Report - gbtb.pages.dev/

Report Overview

Submitted URL
gbtb.pages.dev/
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-19 04:33:30
Access
public
Website Title
WhatsApp
Final URL
gbtb.pages.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gbtb.pages.dev	unknown	2020-09-02	2023-09-11	2024-02-01	3.9 kB	604 kB	188.114.96.1
sys.zongdiao3.cyou	unknown	2023-08-27	2023-09-03	2024-03-23	400 B	12 kB	172.67.177.103

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	gbtb.pages.dev/	WhatsApp
2024-04-18	medium	gbtb.pages.dev/	WhatsApp
2024-04-18	medium	gbtb.pages.dev/	WhatsApp
2024-04-18	medium	gbtb.pages.dev/	WhatsApp
2024-04-18	medium	gbtb.pages.dev/	WhatsApp
2024-04-18	medium	gbtb.pages.dev/	WhatsApp
2024-04-18	medium	gbtb.pages.dev/	WhatsApp
2024-04-18	medium	gbtb.pages.dev/	WhatsApp
2024-04-18	medium	gbtb.pages.dev/	WhatsApp

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	gbtb.pages.dev/jQuery/jquery.min.js	93 kB	2023-03-07	2024-05-02
Pretty URL gbtb.pages.dev/jQuery/jquery.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:45:50 Last Seen2024-05-02 05:41:19 Times Seen2706 Hash e3f24f23b859cf718282e3806ed5ce38 c92a61cb4fbc23adb05973638f60e2999bed4a26 e0108076470765be9ef1e9b242b8a52ef78c8f4532c7263426abc05ea4b60240 Loading...

	gbtb.pages.dev/jQuery/jquery.cookie.js	3.1 kB	2023-03-09	2024-05-02
Pretty URL gbtb.pages.dev/jQuery/jquery.cookie.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 03:01:09 Last Seen2024-05-02 05:41:19 Times Seen1695 Hash 19c1792f2450cad33de3544df3b706bd 6aedebeeb22958e76df928cd7d81a66883bbc0f1 55c173330e36aaceaf268be4fe4421376a4e9eab4ce0de8e32aeb1c75f1181af Loading...

	sys.zongdiao3.cyou/diao3.js	16 kB	2023-09-03	2024-05-02
Pretty URL sys.zongdiao3.cyou/diao3.js IP 172.67.177.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-03 15:45:58 Last Seen2024-05-02 05:41:19 Times Seen118 Hash e8fa4a9bd43a002479e313c46507fdb7 20abb18e5f9d19ec3ce42913cd3880af17a7fdaf 7d005cb97bd91f31a76d6efd1726f1505fc01dd5ed9949f0521ddcb2f19d1c34 Loading...

HTTP Transactions (10)

URL IP Response Size

gbtb.pages.dev/jQuery/jquery.cookie.js

188.114.96.1

200 OK

2.1 kB

URL GET HTTP/3
gbtb.pages.dev/jQuery/jquery.cookie.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbtb.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectgbtb.pages.dev
Fingerprint04:DC:A8:96:1E:4F:B2:97:AE:1A:77:D7:D9:2A:46:FB:32:81:C1:9B
ValidityWed, 06 Mar 2024 17:57:22 GMT - Tue, 04 Jun 2024 17:57:21 GMT

File type
JavaScript source, ASCII text
Size
2.1 kB (2121 bytes)
Hash
19c1792f2450cad33de3544df3b706bd
6aedebeeb22958e76df928cd7d81a66883bbc0f1
55c173330e36aaceaf268be4fe4421376a4e9eab4ce0de8e32aeb1c75f1181af

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /jQuery/jquery.cookie.js HTTP/1.1
Host: gbtb.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gbtb.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 04:33:05 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ccdb2dc189ac698dd8a582a4291c7451"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nYzyYsOoY4oOG6XeuZ4VGtJP9jTKh1DKHrRLX0IYkBe6qhkdIxNxSoKRxLNnzSZNpKJPNfuySBg3UlNz1Sbjjg4bbVx88Ib%2B%2FTak1NZtLtVU2HGXyBK9oxqkWolGseFfrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876a2caafe8c56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gbtb.pages.dev/static/stylex.css

188.114.96.1

200 OK

36 kB

URL GET HTTP/3
gbtb.pages.dev/static/stylex.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbtb.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectgbtb.pages.dev
Fingerprint04:DC:A8:96:1E:4F:B2:97:AE:1A:77:D7:D9:2A:46:FB:32:81:C1:9B
ValidityWed, 06 Mar 2024 17:57:22 GMT - Tue, 04 Jun 2024 17:57:21 GMT

File type
ASCII text, with very long lines (937)
Size
36 kB (35579 bytes)
Hash
ce08c431738ca6a8561b1c58a35b0b70
46628f24522fd5f7891a61a3668cde2aaaa80dd6
d3889a9a244c69018e4848bffa27b76845ca2c34813976342d4b122e6533bbca

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /static/stylex.css HTTP/1.1
Host: gbtb.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gbtb.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 04:33:05 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"65cf534a072c0cdda7d1094f883a9072"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AzpTFltM3LQKvclNGU1h4Sw%2BpoWrSsQlv5Fp3rtNdYLzMwNMyYvSLWhOkidz5ftbRTY3v5t4hbveoJy1353nt634uiziJLpBMf2ZoQ113KiMKxuiqG385SG%2Bm2Bn%2BdxrQw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876a2caafe8356be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

sys.zongdiao3.cyou/diao3.js

172.67.177.103

200 OK

11 kB

URL GET HTTP/2
sys.zongdiao3.cyou/diao3.js
IP
172.67.177.103:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbtb.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectsys.zongdiao3.cyou
Fingerprint86:35:FF:7B:F6:19:64:BA:C8:03:69:5D:9A:13:B6:69:A0:D1:39:00
ValidityThu, 22 Feb 2024 05:02:52 GMT - Wed, 22 May 2024 05:02:51 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (16134), with no line terminators
Size
11 kB (11353 bytes)
Hash
e8fa4a9bd43a002479e313c46507fdb7
20abb18e5f9d19ec3ce42913cd3880af17a7fdaf
7d005cb97bd91f31a76d6efd1726f1505fc01dd5ed9949f0521ddcb2f19d1c34

HTTP Headers

GET /diao3.js HTTP/1.1
Host: sys.zongdiao3.cyou
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gbtb.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 04:33:05 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"1254cf3ed48955a6d7f80cc1e6ccef2f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FZsz4s5v1oXLvAVVXT6FbEoK1daVzYNTUK5Agk3wgByda%2BQ5VvcakRD63HoTHrO%2FohBGGqcX7QG9kIL02K%2FFd8TtSC0L6Ndkycmx20zeV6Dv57bQNyiv75uPgdoopbNZoxRvILE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 876a2cab9c66568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gbtb.pages.dev/static/custom.css

188.114.96.1

200 OK

6.4 kB

URL GET HTTP/3
gbtb.pages.dev/static/custom.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbtb.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectgbtb.pages.dev
Fingerprint04:DC:A8:96:1E:4F:B2:97:AE:1A:77:D7:D9:2A:46:FB:32:81:C1:9B
ValidityWed, 06 Mar 2024 17:57:22 GMT - Tue, 04 Jun 2024 17:57:21 GMT

File type
ASCII text, with very long lines (321)
Size
6.4 kB (6358 bytes)
Hash
7d413243c55fff63ad9be884209f2599
0c367444009d5d650df6f997b8bb208e31b747cb
f30fa83cd51dc0dee27ef099447686b30f5d0eabb88bd7826472353321f1c582

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /static/custom.css HTTP/1.1
Host: gbtb.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gbtb.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 04:33:05 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"97b03e7ab753fc9f4b8c739f327ac142"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jr2Rh7i4Ror3WNT%2FHgfX9M%2FoaQHRwF4nAIwEtYiNvGiFeHvkqER%2Ft7vev7U1FrAnW0ayCqgLyCMWmPfwq%2BtQi9MqrZi5r%2FV3jttSeGfKO3OyjJwMzps4OqKffgD%2Fx9JBGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876a2caafe8456be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gbtb.pages.dev/

188.114.96.1

200 OK

9.1 kB

URL User Request GET HTTP/2
gbtb.pages.dev/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectgbtb.pages.dev
Fingerprint04:DC:A8:96:1E:4F:B2:97:AE:1A:77:D7:D9:2A:46:FB:32:81:C1:9B
ValidityWed, 06 Mar 2024 17:57:22 GMT - Tue, 04 Jun 2024 17:57:21 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (9258), with no line terminators
Size
9.1 kB (9100 bytes)
Hash
0de42683db93d9f0f7fe6f9114ea0b6a
ac375feea14584b49629b5e6293bb4db342e38ba
f65ef9b508d4ddbf4aee18f9fb833814f34edfdf43dca86015cabb5ad80bb7e1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET / HTTP/1.1
Host: gbtb.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 04:33:05 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"036630164950aac7f0b72fe0c189e9fc"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7W76xugo2K5K3rfPebnrz4dKsGdexniktZmWdg7zcGEAdQYrieIGzzlMGPBZlbO4wJZy3nkQV51F8O5SKHGsR2z5hDBQ4Ww3h%2Bp%2B5P5RbUxhmcdRQ6rEVt81PYq0AwIGzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876a2ca9abe756a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gbtb.pages.dev/jQuery/jquery.min.js

188.114.96.1

200 OK

93 kB

URL GET HTTP/3
gbtb.pages.dev/jQuery/jquery.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbtb.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectgbtb.pages.dev
Fingerprint04:DC:A8:96:1E:4F:B2:97:AE:1A:77:D7:D9:2A:46:FB:32:81:C1:9B
ValidityWed, 06 Mar 2024 17:57:22 GMT - Tue, 04 Jun 2024 17:57:21 GMT

File type
JavaScript source, ASCII text, with very long lines (32072)
Size
93 kB (93099 bytes)
Hash
e3f24f23b859cf718282e3806ed5ce38
c92a61cb4fbc23adb05973638f60e2999bed4a26
e0108076470765be9ef1e9b242b8a52ef78c8f4532c7263426abc05ea4b60240

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /jQuery/jquery.min.js HTTP/1.1
Host: gbtb.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gbtb.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 04:33:05 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"0b037baf132504ce7005a11383470752"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kHNT%2BXESNbOM0FVXS3HlxDC0bzD0Z4loej4UiLqDfKU64g25WzEaykMyoPt7jDbK%2Bln%2FkDpNMGd%2FCvctwvU2HkJfG3andw5Jl0XfalGRvHW%2F8JuRG%2BHO6tvreougY4v4pg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876a2caafe8b56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gbtb.pages.dev/static/bootstrap_qr.css

188.114.96.1

200 OK

199 kB

URL GET HTTP/3
gbtb.pages.dev/static/bootstrap_qr.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbtb.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectgbtb.pages.dev
Fingerprint04:DC:A8:96:1E:4F:B2:97:AE:1A:77:D7:D9:2A:46:FB:32:81:C1:9B
ValidityWed, 06 Mar 2024 17:57:22 GMT - Tue, 04 Jun 2024 17:57:21 GMT

File type

Size
199 kB (199357 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /static/bootstrap_qr.css HTTP/1.1
Host: gbtb.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gbtb.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 04:33:05 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"e4bbcc95152030b38637f48a21c57418"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hT3M4CRghyTKuQn3GYuOhcUsbtTafcP96tF%2B7VYqjUc64xgGlf2HbSLPFc3%2BgTuFNsctyIz5Y39SrDrFEKdYLgeHFAxmk3Ks3lt%2B2rkTK4wn3IpCbDclbXB2%2FC54hRak6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876a2caafe8856be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gbtb.pages.dev/static/bootstrap_main.css

188.114.96.1

200 OK

231 kB

URL GET HTTP/3
gbtb.pages.dev/static/bootstrap_main.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbtb.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectgbtb.pages.dev
Fingerprint04:DC:A8:96:1E:4F:B2:97:AE:1A:77:D7:D9:2A:46:FB:32:81:C1:9B
ValidityWed, 06 Mar 2024 17:57:22 GMT - Tue, 04 Jun 2024 17:57:21 GMT

File type

Size
231 kB (230892 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /static/bootstrap_main.css HTTP/1.1
Host: gbtb.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gbtb.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 04:33:05 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"7ca16cf6d52cdc4b22a43f8a302fe11f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6xnvXd%2BUUE7zsLu7JmbIM8hf%2FkA6H0kAA2A0vObBqpg403%2BElkeujTTyQgZGXSdrkoccJ8LCH3yxCRv4n3SuYQ1pFnZ1BfDxZzf4iQ682Xf%2FSD%2ByMwfRGOxDsy4dR0D96A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876a2caafe8956be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gbtb.pages.dev/jQuery/qrcode.min.js

188.114.96.1

200 OK

20 kB

URL GET HTTP/3
gbtb.pages.dev/jQuery/qrcode.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbtb.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectgbtb.pages.dev
Fingerprint04:DC:A8:96:1E:4F:B2:97:AE:1A:77:D7:D9:2A:46:FB:32:81:C1:9B
ValidityWed, 06 Mar 2024 17:57:22 GMT - Tue, 04 Jun 2024 17:57:21 GMT

File type
ASCII text, with very long lines (19927), with no line terminators
Size
20 kB (19927 bytes)
Hash
517b55d3688ce9ef1085a3d9632bcb97
2d06c1f823f34c19981c6ae0b0eb0f5861c5e14b
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /jQuery/qrcode.min.js HTTP/1.1
Host: gbtb.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gbtb.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 04:33:05 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"7ada293847f072170f0c5a32bd67bad3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aEJPhsSb8Uff1BYEBniBTrVkA2x8FmMy92sUPrBCdyXXTwSIRw0DHgzTm%2FAAqjCtwfF1xkhsQRxCWwWUDAEGtOdB2uznAEA8D3%2BSqED86wjd53JRK%2BfUxT9PKAxpdx7inA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876a2cab0e9256be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gbtb.pages.dev/static/favicon.png

188.114.96.1

200 OK

787 B

URL GET HTTP/3
gbtb.pages.dev/static/favicon.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gbtb.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectgbtb.pages.dev
Fingerprint04:DC:A8:96:1E:4F:B2:97:AE:1A:77:D7:D9:2A:46:FB:32:81:C1:9B
ValidityWed, 06 Mar 2024 17:57:22 GMT - Tue, 04 Jun 2024 17:57:21 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
787 B (787 bytes)
Hash
c5088e888c97ad440a61d247596f88e5
865a0d1bb7e1245e046c5e1bae988cce53330280
d0cadf240e89340b93df35240e7809039c1c574be05fbe2cf3243e2f487bc9ec

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /static/favicon.png HTTP/1.1
Host: gbtb.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gbtb.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 04:33:06 GMT
content-type: image/png
content-length: 787
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "49fc93eee548aeabb214271c79fcefb4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BZwE9pjFAmn4FWRI83zFnp4SQ9OvEWWblFILxr7fNrMSD9ZMsnZe1dQ%2Fyg5H1rdZTKK%2BB0ONpqlI%2Fx31pSVk8wqiR2OsM3oyvIMjNGzJqmO4%2FP4EI%2FljETMseHrpUnRxSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876a2cafc8d056be-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN