Report - worker-account-review-c405.gatopa3681.workers.dev/

Report Overview

Visited public
2023-11-12 11:28:55
Tags
suspicious
URL
worker-account-review-c405.gatopa3681.workers.dev/
Finishing URL
worker-account-review-c405.gatopa3681.workers.dev/
IP / ASN
104.21.15.20
#13335 CLOUDFLARENET
Title
Sign In
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ecm.capitalone.com	13649	1995-03-13	2017-02-01 18:32:51	2023-11-07 06:47:08	5.8 kB	98 kB	23.36.79.34
verified.capitalone.com	24740	1995-03-13	2017-01-03 14:44:34	2023-11-07 06:47:08	471 B	16 kB	2.16.174.101
worker-account-review-c405.gatopa3681.workers.dev	unknown	2019-02-08	2023-11-10 21:22:11	2023-11-12 07:01:09	1.0 kB	502 kB	104.21.15.20
www.linkpicture.com	86847	2018-06-25	2019-07-19 21:10:53	2023-11-11 20:32:06	468 B	623 B	104.21.235.181

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-11	medium	worker-account-review-c405.gatopa3681.workers.dev/	Capital One Financial Corporation
2023-11-11	medium	worker-account-review-c405.gatopa3681.workers.dev/	Capital One Financial Corporation

PhishTank

Scan Date	Severity	Indicator	Alert
2023-11-12	medium	worker-account-review-c405.gatopa3681.workers.dev/	Capital One
2023-11-12	medium	worker-account-review-c405.gatopa3681.workers.dev/index_files/serverComponent.php	Capital One

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	worker-account-review-c405.gatopa3681.workers.dev/	ScriptElement	250 kB	2023-11-12	2024-08-20
Pretty URL worker-account-review-c405.gatopa3681.workers.dev/ IP 104.21.15.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-12 12:28 Last Seen2024-08-20 19:52 Times Seen6 Hash 2f8d319756f6e6d8722d87a342dde748 70fe340f49cbfc0c8f3ce8dc1e995952d9cd1b4b eebc92aaf577416d84e69608c504912a03e55f43dedfec7f00de6b2d171d563f Loading...

	unknown	ScriptElement	2.8 kB	2023-11-12	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-12 12:28 Last Seen2024-08-20 19:52 Times Seen6 Hash 64a2a995c450a5f34cf4e771159f0b0a 83ffaf15433d8a1c5051d53c1010b24eb64f0c67 d390e25bda63e4fb473196e78135af8657b0ec1ecede9061debbe6db5d683435 Loading...

		Size	First Seen	Last Seen
	#1 Write - e5af6163a02ad1b6b0ca63a04a1af250	184 kB	2023-11-12 12:28	2024-08-20 19:52
Pretty Observations First Seen2023-11-12 12:28 Last Seen2024-08-20 19:52 Times Seen6 Hash e5af6163a02ad1b6b0ca63a04a1af250 549560f6c387da4fd7c5af23710bad94e0464682 710a90ad699395dfa5345f1d95c02d60b1dbebedd25600d3508fff870812d28f Loading...

HTTP Transactions (15)

URL IP Response Size

ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/facebook-social.svg

23.36.79.34

200 OK

282 B

URL GET HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/facebook-social.svg
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectecm.capitalone.com
FingerprintEB:F6:BD:77:65:EE:62:78:14:5F:98:60:A6:56:55:50:0A:7E:93:03
ValidityFri, 23 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (431), with no line terminators
Size
282 B (282 bytes)
Hash
e43c5a7e7fb8c3c12579162a4986b1ad
7a7c6a4ce7d8fe81778e3407bb710372ac3ea3f9
b312fb49b19387ededa2729f0c384686ce7c83811b0ea0367ef63767e612da03

HTTP Headers

GET /CI_Common/assets/images/footer/social-icons/facebook-social.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:05 GMT
etag: "e43c5a7e7fb8c3c12579162a4986b1ad"
x-amz-server-side-encryption: AES256
x-amz-version-id: sp5rcJ_CixBIFs_Kbc9AtTIkRc82cd4R
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: J59KxPSyrzwh1_-pHbiRvwFMM3nt_ufA6PAQOEVJZIkZALIksvAUkg==
vary: Accept-Encoding
content-encoding: gzip
content-length: 282
cache-control: max-age=1061342
expires: Fri, 24 Nov 2023 18:17:40 GMT
date: Sun, 12 Nov 2023 11:28:38 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/footer/www-fdic.svg

23.36.79.34

200 OK

955 B

URL GET HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/www-fdic.svg
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectecm.capitalone.com
FingerprintEB:F6:BD:77:65:EE:62:78:14:5F:98:60:A6:56:55:50:0A:7E:93:03
ValidityFri, 23 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1959), with no line terminators
Size
955 B (955 bytes)
Hash
a5b2f8771a99c2670dd5183853596b4f
31d62e53c4839860683ff79e3866278f5ea35616
017d9cf1015d4388c0069e8f2e147d998616605a8fdbb461cd964ff5cda545e3

HTTP Headers

GET /CI_Common/assets/images/footer/www-fdic.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:06 GMT
etag: W/"a5b2f8771a99c2670dd5183853596b4f"
x-amz-server-side-encryption: AES256
x-amz-version-id: 8xRP0pbuqhkFsGgLYTsgGzSHlkx4pEGg
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: H-Np6_9eZQP1ng_FN2ju7A_gz1t7ss5LHM5EInETUpJpRN5SPOGvkw==
content-length: 955
cache-control: max-age=420380
expires: Fri, 17 Nov 2023 08:14:58 GMT
date: Sun, 12 Nov 2023 11:28:38 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/footer/www-ehl.svg

23.36.79.34

200 OK

299 B

URL GET HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/www-ehl.svg
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectecm.capitalone.com
FingerprintEB:F6:BD:77:65:EE:62:78:14:5F:98:60:A6:56:55:50:0A:7E:93:03
ValidityFri, 23 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (437), with no line terminators
Size
299 B (299 bytes)
Hash
30d0ea03dfc7173265c5896affca1ad9
3eb9550c148d3e49d67c6531a9aa6cf8acd356d0
2d23c63e03fb685ed80f2554da2069dbc431720b6ed4f3f7cce579f52aaa62af

HTTP Headers

GET /CI_Common/assets/images/footer/www-ehl.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:06 GMT
etag: "30d0ea03dfc7173265c5896affca1ad9"
x-amz-server-side-encryption: AES256
x-amz-version-id: Cfpp_Ya_3POEKViDatTY.UH0GBjWHzjx
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: VUds1SokOgb9rdD7QoElH2jw_GpSlScadYoEUDVMVKsc8pGsgE3Y4A==
vary: Accept-Encoding
content-encoding: gzip
content-length: 299
cache-control: max-age=1570244
expires: Thu, 30 Nov 2023 15:39:22 GMT
date: Sun, 12 Nov 2023 11:28:38 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/twitter-social.svg

23.36.79.34

200 OK

734 B

URL GET HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/twitter-social.svg
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectecm.capitalone.com
FingerprintEB:F6:BD:77:65:EE:62:78:14:5F:98:60:A6:56:55:50:0A:7E:93:03
ValidityFri, 23 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
734 B (734 bytes)
Hash
c2f1acf6f29c52f793f66b65ba91d49f
d045195486c4bfdbefd3e812e7297db69615484d
d1b4860dcce83c4c73736dedeafe3b09403b267d087ef721a35dbffd5e564c68

HTTP Headers

GET /CI_Common/assets/images/footer/social-icons/twitter-social.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:05 GMT
etag: W/"c2f1acf6f29c52f793f66b65ba91d49f"
x-amz-server-side-encryption: AES256
x-amz-version-id: WY8VBzDyq7FctDDX8MrQBW0rTz7Flw8l
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: YlG8YqnDOa_P8VAf9WonpQ5skgLUvinbaxHQSNVgLOzUDc_p05KEJA==
content-length: 734
cache-control: max-age=1565511
expires: Thu, 30 Nov 2023 14:20:29 GMT
date: Sun, 12 Nov 2023 11:28:38 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/you-tube-social.svg

23.36.79.34

200 OK

295 B

URL GET HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/you-tube-social.svg
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectecm.capitalone.com
FingerprintEB:F6:BD:77:65:EE:62:78:14:5F:98:60:A6:56:55:50:0A:7E:93:03
ValidityFri, 23 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (491), with no line terminators
Size
295 B (295 bytes)
Hash
0a9ec1ae291522dcb84befe6a44c3830
3236900d0d9801eb93d355a7b9be38b16ea51604
bb29a96bd1b20b9dedd8197ce7f9a29fc742aa6555df924453b5561c6ef3564f

HTTP Headers

GET /CI_Common/assets/images/footer/social-icons/you-tube-social.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:05 GMT
etag: "0a9ec1ae291522dcb84befe6a44c3830"
x-amz-server-side-encryption: AES256
x-amz-version-id: 5PqSeWnBhEvAtcPgf2XAbVZCtyvnbUxM
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 61GrgK63n8h_lGzo-6PZlw-FzSgEAbs-J-4o0C9LPZwcXeaYMS7VwA==
vary: Accept-Encoding
content-encoding: gzip
content-length: 295
cache-control: max-age=2070486
expires: Wed, 06 Dec 2023 10:36:44 GMT
date: Sun, 12 Nov 2023 11:28:38 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/instagram-social.svg

23.36.79.34

200 OK

768 B

URL GET HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/instagram-social.svg
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectecm.capitalone.com
FingerprintEB:F6:BD:77:65:EE:62:78:14:5F:98:60:A6:56:55:50:0A:7E:93:03
ValidityFri, 23 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1670), with no line terminators
Size
768 B (768 bytes)
Hash
7ff5bca5e93664bc612cc91ae53ac496
6a078cc08d3f7fe2b9f06a6f20cd3b953748f45f
bb4babc75eb6ef45fd42a6fb5f50b059473aaf36c607bef28a4aedb514e238fc

HTTP Headers

GET /CI_Common/assets/images/footer/social-icons/instagram-social.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:05 GMT
etag: W/"7ff5bca5e93664bc612cc91ae53ac496"
x-amz-server-side-encryption: AES256
x-amz-version-id: FUfIizReL1r02BrKB1G0_CUQXIQQ79Tx
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: coB_AF0E8m8ED78Dtvm4EGB0n-8P_tmMBd8KBvpxdKedH9QJyXEhzg==
content-length: 768
cache-control: max-age=1584136
expires: Thu, 30 Nov 2023 19:30:54 GMT
date: Sun, 12 Nov 2023 11:28:38 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/linkedin-social.svg

23.36.79.34

200 OK

349 B

URL GET HTTP/2
ecm.capitalone.com/CI_Common/assets/images/footer/social-icons/linkedin-social.svg
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectecm.capitalone.com
FingerprintEB:F6:BD:77:65:EE:62:78:14:5F:98:60:A6:56:55:50:0A:7E:93:03
ValidityFri, 23 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (605), with no line terminators
Size
349 B (349 bytes)
Hash
4135a3d131493d86e0db3c8ad0420602
4849488ce3d7aff2ec83435520a70627144cff6a
bb0c33cd3e05dfff3f5fe39c013a2afc5ddd457d3b76b0bc7ee231cf5d0f01f7

HTTP Headers

GET /CI_Common/assets/images/footer/social-icons/linkedin-social.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Fri, 28 Jun 2019 00:26:05 GMT
etag: "4135a3d131493d86e0db3c8ad0420602"
x-amz-server-side-encryption: AES256
x-amz-version-id: V4.R2G9M5ytZINKkEHFYF7hbdLSExGPo
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 4ynpoRODdMy0NFqZlQXq01IXubwYlzd97AREFp__7QRwOBOU0ttfVw==
vary: Accept-Encoding
content-encoding: gzip
content-length: 349
cache-control: max-age=2089884
expires: Wed, 06 Dec 2023 16:00:02 GMT
date: Sun, 12 Nov 2023 11:28:38 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_SBd.woff2

23.36.79.34

200 OK

28 kB

URL GET HTTP/2
ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_SBd.woff2
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectecm.capitalone.com
FingerprintEB:F6:BD:77:65:EE:62:78:14:5F:98:60:A6:56:55:50:0A:7E:93:03
ValidityFri, 23 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28188, version 1.0\012- data
Size
28 kB (28188 bytes)
Hash
d647937062406e5cc182de0cc77947d8
9d4c283a4fca43ae95019091bbd0a9e1b77b97bc
48b4ed4ba8ee0eaeddfba861e6772c61f818931816102636a888ec0b49bce056

HTTP Headers

GET /CI_Common/assets/fonts/Optimist_W_SBd.woff2 HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worker-account-review-c405.gatopa3681.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 28188
last-modified: Fri, 28 Jun 2019 00:26:02 GMT
etag: "d647937062406e5cc182de0cc77947d8"
x-amz-server-side-encryption: AES256
x-amz-version-id: QmX7yv6RJT4hT4UTSJmqyU0reaonF3KP
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: O3lBoAqLkZUcPBtTZb4ozX77cfZvmlXBezAzB7kGcH79gTWk8WZMuQ==
cache-control: max-age=2272356
expires: Fri, 08 Dec 2023 18:41:14 GMT
date: Sun, 12 Nov 2023 11:28:38 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_Lt.woff2

23.36.79.34

200 OK

28 kB

URL GET HTTP/2
ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_Lt.woff2
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectecm.capitalone.com
FingerprintEB:F6:BD:77:65:EE:62:78:14:5F:98:60:A6:56:55:50:0A:7E:93:03
ValidityFri, 23 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 27852, version 1.0\012- data
Size
28 kB (27852 bytes)
Hash
cb37fa55f3dfdd26d61901032a53644f
1115e8d43a08c1f74ec1f6a886d1cb530bb9da97
902c5a9d8ad932630fb2021fe1a1a7f4f06513b19e8d073866178ee65ff33fe9

HTTP Headers

GET /CI_Common/assets/fonts/Optimist_W_Lt.woff2 HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worker-account-review-c405.gatopa3681.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 27852
last-modified: Fri, 28 Jun 2019 00:26:02 GMT
etag: "cb37fa55f3dfdd26d61901032a53644f"
x-amz-server-side-encryption: AES256
x-amz-version-id: Q75rYxmglrbgkwTTGgaHL71RQB9n5YCD
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: 96b2Bo9YFlYTrfFcQX2Rvo9AmSOQP47Hz8QmnzNMKIjIs5vNDDwCTw==
cache-control: max-age=1384265
expires: Tue, 28 Nov 2023 11:59:43 GMT
date: Sun, 12 Nov 2023 11:28:38 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_Rg.woff2

23.36.79.34

200 OK

28 kB

URL GET HTTP/2
ecm.capitalone.com/CI_Common/assets/fonts/Optimist_W_Rg.woff2
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectecm.capitalone.com
FingerprintEB:F6:BD:77:65:EE:62:78:14:5F:98:60:A6:56:55:50:0A:7E:93:03
ValidityFri, 23 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28388, version 1.0\012- data
Size
28 kB (28388 bytes)
Hash
f4e1fbca28c954a486a90828b2ee7543
7750f00fe0337120e16632ea7fff2a78b11c874a
9b98e19f831844b3dae8e1fd65b6802bc778446fbdacac8203e34bbc02eacbcd

HTTP Headers

GET /CI_Common/assets/fonts/Optimist_W_Rg.woff2 HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worker-account-review-c405.gatopa3681.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 28388
last-modified: Fri, 28 Jun 2019 00:26:02 GMT
etag: "f4e1fbca28c954a486a90828b2ee7543"
x-amz-server-side-encryption: AES256
x-amz-version-id: 1GgM.ruzxSoQhqV._aklwOsuyVwoqFBE
accept-ranges: bytes
server: AmazonS3
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: UKrbxnA6XvXEgVu-TXphVPrBB0iMQxkeEdB_hKRsr382fqfwzgdFHA==
cache-control: max-age=2142829
expires: Thu, 07 Dec 2023 06:42:27 GMT
date: Sun, 12 Nov 2023 11:28:38 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

ecm.capitalone.com/CI_Common/assets/images/logos/capital-one-logo.svg

23.36.79.34

200 OK

1.7 kB

URL GET HTTP/2
ecm.capitalone.com/CI_Common/assets/images/logos/capital-one-logo.svg
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectecm.capitalone.com
FingerprintEB:F6:BD:77:65:EE:62:78:14:5F:98:60:A6:56:55:50:0A:7E:93:03
ValidityFri, 23 Jun 2023 00:00:00 GMT - Tue, 25 Jun 2024 23:59:59 GMT

File type
ASCII text, with very long lines (3967), with CRLF line terminators
Size
1.7 kB (1732 bytes)
Hash
f0b7ad81821effc52540e39cafda48f9
33d64bc7001f414f12bd92e740a45e5ced239add
57dfca5b95599a613da940f4a49ab6378fcf0586366a47cae679796930bf0eed

HTTP Headers

GET /CI_Common/assets/images/logos/capital-one-logo.svg HTTP/1.1
Host: ecm.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Wed, 20 Jan 2021 18:06:43 GMT
etag: W/"f0b7ad81821effc52540e39cafda48f9"
x-amz-server-side-encryption: AES256
x-amz-version-id: 8LzbBBEj8zCeatCBoYuv1q1dFFpTcVNl
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: HdJaUvrAj5VEG9DzlICGcJdU50sF2rvFp9FpZhYE6tYcovP5XqgQKQ==
content-length: 1732
cache-control: max-age=1733158
expires: Sat, 02 Dec 2023 12:54:36 GMT
date: Sun, 12 Nov 2023 11:28:38 GMT
access-control-request-method: POST,GET,PUT,DELETE
access-control-max-age: 86400
access-control-allow-credentials: false
access-control-allow-headers: *
access-control-allow-methods: GET,POST
access-control-allow-origin: *
X-Firefox-Spdy: h2

verified.capitalone.com/auth/favicon.ico

2.16.174.101

200 OK

15 kB

URL GET HTTP/2
verified.capitalone.com/auth/favicon.ico
IP
2.16.174.101:443
ASN
#16625 AKAMAI-AS

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerDigiCert Inc
Subjectverified.capitalone.com
Fingerprint44:E2:45:6A:F1:39:E9:0C:AE:A5:CD:55:BE:10:72:0E:7D:B9:D5:BC
ValidityMon, 06 Feb 2023 00:00:00 GMT - Mon, 05 Feb 2024 23:59:59 GMT

File type
MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
15 kB (15086 bytes)
Hash
d27e1739c7477b10ec6917546ae61f1d
bb36ab8bce726ce72a2d74a8529526bca0fa515d
5f2123af80970c0478de7f373c9d861d886e070592ebcd55fa372d8dfc9752ec

HTTP Headers

GET /auth/favicon.ico HTTP/1.1
Host: verified.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/vnd.microsoft.icon
content-length: 15086
last-modified: Mon, 25 Sep 2023 19:03:16 GMT
etag: "d27e1739c7477b10ec6917546ae61f1d"
x-amz-server-side-encryption: AES256
x-amz-version-id: 87EhxpZH_d8.sK24QkufQr6nC9DY8ePJ
accept-ranges: bytes
server: AmazonS3
content-security-policy: frame-ancestors 'none'
strict-transport-security: max-age=31622400; includeSubdomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-amz-cf-pop: MXP64-C2
x-amz-cf-id: HMW9EGNVJJlfBiLVPXtABKMLvAEtRXoXxhTqszXOKwxHdmJyUgHI7g==
date: Sun, 12 Nov 2023 11:28:39 GMT
set-cookie: akacd_phased_release_site_down=1699788579~rv=51~id=b2063383d74031d530e0f908914dce78; path=/; Expires=Sun, 12 Nov 2023 11:29:39 GMT; Secure; SameSite=None
x-robots-tag: noindex
cache-control: no-cache, no-store, max-age=0, must-revalidate
x-frame-options: DENY, deny
X-Firefox-Spdy: h2

worker-account-review-c405.gatopa3681.workers.dev/

104.21.15.20

200 OK

250 kB

URL User Request GET HTTP/2
worker-account-review-c405.gatopa3681.workers.dev/
IP
104.21.15.20:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectgatopa3681.workers.dev
Fingerprint3A:CA:A7:85:86:BE:6E:B7:1F:D6:82:07:84:7B:CB:17:75:AE:38:13
ValidityFri, 10 Nov 2023 19:18:55 GMT - Thu, 08 Feb 2024 19:18:54 GMT

File type
HTML document text\012- exported SGML document, ASCII text, with very long lines (65518)
Size
250 kB (250409 bytes)
Hash
887398e915bc370d88a08aaf2762ec23
bb91378868ef71cce32b8d9964a3d17f670b3c8b
c9523f6f70cc92b3b5e850f765273b13a5a3b8b36617ef12a14f1b0b3a2369b2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Capital One Financial Corporation
PhishTank	phishing	Capital One

HTTP Headers

GET / HTTP/1.1
Host: worker-account-review-c405.gatopa3681.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 12 Nov 2023 11:28:38 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DlY2ekkRJNm5waQBrPCdwniEuuX5IzEE7Ygdpe9%2FGvNlcWTkFUJ38YiTx2%2Ff2TaczeKGQ4arD%2BxcxNheOOIVIzOqqgEtC%2BcSjYDAjd7DQiheMMWeLz5WFGc4MLy063G1lVmEcM3UsLAMDPlYJOE%2F0c1qpZtC0WvclKEo3mkIZPBCIxDA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 824e6ebdbd7356c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

worker-account-review-c405.gatopa3681.workers.dev/index_files/serverComponent.php

104.21.15.20

200 OK

250 kB

URL GET HTTP/3
worker-account-review-c405.gatopa3681.workers.dev/index_files/serverComponent.php
IP
104.21.15.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerLet's Encrypt
Subjectgatopa3681.workers.dev
Fingerprint3A:CA:A7:85:86:BE:6E:B7:1F:D6:82:07:84:7B:CB:17:75:AE:38:13
ValidityFri, 10 Nov 2023 19:18:55 GMT - Thu, 08 Feb 2024 19:18:54 GMT

File type
HTML document text\012- exported SGML document, ASCII text, with very long lines (65518)
Size
250 kB (250409 bytes)
Hash
887398e915bc370d88a08aaf2762ec23
bb91378868ef71cce32b8d9964a3d17f670b3c8b
c9523f6f70cc92b3b5e850f765273b13a5a3b8b36617ef12a14f1b0b3a2369b2

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Capital One Financial Corporation
PhishTank	phishing	Capital One

HTTP Headers

GET /index_files/serverComponent.php HTTP/1.1
Host: worker-account-review-c405.gatopa3681.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 12 Nov 2023 11:28:38 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j6O46e0shPeIu7as3AKcVRstLiEUoL1S5K5HG8iS19miB8w2SstRxYwxckKRWck2zU4m8TON1dJBuxsn4gV6RFW8%2FXHXVPEo6m119YpCGNhQy3r29CizEJVjcPRyxmLfd0zeBPn6kT4vJsWqwL6odKtfu1N2XyqxE9DMNDagtL%2B9UZ48"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 824e6ec06ffd712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.linkpicture.com/q/icon-user.svg

104.21.235.181

404 Not Found

0 B

URL GET HTTP/2
www.linkpicture.com/q/icon-user.svg
IP
104.21.235.181:443
ASN
#13335 CLOUDFLARENET

Requested by
https://worker-account-review-c405.gatopa3681.workers.dev/
Certificate
IssuerLet's Encrypt
Subjectlinkpicture.com
Fingerprint2C:2B:18:0E:40:C2:42:17:F7:F8:12:C1:D5:C8:BD:50:AE:18:0F:CD
ValidityWed, 11 Oct 2023 05:59:40 GMT - Tue, 09 Jan 2024 05:59:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /q/icon-user.svg HTTP/1.1
Host: www.linkpicture.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worker-account-review-c405.gatopa3681.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sun, 12 Nov 2023 11:28:38 GMT
content-type: text/html
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cache-control: max-age=31536000
cf-cache-status: HIT
age: 131368
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WltGB19ti6SKor0glu6gmuPJnmhjcgrqSIgJE8F%2BTTC7quqBIA4UOfg9R2GUzQXAHIJG4TalOX71ZUqZ9RgiwJEsCQVlkOtLRIjgBNfI9ESzm5J9N4TGIYQzisuOg6sULDUX8rUI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 824e6ec15ecb71c6-LHR
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (15)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash