Report - viral-telegram-2023-6957.real1.biz.id/id/

Report Overview

Visited public
2023-12-09 13:00:10
Tags
phishing suspicious
URL
viral-telegram-2023-6957.real1.biz.id/id/
Finishing URL
viral-telegram-2023-6957.real1.biz.id/id/
IP / ASN
104.21.45.242
#13335 CLOUDFLARENET
Title
SYAKIRAH VIDEO VIRAL
Phishing - Generic phishing
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-09 06:06:20	552 B	17 kB	142.250.74.163
ocsp.trust-provider.cn	unknown	2015-04-09	2022-02-10 09:18:30	2023-12-09 05:17:40	692 B	2.9 kB	111.13.153.152
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-09 07:42:19	502 B	5.9 kB	142.250.74.106
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-09 08:21:37	443 B	32 kB	151.101.194.137
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-12-09 05:09:03	464 B	34 kB	151.101.1.229
i.postimg.cc	23840	2016-06-11	2018-04-11 12:01:12	2023-12-09 10:05:40	1.6 kB	253 kB	162.19.88.68
telegram.org	5408	2003-12-15	2013-12-18 14:14:30	2023-12-08 12:03:26	3.8 kB	420 kB	149.154.167.99
na.apps.amsoveasea.com	100788	2020-07-01	2020-07-11 14:48:08	2023-12-07 05:44:01	588 B	243 B	129.226.2.89
viral-telegram-2023-6957.real1.biz.id	unknown	unknown	No data	No data	994 B	67 kB	104.21.45.242

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-09 12:59:59	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-09 12:59:59	medium	Client IP	Internal IP	ET DNS Query for .cc TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-08	medium	viral-telegram-2023-6957.real1.biz.id/id/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	telegram.org/js/tgwallpaper.min.js?3	ScriptElement	3.0 kB	2023-03-07	2025-05-11
Pretty URL telegram.org/js/tgwallpaper.min.js?3 IP 149.154.167.99 ASN #62041 Telegram Messenger Inc Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-11 20:44 Times Seen49102 Hash 2b89d34702716a8ad2cc3977718f53a3 04406ebd6a9e2ce79dbac5e5048cfe1384e4574a 2031e418ee10af8110729b3f327b968462fc0a9d8d1da095387bb472ccd0dee6 Loading...

	unknown	ScriptElement	1.6 kB	2023-09-04	2025-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-04 23:56 Last Seen2025-05-10 17:16 Times Seen188 Hash 5b353ff3f1e57e590e8ffa9dcd6f3eec 461968c85f20c208f83d904f0b9f30dd8bea8ccc 3d8df6f8b9852b5d8bcf873136004f502a11a856b0a3748f3c2a9de2e3fbc092 Loading...

	cdn.jsdelivr.net/gh/cdnvjs/footericon@8.0.0/icons.min.js	ScriptElement	91 kB	2023-06-29	2025-05-10
Pretty URL cdn.jsdelivr.net/gh/cdnvjs/footericon@8.0.0/icons.min.js IP 151.101.1.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-29 14:45 Last Seen2025-05-10 17:16 Times Seen413 Hash 9e48f99003579ab8a3dc774745471435 0dfe9bdf396b74df460695da61604218c88a00df 0d25235a839b2c9199edc7a4baa7c4591358476a05aa9170bc7ff7934060539b Loading...

	unknown	Function	79 B	2023-04-11	2025-05-12
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38 Last Seen2025-05-12 22:31 Times Seen112519 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	unknown	ScriptElement	5.8 kB	2023-09-04	2025-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-04 23:56 Last Seen2025-05-10 17:16 Times Seen188 Hash 8355e4eda7b944b6fa4de6d585975cdd 78624aa632d0c40bad14a291899bf8bfd70b1873 7eca82c2c8ee604ee390409951634d74f4f2338c1a4ff5c1713618c58dc25dd4 Loading...

	viral-telegram-2023-6957.real1.biz.id/id/	ScriptElement	65 kB	2023-09-04	2025-05-10
Pretty URL viral-telegram-2023-6957.real1.biz.id/id/ IP 104.21.45.242 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-04 23:56 Last Seen2025-05-10 17:16 Times Seen190 Hash ebad92439974dc9fb1f35ca2c2b2ae0c 04e4b5161fac0d97f74342e3841909a316336fd0 971ece17863b2fdbb9b820d02662dce2bc53031709f54e91112cdc883c6eb665 Loading...

	unknown	ScriptElement	210 B	2023-09-04	2025-05-10
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-04 23:56 Last Seen2025-05-10 17:16 Times Seen188 Hash c19e71210dbfa5f496b979b6c86cce07 13a78481aa191a92651c88638df948b2b785aee9 13f076edc5d9e38fe9094e1b153e34705698b1ad68292576aee8d164f838b9e3 Loading...

	unknown	Function	37 B	2023-04-11	2025-05-12
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-05-12 22:31 Times Seen263953 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	unknown	DomTimer	5 B	2023-06-29	2025-05-10
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-06-29 14:45 Last Seen2025-05-10 17:16 Times Seen441 Hash 7eafe291ca4158a602d13056a90c292e 8e7e21d7e8b1b957a977682c57be377ccf0ae4b0 3a5245e16c8bf8e3198bc16265aecf0427cf4d85a6bd351ad9494b5974e1b260 Loading...

	code.jquery.com/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-05-12
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-12 22:19 Times Seen109062 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

		Size	First Seen	Last Seen
	#1 Eval - 61fa153f2827c887a48a351ae3c6cfd3	8 B	2023-03-07 01:03	2025-05-12 21:14
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-05-12 21:14 Times Seen16980 Hash 61fa153f2827c887a48a351ae3c6cfd3 5fbd02245cf700ea94d638c8d76924ecca52d330 4c44d7c28ec0f6ca3e2624c6af1d3be324576d01ef6f6c2dc0af7e61664b8c2c Loading...

		Size	First Seen	Last Seen
	#1 Write - 1d748ea796ceba7a9bf9f75ffb2c7d15	22 kB	2023-09-04 23:56	2025-05-10 17:16
Pretty Observations First Seen2023-09-04 23:56 Last Seen2025-05-10 17:16 Times Seen190 Hash 1d748ea796ceba7a9bf9f75ffb2c7d15 c26f10915c97bff07b9110a1407f3f5ddd7cdfea ab2b896c011eb5a95660343891ac3de8bd855061908331fa65418c41eaf0b6c9 Loading...

HTTP Transactions (20)

URL IP Response Size

code.jquery.com/jquery-3.5.1.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 09 Dec 2023 12:59:52 GMT
age: 3672104
x-served-by: cache-lga13628-LGA, cache-bma1669-BMA
x-cache: HIT, HIT
x-cache-hits: 20, 50307
x-timer: S1702126793.522494,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

cdn.jsdelivr.net/gh/cdnvjs/footericon@8.0.0/icons.min.js

151.101.1.229

200 OK

34 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/cdnvjs/footericon@8.0.0/icons.min.js
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
34 kB (33469 bytes)
Hash
9e48f99003579ab8a3dc774745471435
0dfe9bdf396b74df460695da61604218c88a00df
0d25235a839b2c9199edc7a4baa7c4591358476a05aa9170bc7ff7934060539b

HTTP Headers

GET /gh/cdnvjs/footericon@8.0.0/icons.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 8.0.0
x-jsd-version-type: branch
etag: W/"16401-Df6b3zlrdN9GBpXaYWBCGMiKAN8"
content-encoding: br
accept-ranges: bytes
date: Sat, 09 Dec 2023 12:59:52 GMT
age: 33636
x-served-by: cache-fra-etou8220101-FRA, cache-bma1647-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 33469
X-Firefox-Spdy: h2

i.postimg.cc/GmTzn3pL/20230307-183141.jpg

162.19.88.68

200 OK

17 kB

URL GET HTTP/2
i.postimg.cc/GmTzn3pL/20230307-183141.jpg
IP
162.19.88.68:443
ASN
#16276 OVH SAS

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x133, components 3
Size
17 kB (17086 bytes)
Hash
1dbd788591a4093c60a4e32eccb1675e
569f69b2b8cfa98a93fb83854bfcbb7222cbd3fc
e57db279860ccaab0a1f8c760af3932b6b8b9087964ea8adbdc19a907c9385dc

HTTP Headers

GET /GmTzn3pL/20230307-183141.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 09 Dec 2023 12:59:52 GMT
content-type: image/jpeg
content-length: 17086
last-modified: Tue, 07 Mar 2023 11:33:04 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

i.postimg.cc/xTMPqpGT/S9-VTs2-Y5-QFBjwc-GIC9u5-W5-T1bn9-W9y-Wj-H1-Lbtoxkd6sghm-q13jf-F1d5dj-B2-Ili-Nen-Dhen4-JZs-ULd3p6-Oy-INtx-JVMIVN2-LK-i8v.jpg

162.19.88.68

200 OK

8.1 kB

URL GET HTTP/2
i.postimg.cc/xTMPqpGT/S9-VTs2-Y5-QFBjwc-GIC9u5-W5-T1bn9-W9y-Wj-H1-Lbtoxkd6sghm-q13jf-F1d5dj-B2-Ili-Nen-Dhen4-JZs-ULd3p6-Oy-INtx-JVMIVN2-LK-i8v.jpg
IP
162.19.88.68:443
ASN
#16276 OVH SAS

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x320, components 3
Size
8.1 kB (8128 bytes)
Hash
dbeec09cef52c3cb434d43a367f55ee7
c9ea4fd04d691d1ee712030b74fe5f50d96e7a27
762aefadd6944916cb2f20070be024ce0fff0252eef058d7a4d387d302b4f8d4

HTTP Headers

GET /xTMPqpGT/S9-VTs2-Y5-QFBjwc-GIC9u5-W5-T1bn9-W9y-Wj-H1-Lbtoxkd6sghm-q13jf-F1d5dj-B2-Ili-Nen-Dhen4-JZs-ULd3p6-Oy-INtx-JVMIVN2-LK-i8v.jpg HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 09 Dec 2023 12:59:52 GMT
content-type: image/jpeg
content-length: 8128
last-modified: Tue, 13 Jun 2023 19:47:00 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

i.postimg.cc/GmS9GdxQ/20230402-172040.png

162.19.88.68

200 OK

226 kB

URL GET HTTP/2
i.postimg.cc/GmS9GdxQ/20230402-172040.png
IP
162.19.88.68:443
ASN
#16276 OVH SAS

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
PNG image data, 766 x 800, 8-bit/color RGBA, non-interlaced
Size
226 kB (226533 bytes)
Hash
a7640f4509e63a0c023087afb309143a
fbdd5f694afb8c1a29a78ee90aa5e2380b611571
713b7adcaa7a1cd821d115eec9666d46b5dba4c38ad16ae76d20a297348b720b

HTTP Headers

GET /GmS9GdxQ/20230402-172040.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 09 Dec 2023 12:59:52 GMT
content-type: image/png
content-length: 226533
last-modified: Sun, 02 Apr 2023 10:22:25 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://viral-telegram-2023-6957.real1.biz.id
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:43:03 GMT
expires: Tue, 03 Dec 2024 23:43:03 GMT
cache-control: public, max-age=31536000
age: 393410
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

149.154.167.99

200 OK

11 kB

URL GET HTTP/2
telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11040, version 1.0
Size
11 kB (11040 bytes)
Hash
5e22a46c04d947a36ea0cad07afcc9e1
6091d981c2a4ee975c7f6b56186ee698040bb804
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

HTTP Headers

GET /fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://viral-telegram-2023-6957.real1.biz.id
DNT: 1
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 09 Dec 2023 12:59:53 GMT
content-type: application/octet-stream
content-length: 11040
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b20"
expires: Wed, 13 Dec 2023 12:59:53 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram.org/img/apple-touch-icon.png

149.154.167.99

200 OK

5.6 kB

URL GET HTTP/2
telegram.org/img/apple-touch-icon.png
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced
Size
5.6 kB (5644 bytes)
Hash
295ccdb03006b8dfef45090dafbd46ac
491ab660270e47cbac6a5731c51cca71c1c1b2b1
a51d667d4262047c23e3a2a8aac3b46dc8a58c686cc013f2354011c07bf22cf3

HTTP Headers

GET /img/apple-touch-icon.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 09 Dec 2023 12:59:54 GMT
content-type: image/png
content-length: 5644
last-modified: Thu, 21 Apr 2022 13:47:47 GMT
etag: "62616083-160c"
expires: Wed, 13 Dec 2023 12:59:54 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

na.apps.amsoveasea.com/swoole/?actid=2020&r=index/getCountry&_only_service_response_=1

129.226.2.89

200 OK

55 B

URL GET HTTP/2
na.apps.amsoveasea.com/swoole/?actid=2020&r=index/getCountry&_only_service_response_=1
IP
129.226.2.89:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerTrustAsia Technologies, Inc.
Subjectna.apps.amsoveasea.com
FingerprintA1:C8:27:B5:06:21:F0:D9:56:0E:8A:07:87:B3:F9:02:A2:7A:9A:6C
ValiditySun, 23 Apr 2023 00:00:00 GMT - Wed, 22 May 2024 23:59:59 GMT

File type
JSON data
Size
55 B (55 bytes)
Hash
6f805925944ef9fa79bd0a02e00e2e99
ceb834e8fd10d2f4c8f2b1e6d8800b9e845834df
3ef013039e6df373c7ef0730658c403527318c307c67145ac08c728492392800

HTTP Headers

GET /swoole/?actid=2020&r=index/getCountry&_only_service_response_=1 HTTP/1.1
Host: na.apps.amsoveasea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://viral-telegram-2023-6957.real1.biz.id
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 09 Dec 2023 12:59:54 GMT
content-type: text/html
content-length: 55
server: nginx
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.trust-provider.cn/

111.13.153.152

600 B

URL
ocsp.trust-provider.cn/
IP
111.13.153.152:0
ASN
#9808 China Mobile Communications Group Co., Ltd.

File type
data
Size
600 B (600 bytes)
Hash
0f0816884969f33f66f92d61542d1496
8584349b85f7e835633cf035319a715bd5d33bb3
85b1c440f359c3f18cea5f04310f4157a19919e2a13454d45228b85adfff5dd6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
Date: Sat, 09 Dec 2023 12:59:56 GMT
Accept-Ranges: bytes
Age: 1
CF-Cache-Status: EXPIRED
CF-RAY: 83289fdfe989cfdd-SJC
ETag: "8584349b85f7e835633cf035319a715bd5d33bb3"
Expires: Fri, 15 Dec 2023 22:57:17 GMT
Last-Modified: Fri, 08 Dec 2023 22:57:18 GMT
WS-Cache-Status: 0
X-CCACDN-Proxy-ID: scdpinlb1
X-Frame-Options: SAMEORIGIN
X-Via: 1.1 PSzjnbydvl44:16 (Cdn Cache Server V2.0), 1.1 12124589:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 657464cc_12A146831_33111-30720
via: n173-159-130.bdcdn-bjcm.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1702126796d732f50b70076c079eccbfb53db81caf
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=5, edge;dur=0

ocsp.trust-provider.cn/

111.13.153.152

600 B

URL
ocsp.trust-provider.cn/
IP
111.13.153.152:0
ASN
#9808 China Mobile Communications Group Co., Ltd.

File type
data
Size
600 B (600 bytes)
Hash
0f0816884969f33f66f92d61542d1496
8584349b85f7e835633cf035319a715bd5d33bb3
85b1c440f359c3f18cea5f04310f4157a19919e2a13454d45228b85adfff5dd6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: volc-dcdn
Content-Type: application/ocsp-response
Content-Length: 600
Connection: keep-alive
Date: Sat, 09 Dec 2023 12:59:56 GMT
Accept-Ranges: bytes
Age: 1
CF-Cache-Status: EXPIRED
CF-RAY: 83289fdfe989cfdd-SJC
ETag: "8584349b85f7e835633cf035319a715bd5d33bb3"
Expires: Fri, 15 Dec 2023 22:57:17 GMT
Last-Modified: Fri, 08 Dec 2023 22:57:18 GMT
WS-Cache-Status: 0
X-CCACDN-Proxy-ID: scdpinlb1
X-Frame-Options: SAMEORIGIN
X-Via: 1.1 PSzjnbydvl44:16 (Cdn Cache Server V2.0), 1.1 12124589:2 (Cdn Cache Server V2.0)
X-Ws-Request-Id: 657464cc_12124589_24512-14110
via: n173-159-129.bdcdn-bjcm.ToB
x-request-ip: 91.90.42.154
x-tt-trace-tag: id=5
x-dsa-trace-id: 1702126796b72f14a33896c3b858b88a63543e3cf2
X-Dsa-Origin-Status: 200
server-timing: cdn-cache;desc=MISS, origin;dur=4, edge;dur=0

telegram.org/css/bootstrap.min.css?3

149.154.167.99

200 OK

42 kB

URL GET HTTP/2
telegram.org/css/bootstrap.min.css?3
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
ASCII text, with very long lines (42164)
Size
42 kB (42523 bytes)
Hash
c2656e265ef58a9cc9f4b70b15da5fb9
85c5ebdb89d4574d72688c2650d4b84b9b09770a
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

HTTP Headers

GET /css/bootstrap.min.css?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 09 Dec 2023 12:59:52 GMT
content-type: text/css
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-a61b"
expires: Wed, 13 Dec 2023 12:59:52 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Oswald&family=Roboto&family=Teko&display=swap

142.250.74.106

200 OK

5.2 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Oswald&family=Roboto&family=Teko&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (5373), with no line terminators
Size
5.2 kB (5238 bytes)
Hash
8279744553b092135453f726e92a7a12
9d31607a9a8c81a75fb8d17ee978385925f543e4
8cf409904ee4c4bdac81a18bc476085c62c95e9fe7bd77df2a71d2bd292d144e

HTTP Headers

GET /css2?family=Oswald&family=Roboto&family=Teko&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 09 Dec 2023 12:59:52 GMT
date: Sat, 09 Dec 2023 12:59:52 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

telegram.org/js/tgwallpaper.min.js?3

149.154.167.99

200 OK

3.0 kB

URL GET HTTP/2
telegram.org/js/tgwallpaper.min.js?3
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
ASCII text, with very long lines (2998), with no line terminators
Size
3.0 kB (2979 bytes)
Hash
f03422dc797fd26a3834b1ec041128ed
a6e88f4fe48b749c2b7360e8e004f64b6cfffb1a
046ec6b7909d0ca5cc6ef271a1b57b2f2be0bd88e3495fd8c496f1524e8ffaac

HTTP Headers

GET /js/tgwallpaper.min.js?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 09 Dec 2023 12:59:52 GMT
content-type: application/javascript
last-modified: Thu, 03 Mar 2022 19:57:25 GMT
etag: W/"62211da5-ba3"
expires: Wed, 13 Dec 2023 12:59:52 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/img/tgme/pattern.svg?1

149.154.167.99

200 OK

232 kB

URL GET HTTP/2
telegram.org/img/tgme/pattern.svg?1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
SVG Scalable Vector Graphics image
Size
232 kB (231706 bytes)
Hash
d0c22c6a97023d85ba6e644a41c44a5d
4284efb616c182da4450c123174ce0e81a322845
118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4

HTTP Headers

GET /img/tgme/pattern.svg?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://telegram.org/css/telegram.css?236
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 09 Dec 2023 12:59:53 GMT
content-type: image/svg+xml
last-modified: Thu, 05 Jan 2023 17:52:04 GMT
etag: W/"63b70e44-3891a"
expires: Wed, 13 Dec 2023 12:59:53 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

viral-telegram-2023-6957.real1.biz.id/id/ast/css/main.css

104.21.45.242

404 Not Found

315 B

URL GET HTTP/3
viral-telegram-2023-6957.real1.biz.id/id/ast/css/main.css
IP
104.21.45.242:443
ASN
#13335 CLOUDFLARENET

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerLet's Encrypt
Subjectreal1.biz.id
Fingerprint14:A0:71:29:AA:04:93:B1:46:4D:D2:BC:C0:B1:5D:82:18:62:91:B5
ValidityFri, 17 Nov 2023 17:19:40 GMT - Thu, 15 Feb 2024 17:19:39 GMT

File type
HTML document, ASCII text, with very long lines (326), with no line terminators
Size
315 B (315 bytes)
Hash
97ef40509b73c101d6815511c3adf98d
a4242322497ea630ea72e26ba297a95a2bbe5ccd
322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be

HTTP Headers

GET /id/ast/css/main.css HTTP/1.1
Host: viral-telegram-2023-6957.real1.biz.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 09 Dec 2023 12:59:52 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ao21gB9Zo9RXkEotKKbj5%2FbALwV7wXqisefAaBHlq8oDFos26SFdo%2F5XytUEoY8X4lDYSyZFGi%2BYPE2aetXJrc37a787d9kwIqxsetPJAcsKDsO82FvSeAqKUxjp9B1GJs3qelM0DtBIt3%2BnbTbaqfU8ZQkVyoU0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 832d6d850d9a712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegram.org/img/website_icon.svg?4

149.154.167.99

200 OK

1.9 kB

URL GET HTTP/2
telegram.org/img/website_icon.svg?4
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1896 bytes)
Hash
5caca7ae1cffb3da0b06150a15020005
04cfb934f238d33209406393a3fbf78454815739
1ea747a06fbc240c2594a8c523cb248bbda4784f0fcad9d0f06334f1a378604f

HTTP Headers

GET /img/website_icon.svg?4 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 09 Dec 2023 12:59:54 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jul 2020 20:41:37 GMT
etag: W/"5f160181-768"
expires: Wed, 13 Dec 2023 12:59:54 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

viral-telegram-2023-6957.real1.biz.id/id/

104.21.45.242

200 OK

65 kB

URL User Request GET HTTP/2
viral-telegram-2023-6957.real1.biz.id/id/
IP
104.21.45.242:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectreal1.biz.id
Fingerprint14:A0:71:29:AA:04:93:B1:46:4D:D2:BC:C0:B1:5D:82:18:62:91:B5
ValidityFri, 17 Nov 2023 17:19:40 GMT - Thu, 15 Feb 2024 17:19:39 GMT

File type

Size
65 kB (65359 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET /id/ HTTP/1.1
Host: viral-telegram-2023-6957.real1.biz.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 09 Dec 2023 12:59:52 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=827LtPGsoB12vXz6VF3D57tb5i%2F7ioM1Fr17qpS7bQ2qkBjjnpach%2FJDlhHVqdFgoKD4bcQFj0oFyNXY032BUYi%2BnvqgQ82Y%2Bb7DK6IvS1l3ZSgTQR3%2FcuB9XPsVThN4OiuoueZI6zluSloSzMD%2Fo0CWjqJ%2BWsiS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 832d6d835e8756c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

telegram.org/css/font-roboto.css?1

149.154.167.99

200 OK

6.2 kB

URL GET HTTP/2
telegram.org/css/font-roboto.css?1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
ASCII text, with very long lines (6354), with no line terminators
Size
6.2 kB (6166 bytes)
Hash
c06318a1f377e388b69b104b4cefa1a6
151f067aae997487880e573876f96b8d598e64db
1a53363e667fffef8a82588191989d36e680b4d341c6b557e62bf207311a3d70

HTTP Headers

GET /css/font-roboto.css?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 09 Dec 2023 12:59:52 GMT
content-type: text/css
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: W/"63512b7d-1816"
expires: Wed, 13 Dec 2023 12:59:52 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/css/telegram.css?236

149.154.167.99

200 OK

115 kB

URL GET HTTP/2
telegram.org/css/telegram.css?236
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://viral-telegram-2023-6957.real1.biz.id/id/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
ASCII text, with very long lines (1267)
Size
115 kB (114867 bytes)
Hash
0d209d756face073dd14a437f07e58b2
20cb9119fdd02921a6bd0b1500f78a0b76a7a5c0
acd326a9263ee8c4cbc757fed46333732a0e3f8f48d398cbd4f8e36a09fdaf76

HTTP Headers

GET /css/telegram.css?236 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://viral-telegram-2023-6957.real1.biz.id/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 09 Dec 2023 12:59:52 GMT
content-type: text/css
last-modified: Mon, 20 Mar 2023 10:58:55 GMT
etag: W/"64183c6f-1c0b3"
expires: Wed, 13 Dec 2023 12:59:52 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (20)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2