![](/screenshots/8e0f6e99-77e2-46b9-8a84-7879cdc85d7c.png)
cloudflare-ipfs.com
Open in
urlscan Pro
2606:4700::6811:400e
Malicious Activity!
Public Scan
Submission: On March 30 via api from GB — Scanned from GB
Summary
TLS certificate: Issued by E1 on February 25th 2024. Valid for: 3 months.
This is the only time cloudflare-ipfs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: American Express (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700::68... 2606:4700::6811:400e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 139.71.113.91 139.71.113.91 | 6307 (AMERICAN-...) (AMERICAN-EXPRESS) | |
2 3 | 104.90.82.109 104.90.82.109 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 2600:9000:206... 2600:9000:206f:bc00:2:8f43:5780:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 104.90.70.102 104.90.70.102 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 23.222.16.33 23.222.16.33 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
12 | 7 |
ASN6307 (AMERICAN-EXPRESS, US)
PTR: cdaas11.americanexpress.com
cdaas.americanexpress.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-90-82-109.deploy.static.akamaitechnologies.com
www.americanexpress.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-90-70-102.deploy.static.akamaitechnologies.com
www.aexp-static.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-222-16-33.deploy.static.akamaitechnologies.com
service.maxymiser.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
americanexpress.com
2 redirects
cdaas.americanexpress.com — Cisco Umbrella Rank: 31329 www.americanexpress.com — Cisco Umbrella Rank: 14397 |
88 KB |
2 |
aexp-static.com
www.aexp-static.com — Cisco Umbrella Rank: 13074 |
7 KB |
1 |
maxymiser.net
service.maxymiser.net — Cisco Umbrella Rank: 11640 |
531 B |
1 |
ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 3954 |
489 B |
1 |
cloudflare-ipfs.com
cloudflare-ipfs.com |
101 KB |
12 | 5 |
Domain | Requested by | |
---|---|---|
5 | cdaas.americanexpress.com |
cloudflare-ipfs.com
cdaas.americanexpress.com |
3 | www.americanexpress.com | 2 redirects |
2 | www.aexp-static.com |
cloudflare-ipfs.com
|
1 | service.maxymiser.net |
www.aexp-static.com
|
1 | nexus.ensighten.com |
cloudflare-ipfs.com
|
1 | cloudflare-ipfs.com | |
12 | 6 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cloudflare-ipfs.com E1 |
2024-02-25 - 2024-05-25 |
3 months | crt.sh |
cdaas.americanexpress.com DigiCert SHA2 Extended Validation Server CA |
2023-10-11 - 2024-10-09 |
a year | crt.sh |
m.americanexpress.com DigiCert SHA2 Extended Validation Server CA |
2024-03-06 - 2025-03-06 |
a year | crt.sh |
*.maxymiser.net DigiCert TLS RSA SHA256 2020 CA1 |
2023-11-27 - 2024-11-27 |
a year | crt.sh |
www.americanexpress.com DigiCert SHA2 Extended Validation Server CA |
2023-08-03 - 2024-08-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
Frame ID: 691D831E31D4DAE6E3D756C10B718DEE
Requests: 17 HTTP requests in this frame
Screenshot
![](/screenshots/8e0f6e99-77e2-46b9-8a84-7879cdc85d7c.png)
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/amex.png)
Detected patterns
- aexp-static\.com
![](/vendor/wappa/icons/ensighten.png)
Detected patterns
- //nexus\.ensighten\.com/
Page Statistics
38 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: About American Express
Search URL Search Domain Scan URL
Title: Investor Relations
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Global Network
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Amex Mobile App
Search URL Search Domain Scan URL
Title: Credit Cards
Search URL Search Domain Scan URL
Title: Business Credit Cards
Search URL Search Domain Scan URL
Title: Corporate Programs
Search URL Search Domain Scan URL
Title: Prepaid Cards
Search URL Search Domain Scan URL
Title: Savings Accounts & CDs
Search URL Search Domain Scan URL
Title: Gift Cards
Search URL Search Domain Scan URL
Title: Membership Rewards
Search URL Search Domain Scan URL
Title: Free Credit Score & Report
Search URL Search Domain Scan URL
Title: CreditSecure®
Search URL Search Domain Scan URL
Title: Bluebird
Search URL Search Domain Scan URL
Title: Accept Amex Cards
Search URL Search Domain Scan URL
Title: Refer A Friend
Search URL Search Domain Scan URL
Title: Credit Intel Financial Education Center
Search URL Search Domain Scan URL
Title: Supplier Diversity
Search URL Search Domain Scan URL
Title: Credit 101
Search URL Search Domain Scan URL
Title: Money Management 101
Search URL Search Domain Scan URL
Title: US Newcomers
Search URL Search Domain Scan URL
Title: Frequently Asked Questions
Search URL Search Domain Scan URL
Title: Change Country
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: Privacy Center
Search URL Search Domain Scan URL
Title: AdChoices
Search URL Search Domain Scan URL
Title: Security Center
Search URL Search Domain Scan URL
Title: Card Agreements
Search URL Search Domain Scan URL
Title: Servicemember Benefits
Search URL Search Domain Scan URL
Title: Site Map
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://www.americanexpress.com/ensighten-head-domestic HTTP 301
- https://www.americanexpress.com/ensighten-head-domestic/ HTTP 301
- https://nexus.ensighten.com/amex/amexhead/Bootstrap.js
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
cloudflare-ipfs.com/ipfs/ |
682 KB 101 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oce-min.css
cdaas.americanexpress.com/myca/oce/latest/content/css/ |
274 KB 52 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rwd.js
cdaas.americanexpress.com/myca/oce/latest/content/js/common/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Bootstrap.js
nexus.ensighten.com/amex/amexhead/ Redirect Chain
|
15 B 489 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mmcore.js
www.aexp-static.com/cdaas/api/testtarget/maxymiser/1.13.0/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cm15-double-card.png
cdaas.americanexpress.com/myca/oce/latest/content/images/common/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cid-double.png
cdaas.americanexpress.com/myca/oce/latest/content/images/common/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dls-logo-line.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.7.1/package/dist/img/logos/ |
2 KB 903 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dls-flag-us.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
service.maxymiser.net/cg/v5us/ |
223 B 531 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
amex-desktop-logo.png
cdaas.americanexpress.com/myca/oce/latest/content/images/common/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
644 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
8 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
764 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
984 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
www.americanexpress.com/ |
1 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.aexp-static.com
- URL
- https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/dls-flag-us.svg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: American Express (Financial)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onpagereveal function| _0x1f2493 function| _0x5b51 function| _0x36f5 object| NAV number| j object| mmLocalAttr object| mmRequestCallbacks object| mmsystem1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cloudflare-ipfs.com/ | Name: __cf_bm Value: ePeifnwbwC7vHTRF17JzC6WMIbwMhi3LW8n_akiQQ8s-1711842714-1.0.1.1-.VXSwd7cXKMvXCZzKNIwJjTznCmpwaiVzF9DODSXTPCZH0brM7ZKg3jR1eqM3uB0.KLcjoGLN_Yn9wc8yeSsPw |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdaas.americanexpress.com
cloudflare-ipfs.com
nexus.ensighten.com
service.maxymiser.net
www.aexp-static.com
www.americanexpress.com
www.aexp-static.com
104.90.70.102
104.90.82.109
139.71.113.91
23.222.16.33
2600:9000:206f:bc00:2:8f43:5780:93a1
2606:4700::6811:400e
00f72e7e92ae5d3b90d7e483948a01906d98f81f837c45e6ee7a4f868e4dfe07
265d3f591d92fadfe95f4660c382ee64a23538a7353b9880434205a102833de0
428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd
564a66835dbdf4eda01f07e7f60344b644343cef1ed9eb40924108d417459bec
5c5381a437e62da458e251201a5c46af59e750b8f40470b77d00ce9fcf08fc6b
5cb5e693ba5e56c274a113f77c50becb662d18324b2ed681432f60ee4761de3d
610166ddd2d965283356d314f592522c1907a5334cec1daa0874fc61639a667c
677a6a5da6f0e85f66c5232fc39ffd285ed010a9498c40cdd7e56d2ff0b7e7da
71e7da9aa463a8be3a95848a9ff158473d323fcac8109889e1391ee9ab7f3288
9683e288802130399d83f7a9a577d98e3612236ab0f311f30f16a97cb4deb710
a185f56fce5110dfca7a78b8b5d22bb82d5dc4e597a3d589158cbe5e1fa9fac7
c000ce3efd67b43d573f0270ec30bb3854908f0672a8e08a6809a3680b7b8542
c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633
c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9
e9a384a168119971f8aea1448d6a5c1dd5cf63c7331aa009da1dcdf087b2eff2
efae9cd5014961a36fb87ef21904d55754860d014ab680a182d110d2c24ae4e3