Report - green-river-8d21.ciyijo90666618.workers.dev/

Report Overview

Submitted URL
green-river-8d21.ciyijo90666618.workers.dev/
IP
188.114.96.1
ASN
#13335 CLOUDFLARENET
Submitted
2023-06-10 14:05:26
Access
public
Website Title
Final URL
Tags
suspicious
urlquery detections
Suspicious - Suspicious Javascript code

Detections

urlquery
4
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
img.icons8.com	28959	2011-10-04	2017-05-26	2023-06-10	471 B	2.0 kB	185.76.9.22
ocsp.sectigo.com	487	2018-08-16	2019-11-29	2023-06-10	330 B	963 B	104.18.15.101
green-river-8d21.ciyijo90666618.workers.dev	unknown	2019-02-08	2023-04-18	2023-05-29	1.5 kB	48 kB	188.114.96.1
api.ipify.org	3267	2014-01-05	2014-10-06	2023-06-10	448 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-05-29	medium	green-river-8d21.ciyijo90666618.workers.dev/
2023-05-29	medium	green-river-8d21.ciyijo90666618.workers.dev/
2023-05-29	medium	green-river-8d21.ciyijo90666618.workers.dev/

PhishTank

Scan Date	Severity	Indicator
2023-05-11	medium	green-river-8d21.ciyijo90666618.workers.dev/
2023-05-11	medium	green-river-8d21.ciyijo90666618.workers.dev/style.css
2023-05-11	medium	green-river-8d21.ciyijo90666618.workers.dev/favicon.ico

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	green-river-8d21.ciyijo90666618.workers.dev/	15 kB	2023-04-01	2023-07-25
Pretty URL green-river-8d21.ciyijo90666618.workers.dev/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-01 11:16:01 Last Seen2023-07-25 21:49:33 Times Seen15 Hash 081f4bd130dc6b6c644e23459cb4e502 f90b1572d16e17eab758ea1309f40eea67c2306a f7e226c81e100ea66026d6376b17341bf3aa319f900d2abb409b9f3e5eb8731d Loading...

	unknown	339 B	2023-04-18	2024-04-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-18 09:19:36 Last Seen2024-04-04 19:02:22 Times Seen23 Hash b19ca52ad0990659a0c709db8f96014e bcf744efb749da84eff1f7a0feb5e91b07da71be ac00c2525d17a17e61ebcd8170ee795a4a9a125d288e30d6dea8e17059588d15 Loading...

		Size	First Seen	Last Seen
	#1 Write - 942cde86831f33787068893f4052e503	10 kB	2023-04-01	2023-07-25
Pretty Observations First Seen2023-04-01 11:16:01 Last Seen2023-07-25 21:49:33 Times Seen15 Hash 942cde86831f33787068893f4052e503 be7b131d7fadb2e05a213bcc7bcb67211cab85da 7b9aafa2085c992c6b6d9d8009907d5fe5e0efef9d86504e0f1c3d4d200699d1 Loading...

HTTP Transactions (6)

URL IP Response Size

img.icons8.com/color/50/000000/google-logo.png

185.76.9.22

200 OK

1.3 kB

URL GET HTTP/2
img.icons8.com/color/50/000000/google-logo.png
IP
185.76.9.22:443
ASN
#60068 Datacamp Limited

Requested by
https://green-river-8d21.ciyijo90666618.workers.dev/
Certificate
IssuerLet's Encrypt
Subject1004834818.rsc.cdn77.org
Fingerprint29:3A:35:C3:B5:DD:E4:28:5E:A5:A7:C4:F2:9C:49:81:96:56:91:80
ValiditySat, 29 Apr 2023 22:44:57 GMT - Fri, 28 Jul 2023 22:44:56 GMT

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1335 bytes)
Hash
45717104c188f613553aa17f989bd3ec
9160dfe7f936a53a76f1a5135212d7d6f07993ba
1a120e58f75551ccd9d96cdb3c285008a750de5c4eb18b66f2b036a588031955

HTTP Headers

GET /color/50/000000/google-logo.png HTTP/1.1
Host: img.icons8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://green-river-8d21.ciyijo90666618.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 10 Jun 2023 14:05:09 GMT
content-type: image/png
content-length: 1335
vary: Origin
access-control-allow-origin: *
icon-id: 17949
icon-size: 50
icon-format: png
last-modified: Sat, 27 May 2023 21:47:27
version: 0.0.29
from-mongo-cache: true
from-redis-cache: false
not-found-platform: false
cache-control: public, max-age=302400
strict-transport-security: max-age=15724800; includeSubDomains
server: CDN77-Turbo
x-77-nzt: AblMCRT9o/j/rMUAAA
x-77-nzt-ray: af585630679a92f415838464bbe88e27
x-accel-expires: @1686657705
x-accel-date: 1686355305
x-cache: HIT
x-age: 50604
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.15.101

471 B

URL
ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
c2c8f698c1fca0fcd2100a6e354131f2
2203285e3bfabd72aea3d7792789014fd597a9bc
e218f51f8541e1252b1f4651cda4f00be201781e91240dec26c6bdffcdb091f7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 14:05:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 07 Jun 2023 11:45:28 GMT
Expires: Wed, 14 Jun 2023 11:45:27 GMT
Etag: "2203285e3bfabd72aea3d7792789014fd597a9bc"
Cache-Control: max-age=338164,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d522b1c3bc2b50b-OSL

green-river-8d21.ciyijo90666618.workers.dev/

188.114.96.1

200 OK

15 kB

URL User Request GET HTTP/2
green-river-8d21.ciyijo90666618.workers.dev/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectciyijo90666618.workers.dev
Fingerprint6A:16:5C:72:BA:8B:7D:E5:9B:19:65:4E:68:2F:49:6F:EB:22:22:D5
ValidityTue, 18 Apr 2023 16:14:15 GMT - Mon, 17 Jul 2023 16:14:14 GMT

File type
HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (15147)
Size
15 kB (15249 bytes)
Hash
6e0d09bafc877124da4a1b771a63c70b
195bdc62d2ace900d367101a10274b3ab93e22dc
30586194f73f498cffa47acd2d2aac9269a733c650195988ce1e5e58242c678d

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
openphish	Yahoo! Inc
phishtank	Yahoo

HTTP Headers

GET / HTTP/1.1
Host: green-river-8d21.ciyijo90666618.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 10 Jun 2023 14:05:09 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H1HiZhs16lw9ostNjIaVqstGRKF6OAOHvj9EfyUQBfY5JQIX6lHEodfiaIkwwu1Uf6l%2BXMJkhgf5ZcBKAmKqzhCmtxlAaOwdrTf19JOTXNE66dWwVkoVGjEpSiWo7GOgGCuXNhO4aIRSl9EMT%2BXqlss%2Bp3Dd5ckn%2B4xUA%2BAv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d522ae3a966b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

green-river-8d21.ciyijo90666618.workers.dev/style.css

188.114.96.1

200 OK

15 kB

URL GET HTTP/3
green-river-8d21.ciyijo90666618.workers.dev/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://green-river-8d21.ciyijo90666618.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectciyijo90666618.workers.dev
Fingerprint6A:16:5C:72:BA:8B:7D:E5:9B:19:65:4E:68:2F:49:6F:EB:22:22:D5
ValidityTue, 18 Apr 2023 16:14:15 GMT - Mon, 17 Jul 2023 16:14:14 GMT

File type
HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (15147)
Size
15 kB (15249 bytes)
Hash
6e0d09bafc877124da4a1b771a63c70b
195bdc62d2ace900d367101a10274b3ab93e22dc
30586194f73f498cffa47acd2d2aac9269a733c650195988ce1e5e58242c678d

Detections

Analyzer	Verdict	Alert
openphish	Yahoo! Inc
phishtank	Yahoo

HTTP Headers

GET /style.css HTTP/1.1
Host: green-river-8d21.ciyijo90666618.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://green-river-8d21.ciyijo90666618.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 Jun 2023 14:05:09 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZAmUJy42kB8VV0oa%2BiOwfhJz0EvS98Wz%2B8DO92jO2hWbmyyrBSrHoRMZj%2FHt7vH1IYuIm2d8tOMMs12A972nYeslwqeJ%2BFsVF%2BDH8%2BIS%2BGPUQT2hN%2FyeyPv2M2HDxav7Vk2eurBcQKZ%2FFEdyCZJNmMUxxNi%2BbVUUnhyz1GSk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d522ae6aeb6b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

api.ipify.org/?format=jsonp&callback=getIP

0.0.0.0

0 B

URL GET
api.ipify.org/?format=jsonp&callback=getIP
IP
0.0.0.0:0
ASN
#0

Requested by
https://green-river-8d21.ciyijo90666618.workers.dev/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?format=jsonp&callback=getIP HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://green-river-8d21.ciyijo90666618.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

green-river-8d21.ciyijo90666618.workers.dev/favicon.ico

188.114.96.1

200 OK

15 kB

URL GET HTTP/3
green-river-8d21.ciyijo90666618.workers.dev/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://green-river-8d21.ciyijo90666618.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectciyijo90666618.workers.dev
Fingerprint6A:16:5C:72:BA:8B:7D:E5:9B:19:65:4E:68:2F:49:6F:EB:22:22:D5
ValidityTue, 18 Apr 2023 16:14:15 GMT - Mon, 17 Jul 2023 16:14:14 GMT

File type
HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (15147)
Size
15 kB (15249 bytes)
Hash
6e0d09bafc877124da4a1b771a63c70b
195bdc62d2ace900d367101a10274b3ab93e22dc
30586194f73f498cffa47acd2d2aac9269a733c650195988ce1e5e58242c678d

Detections

Analyzer	Verdict	Alert
openphish	Yahoo! Inc
phishtank	Yahoo

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: green-river-8d21.ciyijo90666618.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://green-river-8d21.ciyijo90666618.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 10 Jun 2023 14:05:10 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TaWtBwy%2BOKdIRDBOqgx2rehweoiJ3Q6alzxj%2Fzdv%2FPoPykZGM3NStjsd6vUWWCovBJs%2FYhIoguKTyAPpb0T%2FHlxEbnkP8OXkmUnO%2Fmv9bLMWNA70nYzDGIvN4xM8Le2s%2Fk1xX5YW9uHgxkOpihnCXZVfadfN6FCf%2FMAQ6eC2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d522aef1b21b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (6)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

File type