vgbalance.com Open in urlscan Pro
190.115.26.11 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://vgbalance.com/amex.php
Submission: On November 21 via manual (November 21st 2022, 6:10:42 pm UTC) from AU — Scanned from AU

Summary HTTP 30 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 11 IPs in 5 countries across 10 domains to perform 30 HTTP transactions. The main IP is 190.115.26.11, located in Belize City, Belize and belongs to DDOS-GUARD CORP., BZ. The main domain is vgbalance.com.
TLS certificate: Issued by R3 on November 16th 2022. Valid for: 3 months.

This is the only time vgbalance.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: American Express (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	190.115.26.11 190.115.26.11	262254 (DDOS-GUAR...) (DDOS-GUARD CORP.)
2	104.87.102.220 104.87.102.220	16625 (AKAMAI-AS) (AKAMAI-AS)
3	104.18.11.207 104.18.11.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	45.60.11.91 45.60.11.91	19551 (INCAPSULA) (INCAPSULA)
3	45.60.15.91 45.60.15.91	19551 (INCAPSULA) (INCAPSULA)
2	74.125.24.147 74.125.24.147	15169 (GOOGLE) (GOOGLE)
8	13.35.8.28 13.35.8.28	16509 (AMAZON-02) (AMAZON-02)
1	52.18.63.80 52.18.63.80	16509 (AMAZON-02) (AMAZON-02)
1	35.80.101.90 35.80.101.90	16509 (AMAZON-02) (AMAZON-02)
4	142.251.10.94 142.251.10.94	15169 (GOOGLE) (GOOGLE)
1	142.250.4.94 142.250.4.94	15169 (GOOGLE) (GOOGLE)
30	11

1 190.115.26.11 (Belize City, Belize)

ASN262254 (DDOS-GUARD CORP., BZ)

vgbalance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.87.102.220 (Singapore, Singapore)

ASN16625 (AKAMAI-AS, US)
PTR: a104-87-102-220.deploy.static.akamaitechnologies.com

www.aexp-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.11.207 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.60.11.91 (United States) 3 redirects

ASN19551 (INCAPSULA, US)

amexprepaidcard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.60.15.91 (United States)

ASN19551 (INCAPSULA, US)

www.amexprepaidcard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.24.147 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f147.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 13.35.8.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-8-28.sin5.r.cloudfront.net

images.ctfassets.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.63.80 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-63-80.eu-west-1.compute.amazonaws.com

canarytokens.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.80.101.90 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-80-101-90.us-west-2.compute.amazonaws.com

ssl.kaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.10.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f94.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.4.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	ctfassets.net images.ctfassets.net — Cisco Umbrella Rank: 3728	76 KB
6	amexprepaidcard.com 3 redirects amexprepaidcard.com www.amexprepaidcard.com	771 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	361 KB
3	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 712	103 KB
2	google.com www.google.com — Cisco Umbrella Rank: 2	2 KB
2	aexp-static.com www.aexp-static.com — Cisco Umbrella Rank: 13172	103 KB
1	kaptcha.com ssl.kaptcha.com — Cisco Umbrella Rank: 8798	623 B
1	canarytokens.com canarytokens.com — Cisco Umbrella Rank: 481844	238 B
1	vgbalance.com vgbalance.com	15 KB
0	giftingapp.com Failed prod.giftingapp.com Failed
30	10

	Domain	Requested by
8	images.ctfassets.net	vgbalance.com
4	www.gstatic.com	www.google.com www.gstatic.com
3	www.amexprepaidcard.com	vgbalance.com www.amexprepaidcard.com
3	amexprepaidcard.com	3 redirects
3	maxcdn.bootstrapcdn.com	vgbalance.com maxcdn.bootstrapcdn.com
2	www.google.com	vgbalance.com www.gstatic.com
2	www.aexp-static.com	vgbalance.com www.aexp-static.com
1	fonts.gstatic.com	www.google.com
1	ssl.kaptcha.com	vgbalance.com
1	canarytokens.com	vgbalance.com
1	vgbalance.com
0	prod.giftingapp.com Failed	ssl.kaptcha.com
30	12

This site contains links to these domains. Also see Links.

Domain
www.americanexpress.com
www.peoplestrust.com
www.fscarddisclosures.com

Subject Issuer	Validity	Valid
vgbalance.com R3	`2022-11-16` - `2023-02-14`	3 months	crt.sh
m.americanexpress.com DigiCert SHA2 Extended Validation Server CA	`2022-05-16` - `2023-05-15`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
images.ctfassets.net Amazon	`2022-02-17` - `2023-03-18`	a year	crt.sh
canarytokens.org R3	`2022-11-13` - `2023-02-11`	3 months	crt.sh
ssl.kaptcha.com Sectigo RSA Organization Validation Secure Server CA	`2022-10-18` - `2023-10-18`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://vgbalance.com/amex.php
Frame ID: D79EBCC62BE228C76764D0455AB3260D
Requests: 23 HTTP requests in this frame

Frame: https://ssl.kaptcha.com/logo.htm?m=109700&s=035906c1495843b39aea5b3738efbc55
Frame ID: 4EAD44568C733D6C66E8C4C37F387039
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfHaWwfAAAAAPWSZHeXnHmXMX3-4w2NkAQwyJcZ&co=aHR0cHM6Ly92Z2JhbGFuY2UuY29tOjQ0Mw..&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=m9w8zcify9qz
Frame ID: 107ED6864CF5D362F61B3E25AB0D46AD
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Check Balance | American Express Prepaid Cards

Detected technologies

Contentful (CMS) Expand

Overall confidence: 100%
Detected patterns

<[^>]+(?:https?:)?//(?:assets|downloads|images|videos)\.(?:ct?fassets\.net|contentful\.com)

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Amex Express Checkout (Payment processors) Expand

Overall confidence: 100%
Detected patterns

aexp-static\.com

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

30
Requests

77 %
HTTPS

0 %
IPv6

10
Domains

12
Subdomains

11
IPs

5
Countries

1433 kB
Transfer

4894 kB
Size

4
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.americanexpress.com/canada/en/giftcards/
Title: click here

Search URL Search Domain Scan URL

URL: https://www.americanexpress.com/us/content/legal-disclosures/website-rules-and-regulations.html?inav=footer_Terms_of_Use
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.peoplestrust.com/en/legal/privacy-security/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.fscarddisclosures.com/InComm_Accessibility_Statement.pdf
Title: Accessibility Statement

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://amexprepaidcard.com/styles.2d492a6b471753eb39b7.css HTTP 301
https://www.amexprepaidcard.com/styles.2d492a6b471753eb39b7.css

Request Chain 13

https://amexprepaidcard.com/polyfills.acf922391a343f1c2065.js HTTP 301
https://www.amexprepaidcard.com/polyfills.acf922391a343f1c2065.js

Request Chain 14

https://amexprepaidcard.com/main.563d191ddd3d3737569f.js HTTP 301
https://www.amexprepaidcard.com/main.563d191ddd3d3737569f.js

30 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request amex.php Show response
vgbalance.com/ 50 KB
15 KB 1920ms
393ms Document
text/html 190.115.26.11
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to

Full URL

https://vgbalance.com/amex.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

190.115.26.11 Belize City, Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

Software

ddos-guard /

Resource Hash

517887f97389c0a1643265c21cde5f48b6656210f22d8113fa4d3ddfc5b7e488

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

content-encoding: br
content-security-policy: upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
date: Mon, 21 Nov 2022 18:10:35 GMT
server: ddos-guard
vary: Accept-Encoding

GET
H2 200 dls.css
www.aexp-static.com/cdaas/one/statics/axp-dls/5.4.0/package/dist/styles/ 583 KB
66 KB 740ms
211ms Stylesheet
text/css 104.87.102.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aexp-static.com/cdaas/one/statics/axp-dls/5.4.0/package/dist/styles/dls.css
Requested by: Host: vgbalance.com
URL: https://vgbalance.com/amex.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.87.102.220 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-87-102-220.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 535c9e3ec9bb07fad6525cb6e51cc37cf87425efdca6ccd3b667197de60983c0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 18:10:36 GMT
content-encoding: gzip
last-modified: Tue, 24 Oct 2017 17:20:27 GMT
etag: W/"59ef765b-91a70"
vary: Origin, Accept-Encoding
content-type: text/css
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-length: 67593

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 118 KB
20 KB 284ms
106ms Stylesheet
text/css 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Requested by

Host: vgbalance.com
URL: https://vgbalance.com/amex.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.11.207 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 18:10:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 637, 617, 617
age: 8122102
cdn-cachedat: 2021-04-22 11:15:53
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: c5fbcdc59da8c9992591ab54c0c4d153
timing-allow-origin: *
cdn-requestcountrycode: AU
cf-ray: 76db620cbbca5a6d-MEL
cdn-requestpullsuccess: True

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 280ms
102ms Stylesheet
text/css 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: vgbalance.com
URL: https://vgbalance.com/amex.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.11.207 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 18:10:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 637, 617, 617
age: 18385165
cdn-cachedat: 2021-04-22 16:03:46
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 3c6a4a259380dca43f0a33b7b087bf7c
timing-allow-origin: *
cdn-requestcountrycode: AU
cf-ray: 76db620cbbcb5a6d-MEL
cdn-requestpullsuccess: True

GET
H2

200

styles.2d492a6b471753eb39b7.css
www.amexprepaidcard.com/
Redirect Chain

https://amexprepaidcard.com/styles.2d492a6b471753eb39b7.css
https://www.amexprepaidcard.com/styles.2d492a6b471753eb39b7.css

284 KB
27 KB

304ms
107ms

Stylesheet
text/css

45.60.15.91
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.amexprepaidcard.com/styles.2d492a6b471753eb39b7.css

Requested by

Host: vgbalance.com
URL: https://vgbalance.com/amex.php

Protocol

Server

45.60.15.91 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

c2e71cee224c6c4da849d652ff77ebf4a91257eafe9e922c84ed2b97cb189961

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.imperva.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 18:10:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
last-modified: Wed, 31 Aug 2022 20:31:26 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' https://*.imperva.com
etag: "0x8DA8B8FC77722B4"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.contentful.com images.ctfassets.net maxcdn.bootstrapcdn.com www.gstatic.com *.doubleclick.net www.aexp-static.com ssl.kaptcha.com js.maxmind.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
content-type: text/css
x-iinfo: 4-12464498-12459803 2CNN RT(1669054236110 98) q(0 0 0 0) r(0 0) U18
cache-control: max-age=86126, public
content-length: 26982
x-xss-protection: 1; mode=block
expires: Tue, 22 Nov 2022 18:06:02 GMT

Redirect headers

location: https://www.amexprepaidcard.com/styles.2d492a6b471753eb39b7.css
strict-transport-security: max-age=31536000
content-length: 0

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
996 B 668ms
230ms Script
text/javascript 74.125.24.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LfHaWwfAAAAAPWSZHeXnHmXMX3-4w2NkAQwyJcZ&hl=en

Requested by

Host: vgbalance.com
URL: https://vgbalance.com/amex.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f147.1e100.net

Software

GSE /

Resource Hash

974d90b329c98da2a4792036ae8a865b7f0dd8c7a6a96f09697ef3bc0f1a167d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 18:10:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 583
x-xss-protection: 1; mode=block
expires: Mon, 21 Nov 2022 18:10:36 GMT

GET
H2 200 header_logo.png
images.ctfassets.net/ax2anqjzioj8/7CdIp3u6XsSbsUaivihtHm/a856545902716cafcca3825ab84d3338/ 6 KB
7 KB 548ms
197ms Image
image/png 13.35.8.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/ax2anqjzioj8/7CdIp3u6XsSbsUaivihtHm/a856545902716cafcca3825ab84d3338/header_logo.png
Requested by: Host: vgbalance.com
URL: https://vgbalance.com/amex.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.8.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-8-28.sin5.r.cloudfront.net
Software: Contentful Images API /
Resource Hash: 452f16e8e0272a473be93a2931604efebd1e4987ae4a0ae2544018243cc07164

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 18:42:20 GMT
via: 1.1 490cd3b4c8c8e2aafa0be58f76446f44.cloudfront.net (CloudFront)
last-modified: Mon, 27 Sep 2021 17:56:18 GMT
server: Contentful Images API
x-amz-cf-pop: SIN5-C1
age: 84496
etag: "ecaad3be8037a461a7e8604c8ccaeec9"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 6370
x-amz-cf-id: aQMn5_p1f8cTzktbA8dHLyUE1l9H0PhZeJDveS73KwlJNginjLnBng==

GET
H2 200 flagIconCA.png
images.ctfassets.net/ax2anqjzioj8/5GQDqYufjNszpUp9H4y8go/58469ddcd3d2a12a29a9cbb853ff4edb/ 1 KB
2 KB 523ms
172ms Image
image/png 13.35.8.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/ax2anqjzioj8/5GQDqYufjNszpUp9H4y8go/58469ddcd3d2a12a29a9cbb853ff4edb/flagIconCA.png
Requested by: Host: vgbalance.com
URL: https://vgbalance.com/amex.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.8.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-8-28.sin5.r.cloudfront.net
Software: Contentful Images API /
Resource Hash: a076faebaddd2e0404d60b2391206dfa6722b4c86c32231bd1ca8c3aa9e8bc6f

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 18:42:20 GMT
via: 1.1 490cd3b4c8c8e2aafa0be58f76446f44.cloudfront.net (CloudFront)
last-modified: Mon, 04 Mar 2019 22:20:05 GMT
server: Contentful Images API
x-amz-cf-pop: SIN5-C1
age: 84496
etag: "49cd5b6a0f7b6d0dc8727b28e7c91df1"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 1423
x-amz-cf-id: E5kjXvBy07-933tLWx-ai9c0RSiKt4K6Dy9ny55BKN6bJ7S_DSSCJQ==

GET
H2 200 AmEx_Prepaid_CA_HERO_022719.png
images.ctfassets.net/ax2anqjzioj8/7DYJfuoSNhKfC2bvAvvguQ/5d0b0d1c3eb7311f014319aaf4ffcc3c/ 50 KB
51 KB 525ms
174ms Image
image/png 13.35.8.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/ax2anqjzioj8/7DYJfuoSNhKfC2bvAvvguQ/5d0b0d1c3eb7311f014319aaf4ffcc3c/AmEx_Prepaid_CA_HERO_022719.png
Requested by: Host: vgbalance.com
URL: https://vgbalance.com/amex.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.8.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-8-28.sin5.r.cloudfront.net
Software: Contentful Images API /
Resource Hash: 210e26c65de4ebaf4cd8b619f79da4c9df297458f27c4f428ff8de558e9a64bd

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 18:41:10 GMT
via: 1.1 490cd3b4c8c8e2aafa0be58f76446f44.cloudfront.net (CloudFront)
last-modified: Mon, 04 Mar 2019 22:20:02 GMT
server: Contentful Images API
x-amz-cf-pop: SIN5-C1
age: 84566
etag: "c55a13a993414851359e038d7aa251b4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 51682
x-amz-cf-id: aqTCM1EnnOByLALe-O0KRlzszDK3Lr56_m0lRsvoUKelVnCrvIOQmQ==

GET
H2 200 tooltip.png
images.ctfassets.net/ax2anqjzioj8/3Xqrx2vwfm0wEEU4ciesCk/83815200b611d91995dd3691c43d34d8/ 1 KB
2 KB 524ms
174ms Image
image/png 13.35.8.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/ax2anqjzioj8/3Xqrx2vwfm0wEEU4ciesCk/83815200b611d91995dd3691c43d34d8/tooltip.png
Requested by: Host: vgbalance.com
URL: https://vgbalance.com/amex.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.8.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-8-28.sin5.r.cloudfront.net
Software: Contentful Images API /
Resource Hash: d3761cdd2e4d73756a067b93a8bcfb283b5a5da64a40c6e1177604b94826dbf4

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 18:41:10 GMT
via: 1.1 490cd3b4c8c8e2aafa0be58f76446f44.cloudfront.net (CloudFront)
last-modified: Mon, 04 Mar 2019 22:20:37 GMT
server: Contentful Images API
x-amz-cf-pop: SIN5-C1
age: 84566
etag: "ecf6ea03c86f6c44fa8edff79a10e61c"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 1375
x-amz-cf-id: BqZts2MQYc0B2du7XKlAUfAdM66WdsW2iA-nMIA1JwrL8lEZ9hAp0g==

GET
H2 200 icon_NoFees.png
images.ctfassets.net/ax2anqjzioj8/4rwamdB0p2S8qcsOYE8w6S/355ae685fdec1f7970fb87e295c715d2/ 2 KB
3 KB 509ms
182ms Image
image/png 13.35.8.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/ax2anqjzioj8/4rwamdB0p2S8qcsOYE8w6S/355ae685fdec1f7970fb87e295c715d2/icon_NoFees.png
Requested by: Host: vgbalance.com
URL: https://vgbalance.com/amex.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.8.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-8-28.sin5.r.cloudfront.net
Software: Contentful Images API /
Resource Hash: 3b2f17aad77e6930f34a34e57c08b3a12685ba8cee09b56ac0deb001c17ea5be

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 18:41:10 GMT
via: 1.1 490cd3b4c8c8e2aafa0be58f76446f44.cloudfront.net (CloudFront)
last-modified: Tue, 02 Nov 2021 19:26:57 GMT
server: Contentful Images API
x-amz-cf-pop: SIN5-C1
age: 84566
etag: "a080acaf92deca79ef995d43a41cd7de"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 2420
x-amz-cf-id: lhy9lx3zyk_p6tj2bxcQP7cVqGBC99RYLsu3nh23Bj9UtNZi_Ah8vg==

GET
H2 200 icon_lock.png
images.ctfassets.net/ax2anqjzioj8/3jGx0WfQAM2YcE0WE8yAOu/1721e476399ad3411b9836b9496958bd/ 2 KB
2 KB 504ms
178ms Image
image/png 13.35.8.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/ax2anqjzioj8/3jGx0WfQAM2YcE0WE8yAOu/1721e476399ad3411b9836b9496958bd/icon_lock.png
Requested by: Host: vgbalance.com
URL: https://vgbalance.com/amex.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.8.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-8-28.sin5.r.cloudfront.net
Software: Contentful Images API /
Resource Hash: ed81e45122fdcebe6f60893184eb694f95ef50ff21f8ed64dafe9aabdfedd334

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 18:41:10 GMT
via: 1.1 490cd3b4c8c8e2aafa0be58f76446f44.cloudfront.net (CloudFront)
last-modified: Mon, 04 Oct 2021 16:26:50 GMT
server: Contentful Images API
x-amz-cf-pop: SIN5-C1
age: 84566
etag: "39bdadcd1dff219821023e21b2b7ee7d"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 1540
x-amz-cf-id: njG4_K6h48B8_PhgKGzoIcehDC1M3bqQymXK0ltC3lGeuFHFlx1WuQ==

GET
H2 200 icon_rewards.png_h_250
images.ctfassets.net/ax2anqjzioj8/1IO1iixaawkmuIimc64qQG/baa6adcc1d2bd2c48e3d7f4143661b5d/ 4 KB
4 KB 229ms
228ms Image
image/png 13.35.8.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/ax2anqjzioj8/1IO1iixaawkmuIimc64qQG/baa6adcc1d2bd2c48e3d7f4143661b5d/icon_rewards.png_h_250
Requested by: Host: vgbalance.com
URL: https://vgbalance.com/amex.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.8.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-8-28.sin5.r.cloudfront.net
Software: Contentful Images API /
Resource Hash: 0dc422afe0f9f4983f944d98e95515bf2474f4ce35ec9afda8d8f32cac03b559

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 18:41:10 GMT
via: 1.1 490cd3b4c8c8e2aafa0be58f76446f44.cloudfront.net (CloudFront)
last-modified: Mon, 27 Sep 2021 18:01:14 GMT
server: Contentful Images API
x-amz-cf-pop: SIN5-C1
age: 84567
etag: "f436d29d9f0f91ad54a34242fe755d7e"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 3967
x-amz-cf-id: zA_eLzDF5SFVVVuWTFOsetQTRFlUMPDelaMAqmU_-YoTI92pzDT4hg==

GET
H2 200 footer_logo.png_h_250_h_250
images.ctfassets.net/ax2anqjzioj8/5ukUNObcO0WL63LYNnq0iV/17f495fa76d7647462ebc6f7ab68a255/ 6 KB
7 KB 238ms
238ms Image
image/png 13.35.8.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/ax2anqjzioj8/5ukUNObcO0WL63LYNnq0iV/17f495fa76d7647462ebc6f7ab68a255/footer_logo.png_h_250_h_250
Requested by: Host: vgbalance.com
URL: https://vgbalance.com/amex.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.8.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-8-28.sin5.r.cloudfront.net
Software: Contentful Images API /
Resource Hash: d71aa3bf57dab7ee6bd00f3691667dac7022fd5cba7d65355d4550656437f2a2

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sun, 20 Nov 2022 18:41:11 GMT
via: 1.1 490cd3b4c8c8e2aafa0be58f76446f44.cloudfront.net (CloudFront)
last-modified: Mon, 27 Sep 2021 18:21:18 GMT
server: Contentful Images API
x-amz-cf-pop: SIN5-C1
age: 84566
etag: "a235f0f81108cedb480fa16f84b83df5"
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 6364
x-amz-cf-id: fuPIweRRZE5GQ7OxrMXJHD7kLmi_ZXB6YH-5oEjry4h0mkYJyzhWgQ==

GET
H2

200

polyfills.acf922391a343f1c2065.js Show response
www.amexprepaidcard.com/
Redirect Chain

https://amexprepaidcard.com/polyfills.acf922391a343f1c2065.js
https://www.amexprepaidcard.com/polyfills.acf922391a343f1c2065.js

225 KB
69 KB

302ms
108ms

Script
application/javascript

45.60.15.91
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.amexprepaidcard.com/polyfills.acf922391a343f1c2065.js

Requested by

Host: vgbalance.com
URL: https://vgbalance.com/amex.php

Protocol

Server

45.60.15.91 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

10a0ad1096f0b6fcffab39f2cdad3b0df03a446a797f635bbe96af9a9debca12

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.imperva.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 18:10:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
last-modified: Wed, 31 Aug 2022 20:31:26 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' https://*.imperva.com
etag: "0x8DA8B8FC770E20C"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.contentful.com images.ctfassets.net maxcdn.bootstrapcdn.com www.gstatic.com *.doubleclick.net www.aexp-static.com ssl.kaptcha.com js.maxmind.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/javascript
x-iinfo: 4-12464498-12461913 2CNN RT(1669054236110 102) q(0 0 0 -1) r(0 0) U18
cache-control: max-age=86126, public
content-length: 70155
x-xss-protection: 1; mode=block
expires: Tue, 22 Nov 2022 18:06:02 GMT

Redirect headers

location: https://www.amexprepaidcard.com/polyfills.acf922391a343f1c2065.js
strict-transport-security: max-age=31536000
content-length: 0

GET
H2

200

main.563d191ddd3d3737569f.js Show response
www.amexprepaidcard.com/
Redirect Chain

https://amexprepaidcard.com/main.563d191ddd3d3737569f.js
https://www.amexprepaidcard.com/main.563d191ddd3d3737569f.js

2 MB
674 KB

368ms
172ms

Script
application/javascript

45.60.15.91
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.amexprepaidcard.com/main.563d191ddd3d3737569f.js

Requested by

Host: vgbalance.com
URL: https://vgbalance.com/amex.php

Protocol

Server

45.60.15.91 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

8eab7ce8c121542b0f98d35d88774d6ae6e4c88c0146f3cb61563971ae110778

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://*.imperva.com
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 18:10:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
last-modified: Wed, 31 Aug 2022 20:31:26 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' https://*.imperva.com
etag: "0x8DA8B8FC76B1687"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdn.contentful.com images.ctfassets.net maxcdn.bootstrapcdn.com www.gstatic.com *.doubleclick.net www.aexp-static.com ssl.kaptcha.com js.maxmind.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/javascript
x-iinfo: 4-12464498-12461713 2CNN RT(1669054236110 99) q(0 0 0 4) r(0 0) U18
cache-control: max-age=86126, public
content-length: 686898
x-xss-protection: 1; mode=block
expires: Tue, 22 Nov 2022 18:06:02 GMT

Redirect headers

location: https://www.amexprepaidcard.com/main.563d191ddd3d3737569f.js
strict-transport-security: max-age=31536000
content-length: 0

GET
H/1.1 200
OK oujxzijrushpqupx62pqysxow.jpg
canarytokens.com/ 43 B
238 B 1460ms
466ms Image
image/gif 52.18.63.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://canarytokens.com/oujxzijrushpqupx62pqysxow.jpg?l=https://vgbalance.com/amex.php&r=
Requested by: Host: vgbalance.com
URL: https://vgbalance.com/amex.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.18.63.80 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-63-80.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://vgbalance.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date: Mon, 21 Nov 2022 18:10:38 GMT
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: image/gif

GET
H2 200 3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
www.aexp-static.com/nav/ngn/fonts/ 36 KB
37 KB 687ms
176ms Font
font/woff 104.87.102.220
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aexp-static.com/nav/ngn/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
Requested by: Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/statics/axp-dls/5.4.0/package/dist/styles/dls.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.87.102.220 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-87-102-220.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad

Request headers

Referer: https://www.aexp-static.com/cdaas/one/statics/axp-dls/5.4.0/package/dist/styles/dls.css
Origin: https://vgbalance.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 18:10:37 GMT
last-modified: Wed, 15 Aug 2018 20:46:09 GMT
etag: "5b749111-9121"
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=15552000
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length: 37153
expires: Mon, 25 Jan 2021 11:07:20 GMT

GET Arial.75400f069595b41e88ac.woff
www.amexprepaidcard.com/ 0
0

GET HelveticaNeue.a858f925b333458f7915.woff
www.amexprepaidcard.com/ 0
0

GET BentonSans-Regular.a20f0f5561b3c69fec54.woff
www.amexprepaidcard.com/ 0
0

GET
H3 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
76 KB 183ms
95ms Font
font/woff2 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.11.207 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://vgbalance.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Mon, 21 Nov 2022 18:10:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 912
age: 275
cdn-cachedat: 08/01/2022 01:11:38
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: "af7ae505a9eed503f8b8e6982036873e"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 8d2b0f32b5465722087ca00eac930c3b
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: BR
cdn-status: 200
cf-ray: 76db6214bc7c5ac0-MEL
cdn-requestpullsuccess: True

GET
H/1.1 200
OK logo.htm Show response
ssl.kaptcha.com/ Frame 4EAD 169 B
623 B 775ms
253ms Document
text/html 35.80.101.90
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ssl.kaptcha.com/logo.htm?m=109700&s=035906c1495843b39aea5b3738efbc55
Requested by: Host: vgbalance.com
URL: https://vgbalance.com/amex.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 35.80.101.90 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-80-101-90.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: ed7d7e72e46655e62e24fbd55493a82991ea2158b1dd38d6510ce648765ac83d

Request headers

Referer: https://vgbalance.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache no-store must-revalidate private
Content-Length: 169
Content-Type: text/html
Date: Mon, 21 Nov 2022 18:10:37 GMT
Expires: 0
Pragma: no-cache
X-Correlation-Id: 58281513-e058-4ca2-bc46-1ad8d9e2dd3c

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/ 399 KB
160 KB 654ms
217ms Script
text/javascript 142.251.10.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LfHaWwfAAAAAPWSZHeXnHmXMX3-4w2NkAQwyJcZ&hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

02c7565a86d6d3a80295b85161d78fc88d8c79a0e314c0c7777570237a365ed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vgbalance.com/
Origin: https://vgbalance.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sat, 19 Nov 2022 20:55:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162905
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 162976
x-xss-protection: 0
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Nov 2023 20:55:32 GMT

GET fullLogo.gif
prod.giftingapp.com/img/ Frame 4EAD 0
0

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 107E 7 KB
1 KB 525ms
223ms Document
text/html 74.125.24.147
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfHaWwfAAAAAPWSZHeXnHmXMX3-4w2NkAQwyJcZ&co=aHR0cHM6Ly92Z2JhbGFuY2UuY29tOjQ0Mw..&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=m9w8zcify9qz

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.147 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f147.1e100.net

Software

GSE /

Resource Hash

d9ce5b3de02d49eadf5341c63ad73506cc2b2f061854cfa48d447f4370c3eb87

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-13qQPKHDrTASSrHubzFWoQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://vgbalance.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 1052
content-security-policy: script-src 'report-sample' 'nonce-13qQPKHDrTASSrHubzFWoQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 21 Nov 2022 18:10:38 GMT
expires: Mon, 21 Nov 2022 18:10:38 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/ Frame 107E 52 KB
24 KB 655ms
217ms Stylesheet
text/css 142.251.10.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfHaWwfAAAAAPWSZHeXnHmXMX3-4w2NkAQwyJcZ&co=aHR0cHM6Ly92Z2JhbGFuY2UuY29tOjQ0Mw..&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=m9w8zcify9qz

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Tue, 15 Nov 2022 22:01:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 504565
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24262
x-xss-protection: 0
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Nov 2023 22:01:14 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/ Frame 107E 399 KB
159 KB 773ms
336ms Script
text/javascript 142.251.10.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

02c7565a86d6d3a80295b85161d78fc88d8c79a0e314c0c7777570237a365ed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Sat, 19 Nov 2022 20:55:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162907
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 162976
x-xss-protection: 0
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 19 Nov 2023 20:55:32 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 107E 2 KB
2 KB 218ms
217ms Image
image/png 142.251.10.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f94.1e100.net

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 17 Nov 2022 16:00:34 GMT
x-content-type-options: nosniff
age: 353406
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 24 Nov 2022 16:00:34 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 107E 15 KB
16 KB 649ms
216ms Font
font/woff2 142.250.4.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sm-in-f94.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Thu, 17 Nov 2022 17:47:47 GMT
x-content-type-options: nosniff
age: 346973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Nov 2023 17:47:47 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.amexprepaidcard.com
URL: https://www.amexprepaidcard.com/Arial.75400f069595b41e88ac.woff

Domain: www.amexprepaidcard.com
URL: https://www.amexprepaidcard.com/HelveticaNeue.a858f925b333458f7915.woff

Domain: www.amexprepaidcard.com
URL: https://www.amexprepaidcard.com/BentonSans-Regular.a20f0f5561b3c69fec54.woff

Domain: prod.giftingapp.com
URL: https://prod.giftingapp.com/img/fullLogo.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: American Express (Financial)

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.vgbalance.com/	1970-01-20 16:23:10	Name: __ddg1_ Value: wDVZ5bKhQesU2XTqogyM
.amexprepaidcard.com/	1970-01-20 16:22:47	Name: visid_incap_2727501 Value: 6KUngNFmQGOkG0gcJ60G2hy/e2MAAAAAQUIPAAAAAABAR5VLNiZsRlEDyWROhn41
.amexprepaidcard.com/	1969-12-31 23:59:59	Name: incap_ses_360_2727501 Value: KXHCT5k8/iK72VtQ1Pr+BBy/e2MAAAAAcm4lbkDKDMOr5kMKDaq+tQ==
ssl.kaptcha.com/	1970-01-20 09:47:10	Name: k Value: 21cb3474a4a24ed985b604d267937d8d

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://vgbalance.com/amex.php Message: Access to font at 'https://www.amexprepaidcard.com/HelveticaNeue.a858f925b333458f7915.woff' from origin 'https://vgbalance.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.amexprepaidcard.com/HelveticaNeue.a858f925b333458f7915.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://vgbalance.com/amex.php Message: Access to font at 'https://www.amexprepaidcard.com/Arial.75400f069595b41e88ac.woff' from origin 'https://vgbalance.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.amexprepaidcard.com/Arial.75400f069595b41e88ac.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://vgbalance.com/amex.php Message: Access to font at 'https://www.amexprepaidcard.com/BentonSans-Regular.a20f0f5561b3c69fec54.woff' from origin 'https://vgbalance.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.amexprepaidcard.com/BentonSans-Regular.a20f0f5561b3c69fec54.woff Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://prod.giftingapp.com/img/fullLogo.gif Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

amexprepaidcard.com
canarytokens.com
fonts.gstatic.com
images.ctfassets.net
maxcdn.bootstrapcdn.com
prod.giftingapp.com
ssl.kaptcha.com
vgbalance.com
www.aexp-static.com
www.amexprepaidcard.com
www.google.com
www.gstatic.com
prod.giftingapp.com
www.amexprepaidcard.com
104.18.11.207
104.87.102.220
13.35.8.28
142.250.4.94
142.251.10.94
190.115.26.11
35.80.101.90
45.60.11.91
45.60.15.91
52.18.63.80
74.125.24.147
02c7565a86d6d3a80295b85161d78fc88d8c79a0e314c0c7777570237a365ed0
0dc422afe0f9f4983f944d98e95515bf2474f4ce35ec9afda8d8f32cac03b559
10a0ad1096f0b6fcffab39f2cdad3b0df03a446a797f635bbe96af9a9debca12
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
210e26c65de4ebaf4cd8b619f79da4c9df297458f27c4f428ff8de558e9a64bd
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3b2f17aad77e6930f34a34e57c08b3a12685ba8cee09b56ac0deb001c17ea5be
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
452f16e8e0272a473be93a2931604efebd1e4987ae4a0ae2544018243cc07164
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad
4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1
517887f97389c0a1643265c21cde5f48b6656210f22d8113fa4d3ddfc5b7e488
535c9e3ec9bb07fad6525cb6e51cc37cf87425efdca6ccd3b667197de60983c0
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8eab7ce8c121542b0f98d35d88774d6ae6e4c88c0146f3cb61563971ae110778
974d90b329c98da2a4792036ae8a865b7f0dd8c7a6a96f09697ef3bc0f1a167d
a076faebaddd2e0404d60b2391206dfa6722b4c86c32231bd1ca8c3aa9e8bc6f
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
c2e71cee224c6c4da849d652ff77ebf4a91257eafe9e922c84ed2b97cb189961
d3761cdd2e4d73756a067b93a8bcfb283b5a5da64a40c6e1177604b94826dbf4
d71aa3bf57dab7ee6bd00f3691667dac7022fd5cba7d65355d4550656437f2a2
d9ce5b3de02d49eadf5341c63ad73506cc2b2f061854cfa48d447f4370c3eb87
ed7d7e72e46655e62e24fbd55493a82991ea2158b1dd38d6510ce648765ac83d
ed81e45122fdcebe6f60893184eb694f95ef50ff21f8ed64dafe9aabdfedd334
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

vgbalance.com Open in urlscan Pro 190.115.26.11 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

30 Requests

77 %HTTPS

0 %IPv6

10 Domains

12 Subdomains

11 IPs

5 Countries

1433 kBTransfer

4894 kBSize

4 Cookies

4 Outgoing links

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

vgbalance.com Open in urlscan Pro
190.115.26.11 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

77 %
HTTPS

0 %
IPv6

10
Domains

12
Subdomains

11
IPs

5
Countries

1433 kB
Transfer

4894 kB
Size

4
Cookies

30 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!