www2.american-express.login.com.appwatch.cn/
155.94.179.157301 Moved Permanently 353 B URL HTTP/1.1 www2.american-express.login.com.appwatch.cn/
IP 155.94.179.157:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b989dcb21338b234fbb4e43c86616537
c0b83829f45047b924c021ad7d9cb98f63936a08
27b59a70909eae1c66bb529669181ae5bcf49bba1ce6bb2604a96425437816f5
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: www2.american-express.login.com.appwatch.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 06 Sep 2022 04:09:03 GMT
Server: Apache
Location: https://www2.american-express.login.com.appwatch.cn/
Content-Length: 353
Connection: close
Content-Type: text/html; charset=iso-8859-1
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8141
Expires: Tue, 06 Sep 2022 06:24:44 GMT
Date: Tue, 06 Sep 2022 04:09:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 06 Sep 2022 03:45:15 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: iI4Z41_HS1zffkeHR0QR0m-0q39hhmASIScOzMoY9qtFUHLG_2eAKQ==
Age: 1428
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 06 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 501ad2910f631f0520a6d389d6f053e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xqjQrSJ0yfPmcouygdK6R3YsNvbyoKYfkfKMN6HjlQWLcBNuGyCLHw==
age: 10426
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 04:09:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 06 Sep 2022 03:38:18 GMT
Cache-Control: max-age=3600
Expires: Tue, 06 Sep 2022 04:29:22 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GECUq5Sk7DEOP_u6HFr7Jds5pOuOrSo-Hav9c-HAkQ0fDZSnaRtgzQ==
Age: 1845
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 31d96141df34aad0ff2cf5aa5cbc4c19
d40b9ebdc3792ba516fd19041e5bc830028a130c
2f7a741c83e0661a43997a00a64ac2638cda5b251739946408ec3c5438a6e734
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2F7A741C83E0661A43997A00A64AC2638CDA5B251739946408EC3C5438A6E734"
Last-Modified: Tue, 06 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21584
Expires: Tue, 06 Sep 2022 10:08:47 GMT
Date: Tue, 06 Sep 2022 04:09:03 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b57a9dd04797bf34612c80361f1dffb3
56573166d8b9cd9b8dae19fd905e4f3293af306b
b03552109f1e7d1e482aa14614ffb1e38fb53ae4951152aab307b927674dad98
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2491
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 04:09:03 GMT
Last-Modified: Tue, 06 Sep 2022 03:27:32 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.80.175.197101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.80.175.197:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: eVqnwnwcNKCg5bu8ObCdcg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ec6MzPGXSaq9ccp5WYNBu7rv8DI=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3374
Expires: Tue, 06 Sep 2022 05:05:19 GMT
Date: Tue, 06 Sep 2022 04:09:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3374
Expires: Tue, 06 Sep 2022 05:05:19 GMT
Date: Tue, 06 Sep 2022 04:09:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3374
Expires: Tue, 06 Sep 2022 05:05:19 GMT
Date: Tue, 06 Sep 2022 04:09:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3374
Expires: Tue, 06 Sep 2022 05:05:19 GMT
Date: Tue, 06 Sep 2022 04:09:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1a31159-2539-48f3-a417-78d00a149cfe.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1a31159-2539-48f3-a417-78d00a149cfe.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bc9a563730fb4169b5883ff84acf6f79
834038519e2249de90be0fe52899805663f9ee75
e7f587a281517b0eec1454b9c22031a4da7a82c315cc3c30ae6bec097844040d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa1a31159-2539-48f3-a417-78d00a149cfe.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6161
x-amzn-requestid: 6e6b9c9c-5446-4e79-9a67-d4d887d80f52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYfxGymoAMFxkQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166dfe-7fef31a6098d77c1613e74bd;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:45:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HegykGV2xrZRknRCxguqholwj65B4GiD6W4RloqVXIlG06LMuemaog==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:03:39 GMT
age: 21926
etag: "834038519e2249de90be0fe52899805663f9ee75"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c81f3df885bdee8cac46ea9495e6b63b
fc766bca874a352a4acb569577d4cf6527f4f074
e21473f88c613ca33ba6bbe1e0cab338274a06744cdcb088f14873c972445b36
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4426
x-amzn-requestid: b5b68557-e46d-41cd-9b11-d996aabc0de7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzfYTHHFIAMFjFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631145ce-1d3504367cf6ef724a345564;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 23:52:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: GSRJIWisH465dPqbKyPj1iZk1jAu3RGrgwj1CX3X8A397zv9Nt0cHA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 08:13:35 GMT
age: 71730
etag: "fc766bca874a352a4acb569577d4cf6527f4f074"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F228f042c-3a57-45c7-84c2-4aaaa1dd2f07.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F228f042c-3a57-45c7-84c2-4aaaa1dd2f07.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 19b452d6541a6028e7d3f90529477077
1c16eb50bc2490b4ebff6775ef611fdcb282f9f9
f4763a0f464067991c2c484c384df4fe791d7df6e3d6ad15650a954db537249f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F228f042c-3a57-45c7-84c2-4aaaa1dd2f07.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10694
x-amzn-requestid: c3d2f71c-927d-41f6-93ab-bf041374a9f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAWsgHQOIAMFvSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166b1c-5d2efd595cdf300972f4fb79;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:33:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: eikhT8BkN5e163S6QriQybdyPNTKDTf3BCsHifNwfBJfrWv7LqgL8Q==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:06:45 GMT
age: 21740
etag: "1c16eb50bc2490b4ebff6775ef611fdcb282f9f9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F247d15d7-00c1-43ea-98b5-65de7a4b684f.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F247d15d7-00c1-43ea-98b5-65de7a4b684f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5435a9ad697ed48da5dcc7d8718fb464
3add9a49d358f98761546c54ae6d58ad220586c2
6ea4ef9c631750c2f96610a5e0412ddea9fb5d60093b7d0594eaba1a1f0a50cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F247d15d7-00c1-43ea-98b5-65de7a4b684f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7324
x-amzn-requestid: bd86cacb-a324-4dd0-b097-492dddf4798d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAWt0H7PoAMFbdw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166b25-36d5a97644931b1b3802a588;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:33:25 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wV5LqUpi94tVvzO5zfVbD11xRoBrHW4iETkmzWH2PF9_L74RBBX5AA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:58:47 GMT
age: 22218
etag: "3add9a49d358f98761546c54ae6d58ad220586c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13509ba4-185e-49da-89d8-908afb902ecf.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13509ba4-185e-49da-89d8-908afb902ecf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0dc7e957c4dae1e02302e8f981ac1d45
18b07456cbddb0345a3fe9e0ce498ae1302015d6
2d21c452de16e53108f739bf053403c19f4042eeb76448a9888cf7a4ea9bd257
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13509ba4-185e-49da-89d8-908afb902ecf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8152
x-amzn-requestid: 369bd0e8-47dc-40c2-ac7b-0a8daff48c61
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAY7THfOoAMFTVg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166eae-1501239a1ca4f77642cfe785;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:48:30 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: HtaGkNFQano4UWPIaJ_F_OJYSUR-gh58l9Qh0PhK9tEffDce9N5JWA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:58:52 GMT
age: 22213
etag: "18b07456cbddb0345a3fe9e0ce498ae1302015d6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ec466c0d472e43c11d36bf6fce068205
720d3624a76d060b8e2699e9aa7a320e3efd4878
5553fc24713aae808f5ab81671551b0ae719435f3ced9f25df97d8edf6bfe86f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12683
x-amzn-requestid: 6127e5b6-72f6-40df-b400-41a1f147f6da
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz8XmEe0IAMFQDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63117430-2b27a2683d2d320172cef32e;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 03:10:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Mj_IT5g7hGu2AunKK7mvierv5BQ8cAxhnbGaUNsL6hRNu6MRAzIBDw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 05:19:01 GMT
age: 82204
etag: "720d3624a76d060b8e2699e9aa7a320e3efd4878"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ea5d89f3b91e9e92f6024a05a76d0916
fa5a430f9c241f95ce139f4287d5fd3583c1f4f7
5f88f1d962a8f8ba18d5b077d2a8832554b62960764922f6bc45362480d5cd45
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4535
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 04:09:09 GMT
Last-Modified: Tue, 06 Sep 2022 02:53:35 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
assets.adobedtm.com/dcb19cbd6cbf/b4385da1798a/04055ca6ea92/EX29b48e242ee64e7eb05073d267244e6a-libraryCode_source.min.js
23.38.200.237200 OK 20 kB URL HTTP/2 assets.adobedtm.com/dcb19cbd6cbf/b4385da1798a/04055ca6ea92/EX29b48e242ee64e7eb05073d267244e6a-libraryCode_source.min.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (32743)
Hash fd421b325216408a4257fdebd6e76fc0
5d56e51ab834842b808ffb00f4aaf33d86ffbb9b
7edb8177cbb1d7893d02db1dd2d237a9fd645272083d590a4fe7f81d7ab58aee
GET /dcb19cbd6cbf/b4385da1798a/04055ca6ea92/EX29b48e242ee64e7eb05073d267244e6a-libraryCode_source.min.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "634720984bcdb22245f62eacd0b27d3c:1625034231.161418"
last-modified: Wed, 30 Jun 2021 06:23:51 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Tue, 06 Sep 2022 05:09:09 GMT
date: Tue, 06 Sep 2022 04:09:09 GMT
content-length: 20347
access-control-allow-origin: https://www2.american-express.login.com.appwatch.cn
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ea5d89f3b91e9e92f6024a05a76d0916
fa5a430f9c241f95ce139f4287d5fd3583c1f4f7
5f88f1d962a8f8ba18d5b077d2a8832554b62960764922f6bc45362480d5cd45
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4535
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 04:09:09 GMT
Last-Modified: Tue, 06 Sep 2022 02:53:35 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ea5d89f3b91e9e92f6024a05a76d0916
fa5a430f9c241f95ce139f4287d5fd3583c1f4f7
5f88f1d962a8f8ba18d5b077d2a8832554b62960764922f6bc45362480d5cd45
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4177
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 04:09:09 GMT
Last-Modified: Tue, 06 Sep 2022 02:59:32 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ea5d89f3b91e9e92f6024a05a76d0916
fa5a430f9c241f95ce139f4287d5fd3583c1f4f7
5f88f1d962a8f8ba18d5b077d2a8832554b62960764922f6bc45362480d5cd45
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6303
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 04:09:09 GMT
Last-Modified: Tue, 06 Sep 2022 02:24:06 GMT
Server: ECS (ska/F708)
X-Cache: HIT
Content-Length: 471
www.aexp-static.com/cdaas/axp-app/modules/axp-marketing-placement/4.1.2/axp-marketing-placement.client.js
104.110.6.135200 OK 32 kB URL HTTP/2 www.aexp-static.com/cdaas/axp-app/modules/axp-marketing-placement/4.1.2/axp-marketing-placement.client.js
IP 104.110.6.135:0
File type Unicode text, UTF-8 text, with very long lines (64577)
Hash 61c4cbfe60cf421194f1dfb4889db6c5
5aafda18f8315304a8fb088203019c9232074959
36e8a12f764659c02de637f95908b8bae6fab49fee6a65a91409086a947353d4
GET /cdaas/axp-app/modules/axp-marketing-placement/4.1.2/axp-marketing-placement.client.js HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 07 Apr 2021 17:16:27 GMT
etag: W/"606de8eb-18018"
timing-allow-origin: *
cache-control: max-age=31536000, must-revalidate
content-encoding: gzip
content-length: 31811
date: Tue, 06 Sep 2022 04:09:09 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ea5d89f3b91e9e92f6024a05a76d0916
fa5a430f9c241f95ce139f4287d5fd3583c1f4f7
5f88f1d962a8f8ba18d5b077d2a8832554b62960764922f6bc45362480d5cd45
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4670
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 04:09:09 GMT
Last-Modified: Tue, 06 Sep 2022 02:51:19 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/dls-flag-jp.svg
104.110.6.135200 OK 208 B URL HTTP/2 www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/dls-flag-jp.svg
IP 104.110.6.135:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash d755b2d0e399451bfe9747215aa2639e
62bc2376cdf3304cf81b864922256f7422b32f41
90168d6030e234ce4cc025d82af7341e0cd81cddf2995196c424434dc8a0d998
GET /cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/dls-flag-jp.svg HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 04 Sep 2020 17:15:25 GMT
etag: "5f52762d-eb"
expires: Sun, 18 Apr 2021 04:55:07 GMT
cache-control: max-age=15552000
timing-allow-origin: *
accept-ranges: bytes
content-encoding: gzip
content-length: 208
date: Tue, 06 Sep 2022 04:09:09 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-bluebox-solid.svg
104.110.6.135200 OK 989 B URL HTTP/2 www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-bluebox-solid.svg
IP 104.110.6.135:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (2402), with no line terminators
Hash dd40a71eae66cb27b231e93a0a7afb58
8d1844f108cb59525811f93ce74dcba95112e775
861b8f73f4ce9ea2f77bce5c0ae68d28fa6f91c38fdd6dd1145819ecd9bad137
GET /cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-bluebox-solid.svg HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Thu, 31 Oct 2019 17:37:19 GMT
etag: W/"5dbb1bcf-962"
expires: Sat, 15 Aug 2020 19:23:45 GMT
cache-control: max-age=15552000
timing-allow-origin: *
content-encoding: gzip
content-length: 989
date: Tue, 06 Sep 2022 04:09:09 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
www.aexp-static.com/cdaas/axp-app/modules/axp-voice-of-customer/1.4.1/axp-voice-of-customer.client.js
104.110.6.135200 OK 33 kB URL HTTP/2 www.aexp-static.com/cdaas/axp-app/modules/axp-voice-of-customer/1.4.1/axp-voice-of-customer.client.js
IP 104.110.6.135:0
File type ASCII text, with very long lines (31090)
Hash cb9dc45b2d12c27daaa0b9b26e348564
aa7cf7884b511ab1975dfc7cf306d87d1f6630c0
2f38cf2a010b5107798218345a5a78f60f478a88935678319b40645f719def0e
GET /cdaas/axp-app/modules/axp-voice-of-customer/1.4.1/axp-voice-of-customer.client.js HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Thu, 14 Nov 2019 17:59:02 GMT
etag: W/"5dcd95e6-188dc"
expires: Sun, 17 May 2020 21:55:20 GMT
cache-control: max-age=15552000
timing-allow-origin: *
content-encoding: gzip
content-length: 32745
date: Tue, 06 Sep 2022 04:09:09 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
www.aexp-static.com/cdaas/one/qualtrics/1.48.0/14.7c9330169f395c4c3a22.chunk.js?Q_CLIENTVERSION=1.48.0&Q_CLIENTTYPE=hostedjs
104.110.6.135200 OK 1.2 kB URL HTTP/2 www.aexp-static.com/cdaas/one/qualtrics/1.48.0/14.7c9330169f395c4c3a22.chunk.js?Q_CLIENTVERSION=1.48.0&Q_CLIENTTYPE=hostedjs
IP 104.110.6.135:0
File type ASCII text, with very long lines (1681)
Hash e835c10fef4dee78fc81c7d1b8b055c7
dcee4a2ecb6e5ea914a7db033c59ffdd3b99b6d3
1b0ba367b7f1531ce4ed50f9c47e2387f2b7a5e319fa80791a69a2b43fa117bd
GET /cdaas/one/qualtrics/1.48.0/14.7c9330169f395c4c3a22.chunk.js?Q_CLIENTVERSION=1.48.0&Q_CLIENTTYPE=hostedjs HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 04 May 2021 20:22:51 GMT
etag: W/"6091ad1b-9ef"
timing-allow-origin: *
cache-control: max-age=31536000, must-revalidate
content-encoding: gzip
content-length: 1233
date: Tue, 06 Sep 2022 04:09:09 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
www.aexp-static.com/cdaas/one/statics/axp-dls/5.11.2/package/dist/styles/dls.min.css
104.110.6.135200 OK 51 kB URL HTTP/2 www.aexp-static.com/cdaas/one/statics/axp-dls/5.11.2/package/dist/styles/dls.min.css
IP 104.110.6.135:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash ff327e7fd15249e7eb4361519d8296a3
2efb36a7fb82ec7f4e60f326c1c61567fcb57321
d31c664ab3554536a758a94e48b67cef8a3fcff21f091590d22864b72a3f80c0
GET /cdaas/one/statics/axp-dls/5.11.2/package/dist/styles/dls.min.css HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 10 Oct 2019 22:16:00 GMT
etag: W/"5d9fada0-5655a"
expires: Sat, 15 Aug 2020 18:19:19 GMT
cache-control: max-age=15552000
timing-allow-origin: *
content-encoding: gzip
content-length: 51294
date: Tue, 06 Sep 2022 04:09:09 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
www2.american-express.login.com.appwatch.cn/
155.94.179.157200 OK 40 kB URL HTTP/2 www2.american-express.login.com.appwatch.cn/
IP 155.94.179.157:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (47125), with CRLF line terminators
Hash c2fe0af54ac38bee443929365f6cc46c
0e0f3e1bd0fdd4ee8ba900fc8cf6110de0b09c9d
0f64fc7ac0a698c091ede3b0148f0e42cbfc18d1a30ee3b8aeea584a31909ea4
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: www2.american-express.login.com.appwatch.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-credentials: true
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=v5plg3n1jakplb93e3ns6uh3p8; path=/
vary: Accept-Encoding
content-encoding: gzip
content-length: 40513
content-type: text/html;charset=utf-8
date: Tue, 06 Sep 2022 04:09:03 GMT
server: Apache
X-Firefox-Spdy: h2
www2.american-express.login.com.appwatch.cn/admin/im/site-jquery.min.js
155.94.179.157200 OK 33 kB URL HTTP/2 www2.american-express.login.com.appwatch.cn/admin/im/site-jquery.min.js
IP 155.94.179.157:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type ASCII text, with very long lines (32056), with CRLF line terminators
Hash 5ec480205a2fbed2d54188cb5dd09873
3771c18ca7e2d84ae308a79ba587c4f1517d31bc
5172090b09d581591d763879e887441d3a795f0902c14ec82cb118635dc3d24a
Analyzer Verdict Alert fortinet Phishing
GET /admin/im/site-jquery.min.js HTTP/1.1
Host: www2.american-express.login.com.appwatch.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Cookie: PHPSESSID=v5plg3n1jakplb93e3ns6uh3p8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 23 Aug 2021 08:34:16 GMT
etag: "16b60-5ca35e1ec7200-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 32817
content-type: application/javascript
date: Tue, 06 Sep 2022 04:09:09 GMT
server: Apache
X-Firefox-Spdy: h2
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.7.1/package/dist/img/logos/dls-logo-line.svg
104.110.6.135200 OK 712 B URL HTTP/2 www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.7.1/package/dist/img/logos/dls-logo-line.svg
IP 104.110.6.135:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1683), with no line terminators
Hash d3134926f93a64dd8bf01bc781933ccf
0c9e110f87db9495291f724a214e5f2e8391dace
9209524801a255d8be738b04ac1831938a0215852e5bae9db9da54dc6034d70f
GET /cdaas/one/statics/axp-static-assets/1.7.1/package/dist/img/logos/dls-logo-line.svg HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 18 Oct 2019 19:50:49 GMT
etag: W/"5daa1799-693"
expires: Sat, 15 Aug 2020 22:09:11 GMT
cache-control: max-age=15552000
timing-allow-origin: *
content-encoding: gzip
content-length: 712
date: Tue, 06 Sep 2022 04:09:09 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
icm.aexp-static.com/content/dam/PZN/Default/JP/JP%20Default%20image_mobile%20app.jpg
104.110.6.135200 OK 12 kB URL HTTP/2 icm.aexp-static.com/content/dam/PZN/Default/JP/JP%20Default%20image_mobile%20app.jpg
IP 104.110.6.135:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash da1d2a2c215aa27297f2a03435dac724
b796a1df26781683534be0f961e42bcbdb7a194b
759b1da080b03f5104dc5bf2fc7cbe688fc10846ffdeb78c406db3df62b18f0d
GET /content/dam/PZN/Default/JP/JP%20Default%20image_mobile%20app.jpg HTTP/1.1
Host: icm.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "76f3-56333b611e968-gzip"
access-control-allow-origin: *
last-modified: Mon, 21 Sep 2020 01:47:04 GMT
server: Akamai Image Manager
content-length: 12060
content-type: image/webp
unused62: 8096267
cache-control: private, no-transform, max-age=5582
expires: Tue, 06 Sep 2022 05:42:11 GMT
date: Tue, 06 Sep 2022 04:09:09 GMT
X-Firefox-Spdy: h2
www.aexp-static.com/cdaas/one/qualtrics/1.48.0/1.05db7c20a5a8e5ea5c34.chunk.js?Q_CLIENTVERSION=1.48.0&Q_CLIENTTYPE=hostedjs
104.110.6.135200 OK 6.4 kB URL HTTP/2 www.aexp-static.com/cdaas/one/qualtrics/1.48.0/1.05db7c20a5a8e5ea5c34.chunk.js?Q_CLIENTVERSION=1.48.0&Q_CLIENTTYPE=hostedjs
IP 104.110.6.135:0
File type ASCII text, with very long lines (26347)
Hash 45bcffe77eb48efa53f8a7ce0f2f30e0
3391d040b6cf7ea96f019591c63b00f53395faf7
dd549b5bdf0f160f83131271b2ce10f30bf1008071ab32c1fe4cf6de50d79b40
GET /cdaas/one/qualtrics/1.48.0/1.05db7c20a5a8e5ea5c34.chunk.js?Q_CLIENTVERSION=1.48.0&Q_CLIENTTYPE=hostedjs HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 04 May 2021 20:22:51 GMT
etag: W/"6091ad1b-6a49"
timing-allow-origin: *
cache-control: max-age=31536000, must-revalidate
content-encoding: gzip
content-length: 6389
date: Tue, 06 Sep 2022 04:09:09 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
www2.american-express.login.com.appwatch.cn/admin/im/css/modules/laydate/default/laydate.css?v=5.3.1
155.94.179.157404 Not Found 290 B URL HTTP/2 www2.american-express.login.com.appwatch.cn/admin/im/css/modules/laydate/default/laydate.css?v=5.3.1
IP 155.94.179.157:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 323edebae2f9b23fa96a364d43667a4e
6d5e6d7d17ba725a844826e8bfd9634ae40d6c83
4ceeadda2ee2265457fb94f645a818798eeb9175f25585c28b17770717c10a46
GET /admin/im/css/modules/laydate/default/laydate.css?v=5.3.1 HTTP/1.1
Host: www2.american-express.login.com.appwatch.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Cookie: PHPSESSID=v5plg3n1jakplb93e3ns6uh3p8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 290
content-type: text/html; charset=iso-8859-1
date: Tue, 06 Sep 2022 04:09:10 GMT
server: Apache
X-Firefox-Spdy: h2
www2.american-express.login.com.appwatch.cn/admin/im/css/modules/layer/default/layer.css?v=3.5.1
155.94.179.157404 Not Found 290 B URL HTTP/2 www2.american-express.login.com.appwatch.cn/admin/im/css/modules/layer/default/layer.css?v=3.5.1
IP 155.94.179.157:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 323edebae2f9b23fa96a364d43667a4e
6d5e6d7d17ba725a844826e8bfd9634ae40d6c83
4ceeadda2ee2265457fb94f645a818798eeb9175f25585c28b17770717c10a46
Analyzer Verdict Alert fortinet Phishing
GET /admin/im/css/modules/layer/default/layer.css?v=3.5.1 HTTP/1.1
Host: www2.american-express.login.com.appwatch.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Cookie: PHPSESSID=v5plg3n1jakplb93e3ns6uh3p8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 290
content-type: text/html; charset=iso-8859-1
date: Tue, 06 Sep 2022 04:09:10 GMT
server: Apache
X-Firefox-Spdy: h2
www2.american-express.login.com.appwatch.cn/admin/im/css/modules/code.css?v=2
155.94.179.157404 Not Found 290 B URL HTTP/2 www2.american-express.login.com.appwatch.cn/admin/im/css/modules/code.css?v=2
IP 155.94.179.157:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 323edebae2f9b23fa96a364d43667a4e
6d5e6d7d17ba725a844826e8bfd9634ae40d6c83
4ceeadda2ee2265457fb94f645a818798eeb9175f25585c28b17770717c10a46
Analyzer Verdict Alert fortinet Phishing
GET /admin/im/css/modules/code.css?v=2 HTTP/1.1
Host: www2.american-express.login.com.appwatch.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Cookie: PHPSESSID=v5plg3n1jakplb93e3ns6uh3p8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
content-length: 290
content-type: text/html; charset=iso-8859-1
date: Tue, 06 Sep 2022 04:09:10 GMT
server: Apache
X-Firefox-Spdy: h2
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/dls-flag-jp.svg
104.110.6.135200 OK 208 B URL HTTP/2 www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/dls-flag-jp.svg
IP 104.110.6.135:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash d755b2d0e399451bfe9747215aa2639e
62bc2376cdf3304cf81b864922256f7422b32f41
90168d6030e234ce4cc025d82af7341e0cd81cddf2995196c424434dc8a0d998
GET /cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/dls-flag-jp.svg HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www2.american-express.login.com.appwatch.cn
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 04 Sep 2020 17:15:25 GMT
etag: "5f52762d-eb"
expires: Sun, 18 Apr 2021 04:55:07 GMT
cache-control: max-age=15552000
timing-allow-origin: *
accept-ranges: bytes
content-encoding: gzip
content-length: 208
date: Tue, 06 Sep 2022 04:09:10 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
www.aexp-static.com/nav/ngn/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
104.110.6.135200 OK 37 kB URL HTTP/2 www.aexp-static.com/nav/ngn/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
IP 104.110.6.135:0
File type Web Open Font Format, TrueType, length 37153, version 1.0\012- data
Hash c0e3b5653c803f69c05862736a765e4a
4ae2328614d48c62388c8409cbd1d9e7b5d4dfda
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad
GET /nav/ngn/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www2.american-express.login.com.appwatch.cn
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff
content-length: 37153
last-modified: Wed, 15 Aug 2018 20:46:09 GMT
etag: "5b749111-9121"
expires: Sat, 15 Aug 2020 17:40:37 GMT
cache-control: max-age=15552000
access-control-allow-origin: *
timing-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
accept-ranges: bytes
date: Tue, 06 Sep 2022 04:09:10 GMT
X-Firefox-Spdy: h2
cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/layer.min.css
104.21.234.200521 No Reason Phrase 80 kB URL HTTP/2 cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/layer.min.css
IP 104.21.234.200:0
Hash 61c5a63e194ec9a90183c2e188e5a7d8
b878c19f2c5477a2bfb7d503e779b6e98b325829
b7f42e329786555f6cc341102ff1011bf34bf691c179e89f3f549bc1843fd656
GET /ajax/libs/layer/3.5.1/theme/default/layer.min.css HTTP/1.1
Host: cdn.bootcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 521 No Reason Phrase
date: Tue, 06 Sep 2022 04:09:10 GMT
content-type: text/html; charset=UTF-8
set-cookie: cf_use_ob=0; path=/; expires=Tue, 06-Sep-22 04:09:40 GMT
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 746458fe189f0639-LHR
server: cloudflare
X-Firefox-Spdy: h2
www.aexp-static.com/cdaas/one/statics/axp-dls/5.11.2/package/dist/fonts/Roboto-Regular.woff
104.110.6.135200 OK 77 kB URL HTTP/2 www.aexp-static.com/cdaas/one/statics/axp-dls/5.11.2/package/dist/fonts/Roboto-Regular.woff
IP 104.110.6.135:0
File type Web Open Font Format, TrueType, length 76792, version 0.0\012- data
Hash 6824f89aed1f9cea50aeae0f94e590e4
b110bcca0524f8b001826673291c6201fbebd161
7ef974010abfe71fb92dc3f53e3948e1e544cf6821bf9802ea0bf35fa8fe5af6
GET /cdaas/one/statics/axp-dls/5.11.2/package/dist/fonts/Roboto-Regular.woff HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www2.american-express.login.com.appwatch.cn
Connection: keep-alive
Referer: https://www.aexp-static.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff
content-length: 76792
last-modified: Thu, 10 Oct 2019 22:15:47 GMT
etag: "5d9fad93-12bf8"
expires: Sat, 15 Aug 2020 16:51:30 GMT
cache-control: max-age=15552000
access-control-allow-origin: *
timing-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
accept-ranges: bytes
date: Tue, 06 Sep 2022 04:09:10 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
www.aexp-static.com/cdaas/one/statics/axp-dls/5.11.2/package/dist/iconfont/dls-icons.woff
104.110.6.135200 OK 40 kB URL HTTP/2 www.aexp-static.com/cdaas/one/statics/axp-dls/5.11.2/package/dist/iconfont/dls-icons.woff
IP 104.110.6.135:0
File type Web Open Font Format, TrueType, length 40332, version 1.0\012- data
Hash 6d616bd3a5427bc276ed155995b12294
71f3cd6fb8f03d6a56962802058d8a0830122d4c
80239f6b5f0ac5edc4a589c5bba51392f015dddf3c2d7ba9ce922058d63d8ec2
GET /cdaas/one/statics/axp-dls/5.11.2/package/dist/iconfont/dls-icons.woff HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www2.american-express.login.com.appwatch.cn
Connection: keep-alive
Referer: https://www.aexp-static.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff
content-length: 40332
last-modified: Thu, 10 Oct 2019 22:15:49 GMT
etag: "5d9fad95-9d8c"
expires: Sat, 15 Aug 2020 16:21:06 GMT
cache-control: max-age=15552000
access-control-allow-origin: *
timing-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
accept-ranges: bytes
date: Tue, 06 Sep 2022 04:09:10 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
www.aexp-static.com/cdaas/one/statics/axp-dls/5.11.2/package/dist/fonts/Roboto-Light.woff
104.110.6.135200 OK 74 kB URL HTTP/2 www.aexp-static.com/cdaas/one/statics/axp-dls/5.11.2/package/dist/fonts/Roboto-Light.woff
IP 104.110.6.135:0
File type Web Open Font Format, TrueType, length 73604, version 0.0\012- data
Hash 7294a33a9bec0eae9f3adddbcfe009c9
6e2cf6a463aab5c238468b67831a30dbdf430bda
e9f9fab2d479b79aca1d3d3bf0a9fc36131752869363180bef040905a008cc1b
GET /cdaas/one/statics/axp-dls/5.11.2/package/dist/fonts/Roboto-Light.woff HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www2.american-express.login.com.appwatch.cn
Connection: keep-alive
Referer: https://www.aexp-static.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff
content-length: 73604
last-modified: Thu, 10 Oct 2019 22:15:47 GMT
etag: "5d9fad93-11f84"
expires: Sat, 15 Aug 2020 15:58:45 GMT
cache-control: max-age=15552000
access-control-allow-origin: *
timing-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
accept-ranges: bytes
date: Tue, 06 Sep 2022 04:09:10 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.2.0/package/dist/iconfont/dls-icons.woff?v=2.1.0
104.110.6.135200 OK 45 kB URL HTTP/2 www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.2.0/package/dist/iconfont/dls-icons.woff?v=2.1.0
IP 104.110.6.135:0
File type Web Open Font Format, TrueType, length 44552, version 1.0\012- data
Hash b9e2a1b82e4c8e3fb8ff083b1a6f596b
350a8f9813c75ee0bc16edc87a7565cf226c6d1e
6c2307e5fa4f3725b00710176eeab8c23abbcd4acfd6f7c70389acc9d08d82f0
GET /cdaas/one/statics/axp-static-assets/2.2.0/package/dist/iconfont/dls-icons.woff?v=2.1.0 HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www2.american-express.login.com.appwatch.cn
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: font/woff
content-length: 44552
last-modified: Mon, 06 Jan 2020 21:18:42 GMT
etag: "5e13a432-ae08"
expires: Sun, 16 Aug 2020 03:57:28 GMT
cache-control: max-age=15552000
access-control-allow-origin: *
timing-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
accept-ranges: bytes
date: Tue, 06 Sep 2022 04:09:10 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
www2.american-express.login.com.appwatch.cn/api.php?act=ip_save&_r=0.38185250812597893
155.94.179.157200 OK 33 B URL HTTP/2 www2.american-express.login.com.appwatch.cn/api.php?act=ip_save&_r=0.38185250812597893
IP 155.94.179.157:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type JSON data\012- , ASCII text, with no line terminators
Hash 64eb1f0e8cfc1697a72e4f9aa8393199
ccdf93819760fd361b7d77dbe7fac15f3adc9e7d
6a94ea9be4e52beb9027eaec35899038b35840df875e036d87cf761e5fbb7c18
GET /api.php?act=ip_save&_r=0.38185250812597893 HTTP/1.1
Host: www2.american-express.login.com.appwatch.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Cookie: PHPSESSID=v5plg3n1jakplb93e3ns6uh3p8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
content-length: 33
content-type: text/html; charset=UTF-8
date: Tue, 06 Sep 2022 04:09:10 GMT
server: Apache
X-Firefox-Spdy: h2
www.aexp-static.com/cdaas/axp-app/modules/axp-identity-root/1.31.0/images/icon-192.png
104.110.6.135200 OK 7.2 kB URL HTTP/2 www.aexp-static.com/cdaas/axp-app/modules/axp-identity-root/1.31.0/images/icon-192.png
IP 104.110.6.135:0
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash 0696656f7545af976eb4641141d81696
80ff69a28d379c7fa0a13388d857e2bc67afd7b9
19ff8bb08694905f12c0e9235e51bf28491bea785de0bc182e2c3346db7456a9
GET /cdaas/axp-app/modules/axp-identity-root/1.31.0/images/icon-192.png HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 7242
last-modified: Wed, 04 Aug 2021 15:42:08 GMT
etag: "610ab550-1c4a"
timing-allow-origin: *
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
date: Tue, 06 Sep 2022 04:09:10 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
www2.american-express.login.com.appwatch.cn/img/favicon.ico
155.94.179.157200 OK 1.4 kB URL HTTP/2 www2.american-express.login.com.appwatch.cn/img/favicon.ico
IP 155.94.179.157:0
ASN #8100 ASN-QUADRANET-GLOBAL
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 3b59e51534607dfefbcce3772b913031
77bb0792ab706ca3a687c5df968814f11fd96bfe
d3f8ea2f4b84bdc76bac4cd065481deb32efafb2b412906beeafc46b2f80217a
GET /img/favicon.ico HTTP/1.1
Host: www2.american-express.login.com.appwatch.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Cookie: PHPSESSID=v5plg3n1jakplb93e3ns6uh3p8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 13 Aug 2021 05:47:54 GMT
etag: "54e-5c96a64897680-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1381
content-type: image/x-icon
date: Tue, 06 Sep 2022 04:09:10 GMT
server: Apache
X-Firefox-Spdy: h2
www2.american-express.login.com.appwatch.cn/admin/im/layui.js
155.94.179.157200 OK 0 B URL HTTP/2 www2.american-express.login.com.appwatch.cn/admin/im/layui.js
IP 155.94.179.157:0
ASN #8100 ASN-QUADRANET-GLOBAL
Analyzer Verdict Alert fortinet Phishing
GET /admin/im/layui.js HTTP/1.1
Host: www2.american-express.login.com.appwatch.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Cookie: PHPSESSID=v5plg3n1jakplb93e3ns6uh3p8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 06 Jul 2021 04:01:50 GMT
etag: "471da-5c66c7b3e4780-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 06 Sep 2022 04:09:09 GMT
server: Apache
X-Firefox-Spdy: h2
cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/layer.min.css
104.21.234.200521 No Reason Phrase 0 B URL HTTP/2 cdn.bootcdn.net/ajax/libs/layer/3.5.1/theme/default/layer.min.css
IP 104.21.234.200:0
GET /ajax/libs/layer/3.5.1/theme/default/layer.min.css HTTP/1.1
Host: cdn.bootcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www2.american-express.login.com.appwatch.cn/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 521 No Reason Phrase
date: Tue, 06 Sep 2022 04:09:09 GMT
content-type: text/html; charset=UTF-8
set-cookie: cf_use_ob=0; path=/; expires=Tue, 06-Sep-22 04:09:39 GMT
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 746458fb9f4c0639-LHR
server: cloudflare
X-Firefox-Spdy: h2