![](/screenshots/559736b8-a5aa-45b1-927f-b05f221ccb62.png)
staging.americanexpress.io
Open in
urlscan Pro
23.43.85.5
Malicious Activity!
Public Scan
Submission: On March 16 via api from CA — Scanned from US
Summary
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on March 11th 2024. Valid for: a year.
This is the only time staging.americanexpress.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: American Express (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 23.43.85.5 23.43.85.5 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
7 | 23.207.4.216 23.207.4.216 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 185.199.109.153 185.199.109.153 | 54113 (FASTLY) (FASTLY) | |
2 | 142.251.40.206 142.251.40.206 | 15169 (GOOGLE) (GOOGLE) | |
2 | 184.50.204.132 184.50.204.132 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 23.206.216.174 23.206.216.174 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 1 | 104.117.182.50 104.117.182.50 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 104.117.182.27 104.117.182.27 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 1 | 23.200.0.189 23.200.0.189 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 23.200.0.185 23.200.0.185 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
28 | 9 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-43-85-5.deploy.static.akamaitechnologies.com
staging.americanexpress.io |
ASN16625 (AKAMAI-AS, US)
PTR: a23-207-4-216.deploy.static.akamaitechnologies.com
www.aexp-static.com |
ASN54113 (FASTLY, US)
PTR: cdn-185-199-109-153.github.com
americanexpress.io |
ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f14.1e100.net
www.google-analytics.com |
ASN16625 (AKAMAI-AS, US)
PTR: a184-50-204-132.deploy.static.akamaitechnologies.com
s.go-mpulse.net | |
173bf10f.akstat.io |
ASN16625 (AKAMAI-AS, US)
PTR: a23-206-216-174.deploy.static.akamaitechnologies.com
c.go-mpulse.net |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-117-182-50.deploy.static.akamaitechnologies.com
trial-eum-clientnsv4-s.akamaihd.net |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-117-182-27.deploy.static.akamaitechnologies.com
iawhm4diow3dezpvplpa-p5959t-21b86c0c3-clientnsv4-s.akamaihd.net |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-200-0-189.deploy.static.akamaitechnologies.com
trial-eum-clienttons-s.akamaihd.net |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-200-0-185.deploy.static.akamaitechnologies.com
64-44-118-112_s-23-200-0-189_ts-1710586590-clienttons-s.akamaihd.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
americanexpress.io
staging.americanexpress.io americanexpress.io |
7 MB |
7 |
aexp-static.com
www.aexp-static.com — Cisco Umbrella Rank: 13250 |
276 KB |
4 |
akamaihd.net
2 redirects
trial-eum-clientnsv4-s.akamaihd.net — Cisco Umbrella Rank: 2585 iawhm4diow3dezpvplpa-p5959t-21b86c0c3-clientnsv4-s.akamaihd.net trial-eum-clienttons-s.akamaihd.net — Cisco Umbrella Rank: 2588 64-44-118-112_s-23-200-0-189_ts-1710586590-clienttons-s.akamaihd.net |
1 KB |
2 |
go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1432 c.go-mpulse.net — Cisco Umbrella Rank: 616 |
50 KB |
2 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36 |
21 KB |
1 |
akstat.io
173bf10f.akstat.io — Cisco Umbrella Rank: 21195 |
233 B |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 253 |
17 KB |
28 | 7 |
Domain | Requested by | |
---|---|---|
7 | americanexpress.io |
staging.americanexpress.io
|
7 | www.aexp-static.com |
staging.americanexpress.io
www.aexp-static.com |
6 | staging.americanexpress.io |
staging.americanexpress.io
|
2 | www.google-analytics.com |
staging.americanexpress.io
www.google-analytics.com |
1 | 64-44-118-112_s-23-200-0-189_ts-1710586590-clienttons-s.akamaihd.net | |
1 | trial-eum-clienttons-s.akamaihd.net | 1 redirects |
1 | iawhm4diow3dezpvplpa-p5959t-21b86c0c3-clientnsv4-s.akamaihd.net | |
1 | trial-eum-clientnsv4-s.akamaihd.net | 1 redirects |
1 | 173bf10f.akstat.io |
s.go-mpulse.net
|
1 | c.go-mpulse.net |
s.go-mpulse.net
|
1 | s.go-mpulse.net |
staging.americanexpress.io
|
1 | cdnjs.cloudflare.com |
staging.americanexpress.io
|
28 | 12 |
This site contains links to these domains. Also see Links.
Domain |
---|
aexp.eightfold.ai |
github.com |
developer.americanexpress.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
staging.americanexpress.io DigiCert SHA2 Extended Validation Server CA |
2024-03-11 - 2025-03-10 |
a year | crt.sh |
m.americanexpress.com DigiCert EV RSA CA G2 |
2023-04-05 - 2024-04-04 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
americanexpress.io R3 |
2024-03-04 - 2024-06-02 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2024-02-19 - 2024-05-13 |
3 months | crt.sh |
akstat.io DigiCert TLS RSA SHA256 2020 CA1 |
2024-03-06 - 2025-03-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://staging.americanexpress.io/
Frame ID: 48CE7F201A49DA2D715B1AEC7184C123
Requests: 28 HTTP requests in this frame
Screenshot
![](/screenshots/559736b8-a5aa-45b1-927f-b05f221ccb62.png)
Page Title
American Express TechnologyDetected technologies
![](/vendor/wappa/icons/amex.png)
Detected patterns
- aexp-static\.com
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
![](/vendor/wappa/icons/Highlight.js.png)
Detected patterns
- /(?:([\d.])+/)?highlight(?:\.min)?\.js
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Careers
Search URL Search Domain Scan URL
Title: GitHub
Search URL Search Domain Scan URL
Title: APIs
Search URL Search Domain Scan URL
Title: Access GitHub
Search URL Search Domain Scan URL
Title: Access GitHub
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 25- https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=p5959taq0 HTTP 302
- https://iawhm4diow3dezpvplpa-p5959t-21b86c0c3-clientnsv4-s.akamaihd.net/eum/results.txt
- https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=p5959taq0 HTTP 302
- https://64-44-118-112_s-23-200-0-189_ts-1710586590-clienttons-s.akamaihd.net/eum/results.txt
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
staging.americanexpress.io/ |
42 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utils.js
staging.americanexpress.io/assets/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dls.min.css
www.aexp-static.com/cdaas/one/statics/axp-dls/5.11.3/package/dist/styles/ |
343 KB 50 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
staging.americanexpress.io/assets/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
syntax.css
staging.americanexpress.io/assets/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dls-logo-bluebox-solid.svg
www.aexp-static.com/cdaas/one/statics/axp-dls/5.8.0/package/dist/img/dls_logos/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
highlight.css
staging.americanexpress.io/assets/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
highlight.min.js
cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/ |
45 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
article_hero_image.jpg
staging.americanexpress.io/assets/img/ |
548 B 548 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.jpg
americanexpress.io/_post_assets/advanced-kotlin-use-site-targets/img/ |
187 KB 187 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.jpg
americanexpress.io/_post_assets/choosing-go/img/ |
6 MB 6 MB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.jpg
americanexpress.io/_post_assets/advanced-kotlin-delegates/img/ |
185 KB 186 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hero.jpg
americanexpress.io/_post_assets/super-powered-search-via-couchbase/img/ |
57 KB 57 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hero.jpg
americanexpress.io/_post_assets/hooks-intro/img/ |
14 KB 14 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hero.jpg
americanexpress.io/_post_assets/on-the-importance-of-commit-messages/img/ |
73 KB 74 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hero.jpg
americanexpress.io/_post_assets/spread-love/img/ |
62 KB 62 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dls-logo-line.svg
www.aexp-static.com/cdaas/one/statics/axp-dls/5.11.3/package/dist/img/dls_logos/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3JY28-FF92J-VVHZ4-XZZSW-LK9DZ
s.go-mpulse.net/boomerang/ |
205 KB 49 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
www.aexp-static.com/nav/ngn/fonts/ |
36 KB 37 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dls-icons.woff
www.aexp-static.com/cdaas/one/statics/axp-dls/5.11.3/package/dist/iconfont/ |
39 KB 40 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Roboto-Regular.woff
www.aexp-static.com/cdaas/one/statics/axp-dls/5.11.3/package/dist/fonts/ |
75 KB 75 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Roboto-Medium.woff
www.aexp-static.com/cdaas/one/statics/axp-dls/5.11.3/package/dist/fonts/ |
71 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
1 B 213 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
config.json
c.go-mpulse.net/api/ |
770 B 934 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
173bf10f.akstat.io/ |
0 233 B |
Ping
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
results.txt
iawhm4diow3dezpvplpa-p5959t-21b86c0c3-clientnsv4-s.akamaihd.net/eum/ Redirect Chain
|
8 B 312 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
results.txt
64-44-118-112_s-23-200-0-189_ts-1710586590-clienttons-s.akamaihd.net/eum/ Redirect Chain
|
8 B 312 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: American Express (Financial)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| findLinkParent string| GoogleAnalyticsObject function| ga object| BOOMR_mq string| BOOMR_API_key object| BOOMR object| hljs object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| BOOMR_check_doc_domain object| ErrorStackParser object| UserTimingCompression number| BOOMR_onload3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.americanexpress.io/ | Name: _ga Value: GA1.2.1277765993.1710586590 |
|
.americanexpress.io/ | Name: _gid Value: GA1.2.1437146399.1710586590 |
|
.americanexpress.io/ | Name: _gat Value: 1 |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
173bf10f.akstat.io
64-44-118-112_s-23-200-0-189_ts-1710586590-clienttons-s.akamaihd.net
americanexpress.io
c.go-mpulse.net
cdnjs.cloudflare.com
iawhm4diow3dezpvplpa-p5959t-21b86c0c3-clientnsv4-s.akamaihd.net
s.go-mpulse.net
staging.americanexpress.io
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
www.aexp-static.com
www.google-analytics.com
104.117.182.27
104.117.182.50
104.17.24.14
142.251.40.206
184.50.204.132
185.199.109.153
23.200.0.185
23.200.0.189
23.206.216.174
23.207.4.216
23.43.85.5
08aa290779a2cfa729656adc7080814c717da25486b5c30693d17298a68cfc28
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0bdfe501a61625256e0bf19bbf0823fcba7fa5ecdbd1197e5a3e7a8536ab504e
0c9fd2085a755a9e9c44ac7233e942b7797b1f9206aa4b142274c4705fb35cba
1d23cb4cbd1a5190ddca8956fea5dc6b53f752f5b0f7a071cf775338a0099255
2996ed3e0c89a7c50ae11dc3555d18491fe37cbd17e196bd2014d1368e167491
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad
662efaf46c617ddbcb8ff4a2a8f64cffd3d93630f1003f8e66511f369b87730f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7ef974010abfe71fb92dc3f53e3948e1e544cf6821bf9802ea0bf35fa8fe5af6
96dda67e1401d9ca83eeb80fe2efff05807c324514ac0a683072626d5560434e
9de7bf83aae1a1f3aea99983e793dedd01f03dd93ca2edfd0eaed58d32484fd9
a13cfacc495f37af0da4cea83e9da8c56957c616321d5176c08c1ebd87cc5a95
b638ab90bfbd9a07aafbe90ded86b012c6811689643649fc4c0ae8c9272aaf82
bf61b797553fed1b9e79755f5484ba96c30134b77241960d88b676232fc900f6
c54acb431126b02f6f21433f327386a4cd637ef846267cc2cad712c47d3ce162
c99e6c26e47553e0df2d25c1460721655d0e1502a6d12dab8c087e6cf0b36f7a
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
d5d7822393d3103ec421f72f09c7f7c78948c68da112031c0afd1c0b0da92c08
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f80e96686402d783c04365af0637fe2290c9ab6dafa3552154157d2264975f4d
fc17e22241e51e856285975ce9316e8fb3262744d6716b0c5e4783170862d33c