55.xn--80aadkum9bf.xn--p1ai Open in urlscan Pro Puny
55.садикасб.рф IDN
37.131.203.187 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://55.xn--80aadkum9bf.xn--p1ai/css/-/amexcvv.html
Submission: On April 24 via manual (April 24th 2023, 5:37:38 am UTC) from IN — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 17 HTTP transactions. The main IP is 37.131.203.187, located in Stantsionnyy-Polevskoy, Russian Federation and belongs to INTERRA-AS at Pervouralsk Bilimbay, Severka, Sredneuralsk, Revda Degtyarsk, Kachkanar, Lesnoy N.Tura, Polevskoy, Krasnoufimsk, Asbest cities of Sverdlovsk reg, RU. The main domain is 55.xn--80aadkum9bf.xn--p1ai.

This is the only time 55.xn--80aadkum9bf.xn--p1ai was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: American Express (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	37.131.203.187 37.131.203.187	48524 (INTERRA-A...) (INTERRA-AS at Pervouralsk Bilimbay)
3	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
2 3	2a01:7c8:ec:0... 2a01:7c8:ec:0:149:210:196:91	20857 (TRANSIP-A...) (TRANSIP-AS Amsterdam)
1 11	23.197.129.56 23.197.129.56	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.37.63.18 23.37.63.18	16625 (AKAMAI-AS) (AKAMAI-AS)
17	5

1 37.131.203.187 (Stantsionnyy-Polevskoy, Russian Federation)

ASN48524 (INTERRA-AS at Pervouralsk Bilimbay, Severka, Sredneuralsk, Revda Degtyarsk, Kachkanar, Lesnoy N.Tura, Polevskoy, Krasnoufimsk, Asbest cities of Sverdlovsk reg, RU)
PTR: 187.203.131.37.kch.ru

55.xn--80aadkum9bf.xn--p1ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firebasestorage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a01:7c8:ec:0:149:210:196:91 (Netherlands) 2 redirects

ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)

www.s2.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s2.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.197.129.56 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-129-56.deploy.static.akamaitechnologies.com

www.aexp-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
icm.aexp-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.37.63.18 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-63-18.deploy.static.akamaitechnologies.com

online.americanexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	aexp-static.com 1 redirects www.aexp-static.com — Cisco Umbrella Rank: 16293 icm.aexp-static.com — Cisco Umbrella Rank: 28187	158 KB
3	s2.be 2 redirects www.s2.be s2.be	2 KB
3	googleapis.com firebasestorage.googleapis.com — Cisco Umbrella Rank: 5450	714 KB
2	americanexpress.com online.americanexpress.com — Cisco Umbrella Rank: 14516	28 B
1	function sub() { [native code] }.	7 KB
17	5

	Domain	Requested by
6	icm.aexp-static.com	55.xn--80aadkum9bf.xn--p1ai icm.aexp-static.com
5	www.aexp-static.com	1 redirects 55.xn--80aadkum9bf.xn--p1ai firebasestorage.googleapis.com
3	firebasestorage.googleapis.com	55.xn--80aadkum9bf.xn--p1ai
2	online.americanexpress.com	55.xn--80aadkum9bf.xn--p1ai
2	www.s2.be	2 redirects
1	s2.be	55.xn--80aadkum9bf.xn--p1ai
1	55.xn--80aadkum9bf.xn--p1ai
17	7

This site contains no links.

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
online.americanexpress.com DigiCert SHA2 Extended Validation Server CA	`2022-09-15` - `2023-09-14`	a year	crt.sh
m.americanexpress.com DigiCert EV RSA CA G2	`2023-04-05` - `2024-04-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://55.xn--80aadkum9bf.xn--p1ai/css/-/amexcvv.html
Frame ID: 46DEA3F34A73FE62B5BE5C814593AF66
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

American Express

Detected technologies

Amex Express Checkout (Payment processors) Expand

Overall confidence: 100%
Detected patterns

aexp-static\.com

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Page Statistics

17
Requests

82 %
HTTPS

40 %
IPv6

5
Domains

7
Subdomains

5
IPs

3
Countries

878 kB
Transfer

986 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

http://www.s2.be/aexp-static/spacer.png HTTP 301
https://www.s2.be/aexp-static/spacer.png HTTP 301
https://s2.be/aexp-static/spacer.png

Request Chain 4

https://www.aexp-static.com/nav/ngn/css/inav_responsive.css HTTP 301
https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request amexcvv.html Show response
55.xn--80aadkum9bf.xn--p1ai/css/-/ 33 KB
7 KB 380ms
83ms Document
text/html 37.131.203.187
INTERRA-AS at Per...

General

Check archive.org

Show headers Download Go to

Full URL: http://55.xn--80aadkum9bf.xn--p1ai/css/-/amexcvv.html
Protocol: HTTP/1.1
Server: 37.131.203.187 Stantsionnyy-Polevskoy, Russian Federation, ASN48524 (INTERRA-AS at Pervouralsk Bilimbay, Severka, Sredneuralsk, Revda Degtyarsk, Kachkanar, Lesnoy N.Tura, Polevskoy, Krasnoufimsk, Asbest cities of Sverdlovsk reg, RU),
Reverse DNS: 187.203.131.37.kch.ru
Software: nginx/1.22.1 /
Resource Hash: 84d19b168b49a9960a66fc337852e173721e4c532b15dea147c7c6e313bc18fd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Mon, 24 Apr 2023 05:37:32 GMT
ETag: W/"643793f3-821b"
Last-Modified: Thu, 13 Apr 2023 05:32:35 GMT
Server: nginx/1.22.1
Transfer-Encoding: chunked

GET
H2 200 dls_dcv5up.css
firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/ 395 KB
396 KB 764ms
712ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/dls_dcv5up.css?alt=media&token=af2862ab-5669-4858-af3b-ee8cecb6e6b6
Requested by: Host: 55.xn--80aadkum9bf.xn--p1ai
URL: http://55.xn--80aadkum9bf.xn--p1ai/css/-/amexcvv.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: b73e78d39762572c05c0f4fea00f57d703dba65f6744514ef7a8e029318684ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://55.xn--80aadkum9bf.xn--p1ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:33 GMT
x-guploader-uploadid: ADPycduRqNQoXUSH-GHxRxHUiP-KUhmTKPsImymNkZqlLIEhEsM9NU2TaJt-mkK1nrzN29XPXdVOulSNNpjM7y6MJfeuLQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''dls_dcv5up.css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 404810
last-modified: Thu, 24 Nov 2022 13:21:26 GMT
server: UploadServer
etag: "3277c98bd56b2229a7bedbca692319f6"
x-goog-generation: 1669296086508725
content-type: text/css
x-goog-hash: crc32c=NFlBow==, md5=MnfJi9VrIimnvtvKaSMZ9g==
cache-control: private, max-age=0
x-goog-stored-content-length: 404810
x-goog-meta-firebasestoragedownloadtokens: af2862ab-5669-4858-af3b-ee8cecb6e6b6
accept-ranges: bytes
expires: Mon, 24 Apr 2023 05:37:33 GMT

GET
H2 200 font_cwhs2t.css
firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/ 212 KB
213 KB 728ms
677ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/font_cwhs2t.css?alt=media&token=aa11aa3d-330e-4711-8e89-14f10e5713d1
Requested by: Host: 55.xn--80aadkum9bf.xn--p1ai
URL: http://55.xn--80aadkum9bf.xn--p1ai/css/-/amexcvv.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 996e3f0f97560275527906b77b77ea592f06b410225d40ae7880a3caef3466ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://55.xn--80aadkum9bf.xn--p1ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:33 GMT
x-guploader-uploadid: ADPycdvc0ViaZlxg3IQpKtuNsplfzLQvg8bJlWrY5vyFY15Pf0CsNquv8XZDm_pAKpxPcjI1RA0glCUxppr7suSEBkRDlw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''font_cwhs2t.css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 217388
last-modified: Thu, 24 Nov 2022 13:21:25 GMT
server: UploadServer
etag: "f69de86bfa9309d89f121c432bf6d7d8"
x-goog-generation: 1669296085307344
content-type: text/css
x-goog-hash: crc32c=f7A+EA==, md5=9p3oa/qTCdifEhxDK/bX2A==
cache-control: private, max-age=0
x-goog-stored-content-length: 217388
x-goog-meta-firebasestoragedownloadtokens: aa11aa3d-330e-4711-8e89-14f10e5713d1
accept-ranges: bytes
expires: Mon, 24 Apr 2023 05:37:33 GMT

GET
H2 200 fonts_n74ldn.css
firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/ 104 KB
105 KB 754ms
703ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/fonts_n74ldn.css?alt=media&token=d479aadb-8d2a-4ba3-a354-4857c85d91ca
Requested by: Host: 55.xn--80aadkum9bf.xn--p1ai
URL: http://55.xn--80aadkum9bf.xn--p1ai/css/-/amexcvv.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 08ed7823c2cdb7b89093fa8c4fd9eee8c66da6a72be66d31fac37e690f2531a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://55.xn--80aadkum9bf.xn--p1ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:33 GMT
x-guploader-uploadid: ADPycdv40Z0_FlVxBZLJWBXjtDqJjDekVRMoE1u7AajnM6zpsQ-QlBlr1_xg6YvB7td3YZg9rNNeh3FDLCBnxrpQehGUtw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename*=utf-8''fonts_n74ldn.css
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106973
last-modified: Thu, 24 Nov 2022 13:21:25 GMT
server: UploadServer
etag: "f7dc03eeb24e17a07d46e5dc9311475e"
x-goog-generation: 1669296085045677
content-type: text/css
x-goog-hash: crc32c=uLh5mA==, md5=99wD7rJOF6B9RuXckxFHXg==
cache-control: private, max-age=0
x-goog-stored-content-length: 106973
x-goog-meta-firebasestoragedownloadtokens: d479aadb-8d2a-4ba3-a354-4857c85d91ca
accept-ranges: bytes
expires: Mon, 24 Apr 2023 05:37:33 GMT

GET
H/1.1

404
Not Found

spacer.png
s2.be/aexp-static/
Redirect Chain

http://www.s2.be/aexp-static/spacer.png
https://www.s2.be/aexp-static/spacer.png
https://s2.be/aexp-static/spacer.png

0
0

387ms
349ms

Image
text/html

2a01:7c8:ec:0:149:210:196:91
TRANSIP-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s2.be/aexp-static/spacer.png
Requested by: Host: 55.xn--80aadkum9bf.xn--p1ai
URL: http://55.xn--80aadkum9bf.xn--p1ai/css/-/amexcvv.html
Protocol: HTTP/1.1
Server: 2a01:7c8:ec:0:149:210:196:91 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://55.xn--80aadkum9bf.xn--p1ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Redirect headers

Expires: Mon, 24 Apr 2023 06:37:33 GMT
Date: Mon, 24 Apr 2023 05:37:33 GMT
X-TransIP-Balancer: balancer2
X-TransIP-Backend: web246
Server: Apache
X-Redirect-By: WordPress
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Location: https://s2.be/aexp-static/spacer.png
Cache-Control: max-age=3600
X-UA-Compatible: IE=edge

GET
H2

200

inav_responsive.css
icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/
Redirect Chain

https://www.aexp-static.com/nav/ngn/css/inav_responsive.css
https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css

93 KB
10 KB

74ms
22ms

Stylesheet
text/css

23.197.129.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css

Requested by

Host: 55.xn--80aadkum9bf.xn--p1ai
URL: http://55.xn--80aadkum9bf.xn--p1ai/css/-/amexcvv.html

Protocol

Server

23.197.129.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-129-56.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

7f1b85f13e643de7a8dd568b6073849d777a677a7d699229b8eb2fdb787ff2b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://55.xn--80aadkum9bf.xn--p1ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 24 Apr 2023 05:37:33 GMT
last-modified: Thu, 20 Apr 2023 05:48:26 GMT
server: Akamai Resource Optimizer
etag: "175ef-59d27fa268d99-gzip"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, must-revalidate, max-age=3263
accept-ranges: bytes
content-length: 9708

Redirect headers

location: https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css
date: Mon, 24 Apr 2023 05:37:33 GMT
server: AkamaiGHost
content-length: 0

GET
H2 404 OCA_body-background.gif
online.americanexpress.com/myca/oce/us/oce/images/actreg/ 14 B
14 B 299ms
182ms Image
text/plain 23.37.63.18
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.americanexpress.com/myca/oce/us/oce/images/actreg/OCA_body-background.gif

Requested by

Host: 55.xn--80aadkum9bf.xn--p1ai
URL: http://55.xn--80aadkum9bf.xn--p1ai/css/-/amexcvv.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.63.18 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-63-18.deploy.static.akamaitechnologies.com

Software

BigIP /

Resource Hash

cb2f00d1e554baf96001ddb5e22ee63a8053fd3f8b6cad8acd74504af0dadb52

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000 ; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://55.xn--80aadkum9bf.xn--p1ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:33 GMT
strict-transport-security: max-age=15768000 ; includeSubDomains
server: BigIP
content-length: 14

GET
H2 200 clear.gif
www.aexp-static.com/nav/ngn/img/ 43 B
218 B 60ms
59ms Image
image/gif 23.197.129.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/nav/ngn/img/clear.gif
Requested by: Host: 55.xn--80aadkum9bf.xn--p1ai
URL: http://55.xn--80aadkum9bf.xn--p1ai/css/-/amexcvv.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.129.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-129-56.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://55.xn--80aadkum9bf.xn--p1ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:33 GMT
last-modified: Wed, 15 Aug 2018 20:46:09 GMT
etag: "5b749111-2b"
content-type: image/gif
cache-control: max-age=15552000
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Thu, 26 Nov 2020 12:35:22 GMT

GET
H2 200 logo_bluebox_1x.gif
www.aexp-static.com/nav/ngn/img/ 4 KB
5 KB 148ms
148ms Image
image/gif 23.197.129.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/nav/ngn/img/logo_bluebox_1x.gif
Requested by: Host: 55.xn--80aadkum9bf.xn--p1ai
URL: http://55.xn--80aadkum9bf.xn--p1ai/css/-/amexcvv.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.129.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-129-56.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b754eb74fa8f416b4803252f7994d7aa22d697a5eb77f0b4df8e3839f9621c9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://55.xn--80aadkum9bf.xn--p1ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:33 GMT
last-modified: Wed, 15 Aug 2018 20:46:09 GMT
etag: "5b749111-1148"
vary: Origin
content-type: image/gif
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
content-length: 4424

GET
H2 404 spacer.png
online.americanexpress.com/myca/fuidfyp/us/resources/images/ 14 B
14 B 341ms
341ms Image
text/plain 23.37.63.18
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.americanexpress.com/myca/fuidfyp/us/resources/images/spacer.png

Requested by

Host: 55.xn--80aadkum9bf.xn--p1ai
URL: http://55.xn--80aadkum9bf.xn--p1ai/css/-/amexcvv.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.63.18 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-63-18.deploy.static.akamaitechnologies.com

Software

BigIP /

Resource Hash

cb2f00d1e554baf96001ddb5e22ee63a8053fd3f8b6cad8acd74504af0dadb52

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000 ; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://55.xn--80aadkum9bf.xn--p1ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:34 GMT
strict-transport-security: max-age=15768000 ; includeSubDomains
server: BigIP
content-length: 14

GET
H2 200 iNav_ngi_sprite_new.gif
icm.aexp-static.com/content/dam/Navigation/nav/ngn/img/ 23 KB
23 KB 29ms
28ms Image
image/gif 23.197.129.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/img/iNav_ngi_sprite_new.gif?ver=0916_01

Requested by

Host: icm.aexp-static.com
URL: https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.129.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-129-56.deploy.static.akamaitechnologies.com

Software

Resource Hash

0d4e7d13d424c4569af233a3188ac42edaa093a12bced0dba6095c00047006e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 31 Jan 2020 17:44:58 GMT
etag: "5b47-59d7321df859c-gzip"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, must-revalidate, max-age=3071
accept-ranges: bytes
content-length: 23358

GET
H2 200 img_shdw_mainNav.png
www.aexp-static.com/nav/ngn/img/ 143 B
319 B 33ms
33ms Image
image/png 23.197.129.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/nav/ngn/img/img_shdw_mainNav.png
Requested by: Host: 55.xn--80aadkum9bf.xn--p1ai
URL: http://55.xn--80aadkum9bf.xn--p1ai/css/-/amexcvv.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.129.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-129-56.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d3c6dbfeb63c1155df3a80a04d72d9c0c95ed561d54c9694019c28eac1920c1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://55.xn--80aadkum9bf.xn--p1ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:33 GMT
last-modified: Wed, 15 Aug 2018 20:46:09 GMT
etag: "5b749111-8f"
content-type: image/png
cache-control: max-age=15552000
accept-ranges: bytes
timing-allow-origin: *
content-length: 143
expires: Tue, 02 Mar 2021 18:57:41 GMT

GET
H2 200 3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
icm.aexp-static.com/content/dam/Navigation/nav/ngn/fonts/ 36 KB
36 KB 69ms
47ms Font
application/x-font-woff 23.197.129.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff

Requested by

Host: icm.aexp-static.com
URL: https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.129.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-129-56.deploy.static.akamaitechnologies.com

Software

Resource Hash

48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css
Origin: http://55.xn--80aadkum9bf.xn--p1ai
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 19 Mar 2020 15:40:18 GMT
etag: "9121-5a136fc64e80b-gzip"
vary: Accept-Encoding
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
content-type: application/x-font-woff
cache-control: public, must-revalidate, max-age=2045
accept-ranges: bytes
content-length: 36069

GET
H2 200 iNav_sprite_footer.gif
icm.aexp-static.com/content/dam/Navigation/nav/ngn/img/ 5 KB
5 KB 346ms
346ms Image
image/gif 23.197.129.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/img/iNav_sprite_footer.gif?ver=0916_02

Requested by

Host: icm.aexp-static.com
URL: https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.129.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-129-56.deploy.static.akamaitechnologies.com

Software

Resource Hash

fd959c1552b95596319a7cb998061162bc3fd7a45f059caf8c9ec7c38fac35bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 31 Jan 2020 17:44:59 GMT
etag: "12b4-59d7321ea1338-gzip"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, must-revalidate, max-age=5260
accept-ranges: bytes
content-length: 4809

GET
H2 200 iNav_sprite_footer1.gif
icm.aexp-static.com/content/dam/Navigation/nav/ngn/img/ 5 KB
5 KB 28ms
28ms Image
image/gif 23.197.129.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/img/iNav_sprite_footer1.gif?ver=0917_11

Requested by

Host: icm.aexp-static.com
URL: https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.129.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-129-56.deploy.static.akamaitechnologies.com

Software

Resource Hash

b3be0c1dca2d9a00d8da591e1c209fced4d3ee588efb495eed4191aa2558e658

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 31 Jan 2020 17:48:29 GMT
etag: "15e3-59d732e75799c-gzip"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, must-revalidate, max-age=5274
accept-ranges: bytes
content-length: 5380

GET
H2 200 0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff
www.aexp-static.com/nav/ngn/fonts/ 37 KB
38 KB 59ms
38ms Font
font/woff 23.197.129.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aexp-static.com/nav/ngn/fonts/0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff
Requested by: Host: firebasestorage.googleapis.com
URL: https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/dls_dcv5up.css?alt=media&token=af2862ab-5669-4858-af3b-ee8cecb6e6b6
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.129.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-129-56.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 568d1bad8ef5d3ee9e14e5bdc304985d4d9a8d791bfe4fdb689fc2bef638466c

Request headers

Referer: https://firebasestorage.googleapis.com/
Origin: http://55.xn--80aadkum9bf.xn--p1ai
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:33 GMT
last-modified: Wed, 15 Aug 2018 20:46:09 GMT
etag: "5b749111-943d"
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=15552000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length: 37949
expires: Fri, 27 Nov 2020 03:31:12 GMT

GET
H2 200 0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff
icm.aexp-static.com/content/dam/Navigation/nav/ngn/fonts/ 37 KB
36 KB 57ms
40ms Font
application/x-font-woff 23.197.129.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/fonts/0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff

Requested by

Host: icm.aexp-static.com
URL: https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.129.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-129-56.deploy.static.akamaitechnologies.com

Software

Resource Hash

568d1bad8ef5d3ee9e14e5bdc304985d4d9a8d791bfe4fdb689fc2bef638466c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://icm.aexp-static.com/content/dam/Navigation/nav/ngn/css/inav_responsive.css
Origin: http://55.xn--80aadkum9bf.xn--p1ai
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Mon, 24 Apr 2023 05:37:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 19 Mar 2020 15:40:17 GMT
etag: "943d-5a136fc57c4d2-gzip"
vary: Accept-Encoding
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
content-type: application/x-font-woff
cache-control: public, must-revalidate, max-age=5742
accept-ranges: bytes
content-length: 36909

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: American Express (Financial)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| validate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://online.americanexpress.com/myca/oce/us/oce/images/actreg/OCA_body-background.gif Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://online.americanexpress.com/myca/fuidfyp/us/resources/images/spacer.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://s2.be/aexp-static/spacer.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

55.xn--80aadkum9bf.xn--p1ai
firebasestorage.googleapis.com
icm.aexp-static.com
online.americanexpress.com
s2.be
www.aexp-static.com
www.s2.be
23.197.129.56
23.37.63.18
2a00:1450:4001:82a::200a
2a01:7c8:ec:0:149:210:196:91
37.131.203.187
08ed7823c2cdb7b89093fa8c4fd9eee8c66da6a72be66d31fac37e690f2531a9
0d4e7d13d424c4569af233a3188ac42edaa093a12bced0dba6095c00047006e3
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad
568d1bad8ef5d3ee9e14e5bdc304985d4d9a8d791bfe4fdb689fc2bef638466c
7f1b85f13e643de7a8dd568b6073849d777a677a7d699229b8eb2fdb787ff2b9
84d19b168b49a9960a66fc337852e173721e4c532b15dea147c7c6e313bc18fd
996e3f0f97560275527906b77b77ea592f06b410225d40ae7880a3caef3466ff
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3be0c1dca2d9a00d8da591e1c209fced4d3ee588efb495eed4191aa2558e658
b73e78d39762572c05c0f4fea00f57d703dba65f6744514ef7a8e029318684ef
b754eb74fa8f416b4803252f7994d7aa22d697a5eb77f0b4df8e3839f9621c9e
cb2f00d1e554baf96001ddb5e22ee63a8053fd3f8b6cad8acd74504af0dadb52
d3c6dbfeb63c1155df3a80a04d72d9c0c95ed561d54c9694019c28eac1920c1b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fd959c1552b95596319a7cb998061162bc3fd7a45f059caf8c9ec7c38fac35bb

55.xn--80aadkum9bf.xn--p1ai Open in urlscan Pro Puny 55.садикасб.рф IDN 37.131.203.187 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

82 %HTTPS

40 %IPv6

5 Domains

7 Subdomains

5 IPs

3 Countries

878 kBTransfer

986 kBSize

0 Cookies

0 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

3 Console Messages

Indicators

55.xn--80aadkum9bf.xn--p1ai Open in urlscan Pro Puny
55.садикасб.рф IDN
37.131.203.187 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

82 %
HTTPS

40 %
IPv6

5
Domains

7
Subdomains

5
IPs

3
Countries

878 kB
Transfer

986 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!