Report - mail.bbtb.c505.net/

Report Overview

Visited public
2023-12-06 01:40:29
Tags
URL
mail.bbtb.c505.net/
Finishing URL
mail.bbtb.c505.net/
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
Whatsapp

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mail.bbtb.c505.net	unknown	unknown	No data	No data	4.7 kB	2.1 MB	188.114.97.1
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-12-05 05:09:58	476 B	5.4 kB	104.17.25.14
filebagasarya.com	unknown	2023-07-04	2023-07-05 07:22:39	2023-11-27 02:27:59	921 B	42 kB	172.67.195.69
file.gifan.id	unknown	2020-09-05	2022-05-27 01:39:42	2023-12-04 22:42:46	335 B	655 B	104.21.234.35
ka-f.fontawesome.com	3598	2012-10-18	2019-12-17 07:36:13	2023-12-05 05:36:28	2.5 kB	356 kB	172.64.204.20

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-06 01:40:17	medium	188.114.97.1	Client IP	ET INFO TLS Handshake Failure
2023-12-06 01:40:17	medium	188.114.97.1	Client IP	ET INFO TLS Handshake Failure

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-12-05	medium	mail.bbtb.c505.net/	WhatsApp
2023-12-05	medium	mail.bbtb.c505.net/	WhatsApp
2023-12-05	medium	mail.bbtb.c505.net/	WhatsApp
2023-12-05	medium	mail.bbtb.c505.net/	WhatsApp
2023-12-05	medium	mail.bbtb.c505.net/	WhatsApp
2023-12-05	medium	mail.bbtb.c505.net/	WhatsApp
2023-12-05	medium	mail.bbtb.c505.net/	WhatsApp
2023-12-05	medium	mail.bbtb.c505.net/	WhatsApp
2023-12-05	medium	mail.bbtb.c505.net/	WhatsApp
2023-12-05	medium	mail.bbtb.c505.net/	WhatsApp
2023-12-05	medium	mail.bbtb.c505.net/	WhatsApp
2023-12-05	medium	mail.bbtb.c505.net/	WhatsApp
2023-12-05	medium	mail.bbtb.c505.net/	WhatsApp

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	file.gifan.id/fontawesome.js	ScriptElement	11 kB	2023-07-20	2024-08-21
Pretty URL file.gifan.id/fontawesome.js IP 104.21.234.35 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-20 17:19 Last Seen2024-08-21 08:31 Times Seen403 Hash 7653d4719abf98a98d6e9412e33976e6 0b4414adc9da488b97830ce789a79994ba55aa23 051afcaea280590a5c6a5c472ad0852783d794a8923c4d26e388656fc9dcd791 Loading...

	mail.bbtb.c505.net/bagas/js/bagas.js	ScriptElement	90 kB	2023-03-07	2025-05-11
Pretty URL mail.bbtb.c505.net/bagas/js/bagas.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-05-11 14:19 Times Seen4545 Hash 7c14a783dfeb3d238ccd3edd840d82ee ad886e472b3557f3dc7dfa2bc43468ab8d1cef5b 80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0 Loading...

	mail.bbtb.c505.net/	ScriptElement	6.7 kB	2023-07-20	2024-08-21
Pretty URL mail.bbtb.c505.net/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-20 17:19 Last Seen2024-08-21 08:31 Times Seen99 Hash f323bc8efe549dac09d924d081e6733d 57d825a14fb072d060bd2abbb2937f8b4df8bdbc 65f60c40854eed7f0e4787e9744e619e894a1d56a26f1f4a28a8e4e7dae40d18 Loading...

HTTP Transactions (22)

URL IP Response Size

mail.bbtb.c505.net/

188.114.97.1

3.6 kB

URL User Request GET
mail.bbtb.c505.net/
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (325), with CRLF, LF line terminators
Size
3.6 kB (3644 bytes)
Hash
257a454249d83551c42b866074d8d7b8
a7ce5c92be04bd9da0ae4f7efbea8b3419a2327f
fd403f1caaca9a47c1b9842a876df604400b4f106c53f1b23cd40343c277cf84

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET / HTTP/1.1
Host: mail.bbtb.c505.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Dec 2023 01:40:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sIs9xDtwAKViv7iGV7HWdiK8SBPj%2BQpdNfJ63wx6%2FKjMIHC%2Fey5x2Dzbklikdb2kaBKd2K5NHVffrrSdiRhplXr8Xx4t28ZUqAkyJk1fcRm0n54SH2IKPuYwIOarNwXzk5cQBVs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8310d1c66f0356c3-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

mail.bbtb.c505.net/bagas/css/style.css

188.114.97.1

200 OK

790 B

URL GET HTTP/1.1
mail.bbtb.c505.net/bagas/css/style.css
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/

File type
ASCII text
Size
790 B (790 bytes)
Hash
cb0406facabf211736e6c205c2f12016
7f1791f0433c297056a1b5013015d77162a843e8
63522559221cb1217733189ab984dfaa362299c4d4c81eedc494a0306b65f6f0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /bagas/css/style.css HTTP/1.1
Host: mail.bbtb.c505.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Dec 2023 01:40:12 GMT
Content-Type: text/css
Content-Length: 790
Connection: keep-alive
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 00:22:00 GMT
last-modified: Mon, 17 Apr 2023 17:32:27 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: HIT
Age: 4692
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RF4i3M6FvYHPPhnrsHVqa%2BNPsOQIZpY1Hg4uRb%2Flrrc8INEoYbP9H9aLXoZ5KCyxm624tw6FvIDNqyCIDz5Z1OKeri%2BmFIU%2FggIBlp2sVwMPJNA3oMXNPMdYtuVBuyMPuoa8vu8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8310d1c8bfaa56c3-OSL
alt-svc: h2=":443"; ma=60

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/font-awesome.min.css

104.17.25.14

200 OK

4.4 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.3.0/css/font-awesome.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (23577)
Size
4.4 kB (4364 bytes)
Hash
04425bbdc6243fc6e54bf8984fe50330
8c15c6bd82c71e9ef1bb11cf24e502fe07518ac5
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

HTTP Headers

GET /ajax/libs/font-awesome/4.3.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 01:40:12 GMT
content-type: text/css; charset=utf-8
content-length: 4364
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-5cbb"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1115566
expires: Mon, 25 Nov 2024 01:40:12 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2BxT0lwWaO9z7Ml2tettUbZNm80el18ZGgl2SKkrSOQYky0NLEoIxAKhtz4eTGvGB0ITQGtXVWxzvx2QZyt3h5y%2F%2BMiNMcJL8ci579mUUmzQ2dDpNaDvLX3d%2FAHq%2Fuu3Jam8%2BIyP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8310d1c8e9d256aa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

filebagasarya.com/img/info/navbar.png

172.67.195.69

200 OK

8.5 kB

URL GET HTTP/2
filebagasarya.com/img/info/navbar.png
IP
172.67.195.69:443
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectfilebagasarya.com
FingerprintF0:8B:F1:70:76:A3:14:5A:6C:27:24:64:49:E8:8F:71:89:4C:AF:BF
ValidityTue, 31 Oct 2023 12:31:08 GMT - Mon, 29 Jan 2024 12:31:07 GMT

File type
PNG image data, 904 x 339, 8-bit colormap, non-interlaced\012- data
Size
8.5 kB (8459 bytes)
Hash
f29c416a7c6f18ba0c0deb4980763c9d
56c7bfbf2c9a7a2be2e2214b0586c11af8e852bf
7f37cb926c06378327ad2a753c7119291b2ead796a6f588a8374de651ec72a8c

HTTP Headers

GET /img/info/navbar.png HTTP/1.1
Host: filebagasarya.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 01:40:12 GMT
content-type: image/png
content-length: 8459
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 01:57:44 GMT
last-modified: Mon, 06 Mar 2023 02:41:35 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 430948
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2BILUjua26zqpJQ3rcijrZhUkQa%2FCGkN4%2BtjjbBonifcFDsUvSJsT9zvaaUlu7yt9rej3ZY7jT6EXSzzN4kK%2BD98Sw0%2BDSx3wcKn7XV2ZlM4uYLEZhUbtWJkF7ENPnFlVZCsbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8310d1c91b0056c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

filebagasarya.com/img/info/modelFb.png

172.67.195.69

200 OK

32 kB

URL GET HTTP/2
filebagasarya.com/img/info/modelFb.png
IP
172.67.195.69:443
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectfilebagasarya.com
FingerprintF0:8B:F1:70:76:A3:14:5A:6C:27:24:64:49:E8:8F:71:89:4C:AF:BF
ValidityTue, 31 Oct 2023 12:31:08 GMT - Mon, 29 Jan 2024 12:31:07 GMT

File type
PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced\012- data
Size
32 kB (31990 bytes)
Hash
571fc0253c6f01c953d4274981fc9d66
5331c3ae96ea4d421f8bde0d3e5565024c8c3abb
d3a1d3bb7a7c79edc9a08de2369f4f7f201a0852bfaf5526716382fc7ad902a1

HTTP Headers

GET /img/info/modelFb.png HTTP/1.1
Host: filebagasarya.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 06 Dec 2023 01:40:12 GMT
content-type: image/png
content-length: 31990
cache-control: public, max-age=604800
expires: Fri, 08 Dec 2023 01:57:44 GMT
last-modified: Mon, 06 Mar 2023 02:41:27 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 430948
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pA9XmW%2B1WuURyBZjUK%2BGMBOUv3tI6mGNPm7JbCO2Y5hAs0zXFijx7AHUhm%2F5cD4KSG5%2FdjrjzmFLSvfx0eQqiKO33BS6VopswrtLFEaUSbKyyLVU2Y%2F3mVAF8CC6dWx8c6LGZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8310d1c91b0156c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mail.bbtb.c505.net/bagas/css/asdhwalex.css

188.114.96.1

200 OK

974 B

URL GET HTTP/1.1
mail.bbtb.c505.net/bagas/css/asdhwalex.css
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/

File type
ASCII text, with CRLF line terminators
Size
974 B (974 bytes)
Hash
3cd849c1ee66bd52919d7563adf98da1
ea62846a1a083db346e5fb1ee40d46ab6ef4a26a
7893d2fb081ec23c9fae1f774745dab58213e6892b09087c37689700d56df6a4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /bagas/css/asdhwalex.css HTTP/1.1
Host: mail.bbtb.c505.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Dec 2023 01:40:12 GMT
Content-Type: text/css
Content-Length: 974
Connection: keep-alive
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 01:40:12 GMT
last-modified: Sun, 30 Apr 2023 21:07:22 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yOhziYDJOnnG9Ny10XoEM2OifRLRXbbuHwaw87TZZ0QgimWhjcvyxbdTD4Kr5uYmLSVGg65GqAol2fLqe5cbZP6FylaYLD%2BpRPslKYlMqtFckdGhSy2kBYvWefv6vpeH42eA%2B%2Fk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8310d1c8b9c256aa-OSL
alt-svc: h2=":443"; ma=60

mail.bbtb.c505.net/bagas/css/bagas.css

188.114.96.1

200 OK

1.1 kB

URL GET HTTP/1.1
mail.bbtb.c505.net/bagas/css/bagas.css
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1057 bytes)
Hash
ae8f5eac80c514b6ccffce75de1d2d70
eff4b0347b7c8ea58833f35c07e177f80fd28ad2
a9510c5b947eedfa3d84fef078a623ebb72cd26a8acf9855a15521dffc430d62

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /bagas/css/bagas.css HTTP/1.1
Host: mail.bbtb.c505.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Dec 2023 01:40:12 GMT
Content-Type: text/css
Content-Length: 1057
Connection: keep-alive
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 01:40:12 GMT
last-modified: Thu, 13 Oct 2022 08:52:10 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2FLAcb%2FOQJKFjj1TtbUOVWKwnnhr%2BjxjkS1vvgejNxi3QDvCkLD%2F9ZfSlpQZfluVHwi1seqlKe%2BBPsSpZAz9lvjAIzN9Pun1UAydup9F2N95O5%2FtA3jNEqDcey48LemduJFN0mI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8310d1c8b8dbb523-OSL
alt-svc: h2=":443"; ma=60

mail.bbtb.c505.net/bagas/js/bagas.js

188.114.96.1

200 OK

31 kB

URL GET HTTP/1.1
mail.bbtb.c505.net/bagas/js/bagas.js
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/

File type
ASCII text, with very long lines (65447)
Size
31 kB (30960 bytes)
Hash
7c14a783dfeb3d238ccd3edd840d82ee
ad886e472b3557f3dc7dfa2bc43468ab8d1cef5b
80f04717f32ea0320c5e8618fbacedd1fee3a8775ad8292140a6113551d4b5b0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /bagas/js/bagas.js HTTP/1.1
Host: mail.bbtb.c505.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Dec 2023 01:40:12 GMT
Content-Type: text/javascript
Content-Length: 30960
Connection: keep-alive
last-modified: Thu, 20 Apr 2023 09:35:14 GMT
content-encoding: gzip
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6vyABbbl9Z%2BuGc0w5ltUh0IiC22c4z8MEIBNZlIvqbAA%2Fyrcbm5sp2x%2Brw2z6cD74ekDcQHAEEN%2FkKRJca3XX6U0E6GJO414%2F9ZlJqzZPimlbvW68S2GfvR%2BDLa%2Fn1GOQCYX16s%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8310d1c8dbd31bfa-OSL
alt-svc: h2=":443"; ma=60

file.gifan.id/fontawesome.js

104.21.234.35

200 OK

0 B

URL GET HTTP/2
file.gifan.id/fontawesome.js
IP
104.21.234.35:443
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectgifan.id
Fingerprint05:08:56:A0:2C:BF:31:A0:4C:D0:5C:0F:18:A3:B9:7D:58:74:03:29
ValidityWed, 29 Nov 2023 03:44:14 GMT - Tue, 27 Feb 2024 03:44:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /fontawesome.js HTTP/1.1
Host: file.gifan.id
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Wed, 06 Dec 2023 01:40:12 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Wed, 06 Dec 2023 02:40:12 GMT
Location: https://file.gifan.id/fontawesome.js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yEf2M29gy0zHCvTn7aj7TnpDjk3y846svAlPeFQwaHPxwuyEu%2B77lJS5XSUTqZtHfzelXrvTQC86eIYzlSlDV8B%2BgQVPLylCLt0QMxgRpd2IlEL0WuocADtjRjXXHlUz"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8310d1c94fc5d93b-HEL
alt-svc: h2=":443"; ma=60

mail.bbtb.c505.net/bagas/img/5.jpg

188.114.96.1

200 OK

169 kB

URL GET HTTP/1.1
mail.bbtb.c505.net/bagas/img/5.jpg
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=1086, orientation=upper-left, width=1080], baseline, precision 8, 1080x1086, components 3\012- data
Size
169 kB (168607 bytes)
Hash
bff9f29f72cfd4e77609b8aed20a5cf7
1364883fd51628affa206ecbaa3ca936762add6d
a1feace6f3795fb7be0104efad2862cc1dfc174eef297fc0c218fd15dc40bbe0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /bagas/img/5.jpg HTTP/1.1
Host: mail.bbtb.c505.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Dec 2023 01:40:12 GMT
Content-Type: image/jpeg
Content-Length: 168607
Connection: keep-alive
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 01:40:12 GMT
last-modified: Mon, 02 Oct 2023 21:34:00 GMT
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XTglCli27apsVEMn0nB9dgmUBJyLuJtdilY78eBJVooIj2DqwTuT%2FJQyDL37kCgeXfhfGVddAA1lOY6Ymls%2FMdmEQdo2HDYQLhdRmCgR4kIEkYDbWGnmyhgOUGrTK4xe%2BYHl3Kw%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8310d1c9291cb523-OSL
alt-svc: h2=":443"; ma=60

mail.bbtb.c505.net/bagas/img/6.jpg

188.114.97.1

200 OK

222 kB

URL GET HTTP/1.1
mail.bbtb.c505.net/bagas/img/6.jpg
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=1096, orientation=upper-left, width=1080], baseline, precision 8, 1080x1096, components 3\012- data
Size
222 kB (221604 bytes)
Hash
befdc9ff4159ab86d0ba8a61fe1ddd17
9ec9c6e54c422480e1ee42b29a053fee8abf379a
4d2b73a81cdc828f2734f5d9bd143de5ac176f7d99cc78b0fc41cb76d1efa63f

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /bagas/img/6.jpg HTTP/1.1
Host: mail.bbtb.c505.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Dec 2023 01:40:12 GMT
Content-Type: image/jpeg
Content-Length: 221604
Connection: keep-alive
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 01:40:12 GMT
last-modified: Mon, 02 Oct 2023 21:34:00 GMT
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vKQ5%2B1oDF%2FrsPaFTf8MoAdqYmlR6FwGyXQaCecIjqWEbbtM00RgCzF%2F3rKzAD1qDn4bZtIYiDPX7ASDAenCFv3mHLJeF6S8bXDkxf6cGB%2BhowosHh8xWnUZG2AsIXSWasidthOE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8310d1c92fc456c3-OSL
alt-svc: h2=":443"; ma=60

mail.bbtb.c505.net/bagas/img/2.jpg

188.114.96.1

200 OK

367 kB

URL GET HTTP/1.1
mail.bbtb.c505.net/bagas/img/2.jpg
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=1091, orientation=upper-left, width=1080], baseline, precision 8, 1080x1091, components 3\012- data
Size
367 kB (366884 bytes)
Hash
0a1f2f19c9662bdd1802981c4ad2019a
04d82614687b477eeb7c250dcd09dcc5cec63767
ebed843cee2927222f8c761c5ef33f1cc76aef1654bf4644c4bd41d84903b4a5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /bagas/img/2.jpg HTTP/1.1
Host: mail.bbtb.c505.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Dec 2023 01:40:12 GMT
Content-Type: image/jpeg
Content-Length: 366884
Connection: keep-alive
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 01:40:12 GMT
last-modified: Mon, 02 Oct 2023 21:32:00 GMT
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Vcq8zQUf1FAO%2FR80l%2FqnfE0jX2wzweYSmds30azsJ%2FMY2A3umuHtASkEu%2BXBqeaolJoU9WQQdhEtHYrlB6FRSZzsRrM1%2FSovKYwda2EkqTQErJN1HNGXw6RddP7o7x9mpVHeW4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8310d1c929e356aa-OSL
alt-svc: h2=":443"; ma=60

mail.bbtb.c505.net/bagas/img/3.jpg

188.114.96.1

200 OK

260 kB

URL GET HTTP/1.1
mail.bbtb.c505.net/bagas/img/3.jpg
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=1095, orientation=upper-left, width=1080], baseline, precision 8, 1080x1095, components 3\012- data
Size
260 kB (259544 bytes)
Hash
bfcbb109e43906bb3ec138a02b82df48
57a218cda73760a59b6cc4fa80a25a780a1470d1
363a8152f79e04f9856c4c6a7cd5312407a2d93ef47f7b3e0ae5ff1af030f8b7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /bagas/img/3.jpg HTTP/1.1
Host: mail.bbtb.c505.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Dec 2023 01:40:12 GMT
Content-Type: image/jpeg
Content-Length: 259544
Connection: keep-alive
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 01:40:12 GMT
last-modified: Mon, 02 Oct 2023 21:33:00 GMT
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dW7KB%2FgXFLo2y%2FWItwKWeS15JV4cJksYXlPOLiotbrC7aTCYQsOolbGClQNDsmrzCpKc5YkuErwAVnpeZEm34DIg%2FnDmvndRN2lfxfZBxYTgo2IbaJyaoPmlCZ6Ktq360M801os%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8310d1c92cf85691-OSL
alt-svc: h2=":443"; ma=60

mail.bbtb.c505.net/bagas/img/4.jpg

188.114.96.1

200 OK

258 kB

URL GET HTTP/1.1
mail.bbtb.c505.net/bagas/img/4.jpg
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=1089, orientation=upper-left, width=1080], baseline, precision 8, 1080x1089, components 3\012- data
Size
258 kB (257795 bytes)
Hash
63691a57ee2f51b885bce86a6ecd6a66
413cd56d0a80f92f5e7a0aa75217c91354d9e4bc
8f181c2d1f248d867a66702f2638fcd6a4de1ff4996d3a970686b1e23529f6ae

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /bagas/img/4.jpg HTTP/1.1
Host: mail.bbtb.c505.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Dec 2023 01:40:12 GMT
Content-Type: image/jpeg
Content-Length: 257795
Connection: keep-alive
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 01:40:12 GMT
last-modified: Mon, 02 Oct 2023 21:33:00 GMT
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=49gCm%2F%2BMSCZZkcEmz9Wvrf9vbTbYzr%2BAmy%2BC65%2BA8ir73zJqODI%2BBd%2B5rRv7LbOoX7CGejwqvSQBRH7U%2BDs3TC0sznQwqoCqkwcTmLXeEvcIB16f5ypwscRNa7ffD8d0Xk6GS7E%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8310d1c92bd5b500-OSL
alt-svc: h2=":443"; ma=60

mail.bbtb.c505.net/bagas/img/1.jpg

188.114.96.1

200 OK

465 kB

URL GET HTTP/1.1
mail.bbtb.c505.net/bagas/img/1.jpg
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=1091, orientation=upper-left, width=1080], baseline, precision 8, 1080x1091, components 3\012- data
Size
465 kB (465123 bytes)
Hash
6de7d1ef202f2313021a8dc814aad18d
979af4f0eac4ae064f62e10689b322746ba6dff1
3379a69947bef0e1470d5c79f591e4ebed63949b2a9c05824326c5d7d966d6dd

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /bagas/img/1.jpg HTTP/1.1
Host: mail.bbtb.c505.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Dec 2023 01:40:12 GMT
Content-Type: image/jpeg
Content-Length: 465123
Connection: keep-alive
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 01:40:12 GMT
last-modified: Mon, 02 Oct 2023 21:31:00 GMT
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXoIG9byJbu3poDVhGWklAZVKdeny90vS6PlK87xvWq3fSC5iiidFLJcmjm4EgYmR542AlI17oXfpib7M8arQ36R9MnWA1dsWrjuC0y3NuhxKrXbSf3YXyiLleDqx13kqC%2FM9hU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8310d1c96bf41bfa-OSL
alt-svc: h2=":443"; ma=60

mail.bbtb.c505.net/bagas/img/7.jpg

188.114.96.1

200 OK

330 kB

URL GET HTTP/1.1
mail.bbtb.c505.net/bagas/img/7.jpg
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=4, height=1091, orientation=upper-left, width=1080], baseline, precision 8, 1080x1091, components 3\012- data
Size
330 kB (330125 bytes)
Hash
61702d8c41806c8ab47ac74578415e05
02bae73ba1a777fadac466ff87275ccb99b7539e
c1db2b1b65dc76468fe7d51d76603b345794f2006d4691bbddf00376f731f380

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /bagas/img/7.jpg HTTP/1.1
Host: mail.bbtb.c505.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 06 Dec 2023 01:40:12 GMT
Content-Type: image/jpeg
Content-Length: 330125
Connection: keep-alive
cache-control: public, max-age=604800
expires: Wed, 13 Dec 2023 01:40:12 GMT
last-modified: Mon, 02 Oct 2023 21:34:00 GMT
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t7ZDecBKhkEMkD7qKqUBuHd47Nh%2FWweQQ1jyVOOhuRKqzSDSyNd8ftR%2B7BpoUhNWWMEUAbqMOavyqM6P8a8WGpWF0AGSv8dvHu50LkcqqcjmzZBCCRLyqAapvJ%2BIl6jCWS49b4w%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8310d1ca195fb523-OSL
alt-svc: h2=":443"; ma=60

ka-f.fontawesome.com/releases/v6.0.0/css/free-v5-font-face.min.css?token=869e25b803

172.64.204.20

200 OK

1.0 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.0.0/css/free-v5-font-face.min.css?token=869e25b803
IP
172.64.204.20:443
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
FingerprintBC:9B:12:21:8D:67:FE:B5:D3:76:65:FC:D3:F7:91:AE:B4:65:CA:81
ValidityWed, 08 Nov 2023 07:11:36 GMT - Tue, 06 Feb 2024 07:11:35 GMT

File type
ASCII text, with very long lines (608)
Size
1.0 kB (1008 bytes)
Hash
e8ee688b3310772b65f39c69b76f4720
d57c6b7957aabb07762d473ea0b4bd3462f1175e
0e751f751587617116614deaf11f087ea82f7644196c1d0571f71fd549b556b5

HTTP Headers

GET /releases/v6.0.0/css/free-v5-font-face.min.css?token=869e25b803 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.bbtb.c505.net/
Origin: http://mail.bbtb.c505.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 01:40:12 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 07 Feb 2022 20:11:39 GMT
etag: W/"e8ee688b3310772b65f39c69b76f4720"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 1fbc4ed92487877d10ad1d7d3fa8355e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: BKbEbC0oOr-3jKNI9qLTMkerl-pc4e3e1ke3L-0w_yxMLrnVMuzsmQ==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WGM3cqgZe2pyCf12uvDhCElMlDNqVbf3cw2j%2BPNXHKj2a4LqWWaYtufjUtczq2z2uoj00h43tOnm%2B%2FMXfp11ucwflsXKKHSGATq9YmgpMJHmbaQVY2soyIULXz%2BP0gONEJbieCK6gQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8310d1ccfe316548-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.0.0/css/free-v4-shims.min.css?token=869e25b803

172.64.204.20

200 OK

131 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.0.0/css/free-v4-shims.min.css?token=869e25b803
IP
172.64.204.20:443
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
FingerprintBC:9B:12:21:8D:67:FE:B5:D3:76:65:FC:D3:F7:91:AE:B4:65:CA:81
ValidityWed, 08 Nov 2023 07:11:36 GMT - Tue, 06 Feb 2024 07:11:35 GMT

File type
ASCII text, with very long lines (26019)
Size
131 kB (131043 bytes)
Hash
c32e971c7d11c2407f847b61c515f1e2
85ac47a05e49f01cd62301ee121a2ca0dfdc0f83
a7fb3a26d569bec0139baaae950e43c1e10b0afbcf6e9d7654aa1181a8319759

HTTP Headers

GET /releases/v6.0.0/css/free-v4-shims.min.css?token=869e25b803 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.bbtb.c505.net/
Origin: http://mail.bbtb.c505.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 01:40:12 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 07 Feb 2022 20:11:39 GMT
etag: W/"c32e971c7d11c2407f847b61c515f1e2"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6c2060b8177554cc176ab1e04cbbfe1e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: Qq5hOx0CDlK2BzFAAxiE5C9pIeicLcMKuc10ofLX1IRdoslaMtkXmg==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KxTTEwufYpaURcyDeu%2BJ5L%2Fplu2QmgaiRKhrjnZbV%2BP2OHVCBX8Hm53kg6Rn2XEJa9%2BbX5Z04JUgaDVezRfjuVOhf5DMjjkSfXxMbRfGBqPNXvFrAyN5uZFwpBzolR2hJgnMkD6J6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8310d1ccfe2e6548-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.0.0/webfonts/free-fa-solid-900.woff2

172.64.204.20

200 OK

127 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.0.0/webfonts/free-fa-solid-900.woff2
IP
172.64.204.20:443
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
FingerprintBC:9B:12:21:8D:67:FE:B5:D3:76:65:FC:D3:F7:91:AE:B4:65:CA:81
ValidityWed, 08 Nov 2023 07:11:36 GMT - Tue, 06 Feb 2024 07:11:35 GMT

File type
Web Open Font Format (Version 2), TrueType, length 126828, version 768.256\012- data
Size
127 kB (126828 bytes)
Hash
d60a1707d7a69023a566fee0f0804a79
00a6fae0a2d0d5ab1125bb3f7aec55ee8165607e
28e42bc5102996223a42faf19a8abd7436644f3bc6d25a9f5de6add426ba138e

HTTP Headers

GET /releases/v6.0.0/webfonts/free-fa-solid-900.woff2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mail.bbtb.c505.net
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 01:40:13 GMT
content-type: font/woff2
content-length: 126828
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 07 Feb 2022 20:20:18 GMT
etag: "d60a1707d7a69023a566fee0f0804a79"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 712d35d530e2ec4d6f746c10a7035922.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: th00bUh95EAnNF05znaRopaWyaln94x-_ksNw3aNkPCEWwzESkhawA==
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qJy8BZpMBXaQEZ1zPDrWKgDvcsNuwqTA%2FEL5Qe%2F3GthhT9%2B8YHGdLJ8koh3GSxEm8EGNmOryAsBznB14dVg0C9JdqSBtVq1Nd9rfnvUqBIJ7sTEob2xkKnDf7OUb4k1GbDNKkXndaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8310d1ce6f2e6548-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

mail.bbtb.c505.net/favicon.ico

188.114.96.1

404 Not Found

1.2 kB

URL GET HTTP/1.1
mail.bbtb.c505.net/favicon.ico
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1276), with no line terminators
Size
1.2 kB (1238 bytes)
Hash
24b426fea67958554911ff4c943fdfe4
b92889146d4c1bbddccabe58ca15c814ea066f72
335fd88e127ff1b19e6c5af3c801186182f064e4c6747b9a76a0b3988553716c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WhatsApp

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mail.bbtb.c505.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://mail.bbtb.c505.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Wed, 06 Dec 2023 01:40:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: BYPASS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=unhlvMpRG4fLqlxhqKB7J1WT08qexqYw7MGPgb9kzyc6bZ6DeVTKxOgFAtqUIFAK730InUnMyBTN3ktF5ojPdnZXo6gN8jeOKXXP6dy1qqrHYOWfojrMOS9fRDIfpsMgtKvGRA0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8310d1ce2c921bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ka-f.fontawesome.com/releases/v6.0.0/css/free.min.css?token=869e25b803

172.64.204.20

200 OK

90 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.0.0/css/free.min.css?token=869e25b803
IP
172.64.204.20:443
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
FingerprintBC:9B:12:21:8D:67:FE:B5:D3:76:65:FC:D3:F7:91:AE:B4:65:CA:81
ValidityWed, 08 Nov 2023 07:11:36 GMT - Tue, 06 Feb 2024 07:11:35 GMT

File type
ASCII text, with very long lines (65321)
Size
90 kB (89755 bytes)
Hash
345f5ecc270c94968998574a2d37e31a
4b1937ca073a8376a07161bc40549585493ffa3d
efad9b46d0c00f2562eb53236717ff21ebd474f8d68f69b45f92c424bfd87e9c

HTTP Headers

GET /releases/v6.0.0/css/free.min.css?token=869e25b803 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.bbtb.c505.net/
Origin: http://mail.bbtb.c505.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 01:40:12 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 07 Feb 2022 20:11:39 GMT
etag: W/"345f5ecc270c94968998574a2d37e31a"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0f5bbd5df79d112fd797e0d8399395b2.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: 79_WnJRQfKSgKsZRU2g7_Hyk_Vi5CC-_k6gSEV7wCNRnBVLJKgq8ow==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BbTwxEvw%2BZMZhuJvLu%2BzV6kTxl7KTIo2Ri4kiv%2FeSC8ZKJb9j1QvFQh%2FRXsJ2gx5nao5KEZcny4o1e%2FXdNx5%2Bym1TKgnBichsLztUpVP9Df9SYW90HxSOMwS6tLRC9hdQvC3FcOkFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8310d1ccfe346548-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.0.0/css/free-v4-font-face.min.css?token=869e25b803

172.64.204.20

200 OK

1.8 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.0.0/css/free-v4-font-face.min.css?token=869e25b803
IP
172.64.204.20:443
ASN
#13335 CLOUDFLARENET

Requested by
http://mail.bbtb.c505.net/
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
FingerprintBC:9B:12:21:8D:67:FE:B5:D3:76:65:FC:D3:F7:91:AE:B4:65:CA:81
ValidityWed, 08 Nov 2023 07:11:36 GMT - Tue, 06 Feb 2024 07:11:35 GMT

File type
ASCII text, with very long lines (1817), with no line terminators
Size
1.8 kB (1789 bytes)
Hash
3dedc00973400e03c5ede855beb3e8b5
c72d245eb6fa18840821a7d53634a4f8ac5119d0
a45344d4b89aadfcddc80ff5e6de83bcbb2799a2af99a046e1cea1dd6fe0f28c

HTTP Headers

GET /releases/v6.0.0/css/free-v4-font-face.min.css?token=869e25b803 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://mail.bbtb.c505.net/
Origin: http://mail.bbtb.c505.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 06 Dec 2023 01:40:12 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 07 Feb 2022 20:11:39 GMT
etag: W/"369cbeaee8e26da69cc5b0a0700cd62c"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 851879d53a84651e63e2408132976dfe.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR5-P6
x-amz-cf-id: YLqQ8GHhRNXDB07wHXnopf9mXH7g_zxM7x__uOwbLcgGFY3Z9mLjaQ==
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2UHEbQJBMptAX29PZ1PL3VmZX4FATSBpHOsvu7GWrpd6%2B%2FrNrtB%2FxfW9DUpdyDWDnRhcfWw8FV9lB97EypTOvzRDZgJlVSn%2BoC96Tfl9%2BkjycBJ8gSjFcd0fNyn0zg5BFHf8%2BkHEKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8310d1ccfe306548-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (22)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1