URL: https://www.ryuoo.net/css/cx/rev.html
Submission: On April 19 via automatic, source openphish

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 24 HTTP transactions. The main IP is 154.34.49.104, located in Tokyo, Japan and belongs to YAHOO-2 Yahoo Japan Corporation, JP. The main domain is www.ryuoo.net.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G2 on January 9th 2019. Valid for: 6 months.
This is the only time www.ryuoo.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: American Express (Financial)

Domain & IP information

IP Address AS Autonomous System
6 13 154.34.49.104 24296 (YAHOO-2 Y...)
10 23.8.8.197 20940 (AKAMAI-ASN1)
6 23.8.0.27 20940 (AKAMAI-ASN1)
1 8.20.172.116 13832 (AS13832)
24 4
Domain Requested by
13 www.ryuoo.net 6 redirects www.ryuoo.net
10 rewards.americanexpress.com www.ryuoo.net
6 www.aexp-static.com www.ryuoo.net
1 as00.estara.com www.ryuoo.net
24 4
Subject Issuer Validity Valid
www.ryuoo.net
Encryption Everywhere DV TLS CA - G2
2019-01-09 -
2019-07-08
6 months crt.sh
online.americanexpress.com
DigiCert SHA2 Extended Validation Server CA
2019-01-10 -
2021-01-14
2 years crt.sh
m.americanexpress.com
DigiCert SHA2 Extended Validation Server CA
2018-08-08 -
2020-07-23
2 years crt.sh
*.estara.com
DigiCert SHA2 Secure Server CA
2018-01-25 -
2019-04-26
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.ryuoo.net/css/cx/rev.html
Frame ID: 8B8301F22378794EE0E50626A846E79C
Requests: 24 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /\/s[_-]code.*\.js/i
  • env /^s_(?:account|objectID|code|INST)$/i

Page Statistics

24
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

260 kB
Transfer

360 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://www.ryuoo.net/css/cx/navigation/shared/nav/s_code_mr.js HTTP 302
  • https://www.ryuoo.net/
Request Chain 7
  • https://www.ryuoo.net/css/cx/loyalty/redemption/rewards/cart/express/js/jquery.js HTTP 302
  • https://www.ryuoo.net/
Request Chain 8
  • https://www.ryuoo.net/loyalty/redemption/rewards/cart/express/js/layouts.js HTTP 302
  • https://www.ryuoo.net/
Request Chain 13
  • https://www.ryuoo.net/loyalty/redemption/rewards/cart/shop/js/shoppingcart_contents.js HTTP 302
  • https://www.ryuoo.net/
Request Chain 14
  • https://www.ryuoo.net/css/cx/v/ngn/js/commonFunctions.js HTTP 302
  • https://www.ryuoo.net/
Request Chain 16
  • https://www.ryuoo.net/css/cx/atgsvcs.com/js/atgsvcs.js HTTP 302
  • https://www.ryuoo.net/

24 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request rev.html
www.ryuoo.net/css/cx/
45 KB
45 KB
Document
General
Full URL
https://www.ryuoo.net/css/cx/rev.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
154.34.49.104 Tokyo, Japan, ASN24296 (YAHOO-2 Yahoo Japan Corporation, JP),
Reverse DNS
wolf-scarlet-ec05da3773b34dc3.znlc.jp
Software
Apache /
Resource Hash
93acbf3e7b32cb3539563a8fc9a07d49cda15cbee762f7b5e7f359b9b406389c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Host
www.ryuoo.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 19 Apr 2019 02:38:43 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Last-Modified
Thu, 18 Apr 2019 18:42:43 GMT
ETag
"60150770-b3dd-586d25e177546"
Accept-Ranges
bytes
Content-Length
46045
Connection
close
Content-Type
text/html
expresscommon.css
rewards.americanexpress.com/loyalty/redemption/rewards/cart/express/css/
30 KB
6 KB
Stylesheet
General
Full URL
https://rewards.americanexpress.com/loyalty/redemption/rewards/cart/express/css/expresscommon.css
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.8.197 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-8-197.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
93fc543a45b44b6b9f3831a1dd893cef84684a87cbf2455b6358ad4d3040757e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 14 Feb 2018 18:45:30 GMT
date
Fri, 19 Apr 2019 02:38:43 GMT
vary
Accept-Encoding
content-type
text/css
status
200
accept-ranges
bytes
content-length
5862
/
www.ryuoo.net/
Redirect Chain
  • https://www.ryuoo.net/css/cx/navigation/shared/nav/s_code_mr.js
  • https://www.ryuoo.net/
16 KB
16 KB
Script
General
Full URL
https://www.ryuoo.net/
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
154.34.49.104 Tokyo, Japan, ASN24296 (YAHOO-2 Yahoo Japan Corporation, JP),
Reverse DNS
wolf-scarlet-ec05da3773b34dc3.znlc.jp
Software
Apache /
Resource Hash
045a4dd64f45c175f30c2a418615f7b6b2cba26904cbad2a4f4928cdf5f1066a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.ryuoo.net
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://www.ryuoo.net/css/cx/rev.html
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 19 Apr 2019 02:38:44 GMT
Last-Modified
Mon, 15 Oct 2018 08:48:51 GMT
Server
Apache
ETag
"4008451d-40dc-5784081a4b945"
X-Frame-Options
SAMEORIGIN
Content-Type
text/html
Connection
close
Accept-Ranges
bytes
Content-Length
16604

Redirect headers

Location
https://www.ryuoo.net
Date
Fri, 19 Apr 2019 02:38:44 GMT
Server
Apache
Connection
close
Content-Length
205
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
clear.gif
rewards.americanexpress.com/loyalty/rewards/cart/shop/images/
43 B
279 B
Image
General
Full URL
https://rewards.americanexpress.com/loyalty/rewards/cart/shop/images/clear.gif
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.8.197 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-8-197.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
82e400c090fb5260267fa339b115e8fe2cb3171303e252844d9756f252f39099
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 10 Jan 2019 21:00:49 GMT
date
Fri, 19 Apr 2019 02:38:43 GMT
content-type
image/gif
status
200
cache-control
private, must-revalidate, max-age=16895
accept-ranges
bytes
content-length
43
inav_ngi_nested.css
www.aexp-static.com/nav/ngn/css/
90 KB
13 KB
Stylesheet
General
Full URL
https://www.aexp-static.com/nav/ngn/css/inav_ngi_nested.css
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.0.27 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-0-27.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
455f3d2788a19c162410f405d4b74c47460c42c3bab7c86a778cfd92e3a4c89e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
content-encoding
gzip
last-modified
Thu, 04 Oct 2018 15:04:50 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
x-frame-options
SAMEORIGIN
date
Fri, 19 Apr 2019 02:38:43 GMT
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=86400
accept-ranges
bytes
timing-allow-origin
*
content-length
12857
logo_bluebox.gif
www.aexp-static.com/nav/ngn/img/
4 KB
5 KB
Image
General
Full URL
https://www.aexp-static.com/nav/ngn/img/logo_bluebox.gif
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.0.27 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-0-27.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
b754eb74fa8f416b4803252f7994d7aa22d697a5eb77f0b4df8e3839f9621c9e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
last-modified
Wed, 11 Apr 2018 19:45:02 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
date
Fri, 19 Apr 2019 02:38:43 GMT
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
max-age=7776000
accept-ranges
bytes
timing-allow-origin
*
content-length
4424
clear.gif
www.aexp-static.com/nav/ngn/img/
43 B
237 B
Image
General
Full URL
https://www.aexp-static.com/nav/ngn/img/clear.gif
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.0.27 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-0-27.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
last-modified
Thu, 02 Mar 2017 09:23:00 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
date
Fri, 19 Apr 2019 02:38:43 GMT
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
max-age=7776000
accept-ranges
bytes
timing-allow-origin
*
content-length
43
clear.gif
rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/images/
43 B
229 B
Image
General
Full URL
https://rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/images/clear.gif
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.8.197 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-8-197.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
82e400c090fb5260267fa339b115e8fe2cb3171303e252844d9756f252f39099
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 14 Feb 2018 18:45:30 GMT
date
Fri, 19 Apr 2019 02:38:43 GMT
content-type
image/gif
status
200
cache-control
private, must-revalidate, max-age=82057
accept-ranges
bytes
content-length
43
/
www.ryuoo.net/
Redirect Chain
  • https://www.ryuoo.net/css/cx/loyalty/redemption/rewards/cart/express/js/jquery.js
  • https://www.ryuoo.net/
16 KB
16 KB
Script
General
Full URL
https://www.ryuoo.net/
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
154.34.49.104 Tokyo, Japan, ASN24296 (YAHOO-2 Yahoo Japan Corporation, JP),
Reverse DNS
wolf-scarlet-ec05da3773b34dc3.znlc.jp
Software
Apache /
Resource Hash
045a4dd64f45c175f30c2a418615f7b6b2cba26904cbad2a4f4928cdf5f1066a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.ryuoo.net
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://www.ryuoo.net/css/cx/rev.html
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 19 Apr 2019 02:38:45 GMT
Last-Modified
Mon, 15 Oct 2018 08:48:51 GMT
Server
Apache
ETag
"4008451d-40dc-5784081a4b945"
X-Frame-Options
SAMEORIGIN
Content-Type
text/html
Connection
close
Accept-Ranges
bytes
Content-Length
16604

