Report - heimai.w5cdwrg7fj.workers.dev/uadmin/uadmin.php/

Report Overview

Visited public
2025-01-03 09:12:30
Tags
URL
heimai.w5cdwrg7fj.workers.dev/uadmin/uadmin.php/
Finishing URL
heimai.w5cdwrg7fj.workers.dev/uadmin/uadmin.php/
IP / ASN
172.67.164.124
#13335 CLOUDFLARENET
Title
heimai.w5cdwrg7fj.workers.dev/uadmin/uadmin.php/

Detections

urlquery

0

Network Intrusion Detection

1

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
heimai.w5cdwrg7fj.workers.dev	unknown	2019-02-08	2024-01-27	2025-01-03	1.4 kB	10 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-01-03 09:12:06	low	Client IP	188.114.97.1	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

	URL	IP	Response	Size
	heimai.w5cdwrg7fj.workers.dev/	188.114.97.1	301 Moved Permanently	162 B
URL heimai.w5cdwrg7fj.workers.dev/ IP 188.114.97.1:0 ASN #13335 CLOUDFLARENET File type HTML document, ASCII text, with CRLF line terminators Size 162 B (162 bytes) Hash 4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a HTTP Headers `GET / HTTP/1.1 Host: heimai.w5cdwrg7fj.workers.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 301 Moved Permanently Date: Fri, 03 Jan 2025 09:12:09 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Location: https://www.visa.no/ CF-Ray: 8fc1dd91c8ab56ab-OSL CF-Cache-Status: DYNAMIC Strict-Transport-Security: max-age=31536000; includeSubDomains Vary: Accept-Encoding CF-IPCountry: NO Content-Security-Policy: default-src 'self' .google.com policy.cookiereports.com cdn.visa.com usa.visa.com .googletagmanager.com .googleapis.com .doubleclick.net .google-analytics.com .googlesyndication.com googleads.g.doubleclick.net .3gl.net .gstatic.com collect.tealiumiq.com 'unsafe-inline';img-src * data:; Set-Cookie: __cflb=0H28vGU93dsBwtKJ9Mxfs19A9yXxxEPi7ia4kFc6c1f; SameSite=Lax; path=/; expires=Sun, 05-Jan-25 11:12:09 GMT; HttpOnly _cfuvid=uIs7Y8WmP32hCksC2w6XxUwXXOJsfRc1UJxpL5d_rZo-1735895529502-0.0.1.1-604800000; path=/; domain=.visa.com; HttpOnly; Secure; SameSite=None X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=syUU%2B2B2X2C9E6NPPEgpC9NglB7j5aiwVS6m1OEaA4dN%2BOrzssvCN1sve72gBcxck%2Fu3D97Y3LGfOPsc5Sw8tmUe0So9iz6sehfenDStH9KsDikwjJRnAhxAKFHJ975421BCs6JFhbvH%2Bh4VSyRkNg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=509&min_rtt=509&rtt_var=254&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=282&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

	heimai.w5cdwrg7fj.workers.dev/uadmin/uadmin.php/	188.114.97.1	406 Not Acceptable	117 B
URL heimai.w5cdwrg7fj.workers.dev/uadmin/uadmin.php/ IP 188.114.97.1:0 ASN #13335 CLOUDFLARENET File type ASCII text, with no line terminators Size 117 B (117 bytes) Hash 30657d1530d3eb9d461e78c5553269bc ea23104e3c22a51a916c8688a8a1d759e4dead64 b29944f5ad99f2fb19ed67c549892f92a31b20b8a264e0f486919dd342dfe1e6 HTTP Headers GET /uadmin/uadmin.php/ HTTP/1.1 Host: heimai.w5cdwrg7fj.workers.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Cookie: HMF_CI=b49a3583c4d37a6880ba025ce7503825e264b761d4dc0e654f3764fd3fc43363da4149523587109846729c067fd81c579cc358b1a568c311ab470d709f196faa47 Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache HTTP/1.1 406 Not Acceptable Date: Fri, 03 Jan 2025 09:12:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive CF-Ray: 8fc1ddba59cfb529-OSL CF-Cache-Status: DYNAMIC Cache-Control: no-cache Expires: 0 Vary: Accept-Encoding Pragma: no-cache Set-Cookie: __cflb=0H28vGU93dsBwtKJ9Mxfs19A9yXxxEPnYdhG89Miax9; SameSite=Lax; path=/; expires=Sun, 05-Jan-25 11:12:15 GMT; HttpOnly _cfuvid=200ej_HCT7kWJdRAkHckGIUlAh7dWtFlTo082cJG9fw-1735895535936-0.0.1.1-604800000; path=/; domain=.visa.com; HttpOnly; Secure; SameSite=None Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qa8RAaeEOguKJp1qilPBZlHo8oJtsU7YQstDqLQOKI0e56xgWBnD6GJpCmC%2FVx0Qh1VjrfHK3HhaUzMDjm5gRSRuP7jpeTWbNQRqfiI8zYlbwoM6tZ0HWWgeZVRnYIx2MOMEeMRmGrzkeJdRe7ON%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=513&min_rtt=513&rtt_var=256&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=567&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

	heimai.w5cdwrg7fj.workers.dev/favicon.ico	188.114.97.1	502 Bad Gateway	6.3 kB
URL heimai.w5cdwrg7fj.workers.dev/favicon.ico IP 188.114.97.1:0 ASN #13335 CLOUDFLARENET File type HTML document, ASCII text, with very long lines (394) Size 6.3 kB (6315 bytes) Hash 41a7fe5db6a808348b492b29c3e0188f 55b13503b189d21859bb185bbef9b8d86200ed74 3c4f7f258c38c45ab2578e7b6d8954e6c37ca292140f51d90e5b0299b1357a97 HTTP Headers GET /favicon.ico HTTP/1.1 Host: heimai.w5cdwrg7fj.workers.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Referer: http://heimai.w5cdwrg7fj.workers.dev/uadmin/uadmin.php/ Cookie: HMF_CI=b49a3583c4d37a6880ba025ce7503825e264b761d4dc0e654f3764fd3fc43363da4149523587109846729c067fd81c579cc358b1a568c311ab470d709f196faa47; __cflb=0H28vGU93dsBwtKJ9Mxfs19A9yXxxEPnYdhG89Miax9 Pragma: no-cache Cache-Control: no-cache HTTP/1.1 502 Bad Gateway Date: Fri, 03 Jan 2025 09:12:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive CF-Ray: 8fc1ddbc8cbab529-OSL Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Set-Cookie: _cfuvid=bv0CblZIR3bjoY7Kh0yn5XYVjOzDQmFrt76ir9qpfCc-1735895536268-0.0.1.1-604800000; path=/; domain=.visa.com; HttpOnly; Secure; SameSite=None Vary: Accept-Encoding Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8WlWpEwmtIdQg9SmDCvLixd8Ll%2FiHikFTj%2BrbYjbY9tB4LV4FatbaxpSbd51gOZGdv5JzMVqqAOjfF%2B%2FEoz4LfuoXCdCfxHIsso4foC3XXXl35f3TCNCU%2Fqid8vQZkdn4YBWmD%2BVa8BKHJwkc16JPA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=508&min_rtt=469&rtt_var=156&sent=4&recv=6&lost=0&retrans=0&sent_bytes=1303&recv_bytes=1155&delivery_rate=5474480&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"