Report - telegprong.my/

Report Overview

Visited public
2025-02-01 21:25:28
Tags
URL
telegprong.my/
Finishing URL
telegprong.my/k/
IP / ASN
104.21.22.226
#13335 CLOUDFLARENET
Title
Telegram

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
telegprong.my	unknown	unknown	2025-02-01	2025-02-01	23 kB	1.5 MB	172.67.207.140
tong2.bu-e.top	unknown	2024-10-16	2025-01-11	2025-01-27	912 B	15 kB	104.21.36.154

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed
2025-02-01	medium	telegprong.my	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	telegprong.my/k/compatTest.js	ScriptElement	2.5 kB	2024-06-30	2025-05-15
Pretty URL telegprong.my/k/compatTest.js IP 172.67.207.140 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-30 22:36 Last Seen2025-05-15 12:31 Times Seen7460 Hash da7800ea928a021f2539ab41e6f2323e 0141da1dc85ca8f34212f3dde2fac9bf61f5adb7 15c24ec2b4cb94f24e66750f09e7071e5659e20a5ed926f69f565e20a81027cf Loading...

	tong2.bu-e.top/script.js	ScriptElement	2.6 kB	2024-12-20	2025-05-15
Pretty URL tong2.bu-e.top/script.js IP 104.21.36.154 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-20 14:28 Last Seen2025-05-15 11:51 Times Seen1445 Hash f24588efcad1b1bc512f27961cff7085 63f9c11347cf47e1f217a774f4aded6e38ab81a3 56c995899aaa0d0a9f7ae61e646dd5210d14b361599900e76c81ab89c6b2005e Loading...

	telegprong.my/k/redirect.js	ScriptElement	325 B	2023-07-27	2025-05-15
Pretty URL telegprong.my/k/redirect.js IP 172.67.207.140 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-27 09:32 Last Seen2025-05-15 12:31 Times Seen6894 Hash 17773b57b87a678c98e26a7cac72df6c 7422857aa75ee81cabcec2eed6c4a6168f363ee1 375141f2d3f04c733276dbff5d9208ff36b2db6a64abcee723179ac24797974f Loading...

	telegprong.my/k/8673.1b6dd8d303b0535cc1f8.js	ScriptElement	11 kB	2024-12-10	2025-05-15
Pretty URL telegprong.my/k/8673.1b6dd8d303b0535cc1f8.js IP 172.67.207.140 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-10 16:27 Last Seen2025-05-15 12:31 Times Seen6600 Hash ea8d5208dada45e8d0844877a7c93db6 45d98fbe3dae09a988cccd836d39016c5100f313 25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8 Loading...

	telegprong.my/k/main.d54bfa037348b154a941.js	ScriptElement	296 kB	2024-12-10	2025-05-15
Pretty URL telegprong.my/k/main.d54bfa037348b154a941.js IP 172.67.207.140 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-10 16:27 Last Seen2025-05-15 12:31 Times Seen5568 Hash a04bc08436674f0eba06d5c190dc6fe5 3d0a8dbececd918da43706976766e246262d254d 4c70083f389a2fafc6a5f3c35179243623b4416cab07a1c6ce08d3f7c1ddb2ae Loading...

HTTP Transactions (31)

URL IP Response Size

telegprong.my/index.css

172.67.207.140

200 OK

711 B

URL
telegprong.my/index.css
IP
172.67.207.140:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text
Size
711 B (711 bytes)
Hash
244bb41aee72ac1b998eefd277ffb1be
12a5e3a2ce3f6e13f93abf42889630ff2fd48221
1c212d7f877e37e31e5f815aff89652da368f22981004a7e9d3cf867e9c96599

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index.css HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:24:57 GMT
content-type: text/css
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
etag: W/"677f9c88-580"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P27C%2FvMbycZ2Q3IY0ssypC3Zx2Bvg37acRqVLLnovT3kGOAUn%2BUdkJJc1MUDlMZesQhk41RuvjqiLT58IntCkb1ZifvQnzBYEyeJHxjdapDZwukLKG6P36vxAvRhLSxP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b502df3a5156b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4486&min_rtt=1623&rtt_var=2681&sent=37&recv=16&lost=0&retrans=0&sent_bytes=24648&recv_bytes=2633&delivery_rate=6449741&cwnd=12000&unsent_bytes=0&cid=b265173f21337f18&ts=628&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/cdn-cgi/challenge-platform/h/b/jsd/r/0.643777582377459:1738440743:nUR01NrG6AAPLGhPvZnLgrVZZ1uFuvpWpMIvLnTj6C0/90b502db1e2f1c0a

172.67.207.140

200 OK

0 B

URL
telegprong.my/cdn-cgi/challenge-platform/h/b/jsd/r/0.643777582377459:1738440743:nUR01NrG6AAPLGhPvZnLgrVZZ1uFuvpWpMIvLnTj6C0/90b502db1e2f1c0a
IP
172.67.207.140:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.643777582377459:1738440743:nUR01NrG6AAPLGhPvZnLgrVZZ1uFuvpWpMIvLnTj6C0/90b502db1e2f1c0a HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 12072
Origin: https://telegprong.my
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:24:57 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.telegprong.my; Priority=High; HttpOnly; Secure; SameSite=None
cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ; Path=/; Expires=Sun, 01-Feb-26 21:24:57 GMT; Domain=.telegprong.my; Priority=High; HttpOnly; Secure; SameSite=None; Partitioned
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DN4VhwopIYSvy6j8mUblZJ1YpRPYOq9Aayt7v17KbgBm9hSjuYR8n9PIIav%2FbHyBnhYU%2FCXJdz9%2BB6Nvved5HpCS9EYT49YouX9PGCj3ynqmrfWIGMv%2BRw8NuA%2BmbkRu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b502e4887d56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3260&min_rtt=1455&rtt_var=2189&sent=81&recv=35&lost=0&retrans=0&sent_bytes=67985&recv_bytes=16752&delivery_rate=72155&cwnd=24000&unsent_bytes=0&cid=b265173f21337f18&ts=1083&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/files/img/apple-touch-icon.png

172.67.207.140

200 OK

5.6 kB

URL
telegprong.my/files/img/apple-touch-icon.png
IP
172.67.207.140:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced
Size
5.6 kB (5644 bytes)
Hash
295ccdb03006b8dfef45090dafbd46ac
491ab660270e47cbac6a5731c51cca71c1c1b2b1
a51d667d4262047c23e3a2a8aac3b46dc8a58c686cc013f2354011c07bf22cf3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /files/img/apple-touch-icon.png HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:24:58 GMT
content-type: image/png
content-length: 5644
cf-ray: 90b502e4b8a756b7-OSL
server: cloudflare
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
etag: "677f9c88-160c"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FpfrqqoUwTMaCW%2BEsOJZxWbaC7E8yHLvkCl36ZvhT8CLZ6WjUrwFGqZ%2FwUqqDwIEZPqnSl%2Bf4RKhfTe7kReWSvAvdWlwFCxOLPjvGaUY1m3aoxRiRywZwLiDFXbxv%2F4X"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3559&min_rtt=1455&rtt_var=2152&sent=94&recv=41&lost=0&retrans=0&sent_bytes=79571&recv_bytes=18647&delivery_rate=44120&cwnd=24000&unsent_bytes=0&cid=b265173f21337f18&ts=1496&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2

172.67.207.140

200 OK

11 kB

URL GET HTTP/3
telegprong.my/k/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11016, version 1.0
Size
11 kB (11016 bytes)
Hash
15fa3062f8929bd3b05fdca5259db412
6ff06a34f68ad0324ddec1bbe4d453c959178b36
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.465390c6e54c60f4a15f.woff2 HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/main.949acaf34f3882f511ff.css
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:03 GMT
content-type: font/woff2
content-length: 11016
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
etag: "677f9c88-2b08"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f6g6wyB1BMMm6MSUgxezzkE1GfgJyN%2BLtMFLnc6CqHeCfW9VH5zf0cxP3qqXuBG6tVuJvACBpEsDsB1AhRwtevi9YM9v6WvRp2xApsN8M0DLCjbLb0E2%2Bk%2FZbSih1iPr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90b50308ba4156b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1717&min_rtt=860&rtt_var=683&sent=656&recv=117&lost=0&retrans=0&sent_bytes=687766&recv_bytes=37674&delivery_rate=25748376&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=7251&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/js/tgsticker-worker.js

172.67.207.140

200 OK

174 kB

URL
telegprong.my/js/tgsticker-worker.js
IP
172.67.207.140:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
174 kB (174196 bytes)
Hash
3308276649f1df5080d33727c1c2797c
0c06184c8ca7f3031f75749ef8116c43a0fe25f1
142074fe09b91a5f8482490ad56348a260ffc6291bcaa1ca38558753622f73d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/tgsticker-worker.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:24:59 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
etag: W/"677f9c88-1731"
content-encoding: gzip
age: 1
cache-control: max-age=14400
cf-cache-status: HIT
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=djsJhCKP61fHtG0RS002p%2BRjAsit8wAM8wi9vg3ZarmVfaaBbSV1XJ0MJ7K54kE%2B%2BXXkFfUXfl6jm8xDWaSf4wSUiYXIEoLv4pW%2FDrNR%2BqMsXZ7ttAvRP3CBIpoMK5UY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b502f2389f56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1544&min_rtt=860&rtt_var=663&sent=274&recv=67&lost=0&retrans=0&sent_bytes=273850&recv_bytes=22450&delivery_rate=687972&cwnd=48000&unsent_bytes=0&cid=b265173f21337f18&ts=3266&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/files/main.js

172.67.207.140

200 OK

18 kB

URL
telegprong.my/files/main.js
IP
172.67.207.140:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
18 kB (18465 bytes)
Hash
72c703364f7047f6a47bda87579f124e
6ad9cc59bf62242c56ebf178e897be3d82ae4777
30c45474fe156aaef057e9cb77b1b44cdc69c2c5d9f48c1beba724895749806e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /files/main.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:24:57 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
etag: W/"677f9c88-53e6"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vLCHoANxXGUgrpSwcCBW8r%2FDso4DE2WKvqagZcxdUb8kvUg9Pg%2BSD03fY1Iay0a0mNthzTvbSd9PpkqyCtLQovR%2BTFr1H3herRRz5xkdVD3G7C3rLoFutPBJ5ponzXO%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b502df3a5a56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4354&min_rtt=1623&rtt_var=2274&sent=39&recv=17&lost=0&retrans=0&sent_bytes=26075&recv_bytes=2677&delivery_rate=356104&cwnd=12000&unsent_bytes=0&cid=b265173f21337f18&ts=681&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/js/rlottie-wasm.js

172.67.207.140

200 OK

82 kB

URL
telegprong.my/js/rlottie-wasm.js
IP
172.67.207.140:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
82 kB (81630 bytes)
Hash
4cb63901243ed9f51b5af0a3ac78ab64
1687dba72f067e36fc30042d5dbdd8d456b87b29
11a7d959ff9a691051066748faecedd5d4db164c7c54e8ce5a83cdc64d00f239

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/rlottie-wasm.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/js/tgsticker-worker.js
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:24:58 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
etag: W/"677f9c88-188f9"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ypxVP9qMRwb854szNya5HP%2FhjvEsaxVB8bvEgp%2Bc3qEJg8blzRAVuWePAgmLx%2BN1bZVBsLJ6xuUDgvNXqNa5ElmR6hbMZE9nSmoplosc5%2B86AAW%2FfH6OX4QlYAJ3lnHp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b502e60a1956b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3187&min_rtt=1455&rtt_var=1870&sent=102&recv=43&lost=0&retrans=0&sent_bytes=87830&recv_bytes=18739&delivery_rate=1017152&cwnd=24000&unsent_bytes=0&cid=b265173f21337f18&ts=1921&x=1", cfExtPri, cfHdrFlush;dur=0

tong2.bu-e.top/api/send

104.21.36.154

200 OK

9.6 kB

URL POST HTTP/3
tong2.bu-e.top/api/send
IP
104.21.36.154:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/
Certificate
IssuerGoogle Trust Services
Subjectbu-e.top
FingerprintEA:05:D8:BD:24:74:6C:5B:D3:27:B9:42:DE:1F:A0:E1:C2:CC:21:BE
ValiditySat, 14 Dec 2024 16:01:47 GMT - Fri, 14 Mar 2025 17:00:10 GMT

File type
ASCII text, with very long lines (603), with no line terminators
Size
9.6 kB (9554 bytes)
Hash
7765e381b9c62bc354076f93756059dc
67179fa9aa7809df24aaec352943d8d7c78a59d7
72fccd4496c5ebbcc57d90cd24a589fdd3bafc9eb7737ff509ed3a1c0b411b3d

HTTP Headers

POST /api/send HTTP/1.1
Host: tong2.bu-e.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegprong.my/
Content-Type: application/json
Content-Length: 175
Origin: https://telegprong.my
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:04 GMT
content-type: text/plain
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined
access-control-allow-origin: *
etag: W/"5enxnwq0zzgr"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=daiQZhLsB1neR4V5mxeSN5CX6D6rXT1N8S9gF6K5WGxp98RFTsrGYFhbGV24shi7C0auj8qv8muHLSXEyncUmHvlgvWrv3MXuCfy3zyG4pKfURFTrprXlkSCeZhTh8dPBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b5030f4b2b56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4772&min_rtt=3256&rtt_var=2903&sent=15&recv=10&lost=0&retrans=0&sent_bytes=5078&recv_bytes=1698&delivery_rate=2034&cwnd=12000&unsent_bytes=0&cid=a54051fc6c7498f2&ts=700&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/js/rlottie-wasm.wasm

172.67.207.140

200 OK

148 kB

URL
telegprong.my/js/rlottie-wasm.wasm
IP
172.67.207.140:0
ASN
#13335 CLOUDFLARENET

File type
WebAssembly (wasm) binary module version 0x1 (MVP)
Size
148 kB (147961 bytes)
Hash
e725dc036ad50ba694c90ee1f72c4b5b
09f0eded8aa4ceb9ab1b326f5265dcbe9fc0b8e8
f50ed354fd14cce39533af5fc58c0e4387a326748114c57a2ce3c98611da673b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/rlottie-wasm.wasm HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://telegprong.my/js/tgsticker-worker.js
Connection: keep-alive
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:24:58 GMT
content-type: application/wasm
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
etag: W/"677f9c88-5f508"
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rvQejWfE2kf4ger7GqqywdtfPTW8e1RiKrbAA6G4pVFGHtWOG7IPTFcnSXWtU2fkVgH76VMlBwYdzlGvGCa%2FoNZW3qDl5YVcWXMstc5WwhZ0eFtyWkObxJbfLm25gVVI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b502ea0f1856b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2862&min_rtt=1070&rtt_var=1667&sent=131&recv=47&lost=0&retrans=0&sent_bytes=119525&recv_bytes=19968&delivery_rate=7140187&cwnd=48000&unsent_bytes=0&cid=b265173f21337f18&ts=2375&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/

172.67.207.140

200 OK

15 kB

URL User Request GET HTTP/2
telegprong.my/
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (3446)
Size
15 kB (15313 bytes)
Hash
ddde44a0b2bb732ced945e6e08247256
9c90f159b3d9810423036a611425df264b08458f
995407cf1f09a81beabefca96ccaad4b8188ab176298b53933e106f2e1d309f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Feb 2025 21:24:56 GMT
content-type: text/html
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OdhG%2FVP6160sQ%2BPIUQtYjVa%2FYj9%2FhdJ2QD2rwWO0h9Swi3zjW9psjzxicseh6c0kj6F1RFNBbsmpaAm5m2163MHa7dmG5wFXXsVmTx%2BMJuurM6RYd1hxnY3mnoQ5w18B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b502db1e2f1c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6057&min_rtt=516&rtt_var=11103&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3280&recv_bytes=1250&delivery_rate=7051948&cwnd=254&unsent_bytes=0&cid=f8bffe79da1d652d&ts=451&x=0"
X-Firefox-Spdy: h2

telegprong.my/k/2976.4e6e9b1254ce313f06c5.js

172.67.207.140

200 OK

60 kB

URL GET HTTP/3
telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
gzip compressed data, from Unix
Size
60 kB (60094 bytes)
Hash
de0330126528088ac0fe8da5e401df79
d74cfe4f0f2c05bf9deb273618d490c7734f498f
29acbee079b05f63d73de655029d13b82d76bd4c48ae4db0d482c11fae6e2d1e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/2976.4e6e9b1254ce313f06c5.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:07 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
etag: W/"677f9c88-3878"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cX7rL5G6P0p8uxpEPk1qHs%2FI98GI%2F1mu5gj12VntFapC%2FbmpGCYhIo3z%2FNlHyXj3%2Fh3sFz8jQpEywuWm%2F2lqyuWbCzhSgpZ18Qsi8PeB2dk8r9NL9%2B20HCsUdfL28ba%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b5031e39a256b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1460&min_rtt=860&rtt_var=309&sent=714&recv=131&lost=0&retrans=0&sent_bytes=744170&recv_bytes=41511&delivery_rate=3566113&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=10696&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/5905.db5d2749ecb90aaf2752.js

172.67.207.140

200 OK

62 kB

URL GET HTTP/3
telegprong.my/k/5905.db5d2749ecb90aaf2752.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
gzip compressed data, from Unix
Size
62 kB (61600 bytes)
Hash
3ace08f40dd1fe2beeb456bca9182292
0965709aa05757f267306e29d56041eb93d04f51
d48c70a51c208edde97ae2984f441643b95bd881deaa31b3a8e1b5d5d4ed145b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/5905.db5d2749ecb90aaf2752.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:08 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
etag: W/"677f9c88-223c9"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IHukgG9DwEnmPujuhaRUDsHQjkMD3u%2BSJHmy1lei8u32Vl96m7RpOZ%2B6f9LrSuoKXRDTji%2Bh%2BwBzgHDoycyurRKJfK7TI2SnHUq2qZ9QziTuFOxXcoGcGR%2FVGsFGSXRB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b503228f0c56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1436&min_rtt=860&rtt_var=334&sent=856&recv=145&lost=0&retrans=0&sent_bytes=901666&recv_bytes=45989&delivery_rate=13294975&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=11583&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/2976.4e6e9b1254ce313f06c5.js

172.67.207.140

200 OK

84 kB

URL GET HTTP/3
telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
gzip compressed data, from Unix
Size
84 kB (83836 bytes)
Hash
22f64dc1567fa74b1a81b126d7c71163
c9197bfcc048df76d1b0490ca6d68d8e28f2a763
0df3006bea3faface7147f387f85bca53a5435159be11c4770bb94b6c68e3631

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/2976.4e6e9b1254ce313f06c5.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:07 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
etag: W/"677f9c88-3878"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yxFBw4542sPXk6Cbds7o8%2BiXno068BiM4bgGNAFIH6HUE6MOH4QEg3qSTJrC62tCg1wcSAI%2FznSbCDqa4nZQMV76l0qEA1VidcgQQFuW6uaAAuAF3WR41yi2GKWuoIxl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b5031e399856b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1481&min_rtt=860&rtt_var=392&sent=700&recv=129&lost=0&retrans=0&sent_bytes=729177&recv_bytes=41419&delivery_rate=19738&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=10685&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/rlottie-wasm.f013598f1b2ba719f25e.js

172.67.207.140

200 OK

66 kB

URL GET HTTP/3
telegprong.my/k/rlottie-wasm.f013598f1b2ba719f25e.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65591 bytes)
Hash
4441938ee433d3657c20d454d352a336
dd67121d7fda7c17be196f60c72dfa06bcb5bc6f
659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:08 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:13 GMT
vary: Accept-Encoding
etag: W/"677f9c89-10037"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=otb%2FkHf1zbO8kzEDT26Fu1JSThIlCJElIP1e5Cwa8xf9okrQyDw7tddhWOB0Ghr6XqudKd1eBjr98%2BEuYFLYTorYQ5qFNzl5DJNawHMT%2F4HaZ8jT8xQyds7obVJyuacR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b503267c4d56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2557&min_rtt=860&rtt_var=2298&sent=942&recv=153&lost=0&retrans=0&sent_bytes=998395&recv_bytes=48568&delivery_rate=12625773&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=12252&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/rlottie-wasm.f013598f1b2ba719f25e.js

172.67.207.140

200 OK

66 kB

URL GET HTTP/3
telegprong.my/k/rlottie-wasm.f013598f1b2ba719f25e.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65591 bytes)
Hash
4441938ee433d3657c20d454d352a336
dd67121d7fda7c17be196f60c72dfa06bcb5bc6f
659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:08 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:13 GMT
vary: Accept-Encoding
etag: W/"677f9c89-10037"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AzYn9bTIomXjyGOybzrMEg9s9FvYOwpun%2Fet%2FX418lOYYGA3Vup5pTufT8DTwumrmz3xGffapqHykcvcMGL3mnQwiBMzjTQRsSQZQq%2FrAtDZsKIIJz2zD1axRcL6%2BRzS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b503266c3b56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2893&min_rtt=860&rtt_var=3038&sent=892&recv=151&lost=0&retrans=0&sent_bytes=939554&recv_bytes=48477&delivery_rate=1414&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=12233&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/rlottie-wasm.f013598f1b2ba719f25e.js

172.67.207.140

200 OK

66 kB

URL GET HTTP/3
telegprong.my/k/rlottie-wasm.f013598f1b2ba719f25e.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65591 bytes)
Hash
4441938ee433d3657c20d454d352a336
dd67121d7fda7c17be196f60c72dfa06bcb5bc6f
659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:08 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:13 GMT
vary: Accept-Encoding
etag: W/"677f9c89-10037"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GrFLGvAPuJVz9hT%2FGopgOVIVE6sOznKpX9PWEE5OVWmUJYECvuwU0EkhzglT%2FUpaql62EYkdtVIc3N4RTX%2BoJia9whzi7jYZ9c5HQqBxOawI1bIcoIj4R8OGprAAoCwb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b503266c3f56b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2728&min_rtt=860&rtt_var=2608&sent=912&recv=152&lost=0&retrans=0&sent_bytes=962974&recv_bytes=48523&delivery_rate=10543551&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=12246&x=1", cfExtPri, cfHdrFlush;dur=0

tong2.bu-e.top/script.js

104.21.36.154

200 OK

2.6 kB

URL GET HTTP/2
tong2.bu-e.top/script.js
IP
104.21.36.154:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/
Certificate
IssuerGoogle Trust Services
Subjectbu-e.top
FingerprintEA:05:D8:BD:24:74:6C:5B:D3:27:B9:42:DE:1F:A0:E1:C2:CC:21:BE
ValiditySat, 14 Dec 2024 16:01:47 GMT - Fri, 14 Mar 2025 17:00:10 GMT

File type
JavaScript source, ASCII text, with very long lines (2730), with no line terminators
Size
2.6 kB (2643 bytes)
Hash
397246636abae7979e39b0e891c9b30f
32f6895b08a54ca90f02a48aa3716467cfba4d55
e6d6622e36c040d3578a25ddc965f5c268942ebd0e1fac6e2e5a8496e4020503

HTTP Headers

GET /script.js HTTP/1.1
Host: tong2.bu-e.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Feb 2025 21:25:02 GMT
content-type: application/javascript; charset=UTF-8
x-dns-prefetch-control: on
content-security-policy: default-src 'self';img-src * data:;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self' undefined
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
last-modified: Sun, 15 Dec 2024 00:50:05 GMT
etag: W/"a53-193c7cb3a48"
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: HIT
age: 50680
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1n97CqlsPK7rfJpVMGqQMsjJAtmlkMcyaImmvvigybB0OcPhOPzVva7LxTB4qJ7OytRnK41KHWQnrCQjzEOFqx%2FhHvdougwOQ0DQ8pAIf3Ks3To9E6Lc0w8Zq0km3pm7lg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b5030278b956cb-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=541&min_rtt=472&rtt_var=172&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3189&recv_bytes=1062&delivery_rate=6776911&cwnd=253&unsent_bytes=0&cid=68c2f33ea0513dd4&ts=28&x=0"
X-Firefox-Spdy: h2

telegprong.my/k/notification.mp3

172.67.207.140

206 Partial Content

11 kB

URL GET HTTP/3
telegprong.my/k/notification.mp3
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, JntStereo
Size
11 kB (10880 bytes)
Hash
eba09b6a457792c52fc610b5f9f974b3
95e6e0f7648e28ea21bc434054ea59aba3a35aea
86093551f5a7f68c7dcac947bd8dc54c6a79dd9a5d83f7e40116d640eb28c7d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/notification.mp3 HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 206 Partial Content
date: Sat, 01 Feb 2025 21:25:03 GMT
content-type: audio/mpeg
content-length: 10880
last-modified: Thu, 09 Jan 2025 09:53:13 GMT
etag: "677f9c89-2a80"
cache-control: max-age=14400
cf-cache-status: MISS
content-range: bytes 0-10879/10880
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G0W20%2FKyVmVijW6B29xa0M1fyfRUpY0qYnKrNR%2F9sdSI4SVE7G6uhya%2BBngBFpaadV45%2FSsBWxP9QO4ON8EN6C5pKH91PZBFO%2BXj%2FDfcwWR2UjJzned%2F0kdO5QnVJ1q7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90b50308ca5856b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1604&min_rtt=860&rtt_var=582&sent=670&recv=119&lost=0&retrans=0&sent_bytes=703583&recv_bytes=37766&delivery_rate=574707&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=7301&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/favicon.svg

172.67.207.140

200 OK

892 B

URL GET HTTP/3
telegprong.my/k/favicon.svg
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
SVG Scalable Vector Graphics image
Size
892 B (892 bytes)
Hash
fbfd454715d8180275b32bd48770a483
0716abb57416f83cfad3e17ff830039c0607b313
788c238be3597ef42c549caff599bb84e584790f43f7d6013d6a1987264bdbe1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/favicon.svg HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:04 GMT
content-type: image/svg+xml
content-encoding: br
cf-ray: 90b5030a0b8a56b7-OSL
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
etag: W/"677f9c88-37c"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gAeAi%2BWvceca6k6Z1T7smfzhBikK3qNprFn5bCRZ9yrXEbAOBsx5Vcbxs2tjfV%2BDUMPamJlpeIUsentiChRS2uXqLL7qaRpMIbYLL7xSIQP1UUcdZ%2Bdc92mra5G9zNb5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1628&min_rtt=860&rtt_var=483&sent=680&recv=120&lost=0&retrans=0&sent_bytes=715453&recv_bytes=37812&delivery_rate=544685&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=7467&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/compatTest.js

172.67.207.140

200 OK

2.5 kB

URL GET HTTP/3
telegprong.my/k/compatTest.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
JavaScript source, ASCII text, with very long lines (2610), with no line terminators
Size
2.5 kB (2544 bytes)
Hash
6cfbdd49583de4aef06544f30e1eafb9
b852473e5433f95a06bf58c7e625876a14358422
9f053b9be11ee313213aaf4d5269f4a011e068ed6eaf12a557634381fc42c9ec

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/compatTest.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:02 GMT
content-type: application/javascript
cf-ray: 90b503018ac656b7-OSL
server: cloudflare
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
etag: W/"677f9c88-9f0"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=69Tp%2F3imuWDl7FezIh36tiLrqadrT45en49rQRfc%2FSV5ZbSket0qIZZ%2F1gyvreatCwNYISiBDx7cFsvnS%2B0z4fhz7zzaBwsIcbr4kxEnHWY7K7Q1Gkp8KBbhjW2cUeAz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2173&min_rtt=860&rtt_var=1337&sent=528&recv=107&lost=0&retrans=0&sent_bytes=540248&recv_bytes=34918&delivery_rate=8664&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=6106&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/7784.df07a876b22e3b2a83e9.js

172.67.207.140

200 OK

22 kB

URL GET HTTP/3
telegprong.my/k/7784.df07a876b22e3b2a83e9.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
JavaScript source, ASCII text, with very long lines (21340)
Size
22 kB (21477 bytes)
Hash
a0980d43cea486530c30f9f5e1c1b5e4
deec93f70f8b813b479137075afa6a0a3a25b8bd
4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/7784.df07a876b22e3b2a83e9.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:07 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
etag: W/"677f9c88-53e5"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c7qzuC5yd04g1ep3HiiMtd5%2B3Q7fffcaFwPy2iVLRIUXDqBp%2BbOmy1LvB2UXy1d4PKPIByy17Mbfk2NQg9iJjn2m8dsVGOYTzNYVCwgSuYBsCdxzLydYnS0pma49Elvd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b50320dcb356b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1418&min_rtt=860&rtt_var=245&sent=733&recv=137&lost=0&retrans=0&sent_bytes=760912&recv_bytes=43979&delivery_rate=47149&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=10960&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/7784.df07a876b22e3b2a83e9.js

172.67.207.140

200 OK

22 kB

URL GET HTTP/3
telegprong.my/k/7784.df07a876b22e3b2a83e9.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
JavaScript source, ASCII text, with very long lines (21340)
Size
22 kB (21477 bytes)
Hash
a0980d43cea486530c30f9f5e1c1b5e4
deec93f70f8b813b479137075afa6a0a3a25b8bd
4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/7784.df07a876b22e3b2a83e9.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:07 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
etag: W/"677f9c88-53e5"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bBh5yhgopnQ65bWcP4Tg4ryg%2FWbBvL4Zndm%2BLtff%2F%2BhzdG6BwDvSKPDLbXgi1NF1bAOeoUw2m3cVUwmMOXE71FTGy23tp1GCOQMQnFbUkpTG8HlgsepDLQa3%2FBMY5g21"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b50320fd0456b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1390&min_rtt=860&rtt_var=241&sent=749&recv=138&lost=0&retrans=0&sent_bytes=779157&recv_bytes=44025&delivery_rate=288391&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=10967&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/main.949acaf34f3882f511ff.css

172.67.207.140

200 OK

113 kB

URL GET HTTP/3
telegprong.my/k/main.949acaf34f3882f511ff.css
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type

Size
113 kB (113301 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/main.949acaf34f3882f511ff.css HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:02 GMT
content-type: text/css
last-modified: Thu, 09 Jan 2025 09:53:13 GMT
vary: Accept-Encoding
etag: W/"677f9c89-1ba95"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cfurbgN5Xdcujpqsmomvz7YiS1qGUeuNiNRZkFWWJzCv2zOaX3NZXHmJiuYlOwWhY4M6BNf0i215Toibag1nOhmTW2%2B0om%2FZUAjwY1JnU3x40z5N1WNv%2FUFrDljUhxsg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b503018ac456b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1917&min_rtt=860&rtt_var=937&sent=544&recv=110&lost=0&retrans=0&sent_bytes=558236&recv_bytes=35054&delivery_rate=8904165&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=6323&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/7784.df07a876b22e3b2a83e9.js

172.67.207.140

200 OK

22 kB

URL GET HTTP/3
telegprong.my/k/7784.df07a876b22e3b2a83e9.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
JavaScript source, ASCII text, with very long lines (21340)
Size
22 kB (21477 bytes)
Hash
a0980d43cea486530c30f9f5e1c1b5e4
deec93f70f8b813b479137075afa6a0a3a25b8bd
4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/7784.df07a876b22e3b2a83e9.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:07 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
etag: W/"677f9c88-53e5"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XvvosGovPYUBRmM8pgTakQ72G9%2Fz9MZU3dO0XdKh%2BdLw8SG4KL%2B0X69Hl3gcbmQcg6y%2FK49c1UUWLFNch%2FPltEbu3ahk5d5qgfROeigPjedIIhxas4QZ74PXPM%2FDcbis"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b50320ac5156b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1435&min_rtt=860&rtt_var=281&sent=724&recv=135&lost=0&retrans=0&sent_bytes=751756&recv_bytes=43339&delivery_rate=3857412&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=10914&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/redirect.js

172.67.207.140

200 OK

325 B

URL GET HTTP/3
telegprong.my/k/redirect.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
ASCII text, with very long lines (336), with no line terminators
Size
325 B (325 bytes)
Hash
0f4bee764cf7e7080cc0c1a836d6c85a
7cdea3a612218fe6898aa117eb4598d7d0dce420
9d8ec261dba46e501288de7aee04435dfe1d8728b0bf65a4a79c08e5c90a5b54

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/redirect.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:02 GMT
content-type: application/javascript
content-encoding: br
cf-ray: 90b503018ac156b7-OSL
last-modified: Thu, 09 Jan 2025 09:53:13 GMT
etag: W/"677f9c89-145"
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WrqlXtVylbGzNiWXo%2BweoW5m2hRcpPHJLcnOUEdB07e5ihWf7b2UEFDzhbKAT2QddIEuQ%2BFakuGlEdug%2BQJ3AjucHQIb4HpigTQknXJxwANt%2F2zD5m4nDI1Hn09SqUId"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2022&min_rtt=860&rtt_var=1304&sent=530&recv=108&lost=0&retrans=0&sent_bytes=541963&recv_bytes=34963&delivery_rate=4254&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=6135&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/

172.67.207.140

200 OK

2.8 kB

URL User Request GET HTTP/3
telegprong.my/k/
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
HTML document, ASCII text, with very long lines (2898), with no line terminators
Size
2.8 kB (2756 bytes)
Hash
07f55061c8d58587ea2d1878a454c561
ca3fb93721827528d813bd69b72e44c2e0541893
c461a047740f80a7eb966d276a8a068887beb8c5770f7525c83281c7e5e2150d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/ HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:02 GMT
content-type: text/html
last-modified: Fri, 10 Jan 2025 02:29:54 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=1,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cc7KdPzhh9QS7V7yjMwK5HKM9rRbvm%2B9%2FidIOZH0HIWEShp223DVvr%2BsvQxYs%2BXWAeEEuZhkwQSe9gu%2F%2FdSjAqOJoh8zrp%2Bf3m98EHPL93uHPLu93bkKG4i9c7cyof%2F7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b502ffd8b456b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2324&min_rtt=860&rtt_var=1381&sent=523&recv=102&lost=0&retrans=0&sent_bytes=538322&recv_bytes=32606&delivery_rate=1099&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=5648&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/7784.df07a876b22e3b2a83e9.js

172.67.207.140

200 OK

22 kB

URL GET HTTP/3
telegprong.my/k/7784.df07a876b22e3b2a83e9.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
JavaScript source, ASCII text, with very long lines (21340)
Size
22 kB (21477 bytes)
Hash
a0980d43cea486530c30f9f5e1c1b5e4
deec93f70f8b813b479137075afa6a0a3a25b8bd
4b5eeb1400e5118a1aff286d9a6cf893bd7c08fc8247c62116238ea587890e9e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/7784.df07a876b22e3b2a83e9.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:07 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
etag: W/"677f9c88-53e5"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Eq97TbjqfNDCAGFatpUVi4uP4B%2B7gW7m%2F8szSX1aFL60IRTzBJYqLSEZxxMwy1Yyv0KMG0l2CgO07BMfx%2FcST79OdUiFqkmADDqzrS3ynZ1mqS4WvPIqfat7w4rAqRST"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b50320fcf356b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1390&min_rtt=860&rtt_var=241&sent=741&recv=138&lost=0&retrans=0&sent_bytes=770032&recv_bytes=44025&delivery_rate=288391&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=10967&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/rlottie-wasm.f013598f1b2ba719f25e.js

172.67.207.140

200 OK

66 kB

URL GET HTTP/3
telegprong.my/k/rlottie-wasm.f013598f1b2ba719f25e.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65591 bytes)
Hash
4441938ee433d3657c20d454d352a336
dd67121d7fda7c17be196f60c72dfa06bcb5bc6f
659bf63501a8054ef0eedda3dec466dbc1e9a1b2c4d5d59a285b005215e16679

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/rlottie-wasm.f013598f1b2ba719f25e.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/2976.4e6e9b1254ce313f06c5.js
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:08 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:13 GMT
vary: Accept-Encoding
etag: W/"677f9c89-10037"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qvPe9H7CZJV9DnuOyzLU3sd34bBbO7N5mMSDBbKLC2IG8VzhaDMyEHANBMM3UF7Vmb4Q9KjemUSUYqVH080JCo8fJ7b3q0%2Fmd6kOtp8SOrIIaCoShGpAIsma8KRK4uFf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b503267c4456b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2557&min_rtt=860&rtt_var=2298&sent=932&recv=153&lost=0&retrans=0&sent_bytes=986395&recv_bytes=48568&delivery_rate=12625773&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=12252&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/main.d54bfa037348b154a941.js

172.67.207.140

200 OK

296 kB

URL GET HTTP/3
telegprong.my/k/main.d54bfa037348b154a941.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type

Size
296 kB (296503 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/main.d54bfa037348b154a941.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:02 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:13 GMT
vary: Accept-Encoding
etag: W/"677f9c89-48637"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5%2FnffRyOOnMh9MOcGw3LGQaLUpVKKOoL8RCpweDUvRFh7q74HM23AIV2stdogTcH%2FwLx7RxR2UQufgqffGAjd2RrFmtD%2BngevW19LPO0aSxXB6sHjH8uZEyueG3s6ZPm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b503018ac256b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2008&min_rtt=860&rtt_var=1007&sent=531&recv=109&lost=0&retrans=0&sent_bytes=542838&recv_bytes=35009&delivery_rate=39940&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=6319&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/icon-192x192.png

172.67.207.140

200 OK

3.1 kB

URL GET HTTP/3
telegprong.my/k/icon-192x192.png
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced
Size
3.1 kB (3059 bytes)
Hash
1a1650d2c76bfc1ac484646c19e495b9
fe58d66042ce9241226f5da9370230285ff604fc
6e587a62c9d7a97f25265ab5eb29d101ad2e36810042a4116d2dd29da96b0bf8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/icon-192x192.png HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:03 GMT
content-type: image/png
content-length: 3059
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
etag: "677f9c88-bf3"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=csB47P2Ms1zNyxCbh9JqZfuPcGZRtvh93Tca3EjK4hfUUgLrgDBHiqMWuZjI%2FK%2FHzSDwZJkod2uqZky6sghlLvC0UXnhFaZvFby0uL976zw6JznKZWg%2Furxhdst%2FBZtt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90b5030a0b8956b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1663&min_rtt=860&rtt_var=620&sent=666&recv=118&lost=0&retrans=0&sent_bytes=699742&recv_bytes=37720&delivery_rate=30453&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=7272&x=1", cfExtPri, cfHdrFlush;dur=0

telegprong.my/k/8673.1b6dd8d303b0535cc1f8.js

172.67.207.140

200 OK

11 kB

URL GET HTTP/3
telegprong.my/k/8673.1b6dd8d303b0535cc1f8.js
IP
172.67.207.140:443
ASN
#13335 CLOUDFLARENET

Requested by
https://telegprong.my/k/
Certificate
IssuerGoogle Trust Services
Subjecttelegprong.my
FingerprintB9:8E:74:48:3C:82:8F:64:5B:60:45:E8:22:7D:25:61:0B:04:E4:A2
ValidityThu, 23 Jan 2025 08:00:13 GMT - Wed, 23 Apr 2025 08:50:45 GMT

File type
JavaScript source, ASCII text, with very long lines (10642)
Size
11 kB (10696 bytes)
Hash
ea8d5208dada45e8d0844877a7c93db6
45d98fbe3dae09a988cccd836d39016c5100f313
25f447387cefb643c04e0aa816e21edf562ebe9b7e3f7b808bdb179154fc17b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /k/8673.1b6dd8d303b0535cc1f8.js HTTP/1.1
Host: telegprong.my
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegprong.my/k/
Cookie: cf_clearance=2l3g54TxOS8HRadUYJMa1MnyVL38pGJUF6Pw6V5kXqY-1738445097-1.2.1.1-juX_T.WNBsHN6_4RzzF0lRyNUodecjmNrLyBplylSuS0LyL1uNBx6Cuz4Xnn4QgBITLuChHYJm0sK0pRfz6GV559Qy5zSmPIk6_i48nUDmNTIetnvKpL80RPtucRCSsWuOitE.a7AxAaRv6XPEx80f.0xAay6pmcYqutJXdhgDO0uqTox5WE7S.nMmdhwBIy0HbfeIAn1RAVJVEP5AJ.t8QIG6qvReT8IQKDvl6hBQXMTkZo7VoAinco43jn7lDeMIZhLF81vl80iSPEw_EoxDYB9dyH0f0ye0XOqfbzVbQ
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 01 Feb 2025 21:25:06 GMT
content-type: application/javascript
last-modified: Thu, 09 Jan 2025 09:53:12 GMT
vary: Accept-Encoding
etag: W/"677f9c88-29c8"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pchaE2iimQyRhQ42Opr6AuEHXEg0XGI5O%2FPprogptGmRqQUnJJ4NYeO9vqy5pKK8ce2EwdXzSh4gjOYhwfTxT5Yv4grjPN%2BQozuOwpsvC09yHyjEIqXrCZuSFl%2BV%2B5vI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90b5031b7ea256b7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1539&min_rtt=860&rtt_var=539&sent=684&recv=122&lost=0&retrans=0&sent_bytes=716784&recv_bytes=38421&delivery_rate=738246&cwnd=96000&unsent_bytes=0&cid=b265173f21337f18&ts=10260&x=1", cfExtPri, cfHdrFlush;dur=0

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (31)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash