Report - worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico

Report Overview

Submitted URL
worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 16:43:39
Access
public
Website Title
Sign in to your account
Final URL
worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico
Tags
phishing microsoft outlook suspicious
urlquery detections
Phishing - Generic phishing
Phishing - Microsoft Outlook
Suspicious - Suspicious Javascript code

Detections

urlquery
9
Network Intrusion Detection
1
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-24	462 B	28 kB	104.17.24.14
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-25	1.9 kB	129 kB	142.250.74.106
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-04-25	466 B	3.7 kB	151.101.129.229
worker-aged-forest-ef48.mapovev972.workers.dev	unknown	2019-02-08	2023-09-25	2024-03-21	1.0 kB	629 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-25 16:43:12	low	Client IP	188.114.96.1	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico	Office365
2024-04-25	medium	worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico	Office365

PhishTank

Scan Date	Severity	Indicator	Alert
2024-03-21	medium	worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico	Microsoft
2024-03-21	medium	worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico	Microsoft

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	unknown	196 B	2023-10-09	2024-05-03
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-09 02:53:00 Last Seen2024-05-03 19:14:43 Times Seen125 Hash 0ffd4038c8e1d2ba7720db6479cae3dc 88beca99fd868548f7e17b2d9b7087e769864cf5 f647065f9d0124a6bbfef40c6647b878ecf6a3fe9ec50699f0bdb7dba68fa34e Loading...

	cdn.jsdelivr.net/gh/joeymalvinni/webrtc-ip/dist/bundle.dev.js	11 kB	2023-04-07	2024-05-04
Pretty URL cdn.jsdelivr.net/gh/joeymalvinni/webrtc-ip/dist/bundle.dev.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-07 01:50:11 Last Seen2024-05-04 19:43:37 Times Seen374 Hash 9ac467685aa6071436af2154b0d88cf7 dc2c7c9f2e656c7c8bb468f526fc3f456c8742f5 3c685270387cc6b053034b0e934568f4c5f23d5f9f3026bd4368346c46b89c4e Loading...

	ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js	93 kB	2023-03-07	2024-05-04
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-05-04 22:37:10 Times Seen23783 Hash 397754ba49e9e0cf4e7c190da78dda05 ae49e56999d82802727455f0ba83b63acd90a22b c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Loading...

	worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico	565 kB	2024-03-21	2024-04-25
Pretty URL worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-21 16:47:12 Last Seen2024-04-25 18:43:40 Times Seen5 Hash 60a5a042e79635ce1e333cd8d69350b0 c68487e3e539956ebee01df315bee362b9b6e4aa ef02313e36c709dcd2b187db2f78c568f8e68d554d631a79a350546bc054e93b Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js	87 kB	2023-03-07	2024-05-04
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-04 23:47:40 Times Seen64610 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js	86 kB	2023-03-07	2024-05-04
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-04 22:51:29 Times Seen388437 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-04
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-04 23:44:57 Times Seen141431 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	unknown	2.8 kB	2024-03-03	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-03 08:44:54 Last Seen2024-04-25 18:43:40 Times Seen7 Hash 2b2daead7d12e4c10c50fa91832e6c50 d20e8ee268da40ac0f900f5158cb10279a676c63 592460db8fda2934953017cac9d8c00d6f6bcaf2a93bd23c153277f7fb762df2 Loading...

		Size	First Seen	Last Seen
	#1 Write - bdcdffd19bb68548acb3a427630f772d	527 kB	2024-03-21	2024-04-25
Pretty Observations First Seen2024-03-21 16:47:13 Last Seen2024-04-25 18:43:40 Times Seen5 Hash bdcdffd19bb68548acb3a427630f772d be40509820c034dc89190798a0de6433da0c72da 7dceecbddd6c9e7ac53ef3cc50423fe07f2457bbda1def29c3af408b065e70e9 Loading...

HTTP Transactions (8)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js

104.17.24.14

200 OK

27 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
27 kB (26909 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-aged-forest-ef48.mapovev972.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:43:12 GMT
content-type: application/javascript; charset=utf-8
content-length: 26909
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14e4a"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 69687
expires: Tue, 15 Apr 2025 16:43:12 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KgCl5HhBqdg8MiS8f8hwSKzRZP3ajJxN2Gw36%2BXBzGHmsIVj4TtoRrLx3UVaeNeNlTVjdn90vtCL6KL2HzBXVVNyW1g5ddHI1zEW8Jxic%2FHXBLJrm8iqo2KLL7DhfeKckfltQEoy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 879fca6d1bf87130-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

142.250.74.106

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
30 kB (30306 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-aged-forest-ef48.mapovev972.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:46:15 GMT
expires: Fri, 18 Apr 2025 17:46:15 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 601017
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

142.250.74.106

200 OK

33 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (32089)
Size
33 kB (33018 bytes)
Hash
397754ba49e9e0cf4e7c190da78dda05
ae49e56999d82802727455f0ba83b63acd90a22b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

HTTP Headers

GET /ajax/libs/jquery/1.9.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-aged-forest-ef48.mapovev972.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33018
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 02:40:10 GMT
expires: Fri, 25 Apr 2025 02:40:10 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 50582
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

142.250.74.106

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-aged-forest-ef48.mapovev972.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 09:56:44 GMT
expires: Wed, 23 Apr 2025 09:56:44 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 197188
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/gh/joeymalvinni/webrtc-ip/dist/bundle.dev.js

151.101.129.229

200 OK

3.0 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/joeymalvinni/webrtc-ip/dist/bundle.dev.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1107)
Size
3.0 kB (2966 bytes)
Hash
b5a599cbf2301155f7b0cd9774cf2186
713ac82967e54ed244afb05ee0f4ec2d1c38cc96
e532094e51493a4b86e1893bcebfd2b9527383d79b6bc413a1b7c85959dc3390

HTTP Headers

GET /gh/joeymalvinni/webrtc-ip/dist/bundle.dev.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-aged-forest-ef48.mapovev972.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.5.4
x-jsd-version-type: version
etag: W/"2b53-cTrIKWflTtJEr7Be4PTsLRw4zJY"
content-encoding: br
accept-ranges: bytes
age: 26223
date: Thu, 25 Apr 2024 16:43:12 GMT
x-served-by: cache-fra-eddf8230068-FRA, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2966
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

142.250.74.106

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
30 kB (30306 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /ajax/libs/jquery/3.2.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-aged-forest-ef48.mapovev972.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30306
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 17:46:15 GMT
expires: Fri, 18 Apr 2025 17:46:15 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 601018
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico

188.114.96.1

200 OK

311 kB

URL User Request GET HTTP/2
worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectmapovev972.workers.dev
FingerprintBE:23:1E:04:4B:24:D7:C9:AD:FB:29:DD:B1:4D:E4:3A:7C:4F:9F:67
ValidityWed, 20 Mar 2024 16:30:16 GMT - Tue, 18 Jun 2024 16:30:15 GMT

File type
HTML document, ASCII text, with very long lines (65452)
Size
311 kB (310653 bytes)
Hash
87efb749a56ce46b7a2793db5d57ae03
abd32e8c7990ef1789782dc43c768074220db633
73d21c22ade94503c09cecad00a6ae4e238a1edb100f88566dd2ce2dac07d4a8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365
PhishTank	phishing	Microsoft

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: worker-aged-forest-ef48.mapovev972.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 16:43:13 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AQizwAgTPvyW7xw%2FYzsJJ6OG870Un6kxcS98sNrIJpAU8BlkkZUp4RwtlHg59Z3q%2FgsrR1xa%2FZ46b8U%2FiEB7uGpw0OpxvdRBfuKqs2uxgdKYBCZhXJRWsjdyGeKIX8DM%2FOpdGgU54zungkWwfJ5CP0PzOXi3wBXnCSgVQMSHrwgN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fca6fdb55568b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico

188.114.96.1

200 OK

317 kB

URL User Request GET HTTP/2
worker-aged-forest-ef48.mapovev972.workers.dev/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectmapovev972.workers.dev
FingerprintBE:23:1E:04:4B:24:D7:C9:AD:FB:29:DD:B1:4D:E4:3A:7C:4F:9F:67
ValidityWed, 20 Mar 2024 16:30:16 GMT - Tue, 18 Jun 2024 16:30:15 GMT

File type
HTML document, ASCII text, with very long lines (65452)
Size
317 kB (317312 bytes)
Hash
87efb749a56ce46b7a2793db5d57ae03
abd32e8c7990ef1789782dc43c768074220db633
73d21c22ade94503c09cecad00a6ae4e238a1edb100f88566dd2ce2dac07d4a8

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365
PhishTank	phishing	Microsoft

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: worker-aged-forest-ef48.mapovev972.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:43:12 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MM02g4UFZqiXtG2mG3uoh3FRjkIxdp%2FFuIdU%2BINdHkTHfqEIHB1i%2BEEF5sA5AaPrNLyXhTjgrxFium7IaZ%2B4C9mHKPRSXS%2Brf6X6tvl7RW4aeJXqYCHzDu9s4ASBj0wUKXyZ%2FeYj%2BkSRYNr458%2FoA7IHTmztBHTwvhqJ0OTXKIPy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fca6a794b7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (8)

URL GET HTTP/2