Report - logn-currently.ezu2.workers.dev/

Report Overview

Submitted URL
logn-currently.ezu2.workers.dev/
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2023-06-02 00:41:27
Access
public
Website Title
Final URL
Tags
suspicious
urlquery detections
Suspicious - JavaScript obfusction
Suspicious - Suspicious Javascript code

Detections

urlquery
8
Network Intrusion Detection
2
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.sectigo.com	487	2018-08-16	2019-11-29	2023-06-02	330 B	963 B	104.18.15.101
api.ipify.org	3267	2014-01-05	2014-10-06	2023-06-01	434 B	173 B	173.231.16.76
s.yimg.com	375	1997-05-14	2012-05-21	2023-06-01	3.6 kB	109 kB	188.125.94.204
dl.dropboxusercontent.com	12831	2012-01-13	2019-02-11	2019-03-28	464 B	182 kB	162.125.71.15
logn-currently.ezu2.workers.dev	unknown	unknown	2023-02-05	2023-04-10	490 B	110 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-02 00:41:10	low	Client IP	162.125.71.15	ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
2023-06-02 00:41:10	low	162.125.71.15	Client IP	ET INFO DropBox User Content Download Access over SSL M2

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-06-01	medium	logn-currently.ezu2.workers.dev/

PhishTank

Scan Date	Severity	Indicator	Alert
2023-04-10	medium	logn-currently.ezu2.workers.dev/

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	logn-currently.ezu2.workers.dev/	110 kB	2023-03-07	2023-06-26
Pretty URL logn-currently.ezu2.workers.dev/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 15:05:44 Last Seen2023-06-26 03:05:21 Times Seen18 Hash 6cfa8f1a37317698502e99a582d689c8 b544983a5426e4799a9fa28afdd79c67430ab1d8 fd15b8d3c6f3ede614b9ed4725c2651a9e4a1654f41863068d4cd6fb49681d36 Loading...

	unknown	36 kB	2023-04-10	2024-03-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-10 08:04:11 Last Seen2024-03-26 19:09:28 Times Seen49 Hash 03fb5ab58cacf0542b1db05bd57de2f9 8aac39a10e11ec10a46726953f6975c1b47ec1ed eba9f3871c0b8436b760230550c1d72f3c77c39b93ebed613ebfadc373e9c122 Loading...

	unknown	701 B	2023-04-12	2024-04-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 08:53:48 Last Seen2024-04-21 17:58:03 Times Seen86 Hash b4106bc59a481018c230effdc8387d64 7abfa46721b3c260249deb72331bbd1b69b5a6e3 081574a4cb69e25b4a2a50c63c3d978e3cefd1a7aa7a63a68589fa10bd989d0e Loading...

	unknown	247 B	2023-04-12	2024-04-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 08:53:48 Last Seen2024-04-21 17:58:03 Times Seen91 Hash e9776b46564f34762ebffa07e8b24ecf 5bd8a74d269ceec8f636db42f6a25b92435a6f7d 90bb95034b31c35b932bbd000ecc34eb7a69d0aecd6a3ecd19cb9f8120dcd492 Loading...

	api.ipify.org/?format=jsonp&callback=getIP	29 B	2023-03-07	2024-04-25
Pretty URL api.ipify.org/?format=jsonp&callback=getIP IP 173.231.16.76 ASN #18450 WEBNX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:09 Last Seen2024-04-25 08:49:26 Times Seen16455 Hash 90a39389063c7c5716745c3b3bb4fba1 a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69 Loading...

	unknown	776 B	2023-04-12	2024-03-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 08:53:48 Last Seen2024-03-26 19:09:28 Times Seen43 Hash cbbd9fcd2351480a0393ed0bac43c6a8 6186e5e91d4d087a048ee82dac17aa1035a3755a 8f9ea7e42db0463cebe5230ff1a92470e685684965e9a516d7adcfa0a0a6610a Loading...

		Size	First Seen	Last Seen
	#1 Write - dd4e99129956ba34b2f39a38aae10f4e	12 kB	2023-03-07	2024-03-26
Pretty Observations First Seen2023-03-07 15:05:44 Last Seen2024-03-26 19:09:28 Times Seen68 Hash dd4e99129956ba34b2f39a38aae10f4e 9bc13c2022ab0e5a7146a93efe2bf6daaefd41ab e74278d845406c090d5990967a1a39640ab11ec6965102f2617d038cad94b851 Loading...

	#2 Write - c224f17186b136891f711f7f095e55c3	36 kB	2023-03-07	2024-03-26
Pretty Observations First Seen2023-03-07 15:05:44 Last Seen2024-03-26 19:09:28 Times Seen58 Hash c224f17186b136891f711f7f095e55c3 f13cfd6b146dbd06d021ffcc50ef0e4d29cb75ec 890c6f4472c1d7726fe18fec5143224965d7b8d48806f6970a78f5cc8c91e2fe Loading...

HTTP Transactions (11)

URL IP Response Size

ocsp.sectigo.com/

104.18.15.101

471 B

URL
ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
600395865e675f8c110fc907aa7aaef2
d3d7fcd0fb2f11ba8c952b2526cd1210346772b5
3c84bb9728758b5a324237b605e50d170545bd71328a70eea391527de72392b2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Jun 2023 00:41:10 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 31 May 2023 11:45:34 GMT
Expires: Wed, 07 Jun 2023 11:45:33 GMT
Etag: "d3d7fcd0fb2f11ba8c952b2526cd1210346772b5"
Cache-Control: max-age=472314,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d0ba631dfffb512-OSL

api.ipify.org/?format=jsonp&callback=getIP

173.231.16.76

200 OK

29 B

URL GET HTTP/2
api.ipify.org/?format=jsonp&callback=getIP
IP
173.231.16.76:443
ASN
#18450 WEBNX

Requested by
https://logn-currently.ezu2.workers.dev/
Certificate
IssuerSectigo Limited
Subject*.ipify.org
FingerprintF4:76:2D:2C:65:D1:15:BE:19:A4:C5:E0:8D:EB:89:1A:B6:75:4A:54
ValidityTue, 07 Feb 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
90a39389063c7c5716745c3b3bb4fba1
a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f
eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69

HTTP Headers

GET /?format=jsonp&callback=getIP HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://logn-currently.ezu2.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Fri, 02 Jun 2023 00:41:10 GMT
vary: Origin
content-length: 29
X-Firefox-Spdy: h2

s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Medium.woff2

188.125.94.204

200 OK

29 kB

URL GET HTTP/2
s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Medium.woff2
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://logn-currently.ezu2.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
FingerprintC0:4A:61:1C:48:51:BB:C4:D5:75:88:D6:2F:7A:BE:2C:56:1E:7B:80
ValidityMon, 22 May 2023 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 29228, version 1.0\012- data
Size
29 kB (29228 bytes)
Hash
7c7c02dcee2bf1c2528db6092d4ad1fa
988a01f705c074261490625c70f94b2642413693
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4

HTTP Headers

GET /cv/ae/sports/fonts/2017/Yahoo_Sans-Medium.woff2 HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://logn-currently.ezu2.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: uiaFtioycWrr4a5UnHBQt59hK7VXpiyt8jXti97B7B4kGrfmGMe2zexahXDyZ4YHLIQctbYl7vw=
x-amz-request-id: JSRGRFEFFTNHRW18
date: Mon, 01 May 2023 21:30:23 GMT
last-modified: Thu, 19 Apr 2018 16:25:50 GMT
etag: "7c7c02dcee2bf1c2528db6092d4ad1fa"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000,public
x-amz-meta-created-date: Tue, 03 Oct 2017 06:22:52 GMT
x-amz-meta-mbst-etag: "YM:1:1bb49599-26ac-442e-b6b8-f4e40f067ea500055a9e855b6ecb"
x-amz-meta-x-ysws-mbst-vtime: 1507011772247755
expires: Sat, 05 Sep 2026 00:00:00 GMT
x-amz-meta-x-ysws-access: public
accept-ranges: bytes
content-type: font/woff2
server: ATS
content-length: 29228
referrer-policy: no-referrer-when-downgrade
age: 2689850
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
access-control-allow-origin: *
vary: Origin
X-Firefox-Spdy: h2

s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Regular.woff2

188.125.94.204

200 OK

29 kB

URL GET HTTP/2
s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Regular.woff2
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://logn-currently.ezu2.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
FingerprintC0:4A:61:1C:48:51:BB:C4:D5:75:88:D6:2F:7A:BE:2C:56:1E:7B:80
ValidityMon, 22 May 2023 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28860, version 1.0\012- data
Size
29 kB (28860 bytes)
Hash
a99b283070afc519f4816e4300c515d2
65b78d03d56de125060e61069debfc47e38fb3df
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560

HTTP Headers

GET /cv/ae/sports/fonts/2017/Yahoo_Sans-Regular.woff2 HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://logn-currently.ezu2.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: ixsJqO6CSNWLbeAalnWGzfCy8RLBQKtTQzPkBwFqCm10dGByhXy56TVsqwTCHd8JTYo1LCDEFsY=
x-amz-request-id: FFAYQ1SFKF8B7RM1
date: Mon, 01 May 2023 21:23:22 GMT
last-modified: Thu, 19 Apr 2018 19:06:41 GMT
etag: "a99b283070afc519f4816e4300c515d2"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000,public
x-amz-meta-created-date: Tue, 03 Oct 2017 06:22:51 GMT
x-amz-meta-mbst-etag: "YM:1:cb5e4811-e042-455c-b2b2-f984d5f70e0200055a9e8550b736"
x-amz-meta-x-ysws-mbst-vtime: 1507011771545398
expires: Sat, 05 Sep 2026 00:00:00 GMT
x-amz-meta-x-ysws-access: public
accept-ranges: bytes
content-type: font/woff2
server: ATS
content-length: 28860
referrer-policy: no-referrer-when-downgrade
age: 2690270
access-control-allow-origin: *
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: Origin
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/yntjno1t8hokj3k/yahoo-main.css

162.125.71.15

200 OK

180 kB

URL GET HTTP/2
dl.dropboxusercontent.com/s/yntjno1t8hokj3k/yahoo-main.css
IP
162.125.71.15:443
ASN
#19679 DROPBOX

Requested by
https://logn-currently.ezu2.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectdl.dropbox.com
FingerprintF7:BA:5F:D1:73:A5:04:E6:AC:52:C4:92:6F:20:23:8D:FD:B3:3F:D0
ValidityTue, 14 Feb 2023 00:00:00 GMT - Sat, 16 Mar 2024 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
180 kB (180446 bytes)
Hash
aa8ab30ae794fab1db3627d2ae78789e
5c0d1b7b367beeb2edcc3bfb0e069220cddb785e
ba4f4914436e6ba4267f774d6197cf6091a792dab2e416f069e68258037c1955

HTTP Headers

GET /s/yntjno1t8hokj3k/yahoo-main.css HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://logn-currently.ezu2.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="yahoo-main.css"; filename*=UTF-8''yahoo-main.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=JjXXHvbUsJkZdL7NgRAIIRtktNkUOhjA0B7S69fdhIVDozVjLBWO71sbEa2tCjbh; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 333
content-type: text/css; charset=utf-8
date: Fri, 02 Jun 2023 00:41:10 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 781b152fb0d541b2b93a94b54614948a
X-Firefox-Spdy: h2

s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png

188.125.94.204

200 OK

1.3 kB

URL GET HTTP/2
s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://logn-currently.ezu2.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
FingerprintC0:4A:61:1C:48:51:BB:C4:D5:75:88:D6:2F:7A:BE:2C:56:1E:7B:80
ValidityMon, 22 May 2023 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
PNG image data, 240 x 72, 8-bit colormap, non-interlaced\012- data
Size
1.3 kB (1346 bytes)
Hash
cd166981c96c6d0f4b5a7d798c25878e
09031c4013138bb8bd54ab9092ac59aa47d7c60c
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338

HTTP Headers

GET /rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://logn-currently.ezu2.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: muLraV1S2BGzNuFYE1eJHuniruBbTd1KKMtSLee52/pPGT/lzkhK9oUgXrRya1P1nsUGwZl6W4w=
x-amz-request-id: 2PDF473NGG694RR3
date: Thu, 01 Jun 2023 18:50:36 GMT
last-modified: Wed, 31 May 2023 21:32:43 GMT
x-amz-server-side-encryption: AES256
cache-control: public,max-age=86400
accept-ranges: bytes
content-type: image/png
server: ATS
content-length: 1346
referrer-policy: no-referrer-when-downgrade
vary: Origin
etag: "cd166981c96c6d0f4b5a7d798c25878e"
expires: Thu, 01 Jun 2023 23:00:00 GMT
age: 21036
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

s.yimg.com/wm/mbr/images/checkbox-checked.svg

188.125.94.204

200 OK

659 B

URL GET HTTP/2
s.yimg.com/wm/mbr/images/checkbox-checked.svg
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://logn-currently.ezu2.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
FingerprintC0:4A:61:1C:48:51:BB:C4:D5:75:88:D6:2F:7A:BE:2C:56:1E:7B:80
ValidityMon, 22 May 2023 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (503)
Size
659 B (659 bytes)
Hash
ac8c4fbeda6efad9549cb41b992a8b3a
46f532f081af894297bce53a7d212e2d253a60bf
11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59

HTTP Headers

GET /wm/mbr/images/checkbox-checked.svg HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: 3m1/yEZ/MRxsF/fnZUBGnJJ2aDdipzGrcgqKyW2yGMjPEl7dzIlT7Q7Z3ugsGhOF/g8dhO79d5Ny/+LB50zRvHlTqrceqbPTXJq3ZINKEqA=
x-amz-request-id: 6XN3YJYPDMVXVQX1
date: Sat, 27 May 2023 11:14:39 GMT
last-modified: Fri, 24 Apr 2020 17:13:52 GMT
etag: "ac8c4fbeda6efad9549cb41b992a8b3a-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: image/svg+xml
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
age: 480394
content-encoding: gzip
content-length: 659
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

s.yimg.com/wm/mbr/images/yahoo-apple-touch-v0.0.2.png

188.125.94.204

200 OK

13 kB

URL GET HTTP/2
s.yimg.com/wm/mbr/images/yahoo-apple-touch-v0.0.2.png
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://logn-currently.ezu2.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
FingerprintC0:4A:61:1C:48:51:BB:C4:D5:75:88:D6:2F:7A:BE:2C:56:1E:7B:80
ValidityMon, 22 May 2023 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGB, interlaced\012- data
Size
13 kB (12635 bytes)
Hash
a9d2dde886cd61f73365a84878c78475
6f1f1f7414116c4b01f04ee0a07b41202c2da539
b168c836ccef9cf1cbf7b2440bc11d26667c4ae19613f1e7cf5e6cdc303c7de4

HTTP Headers

GET /wm/mbr/images/yahoo-apple-touch-v0.0.2.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://logn-currently.ezu2.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: chXITddwCcaZPUlRge2aw1vBoWKEl4Yz+SyKkL2mBaZvuZ4gPLHKz29LQpIAktw1y7HG0T7EjdA=
x-amz-request-id: S64F9B0Z5N2H52SG
date: Tue, 30 May 2023 03:39:08 GMT
last-modified: Thu, 12 Sep 2019 21:58:38 GMT
etag: "a9d2dde886cd61f73365a84878c78475"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: image/png
server: ATS
content-length: 12635
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 248524
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

s.yimg.com/wm/mbr/images/yahoo-favicon-img-v0.0.2.ico

188.125.94.204

200 OK

1.4 kB

URL GET HTTP/2
s.yimg.com/wm/mbr/images/yahoo-favicon-img-v0.0.2.ico
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://logn-currently.ezu2.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
FingerprintC0:4A:61:1C:48:51:BB:C4:D5:75:88:D6:2F:7A:BE:2C:56:1E:7B:80
ValidityMon, 22 May 2023 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel\012- data
Size
1.4 kB (1406 bytes)
Hash
b6814ae5582d7953821acbd76e977bb4
75a33fc706c2c6ba233e76c17337e466949f403c
4a491acd00880c407a2b749619003716c87e9c25ac344e5934c13e8f9aa0e8b3

HTTP Headers

GET /wm/mbr/images/yahoo-favicon-img-v0.0.2.ico HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://logn-currently.ezu2.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: Ba1DVsdEftWAUuXCIvwQRDhulS4Wh2wT7PaXYrR306o90zmzdlN5t2d87W+BOHjJhD1pMQtNvow=
x-amz-request-id: PE6KESYK3W5VBQKQ
date: Thu, 01 Jun 2023 18:19:48 GMT
last-modified: Wed, 11 Sep 2019 18:01:04 GMT
etag: "b6814ae5582d7953821acbd76e977bb4"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: image/vnd.microsoft.icon
server: ATS
content-length: 1406
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 22884
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

logn-currently.ezu2.workers.dev/

188.114.96.1

200 OK

110 kB

URL User Request GET HTTP/2
logn-currently.ezu2.workers.dev/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject*.ezu2.workers.dev
FingerprintCD:1F:39:1B:27:90:D3:3C:EB:59:03:BC:D1:BD:91:E0:9E:16:B2:02
ValidityWed, 05 Apr 2023 16:31:23 GMT - Tue, 04 Jul 2023 16:31:22 GMT

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (65520)
Size
110 kB (109733 bytes)
Hash
b0465e3d5129e2e41235e65dd8371fab
78d9c71a0596f72a8666c494ec4909cdbd2549d6
ac2e825c24d7d98c833a6560b4dabc71c9f88cfcf9779dd9296eb96e0f6be381

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - JavaScript obfusction
openphish	Yahoo! Inc
phishtank	Other

HTTP Headers

GET / HTTP/1.1
Host: logn-currently.ezu2.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 02 Jun 2023 00:41:09 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x6zUlXMXxHs%2FssBTROLfbjqG28v97pHzVCFsd6lpiLpys24n0vqp%2BWe7a94ADKbnZkGnUoWD9tWF9WrTMV%2FWtSflLUJSVlzFXndI11IdRMr%2BClSJqlNjFJ%2FpSJM9O3BamVXb8p%2FbsJ7iSVVhzoEI4vyQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0ba62c3ebcb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Semibold.woff2

188.125.94.204

200 OK

29 kB

URL GET HTTP/2
s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Semibold.woff2
IP
188.125.94.204:443
ASN
#10310 YAHOO-1

Requested by
https://logn-currently.ezu2.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.api.fantasysports.yahoo.com
FingerprintC0:4A:61:1C:48:51:BB:C4:D5:75:88:D6:2F:7A:BE:2C:56:1E:7B:80
ValidityMon, 22 May 2023 00:00:00 GMT - Wed, 12 Jul 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 29040, version 1.0\012- data
Size
29 kB (29040 bytes)
Hash
af9fdad7698452697b016850fff96423
710130c79bf56297f8abcc6d6c575172590133b0
b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa

HTTP Headers

GET /cv/ae/sports/fonts/2017/Yahoo_Sans-Semibold.woff2 HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://logn-currently.ezu2.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: jVk4S27pbfSBE47hrje5XsTg4WBqKstqyJKhE7XVJ7uBpRDSkreUsKnQwvtIwTSzSRd+HCwPY90=
x-amz-request-id: 0GPT729QG1G9RT4W
date: Wed, 31 May 2023 19:41:45 GMT
last-modified: Thu, 19 Apr 2018 17:33:29 GMT
etag: "af9fdad7698452697b016850fff96423"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000,public
x-amz-meta-created-date: Tue, 03 Oct 2017 06:22:51 GMT
x-amz-meta-mbst-etag: "YM:1:95620d49-21c2-4044-b803-58b70c8e419700055a9e854fb9f1"
x-amz-meta-x-ysws-mbst-vtime: 1507011771480561
expires: Sat, 05 Sep 2026 00:00:00 GMT
x-amz-meta-x-ysws-access: public
accept-ranges: bytes
content-type: font/woff2
server: ATS
content-length: 29040
referrer-policy: no-referrer-when-downgrade
age: 104367
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
access-control-allow-origin: *
vary: Origin
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (11)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN