| www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.24.0/package/dist/6.24.0/styles/dls.min.css | 104.110.3.84 | 200 OK | 49 kB |
URL GET HTTP/2www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.24.0/package/dist/6.24.0/styles/dls.min.css IP104.110.3.84:443
Requested byhttps://worker-home-american-eb1d.heleyas570.workers.dev/ CertificateIssuerDigiCert Inc Subjectm.americanexpress.com Fingerprint3D:49:C1:10:15:C4:62:62:B3:CD:E6:43:D8:FF:DE:DD:A4:9F:03:26 ValidityWed, 06 Mar 2024 00:00:00 GMT - Thu, 06 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashd4f6c3591835eb7dd537e0b4dc46b49d 402d69bfc83c2477b72fa978d01045a124e5baf5 5697ec2a5b964c283b604e35b4b9a8e550014fd6ebd602a849fd85038113d78b
GET /cdaas/one/statics/@americanexpress/dls/6.24.0/package/dist/6.24.0/styles/dls.min.css HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-home-american-eb1d.heleyas570.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
last-modified: Mon, 20 Feb 2023 20:23:12 GMT
etag: W/"63f3d6b0-596ee"
timing-allow-origin: *
cache-control: max-age=31536000, must-revalidate
content-encoding: gzip
content-length: 48683
date: Wed, 17 Apr 2024 05:23:46 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
|
|
| api.ipify.org/?format=jsonp&callback=getIP | 104.26.12.205 | 200 OK | 29 B |
URL GET HTTP/2api.ipify.org/?format=jsonp&callback=getIP IP104.26.12.205:443
Requested byhttps://worker-home-american-eb1d.heleyas570.workers.dev/ CertificateIssuerGoogle Trust Services LLC Subjectipify.org FingerprintC8:1A:05:47:C5:73:C6:CE:DF:1D:A6:DE:00:11:A9:9A:8C:DB:EF:A7 ValidityThu, 21 Mar 2024 19:56:02 GMT - Wed, 19 Jun 2024 19:56:01 GMT
File typeASCII text, with no line terminators Hash90a39389063c7c5716745c3b3bb4fba1 a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69
GET /?format=jsonp&callback=getIP HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-home-american-eb1d.heleyas570.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 05:23:46 GMT
content-type: application/javascript
content-length: 29
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8759fc276fa94149-LHR
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/jnxrg3tqc0u8rxa/ltolbec.gif | 162.125.70.15 | 200 OK | 4.4 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/jnxrg3tqc0u8rxa/ltolbec.gif IP162.125.70.15:443
Requested byhttps://worker-home-american-eb1d.heleyas570.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeGIF image data, version 89a, 55 x 54 Hash28b51026c632992786a253e30b45e1d3 d4a21c02564e266593699ee005d08a3df483e9d8 b754eb74fa8f416b4803252f7994d7aa22d697a5eb77f0b4df8e3839f9621c9e
GET /s/jnxrg3tqc0u8rxa/ltolbec.gif HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-home-american-eb1d.heleyas570.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/gif
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ltolbec.gif"; filename*=UTF-8''ltolbec.gif
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1649372231639804n
pragma: public
set-cookie: uc_session=6vdH3RXj9t9iZnoaOkKaEjU08mGdAMSVIHmVKcole5geXbLfhkpkcuk1I6YZ4bje; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 257
date: Wed, 17 Apr 2024 05:23:46 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 4424
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 5dfe0a628ca94f02b66a84ac43b00f35
X-Firefox-Spdy: h2
|
|
| www.aexp-static.com/cdaas/axp-app/modules/one-identity-root/undefined/images/icon-192.png | 104.110.3.84 | 404 Not Found | 167 B |
URL GET HTTP/2www.aexp-static.com/cdaas/axp-app/modules/one-identity-root/undefined/images/icon-192.png IP104.110.3.84:443
Requested byhttps://worker-home-american-eb1d.heleyas570.workers.dev/ CertificateIssuerDigiCert Inc Subjectm.americanexpress.com Fingerprint3D:49:C1:10:15:C4:62:62:B3:CD:E6:43:D8:FF:DE:DD:A4:9F:03:26 ValidityWed, 06 Mar 2024 00:00:00 GMT - Thu, 06 Mar 2025 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash370e16c3b7dba286cff055f93b9a94d8 65f3537c3c798f7da146c55aef536f7b5d0cb943 d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
GET /cdaas/axp-app/modules/one-identity-root/undefined/images/icon-192.png HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-home-american-eb1d.heleyas570.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
content-encoding: gzip
content-length: 167
date: Wed, 17 Apr 2024 05:23:47 GMT
vary: Origin, Accept-Encoding
set-cookie: ak_bmsc=384B549FE584175F8F41E727E5EC22D1~000000000000000000000000000000~YAAQ1E0kF6dTBMyOAQAA7NiC6hcl2V4GR423fVoCAI5UTdg2LGM4zq/oDAZPYiBMEx3ApPOq+I6isZfbvBrkkH92V9XSNe3cZAYOSAXm7Bu42faUPhHALRT9U2R/bdXsuBb87yEQ58ixsDvGvSDH/EtlqLF2nGtBLvWFQqO+rAMG0cTCjJMpdrLfHlIPLjAy1KcFT/2zNM78/66Dljvx+uuREsgYCYNbDC/vn9h4PHCH4/PxPNzDkJ6mHr9gGgwHRzYjz30TvXuqvd+m6dGZo2yb+iJBKSS/cUB9Mrl6vXQUgx2N15/4Ir+c0zkGZXfjDDZzPGXW1DwM1kDJufOLOMjcvAryyNuHBdJ8TihEcOsA5x9Qhiz7g1zxIrbS4LXilUErREWZXPzYtDqF3ck=; Domain=.aexp-static.com; Path=/; Expires=Wed, 17 Apr 2024 07:23:47 GMT; Max-Age=7200; Secure
X-Firefox-Spdy: h2
|
|
| www.americanexpress.com/favicon.ico | 104.110.22.253 | | 1.4 kB |
URL GET www.americanexpress.com/favicon.ico IP104.110.22.253:0
Requested byhttps://worker-home-american-eb1d.heleyas570.workers.dev/ CertificateIssuerDigiCert Inc Subjectwww.americanexpress.com Fingerprint64:A2:B0:4D:11:47:D0:C0:37:73:B5:62:91:90:F7:0D:1F:42:FA:10 ValidityThu, 03 Aug 2023 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hash974ccc6c4c6e1c7f04606973beb3ba20 0f96f86d488a4b5805744fa067c3cfd57c928406 265d3f591d92fadfe95f4660c382ee64a23538a7353b9880434205a102833de0
GET /favicon.ico HTTP/1.1
Host: www.americanexpress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-home-american-eb1d.heleyas570.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
strict-transport-security: max-age=15552000;
last-modified: Fri, 07 Jun 2019 04:05:21 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1381
x-cnection: close
content-type: image/x-icon
date: Wed, 17 Apr 2024 05:23:47 GMT
set-cookie: agent-id=10cd03d8-d236-45ad-ad80-89cbb4e19c47; expires=Thu, 17-Apr-2025 05:23:47 GMT; path=/; domain=.americanexpress.com; secure; HttpOnly
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ltolbeb.png | 162.125.70.15 | 200 OK | 2.8 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ltolbeb.png IP162.125.70.15:443
Requested byhttps://worker-home-american-eb1d.heleyas570.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (3136), with no line terminators Hash961cbe1ecca36857476fa64154ae89a9 bdba7e55095e02f7dd47e5dda518dabf1c4d83d1 f066065e5f26538f3868aff9b1a72dc0a961bb5962b40507472b46db094ff6b2
GET /s/dl0l68o9ckjx9h1/ltolbeb.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ldelavf.css
Cookie: uc_session=c32DTZ6wWWmN2lfaFjuc2oSItuIuh81d1oOAnsCnda3krmQzucKyqBCQqXitAv8Y
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ldelavf.css"; filename*=UTF-8''ldelavf.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
x-content-type-options: nosniff
x-server-response-time: 360
date: Wed, 17 Apr 2024 05:23:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 91e93fc205a447739cbd41343818960b
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/ttfvw2v00hqadxh/ldelavd.css | 162.125.70.15 | 200 OK | 16 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/ttfvw2v00hqadxh/ldelavd.css IP162.125.70.15:443
Requested byhttps://worker-home-american-eb1d.heleyas570.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (15837), with CRLF line terminators Hash602885d150e92c91d6cd6df3c062fc69 5c2a8f640e67556aba57888fe0c508886683d1cd 742986c3263400cc14e94db1c58eb49786e4466272889ce602cd6df55297a82d
GET /s/ttfvw2v00hqadxh/ldelavd.css HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-home-american-eb1d.heleyas570.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ldelavd.css"; filename*=UTF-8''ldelavd.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=LVmPIPoDS254AEWhuxQRqszfVqa5zTj6Lfg7SH4UKoM6Bu1BaUVnZG7kARpo61KA; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 411
date: Wed, 17 Apr 2024 05:23:47 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: d217b0d26be946fdb27d8165d0e41ca7
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ltolbee.png | 162.125.70.15 | 200 OK | 2.8 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ltolbee.png IP162.125.70.15:443
Requested byhttps://worker-home-american-eb1d.heleyas570.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (3136), with no line terminators Hash961cbe1ecca36857476fa64154ae89a9 bdba7e55095e02f7dd47e5dda518dabf1c4d83d1 f066065e5f26538f3868aff9b1a72dc0a961bb5962b40507472b46db094ff6b2
GET /s/dl0l68o9ckjx9h1/ltolbee.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ldelavf.css
Cookie: uc_session=c32DTZ6wWWmN2lfaFjuc2oSItuIuh81d1oOAnsCnda3krmQzucKyqBCQqXitAv8Y
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ldelavf.css"; filename*=UTF-8''ldelavf.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
x-content-type-options: nosniff
x-server-response-time: 797
date: Wed, 17 Apr 2024 05:23:48 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 2396e76db8434b9390b93e430b65df2e
X-Firefox-Spdy: h2
|
|
| worker-home-american-eb1d.heleyas570.workers.dev/ | 172.67.223.44 | 200 OK | 63 kB |
URL User Request GET HTTP/2worker-home-american-eb1d.heleyas570.workers.dev/ IP172.67.223.44:443
CertificateIssuerGoogle Trust Services LLC Subjectheleyas570.workers.dev FingerprintB8:09:78:17:95:64:4D:BD:E8:61:61:91:91:7D:85:DA:C2:80:DD:DB ValidityMon, 15 Apr 2024 12:13:39 GMT - Sun, 14 Jul 2024 12:13:38 GMT
File typeHTML document, ASCII text, with very long lines (62969) Hash5aa36cac74557a3d7d7f56bbc9f52adc e1471f1ccc7b4ae7db59a41031f683ef458703fc 7e1cb8877168279f4f883c994a0c662228b78f268cf65d5f5e962d13716de828
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - Suspicious Javascript code | OpenPhish | phishing | American Express |
GET / HTTP/1.1
Host: worker-home-american-eb1d.heleyas570.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 17 Apr 2024 05:23:46 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l6%2B8zjHVkfy2vIi5MOVtIsdciG82F17U%2F792JeLWQfrMVjMEJDsV36yxgnVxIvJbbt0L8ONY8CcA9gzpAouglrNoxeN4QuIKPVoxNBXGZNVfcifSpyXrMQPHEHjuNEeLfbcNJpGUUCI9RkgVlPLf%2FyNxLCYaUxgDgufmvYyl%2B5XToDI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759fc25c9d492bb-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/l46v0c6zhz62fj0/ldelave.css | 162.125.70.15 | 200 OK | 7.8 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/l46v0c6zhz62fj0/ldelave.css IP162.125.70.15:443
Requested byhttps://worker-home-american-eb1d.heleyas570.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (8640), with no line terminators Hashe08dda03bd6f29058e3b19d05427bcd0 cbe75afabc97d0d8e50b222fb769cd0eb0a4c01b 56d8d2115e01e202d653c39bbc39655e0320d6d3026303fd9520238a982fafd8
GET /s/l46v0c6zhz62fj0/ldelave.css HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-home-american-eb1d.heleyas570.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ldelave.css"; filename*=UTF-8''ldelave.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=syP7h3RQFn6FQ8aqK0I1XoWFQTpm8oFWgKtziC52jZDP3dRJoOftA5q4jCtz02pq; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 326
date: Wed, 17 Apr 2024 05:23:47 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 78f3192e3b8240dd8289f1004eefb068
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ldelavf.css | 162.125.70.15 | 200 OK | 2.8 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ldelavf.css IP162.125.70.15:443
Requested byhttps://worker-home-american-eb1d.heleyas570.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (3136), with no line terminators Hash961cbe1ecca36857476fa64154ae89a9 bdba7e55095e02f7dd47e5dda518dabf1c4d83d1 f066065e5f26538f3868aff9b1a72dc0a961bb5962b40507472b46db094ff6b2
GET /s/dl0l68o9ckjx9h1/ldelavf.css HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-home-american-eb1d.heleyas570.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ldelavf.css"; filename*=UTF-8''ldelavf.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=c32DTZ6wWWmN2lfaFjuc2oSItuIuh81d1oOAnsCnda3krmQzucKyqBCQqXitAv8Y; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 352
date: Wed, 17 Apr 2024 05:23:46 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 5d450be04f624cdc9c491c9485a79e43
X-Firefox-Spdy: h2
|
|
| worker-home-american-eb1d.heleyas570.workers.dev/upfiles/njhamilodjtdjlogo.png | 172.67.223.44 | 200 OK | 63 kB |
URL GET HTTP/3worker-home-american-eb1d.heleyas570.workers.dev/upfiles/njhamilodjtdjlogo.png IP172.67.223.44:443
Requested byhttps://worker-home-american-eb1d.heleyas570.workers.dev/ CertificateIssuerGoogle Trust Services LLC Subjectheleyas570.workers.dev FingerprintB8:09:78:17:95:64:4D:BD:E8:61:61:91:91:7D:85:DA:C2:80:DD:DB ValidityMon, 15 Apr 2024 12:13:39 GMT - Sun, 14 Jul 2024 12:13:38 GMT
File typeHTML document, ASCII text, with very long lines (62969) Hash5aa36cac74557a3d7d7f56bbc9f52adc e1471f1ccc7b4ae7db59a41031f683ef458703fc 7e1cb8877168279f4f883c994a0c662228b78f268cf65d5f5e962d13716de828
Analyzer | Verdict | Alert | OpenPhish | phishing | American Express |
GET /upfiles/njhamilodjtdjlogo.png HTTP/1.1
Host: worker-home-american-eb1d.heleyas570.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-home-american-eb1d.heleyas570.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 17 Apr 2024 05:23:46 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ku5MqusNYv2vajQAzS8PEFpTa1W9HluBGSI76O5cA2lHF9WdKj0zguDNtHhDNNBNxNzToheQcOctvJBcS99C1fn2Z3Bs7s3H7Uii2xub0nobBNyiRChRZ65LqPeTLw9w%2BIHHT%2F9e0pXSHa1RV9RH%2Fc6KvT5MBoxXpO3Bj5EbK7dgQeQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8759fc26ea646df0-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|