Report - cdn2.me-qr.com/htm/20890362.htm

Report Overview

Submitted URL
cdn2.me-qr.com/htm/20890362.htm
IP
49.12.126.78
ASN
#24940 Hetzner Online GmbH
Submitted
2024-04-26 18:04:08
Access
public
Website Title
Office365 Onedrive
Final URL
cdn2.me-qr.com/htm/20890362.htm
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
avatars2.githubusercontent.com	88168	2014-02-06	2014-03-05	2024-03-19	487 B	1.4 kB	185.199.109.133
encrypted-tbn0.gstatic.com	unknown	2008-02-11	2013-05-31	2024-04-25	485 B	7.8 kB	142.250.74.174
cdn2.me-qr.com	unknown	2020-11-11	2023-05-23	2024-04-13	936 B	13 kB	49.12.126.78

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	cdn2.me-qr.com/htm/20890362.htm	Microsoft OneDrive

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	cdn2.me-qr.com/htm/20890362.htm	149 B	2023-03-26	2024-04-26
Pretty URL cdn2.me-qr.com/htm/20890362.htm IP 49.12.126.78 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 00:20:02 Last Seen2024-04-26 20:04:08 Times Seen4 Hash 2b121c96a3980560da80c2da6b1e5788 7d10021e96c74c1fa56ba5ccab3540d45d2cffae 4768e8aabaa1a00b29178848b4f7b1e5874d5fc296499c6c829c724e4ca26f02 Loading...

HTTP Transactions (4)

URL IP Response Size

cdn2.me-qr.com/htm/20890362.htm

49.12.126.78

200 OK

12 kB

URL User Request GET HTTP/2
cdn2.me-qr.com/htm/20890362.htm
IP
49.12.126.78:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectme-qr.com
Fingerprint84:20:FC:C0:F3:0C:B6:57:13:C3:27:5B:C2:09:75:1E:32:FC:F3:D0
ValidityFri, 19 Apr 2024 21:24:20 GMT - Thu, 18 Jul 2024 21:24:19 GMT

File type
HTML document, ASCII text, with very long lines (7575), with CRLF line terminators
Size
12 kB (12065 bytes)
Hash
fa326bf7ca2bde21f3ff8a6c28d2baad
259738e92aaaa25a5fde7f6d65f1cd74ea7edcbe
aada2c82ea561f0a628fae00735a66fd23f7a647d025ecdad43ff3084cd18db6

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Microsoft OneDrive

HTTP Headers

GET /htm/20890362.htm HTTP/1.1
Host: cdn2.me-qr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty/1.21.4.1
date: Fri, 26 Apr 2024 18:03:43 GMT
content-type: text/html
content-length: 12065
last-modified: Mon, 04 Mar 2024 06:38:57 GMT
etag: "65e56c81-2f21"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2

avatars2.githubusercontent.com/oa/681659?s=120&u=5ece5e24b504743451c921c17fe20ca31d71c90f&v=4

185.199.109.133

200 OK

490 B

URL GET HTTP/2
avatars2.githubusercontent.com/oa/681659?s=120&u=5ece5e24b504743451c921c17fe20ca31d71c90f&v=4
IP
185.199.109.133:443
ASN
#54113 FASTLY

Requested by
https://cdn2.me-qr.com/htm/20890362.htm
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
PNG image data, 120 x 120, 8-bit/color RGB, non-interlaced
Size
490 B (490 bytes)
Hash
26393086e8c2704cc464614aa96faa01
b2dc683d017e946aa689c54937b97b1c718b1e16
de73643264bb3af2bb45ef47982b12471ec2eb8c1b6bab0bce8a8e937ed96f49

HTTP Headers

GET /oa/681659?s=120&u=5ece5e24b504743451c921c17fe20ca31d71c90f&v=4 HTTP/1.1
Host: avatars2.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn2.me-qr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'
content-type: image/png
etag: "5f4d14030929f36d599e8759972dfd49f53dbb32c9ac2036f42e3c3b54470496"
last-modified: Thu, 14 Jun 2018 20:37:43 GMT
strict-transport-security: max-age=31557600
timing-allow-origin: https://github.com
x-content-type-options: nosniff
x-frame-options: deny
x-github-tenant: 
x-xss-protection: 1; mode=block
x-github-request-id: 213A:305A17:163C970:17424FF:66147948
accept-ranges: bytes
date: Fri, 26 Apr 2024 18:03:43 GMT
via: 1.1 varnish
x-served-by: cache-hel1410020-HEL
x-cache: HIT
x-cache-hits: 778
x-timer: S1714154623.461639,VS0,VE0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 9c12c228a4468befb750ae3e706bd53b462d6a6c
expires: Fri, 26 Apr 2024 18:08:43 GMT
source-age: 1536823
vary: Authorization,Accept-Encoding
content-length: 490
X-Firefox-Spdy: h2

cdn2.me-qr.com/favicon.ico

49.12.126.78

404 Not Found

159 B

URL GET HTTP/2
cdn2.me-qr.com/favicon.ico
IP
49.12.126.78:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://cdn2.me-qr.com/htm/20890362.htm
Certificate
IssuerLet's Encrypt
Subjectme-qr.com
Fingerprint84:20:FC:C0:F3:0C:B6:57:13:C3:27:5B:C2:09:75:1E:32:FC:F3:D0
ValidityFri, 19 Apr 2024 21:24:20 GMT - Thu, 18 Jul 2024 21:24:19 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
159 B (159 bytes)
Hash
707a6bf80b2aae914a3475cb829e534b
2e70d81cf7a8b2c2bf66521e720969d1e92f3819
20703cc00e86bed52bb9af00fac1cbd8c3dc16c2866b7251288325f1501c8755

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cdn2.me-qr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn2.me-qr.com/htm/20890362.htm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: openresty/1.21.4.1
date: Fri, 26 Apr 2024 18:03:43 GMT
content-type: text/html
content-length: 159
X-Firefox-Spdy: h2

encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcR5-z_UwR_Amy1pIXv08Q7Mkh4DRq8GIcF3ew&usqp=CAU

142.250.74.174

200 OK

7.0 kB

URL GET HTTP/2
encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcR5-z_UwR_Amy1pIXv08Q7Mkh4DRq8GIcF3ew&usqp=CAU
IP
142.250.74.174:443
ASN
#15169 GOOGLE

Requested by
https://cdn2.me-qr.com/htm/20890362.htm
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT

File type
PNG image data, 426 x 118, 8-bit colormap, non-interlaced
Size
7.0 kB (7036 bytes)
Hash
6a75380dc5db628d8857d4a549b77401
674a642e0403e8838a0348817609767fa9722bc2
e0a91303f21368fb88d7d4202feac1eb6b96c5e11b81694550608d8747fd8582

HTTP Headers

GET /images?q=tbn:ANd9GcR5-z_UwR_Amy1pIXv08Q7Mkh4DRq8GIcF3ew&usqp=CAU HTTP/1.1
Host: encrypted-tbn0.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn2.me-qr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-length: 7036
date: Fri, 26 Apr 2024 18:03:43 GMT
expires: Sat, 26 Apr 2025 18:03:43 GMT
cache-control: public, max-age=31536000
last-modified: Sat, 18 Jul 2020 11:43:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (4)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers