Report - byb-it-nl.com/css/button.html

Report Overview

Submitted URL
byb-it-nl.com/css/button.html
IP
91.215.85.79
ASN
#200593 Prospero Ooo
Submitted
2024-05-08 15:58:56
Access
public
Website Title
Sign In - Google Accounts
Final URL
byb-it-nl.com/css/button.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
byb-it-nl.com	unknown	unknown	No data	No data	883 B	44 kB	91.215.85.79
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-08	1.1 kB	59 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	byb-it-nl.com/css/button.html	Google Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	byb-it-nl.com	Sinkholed
2024-05-08	medium	byb-it-nl.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	byb-it-nl.com/_/gsi/_/js/k=gsi.gsi.en_US.xTEhI1_crHA.O/am=ACQBBw/d=1/rs=AF0KOtXzL6OoQ6Z2QjpTIc5UWoyMNUiksQ/m=credential_button_library	110 kB	2024-05-08	2024-05-08
Pretty URL byb-it-nl.com/_/gsi/_/js/k=gsi.gsi.en_US.xTEhI1_crHA.O/am=ACQBBw/d=1/rs=AF0KOtXzL6OoQ6Z2QjpTIc5UWoyMNUiksQ/m=credential_button_library IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 17:59:02 Last Seen2024-05-08 17:59:02 Times Seen1 Hash f9be93fdef305460ce65335dd911c35b 69100945baee30b186849b9fde24c5d0effc86cb bf180f4b1147e5fc47d8e16897409bc78066a9a5078052664fe0116f3534c9fe Loading...

	byb-it-nl.com/css/button.html	110 kB	2024-04-26	2024-05-08
Pretty URL byb-it-nl.com/css/button.html IP 91.215.85.79 ASN #200593 Prospero Ooo Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 19:59:23 Last Seen2024-05-08 17:59:02 Times Seen14 Hash 064c2428f7c23bfd411e5c9fe210f0db ed1b06964403aca211458d571612293e003e8906 0afe8f7e9563af561391d50e7b0e5da799256fec763f4dfa49cb0807406ea008 Loading...

HTTP Transactions (4)

URL IP Response Size

byb-it-nl.com/css/button.html

91.215.85.79

200 OK

42 kB

URL User Request GET HTTP/2
byb-it-nl.com/css/button.html
IP
91.215.85.79:443
ASN
#200593 Prospero Ooo

Certificate
IssuerLet's Encrypt
Subjectbyb-it-nl.com
Fingerprint1B:F3:14:99:8D:B6:DB:BA:35:15:E5:96:84:04:5C:59:D2:CE:01:AC
ValiditySat, 04 May 2024 13:12:57 GMT - Fri, 02 Aug 2024 13:12:56 GMT

File type
HTML document, ASCII text, with very long lines (8652)
Size
42 kB (42090 bytes)
Hash
e5bbc684f8dba1ade92c57aa7ae5da46
60d62fe93028fa31adfbfe423e16e62db7872458
463423fce485a8a4786e83668fe712ed14e32df64870a9130f5cba3e73f87888

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Google Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/button.html HTTP/1.1
Host: byb-it-nl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
last-modified: Thu, 02 May 2024 07:44:08 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 42090
date: Wed, 08 May 2024 15:58:31 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpyw.ttf

216.58.207.227

200 OK

29 kB

URL GET HTTP/2
fonts.gstatic.com/s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpyw.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://byb-it-nl.com/css/button.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
TrueType Font data, 16 tables, 1st "GDEF", 19 names, Microsoft, language 0x409
Size
29 kB (29438 bytes)
Hash
f9abed3d3d7e0b5a0a5a303b113c53f4
8dea33d500e929b878ced36c5980745c0bf13db9
2bb6585b06b56d32aa48ac85f698aea00a96b5e32b944c9fba5022cd90f97dcf

HTTP Headers

GET /s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrw2IJllpyw.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://byb-it-nl.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 29438
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 15:37:51 GMT
expires: Tue, 06 May 2025 15:37:51 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 23 May 2023 16:35:39 GMT
content-type: font/ttf
vary: Accept-Encoding
age: 174040
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyw.ttf

216.58.207.227

200 OK

28 kB

URL GET HTTP/2
fonts.gstatic.com/s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyw.ttf
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://byb-it-nl.com/css/button.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
TrueType Font data, 16 tables, 1st "GDEF", 18 names, Microsoft, language 0x409
Size
28 kB (28161 bytes)
Hash
862b817e56e996cf40c25f2875123a16
2f25e55d267170f55715f7255572c3cc2a5dd967
924a754711d11983614f08302d9733ddb0756a0561e90ad0e9b7cecfe489c4fb

HTTP Headers

GET /s/googlesans/v58/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyw.ttf HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://byb-it-nl.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28161
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 May 2024 03:25:26 GMT
expires: Wed, 07 May 2025 03:25:26 GMT
cache-control: public, max-age=31536000
age: 131585
last-modified: Tue, 23 May 2023 16:35:56 GMT
content-type: font/ttf
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

byb-it-nl.com/favicon.ico

91.215.85.79

404 Not Found

708 B

URL GET HTTP/3
byb-it-nl.com/favicon.ico
IP
91.215.85.79:443
ASN
#200593 Prospero Ooo

Requested by
https://byb-it-nl.com/css/button.html
Certificate
IssuerLet's Encrypt
Subjectbyb-it-nl.com
Fingerprint1B:F3:14:99:8D:B6:DB:BA:35:15:E5:96:84:04:5C:59:D2:CE:01:AC
ValiditySat, 04 May 2024 13:12:57 GMT - Fri, 02 Aug 2024 13:12:56 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
708 B (708 bytes)
Hash
2382378378c002d88b9a507c712c3349
2e894db3808b554abadc8b144338ad9e2ea937ba
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: byb-it-nl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 708
date: Wed, 08 May 2024 15:58:31 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (4)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers