Report - worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/

Report Overview

Submitted URL
worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
IP
104.21.89.167
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 17:45:20
Access
public
Website Title
Sign in to your account
Final URL
worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Tags
phishing microsoft outlook suspicious
urlquery detections
Phishing - Generic phishing
Phishing - Microsoft Outlook
Suspicious - Suspicious Javascript code

Detections

urlquery
10
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-06	464 B	28 kB	104.17.24.14
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-06	468 B	3.7 kB	151.101.129.229
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-05-07	1.9 kB	129 kB	142.250.74.42
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-06	512 B	1.2 kB	35.244.181.201
worker-long-sky-88c7.cor-vanleeuwenn.workers.dev	unknown	2019-02-08	2023-11-25	2024-04-05	996 B	3.2 MB	104.21.89.167

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/	Office365
2024-05-07	medium	worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/	Office365

PhishTank

Scan Date	Severity	Indicator	Alert
2024-04-01	medium	worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/favicon.ico	Microsoft
2024-04-01	medium	worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/	Microsoft

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js	93 kB	2023-03-07	2024-05-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-05-19 15:34:17 Times Seen24406 Hash 397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js	87 kB	2023-03-07	2024-05-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-19 16:10:37 Times Seen68022 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	unknown	2.8 kB	2024-04-01	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-01 19:10:20 Last Seen2024-05-07 19:45:21 Times Seen3 Hash 1891ecf5eb278ba807c8bd6097cc88af ed18dae417df5e8ec2f1f2eea9a01ba2d9835588 99b9ae9bf9c2fadf3548cd22c406ce664eee7dc010d6d2c2821b6e0b1f48e326 Loading...

	worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/	1.6 MB	2024-04-01	2024-05-07
Pretty URL worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/ IP 104.21.89.167 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-01 19:10:20 Last Seen2024-05-07 19:45:21 Times Seen3 Hash 428f8670af89d9291def6b59abe07a07 77a30d1e9de45ad020b4b7619dcf72d962d78145 f20a5bbf9f67d48266ac17fe96797b6bceabd978827b93912b79bc64543dfdb0 Loading...

	unknown	191 B	2024-04-01	2024-05-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-01 19:10:20 Last Seen2024-05-07 19:45:21 Times Seen3 Hash 764b0067255c8d2157e7d43cfea64cb7 b0dbd178c6761b9e0d2f9c875b140ab0c004c30e 5b4a8107dc11e3bc6e2dbaf3d2fb2391af2ddd3ad4526f3cd242764ad6b18736 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js	86 kB	2023-03-07	2024-05-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-19 16:00:18 Times Seen394437 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	cdn.jsdelivr.net/gh/joeymalvinni/webrtc-ip/dist/bundle.dev.js	11 kB	2023-04-07	2024-05-19
Pretty URL cdn.jsdelivr.net/gh/joeymalvinni/webrtc-ip/dist/bundle.dev.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-07 01:50:11 Last Seen2024-05-19 09:57:19 Times Seen418 Hash 9ac467685aa6071436af2154b0d88cf7 dc2c7c9f2e656c7c8bb468f526fc3f456c8742f5 3c685270387cc6b053034b0e934568f4c5f23d5f9f3026bd4368346c46b89c4e Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-19
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-19 16:02:44 Times Seen145565 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

		Size	First Seen	Last Seen
	#1 Write - 94cc6736f5acfc55d6f7ce2cf0f76bc4	527 kB	2024-04-01	2024-05-07
Pretty Observations First Seen2024-04-01 19:10:21 Last Seen2024-05-07 19:45:21 Times Seen3 Hash 94cc6736f5acfc55d6f7ce2cf0f76bc4 ae8dce9997c65f89f7d63ffb80363fc1cfa35623 c26cd7253478640354d59e457d350427263a3827a085400bc28986c195212178 Loading...

HTTP Transactions (9)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js

104.17.24.14

200 OK

27 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
27 kB (26909 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 17:44:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 26909
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14e4a"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 506379
expires: Sun, 27 Apr 2025 17:44:54 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HIktYyrMCucBivIbpX%2FC9lHHvNNzsymyFwrOZvH0a%2FseIXlbEFhW2vD9Jb6LFBHjdcwDhL4idWYVNprHiv6w1cigFUEJlkw%2BAzEgB%2F8UI2U1Pb1kXr1XMLirO%2FrpqQAwrOVZmE7v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8803054f3d010b45-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/gh/joeymalvinni/webrtc-ip/dist/bundle.dev.js

151.101.129.229

200 OK

3.0 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/joeymalvinni/webrtc-ip/dist/bundle.dev.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1107)
Size
3.0 kB (2966 bytes)
Hash
b5a599cbf2301155f7b0cd9774cf2186
713ac82967e54ed244afb05ee0f4ec2d1c38cc96
e532094e51493a4b86e1893bcebfd2b9527383d79b6bc413a1b7c85959dc3390

HTTP Headers

GET /gh/joeymalvinni/webrtc-ip/dist/bundle.dev.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.5.4
x-jsd-version-type: version
etag: W/"2b53-cTrIKWflTtJEr7Be4PTsLRw4zJY"
content-encoding: br
accept-ranges: bytes
age: 9760
date: Tue, 07 May 2024 17:44:54 GMT
x-served-by: cache-fra-eddf8230068-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2966
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

142.250.74.42

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
30 kB (30306 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:32:45 GMT
expires: Sat, 03 May 2025 02:32:45 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 400330
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.74.42

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 10:06:43 GMT
expires: Sat, 03 May 2025 10:06:43 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 373092
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

142.250.74.42

200 OK

33 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (32089)
Size
33 kB (33018 bytes)
Hash
397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

HTTP Headers

GET /ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33018
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 May 2024 07:15:23 GMT
expires: Wed, 07 May 2025 07:15:23 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 37772
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

142.250.74.42

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
30 kB (30306 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 May 2024 02:32:45 GMT
expires: Sat, 03 May 2025 02:32:45 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 400330
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=gqIAbi6eNcjBDu7T1nOb1JeHt9v3iirDv2vjvwZhMnR7gpT-H6eyDnPZfUyTtbCYwhEeJ9nRRatg86WRwg2D-VmXQMqpjok6k13_zIrv9LeaeCfpu7lNGdq75gTdZA40
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Tue, 07 May 2024 17:45:09 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 3
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/favicon.ico

104.21.89.167

200 OK

1.6 MB

URL GET HTTP/3
worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/favicon.ico
IP
104.21.89.167:443
ASN
#13335 CLOUDFLARENET

Requested by
https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectcor-vanleeuwenn.workers.dev
FingerprintE4:C9:FF:68:9E:AB:28:D8:D9:D4:87:FD:71:C3:0C:EC:5B:AC:69:3D
ValidityFri, 22 Mar 2024 12:03:02 GMT - Thu, 20 Jun 2024 12:03:01 GMT

File type

Size
1.6 MB (1581181 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365
PhishTank	phishing	Microsoft

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: worker-long-sky-88c7.cor-vanleeuwenn.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 07 May 2024 17:44:55 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q0Zc1ad6i8iT1y%2B5VgxrEE0GfKEGAWCaaNjVPazAsMeKukHx9oKRxibH%2FNp2gV8KW3MCbuaFMU8nMzq%2BZH4kWJtXcftisL7f%2FCSIm29VL0mszbNdPdM3HytLEIgTOGw7eqpdnKLHcZDE0DHZWCFDHm20JxTJSUFEpfMQU%2BssYgs10Ms%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880305527a9b0b45-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/

104.21.89.167

200 OK

1.6 MB

URL User Request GET HTTP/2
worker-long-sky-88c7.cor-vanleeuwenn.workers.dev/
IP
104.21.89.167:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectcor-vanleeuwenn.workers.dev
FingerprintE4:C9:FF:68:9E:AB:28:D8:D9:D4:87:FD:71:C3:0C:EC:5B:AC:69:3D
ValidityFri, 22 Mar 2024 12:03:02 GMT - Thu, 20 Jun 2024 12:03:01 GMT

File type

Size
1.6 MB (1581181 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
OpenPhish	phishing	Office365
PhishTank	phishing	Microsoft

HTTP Headers

GET / HTTP/1.1
Host: worker-long-sky-88c7.cor-vanleeuwenn.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 17:44:54 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IO65HvKLTxW8Kq8%2Fr%2FYWBYA7opkg6S7hxQqxELlDKriALlxY9Oco3LaOfFU1zBXNGAiQrye0VAFY%2FOU0QF70mRbPuQAkoxoOFWBlmk1HbJ0dqVtvxyFe4fTdhrLjy1qVkmkRkgqUXjeEqyuI3J4XJ8D9hGt%2FFLgpXY4CGYkpalG4VOc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 880305493ac1b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (9)

URL GET HTTP/2