Report - negar.ricihos405.workers.dev/

Report Overview

Visitedpublic

2025-12-13 18:20:29

Tags

Submit Tags

URL

negar.ricihos405.workers.dev/

Finishing URL

negar.ricihos405.workers.dev/

IP / ASN

172.67.198.171

#13335 CLOUDFLARENET

Title

Suspected phishing site | Cloudflare

Detections

urlquery

0

Network Intrusion Detection

6

Threat Detection Systems

1

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
negar.ricihos405.workers.dev	unknown	2019-02-08	2024-10-27	2024-11-15	2.1 kB	41 kB	104.21.68.213
challenges.cloudflare.com	11393	2009-02-17	2021-10-20	2025-12-07	904 B	100 kB	104.18.95.41

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-12-13 18:20:05	medium	172.18.0.24	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2025-12-13 18:20:07	low	172.18.0.24	172.67.198.171	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI
2025-12-13 18:20:11	medium	172.18.0.24	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2025-12-13 18:20:14	medium	172.18.0.24	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2025-12-13 18:20:20	medium	172.18.0.24	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain
2025-12-13 18:20:27	medium	172.18.0.24	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Detection System	Indicator	Verdict	Alert
DNS4EU	negar.ricihos405.workers.dev	malicious	Sinkholed

JavaScript (5)

HTTP Transactions (7)

	URL	IP	Response	Size