Moved Permanently 162 B URL User Request GET HTTP/2 IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 16 Apr 2024 16:33:54 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://downloadtg.com/
Strict-Transport-Security: max-age=31536000
ocsp.trust-provider.cn/
150.139.142.18 600 B IP 150.139.142.18:0
ASN #136195 Qingdao, Shandong Province, P.R.China.
Hash 69fbfb72be78676c71bd2585ddba1542
ae076768b40479b74d47eb7402e0f611bfe55e85
552a6c007d994fc197b89195ef3fc28b0cf1f82f121deb57d01854c38e26c02b
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
last-modified: Mon, 15 Apr 2024 15:30:49 GMT
cf-ray: 874d3044ac123e26-SIN
x-frame-options: SAMEORIGIN
cf-cache-status: EXPIRED
cache-control: max-age=3600
accept-ranges: bytes
age: 0
ctl-cache-status: HIT from sg-singapore2-ca13, HIT from fj-quanzhou7-ca50, HIT from zj-shaoxing1-ca15
etag: "ae076768b40479b74d47eb7402e0f611bfe55e85"
date: Tue, 16 Apr 2024 16:33:59 GMT
request-id: 661ea8775b3ce8aad15152ccfc1083d5
x-ccacdn-proxy-id: scdpinlb6
expires: Mon, 22 Apr 2024 15:30:48 GMT
via: n63-135-154.bdcdn-qdct.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 17132852394816ef65e0ae178ba46b4e15cea44fba
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=58, edge;dur=0
206.119.175.104301 Moved Permanently 162 B URL User Request GET HTTP/2 IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx
date: Tue, 16 Apr 2024 16:33:56 GMT
content-type: text/html
content-length: 162
location: https://www.downloadtg.com/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
206.119.175.104200 OK 4.7 kB URL User Request GET HTTP/2 IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash e20da266a1f1b9b25d9fa3a21c183062
f0b2b521805386156f4e6bdafaad97fe8a84d75b
078e8611cbe3cae2a2d3861ece3708abfa299854f9edbf274a1f8d539016467c
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:56 GMT
content-type: text/html; charset=utf-8
content-length: 4728
x-ua-compatible: IE=edge,chrome=1
x-powered-by: PbootCMS
set-cookie: lg=cn; path=/
PbootSystem=r62n488ftftaqbhvh0su09m02n; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.trust-provider.cn/
150.139.142.18 600 B IP 150.139.142.18:0
ASN #136195 Qingdao, Shandong Province, P.R.China.
Hash 69fbfb72be78676c71bd2585ddba1542
ae076768b40479b74d47eb7402e0f611bfe55e85
552a6c007d994fc197b89195ef3fc28b0cf1f82f121deb57d01854c38e26c02b
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
Date: Tue, 16 Apr 2024 16:34:00 GMT
Last-Modified: Mon, 15 Apr 2024 15:30:49 GMT
Expires: Mon, 22 Apr 2024 15:30:48 GMT
Etag: "ae076768b40479b74d47eb7402e0f611bfe55e85"
Cache-Control: max-age=3600
X-CCACDN-Proxy-ID: scdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
CF-RAY: 8755948d089d6027-SIN
Age: 3
Ctl-Cache-Status: MISS from sg-singapore2-ca13, MISS from fj-quanzhou7-ca52, MISS from zj-shaoxing1-ca15
Request-Id: 661ea8770a964654b9d2e1db05385b09
via: n63-135-154.bdcdn-qdct.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1713285239f5a80e4d85b2ddff49ccf93618db31ec
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=704, edge;dur=0
206.119.175.104301 Moved Permanently 162 B URL User Request GET HTTP/2 IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 16 Apr 2024 16:33:57 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://downloadtg.com/
Strict-Transport-Security: max-age=31536000
ocsp.trust-provider.cn/
150.139.142.18 600 B IP 150.139.142.18:0
ASN #136195 Qingdao, Shandong Province, P.R.China.
Hash 69fbfb72be78676c71bd2585ddba1542
ae076768b40479b74d47eb7402e0f611bfe55e85
552a6c007d994fc197b89195ef3fc28b0cf1f82f121deb57d01854c38e26c02b
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
date: Tue, 16 Apr 2024 16:34:01 GMT
expires: Mon, 22 Apr 2024 15:30:48 GMT
x-ccacdn-proxy-id: scdpinlb6
cf-ray: 874d3044ac123e26-SIN
last-modified: Mon, 15 Apr 2024 15:30:49 GMT
ctl-cache-status: HIT from sg-singapore2-ca13, HIT from fj-quanzhou7-ca50, HIT from he-handan1-ca14
cache-control: max-age=3600
x-frame-options: SAMEORIGIN
cf-cache-status: EXPIRED
etag: "ae076768b40479b74d47eb7402e0f611bfe55e85"
age: 0
accept-ranges: bytes
request-id: 661ea879fb881fd595dd2018fe2e4b79
via: n63-135-154.bdcdn-qdct.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1713285241a003561b1a3e04866aec1d6787d0ab06
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=65, edge;dur=0
ocsp.trust-provider.cn/
150.139.142.18 600 B IP 150.139.142.18:0
ASN #136195 Qingdao, Shandong Province, P.R.China.
Hash 69fbfb72be78676c71bd2585ddba1542
ae076768b40479b74d47eb7402e0f611bfe55e85
552a6c007d994fc197b89195ef3fc28b0cf1f82f121deb57d01854c38e26c02b
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
date: Tue, 16 Apr 2024 16:34:02 GMT
last-modified: Mon, 15 Apr 2024 15:30:49 GMT
cache-control: max-age=3600
cf-cache-status: EXPIRED
accept-ranges: bytes
cf-ray: 874d3044ac123e26-SIN
age: 1
ctl-cache-status: HIT from sg-singapore2-ca13, HIT from fj-quanzhou7-ca50, HIT from he-handan1-ca14
x-ccacdn-proxy-id: scdpinlb6
request-id: 661ea87a2acec0adba4b0765f720d86f
expires: Mon, 22 Apr 2024 15:30:48 GMT
x-frame-options: SAMEORIGIN
etag: "ae076768b40479b74d47eb7402e0f611bfe55e85"
via: n63-135-154.bdcdn-qdct.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 17132852428c56a53321ed2f34a53dbdf93930b003
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=24, edge;dur=0
206.119.175.104301 Moved Permanently 162 B URL User Request GET HTTP/2 IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx
date: Tue, 16 Apr 2024 16:33:58 GMT
content-type: text/html
content-length: 162
location: https://www.downloadtg.com/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
206.119.175.104200 OK 4.7 kB URL User Request GET HTTP/2 IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash e20da266a1f1b9b25d9fa3a21c183062
f0b2b521805386156f4e6bdafaad97fe8a84d75b
078e8611cbe3cae2a2d3861ece3708abfa299854f9edbf274a1f8d539016467c
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: text/html; charset=utf-8
content-length: 4728
x-ua-compatible: IE=edge,chrome=1
x-powered-by: PbootCMS
set-cookie: lg=cn; path=/
PbootSystem=kt44d79dfo9teqqomlhirhms63; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.downloadtg.com/pc/css/home.css
206.119.175.104200 OK 3.0 kB URL GET HTTP/2 www.downloadtg.com/pc/css/home.css
IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Requested by https://www.downloadtg.com/
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type gzip compressed data, from Unix
Hash 0d33c78158e2291ed152cec56fb3118d
3261c9a060341aa4ebc2eb3ea9c7b25a48966829
3658e2498322baf911c0eaba2877c55e09179a7b170180f5db72bff6a0abc9ae
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET /pc/css/home.css HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: text/css
last-modified: Wed, 15 Nov 2023 15:02:59 GMT
vary: Accept-Encoding
etag: W/"6554dda3-26bb"
expires: Wed, 17 Apr 2024 04:33:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
www.downloadtg.com/static/upload/image/20231110/1699607607718533.png
206.119.175.104200 OK 30 kB URL GET HTTP/2 www.downloadtg.com/static/upload/image/20231110/1699607607718533.png
IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Requested by https://www.downloadtg.com/
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Hash 1ed7ee92df9fc65a7281ea73bf6f64a4
e6d68bd4828cac14d5f0ed9a7faf3db97feba59c
eb3f85d61828a6f752305bb2712e6a22515115f9c68f67ed958e21317d26d75b
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET /static/upload/image/20231110/1699607607718533.png HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/png
content-length: 30471
last-modified: Fri, 10 Nov 2023 09:13:27 GMT
etag: "654df437-7707"
expires: Thu, 16 May 2024 16:33:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
35.244.181.201 444 B URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP 35.244.181.201:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
File type XML 1.0 document, ASCII text, with very long lines (332)
Hash 3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=m1tXkqxO_u6SAkf4YunZUO_zLUFEQp4cg9O2VwUUK9RDCSsc73YaxI52arGvSzFFbmBu0hNl8nhYHavbeU6n-ohCN8-Y95RTQ0TnpweTd2ZqPmxs_Jx3YcuetaK3svAK
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: HIT
content-encoding: gzip
via: 1.1 google
date: Tue, 16 Apr 2024 16:33:15 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 49
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
www.downloadtg.com/pc/images/cloud-basic.webp
206.119.175.104200 OK 14 kB URL GET HTTP/2 www.downloadtg.com/pc/images/cloud-basic.webp
IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Requested by https://www.downloadtg.com/
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image
Hash 1d501e3c477722134ed32346eccd75fc
83e85b6492b92604c809080617b050217ae7356b
c897f2a6d2a3158aee948c68231024db222e22d7adc60c6b650a2706faa0f5b9
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET /pc/images/cloud-basic.webp HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/webp
content-length: 13722
last-modified: Fri, 10 Nov 2023 06:47:39 GMT
etag: "654dd20b-359a"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.downloadtg.com/pc/images/private.webp
206.119.175.104200 OK 13 kB URL GET HTTP/2 www.downloadtg.com/pc/images/private.webp
IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Requested by https://www.downloadtg.com/
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4b155f7864acc11bcc86a6c0fd1e1240
0967ba8e82be733decbe1af9d7dd40ec5aed6280
45191fd100fb675f4601545de5e66741aa67e7bfc586d7a525da0a43254dd9b9
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET /pc/images/private.webp HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/webp
content-length: 12842
last-modified: Fri, 10 Nov 2023 06:47:38 GMT
etag: "654dd20a-322a"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.downloadtg.com/pc/images/creative.webp
206.119.175.104200 OK 10 kB URL GET HTTP/2 www.downloadtg.com/pc/images/creative.webp
IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Requested by https://www.downloadtg.com/
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image
Hash 8612a70113dab2b045b368412947e6f2
6c1365289802a796b6366b11c8fa12af17971ca5
22ecfbdb1c2df6dae78571644dfc27d97278434ce984352fcf0682a770577f6b
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET /pc/images/creative.webp HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/webp
content-length: 10388
last-modified: Fri, 10 Nov 2023 06:47:39 GMT
etag: "654dd20b-2894"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.downloadtg.com/pc/images/powerful.webp
206.119.175.104200 OK 11 kB URL GET HTTP/2 www.downloadtg.com/pc/images/powerful.webp
IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Requested by https://www.downloadtg.com/
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type RIFF (little-endian) data, Web/P image
Hash 2631143e003e127df6caa40139ae6ff0
c8ae8d072ccf9b0b985cca5f64255b83090058b0
19cba44c75bc987d7213cefc23c5c1988464b0f0acae9177d4088b91b0059e92
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET /pc/images/powerful.webp HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:34:00 GMT
content-type: image/webp
content-length: 10894
last-modified: Fri, 10 Nov 2023 06:47:38 GMT
etag: "654dd20a-2a8e"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.downloadtg.com/pc/images/tgmac.png
206.119.175.104200 OK 106 kB URL GET HTTP/2 www.downloadtg.com/pc/images/tgmac.png
IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Requested by https://www.downloadtg.com/
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type PNG image data, 450 x 300, 8-bit/color RGBA, non-interlaced
Size 106 kB (105466 bytes)
Hash 8b5e74d8a7ea1b4993e66533d18a8de7
e4ec7ae55ae8d00dbd6c42dc6716715e8b2e2cf7
b386b8f4b22d68f1a23b9ac0826df43a761a9b967a07ae27bff89314c73c052d
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET /pc/images/tgmac.png HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/png
content-length: 105466
last-modified: Fri, 10 Nov 2023 07:01:58 GMT
etag: "654dd566-19bfa"
expires: Thu, 16 May 2024 16:33:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.downloadtg.com/pc/images/fast.png
206.119.175.104200 OK 78 kB URL GET HTTP/2 www.downloadtg.com/pc/images/fast.png
IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Requested by https://www.downloadtg.com/
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type PNG image data, 300 x 225, 8-bit/color RGBA, non-interlaced
Hash 0f3a638f31a30499b505030092909c59
9f3606f39e98b26272f817eafef3a6bea6f4abca
0d62efd88d721fff35940040a767beca15a8edd785e1aaa75eeb6aa4e1cd943b
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET /pc/images/fast.png HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/png
content-length: 78283
last-modified: Fri, 10 Nov 2023 06:34:38 GMT
etag: "654dcefe-131cb"
expires: Thu, 16 May 2024 16:33:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.downloadtg.com/pc/images/secure.png
206.119.175.104200 OK 128 kB URL GET HTTP/2 www.downloadtg.com/pc/images/secure.png
IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Requested by https://www.downloadtg.com/
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type PNG image data, 400 x 300, 8-bit/color RGBA, non-interlaced
Size 128 kB (127461 bytes)
Hash d9c0ad04b060ad5920d825d65ca34b32
8c816b0f4ce92dae53436dff257bb2bb0598f302
f9525aa8109f4b6d76943a19e97f1c4b63f4c16718c2dffc7b9f984b02d1064e
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET /pc/images/secure.png HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/png
content-length: 127461
last-modified: Fri, 10 Nov 2023 06:38:47 GMT
etag: "654dcff7-1f1e5"
expires: Thu, 16 May 2024 16:33:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.downloadtg.com/pc/images/tg_laptop.png
206.119.175.104200 OK 190 kB URL GET HTTP/2 www.downloadtg.com/pc/images/tg_laptop.png
IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Requested by https://www.downloadtg.com/
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type PNG image data, 840 x 487, 8-bit/color RGBA, non-interlaced
Size 190 kB (189734 bytes)
Hash 40d4266e5aadc87cceec1ab420dc2692
266c56990a106b6e9efb0f9ef2a1a752aa6fa0fc
3a1d4890b3e91a01c20c65b75f1ae028e3c445cad1fd2d249dd0868876dfe4b4
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET /pc/images/tg_laptop.png HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:34:00 GMT
content-type: image/png
content-length: 189734
last-modified: Fri, 10 Nov 2023 07:03:16 GMT
etag: "654dd5b4-2e526"
expires: Thu, 16 May 2024 16:34:00 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.downloadtg.com/static/upload/image/20231110/1699594590564303.png
206.119.175.104200 OK 270 kB URL GET HTTP/2 www.downloadtg.com/static/upload/image/20231110/1699594590564303.png
IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Requested by https://www.downloadtg.com/
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type PNG image data, 450 x 700, 8-bit/color RGBA, non-interlaced
Size 270 kB (269859 bytes)
Hash f8bc3e1e176ff4b7012d0a45301bc052
a2928798aefda092196e332a2300d7c8b994e3e8
8d886f30374567562448b4e0bf7b9df3361e5464fa862f48d5b76fd5f65aee61
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET /static/upload/image/20231110/1699594590564303.png HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: image/png
content-length: 269859
last-modified: Fri, 10 Nov 2023 05:36:30 GMT
etag: "654dc15e-41e23"
expires: Thu, 16 May 2024 16:33:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.downloadtg.com/favicon.ico
206.119.175.104200 OK 4.3 kB URL GET HTTP/2 www.downloadtg.com/favicon.ico
IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Requested by https://www.downloadtg.com/
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
Hash d033b561a0ceef2dece1898ea65e8558
2f33184d0d37f3bc7b8f929ed440388598c991bc
4bd3c7a6f9ba87a5f479fc534b4debcab2ae5455134ab871b49b2cdc766b690c
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:34:02 GMT
content-type: image/x-icon
content-length: 4286
last-modified: Sat, 11 Nov 2023 08:53:53 GMT
etag: "654f4121-10be"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?f3c859e90a894baf9f90ab2ad41a8c0e
14.215.183.79200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?f3c859e90a894baf9f90ab2ad41a8c0e
IP 14.215.183.79:443
Requested by https://www.downloadtg.com/
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (729)
Hash 52b8e6b9a25b76760b6218f4a69874f9
1429a38076b435ccc15b4bb32345e2a8039dcb96
14513d11cea2561227232628eab0a3fcc6ee3a0924b115673f2c4d3ff71fa8a6
GET /hm.js?f3c859e90a894baf9f90ab2ad41a8c0e HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11367
Content-Type: application/javascript
Date: Tue, 16 Apr 2024 16:34:06 GMT
Etag: 5292def68bcb696403eaf03ba4ae1a15
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=F24729F562583E5E; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1244464854&si=f3c859e90a894baf9f90ab2ad41a8c0e&v=1.3.0&lv=1&sn=3741&r=0&ww=1280&u=https%3A%2F%2Fwww.downloadtg.com%2F&tt=%E7%BA%B8%E9%A3%9E%E6%9C%BA%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85%E5%8C%85-%E7%94%B5%E6%8A%A5Tg-Telegram%E4%B8%AD%E6%96%87%E7%89%88%E4%B8%8B%E8%BD%BD
14.215.183.79200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1244464854&si=f3c859e90a894baf9f90ab2ad41a8c0e&v=1.3.0&lv=1&sn=3741&r=0&ww=1280&u=https%3A%2F%2Fwww.downloadtg.com%2F&tt=%E7%BA%B8%E9%A3%9E%E6%9C%BA%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85%E5%8C%85-%E7%94%B5%E6%8A%A5Tg-Telegram%E4%B8%AD%E6%96%87%E7%89%88%E4%B8%8B%E8%BD%BD
IP 14.215.183.79:443
Requested by https://www.downloadtg.com/
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1244464854&si=f3c859e90a894baf9f90ab2ad41a8c0e&v=1.3.0&lv=1&sn=3741&r=0&ww=1280&u=https%3A%2F%2Fwww.downloadtg.com%2F&tt=%E7%BA%B8%E9%A3%9E%E6%9C%BA%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85%E5%8C%85-%E7%94%B5%E6%8A%A5Tg-Telegram%E4%B8%AD%E6%96%87%E7%89%88%E4%B8%8B%E8%BD%BD HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 16 Apr 2024 16:34:06 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F03E4868699A3105; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
www.downloadtg.com/pc/css/global.css
206.119.175.104200 OK 12 kB URL GET HTTP/2 www.downloadtg.com/pc/css/global.css
IP 206.119.175.104:443
ASN #133199 SonderCloud Limited
Requested by https://www.downloadtg.com/
Certificate IssuerTrustAsia Technologies, Inc.
Subjectwww.downloadtg.com
FingerprintD3:64:33:09:78:8C:CA:6F:30:72:D8:0F:DB:BA:60:D7:7F:B7:1F:CB
ValiditySat, 06 Apr 2024 00:00:00 GMT - Sun, 06 Apr 2025 23:59:59 GMT
File type ASCII text, with very long lines (5401)
Hash 8dafa66bb3ed9a192583a8c3ed837548
c1b369345d54f0cdbb327e32ce51582b3a340470
02ca3ec2788437098a1cb340ac22f8cfc57f13bb3bb5109063a3ce78c97c5d8e
Analyzer Verdict Alert OpenPhish phishing Telegram
Quad9 DNS malicious Sinkholed
GET /pc/css/global.css HTTP/1.1
Host: www.downloadtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.downloadtg.com/
Cookie: lg=cn; PbootSystem=kt44d79dfo9teqqomlhirhms63
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Tue, 16 Apr 2024 16:33:59 GMT
content-type: text/css
last-modified: Tue, 14 Nov 2023 05:43:20 GMT
vary: Accept-Encoding
etag: W/"655308f8-30cf"
expires: Wed, 17 Apr 2024 04:33:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2