Report - plain-bird-e576.hepseromle5377.workers.dev/

Report Overview

Visited public
2024-01-26 03:29:09
Tags
yahoo phishing suspicious
URL
plain-bird-e576.hepseromle5377.workers.dev/
Finishing URL
plain-bird-e576.hepseromle5377.workers.dev/
IP / ASN
172.67.174.70
#13335 CLOUDFLARENET
Title
Yahoo
Phishing - Yahoo
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
api.ipify.org	3267	2014-01-05	2014-10-06 14:38:43	2024-01-25 05:11:45	443 B	201 B	104.237.62.211
plain-bird-e576.hepseromle5377.workers.dev	unknown	2019-02-08	2023-04-27 11:48:13	2024-01-26 02:07:58	1.4 kB	47 kB	104.21.96.74
img.icons8.com	28959	2011-10-04	2017-05-26 11:10:54	2024-01-25 09:59:05	468 B	2.1 kB	185.76.9.23

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-01-25	medium	plain-bird-e576.hepseromle5377.workers.dev/	Yahoo! Inc
2024-01-25	medium	plain-bird-e576.hepseromle5377.workers.dev/	Yahoo! Inc
2024-01-25	medium	plain-bird-e576.hepseromle5377.workers.dev/	Yahoo! Inc

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	340 B	2023-04-13	2024-11-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-13 19:02 Last Seen2024-11-05 12:22 Times Seen394 Hash b7eeb7d32fb172dbcf7f50ebe3007f3f 5203017922c15e16ab2636b2a9e7350900c863be 18f302bae700288a5b02266eab4c97f67b81601765a2ddb57182e1fd1b16bd30 Loading...

	api.ipify.org/?format=jsonp&callback=getIP	ScriptElement	29 B	2023-03-07	2025-05-03
Pretty URL api.ipify.org/?format=jsonp&callback=getIP IP 104.237.62.211 ASN #18450 WEBNX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16 Last Seen2025-05-03 00:54 Times Seen14287 Hash 90a39389063c7c5716745c3b3bb4fba1 a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69 Loading...

	unknown	ScriptElement	1.4 kB	2023-06-01	2024-09-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-01 13:22 Last Seen2024-09-19 21:02 Times Seen18 Hash e3f76e644bf925530872e1119f3ad55a 0e124e4bb74d325ac30a341db4744222f7728d25 143175d94f3c6588cd91948660209efbe33f8f0251e03a9f281204a8315155c5 Loading...

	plain-bird-e576.hepseromle5377.workers.dev/	ScriptElement	15 kB	2023-06-01	2024-09-19
Pretty URL plain-bird-e576.hepseromle5377.workers.dev/ IP 104.21.96.74 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-01 13:22 Last Seen2024-09-19 21:02 Times Seen18 Hash 1d91a7ac5f7b91e86602efe48b407477 8843b7d0f934125f0a5b7f443dc13e32ea832183 79c83c61b8575856082e45315e5c36c0cffc14dcd0b496b4d13dcf1c3c0cea6a Loading...

		Size	First Seen	Last Seen
	#1 Write - 475ae7c99103bc5fc1640020086eb77d	10 kB	2023-06-01 13:22	2024-09-19 21:02
Pretty Observations First Seen2023-06-01 13:22 Last Seen2024-09-19 21:02 Times Seen18 Hash 475ae7c99103bc5fc1640020086eb77d 68df724a64bb42c1cfc0ca14a5c3974c85be0963 8f072190ea2606cc453edcee20f404267be5e084022b288b2e79e3e8b8502b01 Loading...

HTTP Transactions (5)

URL IP Response Size

img.icons8.com/color/50/000000/google-logo.png

185.76.9.23

200 OK

1.3 kB

URL GET HTTP/2
img.icons8.com/color/50/000000/google-logo.png
IP
185.76.9.23:443
ASN
#60068 Datacamp Limited

Requested by
https://plain-bird-e576.hepseromle5377.workers.dev/
Certificate
IssuerLet's Encrypt
Subject1004834818.rsc.cdn77.org
FingerprintCC:93:2A:9F:0B:75:A6:C2:3A:C3:3C:C3:2B:B7:F0:F6:32:E8:A6:90
ValiditySun, 26 Nov 2023 10:59:10 GMT - Sat, 24 Feb 2024 10:59:09 GMT

File type
PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Size
1.3 kB (1335 bytes)
Hash
45717104c188f613553aa17f989bd3ec
9160dfe7f936a53a76f1a5135212d7d6f07993ba
1a120e58f75551ccd9d96cdb3c285008a750de5c4eb18b66f2b036a588031955

HTTP Headers

GET /color/50/000000/google-logo.png HTTP/1.1
Host: img.icons8.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://plain-bird-e576.hepseromle5377.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Jan 2024 03:28:44 GMT
content-type: image/png
content-length: 1335
vary: Origin
access-control-allow-origin: *
icon-id: 17949
icon-size: 50
icon-format: png
last-modified: Sun, 07 Jan 2024 10:03:45
version: 0.0.29
from-mongo-cache: true
from-redis-cache: false
not-found-platform: false
cache-control: public, max-age=302400
strict-transport-security: max-age=15724800; includeSubDomains
x-77-nzt: EwwBuUwJFAH3fnIDAAwBuUwKAQH3nwMAAAwB1GY4AQH30gIAAA
x-77-nzt-ray: af5856302a6062e5ec26b365c4f78831
x-accel-expires: @1706315966
x-accel-date: 1706013806
x-77-cache: HIT
x-77-age: 227567
server: CDN77-Turbo
x-cache-lb: HIT, HIT
x-age-lb: 927, 225918
x-77-pop: stockholmSE
accept-ranges: bytes
X-Firefox-Spdy: h2

api.ipify.org/?format=jsonp&callback=getIP

104.237.62.211

200 OK

29 B

URL GET HTTP/1.1
api.ipify.org/?format=jsonp&callback=getIP
IP
104.237.62.211:443
ASN
#18450 WEBNX

Requested by
https://plain-bird-e576.hepseromle5377.workers.dev/
Certificate
IssuerSectigo Limited
Subject*.ipify.org
FingerprintF4:76:2D:2C:65:D1:15:BE:19:A4:C5:E0:8D:EB:89:1A:B6:75:4A:54
ValidityTue, 07 Feb 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
90a39389063c7c5716745c3b3bb4fba1
a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f
eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69

HTTP Headers

GET /?format=jsonp&callback=getIP HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://plain-bird-e576.hepseromle5377.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.2
Date: Fri, 26 Jan 2024 03:28:45 GMT
Content-Type: application/javascript
Content-Length: 29
Connection: keep-alive
Vary: Origin

plain-bird-e576.hepseromle5377.workers.dev/favicon.ico

104.21.96.74

200 OK

15 kB

URL GET HTTP/3
plain-bird-e576.hepseromle5377.workers.dev/favicon.ico
IP
104.21.96.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://plain-bird-e576.hepseromle5377.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecthepseromle5377.workers.dev
FingerprintE5:28:29:24:10:BE:45:C6:DC:C6:A2:F3:B0:75:47:F1:7D:CD:64:F0
ValidityTue, 19 Dec 2023 13:34:42 GMT - Mon, 18 Mar 2024 13:34:41 GMT

File type
HTML document, ASCII text, with very long lines (15148)
Size
15 kB (15207 bytes)
Hash
cc3e592a8c6c77ea489643eacbcc6197
7b3e6883ccfbec8f7a72afff31a2c9892c52b0fd
ac2e345b8c780184d3f54bb05d84072c448b522c7ea68da85320a1f895e7ac12

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Yahoo
OpenPhish	phishing	Yahoo! Inc

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: plain-bird-e576.hepseromle5377.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://plain-bird-e576.hepseromle5377.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 03:28:45 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5poZZEWG0eMZn81S3j2BUGY7d1GcF0k7fs2tM4G7Uu60SOP3PKcYgqHS5zPHDle3EeMxQP66dF251JKormlqCuzgRTXUUPuqFUwUSVsZAGHYqb%2Fl0VD1i2L%2FesryweW83wA9SMIOEqbFDT04X3dkBXPVCayqb6pv6sPaa6I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84b5aaea7a1d56b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

plain-bird-e576.hepseromle5377.workers.dev/

104.21.96.74

200 OK

15 kB

URL User Request GET HTTP/2
plain-bird-e576.hepseromle5377.workers.dev/
IP
104.21.96.74:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecthepseromle5377.workers.dev
FingerprintE5:28:29:24:10:BE:45:C6:DC:C6:A2:F3:B0:75:47:F1:7D:CD:64:F0
ValidityTue, 19 Dec 2023 13:34:42 GMT - Mon, 18 Mar 2024 13:34:41 GMT

File type
HTML document, ASCII text, with very long lines (15148)
Size
15 kB (15207 bytes)
Hash
cc3e592a8c6c77ea489643eacbcc6197
7b3e6883ccfbec8f7a72afff31a2c9892c52b0fd
ac2e345b8c780184d3f54bb05d84072c448b522c7ea68da85320a1f895e7ac12

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Yahoo
urlquery	suspicious	Suspicious - Suspicious Javascript code
OpenPhish	phishing	Yahoo! Inc

HTTP Headers

GET / HTTP/1.1
Host: plain-bird-e576.hepseromle5377.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Jan 2024 03:28:44 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p437hahYnO1d7GdIiem2%2Fp2IKlGM4hjSqzHoHijAhqNCoPj2%2BvqaIKZseYm%2FEFbC8EZH4RZFxVC%2FMwVgnbRX38AU1ChMyuU0HUhA38giE%2FwCMo3dJeJ%2FFvJ9gCsVpki62R8nkiJ7Z6lpr1nUtxHRAqRIMSP%2FbG6EzfIKbrg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84b5aae5abb65699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

plain-bird-e576.hepseromle5377.workers.dev/style.css

104.21.96.74

200 OK

15 kB

URL GET HTTP/3
plain-bird-e576.hepseromle5377.workers.dev/style.css
IP
104.21.96.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://plain-bird-e576.hepseromle5377.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjecthepseromle5377.workers.dev
FingerprintE5:28:29:24:10:BE:45:C6:DC:C6:A2:F3:B0:75:47:F1:7D:CD:64:F0
ValidityTue, 19 Dec 2023 13:34:42 GMT - Mon, 18 Mar 2024 13:34:41 GMT

File type
HTML document, ASCII text, with very long lines (15148)
Size
15 kB (15207 bytes)
Hash
cc3e592a8c6c77ea489643eacbcc6197
7b3e6883ccfbec8f7a72afff31a2c9892c52b0fd
ac2e345b8c780184d3f54bb05d84072c448b522c7ea68da85320a1f895e7ac12

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Yahoo
OpenPhish	phishing	Yahoo! Inc

HTTP Headers

GET /style.css HTTP/1.1
Host: plain-bird-e576.hepseromle5377.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://plain-bird-e576.hepseromle5377.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Jan 2024 03:28:44 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=77AqdEdM0Ey8KvoDyPWjh%2FWmUZ8E0Cy47%2FUytUqoHCCeZFajXelOAmzoMP%2BukYnQ%2B5kC9EVXqcL4pJcMJqwodoF1sNgooHM5GRWqEhxxl3yKcbuWe%2BgYp3ZdtOO%2BcqF%2Br7jXMqlRAG1xD%2FmLGW86tr7nmOXoYjtjdeKeNzU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 84b5aae7788156b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (5)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate