americanexprezzai.com
Open in
urlscan Pro
37.34.176.37
Malicious Activity!
Public Scan
Effective URL: http://americanexprezzai.com/amarach/
Submission: On April 03 via manual from US
Summary
This is the only time americanexprezzai.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online) American Express (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 206.189.142.244 206.189.142.244 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean) | |
1 2 | 37.34.176.37 37.34.176.37 | 42961 (GPRS-AS ZAIN) (GPRS-AS ZAIN) | |
1 1 | 200.91.115.40 200.91.115.40 | 11830 (Instituto...) (Instituto Costarricense de Electricidad y Telecom.) | |
4 | 81.12.175.59 81.12.175.59 | 12302 (VODAFONE_...) (VODAFONE_RO Charles de Gaulle nr.15) | |
6 | 109.166.208.203 109.166.208.203 | 8953 (ASN-ORANG...) (ASN-ORANGE-ROMANIA) | |
4 | 89.190.74.198 89.190.74.198 | 41088 (CZNSYS) (CZNSYS) | |
18 | 6 |
ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
creatednotmutated.com |
ASN11830 (Instituto Costarricense de Electricidad y Telecom., CR)
americanexprezzai.com |
ASN12302 (VODAFONE_RO Charles de Gaulle nr.15, RO)
americanexprezzai.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
americanexprezzai.com
2 redirects
americanexprezzai.com |
255 KB |
2 |
creatednotmutated.com
creatednotmutated.com |
668 B |
18 | 2 |
Domain | Requested by | |
---|---|---|
17 | americanexprezzai.com |
2 redirects
americanexprezzai.com
|
2 | creatednotmutated.com | |
18 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
creatednotmutated.com Let's Encrypt Authority X3 |
2019-03-30 - 2019-06-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://americanexprezzai.com/amarach/
Frame ID: 9FBB23BADE02E97DB98CA5CC7249BC0C
Requests: 18 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://creatednotmutated.com/ Page URL
- https://creatednotmutated.com/index Page URL
-
http://americanexprezzai.com/
HTTP 302
http://americanexprezzai.com/amarach HTTP 301
http://americanexprezzai.com/amarach/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://creatednotmutated.com/ Page URL
- https://creatednotmutated.com/index Page URL
-
http://americanexprezzai.com/
HTTP 302
http://americanexprezzai.com/amarach HTTP 301
http://americanexprezzai.com/amarach/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
creatednotmutated.com/ |
46 B 319 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index
creatednotmutated.com/ |
69 B 349 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
americanexprezzai.com/amarach/ Redirect Chain
|
27 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MaskedPassword.js
americanexprezzai.com/amarach/login_files/ |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ELILODefault.css
americanexprezzai.com/amarach/login_files/ |
11 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RWDcmaxLogon.css
americanexprezzai.com/amarach/login_files/ |
751 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ELILOLarge.css
americanexprezzai.com/amarach/login_files/ |
227 B 519 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
inav_responsive_intl.css
americanexprezzai.com/amarach/login_files/ |
113 KB 114 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btnSpriteStyles.css
americanexprezzai.com/amarach/login_files/ |
20 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.gif
americanexprezzai.com/amarach/login_files/ |
43 B 335 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_bluebox-55x54.svg
americanexprezzai.com/amarach/login_files/ |
9 KB 10 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img_orangearrow.gif
americanexprezzai.com/amarach/login_files/ |
181 B 474 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
defaultticketink.jpg
americanexprezzai.com/amarach/login_files/ |
17 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
predSearchIntl.css
americanexprezzai.com/amarach/login_files/ |
9 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iNav_ngi_sprite_new.gif
americanexprezzai.com/amarach/login_files/ |
23 KB 23 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img_shdw_mainNav.png
americanexprezzai.com/amarach/login_files/ |
143 B 436 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
elilo-sprite.gif
americanexprezzai.com/amarach/login_files/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
iNav_ngi_sprite_footer.gif
americanexprezzai.com/amarach/login_files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- americanexprezzai.com
- URL
- http://americanexprezzai.com/amarach/login_files/iNav_ngi_sprite_footer.gif
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online) American Express (Financial)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| MaskedPassword function| empty function| change object| NAV number| j0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
americanexprezzai.com
creatednotmutated.com
americanexprezzai.com
109.166.208.203
200.91.115.40
206.189.142.244
37.34.176.37
81.12.175.59
89.190.74.198
0d4e7d13d424c4569af233a3188ac42edaa093a12bced0dba6095c00047006e3
232e596cecd9de10f2b93d9a8840d20e37c5b997330583791199e5faf2596165
2cfdb08c07395b0be65df154f068ade61c1bfad7e3e3e2d0e40b85319fa95825
37eaf5304cbc395b753212283557d27c4907e99d0092155e98e356ada5f2083e
4e8d2179880ca3d1d95fb66b2970cce9c77c704729765899a0d4f7d0f1e7c31f
502a12eff61ce61aadebe10d1d9f804b514951cec8177ac9e0c7dc25b30dee22
55205b33498928f1d49f8c085ae2d66116700b244135f297a47dff5b36ac13d3
68e0a6ce3093791926563a2a14d78661e1e3a5cbd7d480f3dc52de3bff276ed4
7c3561cb6494af21aeb93bee7364f2914e578a6fb8208bd3c8812a071c2ca4bb
7fbf271380e38fafc8463c528620e5bfc6d39d9b30d3cbb827cef04e226ee5f4
9bedfbcc3e602d182e232daca408a303b96620908e515e31743c2b431d416d74
a5d0dc0c73a19e24902f36ce3bf6ee6b1a8bfbdf3d61e77d91eb4024a1c2dddf
af9a520ece32f82864c7e73a511d6ccb53778132a22218801067431679fc01de
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
d3c6dbfeb63c1155df3a80a04d72d9c0c95ed561d54c9694019c28eac1920c1b