← Journal
Jun 17, 2026 · Investigation

Telegram Connectivity Interference Analysis

An investigation was conducted into the inability to access Telegram services over a residential ISP connection. The investigation identified clear evidence of DNS-level redirection of telegram.org to a Jio-owned IP address, alongside an inability to establish direct TCP connectivity to Telegram’s actual infrastructure.

Immediate restoration of connectivity was achieved through a VPN tunnel, bypassing the active Jio-owned endpoint (49.44.79.236) which exhibits characteristics inconsistent with a normal public web or DNS service. The collected evidence strongly suggests the presence of both DNS-level and network-level controls affecting Telegram connectivity.

Environment

Phase 1: Initial DNS Investigation

We began by querying the domain name system for Telegram's main domain name.

dig telegram.org +short
# Output:
# 49.44.79.236

The expected Telegram IP address is 149.154.167.99. The returned IP clearly does not belong to Telegram infrastructure.

To verify ownership of the returned IP, we queried Cymru WHOIS:

whois -h whois.cymru.com " -v 49.44.79.236"
# Output:
# AS55836 | RELIANCEJIO-IN | Reliance Jio Infocomm Limited

Additional APNIC RDAP verification confirmed that 49.44.79.236 belongs to Reliance Jio Infocomm Limited. Conclusion: telegram.org was being resolved to an IP address owned by Jio rather than Telegram.

Phase 2: DNS Bypass Testing

DNS settings were manually updated to Cloudflare's public DNS resolvers:

# Changed to:
# 1.1.1.1, 1.0.0.1
scutil --dns

We then re-tested the resolution:

dig telegram.org +short
# Output: 149.154.167.99

dig @1.1.1.1 telegram.org +short
# Output: 149.154.167.99

dig @8.8.8.8 telegram.org +short
# Output: 149.154.167.99

Conclusion: DNS redirection was successfully bypassed, and Telegram resolved correctly after switching resolvers.

Phase 3: Direct Telegram Connectivity Testing

Next, we attempted to initiate an HTTPS handshake directly to the verified Telegram infrastructure.

curl -I https://telegram.org
# Result: Connection timeout

curl --connect-to telegram.org:443:149.154.167.99:443 -I https://telegram.org
# Result: Connection timeout

Conclusion: Even when DNS resolution is completely bypassed, the HTTPS connection continues to time out. The issue is not limited to DNS manipulation.

Phase 4: TCP Reachability Testing

We performed TCP connection tests to see if we could reach the network socket of Telegram's IPs directly.

nc -vz -w 5 149.154.167.99 443
# Result: Operation timed out

nc -vz -w 5 149.154.175.50 443
# Result: Operation timed out

Conclusion: TCP SYN packets did not receive responses. Direct connectivity to Telegram infrastructure was entirely unavailable at the transport layer.

Phase 5: Routing Analysis

A traceroute was performed to see where the packets were dropped.

traceroute 149.154.167.99
# Path:
# 1  192.168.29.1
# 2  10.197.120.1
# 3  172.31.x.x
# 4  172.28.x.x
# 5  172.26.x.x
# 6  * * *
# 7  * * *

Conclusion: Traffic successfully progressed through internal ISP routing hops but terminated entirely before ever reaching the edge of Telegram's AS network.

Phase 6: VPN Verification

We connected to Proton VPN (Amsterdam exit node) and ran the exact same diagnostics:

nc -vz -w 5 149.154.167.99 443
# Result: Connection succeeded

curl -I https://telegram.org
# Result: HTTP/2 200

Conclusion: When tunnelled, Telegram's endpoints responded immediately. This isolates the failure condition purely to the direct ISP routing path.

Phase 7: Investigation of Jio's IP (49.44.79.236)

To analyze the behavior of the destination Jio redirected us to, we investigated 49.44.79.236:

traceroute 49.44.79.236
# Path entered Reliance Jio's network via Telia/Arelion and died at 49.44.220.242.

nmap -Pn -p 53,80,443,8080 49.44.79.236
# Result:
# 53/tcp   open
# 80/tcp   open
# 443/tcp  open
# 8080/tcp open

The host is active and listening on these ports. However, its HTTP and HTTPS behaviors are highly irregular:

Technical Assessment

The endpoint at 49.44.79.236 demonstrates several unusual characteristics. It is owned by Reliance Jio, is returned as a DNS response for telegram.org, and accepts TCP connections, but fails to respond as a normal web or DNS server. Most notably, it alters its behavior (terminating with a RST packet) when telegram.org is explicitly supplied in the Host header.

These observations are highly consistent with specialized policy enforcement or filtering infrastructure—likely serving as a DNS sinkhole target or traffic interception gateway.

Conclusions & Confidence Ratings

Finding Confidence Level
DNS Redirection of telegram.org to 49.44.79.236 99%
49.44.79.236 is Jio-owned infrastructure 100%
Direct ISP-path filtering of Telegram traffic 95%
VPN bypass functionality 100%