| new-75691.bubbleapps.io/package/early_js/05ae9fe83d6b755291132aab9d325d70918aafd336da1bd91a41a31c8b25734b/early.js | 104.18.245.24 | | 9.4 kB |
URL new-75691.bubbleapps.io/package/early_js/05ae9fe83d6b755291132aab9d325d70918aafd336da1bd91a41a31c8b25734b/early.js IP104.18.245.24:0
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (1366) Hash5dbf806421d5dd97b86016ab9fd1b9a1 82504056bb4e5b9cae17ff042c1562d75ba04bc5 450e62180e870526d437f065fa76a5d4e31517905e37a98184ef79b0fc2abd5b
Analyzer | Verdict | Alert | OpenPhish | phishing | PayPal Inc. |
GET /package/early_js/05ae9fe83d6b755291132aab9d325d70918aafd336da1bd91a41a31c8b25734b/early.js HTTP/1.1
Host: new-75691.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://new-75691.bubbleapps.io/
DNT: 1
Connection: keep-alive
Cookie: new-75691_live_u2main=bus|1715185655515x993609493953633800|1715185655536x358732674660929860; new-75691_live_u2main.sig=3JEuGPX0Gu_RmXJ9j9scsIIRe1A; new-75691_u1main=1715185655515x993609493953633800
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 16:27:36 GMT
content-type: application/javascript
x-powered-by: Express
cache-control: public, max-age=31536000
access-control-allow-origin: *
timing-allow-origin: *
vary: Accept-Encoding
x-bubble-perf: {"total":15.5,"percents":{"top":{"bubble_cpu":28.8,"block":65.4,"capacity_rl":0,"other_pause":0,"pre_fiber":3.9},"sub":{"pp_userdb":0,"pp_wait_userdb":0,"http_request":0,"serverjson":20,"appserver_cache_misses_time":0,"redis":40.7,"fiber_queue":4.9,"capacity_wait":17.5}},"counts":{"pp_userdb":0,"http_request":0,"derived_build":0,"serverjson":2,"appserver_cache_attempts":0,"appserver_mem_cache_hits":0,"appserver_cache_hits":0,"appserver_cache_misses":0,"redis":8,"fiber_queue":11,"blocks":10},"misc":{"userdb_results":0,"userdb_data":0,"spent_time":669519}}
x-bubble-capacity-used: 0.01 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
cf-cache-status: HIT
server: cloudflare
cf-ray: 880ad16dbbad56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| new-75691.bubbleapps.io/package/run_css/0020738f9c626359a2b61892bee0c0ae9602cfc978463920903b54c175bb36ca/new-75691/live/index/xfalse/xfalse/run.css | 104.18.245.24 | | 8.6 kB |
URL new-75691.bubbleapps.io/package/run_css/0020738f9c626359a2b61892bee0c0ae9602cfc978463920903b54c175bb36ca/new-75691/live/index/xfalse/xfalse/run.css IP104.18.245.24:0
File typeUnicode text, UTF-8 text, with very long lines (44864), with no line terminators Hash444cd73dd11b651b67487656f4396255 7c615f95d7e1757e87b4065a9965b97cb7941ea5 615ffe7f719a5422b223a36485a874defddf36cfba945cd665368c25e306fbe4
Analyzer | Verdict | Alert | OpenPhish | phishing | PayPal Inc. |
GET /package/run_css/0020738f9c626359a2b61892bee0c0ae9602cfc978463920903b54c175bb36ca/new-75691/live/index/xfalse/xfalse/run.css HTTP/1.1
Host: new-75691.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://new-75691.bubbleapps.io/
DNT: 1
Connection: keep-alive
Cookie: new-75691_live_u2main=bus|1715185655515x993609493953633800|1715185655536x358732674660929860; new-75691_live_u2main.sig=3JEuGPX0Gu_RmXJ9j9scsIIRe1A; new-75691_u1main=1715185655515x993609493953633800
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 16:27:36 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=58668
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
vary: Accept-Encoding
x-bubble-capacity-limit: 0 ms slower
x-bubble-capacity-used: 0.128 unit-seconds used
x-bubble-perf: {"total":87.4,"percents":{"top":{"bubble_cpu":17.7,"block":80.9,"capacity_rl":0,"other_pause":0,"pre_fiber":0.9},"sub":{"pp_userdb":5.7,"pp_wait_userdb":0,"http_request":0,"serverjson":55.3,"appserver_cache_misses_time":0,"redis":42.9,"fiber_queue":3.6,"capacity_wait":1.5}},"counts":{"pp_userdb":2,"http_request":0,"derived_build":0,"derived_cache_attempts":3,"derived_cache_memory_misses":3,"serverjson":15,"appserver_cache_attempts":1,"appserver_mem_cache_hits":0,"appserver_cache_hits":1,"appserver_cache_misses":0,"redis":30,"fiber_queue":32,"blocks":31},"misc":{"userdb_results":1,"userdb_data":4,"spent_time":8317934}}
x-powered-by: Express
cf-cache-status: HIT
server: cloudflare
cf-ray: 880ad16dbbb456c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| d1muf25xaso8hp.cloudfront.net/https%3A%2F%2F2126330d7cbade766a6fbe0cda590258.cdn.bubble.io%2Ff1530294839424x143528842134401200%2FIcon-no-clearspace.png?w=128&h=&auto=compress&dpr=1&fit=max | 54.230.241.202 | | 2.8 kB |
URL d1muf25xaso8hp.cloudfront.net/https%3A%2F%2F2126330d7cbade766a6fbe0cda590258.cdn.bubble.io%2Ff1530294839424x143528842134401200%2FIcon-no-clearspace.png?w=128&h=&auto=compress&dpr=1&fit=max IP54.230.241.202:0
File typePNG image data, 128 x 138, 8-bit colormap, non-interlaced Hashd477add910a87520067cc841ee20ab1e 33f514297f3ee1fc419e5ecfa0e6be97cfe7778c 4962051db9426f370d30bcd8bd3c44223b946e0625f3d9356848d16c82225f36
GET /https%3A%2F%2F2126330d7cbade766a6fbe0cda590258.cdn.bubble.io%2Ff1530294839424x143528842134401200%2FIcon-no-clearspace.png?w=128&h=&auto=compress&dpr=1&fit=max HTTP/1.1
Host: d1muf25xaso8hp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://new-75691.bubbleapps.io/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 2761
x-imgix-id: f6f7e4ffdc08f160fec8096e11d37db3d1ecac1f
cache-control: public, max-age=290304000
last-modified: Mon, 06 May 2024 14:41:00 GMT
server: Google Frontend
date: Mon, 06 May 2024 14:41:00 GMT
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-served-by: cache-sjc10059-SJC, cache-fra-eddf8230145-FRA
x-cache: Hit from cloudfront
via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: ysjC39BCh5s3a0Gq4oNo0YPdYutTfsx15ZF0Etbkg4ATEYF50hcWUw==
age: 179197
X-Firefox-Spdy: h2
|
|
| new-75691.bubbleapps.io/package/pre_run_jquery_js/dee903a9e36db713e4c86d0cdd96d921e37be0c1293ed8dee29e2e4d7713b9ff/pre_run_jquery.js | 104.18.245.24 | | 80 kB |
URL new-75691.bubbleapps.io/package/pre_run_jquery_js/dee903a9e36db713e4c86d0cdd96d921e37be0c1293ed8dee29e2e4d7713b9ff/pre_run_jquery.js IP104.18.245.24:0
File typeJavaScript source, ASCII text, with very long lines (65447) Hash641dd14370106e992d352166f5a07e99 eda46747c71d38a880bee44f9a439c3858bb8f99 a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
Analyzer | Verdict | Alert | OpenPhish | phishing | PayPal Inc. |
GET /package/pre_run_jquery_js/dee903a9e36db713e4c86d0cdd96d921e37be0c1293ed8dee29e2e4d7713b9ff/pre_run_jquery.js HTTP/1.1
Host: new-75691.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://new-75691.bubbleapps.io/
DNT: 1
Connection: keep-alive
Cookie: new-75691_live_u2main=bus|1715185655515x993609493953633800|1715185655536x358732674660929860; new-75691_live_u2main.sig=3JEuGPX0Gu_RmXJ9j9scsIIRe1A; new-75691_u1main=1715185655515x993609493953633800
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 16:27:36 GMT
content-type: application/javascript
x-powered-by: Express
cache-control: public, max-age=31536000
access-control-allow-origin: *
timing-allow-origin: *
vary: Accept-Encoding
x-bubble-perf: {"total":42.4,"percents":{"top":{"bubble_cpu":18.4,"block":79.6,"capacity_rl":0,"other_pause":0,"pre_fiber":1.9},"sub":{"pp_userdb":4.7,"pp_wait_userdb":2.4,"http_request":0,"serverjson":54,"appserver_cache_misses_time":0,"redis":56,"fiber_queue":3.5,"capacity_wait":6.2}},"counts":{"pp_userdb":2,"http_request":0,"derived_build":0,"derived_cache_attempts":1,"derived_cache_memory_misses":1,"serverjson":2,"appserver_cache_attempts":0,"appserver_mem_cache_hits":0,"appserver_cache_hits":0,"appserver_cache_misses":0,"redis":16,"fiber_queue":23,"blocks":22},"misc":{"userdb_results":1,"userdb_data":4,"spent_time":6171143}}
x-bubble-capacity-used: 0.095 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
cf-cache-status: HIT
server: cloudflare
cf-ray: 880ad16dbbb856c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 | 216.58.207.227 | | 48 kB |
URL fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 48236, version 1.0 Hash015c126a3520c9a8f6a27979d0266e96 2acf956561d44434a6d84204670cf849d3215d5f 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://new-75691.bubbleapps.io
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:35:00 GMT
expires: Fri, 02 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 568357
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 | 216.58.207.227 | | 48 kB |
URL fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP216.58.207.227:0
File typeWeb Open Font Format (Version 2), TrueType, length 48236, version 1.0 Hash015c126a3520c9a8f6a27979d0266e96 2acf956561d44434a6d84204670cf849d3215d5f 3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://new-75691.bubbleapps.io
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:35:00 GMT
expires: Fri, 02 May 2025 02:35:00 GMT
cache-control: public, max-age=31536000
age: 568357
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| api.telegram.org/bot6749139327:AAEZ-CwPsoUSQ_nPp8Ah4XKSETgieWgBqNk/sendMessage?chat_id=5778776255&text=wep1 | 149.154.167.220 | | 225 B |
URL api.telegram.org/bot6749139327:AAEZ-CwPsoUSQ_nPp8Ah4XKSETgieWgBqNk/sendMessage?chat_id=5778776255&text=wep1 IP149.154.167.220:0 ASN#62041 Telegram Messenger Inc
Hashd8441886ca4c27d5dc767a3596e44470 acad9bac931cdb2b2067745f1f7e3d8ce5a3a109 c6de5a4c0ad67b0908195df9a0277f3a0cd3eb62fd8489fcbaaa6181d2c93f99
GET /bot6749139327:AAEZ-CwPsoUSQ_nPp8Ah4XKSETgieWgBqNk/sendMessage?chat_id=5778776255&text=wep1 HTTP/1.1
Host: api.telegram.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://new-75691.bubbleapps.io/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 08 May 2024 16:27:37 GMT
content-type: application/json
content-length: 225
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection
X-Firefox-Spdy: h2
|
|
| notify.bubble.io/ | 104.17.123.183 | | 0 B |
IP104.17.123.183:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: notify.bubble.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://new-75691.bubbleapps.io
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: VDDAKV8RMSFKDF1HqwqM5g==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 08 May 2024 16:27:37 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: rUvozT4McamwDktvRJg2MNhb9cM=
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 880ad175dce21c06-OSL
alt-svc: h3=":443"; ma=86400
|
|
| new-75691.bubbleapps.io/elasticsearch/mget | 104.18.245.24 | | 4.9 kB |
URL new-75691.bubbleapps.io/elasticsearch/mget IP104.18.245.24:0
Hash13774c0fa977d7115b8cad05ef63b229 22ac8ff458bbab9829772b3485038e977e6e4e9f 7806c1488f32b0c64715d07f0fcdf63e05f1a4b99a31ae3fe265921466cfb84c
Analyzer | Verdict | Alert | OpenPhish | phishing | PayPal Inc. |
POST /elasticsearch/mget HTTP/1.1
Host: new-75691.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://new-75691.bubbleapps.io/
Content-Type: application/json
cache-control: no-cache
X-Bubble-Breaking-Revision: 5
X-Bubble-R: https://new-75691.bubbleapps.io/
X-Bubble-PL: 1715185655572x831
X-Bubble-Epoch-ID: 1715185657150x474120692582590400
X-Bubble-Epoch-Name: Epoch: Runmode page fully loaded
X-Bubble-Fiber-ID: 1715185657267x615391043064118800
X-Requested-With: XMLHttpRequest
Content-Length: 218
Origin: https://new-75691.bubbleapps.io
DNT: 1
Connection: keep-alive
Cookie: new-75691_live_u2main=bus|1715185655515x993609493953633800|1715185655536x358732674660929860; new-75691_live_u2main.sig=3JEuGPX0Gu_RmXJ9j9scsIIRe1A; new-75691_u1main=1715185655515x993609493953633800
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 16:27:37 GMT
content-type: application/json
x-powered-by: Express
cache-control: no-cache
x-bubble-appname: new-75691
x-bubble-request-took: 45
x-bubble-perf: {"total":45.3,"percents":{"top":{"bubble_cpu":16.5,"block":81.3,"capacity_rl":0,"other_pause":0,"pre_fiber":1.4},"sub":{"pp_userdb":0,"pp_wait_userdb":0,"http_request":0,"serverjson":48.7,"appserver_cache_misses_time":0,"redis":65.2,"fiber_queue":2.5,"capacity_wait":4.3}},"counts":{"pp_userdb":0,"http_request":0,"derived_build":0,"derived_cache_attempts":1,"derived_cache_memory_misses":1,"serverjson":5,"appserver_cache_attempts":0,"appserver_mem_cache_hits":0,"appserver_cache_hits":0,"appserver_cache_misses":0,"redis":19,"fiber_queue":20,"blocks":19},"misc":{"userdb_results":0,"userdb_data":0,"spent_time":1123601}}
x-bubble-capacity-used: 0.017 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 880ad1760e1256c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| notify.bubble.io/ | 104.17.124.183 | | 0 B |
IP104.17.124.183:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: notify.bubble.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://new-75691.bubbleapps.io
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nXrGtgJ7MGUS4wrgn7czxg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Wed, 08 May 2024 16:27:38 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QZRZnGx1c5D3xT/zvuzMcPGzE/o=
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 880ad179b9a956cc-OSL
alt-svc: h3=":443"; ma=86400
|
|
| dev.eversmilelearning.com/b/index/myaccount/ | 139.162.14.48 | 404 Not Found | 315 B |
URL User Request GET HTTP/2dev.eversmilelearning.com/b/index/myaccount/ IP139.162.14.48:443 ASN#63949 Akamai Connected Cloud
CertificateIssuerLet's Encrypt Subjectdev.eversmilelearning.com FingerprintFE:4D:E8:3D:66:E7:3D:E9:D9:6A:CB:78:D9:7B:01:C6:B7:EA:EC:8C ValidityFri, 26 Apr 2024 23:18:12 GMT - Thu, 25 Jul 2024 23:18:11 GMT
File typeHTML document, ASCII text Hasha34ac19f4afae63adc5d2f7bc970c07f a82190fc530c265aa40a045c21770d967f4767b8 d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /b/index/myaccount/ HTTP/1.1
Host: dev.eversmilelearning.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Wed, 08 May 2024 16:27:38 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| dev.eversmilelearning.com/favicon.ico | 139.162.14.48 | 404 Not Found | 315 B |
URL GET HTTP/2dev.eversmilelearning.com/favicon.ico IP139.162.14.48:443 ASN#63949 Akamai Connected Cloud
Requested byhttps://dev.eversmilelearning.com/b/index/myaccount/ CertificateIssuerLet's Encrypt Subjectdev.eversmilelearning.com FingerprintFE:4D:E8:3D:66:E7:3D:E9:D9:6A:CB:78:D9:7B:01:C6:B7:EA:EC:8C ValidityFri, 26 Apr 2024 23:18:12 GMT - Thu, 25 Jul 2024 23:18:11 GMT
File typeHTML document, ASCII text Hasha34ac19f4afae63adc5d2f7bc970c07f a82190fc530c265aa40a045c21770d967f4767b8 d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /favicon.ico HTTP/1.1
Host: dev.eversmilelearning.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dev.eversmilelearning.com/b/index/myaccount/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Wed, 08 May 2024 16:27:39 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| new-75691.bubbleapps.io/user/hi | 104.18.245.24 | | 9.4 kB |
URL new-75691.bubbleapps.io/user/hi IP104.18.245.24:0
Hash5fb2ab1eb2b0f4a328237d0555b38fbf e8700039e3a52796da6426120652600fcf8e2611 806084f0d46be9872d7c411188e48ff760b97e79465955152be5caaa3994257f
Analyzer | Verdict | Alert | OpenPhish | phishing | PayPal Inc. |
POST /user/hi HTTP/1.1
Host: new-75691.bubbleapps.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://new-75691.bubbleapps.io/
Content-Type: application/json
cache-control: no-cache
X-Bubble-Breaking-Revision: 5
X-Bubble-R: https://new-75691.bubbleapps.io/
X-Bubble-PL: 1715185655572x831
X-Bubble-Epoch-ID: 1715185657150x474120692582590400
X-Bubble-Epoch-Name: Epoch: Runmode page fully loaded
X-Bubble-Fiber-ID: 1715185657196x229124686277076160
X-Requested-With: XMLHttpRequest
Content-Length: 2
Origin: https://new-75691.bubbleapps.io
DNT: 1
Connection: keep-alive
Cookie: new-75691_live_u2main=bus|1715185655515x993609493953633800|1715185655536x358732674660929860; new-75691_live_u2main.sig=3JEuGPX0Gu_RmXJ9j9scsIIRe1A; new-75691_u1main=1715185655515x993609493953633800
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 16:27:37 GMT
content-type: application/json
x-powered-by: Express
set-cookie: new-75691_u1main=1715185655515x993609493953633800; path=/; secure
cache-control: no-cache
x-bubble-appname: new-75691
x-bubble-request-took: 11
x-bubble-perf: {"total":11.5,"percents":{"top":{"bubble_cpu":30,"block":65.6,"capacity_rl":0,"other_pause":0,"pre_fiber":4.2},"sub":{"pp_userdb":0,"pp_wait_userdb":0,"http_request":0,"serverjson":55.7,"appserver_cache_misses_time":0,"redis":51.3,"fiber_queue":4.7,"capacity_wait":7.2}},"counts":{"pp_userdb":0,"http_request":0,"derived_build":0,"serverjson":2,"appserver_cache_attempts":0,"appserver_mem_cache_hits":0,"appserver_cache_hits":0,"appserver_cache_misses":0,"redis":10,"fiber_queue":12,"blocks":11},"misc":{"userdb_results":0,"userdb_data":0,"spent_time":515433}}
x-bubble-capacity-used: 0.008 unit-seconds used
x-bubble-capacity-limit: 0 ms slower
vary: Accept-Encoding
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 880ad1759d8d56c4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|