Redirect headers

Location
https://www.ryuoo.net
Date
Fri, 19 Apr 2019 02:38:44 GMT
Server
Apache
Connection
close
Content-Length
205
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
/
www.ryuoo.net/
Redirect Chain
  • https://www.ryuoo.net/loyalty/redemption/rewards/cart/express/js/layouts.js
  • https://www.ryuoo.net/
16 KB
16 KB
Script
General
Full URL
https://www.ryuoo.net/
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
154.34.49.104 Tokyo, Japan, ASN24296 (YAHOO-2 Yahoo Japan Corporation, JP),
Reverse DNS
wolf-scarlet-ec05da3773b34dc3.znlc.jp
Software
Apache /
Resource Hash
045a4dd64f45c175f30c2a418615f7b6b2cba26904cbad2a4f4928cdf5f1066a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.ryuoo.net
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://www.ryuoo.net/css/cx/rev.html
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 19 Apr 2019 02:38:45 GMT
Last-Modified
Mon, 15 Oct 2018 08:48:51 GMT
Server
Apache
ETag
"4008451d-40dc-5784081a4b945"
X-Frame-Options
SAMEORIGIN
Content-Type
text/html
Connection
close
Accept-Ranges
bytes
Content-Length
16604

Redirect headers

Location
https://www.ryuoo.net
Date
Fri, 19 Apr 2019 02:38:44 GMT
Server
Apache
Connection
close
Content-Length
205
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
cidcheckcontent.css
rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/css/
4 KB
2 KB
Stylesheet
General
Full URL
https://rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/css/cidcheckcontent.css
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.8.197 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-8-197.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
801278de3a8c03503c196f3bedf6f979ceddb8210638e76dcf49cd811829724b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 14 Feb 2018 18:45:30 GMT
date
Fri, 19 Apr 2019 02:38:43 GMT
vary
Accept-Encoding
content-type
text/css
status
200
accept-ranges
bytes
content-length
1750
Amex_CID.png
rewards.americanexpress.com/loyalty/rewards/acctmgmt/images/
7 KB
8 KB
Image
General
Full URL
https://rewards.americanexpress.com/loyalty/rewards/acctmgmt/images/Amex_CID.png
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.8.197 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-8-197.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
aaf9f77fccfd151089d074ed25f5ac3ec51a21a4bd7f253c301bac4500f28a03
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 10 Jan 2019 21:00:49 GMT
date
Fri, 19 Apr 2019 02:38:44 GMT
content-type
image/png
status
200
cache-control
private, must-revalidate, max-age=11188
accept-ranges
bytes
content-length
7558
Amex_CSC.png
rewards.americanexpress.com/loyalty/rewards/acctmgmt/images/
6 KB
6 KB
Image
General
Full URL
https://rewards.americanexpress.com/loyalty/rewards/acctmgmt/images/Amex_CSC.png
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.8.197 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-8-197.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
641e856a6f9353b820697aa83e7919aabf9f97d0e83c62156abe8426b164e128
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 10 Jan 2019 21:00:49 GMT
date
Fri, 19 Apr 2019 02:38:44 GMT
content-type
image/png
status
200
cache-control
private, must-revalidate, max-age=11168
accept-ranges
bytes
content-length
6331
img_mr_basic.gif
rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/images/
2 KB
2 KB
Image
General
Full URL
https://rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/images/img_mr_basic.gif
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.8.197 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-8-197.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ea4a220863723b001d8302dd02ed2cb9950a85192f26053615104cebc788fc64
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 14 Feb 2018 18:45:30 GMT
date
Fri, 19 Apr 2019 02:38:44 GMT
content-type
image/gif
status
200
cache-control
private, must-revalidate, max-age=11218
accept-ranges
bytes
content-length
1822
/
www.ryuoo.net/
Redirect Chain
  • https://www.ryuoo.net/loyalty/redemption/rewards/cart/shop/js/shoppingcart_contents.js
  • https://www.ryuoo.net/
16 KB
16 KB
Script
General
Full URL
https://www.ryuoo.net/
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
154.34.49.104 Tokyo, Japan, ASN24296 (YAHOO-2 Yahoo Japan Corporation, JP),
Reverse DNS
wolf-scarlet-ec05da3773b34dc3.znlc.jp
Software
Apache /
Resource Hash
045a4dd64f45c175f30c2a418615f7b6b2cba26904cbad2a4f4928cdf5f1066a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.ryuoo.net
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://www.ryuoo.net/css/cx/rev.html
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 19 Apr 2019 02:38:46 GMT
Last-Modified
Mon, 15 Oct 2018 08:48:51 GMT
Server
Apache
ETag
"4008451d-40dc-5784081a4b945"
X-Frame-Options
SAMEORIGIN
Content-Type
text/html
Connection
close
Accept-Ranges
bytes
Content-Length
16604

Redirect headers

Location
https://www.ryuoo.net
Date
Fri, 19 Apr 2019 02:38:45 GMT
Server
Apache
Connection
close
Content-Length
205
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
/
www.ryuoo.net/
Redirect Chain
  • https://www.ryuoo.net/css/cx/v/ngn/js/commonFunctions.js
  • https://www.ryuoo.net/
16 KB
16 KB
Script
General
Full URL
https://www.ryuoo.net/
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
154.34.49.104 Tokyo, Japan, ASN24296 (YAHOO-2 Yahoo Japan Corporation, JP),
Reverse DNS
wolf-scarlet-ec05da3773b34dc3.znlc.jp
Software
Apache /
Resource Hash
045a4dd64f45c175f30c2a418615f7b6b2cba26904cbad2a4f4928cdf5f1066a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.ryuoo.net
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://www.ryuoo.net/css/cx/rev.html
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 19 Apr 2019 02:38:46 GMT
Last-Modified
Mon, 15 Oct 2018 08:48:51 GMT
Server
Apache
ETag
"4008451d-40dc-5784081a4b945"
X-Frame-Options
SAMEORIGIN
Content-Type
text/html
Connection
close
Accept-Ranges
bytes
Content-Length
16604

Redirect headers

Location
https://www.ryuoo.net
Date
Fri, 19 Apr 2019 02:38:45 GMT
Server
Apache
Connection
close
Content-Length
205
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
left_arrow.gif
rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/images/
231 B
418 B
Image
General
Full URL
https://rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/images/left_arrow.gif
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.8.197 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-8-197.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b12de721b00549cb961bce8202d81fc352b69f8b6373fbc8e6f7d0516a24793b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
last-modified
Wed, 14 Feb 2018 18:45:30 GMT
date
Fri, 19 Apr 2019 02:38:44 GMT
content-type
image/gif
status
200
cache-control
private, must-revalidate, max-age=74514
accept-ranges
bytes
content-length
231
/
www.ryuoo.net/
Redirect Chain
  • https://www.ryuoo.net/css/cx/atgsvcs.com/js/atgsvcs.js
  • https://www.ryuoo.net/
16 KB
16 KB
Script
General
Full URL
https://www.ryuoo.net/
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
154.34.49.104 Tokyo, Japan, ASN24296 (YAHOO-2 Yahoo Japan Corporation, JP),
Reverse DNS
wolf-scarlet-ec05da3773b34dc3.znlc.jp
Software
Apache /
Resource Hash
045a4dd64f45c175f30c2a418615f7b6b2cba26904cbad2a4f4928cdf5f1066a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.ryuoo.net
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://www.ryuoo.net/css/cx/rev.html
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Fri, 19 Apr 2019 02:38:46 GMT
Last-Modified
Mon, 15 Oct 2018 08:48:51 GMT
Server
Apache
ETag
"4008451d-40dc-5784081a4b945"
X-Frame-Options
SAMEORIGIN
Content-Type
text/html
Connection
close
Accept-Ranges
bytes
Content-Length
16604

Redirect headers

Location
https://www.ryuoo.net
Date
Fri, 19 Apr 2019 02:38:45 GMT
Server
Apache
Connection
close
Content-Length
205
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
iNav_ngi_sprite_new.gif
www.aexp-static.com/nav/ngn/img/
23 KB
23 KB
Image
General
Full URL
https://www.aexp-static.com/nav/ngn/img/iNav_ngi_sprite_new.gif?ver=0111_01
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.0.27 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-0-27.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
0d4e7d13d424c4569af233a3188ac42edaa093a12bced0dba6095c00047006e3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.aexp-static.com/nav/ngn/css/inav_ngi_nested.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
last-modified
Thu, 02 Mar 2017 09:26:29 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
date
Fri, 19 Apr 2019 02:38:44 GMT
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
max-age=7776000
accept-ranges
bytes
timing-allow-origin
*
content-length
23367
img_shdw_mainNav.png
www.aexp-static.com/nav/ngn/img/
143 B
338 B
Image
General
Full URL
https://www.aexp-static.com/nav/ngn/img/img_shdw_mainNav.png
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.0.27 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-0-27.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
d3c6dbfeb63c1155df3a80a04d72d9c0c95ed561d54c9694019c28eac1920c1b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.aexp-static.com/nav/ngn/css/inav_ngi_nested.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
last-modified
Thu, 02 Mar 2017 09:24:34 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
date
Fri, 19 Apr 2019 02:38:44 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
cache-control
max-age=7776000
accept-ranges
bytes
timing-allow-origin
*
content-length
143
cidSprite.gif
rewards.americanexpress.com/loyalty/rewards/cart/shop/images/
18 KB
18 KB
Image
General
Full URL
https://rewards.americanexpress.com/loyalty/rewards/cart/shop/images/cidSprite.gif
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.8.197 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-8-197.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7fc622e13c9914c35e1cecfebfb5e422d7a6874d5c3adb9706e2e7c7954f622c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/css/cidcheckcontent.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 10 Jan 2019 21:00:49 GMT
date
Fri, 19 Apr 2019 02:38:46 GMT
content-type
image/gif
status
200
cache-control
private, must-revalidate, max-age=50391
accept-ranges
bytes
content-length
18201
commonsprite.gif
rewards.americanexpress.com/loyalty/rewards/cart/shop/images/
31 KB
31 KB
Image
General
Full URL
https://rewards.americanexpress.com/loyalty/rewards/cart/shop/images/commonsprite.gif
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.8.197 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-8-197.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
cf5f4862c77aa8ccb461cb4d3343fd653dd27719292b63952abe849814be417a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/css/cidcheckcontent.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 10 Jan 2019 21:00:49 GMT
date
Fri, 19 Apr 2019 02:38:46 GMT
content-type
image/gif
status
200
cache-control
private, must-revalidate, max-age=82107
accept-ranges
bytes
content-length
31763
iNav_ngi_sprite_footer.gif
www.aexp-static.com/nav/ngn/img/
934 B
1 KB
Image
General
Full URL
https://www.aexp-static.com/nav/ngn/img/iNav_ngi_sprite_footer.gif
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.8.0.27 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a23-8-0-27.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
194b37addb793c71c33302afb3239216455121d66303067e15904eedd0a66b12
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.aexp-static.com/nav/ngn/css/inav_ngi_nested.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
last-modified
Thu, 02 Mar 2017 09:26:29 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
date
Fri, 19 Apr 2019 02:38:46 GMT
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
max-age=7776000
accept-ranges
bytes
timing-allow-origin
*
content-length
934
lr.php
as00.estara.com/fs/
0
0
Script
General
Full URL
https://as00.estara.com/fs/lr.php?onload=1&accountid=200106296883
Requested by
Host: www.ryuoo.net
URL: https://www.ryuoo.net/css/cx/rev.html
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
8.20.172.116 , United States, ASN13832 (AS13832 - Oracle Corporation, US),
Reverse DNS
Software
BigIP /
Resource Hash

Request headers

Referer
https://www.ryuoo.net/css/cx/rev.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Length
356
Server
BigIP

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: American Express (Financial)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask string| omn_hierarchy string| omn_pagename string| excludeOmniture function| submitFormContinue function| eStara_quick_append function| eStara_loadlr undefined| s_code function| focustomsg function| getErrorMsg_CIDContent function| onBlurError function| gotocontinue

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN