Report - wdq22.eqd56err3f.workers.dev/

Report Overview

Submitted URL
wdq22.eqd56err3f.workers.dev/
IP
104.21.83.217
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-19 04:14:11
Access
public
Website Title
One Drive
Final URL
wdq22.eqd56err3f.workers.dev/
Tags
suspicious
urlquery detections
Suspicious - Suspicious Javascript code

Detections

urlquery
3
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
wdq22.eqd56err3f.workers.dev	unknown	2019-02-08	2023-11-17	2024-02-11	936 B	325 kB	104.21.83.217

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	wdq22.eqd56err3f.workers.dev/	Microsoft OneDrive
2024-04-18	medium	wdq22.eqd56err3f.workers.dev/	Microsoft OneDrive

PhishTank

Scan Date	Severity	Indicator	Alert
2024-02-11	medium	wdq22.eqd56err3f.workers.dev/	Adobe
2024-02-11	medium	wdq22.eqd56err3f.workers.dev/favicon.ico	Adobe

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	wdq22.eqd56err3f.workers.dev/	322 kB	2023-12-29	2024-04-19
Pretty URL wdq22.eqd56err3f.workers.dev/ IP 104.21.83.217 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-12-29 03:48:18 Last Seen2024-04-19 06:14:11 Times Seen3 Hash 5c7d93d89d30991a973e9c65153df57f e9cdc74c7a694810a0109c820690c885546bbe00 695d29d60bd7df0a8202cad0f2fea91008ab2d7724ffc72ae5219d1e6e1d07c1 Loading...

		Size	First Seen	Last Seen
	#1 Write - 524436f3a580b3bde203e481b1a40db2	107 kB	2023-12-29	2024-04-19
Pretty Observations First Seen2023-12-29 03:48:18 Last Seen2024-04-19 06:14:11 Times Seen3 Hash 524436f3a580b3bde203e481b1a40db2 2d063b978bcf67de5633eafbc5feb1821a21a59c 9b2478cfe9a279ab64257403d743d6e36d3a6b3d6ca07385ef1440022c98dc73 Loading...

HTTP Transactions (2)

URL IP Response Size

wdq22.eqd56err3f.workers.dev/

104.21.83.217

200 OK

322 kB

URL User Request GET HTTP/2
wdq22.eqd56err3f.workers.dev/
IP
104.21.83.217:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecteqd56err3f.workers.dev
FingerprintEB:2B:7D:79:0E:15:3F:1D:71:6E:36:CC:68:FE:77:6E:FA:4E:AA:97
ValiditySat, 24 Feb 2024 15:00:25 GMT - Fri, 24 May 2024 15:00:24 GMT

File type
HTML document, ASCII text, with very long lines (65505)
Size
322 kB (322033 bytes)
Hash
79107896aa23c69d9c29ff9c2cfaac14
d018a825576f9f8a9f5b1461c206470fbc794241
1ca5b2b31631cd04fdb26e62f6808d3e3f1a2a2290904035a845bcaaa8f6e5f6

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
OpenPhish	phishing	Microsoft OneDrive
PhishTank	phishing	Adobe

HTTP Headers

GET / HTTP/1.1
Host: wdq22.eqd56err3f.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 04:13:44 GMT
content-type: text/html; charset=utf-8
cf-ray: 876a10539a24b4f9-OSL
cf-cache-status: HIT
age: 14748
etag: W/"index.86ca302586.html"
vary: Accept-Encoding
feature-policy: none
referrer-policy: unsafe-url
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tFwvJXTfUbVGlJJGUinob0sWmn8TdRPPnKWvzNtYXrVtYhUadl2xv%2FPw5iODZqMoqp2pmeaC2eEe0OahbLeKCh%2FEAbgfbG3Lqd%2FAE%2FJkJvxnXpWCF6%2BniOS3WUxV%2BFmJyDKzYFGMWu8ZPNhBiorS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wdq22.eqd56err3f.workers.dev/favicon.ico

104.21.83.217

200 OK

1.2 kB

URL GET HTTP/3
wdq22.eqd56err3f.workers.dev/favicon.ico
IP
104.21.83.217:443
ASN
#13335 CLOUDFLARENET

Requested by
https://wdq22.eqd56err3f.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecteqd56err3f.workers.dev
FingerprintEB:2B:7D:79:0E:15:3F:1D:71:6E:36:CC:68:FE:77:6E:FA:4E:AA:97
ValiditySat, 24 Feb 2024 15:00:25 GMT - Fri, 24 May 2024 15:00:24 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
f6f8f2c43fb6eb89dbd89cc7c1eb0c83
b2ceb2c7c2a80a96bb06f242a4fb3228eb66aa2d
9ac292655c99c87fe1f621ba8c4084cc12e9873bedbd1ee8302095f94ace42ff

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Microsoft OneDrive
PhishTank	phishing	Adobe

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: wdq22.eqd56err3f.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wdq22.eqd56err3f.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 04:13:45 GMT
content-type: image/vnd.microsoft.icon
cf-ray: 876a105529f25684-OSL
cf-cache-status: HIT
age: 14749
etag: W/"favicon.ff38969f14.ico"
vary: Accept-Encoding
feature-policy: none
referrer-policy: unsafe-url
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X4xNScYgT%2BqLYnpaXj1FdgSxuP5IOLAe%2FfDsQKT4TPXxRZrRLisIAGtBysyU3vr5pPzVbznj511ZhJPtf15kKC3VzRnDMQGurfB5kk8%2BRODBQAKChBG5rByXxI8fsIEyDVmiAo5u041kwHMLs0eE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers