globalaexpce3cb65.myca.americanexpress.increasewriggle.com Open in urlscan Pro
96.30.0.234 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://34.83.99.216/qvR4I
Effective URL:
https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Fa...
Submission: On November 11 via api (November 11th 2019, 3:36:15 am UTC) from BE

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main IP is 96.30.0.234, located in Lansing, United States and belongs to LIQUIDWEB - Liquid Web, L.L.C, US. The main domain is globalaexpce3cb65.myca.americanexpress.increasewriggle.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 5th 2019. Valid for: 3 months.

This is the only time globalaexpce3cb65.myca.americanexpress.increasewriggle.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: American Express (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.83.99.216 34.83.99.216	15169 (GOOGLE) (GOOGLE - Google LLC)
1 16	96.30.0.234 96.30.0.234	32244 (LIQUIDWEB) (LIQUIDWEB - Liquid Web)
4	23.67.129.150 23.67.129.150	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:20:... 2606:4700:20::6819:fa67	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
20	3

1 34.83.99.216 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 216.99.83.34.bc.googleusercontent.com

34.83.99.216	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 96.30.0.234 (Lansing, United States) 1 redirects

ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US)
PTR: host.shopglobalvapor.com

globalaexpce3cb65.myca.americanexpress.increasewriggle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.67.129.150 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-129-150.deploy.static.akamaitechnologies.com

www.aexp-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::6819:fa67 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

assets.ipstack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	increasewriggle.com 1 redirects globalaexpce3cb65.myca.americanexpress.increasewriggle.com	378 KB
4	aexp-static.com www.aexp-static.com	230 KB
1	ipstack.com assets.ipstack.com	960 B
20	3

	Domain	Requested by
16	globalaexpce3cb65.myca.americanexpress.increasewriggle.com	1 redirects globalaexpce3cb65.myca.americanexpress.increasewriggle.com
4	www.aexp-static.com	globalaexpce3cb65.myca.americanexpress.increasewriggle.com
1	assets.ipstack.com	globalaexpce3cb65.myca.americanexpress.increasewriggle.com
20	3

This site contains no links.

Subject Issuer	Validity	Valid
globalaexpce3cb65.myca.americanexpress.increasewriggle.com Let's Encrypt Authority X3	`2019-11-05` - `2020-02-03`	3 months	crt.sh
m.americanexpress.com DigiCert SHA2 Extended Validation Server CA	`2018-08-08` - `2020-07-23`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE
Frame ID: BF1796CB9D7EB496A43C21C60AF79929
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://34.83.99.216/qvR4I HTTP 301
https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/?signin_ HTTP 302
https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_... Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<[^>]+data-react/i

Page Statistics

20
Requests

95 %
HTTPS

25 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

608 kB
Transfer

886 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://34.83.99.216/qvR4I HTTP 301
https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/?signin_ HTTP 302
https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login Show response globalaexpce3cb65.myca.americanexpress.increasewriggle.com/ Redirect Chain http://34.83.99.216/qvR4I https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/?signin_ https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE	33 KB 33 KB	116ms 116ms	Document text/html	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `f4a87d6a13e8b69b8d57926cb5b7178d79a1f39716cd93c22e9953cb3f11ca4d` Request headers Host globalaexpce3cb65.myca.americanexpress.increasewriggle.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site none Accept-Encoding gzip, deflate, br Cookie PHPSESSID=jmrb84dmjmghlvqn20d53lpqq7 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Keep-Alive timeout=5, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Mon, 11 Nov 2019 03:35:54 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Set-Cookie PHPSESSID=jmrb84dmjmghlvqn20d53lpqq7; path=/ Location login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Content-Length 0 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H2	200	dls.min.css www.aexp-static.com/cdaas/one/statics/axp-dls/5.7.3/package/dist/styles/	332 KB 48 KB	45ms 10ms	Stylesheet text/css	23.67.129.150 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.aexp-static.com/cdaas/one/statics/axp-dls/5.7.3/package/dist/styles/dls.min.css Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.67.129.150 , Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-67-129-150.deploy.static.akamaitechnologies.com Software / Resource Hash `ad9cb30d7f3e96ff82b394c2921eb6ec9e06447d6ff02066b4deaee5f10a875c` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 11 Nov 2019 03:35:59 GMT content-encoding gzip last-modified Mon, 26 Mar 2018 18:39:55 GMT etag W/"5ab93e7b-53155" vary Accept-Encoding content-type text/css status 200 cache-control max-age=15552000 timing-allow-origin * content-length 48978 expires Mon, 29 Jul 2019 21:23:52 GMT
GET H/1.1	200 OK	oce.css globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/css/	1 KB 1 KB	225ms 115ms	Stylesheet text/css	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/css/oce.css Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `47e387deeb8f2a9e71057cde80aa05509b70b14e6fdb06f912573e661e595496` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Mon, 04 Nov 2019 04:56:02 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1256
GET H/1.1	200 OK	elem.css globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/css/	213 KB 213 KB	597ms 371ms	Stylesheet text/css	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/css/elem.css Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `69924e67777bf8b630502e8073194f4718074261b179bb545ab4ee07896adf4c` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Sun, 03 Nov 2019 12:10:12 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 218188
GET H/1.1	200 OK	dls-logo-bluebox-solid.svg globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/	3 KB 3 KB	342ms 116ms	Image image/svg+xml	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Show image Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/dls-logo-bluebox-solid.svg Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `c54acb431126b02f6f21433f327386a4cd637ef846267cc2cad712c47d3ce162` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Sun, 03 Nov 2019 12:06:44 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3221
GET H/1.1	200 OK	dls-logo-stack.svg globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/	3 KB 3 KB	341ms 115ms	Image image/svg+xml	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Show image Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/dls-logo-stack.svg Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `372c8a5ed0a956b5d75d6e865751c2098b0bc1be5d3d3ddec7f0e9c108a45d18` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Sun, 03 Nov 2019 12:35:58 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2887
GET H/1.1	200 OK	dls-logo-stack-white.svg globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/	3 KB 3 KB	343ms 116ms	Image image/svg+xml	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Show image Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/dls-logo-stack-white.svg Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `8a3cac8efcfbdd85c05051c74db0f67f2ff1de09da283973a6c2db9b1691d16c` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Sun, 03 Nov 2019 12:36:08 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2887
GET H/1.1	200 OK	partner.webp globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/	17 KB 17 KB	235ms 116ms	Image image/webp	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Show image Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/partner.webp Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `a031e8b5b6cd550cefc2e4a8a4f35e54cc01d1ad4cb57ac6ae1d638aeee9f37e` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Sun, 03 Nov 2019 12:08:06 GMT Server Apache Content-Type image/webp Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 17072
GET H/1.1	200 OK	dls-logo-line.svg globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/	3 KB 3 KB	115ms 115ms	Image image/svg+xml	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Show image Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/dls-logo-line.svg Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `2996ed3e0c89a7c50ae11dc3555d18491fe37cbd17e196bd2014d1368e167491` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Sun, 03 Nov 2019 12:06:18 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2943
GET H/1.1	200 OK	de.svg assets.ipstack.com/flags/	322 B 960 B	166ms 139ms	Image image/svg+xml	2606:4700:20::6819:fa67 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://assets.ipstack.com/flags/de.svg Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Server 2606:4700:20::6819:fa67 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `03f2414a0f3be0e87b26f9b184fa01230a4395c45b08f6d4e5a5cbdff3fba164` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:59 GMT Via 1.1 0b1a7654de85c273e4c8f54e3e012e2e.cloudfront.net (CloudFront) CF-Cache-Status MISS X-Amz-Cf-Pop VIE50-C1 Transfer-Encoding chunked X-Cache Hit from cloudfront Connection keep-alive Content-Encoding gzip Last-Modified Wed, 13 Feb 2019 16:45:45 GMT Server cloudflare ETag W/"45759289dfe3f750ca9ae402a5a57b06" Vary Accept-Encoding Content-Type image/svg+xml Cache-Control private, max-age=14400 CF-RAY 533d3822ee41cbb4-VIE X-Amz-Cf-Id 7NXpe68mLD31T2PWEYd98J4as4XaRwQz9nSsfjf3z0ZF9re9Mr3L1g==
GET H/1.1	200 OK	fb.png globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/	644 B 885 B	116ms 116ms	Image image/png	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Show image Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/fb.png Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Sun, 03 Nov 2019 12:07:24 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 644
GET H/1.1	200 OK	twt.png globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/	1 KB 1 KB	115ms 115ms	Image image/png	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Show image Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/twt.png Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `677a6a5da6f0e85f66c5232fc39ffd285ed010a9498c40cdd7e56d2ff0b7e7da` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Sun, 03 Nov 2019 12:07:32 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 1061
GET H/1.1	200 OK	ig.png globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/	8 KB 8 KB	117ms 116ms	Image image/png	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Show image Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/ig.png Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `c000ce3efd67b43d573f0270ec30bb3854908f0672a8e08a6809a3680b7b8542` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Sun, 03 Nov 2019 12:07:36 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 8284
GET H/1.1	200 OK	lkd.png globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/	764 B 1005 B	116ms 116ms	Image image/png	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Show image Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/lkd.png Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `5c5381a437e62da458e251201a5c46af59e750b8f40470b77d00ce9fcf08fc6b` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Sun, 03 Nov 2019 12:07:42 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 764
GET H/1.1	200 OK	ytb.png globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/	984 B 1 KB	115ms 115ms	Image image/png	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Show image Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/img/ytb.png Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `5cb5e693ba5e56c274a113f77c50becb662d18324b2ed681432f60ee4761de3d` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Sun, 03 Nov 2019 12:07:48 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 984
GET H/1.1	200 OK	jquery.js Show response globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/js/	85 KB 85 KB	230ms 117ms	Script application/javascript	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/js/jquery.js Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Tue, 01 Oct 2019 21:41:56 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 86927
GET H/1.1	200 OK	login.js Show response globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/js/	2 KB 2 KB	116ms 116ms	Script application/javascript	96.30.0.234 Liquid Web
General Check archive.org Show headers Download Go to Full URL https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/js/login.js Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 96.30.0.234 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US), Reverse DNS host.shopglobalvapor.com Software Apache / Resource Hash `2afb8632261f8f55f05c577a7f5a2e7dafb3e9ad461f0138cb0ffa1b9d801dbf` Request headers Sec-Fetch-Mode no-cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 11 Nov 2019 03:35:58 GMT Last-Modified Mon, 04 Nov 2019 06:02:52 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1615
GET H2	200	Roboto-Regular.woff www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/	75 KB 76 KB	22ms 10ms	Font application/font-woff	23.67.129.150 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/Roboto-Regular.woff Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.67.129.150 , Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-67-129-150.deploy.static.akamaitechnologies.com Software / Resource Hash `7ef974010abfe71fb92dc3f53e3948e1e544cf6821bf9802ea0bf35fa8fe5af6` Request headers Sec-Fetch-Mode cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/css/elem.css Origin https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 11 Nov 2019 03:36:00 GMT last-modified Sat, 26 Oct 1985 08:15:00 GMT etag "1dc09d84-12bf8" status 200 access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD content-type application/font-woff access-control-allow-origin * cache-control max-age=15552000 access-control-allow-credentials true accept-ranges bytes timing-allow-origin * access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With content-length 76792 expires Sun, 01 Mar 2020 05:18:20 GMT
GET H2	200	dls-icons.woff www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/iconfont/	34 KB 34 KB	27ms 24ms	Font application/font-woff	23.67.129.150 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/iconfont/dls-icons.woff?v=5.10.1 Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.67.129.150 , Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-67-129-150.deploy.static.akamaitechnologies.com Software / Resource Hash `3ab0045c7cec2bd10b33c094d7ff82145efe1e75345bc49166dc5236db831b08` Request headers Sec-Fetch-Mode cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/css/elem.css Origin https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 11 Nov 2019 03:36:00 GMT last-modified Sat, 26 Oct 1985 08:15:00 GMT etag "1dc09d84-87c4" status 200 access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD content-type application/font-woff access-control-allow-origin * cache-control max-age=15552000 access-control-allow-credentials true accept-ranges bytes timing-allow-origin * access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With content-length 34756 expires Fri, 13 Mar 2020 09:08:21 GMT
GET H2	200	Roboto-Medium.woff www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/	71 KB 72 KB	20ms 20ms	Font application/font-woff	23.67.129.150 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/Roboto-Medium.woff Requested by Host: globalaexpce3cb65.myca.americanexpress.increasewriggle.com URL: https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/login?myca=logon_emea_action&ctxId=37d3359b158ac46b7fcd1b9113b707ea&request_type=LogonHandler&Face=en_DE Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 23.67.129.150 , Netherlands, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a23-67-129-150.deploy.static.akamaitechnologies.com Software / Resource Hash `d5d7822393d3103ec421f72f09c7f7c78948c68da112031c0afd1c0b0da92c08` Request headers Sec-Fetch-Mode cors Referer https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com/assets/css/elem.css Origin https://globalaexpce3cb65.myca.americanexpress.increasewriggle.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 11 Nov 2019 03:36:00 GMT last-modified Sat, 26 Oct 1985 08:15:00 GMT etag "1dc09d84-11cfc" status 200 access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD content-type application/font-woff access-control-allow-origin * cache-control max-age=15552000 access-control-allow-credentials true accept-ranges bytes timing-allow-origin * access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With content-length 72956 expires Fri, 13 Mar 2020 22:54:07 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: American Express (Financial)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			globalaexpce3cb65.myca.americanexpress.increasewriggle.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: jmrb84dmjmghlvqn20d53lpqq7

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.ipstack.com
globalaexpce3cb65.myca.americanexpress.increasewriggle.com
www.aexp-static.com
23.67.129.150
2606:4700:20::6819:fa67
34.83.99.216
96.30.0.234
03f2414a0f3be0e87b26f9b184fa01230a4395c45b08f6d4e5a5cbdff3fba164
2996ed3e0c89a7c50ae11dc3555d18491fe37cbd17e196bd2014d1368e167491
2afb8632261f8f55f05c577a7f5a2e7dafb3e9ad461f0138cb0ffa1b9d801dbf
372c8a5ed0a956b5d75d6e865751c2098b0bc1be5d3d3ddec7f0e9c108a45d18
3ab0045c7cec2bd10b33c094d7ff82145efe1e75345bc49166dc5236db831b08
428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd
47e387deeb8f2a9e71057cde80aa05509b70b14e6fdb06f912573e661e595496
5c5381a437e62da458e251201a5c46af59e750b8f40470b77d00ce9fcf08fc6b
5cb5e693ba5e56c274a113f77c50becb662d18324b2ed681432f60ee4761de3d
677a6a5da6f0e85f66c5232fc39ffd285ed010a9498c40cdd7e56d2ff0b7e7da
69924e67777bf8b630502e8073194f4718074261b179bb545ab4ee07896adf4c
7ef974010abfe71fb92dc3f53e3948e1e544cf6821bf9802ea0bf35fa8fe5af6
8a3cac8efcfbdd85c05051c74db0f67f2ff1de09da283973a6c2db9b1691d16c
a031e8b5b6cd550cefc2e4a8a4f35e54cc01d1ad4cb57ac6ae1d638aeee9f37e
ad9cb30d7f3e96ff82b394c2921eb6ec9e06447d6ff02066b4deaee5f10a875c
c000ce3efd67b43d573f0270ec30bb3854908f0672a8e08a6809a3680b7b8542
c54acb431126b02f6f21433f327386a4cd637ef846267cc2cad712c47d3ce162
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
d5d7822393d3103ec421f72f09c7f7c78948c68da112031c0afd1c0b0da92c08
f4a87d6a13e8b69b8d57926cb5b7178d79a1f39716cd93c22e9953cb3f11ca4d

globalaexpce3cb65.myca.americanexpress.increasewriggle.com Open in urlscan Pro 96.30.0.234 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

95 %HTTPS

25 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

608 kBTransfer

886 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

globalaexpce3cb65.myca.americanexpress.increasewriggle.com Open in urlscan Pro
96.30.0.234 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

95 %
HTTPS

25 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

608 kB
Transfer

886 kB
Size

1
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!