Report - worknefa.gq

Report Overview

Submitted URL
worknefa.gq
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2023-12-04 22:59:54
Access
public
Website Title
I not a bot. Go to.
Final URL
worknefa.gq/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
2
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
worknefa.gq	unknown	unknown	2022-07-23	2023-10-25	1.4 kB	3.7 kB	188.114.96.1
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-06-15	2023-12-04	462 B	157 kB	104.18.11.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-04 22:59:42	medium	Client IP	Internal IP	ET INFO DNS Query for Suspicious .gq Domain
2023-12-04 22:59:42	medium	Client IP	188.114.97.1	ET INFO Suspicious Domain (*.gq) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (3)

	URL	IP	Response	Size
	worknefa.gq/	188.114.96.1	200 OK	801 B
URL User Request GET HTTP/2 worknefa.gq/ IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services LLC Subjectworknefa.gq FingerprintED:5D:29:E6:CD:BF:2A:64:8F:AF:24:91:E4:63:31:93:F4:7D:2E:CB ValiditySun, 12 Nov 2023 14:10:13 GMT - Sat, 10 Feb 2024 14:10:12 GMT File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (859), with no line terminators Size 801 B (801 bytes) Hash 021c22f1bab3bb33854c65a263bc9387 76c85872090aa3aefac5993842d4dc02c0bf9ea6 b49ae4e2b706863552fd2641060ebcf0ee79e252c07003a92c7e7db1d24126ff HTTP Headers GET / HTTP/1.1 Host: worknefa.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Cookie: antibot_uid=68a14cf1cee0b945c3a456a5ca39075c; antibot_country=NO; antibot_lang=en; antibot_ptr=s919042154.blix.com; antibot_0573b7d3c15c5d33589bba26a19a6501=2db3b3ee8811e4f0e1f2d1f20a8cc482; lastcid=1701730776.8323 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 04 Dec 2023 22:59:40 GMT content-type: text/html; charset=UTF-8 set-cookie: antibot_hits=2; expires=Tue, 05-Dec-2023 22:59:40 GMT; Max-Age=86400; path=/ antibot_unique_20231204=1; expires=Tue, 05-Dec-2023 22:59:40 GMT; Max-Age=86400; path=/ lastcid=0; expires=Mon, 04-Dec-2023 22:58:00 GMT; Max-Age=0; path=/ cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xmRupfJjU3oit3V3ukKxhtcLrHEa07lKBpmUdB8tD%2BJqufaP5UI%2F%2FJ5hjpS8H4Wg1vRRT8At8LTiqHcezxderT0C8eA1Kko22bNlc95F%2FoJyTNprHNV2Mx%2FS9FF7%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 8307a941fa9bb517-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css	104.18.11.207	200 OK	156 kB
URL GET HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css IP 104.18.11.207:443 ASN #13335 CLOUDFLARENET Requested by https://worknefa.gq/ Certificate IssuerGoogle Trust Services LLC Subjectbootstrapcdn.com Fingerprint34:BC:91:5F:B9:EC:32:2C:D9:73:C7:88:C3:6C:FB:77:E7:70:8D:04 ValidityThu, 30 Nov 2023 00:15:17 GMT - Wed, 28 Feb 2024 00:15:16 GMT File type ASCII text, with very long lines (65324) Size 156 kB (155758 bytes) Hash a15c2ac3234aa8f6064ef9c1f7383c37 6e10354828454898fda80f55f3decb347fd9ed21 60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36 HTTP Headers `GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1 Host: stackpath.bootstrapcdn.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://worknefa.gq/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Mon, 04 Dec 2023 22:59:40 GMT content-type: text/css; charset=utf-8 vary: Accept-Encoding cdn-pullzone: 252412 cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestcountrycode: DE access-control-allow-origin: * cache-control: public, max-age=31919000 etag: W/"a15c2ac3234aa8f6064ef9c1f7383c37" last-modified: Mon, 25 Jan 2021 22:04:08 GMT cdn-cachedat: 10/31/2023 18:59:49 cdn-proxyver: 1.04 cdn-requestpullcode: 200 cdn-requestpullsuccess: True cdn-edgestorageid: 1078 timing-allow-origin: * cross-origin-resource-policy: cross-origin x-content-type-options: nosniff cdn-status: 200 cdn-requestid: 781fdf1c6e823e65290dac5eeb884a47 cdn-cache: HIT cf-cache-status: HIT age: 1021561 strict-transport-security: max-age=31536000; includeSubDomains; preload server: cloudflare cf-ray: 8307a9427f11568b-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	worknefa.gq/favicon.ico	188.114.96.1	200 OK	1.4 kB
URL GET HTTP/2 worknefa.gq/favicon.ico IP 188.114.96.1:443 ASN #13335 CLOUDFLARENET Requested by https://worknefa.gq/ Certificate IssuerGoogle Trust Services LLC Subjectworknefa.gq FingerprintED:5D:29:E6:CD:BF:2A:64:8F:AF:24:91:E4:63:31:93:F4:7D:2E:CB ValiditySun, 12 Nov 2023 14:10:13 GMT - Sat, 10 Feb 2024 14:10:12 GMT File type MS Windows icon resource - 1 icon, 16x16\012- data Size 1.4 kB (1406 bytes) Hash f0f650f8646a203f362d739a75e64778 004da78df6f6b283b037ee6793b7caa693dda197 4442c09f020ef30928eb81cfe74d8bb6543561354ca9a53cf6a77255a234f5d0 HTTP Headers GET /favicon.ico HTTP/1.1 Host: worknefa.gq User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://worknefa.gq/ Cookie: antibot_uid=68a14cf1cee0b945c3a456a5ca39075c; antibot_country=NO; antibot_lang=en; antibot_ptr=s919042154.blix.com; antibot_0573b7d3c15c5d33589bba26a19a6501=2db3b3ee8811e4f0e1f2d1f20a8cc482; antibot_hits=2; antibot_unique_20231204=1 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Mon, 04 Dec 2023 22:59:40 GMT content-type: image/x-icon last-modified: Thu, 13 Apr 2023 19:11:15 GMT etag: W/"643853d3-57e" cache-control: max-age=14400 cf-cache-status: HIT age: 3 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uknpv8UZBuB26Fgcxl5QW8c%2BTkBJG%2B2%2BbSnz8aF9RGFfyN43mzmryEyEwzi9gXUouJ5YXD27vB6pseTCk8D%2F7eoArZVv1DAdHXJmUdqbqWWmatyGUxnbi4MM4TaMKw%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8307a942ab0fb517-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2