urlscan.io logo urlscan.io
SecurityTrails logo

grandcaymanislandshopping.com Open in urlscan Pro
192.185.189.149  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://grandcaymanislandshopping.com/htm.htm
Submission: On September 07 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 12 HTTP transactions. The main IP is 192.185.189.149, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is grandcaymanislandshopping.com.
TLS certificate: Issued by R3 on August 1st 2022. Valid for: 3 months.
This is the only time grandcaymanislandshopping.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: American Express (Financial)

Domain & IP information

IP Address AS Autonomous System
1 192.185.189.149 46606 (UNIFIEDLA...)
1 2600:9000:206... 16509 (AMAZON-02)
5 2606:4700::68... 13335 (CLOUDFLAR...)
5 96.16.140.130 16625 (AKAMAI-AS)
12 5
Apex Domain
Subdomains		 Transfer
5 aexp-static.com
www.aexp-static.com — Cisco Umbrella Rank: 18357
294 KB
5 fleek.co
storageapi.fleek.co — Cisco Umbrella Rank: 252766
225 KB
1 imagekit.io
ik.imagekit.io — Cisco Umbrella Rank: 33817
56 KB
1 grandcaymanislandshopping.com
grandcaymanislandshopping.com
294 B
12 4
Domain Requested by
5 www.aexp-static.com storageapi.fleek.co
5 storageapi.fleek.co ik.imagekit.io
storageapi.fleek.co
1 ik.imagekit.io grandcaymanislandshopping.com
1 grandcaymanislandshopping.com
12 4

This site contains no links.

Subject Issuer Validity Valid
*.grandcaymanislandshopping.com
R3		 2022-08-01 -
2022-10-30		 3 months crt.sh
*.imagekit.io
Amazon		 2022-03-24 -
2023-04-22		 a year crt.sh
fleek.co
Cloudflare Inc ECC CA-3		 2022-03-31 -
2023-03-30		 a year crt.sh
m.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2022-05-16 -
2023-05-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://grandcaymanislandshopping.com/htm.htm
Frame ID: EBAD01A895E99BC501657C705D19B026
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

American Express - recovery

Detected technologies

Overall confidence: 100%
Detected patterns
  • aexp-static\.com
Overall confidence: 100%
Detected patterns
  • <[^>]+data-react
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

575 kB
Transfer

1374 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request htm.htm
grandcaymanislandshopping.com/ 		199 B
294 B 		Document
General
Check archive.org
Download Go to
Full URL
https://grandcaymanislandshopping.com/htm.htm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.189.149 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
192-185-189-149.unifiedlayer.com
Software
Apache /
Resource Hash
a63de2f3a4c3d807d8b42f728e72578ca0baba135fd4c6e7cd8b81517809a78b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
178
content-type
text/html
date
Wed, 07 Sep 2022 02:31:07 GMT
last-modified
Wed, 31 Aug 2022 10:36:41 GMT
server
Apache
vary
Accept-Encoding
myscr851718_1JiAD12Pv.js
ik.imagekit.io/x6sl949t5r/ 		271 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ik.imagekit.io/x6sl949t5r/myscr851718_1JiAD12Pv.js
Requested by
Host: grandcaymanislandshopping.com
URL: https://grandcaymanislandshopping.com/htm.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206e:e000:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
6d1846c3ce2ef3f2c9e4841fd003777ccaf499e22664f68c8a0a3fd07039dbf9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://grandcaymanislandshopping.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 06 Sep 2022 21:58:27 GMT
via
1.1 62e7b24ca032b612bb93fa7f3437469c.cloudfront.net (CloudFront), 1.1 2a3d03f915cb6d29f35b8f9edd3b1956.cloudfront.net (CloudFront)
age
16359
etag
W/"43b09-ckkTxGXN52k8SmvEyeoJ/3cG5pg"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, s-maxage=15552000, max-age=15552000, must-revalidate
x-server
ImageKit.io
x-amz-cf-pop
VIE50-C1
content-encoding
br
x-amz-cf-id
STC1yPB_uHG_jmdId7LaL9oJPLgd0F--proW40e6H3JCZGJUH-vFhw==
x-request-id
7a25bca5-65c8-4329-bc46-1486a30484d8
dls_dcv5up.css
storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/ 		395 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/dls_dcv5up.css
Requested by
Host: ik.imagekit.io
URL: https://ik.imagekit.io/x6sl949t5r/myscr851718_1JiAD12Pv.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eef0bab2aca7e495e763ab5707cf877b7ac3e2543216b904722b82c2495a349c
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://grandcaymanislandshopping.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 02:31:07 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 31 Aug 2022 08:50:54 GMT
server
cloudflare
age
3933
etag
W/"bafybeiepygjmupmk6t5ylnr4ta7leuqu6wdnnguoqgrmukdcqcgxfdufgy"
vary
Origin, Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
content-security-policy
block-all-mixed-content
cf-ray
746c06c0599168ec-FRA
x-amz-request-id
1712671474E917F3
x-xss-protection
1; mode=block
expires
Wed, 07 Sep 2022 06:31:07 GMT
font_cwhs2t.css
storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/ 		212 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/font_cwhs2t.css
Requested by
Host: ik.imagekit.io
URL: https://ik.imagekit.io/x6sl949t5r/myscr851718_1JiAD12Pv.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
996e3f0f97560275527906b77b77ea592f06b410225d40ae7880a3caef3466ff
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://grandcaymanislandshopping.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 02:31:07 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 31 Aug 2022 08:50:52 GMT
server
cloudflare
age
3933
etag
W/"bafybeic2d5dterooejewxxn7ap6swp4pet63g57utjibvraarsnlxfxqd4"
vary
Origin, Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
content-security-policy
block-all-mixed-content
cf-ray
746c06c0599268ec-FRA
x-amz-request-id
171267147352DC98
x-xss-protection
1; mode=block
expires
Wed, 07 Sep 2022 06:31:07 GMT
fonts_n74ldn.css
storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/ 		104 KB
69 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/fonts_n74ldn.css
Requested by
Host: ik.imagekit.io
URL: https://ik.imagekit.io/x6sl949t5r/myscr851718_1JiAD12Pv.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08ed7823c2cdb7b89093fa8c4fd9eee8c66da6a72be66d31fac37e690f2531a9
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://grandcaymanislandshopping.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 02:31:07 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 31 Aug 2022 08:50:53 GMT
server
cloudflare
age
3933
etag
W/"bafybeifjt7scsrv4stu4o4rasroq7bxogor33hqtbiq7ocydieposrb2zu"
vary
Origin, Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
content-security-policy
block-all-mixed-content
cf-ray
746c06c0599368ec-FRA
x-amz-request-id
1712671473624C3F
x-xss-protection
1; mode=block
expires
Wed, 07 Sep 2022 06:31:07 GMT
jquery-3.4.1.min.js.download
storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/ 		86 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/jquery-3.4.1.min.js.download
Requested by
Host: ik.imagekit.io
URL: https://ik.imagekit.io/x6sl949t5r/myscr851718_1JiAD12Pv.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content
X-Xss-Protection 1; mode=block

Request headers

Referer
https://grandcaymanislandshopping.com/
Origin
https://grandcaymanislandshopping.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Wed, 07 Sep 2022 02:31:08 GMT
cf-cache-status
DYNAMIC
x-amz-request-id
1712733153244D9D
content-length
88145
x-xss-protection
1; mode=block
last-modified
Wed, 31 Aug 2022 08:50:50 GMT
server
cloudflare
etag
"bafybeih2wu7xjevrrxg6jko3ppukeo4vcwnu7fg3kjlrzpd4cwv4g7f7h4"
vary
Origin
content-type
application/octet-stream
access-control-allow-origin
https://grandcaymanislandshopping.com
access-control-expose-headers
Date, Etag, Server, Connection, Accept-Ranges, Content-Range, Content-Encoding, Content-Length, Content-Type, Content-Disposition, Last-Modified, Content-Language, Cache-Control, Retry-After, X-Amz-Bucket-Region, Expires, X-Amz*, X-Amz*, *
access-control-allow-credentials
true
content-security-policy
block-all-mixed-content
accept-ranges
bytes
cf-ray
746c06c05ebc906c-FRA
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fc69234936c0df004440641a5df9ee1e3c3532df5780984f0f636e85e8788519

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56b8e90244c34621e294d3357edfef9a1467e501773ed21b25dc6367ab3d7803

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/svg+xml
3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
www.aexp-static.com/nav/ngn/fonts/ 		36 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/nav/ngn/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/dls_dcv5up.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
96.16.140.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-140-130.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad

Request headers

Referer
https://storageapi.fleek.co/
Origin
https://grandcaymanislandshopping.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 02:31:08 GMT
last-modified
Wed, 15 Aug 2018 20:46:09 GMT
etag
"5b749111-9121"
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=15552000
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length
37153
expires
Tue, 10 Nov 2020 06:17:18 GMT
Roboto-Regular.woff
www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/Roboto-Regular.woff
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/font_cwhs2t.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
96.16.140.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-140-130.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7ef974010abfe71fb92dc3f53e3948e1e544cf6821bf9802ea0bf35fa8fe5af6

Request headers

Referer
https://storageapi.fleek.co/
Origin
https://grandcaymanislandshopping.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 02:31:08 GMT
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
etag
"1dc09d84-12bf8"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=15552000
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length
76792
expires
Tue, 02 Mar 2021 18:30:25 GMT
Roboto-Medium.woff
www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/ 		71 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/Roboto-Medium.woff
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/font_cwhs2t.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
96.16.140.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-140-130.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d5d7822393d3103ec421f72f09c7f7c78948c68da112031c0afd1c0b0da92c08

Request headers

Referer
https://storageapi.fleek.co/
Origin
https://grandcaymanislandshopping.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 02:31:08 GMT
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
etag
"1dc09d84-11cfc"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=15552000
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length
72956
expires
Tue, 02 Mar 2021 18:30:26 GMT
truncated
/ 		917 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bd019a6147dd61d8a25b62afee3861027b5267ddd8d9d25d60bcfc4ddc4ed875

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		316 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
acddc65fd3cdc9eecc019e24154e3199b6cc918d0c4f5baea10a7d170a431859

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		644 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
677a6a5da6f0e85f66c5232fc39ffd285ed010a9498c40cdd7e56d2ff0b7e7da

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aceafc4f408e21149b229fc07eb7735b8aea8b3e93a421bbe6eefe54b96f208d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		764 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5c5381a437e62da458e251201a5c46af59e750b8f40470b77d00ce9fcf08fc6b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		984 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5cb5e693ba5e56c274a113f77c50becb662d18324b2ed681432f60ee4761de3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
amex-fuid-sprite.png
storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/amex-fuid-sprite.png
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/fonts_n74ldn.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:791 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/fonts_n74ldn.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/svg+xml
0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff
www.aexp-static.com/nav/ngn/fonts/ 		37 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/nav/ngn/fonts/0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/dls_dcv5up.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
96.16.140.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-140-130.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
568d1bad8ef5d3ee9e14e5bdc304985d4d9a8d791bfe4fdb689fc2bef638466c

Request headers

Referer
https://storageapi.fleek.co/
Origin
https://grandcaymanislandshopping.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 02:31:08 GMT
last-modified
Wed, 15 Aug 2018 20:46:09 GMT
etag
"5b749111-943d"
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD
content-type
font/woff
access-control-allow-origin
*
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length
37949
expires
Tue, 10 Nov 2020 06:20:27 GMT
Roboto-Light.woff
www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/ 		72 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/Roboto-Light.woff
Requested by
Host: storageapi.fleek.co
URL: https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/font_cwhs2t.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
96.16.140.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-140-130.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e9f9fab2d479b79aca1d3d3bf0a9fc36131752869363180bef040905a008cc1b

Request headers

Referer
https://storageapi.fleek.co/
Origin
https://grandcaymanislandshopping.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 07 Sep 2022 02:31:08 GMT
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
etag
"1dc09d84-11f84"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD
content-type
font/woff
access-control-allow-origin
*
cache-control
max-age=15552000
access-control-allow-credentials
true
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length
73604
expires
Tue, 02 Mar 2021 18:30:25 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: American Express (Financial)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| erp string| em number| tmp function| $ function| jQuery

0 Cookies

3 Console Messages

Source Level URL
Text
javascript warning URL: https://ik.imagekit.io/x6sl949t5r/myscr851718_1JiAD12Pv.js(Line 11641)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/jquery-3.4.1.min.js.download, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://ik.imagekit.io/x6sl949t5r/myscr851718_1JiAD12Pv.js(Line 11641)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/jquery-3.4.1.min.js.download, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://storageapi.fleek.co/e94cfbdd-d861-44a5-91ce-d79bfc99e5a5-bucket/fold/amex-fuid-sprite.png
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

grandcaymanislandshopping.com
ik.imagekit.io
storageapi.fleek.co
www.aexp-static.com
192.185.189.149
2600:9000:206e:e000:15:c281:3500:93a1
2606:4700::6812:791
96.16.140.130
028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab
08ed7823c2cdb7b89093fa8c4fd9eee8c66da6a72be66d31fac37e690f2531a9
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad
568d1bad8ef5d3ee9e14e5bdc304985d4d9a8d791bfe4fdb689fc2bef638466c
56b8e90244c34621e294d3357edfef9a1467e501773ed21b25dc6367ab3d7803
5c5381a437e62da458e251201a5c46af59e750b8f40470b77d00ce9fcf08fc6b
5cb5e693ba5e56c274a113f77c50becb662d18324b2ed681432f60ee4761de3d
677a6a5da6f0e85f66c5232fc39ffd285ed010a9498c40cdd7e56d2ff0b7e7da
6d1846c3ce2ef3f2c9e4841fd003777ccaf499e22664f68c8a0a3fd07039dbf9
7ef974010abfe71fb92dc3f53e3948e1e544cf6821bf9802ea0bf35fa8fe5af6
996e3f0f97560275527906b77b77ea592f06b410225d40ae7880a3caef3466ff
a63de2f3a4c3d807d8b42f728e72578ca0baba135fd4c6e7cd8b81517809a78b
acddc65fd3cdc9eecc019e24154e3199b6cc918d0c4f5baea10a7d170a431859
aceafc4f408e21149b229fc07eb7735b8aea8b3e93a421bbe6eefe54b96f208d
bd019a6147dd61d8a25b62afee3861027b5267ddd8d9d25d60bcfc4ddc4ed875
c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9
d5d7822393d3103ec421f72f09c7f7c78948c68da112031c0afd1c0b0da92c08
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9f9fab2d479b79aca1d3d3bf0a9fc36131752869363180bef040905a008cc1b
eef0bab2aca7e495e763ab5707cf877b7ac3e2543216b904722b82c2495a349c
fc69234936c0df004440641a5df9ee1e3c3532df5780984f0f636e85e8788519