urlscan.io logo urlscan.io
SecurityTrails logo

cloudflare-ipfs.com Open in urlscan Pro
2606:4700::6811:400e  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
Submission: On March 30 via api from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 1 countries across 5 domains to perform 12 HTTP transactions. The main IP is 2606:4700::6811:400e, located in United States and belongs to CLOUDFLARENET, US. The main domain is cloudflare-ipfs.com.
TLS certificate: Issued by E1 on February 25th 2024. Valid for: 3 months.
This is the only time cloudflare-ipfs.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: American Express (Financial)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700::68... 13335 (CLOUDFLAR...)
5 139.71.113.91 6307 (AMERICAN-...)
2 3 104.90.82.109 16625 (AKAMAI-AS)
1 2600:9000:206... 16509 (AMAZON-02)
2 104.90.70.102 16625 (AKAMAI-AS)
1 23.222.16.33 20940 (AKAMAI-ASN1)
12 7
1    2606:4700::6811:400e (United States)

ASN13335 (CLOUDFLARENET, US)
cloudflare-ipfs.com
5    139.71.113.91 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: cdaas11.americanexpress.com
cdaas.americanexpress.com
3    104.90.82.109 (Philadelphia, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-82-109.deploy.static.akamaitechnologies.com
www.americanexpress.com
1    2600:9000:206f:bc00:2:8f43:5780:93a1 (United States)

ASN16509 (AMAZON-02, US)
nexus.ensighten.com
2    104.90.70.102 (Philadelphia, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-70-102.deploy.static.akamaitechnologies.com
www.aexp-static.com
1    23.222.16.33 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-222-16-33.deploy.static.akamaitechnologies.com
service.maxymiser.net
Apex Domain
Subdomains		 Transfer
8 americanexpress.com
cdaas.americanexpress.com — Cisco Umbrella Rank: 31329
www.americanexpress.com — Cisco Umbrella Rank: 14397
88 KB
2 aexp-static.com
www.aexp-static.com — Cisco Umbrella Rank: 13074
7 KB
1 maxymiser.net
service.maxymiser.net — Cisco Umbrella Rank: 11640
531 B
1 ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 3954
489 B
1 cloudflare-ipfs.com
cloudflare-ipfs.com
101 KB
12 5
Domain Requested by
5 cdaas.americanexpress.com cloudflare-ipfs.com
cdaas.americanexpress.com
3 www.americanexpress.com 2 redirects
2 www.aexp-static.com cloudflare-ipfs.com
1 service.maxymiser.net www.aexp-static.com
1 nexus.ensighten.com cloudflare-ipfs.com
1 cloudflare-ipfs.com
12 6
Subject Issuer Validity Valid
cloudflare-ipfs.com
E1		 2024-02-25 -
2024-05-25		 3 months crt.sh
cdaas.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2023-10-11 -
2024-10-09		 a year crt.sh
m.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2024-03-06 -
2025-03-06		 a year crt.sh
*.maxymiser.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-27 -
2024-11-27		 a year crt.sh
www.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2023-08-03 -
2024-08-01		 a year crt.sh

This page contains 1 frames:

Primary Page: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
Frame ID: 691D831E31D4DAE6E3D756C10B718DEE
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • aexp-static\.com
Overall confidence: 100%
Detected patterns
  • //nexus\.ensighten\.com/

Page Statistics

12
Requests

83 %
HTTPS

33 %
IPv6

5
Domains

6
Subdomains

7
IPs

1
Countries

194 kB
Transfer

1020 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://www.americanexpress.com/ensighten-head-domestic HTTP 301
  • https://www.americanexpress.com/ensighten-head-domestic/ HTTP 301
  • https://nexus.ensighten.com/amex/amexhead/Bootstrap.js

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
cloudflare-ipfs.com/ipfs/ 		682 KB
101 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:400e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9683e288802130399d83f7a9a577d98e3612236ab0f311f30f16a97cb4deb710

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-GB,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
Content-Type Range User-Agent X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-expose-headers
Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age
50471
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=29030400, immutable
cf-cache-status
HIT
cf-ray
86cc02a67f439404-LHR
content-encoding
br
content-type
text/html
date
Sat, 30 Mar 2024 23:51:54 GMT
etag
W/"Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN"
server
cloudflare
vary
Accept-Encoding
x-cf-ipfs-cache-status
hit
x-ipfs-path
/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
x-ipfs-roots
Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
oce-min.css
cdaas.americanexpress.com/myca/oce/latest/content/css/ 		274 KB
52 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdaas.americanexpress.com/myca/oce/latest/content/css/oce-min.css
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.113.91 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas11.americanexpress.com
Software
/
Resource Hash
efae9cd5014961a36fb87ef21904d55754860d014ab680a182d110d2c24ae4e3

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://cloudflare-ipfs.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:51:55 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Feb 2024 21:08:01 GMT
ETag
W/"65d7b7b1-44635"
Vary
Origin
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=31536000, must-revalidate
Connection
keep-alive
Timing-Allow-Origin
*
rwd.js
cdaas.americanexpress.com/myca/oce/latest/content/js/common/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdaas.americanexpress.com/myca/oce/latest/content/js/common/js/rwd.js
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.113.91 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas11.americanexpress.com
Software
/
Resource Hash
71e7da9aa463a8be3a95848a9ff158473d323fcac8109889e1391ee9ab7f3288

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://cloudflare-ipfs.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:51:55 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Feb 2024 21:08:01 GMT
ETag
W/"65d7b7b1-caa"
Vary
Origin
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=31536000, must-revalidate
Connection
keep-alive
Timing-Allow-Origin
*
Bootstrap.js
nexus.ensighten.com/amex/amexhead/
Redirect Chain
  • https://www.americanexpress.com/ensighten-head-domestic
  • https://www.americanexpress.com/ensighten-head-domestic/
  • https://nexus.ensighten.com/amex/amexhead/Bootstrap.js
15 B
489 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/amex/amexhead/Bootstrap.js
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
Protocol
H2
Server
2600:9000:206f:bc00:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://cloudflare-ipfs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date
Sat, 30 Mar 2024 23:51:57 GMT
x-amz-version-id
pHusu5gtqv7qXKt.eLWGtjQ.82aNnlPg
via
1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
content-length
15
last-modified
Fri, 13 Oct 2023 04:10:47 GMT
server
CloudFront
etag
"ffe905f50d9b47e6353b68513c4d48ac"
content-type
application/javascript
cache-control
no-cache, no-store
accept-ranges
bytes
x-amz-cf-id
9aQnFAAyQnHVz1fmsJf8psI1U3V1De6tTKxi0Y4oNt2C3C5y6xt5Pw==

Redirect headers

location
https://nexus.ensighten.com/amex/amexhead/Bootstrap.js
strict-transport-security
max-age=15552000;
x-cnection
close
date
Sat, 30 Mar 2024 23:51:55 GMT
content-length
262
x-frame-options
SAMEORIGIN
content-type
text/html; charset=iso-8859-1
mmcore.js
www.aexp-static.com/cdaas/api/testtarget/maxymiser/1.13.0/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/api/testtarget/maxymiser/1.13.0/mmcore.js
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e9a384a168119971f8aea1448d6a5c1dd5cf63c7331aa009da1dcdf087b2eff2

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://cloudflare-ipfs.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 30 Mar 2024 23:51:55 GMT
content-encoding
gzip
last-modified
Tue, 03 Nov 2020 10:38:54 GMT
etag
W/"5fa1333e-4367"
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
6199
cm15-double-card.png
cdaas.americanexpress.com/myca/oce/latest/content/images/common/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdaas.americanexpress.com/myca/oce/latest/content/images/common/cm15-double-card.png
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.113.91 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas11.americanexpress.com
Software
/
Resource Hash
a185f56fce5110dfca7a78b8b5d22bb82d5dc4e597a3d589158cbe5e1fa9fac7

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://cloudflare-ipfs.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:51:55 GMT
Last-Modified
Wed, 02 Aug 2023 20:22:33 GMT
ETag
"64cabb09-2667"
Vary
Origin
Content-Type
image/png
Cache-Control
max-age=31536000, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
9831
cid-double.png
cdaas.americanexpress.com/myca/oce/latest/content/images/common/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdaas.americanexpress.com/myca/oce/latest/content/images/common/cid-double.png
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.113.91 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas11.americanexpress.com
Software
/
Resource Hash
564a66835dbdf4eda01f07e7f60344b644343cef1ed9eb40924108d417459bec

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://cloudflare-ipfs.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:51:55 GMT
Last-Modified
Wed, 02 Aug 2023 20:22:33 GMT
ETag
"64cabb09-236a"
Vary
Origin
Content-Type
image/png
Cache-Control
max-age=31536000, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
9066
dls-logo-line.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.7.1/package/dist/img/logos/ 		2 KB
903 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.7.1/package/dist/img/logos/dls-logo-line.svg
Requested by
Host: cloudflare-ipfs.com
URL: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://cloudflare-ipfs.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 30 Mar 2024 23:51:55 GMT
content-encoding
gzip
last-modified
Fri, 18 Oct 2019 19:50:49 GMT
etag
W/"5daa1799-693"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=15552000
timing-allow-origin
*
content-length
712
expires
Sun, 13 Sep 2020 09:21:30 GMT
dls-flag-us.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/ 		0
0
/
service.maxymiser.net/cg/v5us/ 		223 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://service.maxymiser.net/cg/v5us/?fv=dmn%3Damericanexpress.com%3Bref%3D%3Burl%3Dhttps%253A%252F%252Fcloudflare-ipfs.com%252Fipfs%252FQma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN%3Bscrw%3D800%3Bscrh%3D600%3Bclrd%3D24%3Bcok%3D1&lver=1.13&jsncl=mmRequestCallbacks%5B1%5D&ri=1&lto=0&jrt=f
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/api/testtarget/maxymiser/1.13.0/mmcore.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.222.16.33 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-222-16-33.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
00f72e7e92ae5d3b90d7e483948a01906d98f81f837c45e6ee7a4f868e4dfe07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://cloudflare-ipfs.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sat, 30 Mar 2024 23:51:57 GMT
x-content-type-options
nosniff
last-modified
03/30/2024 23:51:56
server
nginx
x-frame-options
SAMEORIGIN
p3p
CP="DEV IND NOI OTC OUR PSA PSD"
content-type
text/javascript; charset=utf-8
cache-control
no-store, no-cache, must-revalidate,post-check=0, pre-check=0
content-length
223
x-xss-protection
1; mode=block
expires
Sun, 06 Jan 1980 01:00:00 GMT
amex-desktop-logo.png
cdaas.americanexpress.com/myca/oce/latest/content/images/common/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdaas.americanexpress.com/myca/oce/latest/content/images/common/amex-desktop-logo.png
Requested by
Host: cdaas.americanexpress.com
URL: https://cdaas.americanexpress.com/myca/oce/latest/content/css/oce-min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.113.91 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
cdaas11.americanexpress.com
Software
/
Resource Hash
610166ddd2d965283356d314f592522c1907a5334cec1daa0874fc61639a667c

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://cdaas.americanexpress.com/myca/oce/latest/content/css/oce-min.css
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 30 Mar 2024 23:51:57 GMT
Last-Modified
Thu, 22 Feb 2024 21:08:04 GMT
ETag
"65d7b7b4-2b7e"
Vary
Origin
Content-Type
image/png
Cache-Control
max-age=31536000, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*
Content-Length
11134
truncated
/ 		644 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
677a6a5da6f0e85f66c5232fc39ffd285ed010a9498c40cdd7e56d2ff0b7e7da

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c000ce3efd67b43d573f0270ec30bb3854908f0672a8e08a6809a3680b7b8542

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		764 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5c5381a437e62da458e251201a5c46af59e750b8f40470b77d00ce9fcf08fc6b

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		984 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5cb5e693ba5e56c274a113f77c50becb662d18324b2ed681432f60ee4761de3d

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
favicon.ico
www.americanexpress.com/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.americanexpress.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.82.109 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-82-109.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
265d3f591d92fadfe95f4660c382ee64a23538a7353b9880434205a102833de0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://cloudflare-ipfs.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=15552000;
content-encoding
gzip
date
Sat, 30 Mar 2024 23:51:57 GMT
last-modified
Fri, 07 Jun 2019 04:05:21 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/x-icon
x-cnection
close
accept-ranges
bytes
content-length
1381

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.aexp-static.com
URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/dls-flag-us.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: American Express (Financial)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal function| _0x1f2493 function| _0x5b51 function| _0x36f5 object| NAV number| j object| mmLocalAttr object| mmRequestCallbacks object| mmsystem

1 Cookies

Domain/Path Name / Value
cloudflare-ipfs.com/ Name: __cf_bm
Value: ePeifnwbwC7vHTRF17JzC6WMIbwMhi3LW8n_akiQQ8s-1711842714-1.0.1.1-.VXSwd7cXKMvXCZzKNIwJjTznCmpwaiVzF9DODSXTPCZH0brM7ZKg3jR1eqM3uB0.KLcjoGLN_Yn9wc8yeSsPw

8 Console Messages

Source Level URL
Text
javascript warning URL: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN(Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdaas.americanexpress.com/myca/oce/latest/content/js/common/js/rwd.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN(Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.americanexpress.com/ensighten-head-domestic, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN(Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.aexp-static.com/cdaas/api/testtarget/maxymiser/1.13.0/mmcore.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript error URL: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN(Line 3)
Message:
Access to image at 'https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/dls-flag-us.svg' from origin 'https://cloudflare-ipfs.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/dls-flag-us.svg
Message:
Failed to load resource: net::ERR_FAILED
javascript warning URL: https://www.aexp-static.com/cdaas/api/testtarget/maxymiser/1.13.0/mmcore.js(Line 12)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://service.maxymiser.net/cg/v5us/?fv=dmn%3Damericanexpress.com%3Bref%3D%3Burl%3Dhttps%253A%252F%252Fcloudflare-ipfs.com%252Fipfs%252FQma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN%3Bscrw%3D800%3Bscrh%3D600%3Bclrd%3D24%3Bcok%3D1&lver=1.13&jsncl=mmRequestCallbacks%5B1%5D&ri=1&lto=0&jrt=f, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://www.aexp-static.com/cdaas/api/testtarget/maxymiser/1.13.0/mmcore.js(Line 12)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://service.maxymiser.net/cg/v5us/?fv=dmn%3Damericanexpress.com%3Bref%3D%3Burl%3Dhttps%253A%252F%252Fcloudflare-ipfs.com%252Fipfs%252FQma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN%3Bscrw%3D800%3Bscrh%3D600%3Bclrd%3D24%3Bcok%3D1&lver=1.13&jsncl=mmRequestCallbacks%5B1%5D&ri=1&lto=0&jrt=f, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
recommendation verbose URL: https://cloudflare-ipfs.com/ipfs/Qma8qpsH1dQb3S4iaVQfhDaviqD7vxN7mC7kCPRwJSoYkN
Message:
[DOM] Multiple forms should be contained in their own form elements; break up complex forms into ones that represent a single action: (More info: https://goo.gl/9p2vKq) %o