www.ryuoo.net
Open in
urlscan Pro
154.34.49.104
Malicious Activity!
Public Scan
Submission: On April 19 via automatic, source openphish
Summary
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G2 on January 9th 2019. Valid for: 6 months.
This is the only time www.ryuoo.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: American Express (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 13 | 154.34.49.104 154.34.49.104 | 24296 (YAHOO-2 Y...) (YAHOO-2 Yahoo Japan Corporation) | |
10 | 23.8.8.197 23.8.8.197 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
6 | 23.8.0.27 23.8.0.27 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 8.20.172.116 8.20.172.116 | 13832 (AS13832) (AS13832 - Oracle Corporation) | |
24 | 4 |
ASN24296 (YAHOO-2 Yahoo Japan Corporation, JP)
PTR: wolf-scarlet-ec05da3773b34dc3.znlc.jp
www.ryuoo.net |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-8-8-197.deploy.static.akamaitechnologies.com
rewards.americanexpress.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-8-0-27.deploy.static.akamaitechnologies.com
www.aexp-static.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
ryuoo.net
6 redirects
www.ryuoo.net |
145 KB |
10 |
americanexpress.com
rewards.americanexpress.com |
74 KB |
6 |
aexp-static.com
www.aexp-static.com |
42 KB |
1 |
estara.com
as00.estara.com |
|
24 | 4 |
Domain | Requested by | |
---|---|---|
13 | www.ryuoo.net |
6 redirects
www.ryuoo.net
|
10 | rewards.americanexpress.com |
www.ryuoo.net
|
6 | www.aexp-static.com |
www.ryuoo.net
|
1 | as00.estara.com |
www.ryuoo.net
|
24 | 4 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.ryuoo.net Encryption Everywhere DV TLS CA - G2 |
2019-01-09 - 2019-07-08 |
6 months | crt.sh |
online.americanexpress.com DigiCert SHA2 Extended Validation Server CA |
2019-01-10 - 2021-01-14 |
2 years | crt.sh |
m.americanexpress.com DigiCert SHA2 Extended Validation Server CA |
2018-08-08 - 2020-07-23 |
2 years | crt.sh |
*.estara.com DigiCert SHA2 Secure Server CA |
2018-01-25 - 2019-04-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.ryuoo.net/css/cx/rev.html
Frame ID: 8B8301F22378794EE0E50626A846E79C
Requests: 24 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
SiteCatalyst (Analytics) Expand
Detected patterns
- script /\/s[_-]code.*\.js/i
- env /^s_(?:account|objectID|code|INST)$/i
Page Statistics
29 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Complete Terms and Conditions.
Search URL Search Domain Scan URL
Title: Personal Cαrds
Search URL Search Domain Scan URL
Title: Small Business Credit Cαrds
Search URL Search Domain Scan URL
Title: Corporate Cαrds
Search URL Search Domain Scan URL
Title: Gift Cαrds
Search URL Search Domain Scan URL
Title: Prepaid Cαrds
Search URL Search Domain Scan URL
Title: Membership Rewards® Program
Search URL Search Domain Scan URL
Title: Savings Αccounts & CDs
Search URL Search Domain Scan URL
Title: Accept Αmericαn Εxpress Cαrds
Search URL Search Domain Scan URL
Title: Business Apps
Search URL Search Domain Scan URL
Title: Credit Scores & Reports
Search URL Search Domain Scan URL
Title: Financial Tools
Search URL Search Domain Scan URL
Title: Fraud Protection Center
Search URL Search Domain Scan URL
Title: Learn About Credit
Search URL Search Domain Scan URL
Title: Travel Insurance
Search URL Search Domain Scan URL
Title: About Αmericαn Εxpress
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Site Map
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: Privacy Statement
Search URL Search Domain Scan URL
Title: Cαrd Agreements
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://www.ryuoo.net/css/cx/navigation/shared/nav/s_code_mr.js HTTP 302
- https://www.ryuoo.net/
- https://www.ryuoo.net/css/cx/loyalty/redemption/rewards/cart/express/js/jquery.js HTTP 302
- https://www.ryuoo.net/
- https://www.ryuoo.net/loyalty/redemption/rewards/cart/express/js/layouts.js HTTP 302
- https://www.ryuoo.net/
- https://www.ryuoo.net/loyalty/redemption/rewards/cart/shop/js/shoppingcart_contents.js HTTP 302
- https://www.ryuoo.net/
- https://www.ryuoo.net/css/cx/v/ngn/js/commonFunctions.js HTTP 302
- https://www.ryuoo.net/
- https://www.ryuoo.net/css/cx/atgsvcs.com/js/atgsvcs.js HTTP 302
- https://www.ryuoo.net/
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
rev.html
www.ryuoo.net/css/cx/ |
45 KB 45 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
expresscommon.css
rewards.americanexpress.com/loyalty/redemption/rewards/cart/express/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.ryuoo.net/ Redirect Chain
|
16 KB 16 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clear.gif
rewards.americanexpress.com/loyalty/rewards/cart/shop/images/ |
43 B 279 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inav_ngi_nested.css
www.aexp-static.com/nav/ngn/css/ |
90 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_bluebox.gif
www.aexp-static.com/nav/ngn/img/ |
4 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clear.gif
www.aexp-static.com/nav/ngn/img/ |
43 B 237 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clear.gif
rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/images/ |
43 B 229 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.ryuoo.net/ Redirect Chain
|
16 KB 16 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.ryuoo.net/ Redirect Chain
|
16 KB 16 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cidcheckcontent.css
rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/css/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Amex_CID.png
rewards.americanexpress.com/loyalty/rewards/acctmgmt/images/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Amex_CSC.png
rewards.americanexpress.com/loyalty/rewards/acctmgmt/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img_mr_basic.gif
rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/images/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.ryuoo.net/ Redirect Chain
|
16 KB 16 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.ryuoo.net/ Redirect Chain
|
16 KB 16 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
left_arrow.gif
rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/images/ |
231 B 418 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.ryuoo.net/ Redirect Chain
|
16 KB 16 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iNav_ngi_sprite_new.gif
www.aexp-static.com/nav/ngn/img/ |
23 KB 23 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img_shdw_mainNav.png
www.aexp-static.com/nav/ngn/img/ |
143 B 338 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cidSprite.gif
rewards.americanexpress.com/loyalty/rewards/cart/shop/images/ |
18 KB 18 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
commonsprite.gif
rewards.americanexpress.com/loyalty/rewards/cart/shop/images/ |
31 KB 31 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iNav_ngi_sprite_footer.gif
www.aexp-static.com/nav/ngn/img/ |
934 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
lr.php
as00.estara.com/fs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: American Express (Financial)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask string| omn_hierarchy string| omn_pagename string| excludeOmniture function| submitFormContinue function| eStara_quick_append function| eStara_loadlr undefined| s_code function| focustomsg function| getErrorMsg_CIDContent function| onBlurError function| gotocontinue0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
as00.estara.com
rewards.americanexpress.com
www.aexp-static.com
www.ryuoo.net
154.34.49.104
23.8.0.27
23.8.8.197
8.20.172.116
045a4dd64f45c175f30c2a418615f7b6b2cba26904cbad2a4f4928cdf5f1066a
0d4e7d13d424c4569af233a3188ac42edaa093a12bced0dba6095c00047006e3
194b37addb793c71c33302afb3239216455121d66303067e15904eedd0a66b12
455f3d2788a19c162410f405d4b74c47460c42c3bab7c86a778cfd92e3a4c89e
641e856a6f9353b820697aa83e7919aabf9f97d0e83c62156abe8426b164e128
7fc622e13c9914c35e1cecfebfb5e422d7a6874d5c3adb9706e2e7c7954f622c
801278de3a8c03503c196f3bedf6f979ceddb8210638e76dcf49cd811829724b
82e400c090fb5260267fa339b115e8fe2cb3171303e252844d9756f252f39099
93acbf3e7b32cb3539563a8fc9a07d49cda15cbee762f7b5e7f359b9b406389c
93fc543a45b44b6b9f3831a1dd893cef84684a87cbf2455b6358ad4d3040757e
aaf9f77fccfd151089d074ed25f5ac3ec51a21a4bd7f253c301bac4500f28a03
b12de721b00549cb961bce8202d81fc352b69f8b6373fbc8e6f7d0516a24793b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b754eb74fa8f416b4803252f7994d7aa22d697a5eb77f0b4df8e3839f9621c9e
cf5f4862c77aa8ccb461cb4d3343fd653dd27719292b63952abe849814be417a
d3c6dbfeb63c1155df3a80a04d72d9c0c95ed561d54c9694019c28eac1920c1b
ea4a220863723b001d8302dd02ed2cb9950a85192f26053615104cebc788fc64