| chat.billingbird.work.gd/ | 39.60.250.169 | 302 Found | 138 B |
URL User Request GET HTTP/2chat.billingbird.work.gd/ IP39.60.250.169:443 ASN#17557 Pakistan Telecommunication Company Limited
CertificateIssuerLet's Encrypt Subjectchat.billingbird.work.gd Fingerprint51:59:2B:25:B8:38:DA:E8:40:EE:5E:7C:C1:F3:B5:0A:06:ED:E6:27 ValidityWed, 24 Apr 2024 15:58:27 GMT - Tue, 23 Jul 2024 15:58:26 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hashaff950cab4c0265e21d401db15f1026d f03e18461817f7a6546c8bf8fa8d686d7e30aca0 753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET / HTTP/1.1
Host: chat.billingbird.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 08 May 2024 23:33:55 GMT
content-type: text/html
content-length: 138
location: https://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv
x-sso-wat: You've just been SSOed
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| billingbird.work.gd/yunohost/sso/assets/css/ynh_portal.css | 39.60.250.169 | 200 OK | 108 kB |
URL GET HTTP/2billingbird.work.gd/yunohost/sso/assets/css/ynh_portal.css IP39.60.250.169:443 ASN#17557 Pakistan Telecommunication Company Limited
Requested byhttps://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv CertificateIssuerLet's Encrypt Subjectbillingbird.work.gd Fingerprint4D:9E:4F:CA:A0:63:BA:48:BB:02:A3:9D:70:48:F5:D4:9B:8E:4C:3C ValidityWed, 24 Apr 2024 15:26:40 GMT - Tue, 23 Jul 2024 15:26:39 GMT
Size108 kB (107770 bytes) Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /yunohost/sso/assets/css/ynh_portal.css HTTP/1.1
Host: billingbird.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 23:33:56 GMT
content-type: text/css
x-sso-wat: You've just been SSOed
cache-control: public, max-age=3600
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| billingbird.work.gd/yunohost/sso/assets/themes/billingbird/custom_portal.js | 39.60.250.169 | 200 OK | 1.4 kB |
URL GET HTTP/2billingbird.work.gd/yunohost/sso/assets/themes/billingbird/custom_portal.js IP39.60.250.169:443 ASN#17557 Pakistan Telecommunication Company Limited
Requested byhttps://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv CertificateIssuerLet's Encrypt Subjectbillingbird.work.gd Fingerprint4D:9E:4F:CA:A0:63:BA:48:BB:02:A3:9D:70:48:F5:D4:9B:8E:4C:3C ValidityWed, 24 Apr 2024 15:26:40 GMT - Tue, 23 Jul 2024 15:26:39 GMT
File typeASCII text, with very long lines (1479), with no line terminators Hash6fe1e3ba1056811250bb6ad0200c3be2 b82da5c68379edce638456c2ca3bc30c6bef6e60 41588bebb0952f965399c2101bf57f0c2d333acc240357a8b4fd01eb4e1f565a
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /yunohost/sso/assets/themes/billingbird/custom_portal.js HTTP/1.1
Host: billingbird.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 23:33:56 GMT
content-type: text/javascript
x-sso-wat: You've just been SSOed
cache-control: public, max-age=3600
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| billingbird.work.gd/yunohost/sso/assets/icons/favicon-16x16.png | 39.60.250.169 | 200 OK | 579 B |
URL GET HTTP/2billingbird.work.gd/yunohost/sso/assets/icons/favicon-16x16.png IP39.60.250.169:443 ASN#17557 Pakistan Telecommunication Company Limited
Requested byhttps://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv CertificateIssuerLet's Encrypt Subjectbillingbird.work.gd Fingerprint4D:9E:4F:CA:A0:63:BA:48:BB:02:A3:9D:70:48:F5:D4:9B:8E:4C:3C ValidityWed, 24 Apr 2024 15:26:40 GMT - Tue, 23 Jul 2024 15:26:39 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hashb69e0806c0af26ac24a2499e8f58cde5 8f7fca9a7f7259ae620e1a3779888ce8e6226a30 0efa4680e4b9d87e9c9d2e8e4ee741db276a9713e755d02955bf5814087dbc46
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /yunohost/sso/assets/icons/favicon-16x16.png HTTP/1.1
Host: billingbird.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 23:33:57 GMT
content-type: image/png
x-sso-wat: You've just been SSOed
cache-control: public, max-age=3600
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| billingbird.work.gd/yunohost/sso/assets/icons/favicon-196x196.png | 39.60.250.169 | 200 OK | 20 kB |
URL GET HTTP/2billingbird.work.gd/yunohost/sso/assets/icons/favicon-196x196.png IP39.60.250.169:443 ASN#17557 Pakistan Telecommunication Company Limited
Requested byhttps://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv CertificateIssuerLet's Encrypt Subjectbillingbird.work.gd Fingerprint4D:9E:4F:CA:A0:63:BA:48:BB:02:A3:9D:70:48:F5:D4:9B:8E:4C:3C ValidityWed, 24 Apr 2024 15:26:40 GMT - Tue, 23 Jul 2024 15:26:39 GMT
File typePNG image data, 196 x 196, 8-bit/color RGBA, non-interlaced Hash642725f82c5c32166e736998a47de560 8618ee3e9d201f67889e233fb7b79281feabdfec 22aa46cf77689e28b49e6476b89ca0062353b9f34c334b3b656be651838c2bf0
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /yunohost/sso/assets/icons/favicon-196x196.png HTTP/1.1
Host: billingbird.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 23:33:57 GMT
content-type: image/png
x-sso-wat: You've just been SSOed
cache-control: public, max-age=3600
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv | 39.60.250.169 | 200 OK | 3.1 kB |
URL User Request GET HTTP/2billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv IP39.60.250.169:443 ASN#17557 Pakistan Telecommunication Company Limited
CertificateIssuerLet's Encrypt Subjectbillingbird.work.gd Fingerprint4D:9E:4F:CA:A0:63:BA:48:BB:02:A3:9D:70:48:F5:D4:9B:8E:4C:3C ValidityWed, 24 Apr 2024 15:26:40 GMT - Tue, 23 Jul 2024 15:26:39 GMT
File typeHTML document, ASCII text, with very long lines (3344), with no line terminators Hash9f0ffdf043691a6148bfabbd9d0753e9 475e2241e20e8f0e4cc7cf081f001b9df4b4525c b6f4b1d4ef0a5c824a5949e90740a9ddf09ac204158a9e5e3f54a5a7d77b6055
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv HTTP/1.1
Host: billingbird.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 23:33:56 GMT
content-type: text/html
x-sso-wat: You've just been SSOed
cache-control: no-cache
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| billingbird.work.gd/yunohost/sso/assets/themes/billingbird/custom_portal.css | 39.60.250.169 | 200 OK | 5.7 kB |
URL GET HTTP/2billingbird.work.gd/yunohost/sso/assets/themes/billingbird/custom_portal.css IP39.60.250.169:443 ASN#17557 Pakistan Telecommunication Company Limited
Requested byhttps://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv CertificateIssuerLet's Encrypt Subjectbillingbird.work.gd Fingerprint4D:9E:4F:CA:A0:63:BA:48:BB:02:A3:9D:70:48:F5:D4:9B:8E:4C:3C ValidityWed, 24 Apr 2024 15:26:40 GMT - Tue, 23 Jul 2024 15:26:39 GMT
File typeASCII text, with very long lines (6062), with no line terminators Hash0c80ca9491d2e8d6226247905445d908 3e5d9a01be1e5d2dadd08cab0c3b8bae65c7ead1 5cebedd6b95b69827608c7d03c9f08599720f5f623b27ca940bc7959c2f84bba
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /yunohost/sso/assets/themes/billingbird/custom_portal.css HTTP/1.1
Host: billingbird.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 23:33:56 GMT
content-type: text/css
x-sso-wat: You've just been SSOed
cache-control: public, max-age=3600
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| billingbird.work.gd/yunohost/sso/assets/js/ynh_portal.js | 39.60.250.169 | 200 OK | 14 kB |
URL GET HTTP/2billingbird.work.gd/yunohost/sso/assets/js/ynh_portal.js IP39.60.250.169:443 ASN#17557 Pakistan Telecommunication Company Limited
Requested byhttps://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv CertificateIssuerLet's Encrypt Subjectbillingbird.work.gd Fingerprint4D:9E:4F:CA:A0:63:BA:48:BB:02:A3:9D:70:48:F5:D4:9B:8E:4C:3C ValidityWed, 24 Apr 2024 15:26:40 GMT - Tue, 23 Jul 2024 15:26:39 GMT
File typeJavaScript source, ASCII text Hash3e1db5236d4c53fa782cfab89657633e c32030b79328dd1bafc1f8d63b12c92c5ecf31ef 07dd33aad9339c600edbea924bb6fb81e68f8f4c77ee6dd2f72cd79c4e0d0248
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /yunohost/sso/assets/js/ynh_portal.js HTTP/1.1
Host: billingbird.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 23:33:56 GMT
content-type: text/javascript
x-sso-wat: You've just been SSOed
cache-control: public, max-age=3600
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|
| billingbird.work.gd/yunohost/sso/assets/themes/billingbird/logo.png | 39.60.250.169 | 200 OK | 3.1 kB |
URL GET HTTP/2billingbird.work.gd/yunohost/sso/assets/themes/billingbird/logo.png IP39.60.250.169:443 ASN#17557 Pakistan Telecommunication Company Limited
Requested byhttps://billingbird.work.gd/yunohost/sso/?r=aHR0cHM6Ly9jaGF0LmJpbGxpbmdiaXJkLndvcmsuZ2Qv CertificateIssuerLet's Encrypt Subjectbillingbird.work.gd Fingerprint4D:9E:4F:CA:A0:63:BA:48:BB:02:A3:9D:70:48:F5:D4:9B:8E:4C:3C ValidityWed, 24 Apr 2024 15:26:40 GMT - Tue, 23 Jul 2024 15:26:39 GMT
File typePNG image data, 100 x 100, 16-bit/color RGBA, non-interlaced Hash6c4cb3302e05e7c066f60b71b206e07d 59f56e007264ad71ab142dd5020f3f6f55c163da 6fb83bc961269653c044c88e30bd4d374ed55c888ed91cefda7f2ec5ed3843cc
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - DynDNS domain |
GET /yunohost/sso/assets/themes/billingbird/logo.png HTTP/1.1
Host: billingbird.work.gd
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://billingbird.work.gd/yunohost/sso/assets/themes/billingbird/custom_portal.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 08 May 2024 23:33:57 GMT
content-type: image/png
x-sso-wat: You've just been SSOed
cache-control: public, max-age=3600
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-download-options: noopen
x-permitted-cross-domain-policies: none
x-frame-options: SAMEORIGIN
permissions-policy: interest-cohort=()
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2
|
|