Report - awek-twitter-viral-hot.tme-viral.com/

Report Overview

Visited public
2023-12-04 00:20:27
Tags
URL
awek-twitter-viral-hot.tme-viral.com/
Finishing URL
awek-twitter-viral-hot.tme-viral.com/
IP / ASN
104.21.50.25
#13335 CLOUDFLARENET
Title
Telegram: Join Group Chat

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-03 05:12:08	485 B	443 B	18.157.203.0
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-12-03 05:12:51	785 B	423 B	192.243.61.227
i.ibb.co	13485	2010-07-20	2018-11-25 11:13:48	2023-12-03 13:11:12	499 B	71 kB	162.19.58.156
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-12-03 11:12:04	350 B	942 B	54.230.218.11
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-12-03 05:12:09	906 B	30 kB	45.133.44.9
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	1.1 kB	33 kB	142.250.74.67
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-03 06:08:10	430 B	7.5 kB	142.250.74.106
cdn.barscreative1.com	25648	2021-09-08	2021-09-16 13:14:42	2023-12-03 05:12:51	544 B	1.9 kB	45.133.44.4
pl20943602.highcpmrevenuegate.com	unknown	unknown	No data	No data	485 B	16 kB	173.233.137.60
growledavenuejill.com	unknown	2023-11-28	2023-11-28 15:18:21	2023-12-01 18:56:56	5.0 kB	7.6 kB	173.233.137.36
awek-twitter-viral-hot.tme-viral.com	unknown	2023-06-02	2023-10-07 21:48:08	2023-11-28 15:53:57	505 B	9.6 kB	104.21.50.25
telegram.org	5408	2003-12-15	2013-12-18 14:14:30	2023-12-03 05:55:05	3.9 kB	427 kB	149.154.167.99
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2023-12-03 18:40:41	2.4 kB	186 kB	172.64.108.10
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-12-03 18:40:38	432 B	48 kB	104.21.234.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-10-22	medium	awek-twitter-viral-hot.tme-viral.com/	Telegram

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-03	medium	growledavenuejill.com	Sinkholed
2023-12-03	medium	unseenreport.com	Sinkholed
2023-12-03	medium	growledavenuejill.com	Sinkholed
2023-12-03	medium	growledavenuejill.com	Sinkholed
2023-12-03	medium	growledavenuejill.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	1.3 kB	2023-12-03	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 16:27 Last Seen2024-08-20 16:55 Times Seen2 Hash cc96f0f14e0d3376214751dff0948b83 850bb49541776d7e4fd046839ac9ca63e62d8223 84dcf9ac8b6afe11cdb567bc92bd6469ad8e56a611e9d97d9fe6ebba59952a39 Loading...

	awek-twitter-viral-hot.tme-viral.com/	ScriptElement	0 B	0001-01-01	2025-05-09
Pretty URL awek-twitter-viral-hot.tme-viral.com/ IP 104.21.50.25 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-09 11:44 Times Seen4635683 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	pl20943602.highcpmrevenuegate.com/57/c9/da/57c9daa54196b6a1b7152a8dce695ce0.js	ScriptElement	43 kB	2023-12-04	2023-12-04
Pretty URL pl20943602.highcpmrevenuegate.com/57/c9/da/57c9daa54196b6a1b7152a8dce695ce0.js IP 173.233.137.60 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 01:20 Last Seen2023-12-04 01:20 Times Seen1 Hash 785a52f1cc00c897f197a630de1925dd 54ebb40f82690c36b3628ee5c3d78b1b47368c1d 1604361cbdbe59dfd604bfea851826b60d6b60f6c0a84a8c8b2440b9290dfe74 Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-11-23	2024-08-20
Pretty URL friendshipmale.com/sfp.js IP 104.21.234.32 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-23 18:35 Last Seen2024-08-20 18:08 Times Seen6307 Hash 924e967bca1d599992556a8d139b1c5a 222b09dbf164ddc03d39100fd0524a22018d28b2 ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95 Loading...

	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-05-09
Pretty URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js IP 172.64.108.10 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 11:43 Times Seen7481 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

HTTP Transactions (30)

URL IP Response Size

i.ibb.co/SxZ9Zsd/31d4353f-a528-4d8f-a99a-10d2c0868ea2.jpg

162.19.58.156

200 OK

71 kB

URL GET HTTP/2
i.ibb.co/SxZ9Zsd/31d4353f-a528-4d8f-a99a-10d2c0868ea2.jpg
IP
162.19.58.156:443
ASN
#16276 OVH SAS

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerLet's Encrypt
Subjectibb.co
FingerprintCC:72:96:95:90:7F:15:8E:AC:C5:40:3A:D2:6F:83:A3:DF:5E:72:56
ValidityMon, 09 Oct 2023 14:39:49 GMT - Sun, 07 Jan 2024 14:39:48 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], progressive, precision 8, 542x640, components 3\012- data
Size
71 kB (70819 bytes)
Hash
48667ec8598d7db5e1f02458b6433b2c
7b55c5226302f5164536eeac562746c308aefd45
460ebc493bb06e63dd0e5284d17cabe5d7f3f9cdf1adca6ff0fef17a820ccab6

HTTP Headers

GET /SxZ9Zsd/31d4353f-a528-4d8f-a99a-10d2c0868ea2.jpg HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 04 Dec 2023 00:20:10 GMT
content-type: image/jpeg
content-length: 70819
last-modified: Sat, 07 Oct 2023 19:50:47 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

pl20943602.highcpmrevenuegate.com/57/c9/da/57c9daa54196b6a1b7152a8dce695ce0.js

173.233.137.60

200 OK

16 kB

URL GET HTTP/1.1
pl20943602.highcpmrevenuegate.com/57/c9/da/57c9daa54196b6a1b7152a8dce695ce0.js
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerLet's Encrypt
Subjecthighcpmrevenuegate.com
Fingerprint8F:E7:DE:46:88:0B:3D:4A:06:BE:83:06:1C:4D:29:E4:2E:4D:3B:0A
ValidityTue, 28 Nov 2023 06:56:51 GMT - Mon, 26 Feb 2024 06:56:50 GMT

File type
ASCII text, with very long lines (42840), with no line terminators
Size
16 kB (15462 bytes)
Hash
785a52f1cc00c897f197a630de1925dd
54ebb40f82690c36b3628ee5c3d78b1b47368c1d
1604361cbdbe59dfd604bfea851826b60d6b60f6c0a84a8c8b2440b9290dfe74

HTTP Headers

GET /57/c9/da/57c9daa54196b6a1b7152a8dce695ce0.js HTTP/1.1
Host: pl20943602.highcpmrevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 00:20:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 020f5609590738f18aa4610ff1411155
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

149.154.167.99

200 OK

11 kB

URL GET HTTP/2
telegram.org/fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11028, version 1.0\012- data
Size
11 kB (11028 bytes)
Hash
1f6d3cf6d38f25d83d95f5a800b8cac3
279f300ca2cbbdf9f5036ef2f438607fbf377daa
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

HTTP Headers

GET /fonts/Roboto/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://awek-twitter-viral-hot.tme-viral.com
DNT: 1
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 04 Dec 2023 00:20:10 GMT
content-type: application/octet-stream
content-length: 11028
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b14"
expires: Fri, 08 Dec 2023 00:20:10 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

149.154.167.99

200 OK

11 kB

URL GET HTTP/2
telegram.org/fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
Web Open Font Format (Version 2), TrueType, length 11040, version 1.0\012- data
Size
11 kB (11040 bytes)
Hash
5e22a46c04d947a36ea0cad07afcc9e1
6091d981c2a4ee975c7f6b56186ee698040bb804
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

HTTP Headers

GET /fonts/Roboto/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://awek-twitter-viral-hot.tme-viral.com
DNT: 1
Connection: keep-alive
Referer: https://telegram.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 04 Dec 2023 00:20:10 GMT
content-type: application/octet-stream
content-length: 11040
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: "63512b7d-2b20"
expires: Fri, 08 Dec 2023 00:20:10 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ebc0f19a7067085e95ff0e35ee441f4d
23c3d68afd4c1c6cdecce9007aa3bddc793bc52d
6a07099ef655ed036e4a865236f8a6e5549e9a468e207691923634fc51c3186d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Mon, 04 Dec 2023 00:20:11 GMT
Last-Modified: Sun, 03 Dec 2023 23:59:39 GMT
Server: ECAcc (ska/F7B0)
X-Cache: Miss from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gCIJTmtDi1BCV7kUoz6UatkHv5InCV2Y7SyKusN55GAaiO3Z-P7i7g==
Age: 1232

proftrafficcounter.com/stats

18.157.203.0

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.157.203.0:443
ASN
#16509 AMAZON-02

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
c5620ed7a03acc64ee3265b5e61991e4
ec591ffa4ddafd1f48f7d05aeb41b8649a97eaf2
eb03dc151aab36dd4959cc52023a17ef6b2687514c54160094f1c7c8de4131bb

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://awek-twitter-viral-hot.tme-viral.com
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 00:20:11 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://awek-twitter-viral-hot.tme-viral.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=007e3122-23db-4cc0-b718-052d6307e1f4:1:1; expires=Thu, 01 Dec 2033 00:20:11 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

telegram.org/img/apple-touch-icon.png

149.154.167.99

200 OK

5.6 kB

URL GET HTTP/2
telegram.org/img/apple-touch-icon.png
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGB, non-interlaced\012- data
Size
5.6 kB (5644 bytes)
Hash
295ccdb03006b8dfef45090dafbd46ac
491ab660270e47cbac6a5731c51cca71c1c1b2b1
a51d667d4262047c23e3a2a8aac3b46dc8a58c686cc013f2354011c07bf22cf3

HTTP Headers

GET /img/apple-touch-icon.png HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 04 Dec 2023 00:20:11 GMT
content-type: image/png
content-length: 5644
last-modified: Thu, 21 Apr 2022 13:47:47 GMT
etag: "62616083-160c"
expires: Fri, 08 Dec 2023 00:20:11 GMT
cache-control: max-age=345600
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

growledavenuejill.com/sbar.json?key=57c9daa54196b6a1b7152a8dce695ce0&uuid=007e3122-23db-4cc0-b718-052d6307e1f4%3A1%3A1

173.233.137.36

200 OK

4.4 kB

URL GET HTTP/1.1
growledavenuejill.com/sbar.json?key=57c9daa54196b6a1b7152a8dce695ce0&uuid=007e3122-23db-4cc0-b718-052d6307e1f4%3A1%3A1
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerLet's Encrypt
Subjectgrowledavenuejill.com
Fingerprint50:97:C7:CA:37:99:93:62:32:18:B9:E4:22:54:6D:32:09:B4:97:72
ValidityTue, 28 Nov 2023 10:58:45 GMT - Mon, 26 Feb 2024 10:58:44 GMT

File type
JSON data\012- , ASCII text, with very long lines (6148), with no line terminators
Size
4.4 kB (4368 bytes)
Hash
8bb62f142479bfb9d53197452e94daf5
75f6123bd5d6f55385f4615c206d6f5d6bdff96f
7ffc33b6173c1ed1d75fb1f7e9cd2d55d066a7547eac29874ef3b378450be837

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=57c9daa54196b6a1b7152a8dce695ce0&uuid=007e3122-23db-4cc0-b718-052d6307e1f4%3A1%3A1 HTTP/1.1
Host: growledavenuejill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://awek-twitter-viral-hot.tme-viral.com
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 00:20:11 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://awek-twitter-viral-hot.tme-viral.com
Access-Control-Allow-Origin: https://awek-twitter-viral-hot.tme-viral.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=20843103; expires=Tue, 05 Dec 2023 00:20:11 GMT; secure; SameSite=None
uid_id2=007e3122-23db-4cc0-b718-052d6307e1f4:1:1; expires=Mon, 11 Dec 2023 00:20:11 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 05 Dec 2023 00:20:11 GMT; secure; SameSite=None
uncs=1; expires=Tue, 05 Dec 2023 00:20:11 GMT; secure; SameSite=None
pdhtkv29=true; expires=Tue, 05 Dec 2023 00:20:11 GMT; secure; SameSite=None
uncs29=1; expires=Tue, 05 Dec 2023 00:20:11 GMT; secure; SameSite=None
slec57c9daa54196b6a1b7152a8dce695ce0=[4766299]; expires=Mon, 04 Dec 2023 00:20:16 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 049288598451415ebb7babeeba4c8619
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

telegram.org/img/website_icon.svg?4

149.154.167.99

200 OK

1.1 kB

URL GET HTTP/2
telegram.org/img/website_icon.svg?4
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
1.1 kB (1056 bytes)
Hash
cee5107c266e11ed2bc8b2b981e382a3
ed35b11eeb3ac93b04c77d94091659b9d28fcb71
c13c60fa7ac8fba90bf220e6ea24740d818c406cb04b3364af148a744922e4a9

HTTP Headers

GET /img/website_icon.svg?4 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 04 Dec 2023 00:20:11 GMT
content-type: image/svg+xml
last-modified: Mon, 20 Jul 2020 20:41:37 GMT
etag: W/"5f160181-768"
expires: Fri, 08 Dec 2023 00:20:11 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=007e3122-23db-4cc0-b718-052d6307e1f4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=57c9daa54196b6a1b7152a8dce695ce0&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=0

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=007e3122-23db-4cc0-b718-052d6307e1f4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=57c9daa54196b6a1b7152a8dce695ce0&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=0
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint79:45:7F:58:D5:82:45:0A:7D:1E:FF:7A:98:05:26:E9:D6:FE:91:14
ValidityWed, 22 Nov 2023 07:56:28 GMT - Tue, 20 Feb 2024 07:56:27 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=007e3122-23db-4cc0-b718-052d6307e1f4&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.3095&b_frame=0&pk=57c9daa54196b6a1b7152a8dce695ce0&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=0 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 00:20:12 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8626d278593bf4216ab96ff40e5a82bf
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png

172.64.108.10

200 OK

591 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/img/close.png
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced\012- data
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 00:20:13 GMT
content-type: image/png
content-length: 591
last-modified: Mon, 21 Feb 2022 10:06:44 GMT
etag: "62136434-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1791533
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BwfQwpvezEaCzYwuJ5DdhaT3iczyrTGu16pIOoDcIWzTWUyevLtAieezriEutt6EWTTn%2BpJ9gTbPIoLXJ33QRP6fbej3zRDieElwuaBnneui3WFOi1daNxDoutHz0pYJBDQdXu7IZ96l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ffe1e33a116385-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png

45.133.44.9

200 OK

9.0 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size
9.0 kB (9016 bytes)
Hash
a56f06ca83ee06488a213b352e00bd90
aec437b74eb6f1143683872fb2d664286da4a664
7144c526762a9d91bdde1939194c2835f2cb1afe0ebac298bbdf1e9239b539ec

HTTP Headers

GET /si/98/58/2f/98582fa31e3a411721a1f890fd22419a/1700491903.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 00:20:14 GMT
content-type: image/png
content-length: 9016
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:51:52 GMT
etag: "655b7288-2338"
expires: Wed, 06 Dec 2023 00:20:14 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

104.21.234.32

200 OK

47 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
104.21.234.32:443
ASN
#13335 CLOUDFLARENET

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
47 kB (47123 bytes)
Hash
924e967bca1d599992556a8d139b1c5a
222b09dbf164ddc03d39100fd0524a22018d28b2
ac84c2f8288b59f8e04ba77287ce696052bfeee0d462a566d94dc305df646c95

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 00:20:12 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 10136d1e912c24976490784163a4d348
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 04 Dec 2023 00:20:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ahfbz7AE4Y1ovZbVpZC7xiYN1bnhoAD0M0K6C1QDjLbeKm1Y%2BfjDg9T1%2Bjcvj3Mn81%2BRwNfk%2BxgI3IL0hOcv2wx8syTMPWRJykaJpqYVNEKKma9FdZaGDGgkrXDLao57ur%2BMF10%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ffe1d658344c85-HEL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

growledavenuejill.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST6hbxRee2%2Fa3%2BYkLtRsRIYsuKpi8%2Byf3JbFgsdbWYm1L%2F9CFC5k7M8kbM%2FfOZWZubho3xYLUXQouXN735bUPaynWpSBIniBSEBoFycIn4r4boWtJXiB6YOac73yzON935tPtYp8EKOj80vt6JJWiG3HDrx2%2FLjOuS1u7cLUW%2BA3%2FRO26zDabJ2rDxWUGbwR%2B3PBfq50VrK83Qj%2Fw%2FcAPamekEV093FiykPmDTtDo%2BI1m2AjiJobmv9gWHiz1wAf75EVIPvvf1k%2BPINkUWfr1aWH7Tuevv5MWijptMOC717J%2BpssM6brsGg%2FdbHf1GtrOCPniEHS2u1IAPdhZKEAiZ8T7LUCS7a7GRDK4ezBpoiAyJPw5lIMphJpC0imYvgXJnxCAcVy4iCy9d0Gbkt44YOmCnZEjz%2F6GLGfkyO9HkaUPTyk5rF3RqnBSZxbDbgU5nEL2psiLPbiRB1nugblPIPnPZOPZeWTpzkWrNCSfH%2FP9loiCMKyHEU%2FqTcb8etIK2nU%2FDvlm5LdE0G0uLZJyCtmdQokxqPVQLI70UHQ9FLmHlM9rNO50fb%2FVTbpR1G4yxqKIsbi9yWMeNdtdHwVbaBjD5WMwNQYzN5Gbm%2BjLO0%2FiH2GK72G3KljuwTqCAa9QCoLSEpSUoJQEpSMoB9Vdrmxoq3tc2SIJVjlc5aiaaNfbpne164mMgJrxdr5PXlj45735%2Fw%2FRF%2FNa3GIdTmncDDqbySYNklYQh7TNmdjsxEz4sLKCtIeWakdyRhr3P0MuZ%2BSlP35FQvdg1R6YPAxavApaTlqhD7o1abZ9jLL5MVqKft2V0jlh6gNpqKpvaddwqThADaZTcF0hd0fgbnjbap%2B8vFzwu99%2BAMEen%2Fx89OfZh0c%2FBjMVclPhI%2FkDQU%2FdnlzWJdm5rEtLHl3MnUzliC6Wf8VRJw7ff0%2FcKLXh507b8ZdvsQWxKB9cFdadpxmXWc%2BSr05JzoU5ow0T5Ltz9rpILhV261RhsiI%2Ff%2BntM%2BfS3Ahrpc6moHJGyNNvwOSMPP%2FULj%2F28Wt%2FQZopTFEhLR6TVUDqPbD8Jmy%2B7llNYNQaJ7mHsqgmJkzWTSUJlFhjmlSw%2F8LJut62t9EzHqi7hSytMDAVBqoCVWPY4vDE5ebxyV%2BiZSBR3iRRxttJlFF3Dsy1cl6Lg6ZoJ%2B0W4zwRjAetMGpHvh9y3mx1RNCBszORvnLiHwAAAP%2F%2FAQAA%2F%2F%2FzA3XWsAQAAA%3D%3D

173.233.137.36

200 OK

7 B

URL GET HTTP/1.1
growledavenuejill.com/impr.gif?sid=H4sIAAAAAAAC%2F1RST6hbxRee2%2Fa3%2BYkLtRsRIYsuKpi8%2Byf3JbFgsdbWYm1L%2F9CFC5k7M8kbM%2FfOZWZubho3xYLUXQouXN735bUPaynWpSBIniBSEBoFycIn4r4boWtJXiB6YOac73yzON935tPtYp8EKOj80vt6JJWiG3HDrx2%2FLjOuS1u7cLUW%2BA3%2FRO26zDabJ2rDxWUGbwR%2B3PBfq50VrK83Qj%2Fw%2FcAPamekEV093FiykPmDTtDo%2BI1m2AjiJobmv9gWHiz1wAf75EVIPvvf1k%2BPINkUWfr1aWH7Tuevv5MWijptMOC717J%2BpssM6brsGg%2FdbHf1GtrOCPniEHS2u1IAPdhZKEAiZ8T7LUCS7a7GRDK4ezBpoiAyJPw5lIMphJpC0imYvgXJnxCAcVy4iCy9d0Gbkt44YOmCnZEjz%2F6GLGfkyO9HkaUPTyk5rF3RqnBSZxbDbgU5nEL2psiLPbiRB1nugblPIPnPZOPZeWTpzkWrNCSfH%2FP9loiCMKyHEU%2FqTcb8etIK2nU%2FDvlm5LdE0G0uLZJyCtmdQokxqPVQLI70UHQ9FLmHlM9rNO50fb%2FVTbpR1G4yxqKIsbi9yWMeNdtdHwVbaBjD5WMwNQYzN5Gbm%2BjLO0%2FiH2GK72G3KljuwTqCAa9QCoLSEpSUoJQEpSMoB9Vdrmxoq3tc2SIJVjlc5aiaaNfbpne164mMgJrxdr5PXlj45735%2Fw%2FRF%2FNa3GIdTmncDDqbySYNklYQh7TNmdjsxEz4sLKCtIeWakdyRhr3P0MuZ%2BSlP35FQvdg1R6YPAxavApaTlqhD7o1abZ9jLL5MVqKft2V0jlh6gNpqKpvaddwqThADaZTcF0hd0fgbnjbap%2B8vFzwu99%2BAMEen%2Fx89OfZh0c%2FBjMVclPhI%2FkDQU%2FdnlzWJdm5rEtLHl3MnUzliC6Wf8VRJw7ff0%2FcKLXh507b8ZdvsQWxKB9cFdadpxmXWc%2BSr05JzoU5ow0T5Ltz9rpILhV261RhsiI%2Ff%2BntM%2BfS3Ahrpc6moHJGyNNvwOSMPP%2FULj%2F28Wt%2FQZopTFEhLR6TVUDqPbD8Jmy%2B7llNYNQaJ7mHsqgmJkzWTSUJlFhjmlSw%2F8LJut62t9EzHqi7hSytMDAVBqoCVWPY4vDE5ebxyV%2BiZSBR3iRRxttJlFF3Dsy1cl6Lg6ZoJ%2B0W4zwRjAetMGpHvh9y3mx1RNCBszORvnLiHwAAAP%2F%2FAQAA%2F%2F%2FzA3XWsAQAAA%3D%3D
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerLet's Encrypt
Subjectgrowledavenuejill.com
Fingerprint50:97:C7:CA:37:99:93:62:32:18:B9:E4:22:54:6D:32:09:B4:97:72
ValidityTue, 28 Nov 2023 10:58:45 GMT - Mon, 26 Feb 2024 10:58:44 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RST6hbxRee2%2Fa3%2BYkLtRsRIYsuKpi8%2Byf3JbFgsdbWYm1L%2F9CFC5k7M8kbM%2FfOZWZubho3xYLUXQouXN735bUPaynWpSBIniBSEBoFycIn4r4boWtJXiB6YOac73yzON935tPtYp8EKOj80vt6JJWiG3HDrx2%2FLjOuS1u7cLUW%2BA3%2FRO26zDabJ2rDxWUGbwR%2B3PBfq50VrK83Qj%2Fw%2FcAPamekEV093FiykPmDTtDo%2BI1m2AjiJobmv9gWHiz1wAf75EVIPvvf1k%2BPINkUWfr1aWH7Tuevv5MWijptMOC717J%2BpssM6brsGg%2FdbHf1GtrOCPniEHS2u1IAPdhZKEAiZ8T7LUCS7a7GRDK4ezBpoiAyJPw5lIMphJpC0imYvgXJnxCAcVy4iCy9d0Gbkt44YOmCnZEjz%2F6GLGfkyO9HkaUPTyk5rF3RqnBSZxbDbgU5nEL2psiLPbiRB1nugblPIPnPZOPZeWTpzkWrNCSfH%2FP9loiCMKyHEU%2FqTcb8etIK2nU%2FDvlm5LdE0G0uLZJyCtmdQokxqPVQLI70UHQ9FLmHlM9rNO50fb%2FVTbpR1G4yxqKIsbi9yWMeNdtdHwVbaBjD5WMwNQYzN5Gbm%2BjLO0%2FiH2GK72G3KljuwTqCAa9QCoLSEpSUoJQEpSMoB9Vdrmxoq3tc2SIJVjlc5aiaaNfbpne164mMgJrxdr5PXlj45735%2Fw%2FRF%2FNa3GIdTmncDDqbySYNklYQh7TNmdjsxEz4sLKCtIeWakdyRhr3P0MuZ%2BSlP35FQvdg1R6YPAxavApaTlqhD7o1abZ9jLL5MVqKft2V0jlh6gNpqKpvaddwqThADaZTcF0hd0fgbnjbap%2B8vFzwu99%2BAMEen%2Fx89OfZh0c%2FBjMVclPhI%2FkDQU%2FdnlzWJdm5rEtLHl3MnUzliC6Wf8VRJw7ff0%2FcKLXh507b8ZdvsQWxKB9cFdadpxmXWc%2BSr05JzoU5ow0T5Ltz9rpILhV261RhsiI%2Ff%2BntM%2BfS3Ahrpc6moHJGyNNvwOSMPP%2FULj%2F28Wt%2FQZopTFEhLR6TVUDqPbD8Jmy%2B7llNYNQaJ7mHsqgmJkzWTSUJlFhjmlSw%2F8LJut62t9EzHqi7hSytMDAVBqoCVWPY4vDE5ebxyV%2BiZSBR3iRRxttJlFF3Dsy1cl6Lg6ZoJ%2B0W4zwRjAetMGpHvh9y3mx1RNCBszORvnLiHwAAAP%2F%2FAQAA%2F%2F%2FzA3XWsAQAAA%3D%3D HTTP/1.1
Host: growledavenuejill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Cookie: u_pl=20843103; uid_id2=007e3122-23db-4cc0-b718-052d6307e1f4:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 00:20:14 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b0ffc9ab29e5b3889cb888afa950e0cc
Strict-Transport-Security: max-age=0; includeSubdomains

growledavenuejill.com/pixel/sbs?c=1

173.233.137.36

200 OK

0 B

URL GET HTTP/1.1
growledavenuejill.com/pixel/sbs?c=1
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerLet's Encrypt
Subjectgrowledavenuejill.com
Fingerprint50:97:C7:CA:37:99:93:62:32:18:B9:E4:22:54:6D:32:09:B4:97:72
ValidityTue, 28 Nov 2023 10:58:45 GMT - Mon, 26 Feb 2024 10:58:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: growledavenuejill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Cookie: u_pl=20843103; uid_id2=007e3122-23db-4cc0-b718-052d6307e1f4:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 00:20:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://awek-twitter-viral-hot.tme-viral.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:13:56 GMT
expires: Thu, 28 Nov 2024 21:13:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 356779
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css

172.64.108.10

200 OK

17 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/style.css
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
17 kB (17130 bytes)
Hash
aae84ccade4cab86c1afdf4c4532762a
b08de856858a730e980fb2a0ca2f0e1442c03d46
6e45c9c8dba52c75144c153e63a04d055f15e5f39897ab3f2413154c9cf2e91f

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://awek-twitter-viral-hot.tme-viral.com
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 00:20:14 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:59:09 GMT
etag: W/"6213707d-1048"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ex%2FlTprRWd2zIVfpxMTO182mB0HYrQPfQMyQ6H85z72SJHFO%2FxkupiDW05vN1ZFD5FoJkbSwHV58Z%2BJ9GNNr9oH1Cqri7QBlLcgSrYw2WhX%2FVNNdpy1pDVQ9gGi2cr1m1oVrqhofzkMU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ffe1e32d7924b5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

6.8 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (7013), with no line terminators
Size
6.8 kB (6824 bytes)
Hash
49475c425d6c00477bb339179326c49b
bd97deeb753f44f43a21feafa92d98239fa511bd
598841a98ad357d2896d2f093ea3e4e1d44e24b3351268ffd45e61ff8c1d0e09

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 00:20:13 GMT
date: Mon, 04 Dec 2023 00:20:13 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png

45.133.44.9

200 OK

20 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
Fingerprint71:EC:C0:22:20:76:60:90:92:4C:5C:F3:AD:17:3C:41:B5:00:25:AF
ValidityThu, 23 Nov 2023 05:00:53 GMT - Wed, 21 Feb 2024 05:00:52 GMT

File type
PNG image data, 320 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (20001 bytes)
Hash
ea31001ce8fa95eb2ac1617515105332
d505ca04808c25cfa33a555c96886f421ddbbde7
0267f5cd21fe5609405724c20d6f021b8932a696ada766b8e86e42c670000ab3

HTTP Headers

GET /si/3c/d5/62/3cd562dd264800ee586ac2da770e9a65/1700491951.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 00:20:14 GMT
content-type: image/png
content-length: 20001
server: nginx/1.21.6
last-modified: Mon, 20 Nov 2023 14:52:40 GMT
etag: "655b72b8-4e21"
expires: Wed, 06 Dec 2023 00:20:14 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://awek-twitter-viral-hot.tme-viral.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 328961
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

awek-twitter-viral-hot.tme-viral.com/

104.21.50.25

200 OK

9.0 kB

URL User Request GET HTTP/2
awek-twitter-viral-hot.tme-viral.com/
IP
104.21.50.25:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecttme-viral.com
Fingerprint7D:57:2E:73:DB:1F:5B:BE:40:AE:B1:9A:3D:73:8E:B4:DB:09:B8:13
ValiditySun, 26 Nov 2023 20:23:10 GMT - Sat, 24 Feb 2024 20:23:09 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9355), with no line terminators
Size
9.0 kB (8969 bytes)
Hash
1b02e55bbb9b2c48d57682b1212465fd
360633327e0e4e0d9ed905128589e893b58df424
64c0a4a3e86abfe3ffaeba881f8388f15ba859f688394ebdbd8d4badd009bf6f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Telegram

HTTP Headers

GET / HTTP/1.1
Host: awek-twitter-viral-hot.tme-viral.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 00:20:09 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DayfU6k0YnYZ3yBG2aqX5B7cRfGUIJMScSxJhojCL44JXSXx%2FjbWc6tdJPmltrBhJobpe4TEAektI%2BrZ%2FGAbRqft9%2B%2Bcm4Kg1KtU08IJAbXe8BsNUSwOga0Z3xu9SlirVoa%2BIXBJso039lfIIeQMIxQiZWvoO8s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ffe1c6a97a5696-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

telegram.org/img/tgme/pattern.svg?1

149.154.167.99

200 OK

232 kB

URL GET HTTP/2
telegram.org/img/tgme/pattern.svg?1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
232 kB (231706 bytes)
Hash
d0c22c6a97023d85ba6e644a41c44a5d
4284efb616c182da4450c123174ce0e81a322845
118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4

HTTP Headers

GET /img/tgme/pattern.svg?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://telegram.org
DNT: 1
Connection: keep-alive
Referer: https://telegram.org/css/telegram.css?236
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 04 Dec 2023 00:20:10 GMT
content-type: image/svg+xml
last-modified: Thu, 05 Jan 2023 17:52:04 GMT
etag: W/"63b70e44-3891a"
expires: Fri, 08 Dec 2023 00:20:10 GMT
cache-control: max-age=345600
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js

172.64.108.10

200 OK

84 kB

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/jquery.min.js
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (32025)
Size
84 kB (84380 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 00:20:14 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 406334
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ydQcA0PoL61SEZdHJ%2FVqEqPAnmZo7eWQmEK83eA4GgX1ox5CeVGIDgQF1Y3CH8wo%2BC31R26s%2FJ9M8K9iJ4RPngVhIBTA9V8qGfc06QiSwRqZ7hpxUA4Xy0i6%2BMZY2%2FNgBQaYLv%2Frmxg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ffe1e4d98b63f6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

telegram.org/css/telegram.css?236

149.154.167.99

200 OK

115 kB

URL GET HTTP/2
telegram.org/css/telegram.css?236
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
ASCII text, with very long lines (1267)
Size
115 kB (114867 bytes)
Hash
0d209d756face073dd14a437f07e58b2
20cb9119fdd02921a6bd0b1500f78a0b76a7a5c0
acd326a9263ee8c4cbc757fed46333732a0e3f8f48d398cbd4f8e36a09fdaf76

HTTP Headers

GET /css/telegram.css?236 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 04 Dec 2023 00:20:10 GMT
content-type: text/css
last-modified: Mon, 20 Mar 2023 10:58:55 GMT
etag: W/"64183c6f-1c0b3"
expires: Fri, 08 Dec 2023 00:20:10 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html

45.133.44.4

200 OK

1.5 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint55:06:B7:F1:EF:E9:55:FB:7C:8C:4F:5D:DB:05:C9:15:19:90:9B:2F
ValiditySat, 11 Nov 2023 03:00:51 GMT - Fri, 09 Feb 2024 03:00:50 GMT

File type
HTML document text\012- HTML document, ASCII text, with very long lines (1639), with no line terminators
Size
1.5 kB (1538 bytes)
Hash
97b357c624104a8e915d01424dfe16ce
6bd7fcedfb7986b149601b1bc840f525b67a8f06
8d010e7163298acf3671bb429a2e0b1d69033a5adc314fa4bddebf74b9775e6e

HTTP Headers

GET /sb/au/48/48/eb/4848ebd6f7295875a5d388ec2488aba3/1648542421.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://awek-twitter-viral-hot.tme-viral.com
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 00:20:13 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Tue, 29 Mar 2022 08:27:10 GMT
etag: W/"6242c2de-602"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Mon, 04 Dec 2023 01:20:13 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

telegram.org/css/bootstrap.min.css?3

149.154.167.99

200 OK

42 kB

URL GET HTTP/2
telegram.org/css/bootstrap.min.css?3
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
ASCII text, with very long lines (42164)
Size
42 kB (42523 bytes)
Hash
c2656e265ef58a9cc9f4b70b15da5fb9
85c5ebdb89d4574d72688c2650d4b84b9b09770a
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

HTTP Headers

GET /css/bootstrap.min.css?3 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 04 Dec 2023 00:20:10 GMT
content-type: text/css
last-modified: Fri, 10 Nov 2017 17:54:14 GMT
etag: W/"5a05e7c6-a61b"
expires: Fri, 08 Dec 2023 00:20:10 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

telegram.org/css/font-roboto.css?1

149.154.167.99

200 OK

6.2 kB

URL GET HTTP/2
telegram.org/css/font-roboto.css?1
IP
149.154.167.99:443
ASN
#62041 Telegram Messenger Inc

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoDaddy.com, Inc.
Subject*.telegram.org
FingerprintAB:E8:E5:0A:DF:76:6C:98:C8:9F:D7:9C:26:CC:5E:B0:3D:AD:09:30
ValidityFri, 11 Aug 2023 16:00:43 GMT - Wed, 11 Sep 2024 16:00:43 GMT

File type
ASCII text, with very long lines (6354), with no line terminators
Size
6.2 kB (6166 bytes)
Hash
c06318a1f377e388b69b104b4cefa1a6
151f067aae997487880e573876f96b8d598e64db
1a53363e667fffef8a82588191989d36e680b4d341c6b557e62bf207311a3d70

HTTP Headers

GET /css/font-roboto.css?1 HTTP/1.1
Host: telegram.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 04 Dec 2023 00:20:10 GMT
content-type: text/css
last-modified: Thu, 20 Oct 2022 11:05:33 GMT
etag: W/"63512b7d-1816"
expires: Fri, 08 Dec 2023 00:20:10 GMT
cache-control: max-age=345600
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2

growledavenuejill.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvK7%2FMSDmouIMIccIjiz1T3TOzsGDMaYGIxJyB9y8CD1r3fLre5qqqqnN%2BslGJB4m4AHj73fbLIYQzAeBUFmBZGAkFGQPbgi3nMRcpbZXRh9UPXe9746vO979elGtUtiVGzn0vt2XRvDFtIObR2%2Frgtpa9%2B6cLUV0w490bqui8Xeidba7HLDN2KaduhrrbNKrNqFhMaUxjRundFOZXZtYY%2BFLh8M4s6AdnpJJ057WHP%2Fxb6K4FkEOdwlL0LL6f9WfnoELSYo8q9PK78abPn6O3llWLAOQ7l1rVgtbF0gn5eZi5AVWwevYf2UkC8OwRZbBwpgh5szBeB6SqLfYvBi62BM8OHd%2FUm5gSrA5XOohxMoM4FmEwh7C1o%2BIYCQuHARRX7vgnU1u7HPshk7JUee%2FQ1dT8mR34%2BiyB%2BeMnqtdcWaKmhbeKxlDfTaBHp5grLaRliPoOttiPAJtPyZLDw7jyLfvOiNhZY7xyjtq26cJO2kK3m7JwRt83681KZpIhe7tK%2FirLdnkdYT6GwCo0ZgPkI1OzpClUWoygi53GmxdJBR2s941u0u9YQQ3a4Q6dKiTGW3t5RRVGKmYYRQjiDMCMLdROluYlXfeZL%2BCFd9D7%2FSwMsIPhAMZYNaEdSeoGYEtSaoA0E9bO5K4xPf3JPGVzw%2ByMlB7jZjG5Y32F0bllVBwNxoo9wlL8z8i978%2F4dYVTuttC8GkrG0Fw8W%2BSKLeT9OE7YkhVocpEJReN1A%2B0N7atf1lHTuf4ZST8lLf%2FwKzrbhzTaEPgxWvQpWj%2FsJBVsZ95Yo1oudY6xWq%2B1Q6xCUaw%2B1Y6a9YkMn5GofdYTNIW2DMhxBuBFtmF3y8t6C3%2F32Ayjx%2BOTn63%2BefXj0YwjXoHQNPtI%2FECyb2%2BPLtiabl23tyaOLZdC5Xmez5V8JLKjD999TN2rr5LnTfvTlW2JGzMoHV5UP51khdbHsyVentJTKnbFOKPLdOX9d8UuVXzlVuaIqz196%2B8y5vHTKe22LCZieEvL0Gwg9Jc8%2F9Xsf%2B%2Fi1v6DdBK5qkFePyUFA222I8iZ8Oe95S%2BDMHPMyQl01Y5fwedNoAqPmmPEG%2Fl%2BYz%2BsNfxvLLgILt1DkDYauwdA0YGYEXx0eh9I9PvlLdy%2FATTTmxkWb3DhzZ99cr3daKs1opmiieDbgWZ9ROch6A84GserzlMUIfqryV078AwAA%2F%2F8BAAD%2F%2F%2BcL%2BzCwBAAA

173.233.137.36

200 OK

0 B

URL GET HTTP/1.1
growledavenuejill.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvK7%2FMSDmouIMIccIjiz1T3TOzsGDMaYGIxJyB9y8CD1r3fLre5qqqqnN%2BslGJB4m4AHj73fbLIYQzAeBUFmBZGAkFGQPbgi3nMRcpbZXRh9UPXe9746vO979elGtUtiVGzn0vt2XRvDFtIObR2%2Frgtpa9%2B6cLUV0w490bqui8Xeidba7HLDN2KaduhrrbNKrNqFhMaUxjRundFOZXZtYY%2BFLh8M4s6AdnpJJ057WHP%2Fxb6K4FkEOdwlL0LL6f9WfnoELSYo8q9PK78abPn6O3llWLAOQ7l1rVgtbF0gn5eZi5AVWwevYf2UkC8OwRZbBwpgh5szBeB6SqLfYvBi62BM8OHd%2FUm5gSrA5XOohxMoM4FmEwh7C1o%2BIYCQuHARRX7vgnU1u7HPshk7JUee%2FQ1dT8mR34%2BiyB%2BeMnqtdcWaKmhbeKxlDfTaBHp5grLaRliPoOttiPAJtPyZLDw7jyLfvOiNhZY7xyjtq26cJO2kK3m7JwRt83681KZpIhe7tK%2FirLdnkdYT6GwCo0ZgPkI1OzpClUWoygi53GmxdJBR2s941u0u9YQQ3a4Q6dKiTGW3t5RRVGKmYYRQjiDMCMLdROluYlXfeZL%2BCFd9D7%2FSwMsIPhAMZYNaEdSeoGYEtSaoA0E9bO5K4xPf3JPGVzw%2ByMlB7jZjG5Y32F0bllVBwNxoo9wlL8z8i978%2F4dYVTuttC8GkrG0Fw8W%2BSKLeT9OE7YkhVocpEJReN1A%2B0N7atf1lHTuf4ZST8lLf%2FwKzrbhzTaEPgxWvQpWj%2FsJBVsZ95Yo1oudY6xWq%2B1Q6xCUaw%2B1Y6a9YkMn5GofdYTNIW2DMhxBuBFtmF3y8t6C3%2F32Ayjx%2BOTn63%2BefXj0YwjXoHQNPtI%2FECyb2%2BPLtiabl23tyaOLZdC5Xmez5V8JLKjD999TN2rr5LnTfvTlW2JGzMoHV5UP51khdbHsyVentJTKnbFOKPLdOX9d8UuVXzlVuaIqz196%2B8y5vHTKe22LCZieEvL0Gwg9Jc8%2F9Xsf%2B%2Fi1v6DdBK5qkFePyUFA222I8iZ8Oe95S%2BDMHPMyQl01Y5fwedNoAqPmmPEG%2Fl%2BYz%2BsNfxvLLgILt1DkDYauwdA0YGYEXx0eh9I9PvlLdy%2FATTTmxkWb3DhzZ99cr3daKs1opmiieDbgWZ9ROch6A84GserzlMUIfqryV078AwAA%2F%2F8BAAD%2F%2F%2BcL%2BzCwBAAA
IP
173.233.137.36:443
ASN
#7979 SERVERS-COM

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerLet's Encrypt
Subjectgrowledavenuejill.com
Fingerprint50:97:C7:CA:37:99:93:62:32:18:B9:E4:22:54:6D:32:09:B4:97:72
ValidityTue, 28 Nov 2023 10:58:45 GMT - Mon, 26 Feb 2024 10:58:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxReuTvK7%2FMSDmouIMIccIjiz1T3TOzsGDMaYGIxJyB9y8CD1r3fLre5qqqqnN%2BslGJB4m4AHj73fbLIYQzAeBUFmBZGAkFGQPbgi3nMRcpbZXRh9UPXe9746vO979elGtUtiVGzn0vt2XRvDFtIObR2%2Frgtpa9%2B6cLUV0w490bqui8Xeidba7HLDN2KaduhrrbNKrNqFhMaUxjRundFOZXZtYY%2BFLh8M4s6AdnpJJ057WHP%2Fxb6K4FkEOdwlL0LL6f9WfnoELSYo8q9PK78abPn6O3llWLAOQ7l1rVgtbF0gn5eZi5AVWwevYf2UkC8OwRZbBwpgh5szBeB6SqLfYvBi62BM8OHd%2FUm5gSrA5XOohxMoM4FmEwh7C1o%2BIYCQuHARRX7vgnU1u7HPshk7JUee%2FQ1dT8mR34%2BiyB%2BeMnqtdcWaKmhbeKxlDfTaBHp5grLaRliPoOttiPAJtPyZLDw7jyLfvOiNhZY7xyjtq26cJO2kK3m7JwRt83681KZpIhe7tK%2FirLdnkdYT6GwCo0ZgPkI1OzpClUWoygi53GmxdJBR2s941u0u9YQQ3a4Q6dKiTGW3t5RRVGKmYYRQjiDMCMLdROluYlXfeZL%2BCFd9D7%2FSwMsIPhAMZYNaEdSeoGYEtSaoA0E9bO5K4xPf3JPGVzw%2ByMlB7jZjG5Y32F0bllVBwNxoo9wlL8z8i978%2F4dYVTuttC8GkrG0Fw8W%2BSKLeT9OE7YkhVocpEJReN1A%2B0N7atf1lHTuf4ZST8lLf%2FwKzrbhzTaEPgxWvQpWj%2FsJBVsZ95Yo1oudY6xWq%2B1Q6xCUaw%2B1Y6a9YkMn5GofdYTNIW2DMhxBuBFtmF3y8t6C3%2F32Ayjx%2BOTn63%2BefXj0YwjXoHQNPtI%2FECyb2%2BPLtiabl23tyaOLZdC5Xmez5V8JLKjD999TN2rr5LnTfvTlW2JGzMoHV5UP51khdbHsyVentJTKnbFOKPLdOX9d8UuVXzlVuaIqz196%2B8y5vHTKe22LCZieEvL0Gwg9Jc8%2F9Xsf%2B%2Fi1v6DdBK5qkFePyUFA222I8iZ8Oe95S%2BDMHPMyQl01Y5fwedNoAqPmmPEG%2Fl%2BYz%2BsNfxvLLgILt1DkDYauwdA0YGYEXx0eh9I9PvlLdy%2FATTTmxkWb3DhzZ99cr3daKs1opmiieDbgWZ9ROch6A84GserzlMUIfqryV078AwAA%2F%2F8BAAD%2F%2F%2BcL%2BzCwBAAA HTTP/1.1
Host: growledavenuejill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Cookie: u_pl=20843103; uid_id2=007e3122-23db-4cc0-b718-052d6307e1f4:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 00:20:12 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b7b525a3e0449d8f7de18746d1cd2c1c
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css

172.64.108.10

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/css/animate.css
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text
Size
79 kB (79249 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://awek-twitter-viral-hot.tme-viral.com
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 00:20:14 GMT
content-type: text/css
last-modified: Mon, 21 Feb 2022 10:06:42 GMT
etag: W/"62136432-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TgjJbdH4s7RhITYmGOZRMO9SxfDeF5EVluUbWcOb%2Bg5TnR%2Bl%2Bem0H6R2DgppvzX3mHk3OaP%2F7SAQxodXCZHJ35pEGzP3MtUWTT%2Bb%2FJ5gek9cW04Qrxtsvbu%2F5Xaeksr57VZVIDt0hBkM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ffe1e2ed5724b5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js

172.64.108.10

200 OK

958 B

URL GET HTTP/3
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/big1/js/script.js
IP
172.64.108.10:443
ASN
#13335 CLOUDFLARENET

Requested by
https://awek-twitter-viral-hot.tme-viral.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint2B:CC:32:FC:17:6F:25:69:2F:F4:A0:D9:DC:9C:C2:09:28:32:AB:34
ValiditySat, 21 Oct 2023 15:38:40 GMT - Fri, 19 Jan 2024 15:38:39 GMT

File type
ASCII text, with very long lines (1009), with no line terminators
Size
958 B (958 bytes)
Hash
04835fd7dd7f8cfbad901bee8cff2170
38e9ed1e93f8f0beba9447a99afe3995e63b6f3e
be63bbd38c66ca9a9ee1c8abfed042fd5fc090c40b91ad561e922744ece47c41

HTTP Headers

GET /sb/ssp/vpn/classic-push/big1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://awek-twitter-viral-hot.tme-viral.com
DNT: 1
Connection: keep-alive
Referer: https://awek-twitter-viral-hot.tme-viral.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 00:20:14 GMT
content-type: application/javascript
last-modified: Mon, 21 Feb 2022 10:06:46 GMT
etag: W/"62136436-3be"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oXbXzEF9FWMUmk%2FzDEDJajMW3jZ0wOZOuq9BJegKgQ78aWckZsBVKNvntIqnlS6oI7%2F%2Fk5g3SSgYxWUqZukrTY2pLct7TXCJJ44f5AiKuHnOSTFma6yXPkVakfEY1pGCVqNbme8qy37D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ffe1e5ca9263f6-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (30)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size