wg1489861.virtualuser.de
Open in
urlscan Pro
46.20.34.169
Malicious Activity!
Public Scan
URL:
https://wg1489861.virtualuser.de/Secure%20Application.php?zuFKHjUxNQRLElsvnDTYIAhZgCfkmJrGypbowWXetOPdMiBVacSqE46gxk9zs82eH5Um0qt...
Submission: On July 28 via api from US — Scanned from DE
Submission: On July 28 via api from US — Scanned from DE
Summary
This website contacted 5 IPs
in 2 countries
across 4 domains to perform 34 HTTP transactions.
The main IP is 46.20.34.169, located in
Germany and
belongs to MYLOC-AS IP Backbone of myLoc managed IT AG, DE.
The main domain is wg1489861.virtualuser.de.
TLS certificate: Issued by R10 on July 27th 2024. Valid for: 3 months.
This is the only time wg1489861.virtualuser.de was scanned on urlscan.io!
TLS certificate: Issued by R10 on July 27th 2024. Valid for: 3 months.
This is the only time wg1489861.virtualuser.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: American Express (Financial)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 21 | 46.20.34.169 46.20.34.169 | 24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG) | |
| 5 | 23.212.203.180 23.212.203.180 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 3 | 2600:9000:206... 2600:9000:206f:5600:2:8f43:5780:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 23.212.221.34 23.212.221.34 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 34 | 5 |
21
46.20.34.169
(Germany)
ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: web1.united-gameserver.de
ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: web1.united-gameserver.de
| wg1489861.virtualuser.de |
5
23.212.203.180
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a23-212-203-180.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a23-212-203-180.deploy.static.akamaitechnologies.com
| secure.cmax.americanexpress.com | |
| www.aexp-static.com | |
| icm.aexp-static.com |
1
23.212.221.34
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a23-212-221-34.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a23-212-221-34.deploy.static.akamaitechnologies.com
| www.americanexpress.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 21 |
virtualuser.de
wg1489861.virtualuser.de |
196 KB |
| 4 |
aexp-static.com
www.aexp-static.com — Cisco Umbrella Rank: 17513 icm.aexp-static.com — Cisco Umbrella Rank: 22942 |
50 KB |
| 3 |
ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 5862 |
1 KB |
| 2 |
americanexpress.com
secure.cmax.americanexpress.com — Cisco Umbrella Rank: 169527 functions.americanexpress.com Failed www.americanexpress.com — Cisco Umbrella Rank: 18485 |
2 KB |
| 34 | 4 |
| Domain | Requested by | |
|---|---|---|
| 21 | wg1489861.virtualuser.de |
wg1489861.virtualuser.de
|
| 3 | nexus.ensighten.com |
wg1489861.virtualuser.de
|
| 3 | www.aexp-static.com |
wg1489861.virtualuser.de
icm.aexp-static.com |
| 1 | www.americanexpress.com | |
| 1 | icm.aexp-static.com |
wg1489861.virtualuser.de
|
| 1 | secure.cmax.americanexpress.com |
wg1489861.virtualuser.de
|
| 0 | functions.americanexpress.com Failed |
www.aexp-static.com
|
| 34 | 7 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.americanexpress.com |
| global.americanexpress.com |
| travel.americanexpress.nl |
| careers.americanexpress.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| wg1489861.virtualuser.de R10 |
2024-07-27 - 2024-10-25 |
3 months | crt.sh |
| m.americanexpress.com DigiCert SHA2 Extended Validation Server CA |
2024-03-06 - 2025-03-06 |
a year | crt.sh |
| nexus.ensighten.com Amazon RSA 2048 M02 |
2023-09-29 - 2024-10-27 |
a year | crt.sh |
| www.americanexpress.com DigiCert SHA2 Extended Validation Server CA |
2024-07-08 - 2025-07-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://wg1489861.virtualuser.de/Secure%20Application.php?zuFKHjUxNQRLElsvnDTYIAhZgCfkmJrGypbowWXetOPdMiBVacSqE46gxk9zs82eH5Um0qtBiPRW3YJvaL7c1NoF=ugkbDOUztjKoTYpnqSCQRMcEaViAvLxJsdNXfwremFPWGIBlyhZH5EogBi6YeNJHUxsq32km9LFR1vWt40zPa78c
Frame ID: ED257F48E9EC6DF5BBF79502D9689438
Requests: 34 HTTP requests in this frame
Screenshot
Page Title
American Express - Secure ApplicationDetected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Amex Express Checkout
(Payment processors)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- aexp-static\.com
React
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <[^>]+data-react
Ensighten
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- //nexus\.ensighten\.com/
Page Statistics
42 Outgoing links
These are links going to different origins than the main page.
URL: https://www.americanexpress.com/nl/
Search URL Search Domain Scan URL
URL: https://global.americanexpress.com/dashboard?inav=nl_menu_myacct_acctsum
Title: Inloggen
Title: Inloggen
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cards/welkom-nieuwe-cardmembers.html?inav=nl_menu_myacct_service_welcome
Title: Welkom nieuwe Cardmembers
Title: Welkom nieuwe Cardmembers
Search URL Search Domain Scan URL
URL: https://global.americanexpress.com/myca/oce/emea/action/home?request_type=un_Register&Face=nl_NL&inav=nl_menu_myacct_reg_online
Title: Account aanmaken
Title: Account aanmaken
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cardmember/online-services.html?inav=nl_menu_myacct_online_services
Title: Voordelen van een online account
Title: Voordelen van een online account
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/customer-service/digital/amex-app.html?inav=nl_menu_myacct_amex_mobileapp
Title: American Express App
Title: American Express App
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/voordelen/the-blue-card.html?inav=nl_menu_myacct_blue
Title: Blue
Title: Blue
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/voordelen/the-green-card.html?inav=nl_menu_myacct_green
Title: Green
Title: Green
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/voordelen/the-gold-card.html?inav=nl_menu_myacct_gold
Title: Gold
Title: Gold
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/voordelen/flyingblue-platinum-card/index.html?inav=nl_menu_myacct_fb_platinum
Title: Flying Blue Platinum
Title: Flying Blue Platinum
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/voordelen/the-platinum-card/?inav=nl_menu_myacct_plat
Title: Platinum
Title: Platinum
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/voordelen/centurion/index.html?inav=nl_menu_myacct_cent
Title: Centurion
Title: Centurion
Search URL Search Domain Scan URL
URL: https://global.americanexpress.com/myca/oce/emea/action/home?request_type=un_Activation&Face=nl_NL#/&inav=nl_menu_myacct_activate
Title: Kaart activeren
Title: Kaart activeren
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/voordelen/extra-kaarten/index.html?inav=nl_menu_myacct_extra_appsup
Title: Extra kaart aanvragen
Title: Extra kaart aanvragen
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/voordelen/kaart-upgraden/index.html?inav=nl_menu_myacct_extra_appup
Title: Kaart upgraden
Title: Kaart upgraden
Search URL Search Domain Scan URL
URL: https://global.americanexpress.com/account-management/pin?inav=nl_menu_myacct_pin
Title: Pincode bekijken
Title: Pincode bekijken
Search URL Search Domain Scan URL
URL: https://global.americanexpress.com/account-management/pin/change?inav=nl_menu_myacct_pin_change
Title: Pincode wijzigen
Title: Pincode wijzigen
Search URL Search Domain Scan URL
URL: https://global.americanexpress.com/address/edit?inav=nl_menu_myacct_adres
Title: Adres wijzigen
Title: Adres wijzigen
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cardmember/service-contact.html?inav=nl_menu_myacct_service_contact
Title: Contact
Title: Contact
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cards/insurance/index.html?inav=nl_menu_myacct_extra_insurance
Title: Verzekeringen per kaart
Title: Verzekeringen per kaart
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/content/verzekeringen/claim-indienen/index.html?inav=nl_menu_myacct_service_maps
Title: Verzekeringsclaim indienen
Title: Verzekeringsclaim indienen
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cardmember/veilig-betalen.html?inav=nl_menu_myacct_service_payment
Title: Veilig betalen
Title: Veilig betalen
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cards/?inav=nl_sitefooter_amexcards
Title: American Express kaarten
Title: American Express kaarten
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cards/flyingblue/?inav=nl_sitefooter_fb_cards
Title: Flying Blue kaarten
Title: Flying Blue kaarten
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/content/business-cards/?inav=nl_sitefooter_business_cards
Title: Zakelijke kaarten
Title: Zakelijke kaarten
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/informatie/creditcard-en-charge-card/?inav=nl_sitefooter_creditcardinfo
Title: Wat is een creditcard?
Title: Wat is een creditcard?
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cards/insurance/?netherlands_nav=newhomepage&inav=nl_sitefooter_insurance
Title: Verzekeringen per kaart
Title: Verzekeringen per kaart
Search URL Search Domain Scan URL
URL: https://travel.americanexpress.nl/travel/arc.cfm?inav=nl_sitefooter_booktrip
Title: Boek een reis
Title: Boek een reis
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/customer-service/digital/amex-app.html?inav=nl_sitefooter_mobileapp
Title: American Express App
Title: American Express App
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cardmember/veilig-betalen.html?inav=nl_sitefooter_veiligbetalen
Title: Veilig betalen
Title: Veilig betalen
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/merchant/accepteer-de-kaart.html?inav=nl_sitefooter_accepteer_de_kaart
Title: Accepteer de kaart
Title: Accepteer de kaart
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cardmember/service-contact.html?inav=nl_sitefooter_cardlost
Title: Verlies of diefstal van kaart
Title: Verlies of diefstal van kaart
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cardmember/service-contact.html?inav=nl_sitefooter_faqs
Title: Veelgestelde vragen
Title: Veelgestelde vragen
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/content/information-and-help/cardmember-agreement.html?inav=nl_mycard_cards_help_tandcs
Title: Algemene voorwaarden
Title: Algemene voorwaarden
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/legal/online-privacyverklaring.html?inav=nl_legalfooter_privacy
Title: Privacyverklaring
Title: Privacyverklaring
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cardmember/service-contact.html?inav=nl_sitefooter_contact
Title: Service & contact
Title: Service & contact
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cardmember/over-american-express.html?inav=nl_sitefooter_aboutamex
Title: Informatie over American Express
Title: Informatie over American Express
Search URL Search Domain Scan URL
URL: http://careers.americanexpress.com/?inav=nl_sitefooter_careers
Title: Werken bij American Express
Title: Werken bij American Express
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/netherlands/site_map_default.shtml?inav=nl_sitefooter_sitemap
Title: Site Map
Title: Site Map
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/cardmember/service-contact.html?inav=nl_legalfooter_faq
Title: Veelgestelde vragen
Title: Veelgestelde vragen
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/informatie/algemene-voorwaarden.html?inav=nl_legalfooter_tandcs
Title: Algemene voorwaarden
Title: Algemene voorwaarden
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/nl/legal/online-privacyverklaring.html?inav=nl_legalfooter_privstat
Title: Privacyverklaring
Title: Privacyverklaring
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
34 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
Secure%20Application.php
wg1489861.virtualuser.de/ |
32 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
plx.ch2ck.js
wg1489861.virtualuser.de/bestanden/ |
1 KB 481 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
application-style-supp.css
wg1489861.virtualuser.de/bestanden/ |
41 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clienttimeout.js
wg1489861.virtualuser.de/bestanden/ |
430 B 458 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Bootstrap_002.js
wg1489861.virtualuser.de/bestanden/ |
84 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
inav_ngi_nested.css
wg1489861.virtualuser.de/bestanden/ |
98 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
btnSpriteStyles.css
wg1489861.virtualuser.de/bestanden/ |
27 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo_bluebox-55x54.svg
wg1489861.virtualuser.de/bestanden/ |
9 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
klm_conv.jpg
wg1489861.virtualuser.de/bestanden/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
padlock.gif
wg1489861.virtualuser.de/bestanden/ |
569 B 738 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Bootstrap.js
wg1489861.virtualuser.de/bestanden/ |
52 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
commonFunctionsInternational.js
wg1489861.virtualuser.de/bestanden/ |
68 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
8313bbd096237549224bbf283fb84d
wg1489861.virtualuser.de/bestanden/ |
61 KB 61 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clienttimeout.js
secure.cmax.americanexpress.com/Internet/Acquisition/NL_nl/AppContent/common/static/ |
450 B 547 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iNav_ngi_sprite_new.gif
wg1489861.virtualuser.de/bestanden/ |
23 KB 23 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
img_shdw_mainNav.png
wg1489861.virtualuser.de/bestanden/ |
143 B 311 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
background.gif
wg1489861.virtualuser.de/bestanden/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
innerwrapper_bground.gif
wg1489861.virtualuser.de/bestanden/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
btn_Blue_next_longer.gif
wg1489861.virtualuser.de/bestanden/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iNav_ngi_sprite_footer.gif
wg1489861.virtualuser.de/bestanden/ |
934 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
visitorAPI-intl.js
www.aexp-static.com/cdaas/api/axpi/omniture/visitorapi/4.3.0/ |
58 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
8313bbd096237549224bbf283fb84d
wg1489861.virtualuser.de/resources/ |
970 B 619 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Bootstrap.js
nexus.ensighten.com/amexeu/ |
15 B 491 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
serverComponent.php
nexus.ensighten.com/amex/intl_amexhead/ |
60 B 474 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
euc_cookie.js
icm.aexp-static.com/content/dam/Navigation/nav/ngn/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gct.js
www.aexp-static.com/api/axpi/GCT/ |
15 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
serverComponent.php
nexus.ensighten.com/amexeu/ |
60 B 474 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
8313bbd096237549224bbf283fb84d
wg1489861.virtualuser.de/resources/ |
970 B 619 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
script-supplier.js
www.aexp-static.com/cdaas/one/axp-script-supplier/5.1.2/ |
80 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
ReadScriptRegistry.v1
functions.americanexpress.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
www.americanexpress.com/ |
1 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
ReadScriptRegistry.v1
functions.americanexpress.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
ReadScriptRegistry.v1
functions.americanexpress.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
ReadScriptRegistry.v1
functions.americanexpress.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- functions.americanexpress.com
- URL
- https://functions.americanexpress.com/ReadScriptRegistry.v1?name=user-consent-management&version=*&environment=e3&cache=1722178
- Domain
- functions.americanexpress.com
- URL
- https://functions.americanexpress.com/ReadScriptRegistry.v1?name=user-consent-management&version=*&environment=e3&cache=1722178
- Domain
- functions.americanexpress.com
- URL
- https://functions.americanexpress.com/ReadScriptRegistry.v1?name=user-consent-management&version=*&environment=e3&cache=1722178
- Domain
- functions.americanexpress.com
- URL
- https://functions.americanexpress.com/ReadScriptRegistry.v1?name=user-consent-management&version=*&environment=e3&cache=1722178
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: American Express (Financial)93 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| PLX string| omn_events string| omn_hierarchy string| omn_language string| omn_pagename string| omn_products string| omn_applyflow string| omn_pmc string| omn_newpagename string| ensightenPCT string| itm_pagename string| itm_productid number| eappTimeout number| currTime string| timeoutUrl number| timeoutId number| timeout number| totWaitTime object| ensBootstraps object| INTLamexhead function| _log function| doSCLoad object| NAV object| iNavConfig string| s_TopNav object| headEle object| scriptEle object| timeoutEle boolean| iNavjQueryLoad function| initOmnDefault function| iNavjQuery function| $iN object| $events function| $handle object| _cf object| _ac object| bmak string| _sd_trace object| s_TopNavTmp function| omn_rmaction function| omn_rmvar function| omn_bpoclick function| omn_bpoimpression function| ctn_rmaction function| ctn_rmvar function| omn_mer_rmaction function| omn_mer_rmleadstart function| omn_mer_rmshare function| omn_mer_rmvidstart function| omn_mer_rmvidcomplete function| omn_mer_trackdownload function| omn_mer_rmvar function| omn_mer_tracklogin function| omn_relatedprodclick function| searchWidgetAction function| searchWidgetError function| searchWidgetFAQAction function| searchWidgetHyperlinkClick function| searchWidgetSearch function| omn_rmdiscuss function| omn_rmfollowcomplete function| omn_rmfollowstart function| omn_rmlogin function| omn_rmprofile function| omn_rmregcomplete function| omn_rmregstart function| omn_rmaddpaybill function| omn_rmaddsscard function| omn_rmeStatement function| t function| tl object| _enslog object| Bootstrapper number| eli function| initGCT object| qsArray string| k object| o function| e object| visitor object| adobe function| Visitor object| s_c_il number| s_c_in object| EUCOverlay string| euEnvCheckVar string| scriptSupplierPageLocale object| scriptSupplierPrivacySingleton object| EuCookieConsentHandlers string| UCMPageLocale object| axpScriptSupplier object| scriptSupplier object| icats_obj1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| wg1489861.virtualuser.de/ | Name: PHPSESSID Value: bnv88f8lsrecipbd3tbruqgrhp |
10 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
functions.americanexpress.com
icm.aexp-static.com
nexus.ensighten.com
secure.cmax.americanexpress.com
wg1489861.virtualuser.de
www.aexp-static.com
www.americanexpress.com
functions.americanexpress.com
23.212.203.180
23.212.221.34
2600:9000:206f:5600:2:8f43:5780:93a1
46.20.34.169
008aff6d20935ca009254acab9c10689017d76e8d5c1c041f596e584eff4f377
015c005688fa97da1b78fab8263b613690941f7ec33feb04782fcf9434681337
0d4e7d13d424c4569af233a3188ac42edaa093a12bced0dba6095c00047006e3
0f03fa1dc4db9ed12a1f0fdcc97fc57969fbc9448f2293c0f924cfe705c641b6
194b37addb793c71c33302afb3239216455121d66303067e15904eedd0a66b12
24dc34d3f04706d317e6953dc82546ad7247aecc57fe5b6a57fc40ae28fc1735
265d3f591d92fadfe95f4660c382ee64a23538a7353b9880434205a102833de0
3eec33c0754b012d890c997bea10f21a011aec83bd33b93c01c7f99523e23a13
490b72122fbe3bd65270ef647358d22b40adb3d25e837902e983d56f10962d6a
4993ce32b74b1f0d13a926f3f0a79dc7d1bf714ce38130b05068582f96e46899
49b29fce527fb54ba8ef6031d25fdb717412855c76eb6273a0693a4e5f24c046
52567eccbb002cf52dc29824ae02e41ae4d4812d8d89b036bc0191ab080165e9
53aad03757ee633768851de5073b018374ce4506e72e199a4f4f369249dc5a9c
6b9282803623b24af67a6c1ab87c718ffbb4d81657a44e60ccab1c4009a5965f
707f470f10d589cd128b0c23640ae339901dc5210527b5e944baa97e00fa1ddf
7418ef11bff72cd4c0e9748b2c3a9094d5f30104984eaad0be253c3ff3d4f529
9877247129dd1f5e00fee644d94ecbf1c4bb6d15ef7676841728cbe9c29f78a6
9ad6508c3b1ec50fb822906413eef4ce884138325c780efa68eb945a255b43de
9bedfbcc3e602d182e232daca408a303b96620908e515e31743c2b431d416d74
a846f33f08bc43e1f18a84b3ec393b9cd31c428c300ceb1f1c9c13b0e32055e3
ad68c8c7e80948313b864c7f1f78556234fe7d5fc778337a7bf0db2efd0c7468
b5cba909cf50f636315d440aa69849f3432db102ee7c1caad0e12b35a172332a
c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633
d3c6dbfeb63c1155df3a80a04d72d9c0c95ed561d54c9694019c28eac1920c1b
d568a66a8035de4835f69571906613d7ba433b299a961faa2ccd7f55e003feb9
d5ad5312a1944d2463702bdbe8a019ee33c1a08918014281714ba3981fe4ccea
e6280e8240fe6142584aecaf3da7477f6dfa5502af8a59428b8bc78f70d396f0
eafdc6c30990cf2b9dabe569719ef76ba11dd2a029b5c3cab87a620cfda50c93