Report - green-tonic.live/

Report Overview

Submitted URL
green-tonic.live/
IP
104.21.1.69
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-03 23:48:10
Access
public
Website Title
Apache HTTP Server Test Page powered by CentOS
Final URL
green-tonic.live/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
24

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
green-tonic.live	unknown	2023-09-07	2023-09-07	2024-03-22	4.7 kB	29 kB	172.67.128.192

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-03	medium	green-tonic.live	Sinkholed
2024-05-03	medium	green-tonic.live	Sinkholed
2024-05-03	medium	green-tonic.live	Sinkholed
2024-05-03	medium	green-tonic.live	Sinkholed
2024-05-03	medium	green-tonic.live	Sinkholed
2024-05-03	medium	green-tonic.live	Sinkholed
2024-05-03	medium	green-tonic.live	Sinkholed
2024-05-03	medium	green-tonic.live	Sinkholed
2024-05-03	medium	green-tonic.live	Sinkholed
2024-05-03	medium	green-tonic.live	Sinkholed
2024-05-03	medium	green-tonic.live	Sinkholed
2024-05-03	medium	green-tonic.live	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	Size	First Seen	Last Seen
	green-tonic.live/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-05-22
Pretty URL green-tonic.live/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 172.67.128.192 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-22 10:46:14 Times Seen58014 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

HTTP Transactions (12)

URL IP Response Size

green-tonic.live/

172.67.128.192

403 Forbidden

2.1 kB

URL User Request GET HTTP/2
green-tonic.live/
IP
172.67.128.192:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectgreen-tonic.live
FingerprintB6:19:B2:AA:D8:50:48:61:97:BF:E6:D5:7E:46:30:47:80:C4:A8:FA
ValidityWed, 01 May 2024 12:08:23 GMT - Tue, 30 Jul 2024 12:08:22 GMT

File type
HTML document, ASCII text
Size
2.1 kB (2148 bytes)
Hash
30efc1860c07e491d2b45fb23dddc78f
a79b0dc7794fb220c47ec91488959f40b4d21175
f774df3760f3eafab00b1d84d78655ac9f8c753f118cf95d97c40ebf6bd65655

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: green-tonic.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Fri, 03 May 2024 23:47:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i3fnhOnAEamEmhdXO40LMH9qGiPzlxAQwpxAkTUsfSjFOW6oo0oarXNlO9CGkKBRWwoW%2F%2FHL2I%2FZJUwCk4Sq7TE9tWAg876tsWMc9X5ECzolzmn5S9cyGnNi6Izfnf2Rvzz2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 87e423536ce056aa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

green-tonic.live/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

172.67.128.192

200 OK

655 B

URL GET HTTP/1.1
green-tonic.live/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
172.67.128.192:80
ASN
#13335 CLOUDFLARENET

Requested by
http://green-tonic.live/

File type
JavaScript source, ASCII text, with very long lines (1238)
Size
655 B (655 bytes)
Hash
9e8f56e8e1806253ba01a95cfc3d392c
a8af90d7482e1e99d03de6bf88fed2315c5dd728
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: green-tonic.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://green-tonic.live/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 23:47:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 30 Apr 2024 15:20:25 GMT
ETag: W/"66310c39-4d7"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7MCZunFoOXLaMBK5KI4wdQSLRmxfzp8rpgsKvkZRQp9vKCAbb9%2FAh1iuDlFP9xPkn8vNozi5UKFFB18ff2usvtSURT2AmWr0jn7uHu0isdYmSXBEh%2BbEUPq9E0dxAjVdyWpa"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e423552b2db509-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Sun, 05 May 2024 23:47:46 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip

green-tonic.live/noindex/css/open-sans.css

172.67.128.192

200 OK

636 B

URL GET HTTP/1.1
green-tonic.live/noindex/css/open-sans.css
IP
172.67.128.192:80
ASN
#13335 CLOUDFLARENET

Requested by
http://green-tonic.live/

File type
ASCII text
Size
636 B (636 bytes)
Hash
0ca7398a3e9ef11b70b5dfd1a052fe58
8bb7623c7027e927c0eced114d6011c57101a26f
65e9f0d6919c412dd5a04c322ce9cf9db80a1182f57778606a76110086c49fca

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /noindex/css/open-sans.css HTTP/1.1
Host: green-tonic.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://green-tonic.live/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 23:47:46 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 17 Jun 2014 16:00:47 GMT
ETag: W/"13d9-4fc0a3f32a9c0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SISFda1aQvey7Ul%2Bk00jeQUW6WJngaw%2FTsjXbmV0XrSQHp23JACU67Kj%2BOFFirKL6Spks9WOF14rYylh%2FGexy6yODkcsSdE6F99ghnLQT7rs1s7Rl6cE1RPaY0GM8XuBgVQF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e423552e1f569d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

green-tonic.live/noindex/css/bootstrap.min.css

172.67.128.192

200 OK

4.8 kB

URL GET HTTP/1.1
green-tonic.live/noindex/css/bootstrap.min.css
IP
172.67.128.192:80
ASN
#13335 CLOUDFLARENET

Requested by
http://green-tonic.live/

File type
ASCII text, with very long lines (19170)
Size
4.8 kB (4753 bytes)
Hash
44c7856dea679ebcccf8fe201fbe1a7c
192a297f8aeda2bcdd0faa5320ffff825d24116f
bc40aeafcd25bc944d0d6357298c1b198b4a1fe294e0b84015d04b72cf942c10

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /noindex/css/bootstrap.min.css HTTP/1.1
Host: green-tonic.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://green-tonic.live/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 23:47:46 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 17 Jun 2014 16:00:47 GMT
ETag: W/"4b8d-4fc0a3f32a9c0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mepyS%2FPflFgc2KKWU2aQ8ItaaKIsmYiLZkS353ItzXjmorLQNNkwSZ6V01s7xvo9jpHjgsoVmIOfhxlz9i9841GYo46dU826oqGGRPAbNf0NgVwMuCuzGTvDpOq3rN52YwT2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e423552dd556aa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

green-tonic.live/

172.67.128.192

403 Forbidden

5.9 kB

URL User Request GET HTTP/2
green-tonic.live/
IP
172.67.128.192:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectgreen-tonic.live
FingerprintB6:19:B2:AA:D8:50:48:61:97:BF:E6:D5:7E:46:30:47:80:C4:A8:FA
ValidityWed, 01 May 2024 12:08:23 GMT - Tue, 30 Jul 2024 12:08:22 GMT

File type
HTML document, ASCII text
Size
5.9 kB (5942 bytes)
Hash
dbd18b6afa05d3a0b96fc8e81dad69d6
94f094fbf6231b48ce26f0ff0bd9b163a5e7e27e
f721818d14a78bd77df41a7eb0bb7c69f3efe1b31284299e3498ed9f3dc2c1f5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: green-tonic.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Fri, 03 May 2024 23:47:45 GMT
content-type: text/html; charset=UTF-8
last-modified: Thu, 16 Oct 2014 13:20:58 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NU%2BsIRWeKs5j8jotLQA9XVMrz7Wz%2BBzbkOdPecablA0a9e4IN5sNVdwdMR5eJDMbFc0e2PbJ%2FA4aXdRXJdfvGRHAS0oZi2I5MD%2FGfyJ0PdsTJ5er16wBtOIKmuM5daNAoQzp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e42350be1256a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

green-tonic.live/images/apache_pb.gif

172.67.128.192

200 OK

2.3 kB

URL GET HTTP/1.1
green-tonic.live/images/apache_pb.gif
IP
172.67.128.192:80
ASN
#13335 CLOUDFLARENET

Requested by
http://green-tonic.live/

File type
GIF image data, version 89a, 259 x 32
Size
2.3 kB (2326 bytes)
Hash
48bc8b181b36c9289866a2e30f6afedd
7bcc5d916d33ab08929a9f7c1d07c33ac1ba47ba
1654416fec35a8b5d36ee0257025cec63e56dfe8572b6ff67c6b0d0d43158cbb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/apache_pb.gif HTTP/1.1
Host: green-tonic.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://green-tonic.live/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 23:47:46 GMT
Content-Type: image/gif
Content-Length: 2326
Connection: keep-alive
Last-Modified: Tue, 17 Jun 2014 16:00:47 GMT
ETag: "916-4fc0a3f32a9c0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zalDn5H8ZiMCwoN6z5XwEX0AobihGeVbqZ8fYhKbODGeaMoNeE8is1IS6nlsg17h0WMJw0d0r1oYR74sXDL8LrYMC2iK0qjbMoAWZjbUkCgfeOslWXtWjRTh4pMPyO4rMMkO"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e423576c26b509-OSL
alt-svc: h2=":443"; ma=60

green-tonic.live/noindex/css/fonts/Bold/OpenSans-Bold.woff

172.67.128.192

200 OK

13 B

URL GET HTTP/1.1
green-tonic.live/noindex/css/fonts/Bold/OpenSans-Bold.woff
IP
172.67.128.192:80
ASN
#13335 CLOUDFLARENET

Requested by
http://green-tonic.live/

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
6ed0a7b3d262f18276c5355ce00958b6
d211e2ef8dd9e15443e081e455da91938085a2ff
b2c586b993fb29ae224f95fa15a6d760f38dfbc2146b45d8564194ee04295b53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /noindex/css/fonts/Bold/OpenSans-Bold.woff HTTP/1.1
Host: green-tonic.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://green-tonic.live/noindex/css/open-sans.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 23:47:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Fri, 03 May 2024 23:47:46 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BzLDH2PJWwkUA6OeBXZXlhrLKcxPp%2B1QHOTlTGJPbLEWAI%2FSKZWs%2Fd%2Bq2ghtQS8PgqgJA9GB%2Fltod%2F28ugK9Xtxfyzw2ENLK0bSu8A8O2TvaOs3Z2Pwn2C1d%2F8ydC6PMFF2q"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e42357af1456aa-OSL
alt-svc: h2=":443"; ma=60

green-tonic.live/noindex/css/fonts/Light/OpenSans-Light.woff

172.67.128.192

200 OK

13 B

URL GET HTTP/1.1
green-tonic.live/noindex/css/fonts/Light/OpenSans-Light.woff
IP
172.67.128.192:80
ASN
#13335 CLOUDFLARENET

Requested by
http://green-tonic.live/

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
6ed0a7b3d262f18276c5355ce00958b6
d211e2ef8dd9e15443e081e455da91938085a2ff
b2c586b993fb29ae224f95fa15a6d760f38dfbc2146b45d8564194ee04295b53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1
Host: green-tonic.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: http://green-tonic.live/noindex/css/open-sans.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 23:47:46 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Fri, 03 May 2024 23:47:46 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ghGmrikZGfxNhWIJ%2B400BWYIYVF2fE9BMY0kxngBGIClTkmtdzNE0AbwHKGUTIDetcYvoSSFmO9HvbmXl%2BpA9Uzy49vDzNP0YSkEKaD0v5Ss9Wl3mldBXXIVJvqfpHm16kTj"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e423579aff56a4-OSL
alt-svc: h2=":443"; ma=60

green-tonic.live/noindex/css/fonts/Bold/OpenSans-Bold.ttf

172.67.128.192

200 OK

33 B

URL GET HTTP/1.1
green-tonic.live/noindex/css/fonts/Bold/OpenSans-Bold.ttf
IP
172.67.128.192:80
ASN
#13335 CLOUDFLARENET

Requested by
http://green-tonic.live/

File type
ASCII text, with no line terminators
Size
33 B (33 bytes)
Hash
6ed0a7b3d262f18276c5355ce00958b6
d211e2ef8dd9e15443e081e455da91938085a2ff
b2c586b993fb29ae224f95fa15a6d760f38dfbc2146b45d8564194ee04295b53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /noindex/css/fonts/Bold/OpenSans-Bold.ttf HTTP/1.1
Host: green-tonic.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://green-tonic.live/noindex/css/open-sans.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 23:47:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Fri, 03 May 2024 23:47:47 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MnyvAENpwRAFUHor07PyTWO%2FxwLjA4bp7t80ijaW8hiK421cfQz%2BDSiNvVYL6jv2Sjcdhc1fCasXVV3p0FaOKCNEPHiP%2FYQisYNy9h%2FPhbKhuYUrcKzPFhCjaBoQefvGkiV%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e42359588a569d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

green-tonic.live/noindex/css/fonts/Light/OpenSans-Light.ttf

172.67.128.192

200 OK

33 B

URL GET HTTP/1.1
green-tonic.live/noindex/css/fonts/Light/OpenSans-Light.ttf
IP
172.67.128.192:80
ASN
#13335 CLOUDFLARENET

Requested by
http://green-tonic.live/

File type
ASCII text, with no line terminators
Size
33 B (33 bytes)
Hash
6ed0a7b3d262f18276c5355ce00958b6
d211e2ef8dd9e15443e081e455da91938085a2ff
b2c586b993fb29ae224f95fa15a6d760f38dfbc2146b45d8564194ee04295b53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1
Host: green-tonic.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://green-tonic.live/noindex/css/open-sans.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 23:47:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Fri, 03 May 2024 23:47:47 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bKec6O9KkbZ89C722SLAM1wB54V5qPm74xv2UJW5g2Y0MyiFlOPXrMgK2z2l8TLKKqnuJuRz8HFXrrJuJGQgHMPRbg0eETQJhXdpO71rK1fo6ecBHyT3rPHsVQYMnQ4SV%2FlF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e423596cfeb509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

green-tonic.live/favicon.ico

172.67.128.192

200 OK

33 B

URL GET HTTP/1.1
green-tonic.live/favicon.ico
IP
172.67.128.192:80
ASN
#13335 CLOUDFLARENET

Requested by
http://green-tonic.live/

File type
ASCII text, with no line terminators
Size
33 B (33 bytes)
Hash
6ed0a7b3d262f18276c5355ce00958b6
d211e2ef8dd9e15443e081e455da91938085a2ff
b2c586b993fb29ae224f95fa15a6d760f38dfbc2146b45d8564194ee04295b53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: green-tonic.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://green-tonic.live/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 23:47:47 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Thu, 02 May 2024 13:03:07 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cu%2FKriBLXHgQi8zbwLG%2Fq5s2AvWOITxOPIc1q4voocN3gvPtd5JPS1lUWx1ZV1%2BBOS4f2wguTzpVU3xmgVYUwijjW%2FFKzhXoeMjKbMDccaqBFw5VXnTTszDAb7ndwh6NpnpQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e4235abc8556a4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

green-tonic.live/images/poweredby.png

172.67.128.192

200 OK

4.0 kB

URL GET HTTP/1.1
green-tonic.live/images/poweredby.png
IP
172.67.128.192:80
ASN
#13335 CLOUDFLARENET

Requested by
http://green-tonic.live/

File type
PNG image data, 88 x 31, 8-bit/color RGB, non-interlaced
Size
4.0 kB (3956 bytes)
Hash
5b1ca9f747c1b73dfa1c508765d9056a
6b319c943d8c69e212e7de8385802891dbafe8a3
5b720d579bbc1f8fee3b64df9290d41a28c747a5802589e48e05b7ebbfe9fc2f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/poweredby.png HTTP/1.1
Host: green-tonic.live
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://green-tonic.live/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 03 May 2024 23:47:46 GMT
Content-Type: image/png
Content-Length: 3956
Connection: keep-alive
Last-Modified: Tue, 17 Jun 2014 16:00:47 GMT
ETag: "f74-4fc0a3f32a9c0"
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ne8ulc5rWd9f4H7pDO3cZdWbZRjwqEGPKOYnwzrnc1ZJyBWQT3w7RPosxJwjjvlwGfl9TqW8fFRXqW3glGBdsQm9bUoTyihN3mKingliny0JtocRPcVI1JIduPUExUlE7LAh"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87e423576f57569d-OSL
alt-svc: h2=":443"; ma=60

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (12)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1