Report - logn-maile-4743.whit8095432.workers.dev/

Report Overview

Submitted URL
logn-maile-4743.whit8095432.workers.dev/
IP
104.21.43.216
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 16:51:20
Access
public
Website Title
Yahoo
Final URL
logn-maile-4743.whit8095432.workers.dev/
Tags
yahoo phishing suspicious
urlquery detections
Phishing - Yahoo
Suspicious - Suspicious Javascript code

Detections

urlquery
8
Network Intrusion Detection
3
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dl.dropboxusercontent.com	12831	2012-01-13	2019-02-11	2019-03-28	470 B	182 kB	162.125.71.15
api.ipify.org	3267	2014-01-05	2014-10-06	2024-04-24	442 B	251 B	104.26.13.205
logn-maile-4743.whit8095432.workers.dev	unknown	2019-02-08	2022-07-02	2023-12-29	494 B	16 kB	104.21.43.216
s.yimg.com	375	1997-05-14	2012-05-21	2024-04-24	3.6 kB	110 kB	87.248.119.251

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-25 16:50:54	low	Client IP	104.21.43.216	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI
2024-04-25 16:50:54	low	Client IP	104.26.13.205	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
2024-04-25 16:50:54	low	Client IP	162.125.71.15	ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-25	medium	logn-maile-4743.whit8095432.workers.dev/	Yahoo! Inc

PhishTank

Scan Date	Severity	Indicator	Alert
2023-09-19	medium	logn-maile-4743.whit8095432.workers.dev/	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	logn-maile-4743.whit8095432.workers.dev/	329 kB	2023-03-07	2024-05-03
Pretty URL logn-maile-4743.whit8095432.workers.dev/ IP 104.21.43.216 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 15:05:44 Last Seen2024-05-03 18:16:38 Times Seen51 Hash ee96cc834ceb4381cd7609ac5f98a4d9 be0e6f9778b8f87a794b45b685c536e242fb2f5f 538ec7a99be85e35424e9291612de8ccc9919129eac084ccad472c4d5176cf2b Loading...

	unknown	110 kB	2023-04-17	2024-05-03
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-17 19:11:57 Last Seen2024-05-03 18:16:38 Times Seen44 Hash 46edc1aae7e12effe254148980a4a58a 984c7a175625624735d8c473eedbc9e25e6329e9 65d191a33506d9b15597a7efe273b041c6d285f219070c25a61ee94658faeb88 Loading...

	unknown	36 kB	2023-04-10	2024-05-03
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-10 08:04:11 Last Seen2024-05-03 18:16:38 Times Seen53 Hash 03fb5ab58cacf0542b1db05bd57de2f9 8aac39a10e11ec10a46726953f6975c1b47ec1ed eba9f3871c0b8436b760230550c1d72f3c77c39b93ebed613ebfadc373e9c122 Loading...

	unknown	701 B	2023-04-12	2024-05-03
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 08:53:48 Last Seen2024-05-03 18:16:38 Times Seen90 Hash b4106bc59a481018c230effdc8387d64 7abfa46721b3c260249deb72331bbd1b69b5a6e3 081574a4cb69e25b4a2a50c63c3d978e3cefd1a7aa7a63a68589fa10bd989d0e Loading...

	unknown	247 B	2023-04-12	2024-05-03
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 08:53:48 Last Seen2024-05-03 18:16:38 Times Seen95 Hash e9776b46564f34762ebffa07e8b24ecf 5bd8a74d269ceec8f636db42f6a25b92435a6f7d 90bb95034b31c35b932bbd000ecc34eb7a69d0aecd6a3ecd19cb9f8120dcd492 Loading...

	api.ipify.org/?format=jsonp&callback=getIP	29 B	2023-03-07	2024-05-05
Pretty URL api.ipify.org/?format=jsonp&callback=getIP IP 104.26.13.205 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16:09 Last Seen2024-05-05 03:58:30 Times Seen16660 Hash 90a39389063c7c5716745c3b3bb4fba1 a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69 Loading...

	unknown	776 B	2023-04-12	2024-05-03
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 08:53:48 Last Seen2024-05-03 18:16:38 Times Seen47 Hash cbbd9fcd2351480a0393ed0bac43c6a8 6186e5e91d4d087a048ee82dac17aa1035a3755a 8f9ea7e42db0463cebe5230ff1a92470e685684965e9a516d7adcfa0a0a6610a Loading...

		Size	First Seen	Last Seen
	#1 Write - 7abfcddc369c7353baa7a49a55d7966f	110 kB	2023-03-07	2024-05-03
Pretty Observations First Seen2023-03-07 15:05:44 Last Seen2024-05-03 18:16:38 Times Seen53 Hash 7abfcddc369c7353baa7a49a55d7966f b9799ba5e837d6c3990b2b3611765a6bdd05493d 85bc2c169a4e52c0d592c72c5b8741db2639306558410199d2c47a0d4632e969 Loading...

	#2 Write - c224f17186b136891f711f7f095e55c3	36 kB	2023-03-07	2024-05-03
Pretty Observations First Seen2023-03-07 15:05:44 Last Seen2024-05-03 18:16:38 Times Seen62 Hash c224f17186b136891f711f7f095e55c3 f13cfd6b146dbd06d021ffcc50ef0e4d29cb75ec 890c6f4472c1d7726fe18fec5143224965d7b8d48806f6970a78f5cc8c91e2fe Loading...

	#3 Write - dd4e99129956ba34b2f39a38aae10f4e	12 kB	2023-03-07	2024-05-03
Pretty Observations First Seen2023-03-07 15:05:44 Last Seen2024-05-03 18:16:38 Times Seen72 Hash dd4e99129956ba34b2f39a38aae10f4e 9bc13c2022ab0e5a7146a93efe2bf6daaefd41ab e74278d845406c090d5990967a1a39640ab11ec6965102f2617d038cad94b851 Loading...

HTTP Transactions (10)

URL IP Response Size

logn-maile-4743.whit8095432.workers.dev/

104.21.43.216

200 OK

16 kB

URL User Request GET HTTP/2
logn-maile-4743.whit8095432.workers.dev/
IP
104.21.43.216:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectwhit8095432.workers.dev
Fingerprint05:D1:4A:BD:BE:59:70:CE:E1:E5:09:FA:44:F9:1F:66:65:D8:4F:D2
ValiditySat, 13 Apr 2024 20:37:49 GMT - Fri, 12 Jul 2024 20:37:48 GMT

File type
HTML document, ASCII text, with very long lines (65520)
Size
16 kB (15865 bytes)
Hash
10099c523a3d40b6eb423c1ee2732064
8bf684eed1e95d1f61c09504a7e7104e788044eb
c730a90276b7a01adc74a7309d02f1c35e4216d109c4a2995e90bae8ef598a73

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Yahoo
OpenPhish	phishing	Yahoo! Inc
PhishTank	phishing	Other

HTTP Headers

GET / HTTP/1.1
Host: logn-maile-4743.whit8095432.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:50:54 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JZIMtnBJft6%2BVUkE%2BZF74W%2BWMDTQ319bgpay7iVz%2FhHghFic6FulWC%2BczN2hY%2BDD0Cd1Ls4lBOTZ41rbUE6iSntTPdn8D4J7ivHlZByx9kGM5rUUL9g7rHTbbMNKxBlGsu8RlPwF9bV4%2Bt2pfoMugTTIrGhqBYbd%2BXY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879fd5b14ef3b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png

87.248.119.251

200 OK

1.3 kB

URL GET HTTP/2
s.yimg.com/rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png
IP
87.248.119.251:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://logn-maile-4743.whit8095432.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintF9:49:E1:CC:DE:98:74:FF:9B:DF:28:DC:D8:43:B9:82:99:B1:60:DB
ValidityTue, 02 Apr 2024 00:00:00 GMT - Wed, 22 May 2024 23:59:59 GMT

File type
PNG image data, 240 x 72, 8-bit colormap, non-interlaced
Size
1.3 kB (1346 bytes)
Hash
cd166981c96c6d0f4b5a7d798c25878e
09031c4013138bb8bd54ab9092ac59aa47d7c60c
0fdefe26bac6a6b0b06fe67984582f887af70b7da25d6cb1b401f9074db58338

HTTP Headers

GET /rz/p/yahoo_frontpage_en-US_s_f_p_bestfit_frontpage_2x.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://logn-maile-4743.whit8095432.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: v6jiJmkIcczuLznafVznh5kgzWgejcdRi9Sj1KtAa3HgkrNUi+rDIzpx8nhRw9ZaVsBUKwKWP9s=
x-amz-request-id: DMYXCDZYWNAZDTBH
date: Thu, 25 Apr 2024 07:04:19 GMT
last-modified: Wed, 24 Apr 2024 21:32:20 GMT
etag: "cd166981c96c6d0f4b5a7d798c25878e"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=86400
expires: Thu, 25 Apr 2024 23:00:00 GMT
accept-ranges: bytes
content-type: image/png
server: ATS
content-length: 1346
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 35198
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

s.yimg.com/wm/mbr/images/yahoo-apple-touch-v0.0.2.png

87.248.119.251

200 OK

13 kB

URL GET HTTP/2
s.yimg.com/wm/mbr/images/yahoo-apple-touch-v0.0.2.png
IP
87.248.119.251:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://logn-maile-4743.whit8095432.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintF9:49:E1:CC:DE:98:74:FF:9B:DF:28:DC:D8:43:B9:82:99:B1:60:DB
ValidityTue, 02 Apr 2024 00:00:00 GMT - Wed, 22 May 2024 23:59:59 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGB, interlaced
Size
13 kB (12635 bytes)
Hash
a9d2dde886cd61f73365a84878c78475
6f1f1f7414116c4b01f04ee0a07b41202c2da539
b168c836ccef9cf1cbf7b2440bc11d26667c4ae19613f1e7cf5e6cdc303c7de4

HTTP Headers

GET /wm/mbr/images/yahoo-apple-touch-v0.0.2.png HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://logn-maile-4743.whit8095432.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: Bsglv8jnLxMX5V6SgWTSUWFHCL2TVGuySxANeUkgqH2XlEJUndFhxt1OToXsAyo8KnQxaX4xdzk=
x-amz-request-id: ZSB5W1BS6FNMY0ME
date: Sat, 23 Mar 2024 17:12:06 GMT
last-modified: Thu, 12 Sep 2019 21:58:38 GMT
etag: "a9d2dde886cd61f73365a84878c78475"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: image/png
server: ATS
content-length: 12635
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 2849931
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

s.yimg.com/wm/mbr/images/yahoo-favicon-img-v0.0.2.ico

87.248.119.251

200 OK

1.4 kB

URL GET HTTP/2
s.yimg.com/wm/mbr/images/yahoo-favicon-img-v0.0.2.ico
IP
87.248.119.251:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://logn-maile-4743.whit8095432.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintF9:49:E1:CC:DE:98:74:FF:9B:DF:28:DC:D8:43:B9:82:99:B1:60:DB
ValidityTue, 02 Apr 2024 00:00:00 GMT - Wed, 22 May 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 8 bits/pixel
Size
1.4 kB (1406 bytes)
Hash
b6814ae5582d7953821acbd76e977bb4
75a33fc706c2c6ba233e76c17337e466949f403c
4a491acd00880c407a2b749619003716c87e9c25ac344e5934c13e8f9aa0e8b3

HTTP Headers

GET /wm/mbr/images/yahoo-favicon-img-v0.0.2.ico HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://logn-maile-4743.whit8095432.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: YGH47wrKTJQan84wmjYnU8EoZCirrU0jITTYol/xPa1M7y+qmSFRUe2mtk17Mv/hcr+RaurW+hc=
x-amz-request-id: CXV09GKC8BM9HPKZ
date: Wed, 24 Apr 2024 17:19:26 GMT
last-modified: Wed, 11 Sep 2019 18:01:04 GMT
etag: "b6814ae5582d7953821acbd76e977bb4"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: image/vnd.microsoft.icon
server: ATS
content-length: 1406
referrer-policy: no-referrer-when-downgrade
vary: Origin
age: 84691
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Regular.woff2

87.248.119.251

200 OK

29 kB

URL GET HTTP/2
s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Regular.woff2
IP
87.248.119.251:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://logn-maile-4743.whit8095432.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintF9:49:E1:CC:DE:98:74:FF:9B:DF:28:DC:D8:43:B9:82:99:B1:60:DB
ValidityTue, 02 Apr 2024 00:00:00 GMT - Wed, 22 May 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28860, version 1.0
Size
29 kB (28860 bytes)
Hash
a99b283070afc519f4816e4300c515d2
65b78d03d56de125060e61069debfc47e38fb3df
fc0e2df417e7959509df87df6b4de2eb1479c8718bc2d8ab0bc70d3753c68560

HTTP Headers

GET /cv/ae/sports/fonts/2017/Yahoo_Sans-Regular.woff2 HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://logn-maile-4743.whit8095432.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: eUqfV3BH2LZbpPpB8piJwTHXInj/5UaUEsDoikmXfIvfPKJpr1yovkLmk6kQ7v5mdf72DepX34A=
x-amz-request-id: WJC6SQFMRJFY6HBH
date: Sun, 31 Mar 2024 10:42:46 GMT
last-modified: Thu, 19 Apr 2018 19:06:41 GMT
etag: "a99b283070afc519f4816e4300c515d2"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000,public
x-amz-meta-created-date: Tue, 03 Oct 2017 06:22:51 GMT
x-amz-meta-mbst-etag: "YM:1:cb5e4811-e042-455c-b2b2-f984d5f70e0200055a9e8550b736"
x-amz-meta-x-ysws-mbst-vtime: 1507011771545398
expires: Sat, 05 Sep 2026 00:00:00 GMT
x-amz-meta-x-ysws-access: public
accept-ranges: bytes
content-type: font/woff2
server: ATS
content-length: 28860
referrer-policy: no-referrer-when-downgrade
age: 2182091
access-control-allow-origin: *
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: Origin
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

dl.dropboxusercontent.com/s/yntjno1t8hokj3k/yahoo-main.css

162.125.71.15

200 OK

180 kB

URL GET HTTP/2
dl.dropboxusercontent.com/s/yntjno1t8hokj3k/yahoo-main.css
IP
162.125.71.15:443
ASN
#19679 DROPBOX

Requested by
https://logn-maile-4743.whit8095432.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.dl.dropboxusercontent.com
Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40
ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT

File type
gzip compressed data, from Unix
Size
180 kB (180446 bytes)
Hash
aa8ab30ae794fab1db3627d2ae78789e
5c0d1b7b367beeb2edcc3bfb0e069220cddb785e
ba4f4914436e6ba4267f774d6197cf6091a792dab2e416f069e68258037c1955

HTTP Headers

GET /s/yntjno1t8hokj3k/yahoo-main.css HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://logn-maile-4743.whit8095432.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="yahoo-main.css"; filename*=UTF-8''yahoo-main.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=5Vh28uAuoe4ZEGTbU8Ntd0ABzWrMHxfktWVUwF5uoa0ybBv9dqhthpTEshRNzoHz; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 287
date: Thu, 25 Apr 2024 16:50:54 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 42f2e37a239e46449b467f1df6ea644b
X-Firefox-Spdy: h2

s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Medium.woff2

87.248.119.251

200 OK

29 kB

URL GET HTTP/2
s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Medium.woff2
IP
87.248.119.251:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://logn-maile-4743.whit8095432.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintF9:49:E1:CC:DE:98:74:FF:9B:DF:28:DC:D8:43:B9:82:99:B1:60:DB
ValidityTue, 02 Apr 2024 00:00:00 GMT - Wed, 22 May 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 29228, version 1.0
Size
29 kB (29228 bytes)
Hash
7c7c02dcee2bf1c2528db6092d4ad1fa
988a01f705c074261490625c70f94b2642413693
d5312dacbe6f248c6c4b60251d7acf77bc3bc891cd9b880dead36d9babb288c4

HTTP Headers

GET /cv/ae/sports/fonts/2017/Yahoo_Sans-Medium.woff2 HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://logn-maile-4743.whit8095432.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: 3KSgBQulwwK/rKZ4TssLF9029jeQCULc+kGlzOS3mZiQNW3LpqmQTlJafsKXVcBsXYSFCHws/1U=
x-amz-request-id: YVF6FM7JBEGBS6MF
date: Wed, 10 Apr 2024 08:37:08 GMT
last-modified: Thu, 19 Apr 2018 16:25:50 GMT
etag: "7c7c02dcee2bf1c2528db6092d4ad1fa"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000,public
x-amz-meta-created-date: Tue, 03 Oct 2017 06:22:52 GMT
x-amz-meta-mbst-etag: "YM:1:1bb49599-26ac-442e-b6b8-f4e40f067ea500055a9e855b6ecb"
x-amz-meta-x-ysws-mbst-vtime: 1507011772247755
expires: Sat, 05 Sep 2026 00:00:00 GMT
x-amz-meta-x-ysws-access: public
accept-ranges: bytes
content-type: font/woff2
server: ATS
content-length: 29228
referrer-policy: no-referrer-when-downgrade
age: 1325630
access-control-allow-origin: *
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: Origin
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

s.yimg.com/wm/mbr/images/checkbox-checked.svg

87.248.119.251

200 OK

659 B

URL GET HTTP/2
s.yimg.com/wm/mbr/images/checkbox-checked.svg
IP
87.248.119.251:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://logn-maile-4743.whit8095432.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintF9:49:E1:CC:DE:98:74:FF:9B:DF:28:DC:D8:43:B9:82:99:B1:60:DB
ValidityTue, 02 Apr 2024 00:00:00 GMT - Wed, 22 May 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
659 B (659 bytes)
Hash
ac8c4fbeda6efad9549cb41b992a8b3a
46f532f081af894297bce53a7d212e2d253a60bf
11b4310df6e27428e7cf86f316abdc10148ac5cf3c8bbbd5b85c88b9f6290c59

HTTP Headers

GET /wm/mbr/images/checkbox-checked.svg HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: Y83F7loEipLgJA1hW1uPFlaIMCrgAfu/mKID72QEu2W1wimHvVyLywik05bmveA5atDishDc5VE=
x-amz-request-id: 67AP5Q9RM11QSWN9
date: Tue, 05 Mar 2024 19:25:13 GMT
last-modified: Fri, 24 Apr 2020 17:13:52 GMT
etag: "ac8c4fbeda6efad9549cb41b992a8b3a-df"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=315360000
accept-ranges: bytes
content-type: image/svg+xml
server: ATS
referrer-policy: no-referrer-when-downgrade
vary: Origin, Accept-Encoding
age: 4397144
content-encoding: gzip
content-length: 659
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

api.ipify.org/?format=jsonp&callback=getIP

104.26.13.205

200 OK

29 B

URL GET HTTP/2
api.ipify.org/?format=jsonp&callback=getIP
IP
104.26.13.205:443
ASN
#13335 CLOUDFLARENET

Requested by
https://logn-maile-4743.whit8095432.workers.dev/
Certificate
IssuerGoogle Trust Services LLC
Subjectipify.org
FingerprintC8:1A:05:47:C5:73:C6:CE:DF:1D:A6:DE:00:11:A9:9A:8C:DB:EF:A7
ValidityThu, 21 Mar 2024 19:56:02 GMT - Wed, 19 Jun 2024 19:56:01 GMT

File type
ASCII text, with no line terminators
Size
29 B (29 bytes)
Hash
e16990d104d7ef3da6ae33c8749007c3
dd2e82c642a46da4f9f07a0cbed51e1200260b16
be8faa8ea81ccae89a6fe717bdc02266ef5a5a7dcbb8df7fb7ceb59ec48d9ed3

HTTP Headers

GET /?format=jsonp&callback=getIP HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://logn-maile-4743.whit8095432.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 16:50:54 GMT
content-type: application/javascript
content-length: 29
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 879fd5b30f260b51-OSL
X-Firefox-Spdy: h2

s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Semibold.woff2

87.248.119.251

200 OK

29 kB

URL GET HTTP/2
s.yimg.com/cv/ae/sports/fonts/2017/Yahoo_Sans-Semibold.woff2
IP
87.248.119.251:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://logn-maile-4743.whit8095432.workers.dev/
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintF9:49:E1:CC:DE:98:74:FF:9B:DF:28:DC:D8:43:B9:82:99:B1:60:DB
ValidityTue, 02 Apr 2024 00:00:00 GMT - Wed, 22 May 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 29040, version 1.0
Size
29 kB (29040 bytes)
Hash
af9fdad7698452697b016850fff96423
710130c79bf56297f8abcc6d6c575172590133b0
b8989e0be6a0c3a8a407d8b69b7884eb5ebf401b7eee8b8b98c5eeec3ba497fa

HTTP Headers

GET /cv/ae/sports/fonts/2017/Yahoo_Sans-Semibold.woff2 HTTP/1.1
Host: s.yimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://logn-maile-4743.whit8095432.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-id-2: 7g/PEHQOXwbuaXYa+I6AS+W+zDnQqckcP7484VcBBxI3Ndc+NLMhhi93P+sa7Q/0OstragSOXys=
x-amz-request-id: KDFBS0BEDQ63NBNG
date: Wed, 24 Apr 2024 08:53:36 GMT
last-modified: Thu, 19 Apr 2018 17:33:29 GMT
etag: "af9fdad7698452697b016850fff96423"
x-amz-server-side-encryption: AES256
cache-control: max-age=31536000,public
x-amz-meta-created-date: Tue, 03 Oct 2017 06:22:51 GMT
x-amz-meta-mbst-etag: "YM:1:95620d49-21c2-4044-b803-58b70c8e419700055a9e854fb9f1"
x-amz-meta-x-ysws-mbst-vtime: 1507011771480561
expires: Sat, 05 Sep 2026 00:00:00 GMT
x-amz-meta-x-ysws-access: public
accept-ranges: bytes
content-type: font/woff2
server: ATS
content-length: 29040
referrer-policy: no-referrer-when-downgrade
age: 115042
access-control-allow-origin: *
strict-transport-security: max-age=31536000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
vary: Origin
ats-carp-promotion: 1, 1
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (10)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by