Report - dffd.pages.dev/

Report Overview

Submitted URL
dffd.pages.dev/
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 18:04:21
Access
public
Website Title
WhatsApp
Final URL
dffd.pages.dev/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
36

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dffd.pages.dev	unknown	2020-09-02	2023-06-20	2024-03-26	3.9 kB	229 kB	188.114.97.1
sys.zongdiao3.cyou	unknown	2023-08-27	2023-09-03	2024-02-22	400 B	17 kB	104.21.43.88

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	dffd.pages.dev/	WhatsApp
2024-05-07	medium	dffd.pages.dev/	WhatsApp
2024-05-07	medium	dffd.pages.dev/	WhatsApp
2024-05-07	medium	dffd.pages.dev/	WhatsApp
2024-05-07	medium	dffd.pages.dev/	WhatsApp
2024-05-07	medium	dffd.pages.dev/	WhatsApp
2024-05-07	medium	dffd.pages.dev/	WhatsApp
2024-05-07	medium	dffd.pages.dev/	WhatsApp
2024-05-07	medium	dffd.pages.dev/	WhatsApp

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	dffd.pages.dev	Sinkholed
2024-05-07	medium	dffd.pages.dev	Sinkholed
2024-05-07	medium	dffd.pages.dev	Sinkholed
2024-05-07	medium	dffd.pages.dev	Sinkholed
2024-05-07	medium	dffd.pages.dev	Sinkholed
2024-05-07	medium	dffd.pages.dev	Sinkholed
2024-05-07	medium	dffd.pages.dev	Sinkholed
2024-05-07	medium	dffd.pages.dev	Sinkholed
2024-05-07	medium	dffd.pages.dev	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	sys.zongdiao3.cyou/diao3.js	16 kB	2023-09-03	2024-05-07
Pretty URL sys.zongdiao3.cyou/diao3.js IP 104.21.43.88 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-03 15:45:58 Last Seen2024-05-07 20:04:22 Times Seen120 Hash e8fa4a9bd43a002479e313c46507fdb7 20abb18e5f9d19ec3ce42913cd3880af17a7fdaf 7d005cb97bd91f31a76d6efd1726f1505fc01dd5ed9949f0521ddcb2f19d1c34 Loading...

	dffd.pages.dev/jQuery/jquery.min.js	93 kB	2023-03-07	2024-05-19
Pretty URL dffd.pages.dev/jQuery/jquery.min.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:45:50 Last Seen2024-05-19 08:49:31 Times Seen2750 Hash e3f24f23b859cf718282e3806ed5ce38 c92a61cb4fbc23adb05973638f60e2999bed4a26 e0108076470765be9ef1e9b242b8a52ef78c8f4532c7263426abc05ea4b60240 Loading...

	dffd.pages.dev/jQuery/jquery.cookie.js	3.1 kB	2023-03-09	2024-05-17
Pretty URL dffd.pages.dev/jQuery/jquery.cookie.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 03:01:09 Last Seen2024-05-17 19:55:42 Times Seen1721 Hash 19c1792f2450cad33de3544df3b706bd 6aedebeeb22958e76df928cd7d81a66883bbc0f1 55c173330e36aaceaf268be4fe4421376a4e9eab4ce0de8e32aeb1c75f1181af Loading...

HTTP Transactions (10)

URL IP Response Size

dffd.pages.dev/static/stylex.css

188.114.97.1

200 OK

30 kB

URL GET HTTP/3
dffd.pages.dev/static/stylex.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dffd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdffd.pages.dev
Fingerprint4C:C7:FB:41:D3:6D:13:8B:AE:AF:F1:9F:93:98:42:19:C8:A5:B3:4B
ValidityMon, 18 Mar 2024 12:30:36 GMT - Sun, 16 Jun 2024 12:30:35 GMT

File type
ASCII text, with very long lines (937)
Size
30 kB (30441 bytes)
Hash
ce08c431738ca6a8561b1c58a35b0b70
46628f24522fd5f7891a61a3668cde2aaaa80dd6
d3889a9a244c69018e4848bffa27b76845ca2c34813976342d4b122e6533bbca

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/stylex.css HTTP/1.1
Host: dffd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dffd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:03:57 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"65cf534a072c0cdda7d1094f883a9072"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YmFve%2F5BAJmjD515VeJFHWHcVwIjqZtge6jHTduyasylr7W7NX5Ba5TlFTOVK5gqvgXCk9j7f6XiBohIXrcZtfPXvozO6UqFl%2FYQkqicB5wg1Hee4BxEwN%2FTJy4DAmvCAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880321330811b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dffd.pages.dev/jQuery/jquery.min.js

188.114.97.1

200 OK

34 kB

URL GET HTTP/3
dffd.pages.dev/jQuery/jquery.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dffd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdffd.pages.dev
Fingerprint4C:C7:FB:41:D3:6D:13:8B:AE:AF:F1:9F:93:98:42:19:C8:A5:B3:4B
ValidityMon, 18 Mar 2024 12:30:36 GMT - Sun, 16 Jun 2024 12:30:35 GMT

File type
JavaScript source, ASCII text, with very long lines (32072)
Size
34 kB (34381 bytes)
Hash
e3f24f23b859cf718282e3806ed5ce38
c92a61cb4fbc23adb05973638f60e2999bed4a26
e0108076470765be9ef1e9b242b8a52ef78c8f4532c7263426abc05ea4b60240

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jQuery/jquery.min.js HTTP/1.1
Host: dffd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dffd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:03:57 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"0b037baf132504ce7005a11383470752"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o6SMDlVEl1jMG8WOfgYqNx0aHmfCrwgYV5hNzTtEZmLuRTiPslNdxwxcZwFWnVil9yzrK96UWtVUJjpif5DgbS0wrBLXcplcMACjBxO5CiN8u%2BAulplMySNpHwB9ha%2BXgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88032133183cb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

sys.zongdiao3.cyou/diao3.js

104.21.43.88

200 OK

17 kB

URL GET HTTP/2
sys.zongdiao3.cyou/diao3.js
IP
104.21.43.88:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dffd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectsys.zongdiao3.cyou
Fingerprint79:F6:6B:EA:B0:53:63:00:81:00:3F:13:DC:44:2A:20:8B:F8:72:89
ValiditySun, 21 Apr 2024 04:54:13 GMT - Sat, 20 Jul 2024 04:54:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (16134), with no line terminators
Size
17 kB (16619 bytes)
Hash
e8fa4a9bd43a002479e313c46507fdb7
20abb18e5f9d19ec3ce42913cd3880af17a7fdaf
7d005cb97bd91f31a76d6efd1726f1505fc01dd5ed9949f0521ddcb2f19d1c34

HTTP Headers

GET /diao3.js HTTP/1.1
Host: sys.zongdiao3.cyou
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dffd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 18:03:57 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400, must-revalidate
etag: W/"1254cf3ed48955a6d7f80cc1e6ccef2f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hgSSwn27u7tvDaaRoyoSbDIflMP5iepXYAsPlGQEu7HICQmJf9Na9cdG%2FO3IEN1TKb7GlnPwrbzxfPQgq4CJojiPN3FNtBOGn2Mya%2BpILa8rxIk5FtZaRVN51AHyrLlcwCcbS78%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
server: cloudflare
cf-ray: 88032133ac5556a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

dffd.pages.dev/static/custom.css

188.114.97.1

200 OK

6.4 kB

URL GET HTTP/3
dffd.pages.dev/static/custom.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dffd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdffd.pages.dev
Fingerprint4C:C7:FB:41:D3:6D:13:8B:AE:AF:F1:9F:93:98:42:19:C8:A5:B3:4B
ValidityMon, 18 Mar 2024 12:30:36 GMT - Sun, 16 Jun 2024 12:30:35 GMT

File type
ASCII text, with very long lines (321)
Size
6.4 kB (6412 bytes)
Hash
7d413243c55fff63ad9be884209f2599
0c367444009d5d650df6f997b8bb208e31b747cb
f30fa83cd51dc0dee27ef099447686b30f5d0eabb88bd7826472353321f1c582

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/custom.css HTTP/1.1
Host: dffd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dffd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:03:57 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"97b03e7ab753fc9f4b8c739f327ac142"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BcS6cyMEKgtWlBW089k8PyXMmr5SiZS4X%2FR8SsHz1W6XkV27%2FuWNVAajoa8xry8KXSAwhKqmDufLfSxX7VKLVoyozX19v%2BX5hnlUYQtK8lcyR4U6%2FA2FKhKM9qQ5fl0z6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880321330815b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dffd.pages.dev/static/bootstrap_qr.css

188.114.97.1

200 OK

60 kB

URL GET HTTP/3
dffd.pages.dev/static/bootstrap_qr.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dffd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdffd.pages.dev
Fingerprint4C:C7:FB:41:D3:6D:13:8B:AE:AF:F1:9F:93:98:42:19:C8:A5:B3:4B
ValidityMon, 18 Mar 2024 12:30:36 GMT - Sun, 16 Jun 2024 12:30:35 GMT

File type
Unicode text, UTF-8 text, with very long lines (19187)
Size
60 kB (60090 bytes)
Hash
32b6b5aa0a9ade5647bc8879a917bb7d
496916edc648486210c5b54acd3b61fa896dbe30
5f95a290990daa0e2a906bb28fe4bd14211e570ac1b3d120e05ec4566c0246d1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/bootstrap_qr.css HTTP/1.1
Host: dffd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dffd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:03:57 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"e4bbcc95152030b38637f48a21c57418"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BrrD35p3cHn4U1ZZ8ZK1uqIby8VtdbaYUqD9je0U7GI%2BxuRFcA71C%2Bk5K73mB%2By9V%2BMDGmEyIS%2FRnW86zpc74EIEB2oyt3wkT3ynjRKlIga0LVwNlro2l8y7fOvjMqId8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880321331827b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dffd.pages.dev/jQuery/jquery.cookie.js

188.114.97.1

200 OK

11 kB

URL GET HTTP/3
dffd.pages.dev/jQuery/jquery.cookie.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dffd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdffd.pages.dev
Fingerprint4C:C7:FB:41:D3:6D:13:8B:AE:AF:F1:9F:93:98:42:19:C8:A5:B3:4B
ValidityMon, 18 Mar 2024 12:30:36 GMT - Sun, 16 Jun 2024 12:30:35 GMT

File type
JavaScript source, ASCII text
Size
11 kB (10630 bytes)
Hash
19c1792f2450cad33de3544df3b706bd
6aedebeeb22958e76df928cd7d81a66883bbc0f1
55c173330e36aaceaf268be4fe4421376a4e9eab4ce0de8e32aeb1c75f1181af

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jQuery/jquery.cookie.js HTTP/1.1
Host: dffd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dffd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:03:57 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"ccdb2dc189ac698dd8a582a4291c7451"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=adDhCHinzIxEtqfeMo7YFZCZGjYDLks2ZNF86vfZmAT9rxPiPNsU21rUmMObSMrDQ1UheZ3jfTv39aJhnsdeSNVSZwwkEDRIe5ZSuCUDCGSZmSGe3GPHy%2BoMSeI4LleBng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880321331844b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dffd.pages.dev/static/bootstrap_main.css

188.114.97.1

200 OK

50 kB

URL GET HTTP/3
dffd.pages.dev/static/bootstrap_main.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dffd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdffd.pages.dev
Fingerprint4C:C7:FB:41:D3:6D:13:8B:AE:AF:F1:9F:93:98:42:19:C8:A5:B3:4B
ValidityMon, 18 Mar 2024 12:30:36 GMT - Sun, 16 Jun 2024 12:30:35 GMT

File type
Unicode text, UTF-8 text, with very long lines (17744)
Size
50 kB (50011 bytes)
Hash
02c7486dd271c0c49734decd78c4c3ae
89e0c6d14d65448e6da66bed796c216af00740e1
6cf9d93792cdfccd76c36adea0894dc980c336960ee4f0da3acaaa775beb0a6d

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/bootstrap_main.css HTTP/1.1
Host: dffd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dffd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 18:03:57 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"7ca16cf6d52cdc4b22a43f8a302fe11f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I9auY8IeQTiPleBZv368fopiL7WdnwK2eDg2GQBSnnXMhGwvO7kSjtfGFRS9ZjjdB8WIFlubmovMQhXl0lJletlbYXAWVhc0iB1onTW9Sfyf8dQvFlIP9JPPgGzbR0GLsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880321331833b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dffd.pages.dev/static/favicon.png

188.114.97.1

200 OK

787 B

URL GET HTTP/3
dffd.pages.dev/static/favicon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dffd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdffd.pages.dev
Fingerprint4C:C7:FB:41:D3:6D:13:8B:AE:AF:F1:9F:93:98:42:19:C8:A5:B3:4B
ValidityMon, 18 Mar 2024 12:30:36 GMT - Sun, 16 Jun 2024 12:30:35 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
787 B (787 bytes)
Hash
c5088e888c97ad440a61d247596f88e5
865a0d1bb7e1245e046c5e1bae988cce53330280
d0cadf240e89340b93df35240e7809039c1c574be05fbe2cf3243e2f487bc9ec

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static/favicon.png HTTP/1.1
Host: dffd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dffd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:03:58 GMT
content-type: image/png
content-length: 787
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: "49fc93eee548aeabb214271c79fcefb4"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HbXBUfqap02FNVHm1MSha1%2F2h1r7rdan70kTxCO1VcCGy3UuhE4oKBjk2Rudrq3cAwfjXDGOm5UtZrbuem7xlJ6aEZFbDTS9Lnw1tAvxZv8%2FYCNhXEjExOihPheIVF%2Fsjg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880321390c46b4f4-OSL
alt-svc: h3=":443"; ma=86400

dffd.pages.dev/jQuery/qrcode.min.js

188.114.97.1

200 OK

20 kB

URL GET HTTP/3
dffd.pages.dev/jQuery/qrcode.min.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://dffd.pages.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectdffd.pages.dev
Fingerprint4C:C7:FB:41:D3:6D:13:8B:AE:AF:F1:9F:93:98:42:19:C8:A5:B3:4B
ValidityMon, 18 Mar 2024 12:30:36 GMT - Sun, 16 Jun 2024 12:30:35 GMT

File type
ASCII text, with very long lines (19927), with no line terminators
Size
20 kB (19927 bytes)
Hash
517b55d3688ce9ef1085a3d9632bcb97
2d06c1f823f34c19981c6ae0b0eb0f5861c5e14b
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /jQuery/qrcode.min.js HTTP/1.1
Host: dffd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dffd.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 18:03:57 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"7ada293847f072170f0c5a32bd67bad3"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ovcb7%2ByUEgFOEBuibhOEQ%2FgY9N%2FX8quMjALobdHv8RkL9ap8SU%2F7Cpx8nb3mpx5iA1e1nEeAtOjy4S%2FlB%2BZhAwrhsqUiRm4ygojaSGXVwoxtxFVj9fQo7TnTrFU9eUGezQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880321332869b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

dffd.pages.dev/

188.114.97.1

200 OK

9.1 kB

URL User Request GET HTTP/2
dffd.pages.dev/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectdffd.pages.dev
Fingerprint4C:C7:FB:41:D3:6D:13:8B:AE:AF:F1:9F:93:98:42:19:C8:A5:B3:4B
ValidityMon, 18 Mar 2024 12:30:36 GMT - Sun, 16 Jun 2024 12:30:35 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (9258), with no line terminators
Size
9.1 kB (9100 bytes)
Hash
0de42683db93d9f0f7fe6f9114ea0b6a
ac375feea14584b49629b5e6293bb4db342e38ba
f65ef9b508d4ddbf4aee18f9fb833814f34edfdf43dca86015cabb5ad80bb7e1

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: dffd.pages.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 18:03:56 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"036630164950aac7f0b72fe0c189e9fc"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vHlu9OoE%2BlM%2B9L%2B6e0KxviAHxLllR9o9e1RMg9FUR9IgFitYfBOts17yP7Zi%2BvRXKSS40BNb4mXJM1cNCuUpzIGTdBL%2ByBHUOBhzDKs8PQG3AtF2wWr9m2fmN6Fi9M4RUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8803212f0e8b0b59-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN