Report - keep1.nio3409197357.workers.dev/

Report Overview

Visitedpublic

2025-07-22 04:56:19

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2025-07-16	829 B	99 kB	104.18.94.41
keep1.nio3409197357.workers.dev	unknown	2019-02-08	2025-07-22	2025-07-22	1.8 kB	36 kB	104.21.64.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-07-22 04:55:43	low	Client IP	104.21.64.1	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-07-21	medium	keep1.nio3409197357.workers.dev/	WeChat

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	keep1.nio3409197357.workers.dev/	ScriptElement	210 B	2023-03-07	2025-08-02
URL keep1.nio3409197357.workers.dev/ IP / ASN 104.21.64.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 161841 Size 210 B (210 bytes) MD5 ab1ac4cf0f484cc9f859c0a7983353e0 SHA1 2da142b1135bd10cdbed4a7353e4483acc30ebe9 SHA256 50e878a18b2b5be7071dc7c10297381bcfcb55f17c27760ee857af9e31133324 Format Code Loading...

	challenges.cloudflare.com/turnstile/v0/api.js	ScriptElement	49 kB	2025-07-18	2025-07-22
URL challenges.cloudflare.com/turnstile/v0/api.js IP / ASN 104.18.94.41 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2025-07-18 Last Seen 2025-07-22 Times Seen 4904 Size 49 kB (48828 bytes) MD5 a20ea626775ecdceba42649036255835 SHA1 75924f80f4f1a02b9604ad82910920aef81fdd04 SHA256 b0c25da886116ad33304170e69e0198224b4daa3705a66dc809764cab576d5a6 Format Code Loading...

	keep1.nio3409197357.workers.dev/	ScriptElement	115 B	2025-04-28	2025-08-02
URL keep1.nio3409197357.workers.dev/ IP / ASN 104.21.64.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2025-04-28 Last Seen 2025-08-02 Times Seen 31789 Size 115 B (115 bytes) MD5 34df99ef0602560c811e58e4711c99e3 SHA1 88dea8841635da3e1130ce19e3718ceb17a95a35 SHA256 18a52fd2cc16c86bcba28796b0e231144f219cc87e049c41d9d378b880a42fba Format Code Loading...

	keep1.nio3409197357.workers.dev/	ScriptElement	375 B	2023-03-07	2025-08-02
URL keep1.nio3409197357.workers.dev/ IP / ASN 104.21.64.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 167745 Size 375 B (375 bytes) MD5 56df91490fa1984fa82b297dcb23c22d SHA1 2050f127b73f50d21eb9b0a2a3f2aea7d4372ba9 SHA256 275407540ae2d5516300e4027ce994e1c97f958d464e137d0fff116d7acf0f24 Format Code Loading...

	keep1.nio3409197357.workers.dev/	ScriptElement	46 B	2025-03-04	2025-08-02
URL keep1.nio3409197357.workers.dev/ IP / ASN 104.21.64.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-04 Last Seen 2025-08-02 Times Seen 39522 Size 46 B (46 bytes) MD5 16f6161217e242dffadf4241d174abcc SHA1 304832d02caf7b8a45ea29c321993d7eba48be67 SHA256 390eefa5af21228aaab4bb7eb68043b2468a645b3c861aaba17b226cc8c05d95 Format Code Loading...

HTTP Transactions (6)

URL IP Response Size

GET challenges.cloudflare.com/turnstile/v0/api.js

104.18.94.41

302 Found

49 kB

URL

challenges.cloudflare.com/turnstile/v0/api.js

IP / ASN

104.18.94.41

#13335 CLOUDFLARENET

Requested byhttp://keep1.nio3409197357.workers.dev/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606025

Size49 kB (48828 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectchallenges.cloudflare.com

FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71

ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT

HTTP Headers

GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 22 Jul 2025 04:55:43 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/4d127ba5149d/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 963058f29e3056b5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET keep1.nio3409197357.workers.dev/cdn-cgi/styles/cf.errors.css

104.21.64.1

200 OK

24 kB

URL

keep1.nio3409197357.workers.dev/cdn-cgi/styles/cf.errors.css

IP / ASN

104.21.64.1

#13335 CLOUDFLARENET

Requested byhttp://keep1.nio3409197357.workers.dev/

Resource Info

File typeASCII text, with very long lines (24050)

First Seen0001-01-01

Last Seen2025-08-02

Times Seen229565

Size24 kB (24051 bytes)

MD55e8c69a459a691b5d1b9be442332c87d

SHA1f24dd1ad7c9080575d92a9a9a2c42620725ef836

SHA25684e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WeChat

HTTP Headers

GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: keep1.nio3409197357.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://keep1.nio3409197357.workers.dev/
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Jul 2025 04:55:43 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: accept-encoding
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=XsP9RbsZP4X3awT9tKpC2PoFbX4yuTJuGHXtElErfIs1Y%2Bk%2FvoDa46t2CDaRrvWk%2BLg42P6Xmp1KNX56RjUDgx9VePgRG%2BR57JcQFA6vXkjj5Eam8kL8RlTZBWmX"}]}
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Content-Encoding: gzip
Server: cloudflare
CF-RAY: 963058f27ffe56c9-OSL

GET keep1.nio3409197357.workers.dev/cdn-cgi/images/icon-exclamation.png?1376755637

104.21.64.1

200 OK

452 B

URL

keep1.nio3409197357.workers.dev/cdn-cgi/images/icon-exclamation.png?1376755637

IP / ASN

104.21.64.1

#13335 CLOUDFLARENET

Requested byhttp://keep1.nio3409197357.workers.dev/

Resource Info

File typePNG image data, 54 x 54, 8-bit colormap, non-interlaced

First Seen2023-04-12

Last Seen2025-08-02

Times Seen200611

Size452 B (452 bytes)

MD5c33de66281e933259772399d10a6afe8

SHA1b9f9d500f8814381451011d4dcf59cd2d90ad94f

SHA256f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WeChat

HTTP Headers

GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1
Host: keep1.nio3409197357.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://keep1.nio3409197357.workers.dev/cdn-cgi/styles/cf.errors.css
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 22 Jul 2025 04:55:43 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: accept-encoding
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=XDGGkwQ%2FU8hzXo5sjHd8P4DMQoM9URBxJbt7MCu5iU87fO8ikbmgTqrn9E9eS3IQazGXMm2h1sGZcH%2Ba%2Fmy3R3kYeYMA1Ev3jOwap3gAl9WC%2BSrJC1Y5aqVibCvn"}]}
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server: cloudflare
CF-RAY: 963058f2d84556c9-OSL

GET challenges.cloudflare.com/turnstile/v0/g/4d127ba5149d/api.js

104.18.94.41

200 OK

49 kB

URL

challenges.cloudflare.com/turnstile/v0/g/4d127ba5149d/api.js

IP / ASN

104.18.94.41

#13335 CLOUDFLARENET

Requested byhttp://keep1.nio3409197357.workers.dev/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (48827)

First Seen2025-07-18

Last Seen2025-07-22

Times Seen4904

Size49 kB (48828 bytes)

MD5a20ea626775ecdceba42649036255835

SHA175924f80f4f1a02b9604ad82910920aef81fdd04

SHA256b0c25da886116ad33304170e69e0198224b4daa3705a66dc809764cab576d5a6

Certificate Info

IssuerGoogle Trust Services

Subjectchallenges.cloudflare.com

FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71

ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT

HTTP Headers

GET /turnstile/v0/g/4d127ba5149d/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 22 Jul 2025 04:55:43 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 17 Jul 2025 13:56:19 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
priority: u=3,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 963058f30aeb568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET keep1.nio3409197357.workers.dev/

104.21.64.1

403 Forbidden

4.4 kB

URL

keep1.nio3409197357.workers.dev/

IP / ASN

104.21.64.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (396)

First Seen2025-07-22

Last Seen2025-07-22

Times Seen1

Size4.4 kB (4386 bytes)

MD51d8f4a8de8280f54c1ebaaf956730f19

SHA1758e13e93d1899dd517deaa7f9bd0d63c03a94ff

SHA256d684ca029c8a37ecb86d978c991bad3eed3cee32d3bedba5b96c4c4cc31021e1

Certificate Info

IssuerGoogle Trust Services

Subjectnio3409197357.workers.dev

Fingerprint5D:50:6C:A3:CC:DC:29:FF:F0:DB:B3:8F:10:53:EA:E8:9C:34:8C:E5

ValiditySat, 21 Jun 2025 06:02:06 GMT - Fri, 19 Sep 2025 07:00:51 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WeChat

HTTP Headers

GET / HTTP/1.1
Host: keep1.nio3409197357.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Tue, 22 Jul 2025 04:55:43 GMT
content-type: text/html; charset=utf-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=F0RyIx8DQBV8PxijLmVYTm11Hpkv9JbT8lGebt5Wupm5ms1awsRLeUSeA3VOlSb%2B6vV%2FvZE4ieHV5IrFy5YeFctcHf59LPS523I5lUY74ghzsX%2Fmcsf%2FpUOFI5bO"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
server: cloudflare
cf-ray: 963058f08f7956a2-OSL
X-Firefox-Spdy: h2

GET keep1.nio3409197357.workers.dev/

104.21.64.1

403 Forbidden

4.4 kB

URL

keep1.nio3409197357.workers.dev/

IP / ASN

104.21.64.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (396)

First Seen2025-07-22

Last Seen2025-07-22

Times Seen1

Size4.4 kB (4386 bytes)

MD525b71074aada9acdddcea37f8ab7bc71

SHA1c242a5a61512d6bb049f76a96ab08e5a14ddc6ce

SHA25670d6c2c7ee0d47ff71c17b5cec68077d04bf62162cdd357a4fd9c26ad3e6ecaa

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	WeChat

HTTP Headers

GET / HTTP/1.1
Host: keep1.nio3409197357.workers.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Date: Tue, 22 Jul 2025 04:55:43 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
Vary: accept-encoding
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DIKsi72n5vxQOKrKzlu4aSBRJhKEyksdILUr18GYkl5TwILB6K5JRRZk0afG2WA96hHwWHY7mCMBKNoEsXXws8p3Lr54emm%2FU7etqB5wcqrWaagL3Hb9dwDqh04T"}]}
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Content-Encoding: gzip
Server: cloudflare
CF-RAY: 963058f16f3756c9-OSL
alt-svc: h2=":443"; ma=60