| home-followup-american-f56c.hegok59888.workers.dev/files/clear.gif | 188.114.97.1 | 200 OK | 12 kB |
URL GET HTTP/3home-followup-american-f56c.hegok59888.workers.dev/files/clear.gif IP188.114.97.1:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerLet's Encrypt Subjecthegok59888.workers.dev Fingerprint0E:62:C0:F3:9D:9C:C1:B6:63:8C:02:9F:69:7B:D5:21:D1:BB:11:BB ValidityMon, 15 Apr 2024 12:29:13 GMT - Sun, 14 Jul 2024 12:29:12 GMT
File typeHTML document, ASCII text, with very long lines (65520) Hash71da3772359ef545fe9a475ba6a2c12c 044bd556c5e86f1f177e589ff0629be3d8f91a8e 91e3da83513a0e323e88711549b8a56d2b3bcecf7813353eb9b7ee345f3373cc
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - American Express | OpenPhish | phishing | American Express |
GET /files/clear.gif HTTP/1.1
Host: home-followup-american-f56c.hegok59888.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 18 Apr 2024 04:59:25 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BY4nxxgZ9svGs6zCDzqCNBZiWDMn6aWeINlw15MfKk2DD4GN7EK7vPsUVgtzC32WzN%2BN%2Bqts6L1A%2BrypzFUyy2F%2BKYgLfk28KbmAr4q0Br6%2FemKUs2IbraGGlSJVL3hG783DQOYmtNJWasx4q7Zdj4JqITzg2l2aWV8sUoGA9afqua%2B%2BYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876215da3d767127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js | 142.250.74.42 | 200 OK | 30 kB |
URL GET HTTP/2ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP142.250.74.42:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT
File typeJavaScript source, ASCII text, with very long lines (32065) Hash2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 13 Apr 2024 13:58:13 GMT
expires: Sun, 13 Apr 2025 13:58:13 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 399672
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.1.1.min.js | 151.101.130.137 | 200 OK | 30 kB |
URL GET HTTP/2code.jquery.com/jquery-3.1.1.min.js IP151.101.130.137:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (32030) Hashe071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
GET /jquery-3.1.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-152b5"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 18 Apr 2024 04:59:25 GMT
age: 18615765
x-served-by: cache-lga21947-LGA, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 118, 85813
x-timer: S1713416365.286433,VS0,VE0
vary: Accept-Encoding
content-length: 30070
X-Firefox-Spdy: h2
|
|
| www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.24.0/package/dist/6.24.0/styles/dls.min.css | 104.110.3.84 | 200 OK | 49 kB |
URL GET HTTP/2www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.24.0/package/dist/6.24.0/styles/dls.min.css IP104.110.3.84:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerDigiCert Inc Subjectm.americanexpress.com Fingerprint3D:49:C1:10:15:C4:62:62:B3:CD:E6:43:D8:FF:DE:DD:A4:9F:03:26 ValidityWed, 06 Mar 2024 00:00:00 GMT - Thu, 06 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashd4f6c3591835eb7dd537e0b4dc46b49d 402d69bfc83c2477b72fa978d01045a124e5baf5 5697ec2a5b964c283b604e35b4b9a8e550014fd6ebd602a849fd85038113d78b
GET /cdaas/one/statics/@americanexpress/dls/6.24.0/package/dist/6.24.0/styles/dls.min.css HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
last-modified: Mon, 20 Feb 2023 20:23:12 GMT
etag: W/"63f3d6b0-596ee"
timing-allow-origin: *
cache-control: max-age=31536000, must-revalidate
content-encoding: gzip
content-length: 48683
date: Thu, 18 Apr 2024 04:59:25 GMT
vary: Origin, Accept-Encoding
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.3.1.js | 151.101.130.137 | 200 OK | 80 kB |
URL GET HTTP/2code.jquery.com/jquery-3.3.1.js IP151.101.130.137:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text Hash6a07da9fae934baf3f749e876bbfdd96 46a436eba01c79acdb225757ed80bf54bad6416b d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
GET /jquery-3.3.1.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://home-followup-american-f56c.hegok59888.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-42587"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 18 Apr 2024 04:59:25 GMT
age: 18615715
x-served-by: cache-lga21980-LGA, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 99, 26913
x-timer: S1713416365.285467,VS0,VE0
vary: Accept-Encoding
content-length: 80268
X-Firefox-Spdy: h2
|
|
| api.ipify.org/?format=jsonp&callback=getIP | 104.26.12.205 | 200 OK | 29 B |
URL GET HTTP/2api.ipify.org/?format=jsonp&callback=getIP IP104.26.12.205:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerGoogle Trust Services LLC Subjectipify.org FingerprintC8:1A:05:47:C5:73:C6:CE:DF:1D:A6:DE:00:11:A9:9A:8C:DB:EF:A7 ValidityThu, 21 Mar 2024 19:56:02 GMT - Wed, 19 Jun 2024 19:56:01 GMT
File typeASCII text, with no line terminators Hash90a39389063c7c5716745c3b3bb4fba1 a0903c9a7e90fa3c6ddb04d0ce36abbd4c7a004f eaa6745d9d0a7698235cd6af53aad1551d975506c8405d8303282fb6d2f7ab69
GET /?format=jsonp&callback=getIP HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 04:59:25 GMT
content-type: application/javascript
content-length: 29
vary: Origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 876215da7c4256a4-OSL
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/jnxrg3tqc0u8rxa/ltolbec.gif | 162.125.70.15 | 200 OK | 4.4 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/jnxrg3tqc0u8rxa/ltolbec.gif IP162.125.70.15:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeGIF image data, version 89a, 55 x 54 Hash28b51026c632992786a253e30b45e1d3 d4a21c02564e266593699ee005d08a3df483e9d8 b754eb74fa8f416b4803252f7994d7aa22d697a5eb77f0b4df8e3839f9621c9e
GET /s/jnxrg3tqc0u8rxa/ltolbec.gif HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/gif
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ltolbec.gif"; filename*=UTF-8''ltolbec.gif
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1649372231639804n
pragma: public
set-cookie: uc_session=yuJ53O9SYmMAeDQ0WhcTX5i91vfkfkUqElpfzJWdIDIKtZv51R31ytXfro3wQfK2; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 253
date: Thu, 18 Apr 2024 04:59:25 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 4424
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 6f3756cd1c3a4a11987b442e6988b615
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/vs3xse7r45r8tdz/ltolbeg.gif | 162.125.70.15 | 200 OK | 181 B |
URL GET HTTP/2dl.dropboxusercontent.com/s/vs3xse7r45r8tdz/ltolbeg.gif IP162.125.70.15:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeGIF image data, version 89a, 9 x 9 Hashc3bfbd38613804cbf81d47f9b2f624fb f2f6665c4bd1ea6cc20e4583fcb31f1fb2c722d6 184e5c3955026e19d8f1488b7103d1e55b5ebe2bb177ba35445e9c19b50b5570
GET /s/vs3xse7r45r8tdz/ltolbeg.gif HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/gif
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ltolbeg.gif"; filename*=UTF-8''ltolbeg.gif
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1649372235647506n
pragma: public
set-cookie: uc_session=Oc0X2pRmqskpqfbiKHPgCn7W5A0MLjGVev6AKyqF7KiEQzFj4SjivsPZJ3O76Yrc; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 317
date: Thu, 18 Apr 2024 04:59:25 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 181
x-dropbox-response-origin: far_remote
x-dropbox-request-id: e2245609abb34688a4cfb27af98c9cc0
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/qd8kgsbe7e42toc/ltolbea.gif | 162.125.70.15 | 200 OK | 19 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/qd8kgsbe7e42toc/ltolbea.gif IP162.125.70.15:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x250, components 3 Hash03e1cabc97c530b48c3aa490cf450c4e 07fa164174b13fa1a5456b676af4623cb01da03e b233901fcdfe0e98965aa037733641927c0fc548f055e84bb5ae11bec6420154
GET /s/qd8kgsbe7e42toc/ltolbea.gif HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/gif
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ltolbea.gif"; filename*=UTF-8''ltolbea.gif
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1649372235647505n
pragma: public
set-cookie: uc_session=BX9cDKNnj3BreczpPxWqazgeYjcWmYyOBy2prTkRkYyE0bWcxny3IFLcbq0zAjh4; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 354
date: Thu, 18 Apr 2024 04:59:25 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 19185
x-dropbox-response-origin: far_remote
x-dropbox-request-id: c9a1c38648f3496990c7e89f86f7d4c7
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/0zlacsc50fkuni5/ldelavc.css | 162.125.70.15 | 200 OK | 6.4 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/0zlacsc50fkuni5/ldelavc.css IP162.125.70.15:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typegzip compressed data, from Unix Hash52b98ac6885be730771f54d801e2991b 9f3a33a2d1a75aee36cb1bc38883ebd9a645ca2d 8225507f618ffa315472deeb371443cbba06e8325ee9d96584453aa96c86b972
GET /s/0zlacsc50fkuni5/ldelavc.css HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ldelavc.css"; filename*=UTF-8''ldelavc.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=5mkSyhnBj7uobqj71Q245KBdG7yjKOKFnzY6qZySODSSPYxjXtXi6Um5jhChCQO1; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 334
date: Thu, 18 Apr 2024 04:59:25 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 8fdd21dc37524c50a4507b9a966c6fde
X-Firefox-Spdy: h2
|
|
| www.americanexpress.com/favicon.ico | 104.110.22.253 | | 1.4 kB |
URL GET www.americanexpress.com/favicon.ico IP104.110.22.253:0
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerDigiCert Inc Subjectwww.americanexpress.com Fingerprint64:A2:B0:4D:11:47:D0:C0:37:73:B5:62:91:90:F7:0D:1F:42:FA:10 ValidityThu, 03 Aug 2023 00:00:00 GMT - Thu, 01 Aug 2024 23:59:59 GMT
File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced Hash974ccc6c4c6e1c7f04606973beb3ba20 0f96f86d488a4b5805744fa067c3cfd57c928406 265d3f591d92fadfe95f4660c382ee64a23538a7353b9880434205a102833de0
GET /favicon.ico HTTP/1.1
Host: www.americanexpress.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
strict-transport-security: max-age=15552000;
last-modified: Fri, 07 Jun 2019 04:05:21 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 1381
x-cnection: close
content-type: image/x-icon
date: Thu, 18 Apr 2024 04:59:26 GMT
set-cookie: agent-id=0e23da88-0208-4f53-b594-0f125049d176; expires=Fri, 18-Apr-2025 04:59:26 GMT; path=/; domain=.americanexpress.com; secure; HttpOnly
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
|
|
| www.aexp-static.com/cdaas/axp-app/modules/one-identity-root/undefined/images/icon-192.png | 104.110.3.84 | 404 Not Found | 146 B |
URL GET HTTP/2www.aexp-static.com/cdaas/axp-app/modules/one-identity-root/undefined/images/icon-192.png IP104.110.3.84:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerDigiCert Inc Subjectm.americanexpress.com Fingerprint3D:49:C1:10:15:C4:62:62:B3:CD:E6:43:D8:FF:DE:DD:A4:9F:03:26 ValidityWed, 06 Mar 2024 00:00:00 GMT - Thu, 06 Mar 2025 23:59:59 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash8eec510e57f5f732fd2cce73df7b73ef 3c0af39ecb3753c5fee3b53d063c7286019eac3b 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /cdaas/axp-app/modules/one-identity-root/undefined/images/icon-192.png HTTP/1.1
Host: www.aexp-static.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
content-type: text/html
content-length: 146
date: Thu, 18 Apr 2024 04:59:26 GMT
vary: Origin, Accept-Encoding
set-cookie: ak_bmsc=F86BA6DC36D304A3ACC9FEE3AD0F5D26~000000000000000000000000000000~YAAQ1E0kF7gqJ8yOAQAAUeuS7xd1Nr5eC6ozPBXunF8J02YnsqEI0tOkTNoX414u33loBv2afDDBbi7uqb8XIllR7cXXdWhJoFOF4xl7U/oROx2IUzl/urrIbNTb3+O9xZsot6CjBfP7UvIhAsdvmaF9p4dj9SKEYUY9H4c2vLw2vjBP/WXqa6H+w5LN0UR94kTnOg7XzXYwWh2FQP3NgoloC4+ifCqIMOMdZf9LZ018blYWJ53atpIbbdEAUOX6iWOdR1nJrFW33RRU+YMxU5Dk6PLXH1K8XMCGzhRyYGbq1FIOXMg1xV107wTATAxb4Z8mI+EJH2SDvxuZ14asVRFSxZb8Il2aEbRJQOvjuL8azOntXVcUzhrbZxwhKZxxSTCa+p4eo9tOq3jNp1w=; Domain=.aexp-static.com; Path=/; Expires=Thu, 18 Apr 2024 06:59:26 GMT; Max-Age=7200; Secure
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/9fhljf5fcysz6es/ldelava.css | 162.125.70.15 | 200 OK | 3.2 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/9fhljf5fcysz6es/ldelava.css IP162.125.70.15:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typegzip compressed data, from Unix Hash4b1911edc5cf1b5f7632ec2fca476703 a5030336eec357eadb4f0775a86fda3c10ed32a5 e653119f97ae1da51f2307e3b8873734e49db631c9d52ed8f0f8272ebf8cbd9d
GET /s/9fhljf5fcysz6es/ldelava.css HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ldelava.css"; filename*=UTF-8''ldelava.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=yL61pehD47X6NbSM1pVIMUYBy2E8LL7IXzKX4E7x8din28TIWfRndDA8nLHngKuW; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 344
date: Thu, 18 Apr 2024 04:59:25 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: db6fb42a7fa340a7b1bd8f89631dd210
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/bq7g7vuoh1p32l0/ltolbed.gif | 162.125.70.15 | 200 OK | 36 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/bq7g7vuoh1p32l0/ltolbed.gif IP162.125.70.15:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeGIF image data, version 89a, 235 x 775 Hashfe9c5bf623531d8cbe5fd78e27a898a0 12a84e6dfa7f3437ff2d6af4fd6ba1d6ace2abd0 62f15599210bcdfd0a7ed3a445ccef2514c403e323961d4c386000d5b716d7fa
GET /s/bq7g7vuoh1p32l0/ltolbed.gif HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/s/9fhljf5fcysz6es/ldelava.css
Cookie: uc_session=EcUDRlQKlVVcdxebIPI6dlWKcz52GTql9rqahTJhtpYUIK53KKIHxPkRjgyiIgHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/gif
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ltolbed.gif"; filename*=UTF-8''ltolbed.gif
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1649372237003404n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 337
date: Thu, 18 Apr 2024 04:59:26 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 36330
x-dropbox-response-origin: far_remote
x-dropbox-request-id: b2047d8e9cba47679d402d63e70c79b3
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s//fycvd5jei4hxlna/ltolbei.gif | 162.125.70.15 | 200 OK | 2.6 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s//fycvd5jei4hxlna/ltolbei.gif IP162.125.70.15:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeGIF image data, version 89a, 207 x 60 Hash0ff8771b5ee67ddfc1ebe66513a5b6ee 8b26b9d9f966fc99d51900ee19ba5d943c63863c ac595759703754418524d900166983a09ad2a9126cc0d0d6dd77beafafbcba86
GET /s//fycvd5jei4hxlna/ltolbei.gif HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/s/ffn0jej7upjl7qg/ldelavb.css
Cookie: uc_session=EcUDRlQKlVVcdxebIPI6dlWKcz52GTql9rqahTJhtpYUIK53KKIHxPkRjgyiIgHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: image/gif
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ltolbei.gif"; filename*=UTF-8''ltolbei.gif
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1649372235647507n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 352
date: Thu, 18 Apr 2024 04:59:26 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 2609
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 8c1d8973b8c84e7ca9db05966d3803cc
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/0q32pekx87jvc34/ltolbef.gif | 162.125.70.15 | 200 OK | 934 B |
URL GET HTTP/2dl.dropboxusercontent.com/s/0q32pekx87jvc34/ltolbef.gif IP162.125.70.15:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeGIF image data, version 89a, 1 x 366 Hash0833adbc1fcb3b2de6df257d86b9eca6 ca09c233b4f04bd352341d278372e3975aeb9d3b 194b37addb793c71c33302afb3239216455121d66303067e15904eedd0a66b12
GET /s/0q32pekx87jvc34/ltolbef.gif HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dl.dropboxusercontent.com/s/9fhljf5fcysz6es/ldelava.css
Cookie: uc_session=EcUDRlQKlVVcdxebIPI6dlWKcz52GTql9rqahTJhtpYUIK53KKIHxPkRjgyiIgHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/gif
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ltolbef.gif"; filename*=UTF-8''ltolbef.gif
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
etag: 1649372233505851n
pragma: public
x-content-type-options: nosniff
x-server-response-time: 335
date: Thu, 18 Apr 2024 04:59:26 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-length: 934
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 2d414f63f7834a6abdb5a9aa46c17ab2
X-Firefox-Spdy: h2
|
|
| dl.dropboxusercontent.com/s/ffn0jej7upjl7qg/ldelavb.css | 162.125.70.15 | 200 OK | 6.7 kB |
URL GET HTTP/2dl.dropboxusercontent.com/s/ffn0jej7upjl7qg/ldelavb.css IP162.125.70.15:443
Requested byhttps://home-followup-american-f56c.hegok59888.workers.dev/ CertificateIssuerDigiCert Inc Subject*.dl.dropboxusercontent.com Fingerprint66:F4:AC:24:6B:45:2B:53:3A:0C:7A:96:51:BC:36:53:B5:E8:39:40 ValidityMon, 25 Mar 2024 00:00:00 GMT - Tue, 11 Mar 2025 23:59:59 GMT
File typeASCII text, with very long lines (6771), with no line terminators Hash806e2cffe9f834be4bd34cc9b7f794f3 b17e00942ed33e453d7433562286abeffed98617 06e326b615e60acb551b98c3f2cb79e5ff42290fe8b56933410e94e5c42ac913
GET /s/ffn0jej7upjl7qg/ldelavb.css HTTP/1.1
Host: dl.dropboxusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://home-followup-american-f56c.hegok59888.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
accept-ranges: bytes
cache-control: max-age=60
content-disposition: inline; filename="ldelavb.css"; filename*=UTF-8''ldelavb.css
content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
pragma: public
set-cookie: uc_session=EcUDRlQKlVVcdxebIPI6dlWKcz52GTql9rqahTJhtpYUIK53KKIHxPkRjgyiIgHC; Domain=dropboxusercontent.com; HttpOnly; Path=/; SameSite=None; Secure
x-content-type-options: nosniff
x-server-response-time: 543
date: Thu, 18 Apr 2024 04:59:25 GMT
server: envoy
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-robots-tag: noindex, nofollow, noimageindex
content-encoding: gzip
vary: Accept-Encoding
x-dropbox-response-origin: far_remote
x-dropbox-request-id: 4ef3d4f11ada4b6e862cdb7d57e46c30
X-Firefox-Spdy: h2
|
|
| home-followup-american-f56c.hegok59888.workers.dev/ | 188.114.97.1 | 200 OK | 210 kB |
URL User Request GET HTTP/2home-followup-american-f56c.hegok59888.workers.dev/ IP188.114.97.1:443
CertificateIssuerLet's Encrypt Subjecthegok59888.workers.dev Fingerprint0E:62:C0:F3:9D:9C:C1:B6:63:8C:02:9F:69:7B:D5:21:D1:BB:11:BB ValidityMon, 15 Apr 2024 12:29:13 GMT - Sun, 14 Jul 2024 12:29:12 GMT
File typeHTML document, ASCII text, with very long lines (65520) Size210 kB (210269 bytes) Hash71da3772359ef545fe9a475ba6a2c12c 044bd556c5e86f1f177e589ff0629be3d8f91a8e 91e3da83513a0e323e88711549b8a56d2b3bcecf7813353eb9b7ee345f3373cc
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - American Express | urlquery | suspicious | Suspicious - Suspicious Javascript code | OpenPhish | phishing | American Express |
GET / HTTP/1.1
Host: home-followup-american-f56c.hegok59888.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 18 Apr 2024 04:59:24 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zY8mjppwA21vW79OW5ie2ixRITbFhWrk2FhvPriz%2Ftsq%2FkR2j3UywhOA0EsQrVLv3SgS5ECA1LyfB38i5XsoLG5C%2FQXQ%2Ba5DSA3fFO8%2BFqoT8S0FIIfWj8XZF4ITlnJlReXvzwi7H6Yfa3AQFdGUnbxPnrAi%2B9gQefa8aDC8cqRmLf5DvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876215d7e9b656a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|