Report - val1d-upge.2zd4t4hkw.workers.dev/

Report Overview

Submitted URL
val1d-upge.2zd4t4hkw.workers.dev/
IP
104.21.96.113
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 17:19:10
Access
public
Website Title
AT&T - Login
Final URL
val1d-upge.2zd4t4hkw.workers.dev/
Tags
phishing suspicious
urlquery detections
Phishing - Generic phishing
Suspicious - Suspicious Javascript code

Detections

urlquery
11
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
val1d-upge.2zd4t4hkw.workers.dev	unknown	2019-02-08	2022-03-28	2024-03-05	1.4 kB	52 kB	172.67.178.92

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	val1d-upge.2zd4t4hkw.workers.dev/	AT&T Inc.
2024-04-17	medium	val1d-upge.2zd4t4hkw.workers.dev/	AT&T Inc.
2024-04-17	medium	val1d-upge.2zd4t4hkw.workers.dev/	AT&T Inc.

PhishTank

Scan Date	Severity	Indicator	Alert
2023-06-25	medium	val1d-upge.2zd4t4hkw.workers.dev/favicon.ico	AT&T
2023-06-25	medium	val1d-upge.2zd4t4hkw.workers.dev/	AT&T
2023-06-25	medium	val1d-upge.2zd4t4hkw.workers.dev/style.css	AT&T

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	val1d-upge.2zd4t4hkw.workers.dev/	18 kB	2023-06-09	2024-04-17
Pretty URL val1d-upge.2zd4t4hkw.workers.dev/ IP 172.67.178.92 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-09 13:50:01 Last Seen2024-04-17 19:19:10 Times Seen7 Hash ba2452e8b4c7e3b294b0be0411643137 2eb49f85bdc1d7b13024923033a6ef92f349687b c6f73e185f45f1636aa1238db78b9607c60089b74909d50b85fdc553f297228d Loading...

	unknown	14 kB	2023-06-09	2024-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-09 13:50:01 Last Seen2024-04-17 19:19:10 Times Seen7 Hash e9cd3e7183be5f3fb438820a819c7e8c a33ca1f175c052e5b6b2c96ab5876919fdfb5139 2b70d67bf9cabb78a056b4ca3b6d876ed88306dc84b56ee0a06f2849edffe488 Loading...

	unknown	10 kB	2023-06-09	2024-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-09 13:50:01 Last Seen2024-04-17 19:19:10 Times Seen7 Hash b7b0bbf8bd87f39912ba91bf995d100b a414416a64a22a44635cf21db50c6f60b3eb66a4 2cd01a02a5f14aef86b52805ed04bd67fd5e235f3b06ecccd32803ccf8a29a66 Loading...

	unknown	1.0 kB	2023-06-09	2024-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-09 13:50:01 Last Seen2024-04-17 19:19:10 Times Seen7 Hash 183e9141775d42c990360761141e208f cf643b5c87a203a22d781db056a204e2bd05d46c ba37113b00b087496dca42c31b62bb01ac89b0b44a9fab7942760a665280879a Loading...

		Size	First Seen	Last Seen
	#1 Write - 17506bf165b6215b2237372d4d7935d8	14 kB	2023-06-09	2024-04-17
Pretty Observations First Seen2023-06-09 13:50:01 Last Seen2024-04-17 19:19:10 Times Seen7 Hash 17506bf165b6215b2237372d4d7935d8 bfb08a42486d85174914e48964da0a62615d8a01 f1c1a8c98ccc7186026e07768a31efa25a44668b67906fbec88cf142f15edd17 Loading...

	#2 Write - 7ccb1aea49aacd2d3925e9adb24f44cd	10 kB	2023-06-09	2024-04-17
Pretty Observations First Seen2023-06-09 13:50:01 Last Seen2024-04-17 19:19:10 Times Seen7 Hash 7ccb1aea49aacd2d3925e9adb24f44cd 5dc5bca34067d47bc5e0d6a194ebf089b0252bda 6c0d13951c4e89800672213aec262e2a08a4ea4ae9154930a36c8cfe34dc07a7 Loading...

	#3 Write - 58010fb3e83fe9c9d4fb9be1ce2bcc85	6.4 kB	2023-06-09	2024-04-17
Pretty Observations First Seen2023-06-09 13:50:01 Last Seen2024-04-17 19:19:10 Times Seen7 Hash 58010fb3e83fe9c9d4fb9be1ce2bcc85 dd9e0291f039d59cafc272fc3744404b0f42172a 84dec83fd430043eb091214ff47cb16bf42738b359dde2d13f5f367f7db7e764 Loading...

HTTP Transactions (3)

URL IP Response Size

val1d-upge.2zd4t4hkw.workers.dev/favicon.ico

172.67.178.92

200 OK

14 kB

URL GET HTTP/3
val1d-upge.2zd4t4hkw.workers.dev/favicon.ico
IP
172.67.178.92:443
ASN
#13335 CLOUDFLARENET

Requested by
https://val1d-upge.2zd4t4hkw.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subject2zd4t4hkw.workers.dev
Fingerprint27:0E:AD:7B:2A:34:B2:3F:DA:C1:88:D5:3A:AE:90:E2:1E:BD:87:C5
ValiditySun, 14 Apr 2024 00:12:29 GMT - Sat, 13 Jul 2024 00:12:28 GMT

File type
HTML document, ASCII text, with very long lines (18144)
Size
14 kB (14161 bytes)
Hash
5e378e48c595a750fe4d3c89b749c6bd
1c9dd8e268b80ca5f103206883c640311e42420c
58251bfe50134c57bfa13e34f92827a37b684cbeb95cefddc2790470f9ce7611

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	AT&T Inc.
PhishTank	phishing	AT&T

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: val1d-upge.2zd4t4hkw.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://val1d-upge.2zd4t4hkw.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:18:45 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UtlEWQ1SBe6wh07j5nPBdQjXoMXduD7llGt%2BrK6H%2B%2FL31ePc9duM20on3LuYFHe8daMZbt7d0oxB%2Bd%2FGx8jLhEzbqxkZ%2FjWGMaabiolWZ%2FUUH1YGz%2Bo2Ac5jZ5zkmospZCPnf58agZsLR5%2BsbXkkGJtlYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e137c4a999304-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

val1d-upge.2zd4t4hkw.workers.dev/

172.67.178.92

200 OK

18 kB

URL User Request GET HTTP/2
val1d-upge.2zd4t4hkw.workers.dev/
IP
172.67.178.92:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject2zd4t4hkw.workers.dev
Fingerprint27:0E:AD:7B:2A:34:B2:3F:DA:C1:88:D5:3A:AE:90:E2:1E:BD:87:C5
ValiditySun, 14 Apr 2024 00:12:29 GMT - Sat, 13 Jul 2024 00:12:28 GMT

File type
HTML document, ASCII text, with very long lines (18144)
Size
18 kB (18195 bytes)
Hash
5e378e48c595a750fe4d3c89b749c6bd
1c9dd8e268b80ca5f103206883c640311e42420c
58251bfe50134c57bfa13e34f92827a37b684cbeb95cefddc2790470f9ce7611

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
OpenPhish	phishing	AT&T Inc.
PhishTank	phishing	AT&T

HTTP Headers

GET / HTTP/1.1
Host: val1d-upge.2zd4t4hkw.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 17:18:44 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vyoe%2FQgXl3FQleiNN5nGcZgXTapnv%2F0v4mHbSOAoP6mL1RtoMmu9XIuYvUbLDfTPfhsFm61x8i0fu2qsEx2xWn03txL3I9LOwKzTWTfF0ko9%2B8YxuqFmun8AmEEgGaC1grznn2Kgt5FtLkntn5iBPuN8vA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e137ad95410b5-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

val1d-upge.2zd4t4hkw.workers.dev/style.css

172.67.178.92

200 OK

18 kB

URL GET HTTP/3
val1d-upge.2zd4t4hkw.workers.dev/style.css
IP
172.67.178.92:443
ASN
#13335 CLOUDFLARENET

Requested by
https://val1d-upge.2zd4t4hkw.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subject2zd4t4hkw.workers.dev
Fingerprint27:0E:AD:7B:2A:34:B2:3F:DA:C1:88:D5:3A:AE:90:E2:1E:BD:87:C5
ValiditySun, 14 Apr 2024 00:12:29 GMT - Sat, 13 Jul 2024 00:12:28 GMT

File type
HTML document, ASCII text, with very long lines (18144)
Size
18 kB (18195 bytes)
Hash
5e378e48c595a750fe4d3c89b749c6bd
1c9dd8e268b80ca5f103206883c640311e42420c
58251bfe50134c57bfa13e34f92827a37b684cbeb95cefddc2790470f9ce7611

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	AT&T Inc.
PhishTank	phishing	AT&T

HTTP Headers

GET /style.css HTTP/1.1
Host: val1d-upge.2zd4t4hkw.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://val1d-upge.2zd4t4hkw.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:18:45 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ujtJppiW1CISy2KqELB5hE5rQvYy1jh3EW5oR8mE9AeC1ptydaOk6t%2F1niLYUAammPSYgyGeTCVc2ZhNouB1cTzn4GTI4xJgE1%2BT9ZGMyurXcnZD8jpXKcalxNbIZTmV66kMhOIhBCWPYZiY3btGFStg%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e137c0a0f9304-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (3)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections