urlscan.io logo urlscan.io
SecurityTrails logo

webfileltd.co.uk Open in urlscan Pro
81.21.75.97  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://webfileltd.co.uk/ph.html
Submission: On February 25 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 81.21.75.97, located in United Kingdom and belongs to AS20738, GB. The main domain is webfileltd.co.uk.
This is the only time webfileltd.co.uk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: American Express (Financial)

Domain & IP information

IP Address AS Autonomous System
1 81.21.75.97 20738 (AS20738)
4 104.111.236.50 16625 (AKAMAI-AS)
2 4 2a01:7c8:ec:0... 20857 (TRANSIP-A...)
9 104.111.250.201 16625 (AKAMAI-AS)
16 4
1    81.21.75.97 (United Kingdom)

ASN20738 (AS20738, GB)
PTR: server71.donhost.co.uk
webfileltd.co.uk
4    104.111.236.50 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-236-50.deploy.static.akamaitechnologies.com
online.americanexpress.com
4    2a01:7c8:ec:0:149:210:196:91 (Netherlands)

ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
www.s2.be
9    104.111.250.201 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-250-201.deploy.static.akamaitechnologies.com
www.aexp-static.com
Domain Requested by
9 www.aexp-static.com webfileltd.co.uk
4 www.s2.be 2 redirects webfileltd.co.uk
4 online.americanexpress.com webfileltd.co.uk
1 webfileltd.co.uk
16 4

This site contains no links.

Subject Issuer Validity Valid
online.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2019-01-10 -
2021-01-14		 2 years crt.sh
www.s2.be
Let's Encrypt Authority X3		 2019-02-06 -
2019-05-07		 3 months crt.sh
m.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2018-08-08 -
2020-07-23		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://webfileltd.co.uk/ph.html
Frame ID: 8EDBE64652A9E56ED6968C0DAA7EE3EA
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Unix/i
Overall confidence: 100%
Detected patterns
  • headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Overall confidence: 100%
Detected patterns
  • headers server /mod_ssl(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
  • headers server /mod_ssl(?:\/([\d.]+))?/i

Page Statistics

16
Requests

94 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

275 kB
Transfer

366 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://www.s2.be/aexp-static/spacer.png HTTP 301
  • https://www.s2.be/aexp-static/spacer.png
Request Chain 6
  • http://www.s2.be/aexp-static/spacer.png HTTP 301
  • https://www.s2.be/aexp-static/spacer.png

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ph.html
webfileltd.co.uk/ 		76 KB
76 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://webfileltd.co.uk/ph.html
Protocol
HTTP/1.1
Server
81.21.75.97 , United Kingdom, ASN20738 (AS20738, GB),
Reverse DNS
server71.donhost.co.uk
Software
Apache/1.3.41 (Unix) mod_ssl/2.8.31 OpenSSL/0.9.7e-p1 /
Resource Hash
c97c9aa1b826927ea3ac199e247aeb19c7c33d9d8218851a213a814242d2b11e

Request headers

Host
webfileltd.co.uk
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 25 Feb 2019 16:52:26 GMT
Server
Apache/1.3.41 (Unix) mod_ssl/2.8.31 OpenSSL/0.9.7e-p1
Last-Modified
Sun, 24 Feb 2019 19:07:51 GMT
ETag
"225e5e7-12fc8-5c72eb87"
Accept-Ranges
bytes
Content-Length
77768
Keep-Alive
timeout=5, max=10
Connection
Keep-Alive
Content-Type
text/html
fuidFypDefault.css
online.americanexpress.com/myca/fuidfyp/us/resources/css/ 		19 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://online.americanexpress.com/myca/fuidfyp/us/resources/css/fuidFypDefault.css
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.236.50 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-236-50.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e599503c3bdee1fef6065e575091caef7a56b463e751886b298304379eab47b8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://webfileltd.co.uk/ph.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 08 Nov 2016 09:17:19 GMT
date
Mon, 25 Feb 2019 17:55:25 GMT
vary
Accept-Encoding
content-type
text/css
status
200
accept-ranges
bytes
content-length
6707
spacer.png
www.s2.be/aexp-static/
Redirect Chain
  • http://www.s2.be/aexp-static/spacer.png
  • https://www.s2.be/aexp-static/spacer.png
0
417 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.s2.be/aexp-static/spacer.png
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a01:7c8:ec:0:149:210:196:91 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://webfileltd.co.uk/ph.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Redirect headers

Location
https://www.s2.be/aexp-static/spacer.png
Date
Mon, 25 Feb 2019 17:55:25 GMT
X-TransIP-Balancer
lb1
X-TransIP-Backend
web246
Server
Apache
Content-Length
248
Content-Type
text/html; charset=iso-8859-1
inav_responsive.css
www.aexp-static.com/nav/ngn/css/ 		93 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/nav/ngn/css/inav_responsive.css
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
7f1b85f13e643de7a8dd568b6073849d777a677a7d699229b8eb2fdb787ff2b9
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://webfileltd.co.uk/ph.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
content-encoding
gzip
last-modified
Wed, 11 Apr 2018 19:54:17 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
x-frame-options
SAMEORIGIN
date
Mon, 25 Feb 2019 17:55:25 GMT
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=86400
accept-ranges
bytes
timing-allow-origin
*
content-length
11740
OCA_body-background.gif
online.americanexpress.com/myca/oce/us/oce/images/actreg/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://online.americanexpress.com/myca/oce/us/oce/images/actreg/OCA_body-background.gif
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.236.50 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-236-50.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c05cee2eb8aacab52bba3b3dd940b68055fc11a088302418c776efa459f63884
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://webfileltd.co.uk/ph.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
last-modified
Thu, 15 Nov 2018 20:11:11 GMT
date
Mon, 25 Feb 2019 17:55:25 GMT
content-type
image/gif
status
200
cache-control
private, must-revalidate, max-age=71995
accept-ranges
bytes
content-length
16020
clear.gif
www.aexp-static.com/nav/ngn/img/ 		43 B
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/nav/ngn/img/clear.gif
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;

Request headers

Referer
http://webfileltd.co.uk/ph.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
last-modified
Thu, 02 Mar 2017 09:23:00 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
date
Mon, 25 Feb 2019 17:55:25 GMT
content-type
image/gif
status
200
cache-control
max-age=7776000
accept-ranges
bytes
timing-allow-origin
*
content-length
43
logo_bluebox_1x.gif
www.aexp-static.com/nav/ngn/img/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/nav/ngn/img/logo_bluebox_1x.gif
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
b754eb74fa8f416b4803252f7994d7aa22d697a5eb77f0b4df8e3839f9621c9e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;

Request headers

Referer
http://webfileltd.co.uk/ph.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
last-modified
Thu, 02 Mar 2017 09:26:41 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
date
Mon, 25 Feb 2019 17:55:25 GMT
content-type
image/gif
status
200
cache-control
max-age=7776000
accept-ranges
bytes
timing-allow-origin
*
content-length
4424
spacer.png
www.s2.be/aexp-static/
Redirect Chain
  • http://www.s2.be/aexp-static/spacer.png
  • https://www.s2.be/aexp-static/spacer.png
0
417 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.s2.be/aexp-static/spacer.png
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a01:7c8:ec:0:149:210:196:91 , Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://webfileltd.co.uk/ph.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Redirect headers

Location
https://www.s2.be/aexp-static/spacer.png
Date
Mon, 25 Feb 2019 17:55:25 GMT
X-TransIP-Balancer
lb1
X-TransIP-Backend
web246
Server
Apache
Content-Length
248
Content-Type
text/html; charset=iso-8859-1
spacer.png
online.americanexpress.com/myca/fuidfyp/us/resources/images/ 		922 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://online.americanexpress.com/myca/fuidfyp/us/resources/images/spacer.png
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.236.50 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-236-50.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e989c2542a6af77569f5b65286bf132dd113c75810c71866dacba5d025d68bc5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://webfileltd.co.uk/ph.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 08 Nov 2016 09:17:19 GMT
date
Mon, 25 Feb 2019 17:55:25 GMT
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,TRACE
content-type
image/png
status
200
access-control-expose-headers
Date
cache-control
private, must-revalidate, max-age=132074
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
account_token,account_tokens,locale,,correlation_id,security_token
content-length
922
iNav_ngi_sprite_new.gif
www.aexp-static.com/nav/ngn/img/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/nav/ngn/img/iNav_ngi_sprite_new.gif?ver=0916_01
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
0d4e7d13d424c4569af233a3188ac42edaa093a12bced0dba6095c00047006e3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.aexp-static.com/nav/ngn/css/inav_responsive.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
last-modified
Thu, 02 Mar 2017 09:26:29 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
date
Mon, 25 Feb 2019 17:55:25 GMT
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
max-age=7776000
accept-ranges
bytes
timing-allow-origin
*
content-length
23367
img_shdw_mainNav.png
www.aexp-static.com/nav/ngn/img/ 		143 B
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/nav/ngn/img/img_shdw_mainNav.png
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
d3c6dbfeb63c1155df3a80a04d72d9c0c95ed561d54c9694019c28eac1920c1b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN

Request headers

Referer
http://webfileltd.co.uk/ph.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
last-modified
Thu, 02 Mar 2017 09:24:34 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
date
Mon, 25 Feb 2019 17:55:25 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
status
200
cache-control
max-age=7776000
accept-ranges
bytes
timing-allow-origin
*
content-length
143
3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
www.aexp-static.com/nav/ngn/fonts/ 		36 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/nav/ngn/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.aexp-static.com/nav/ngn/css/inav_responsive.css
Origin
http://webfileltd.co.uk

Response headers

strict-transport-security
max-age=15552000;
last-modified
Thu, 02 Mar 2017 09:12:19 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
date
Mon, 25 Feb 2019 17:55:25 GMT
access-control-max-age
15778463
access-control-allow-methods
GET
content-type
application/x-font-woff
status
200
cache-control
max-age=29030400
accept-ranges
bytes
timing-allow-origin
*
content-length
37153
amex-fuid-sprite.png
online.americanexpress.com/myca/fuidfyp/us/resources/images/ 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://online.americanexpress.com/myca/fuidfyp/us/resources/images/amex-fuid-sprite.png
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.236.50 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-236-50.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9a12464e4b2e913955e124313a5ab47e63b771a41bdba9390d008212a1b52052
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://online.americanexpress.com/myca/fuidfyp/us/resources/css/fuidFypDefault.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 08 Nov 2016 09:17:19 GMT
date
Mon, 25 Feb 2019 17:55:25 GMT
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,TRACE
content-type
image/png
status
200
access-control-expose-headers
Date
cache-control
private, must-revalidate, max-age=316511
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
account_token,account_tokens,locale,,correlation_id,security_token
content-length
50415
iNav_sprite_footer.gif
www.aexp-static.com/nav/ngn/img/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/nav/ngn/img/iNav_sprite_footer.gif?ver=0916_02
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
c5728ebd8f225043ec8b85f79c9964f133136f91b9bb260eb69437ce9af4573a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.aexp-static.com/nav/ngn/css/inav_responsive.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
last-modified
Thu, 02 Mar 2017 09:26:31 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
date
Mon, 25 Feb 2019 17:55:25 GMT
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
max-age=7776000
accept-ranges
bytes
timing-allow-origin
*
content-length
5012
iNav_sprite_footer1.gif
www.aexp-static.com/nav/ngn/img/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/nav/ngn/img/iNav_sprite_footer1.gif?ver=0917_11
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
b3be0c1dca2d9a00d8da591e1c209fced4d3ee588efb495eed4191aa2558e658
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.aexp-static.com/nav/ngn/css/inav_responsive.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000;
last-modified
Mon, 11 Sep 2017 19:23:42 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
date
Mon, 25 Feb 2019 17:55:25 GMT
x-frame-options
SAMEORIGIN
content-type
image/gif
status
200
cache-control
max-age=7776000
accept-ranges
bytes
timing-allow-origin
*
content-length
5603
0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff
www.aexp-static.com/nav/ngn/fonts/ 		37 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/nav/ngn/fonts/0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff
Requested by
Host: webfileltd.co.uk
URL: http://webfileltd.co.uk/ph.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.250.201 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-250-201.deploy.static.akamaitechnologies.com
Software
IBM_HTTP_Server /
Resource Hash
568d1bad8ef5d3ee9e14e5bdc304985d4d9a8d791bfe4fdb689fc2bef638466c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000;
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.aexp-static.com/nav/ngn/css/inav_responsive.css
Origin
http://webfileltd.co.uk

Response headers

strict-transport-security
max-age=15552000;
last-modified
Thu, 02 Mar 2017 09:12:14 GMT
server
IBM_HTTP_Server
access-control-allow-origin
*
date
Mon, 25 Feb 2019 17:55:25 GMT
x-frame-options
SAMEORIGIN
content-type
application/x-font-woff
status
200
cache-control
max-age=29030400
accept-ranges
bytes
timing-allow-origin
*
content-length
37949

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: American Express (Financial)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| Cg7YqbxDM00 string| IEECYcmyMN function| validate

0 Cookies