| wilhite-sun-0e81.indigopayable.workers.dev/upfiles/njhamilodjtdjlogo.png | 188.114.97.1 | 200 OK | 5.7 kB |
URL GET HTTP/3wilhite-sun-0e81.indigopayable.workers.dev/upfiles/njhamilodjtdjlogo.png IP188.114.97.1:443
Requested byhttps://wilhite-sun-0e81.indigopayable.workers.dev/ CertificateIssuerLet's Encrypt Subjectindigopayable.workers.dev FingerprintBC:83:FD:6B:FF:5E:5B:95:97:88:BD:36:83:FC:72:BB:58:29:52:68 ValidityWed, 17 Apr 2024 11:12:43 GMT - Tue, 16 Jul 2024 11:12:42 GMT
File typeHTML document, ASCII text, with very long lines (65516) Hashb1e51d6bd64ac0c033d3ce1f01e0d772 466ec90229e2164d8295c0c800528245cdd00ec7 c556ee0c982af093664a89a1ebc6e4a9c2a85da9c645b262a86d68885d0f3c4a
Analyzer | Verdict | Alert | OpenPhish | phishing | American Express |
GET /upfiles/njhamilodjtdjlogo.png HTTP/1.1
Host: wilhite-sun-0e81.indigopayable.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wilhite-sun-0e81.indigopayable.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 04:16:56 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cEJquxlTd8ZT2gwmeAatveJaoavinDsQ7tzNbrjjefPfHN%2B0Gy0fxMrCKJvRsRK0GMEMmtM0CATYOxBU8BGhKnIz4nuAxtMD%2BX7B2tYKvup%2BtkQLqeof44zsGyz%2FnUEqgq02FXD319C5PhW%2BQueqm2NngwKI%2FkkK5fk%2BCXY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8761d7a01de956b4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.24.0/package/dist/6.24.0/styles/dls.min.css | 104.110.3.84 | 200 OK | 49 kB |
URL GET HTTP/2www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.24.0/package/dist/6.24.0/styles/dls.min.css IP104.110.3.84:443
Requested byhttps://wilhite-sun-0e81.indigopayable.workers.dev/ CertificateIssuerDigiCert Inc Subjectm.americanexpress.com Fingerprint3D:49:C1:10:15:C4:62:62:B3:CD:E6:43:D8:FF:DE:DD:A4:9F:03:26 ValidityWed, 06 Mar 2024 00:00:00 GMT - Thu, 06 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashd4f6c3591835eb7dd537e0b4dc46b49d 402d69bfc83c2477b72fa978d01045a124e5baf5 5697ec2a5b964c283b604e35b4b9a8e550014fd6ebd602a849fd85038113d78b
GET /cdaas/one/statics/@americanexpress/dls/6.24.0/package/dist/6.24.0/styles/dls.min.css HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wilhite-sun-0e81.indigopayable.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
last-modified: Mon, 20 Feb 2023 20:23:12 GMT
etag: W/"63f3d6b0-596ee"
timing-allow-origin: *
cache-control: max-age=31536000, must-revalidate
content-encoding: gzip
content-length: 48683
date: Thu, 18 Apr 2024 04:16:56 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
|
|
| api.ipify.org/?format=jsonp&callback=getIP | 172.67.74.152 | 200 OK | 29 B |
URL GET HTTP/2api.ipify.org/?format=jsonp&callback=getIP IP172.67.74.152:443
Requested byhttps://wilhite-sun-0e81.indigopayable.workers.dev/ CertificateIssuerGoogle Trust Services LLC Subjectipify.org FingerprintC8:1A:05:47:C5:73:C6:CE:DF:1D:A6:DE:00:11:A9:9A:8C:DB:EF:A7 ValidityThu, 21 Mar 2024 19:56:02 GMT - Wed, 19 Jun 2024 19:56:01 GMT
File typeASCII text, with no line terminators Hash90a39389063c7c5716745c3b3bb4fba1 a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69
GET /?format=jsonp&callback=getIP HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wilhite-sun-0e81.indigopayable.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 04:16:56 GMT
content-type: application/javascript
content-length: 29
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8761d7a07f89b529-OSL
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/jnxrg3tqc0u8rxa/ltolbec.gif | 162.125.70.15 | 200 OK | 4.4 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/jnxrg3tqc0u8rxa/ltolbec.gif IP162.125.70.15:443
Requested byhttps://wilhite-sun-0e81.indigopayable.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeGIF image data, version 89a, 55 x 54 Hash28b51026c632992786a253e30b45e1d3 d4a21c02564e266593699ee005d08a3df483e9d8 b754eb74fa8f416b4803252f7994d7aa22d697a5eb77f0b4df8e3839f9621c9e
GET /s/jnxrg3tqc0u8rxa/ltolbec.gif HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wilhite-sun-0e81.indigopayable.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/gif
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ltolbec.gif"; filename*=UTF-8''ltolbec.gif
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1649372231639804n
pragma: public
set-cookie: uc_session=FGHOgmYzPkLhVJ1mt3GwXPD2N3TRi2LSJi3Jw7uyBzQDXvyWcOVCfZXjQ0MraHfZ; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 297
date: Thu, 18 Apr 2024 04:16:56 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 4424
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 9ca6ee74c0fc4d23b2e5bfcd57faad72
X-Firefox-Spdy: h2
|
|
| www.americanexpress.com/favicon.ico | 104.110.22.253 | | 1.4 kB |
URL GET www.americanexpress.com/favicon.ico IP104.110.22.253:0
Requested byhttps://wilhite-sun-0e81.indigopayable.workers.dev/ CertificateIssuerDigiCert Inc Subjectwww.americanexpress.com Fingerprint64:A2:B0:4D:11:47:D0:C0:37:73:B5:62:91:90:F7:0D:1F:42:FA:10 ValidityThu, 03 Aug 2023 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hash974ccc6c4c6e1c7f04606973beb3ba20 0f96f86d488a4b5805744fa067c3cfd57c928406 265d3f591d92fadfe95f4660c382ee64a23538a7353b9880434205a102833de0
GET /favicon.ico HTTP/1.1
Host: www.americanexpress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wilhite-sun-0e81.indigopayable.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
strict-transport-security: max-age=15552000;
last-modified: Fri, 07 Jun 2019 04:05:21 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1381
x-cnection: close
content-type: image/x-icon
date: Thu, 18 Apr 2024 04:16:57 GMT
set-cookie: agent-id=6f96a018-3b57-4c9d-a56b-7be61cb3057e; expires=Fri, 18-Apr-2025 04:16:57 GMT; path=/; domain=.americanexpress.com; secure; HttpOnly
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
|
|
| www.aexp-static.com/cdaas/axp-app/modules/one-identity-root/undefined/images/icon-192.png | 104.110.3.84 | 404 Not Found | 167 B |
URL GET HTTP/2www.aexp-static.com/cdaas/axp-app/modules/one-identity-root/undefined/images/icon-192.png IP104.110.3.84:443
Requested byhttps://wilhite-sun-0e81.indigopayable.workers.dev/ CertificateIssuerDigiCert Inc Subjectm.americanexpress.com Fingerprint3D:49:C1:10:15:C4:62:62:B3:CD:E6:43:D8:FF:DE:DD:A4:9F:03:26 ValidityWed, 06 Mar 2024 00:00:00 GMT - Thu, 06 Mar 2025 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash370e16c3b7dba286cff055f93b9a94d8 65f3537c3c798f7da146c55aef536f7b5d0cb943 d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
GET /cdaas/axp-app/modules/one-identity-root/undefined/images/icon-192.png HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wilhite-sun-0e81.indigopayable.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
content-encoding: gzip
content-length: 167
date: Thu, 18 Apr 2024 04:16:57 GMT
vary: Origin, Accept-Encoding
set-cookie: ak_bmsc=8121CBD9932E076BC3A9FD46227BCA20~000000000000000000000000000000~YAAQ1E0kF9IWJ8yOAQAAYgRs7xcmEIvHcrJtt9KSnaPfFAz7krTxpmAa5xdjris22wrnMT0GYccKQhXoCmcwef9/S7oEDOyzwsXYpXdYBTSHu7mSZjqW8ESrQaxvgIcCp9N6YD/4vbgaFBKtsIfnsaiJD+NPXMZnE8PwLqensgD3oV6HY8gNx7LfgluX9C2xYhuCyKWva7U5R2KJRcWX2ITKDClF9QCE7uxjIErKm649fOSkh8454R93CeJxJGH+AavCqCT5TyF4mvYOKSo/o0RWS2HzLC6x/xcaj+XYqTBBE9zucYeL3R6JlHsXZLOyC1no7s5qtD7Uezup1ibhYhru2/sjLicMkOoJ1lWH1tkm5zojzwiWL8EYO6Y9NhPv3+LnwaeN0rZKnZaj03Q=; Domain=.aexp-static.com; Path=/; Expires=Thu, 18 Apr 2024 06:16:57 GMT; Max-Age=7200; Secure
X-Firefox-Spdy: h2
|
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=v2BqgJM_c33TSsJR7AGKfjweL0tBPMwyqy64jtpuXWdo0LavZGj1nUT4obfcXPEIWDYXliUq8l8CK3zbB_oODLpGNUBpLDpC5r09EOgl3OREuesi38vvGZLBTxQZRjzB
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Thu, 18 Apr 2024 04:16:05 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 70
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| wilhite-sun-0e81.indigopayable.workers.dev/ | 188.114.97.1 | 200 OK | 68 kB |
URL User Request GET HTTP/2wilhite-sun-0e81.indigopayable.workers.dev/ IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjectindigopayable.workers.dev FingerprintBC:83:FD:6B:FF:5E:5B:95:97:88:BD:36:83:FC:72:BB:58:29:52:68 ValidityWed, 17 Apr 2024 11:12:43 GMT - Tue, 16 Jul 2024 11:12:42 GMT
File typeHTML document, ASCII text, with very long lines (65516) Hashb1e51d6bd64ac0c033d3ce1f01e0d772 466ec90229e2164d8295c0c800528245cdd00ec7 c556ee0c982af093664a89a1ebc6e4a9c2a85da9c645b262a86d68885d0f3c4a
Analyzer | Verdict | Alert | urlquery | suspicious | Suspicious - Suspicious Javascript code | OpenPhish | phishing | American Express |
GET / HTTP/1.1
Host: wilhite-sun-0e81.indigopayable.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 04:16:55 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ScFM3DNMx4CTlaNItnUUFnToMTwmep3JsFy0SKRrT%2FNIfwIUSwgly%2F%2BA68k6xRDTMnqX1trPe3jFl3iaKBw9U7Wq2STfIWPaAO666AvUFbaYmHK71clG2kmtZlpZAIsl9hScfDr5n4DpZq1BeWlfQ%2BEavOv1uZqXhclRxRk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8761d79db8d9b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ldelavf.css | 162.125.70.15 | 200 OK | 2.8 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ldelavf.css IP162.125.70.15:443
Requested byhttps://wilhite-sun-0e81.indigopayable.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (3136), with no line terminators Hash961cbe1ecca36857476fa64154ae89a9 bdba7e55095e02f7dd47e5dda518dabf1c4d83d1 f066065e5f26538f3868aff9b1a72dc0a961bb5962b40507472b46db094ff6b2
GET /s/dl0l68o9ckjx9h1/ldelavf.css HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wilhite-sun-0e81.indigopayable.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ldelavf.css"; filename*=UTF-8''ldelavf.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=pjh2RKTkAer8C0UBFCTacHpxeyumy46oApfm7Wjsihjs4dWy4NGacgFKsqFYcj9u; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 407
date: Thu, 18 Apr 2024 04:16:56 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 76132ff5b5034b1b81df4beca4f828b7
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ltolbeb.png | 162.125.70.15 | 200 OK | 2.8 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ltolbeb.png IP162.125.70.15:443
Requested byhttps://wilhite-sun-0e81.indigopayable.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (3136), with no line terminators Hash961cbe1ecca36857476fa64154ae89a9 bdba7e55095e02f7dd47e5dda518dabf1c4d83d1 f066065e5f26538f3868aff9b1a72dc0a961bb5962b40507472b46db094ff6b2
GET /s/dl0l68o9ckjx9h1/ltolbeb.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ldelavf.css
Cookie: uc_session=6ypN1ZcahwTEdcb7lS7qKM0egmIer7gYCM7mNgI5KAPSdhvilVFQiB2MIYo3eR65
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ldelavf.css"; filename*=UTF-8''ldelavf.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
x-content-type-options: nosniff
x-server-response-time: 299
date: Thu, 18 Apr 2024 04:16:57 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: fabb277d58d340c19e1c267add6c4c0f
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ltolbee.png | 162.125.70.15 | 200 OK | 2.8 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ltolbee.png IP162.125.70.15:443
Requested byhttps://wilhite-sun-0e81.indigopayable.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (3136), with no line terminators Hash961cbe1ecca36857476fa64154ae89a9 bdba7e55095e02f7dd47e5dda518dabf1c4d83d1 f066065e5f26538f3868aff9b1a72dc0a961bb5962b40507472b46db094ff6b2
GET /s/dl0l68o9ckjx9h1/ltolbee.png HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/s/dl0l68o9ckjx9h1/ldelavf.css
Cookie: uc_session=6ypN1ZcahwTEdcb7lS7qKM0egmIer7gYCM7mNgI5KAPSdhvilVFQiB2MIYo3eR65
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ldelavf.css"; filename*=UTF-8''ldelavf.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
x-content-type-options: nosniff
x-server-response-time: 347
date: Thu, 18 Apr 2024 04:16:57 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: e599dbdd29214cdf97653c9d2d48e23e
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/ttfvw2v00hqadxh/ldelavd.css | 162.125.70.15 | 200 OK | 16 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/ttfvw2v00hqadxh/ldelavd.css IP162.125.70.15:443
Requested byhttps://wilhite-sun-0e81.indigopayable.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (15837), with CRLF line terminators Hash602885d150e92c91d6cd6df3c062fc69 5c2a8f640e67556aba57888fe0c508886683d1cd 742986c3263400cc14e94db1c58eb49786e4466272889ce602cd6df55297a82d
GET /s/ttfvw2v00hqadxh/ldelavd.css HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wilhite-sun-0e81.indigopayable.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ldelavd.css"; filename*=UTF-8''ldelavd.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=BACTWdEnzGDNMkRV1291jJmgAvxi5xusew4YHE9tepjbdTsySRyiMxH8Bc0xrN0e; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 345
date: Thu, 18 Apr 2024 04:16:56 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 9bf9445dd3294ba0906b4b1eb19a81cd
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/l46v0c6zhz62fj0/ldelave.css | 162.125.70.15 | 200 OK | 7.8 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/l46v0c6zhz62fj0/ldelave.css IP162.125.70.15:443
Requested byhttps://wilhite-sun-0e81.indigopayable.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (8640), with no line terminators Hashe08dda03bd6f29058e3b19d05427bcd0 cbe75afabc97d0d8e50b222fb769cd0eb0a4c01b 56d8d2115e01e202d653c39bbc39655e0320d6d3026303fd9520238a982fafd8
GET /s/l46v0c6zhz62fj0/ldelave.css HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wilhite-sun-0e81.indigopayable.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ldelave.css"; filename*=UTF-8''ldelave.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=6ypN1ZcahwTEdcb7lS7qKM0egmIer7gYCM7mNgI5KAPSdhvilVFQiB2MIYo3eR65; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 390
date: Thu, 18 Apr 2024 04:16:56 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: a034ec1258384b23b91444a816ace173
X-Firefox-Spdy: h2
|
|