hangdandung.com
Open in
urlscan Pro
103.221.220.25
Malicious Activity!
Public Scan
URL:
http://hangdandung.com/wp-content/cache/busting/revph.html
Submission: On June 05 via automatic, source openphish
Submission: On June 05 via automatic, source openphish
Summary
This website contacted 5 IPs
in 3 countries
across 4 domains to perform 24 HTTP transactions.
The main IP is 103.221.220.25, located in
Ho Chi Minh City, Viet Nam and
belongs to FPT-AS-AP The Corporation for Financing & Promoting Technology, VN.
The main domain is hangdandung.com.
This is the only time hangdandung.com was scanned on urlscan.io!
This is the only time hangdandung.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: American Express (Financial)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 3 7 | 103.221.220.25 103.221.220.25 | 18403 (FPT-AS-AP...) (FPT-AS-AP The Corporation for Financing & Promoting Technology) | |
| 10 | 104.111.236.50 104.111.236.50 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
| 6 | 104.111.250.201 104.111.250.201 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
| 1 | 8.20.172.116 8.20.172.116 | 13832 (AS13832) (AS13832 - Oracle Corporation) | |
| 24 | 5 |
7
103.221.220.25
(Ho Chi Minh City, Viet Nam)
ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN)
ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN)
| hangdandung.com |
10
104.111.236.50
(Netherlands)
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-236-50.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-236-50.deploy.static.akamaitechnologies.com
| rewards.americanexpress.com |
6
104.111.250.201
(Netherlands)
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-250-201.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-250-201.deploy.static.akamaitechnologies.com
| www.aexp-static.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
americanexpress.com
rewards.americanexpress.com |
76 KB |
| 7 |
hangdandung.com
3 redirects
hangdandung.com |
14 KB |
| 6 |
aexp-static.com
www.aexp-static.com |
42 KB |
| 1 |
estara.com
as00.estara.com |
|
| 24 | 4 |
| Domain | Requested by | |
|---|---|---|
| 10 | rewards.americanexpress.com |
hangdandung.com
|
| 7 | hangdandung.com |
3 redirects
hangdandung.com
|
| 6 | www.aexp-static.com |
hangdandung.com
|
| 1 | as00.estara.com |
hangdandung.com
|
| 24 | 4 |
This site contains links to these domains. Also see Links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| online.americanexpress.com DigiCert SHA2 Extended Validation Server CA |
2019-01-10 - 2021-01-14 |
2 years | crt.sh |
| hangdandung.com Let's Encrypt Authority X3 |
2019-05-29 - 2019-08-27 |
3 months | crt.sh |
| m.americanexpress.com DigiCert SHA2 Extended Validation Server CA |
2018-08-08 - 2020-07-23 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://hangdandung.com/wp-content/cache/busting/revph.html
Frame ID: 50B95D3F825F09E4863801B8C8DB4053
Requests: 24 HTTP requests in this frame
Screenshot
Detected technologies
LiteSpeed
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /^LiteSpeed$/i
SiteCatalyst
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/s[_-]code.*\.js/i
- env /^s_(?:account|objectID|code|INST)$/i
Page Statistics
29 Outgoing links
These are links going to different origins than the main page.
URL: https://www.americanexpress.com/?inav=NavLogo
Search URL Search Domain Scan URL
URL: http://www.membershiprewards.com/Terms.aspx
Title: Complete Terms and Conditions.
Title: Complete Terms and Conditions.
Search URL Search Domain Scan URL
URL: http://www304.americanexpress.com/getthecard/?inav=footer_cards_personal
Title: Personal Cαrds
Title: Personal Cαrds
Search URL Search Domain Scan URL
URL: http://www262.americanexpress.com/business-credit-cards/?inav=footer_cards_sm_bus
Title: Small Business Credit Cαrds
Title: Small Business Credit Cαrds
Search URL Search Domain Scan URL
URL: http://corp.americanexpress.com/gcs/cards/?inav=footer_cards_corp
Title: Corporate Cαrds
Title: Corporate Cαrds
Search URL Search Domain Scan URL
URL: https://www.americanexpress.com/gift-cards/?inav=footer_giftcards
Title: Gift Cαrds
Title: Gift Cαrds
Search URL Search Domain Scan URL
URL: https://www212.americanexpress.com/dsmlive/dsm/dom/us/en/personal/cardmember/additionalproductsandservices/giftcardsandtravelerscheques/reloadablehome.do?vgnextoid=13dadd546182e210VgnVCM100000defaad94RCRD&vgnextchannel=95ddb81e8482a110VgnVCM100000defaad94RCRD&appInstanceName=default&name=reloadablehome&type=intbenefitdetail&inav=footer_cards_reload
Title: Prepaid Cαrds
Title: Prepaid Cαrds
Search URL Search Domain Scan URL
URL: http://www.membershiprewards.com/HomePage.aspx?us_nu=dd&inav=footer_MR
Title: Membership Rewards® Program
Title: Membership Rewards® Program
Search URL Search Domain Scan URL
URL: http://personalsavings.americanexpress.com/?inav=footer_personal_savings
Title: Savings Αccounts & CDs
Title: Savings Αccounts & CDs
Search URL Search Domain Scan URL
URL: http://www212.americanexpress.com/dsmlive/dsm/int/internetwanttohonor/acceptthecard.do?vgnextoid=2399d485aadbc210VgnVCM100000defaad94RCRD&inav=footer_accept_card
Title: Accept Αmericαn Εxpress Cαrds
Title: Accept Αmericαn Εxpress Cαrds
Search URL Search Domain Scan URL
URL: https://www304.americanexpress.com/BusinessApps/AppCenter/Home?inav=footer_businessapps
Title: Business Apps
Title: Business Apps
Search URL Search Domain Scan URL
URL: https://www295.americanexpress.com/premium/credit-report-monitoring/home.do?SC=TJN&BC=0001&PC=0001&inav=footer_credit_secure
Title: Credit Scores & Reports
Title: Credit Scores & Reports
Search URL Search Domain Scan URL
URL: http://financialtools.americanexpress.com/?inav=footer_financial_tools
Title: Financial Tools
Title: Financial Tools
Search URL Search Domain Scan URL
URL: https://www212.americanexpress.com/dsmlive/dsm/dom/us/en/fraudprotectioncenter/fraudprotectioncenter_homepage.do?vgnextoid=2621c0f7c5a4c110VgnVCM100000defaad94RCRD&inav=footer_fraud_protection_center
Title: Fraud Protection Center
Title: Fraud Protection Center
Search URL Search Domain Scan URL
URL: http://about.americanexpress.com/cr/default.asp?inav=footer_credit_basics
Title: Learn About Credit
Title: Learn About Credit
Search URL Search Domain Scan URL
URL: https://www295.americanexpress.com/premium/credit-card-travel-insurance/home.do?inav=footer_prot_travel
Title: Travel Insurance
Title: Travel Insurance
Search URL Search Domain Scan URL
URL: http://about.americanexpress.com/?inav=footer_about_american_express
Title: About Αmericαn Εxpress
Title: About Αmericαn Εxpress
Search URL Search Domain Scan URL
URL: https://www212.americanexpress.com/dsmlive/dsm/int/contactus/personalcards.do?vgnextoid=c3d6c697b3bdc110VgnVCM100000defaad94RCRD&page=1&inav=footer_contact_us
Title: Contact Us
Title: Contact Us
Search URL Search Domain Scan URL
URL: http://careers.americanexpress.com/?inav=footer_careers
Title: Careers
Title: Careers
Search URL Search Domain Scan URL
URL: http://www.americanexpress.com/sitemap/?inav=footer_sitemap
Title: Site Map
Title: Site Map
Search URL Search Domain Scan URL
URL: http://www.facebook.com/americanexpress
Search URL Search Domain Scan URL
URL: http://www.twitter.com/americanexpress
Search URL Search Domain Scan URL
URL: http://www.youtube.com/americanexpress
Search URL Search Domain Scan URL
URL: http://www.linkedin.com/company/american-express
Search URL Search Domain Scan URL
URL: https://foursquare.com/americanexpress
Search URL Search Domain Scan URL
URL: http://plus.google.com/114054690699015768556
Search URL Search Domain Scan URL
URL: https://www212.americanexpress.com/dsmlive/dsm/dom/us/en/legaldisclosures/websiterulesandregulations.do?vgnextoid=80fb5cb4cdcaf110VgnVCM100000defaad94RCRD&us_nu=footer&source=footer_Terms_of_Use&inav=footer_Terms_of_Use
Title: Terms of Service
Title: Terms of Service
Search URL Search Domain Scan URL
URL: https://www212.americanexpress.com/dsmlive/dsm/dom/us/en/privacystatement/internetprivacystatement.do?vgnextoid=f25533fadb4ca110VgnVCM100000defaad94RCRD&vgnextchannel=9823f30b6b1ca110VgnVCM100000defaad94RCRD&us_nu=footer&source=footer_privacy_statement&inav=footer_privacy_statement
Title: Privacy Statement
Title: Privacy Statement
Search URL Search Domain Scan URL
URL: https://www212.americanexpress.com/dsmlive/dsm/int/us/en/cmaproductspage.do?vgnextoid=bbf185df62df5210VgnVCM100000defaad94RCRD&source=footer_card_agreements&inav=footer_card_agreements
Title: Cαrd Agreements
Title: Cαrd Agreements
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- http://hangdandung.com/wp-content/cache/busting/navigation/shared/nav/s_code_mr.js HTTP 301
- https://hangdandung.com/wp-content/cache/busting/navigation/shared/nav/s_code_mr.js
- http://hangdandung.com/wp-content/cache/busting/loyalty/redemption/rewards/cart/express/js/jquery.js HTTP 301
- https://hangdandung.com/wp-content/cache/busting/loyalty/redemption/rewards/cart/express/js/jquery.js
- http://hangdandung.com/loyalty/redemption/rewards/cart/express/js/layouts.js HTTP 301
- https://hangdandung.com/loyalty/redemption/rewards/cart/express/js/layouts.js
- http://hangdandung.com/loyalty/redemption/rewards/cart/shop/js/shoppingcart_contents.js HTTP 301
- https://hangdandung.com/loyalty/redemption/rewards/cart/shop/js/shoppingcart_contents.js
- http://hangdandung.com/wp-content/cache/busting/v/ngn/js/commonFunctions.js HTTP 301
- https://hangdandung.com/wp-content/cache/busting/v/ngn/js/commonFunctions.js
- http://hangdandung.com/wp-content/cache/busting/atgsvcs.com/js/atgsvcs.js HTTP 301
- https://hangdandung.com/wp-content/cache/busting/atgsvcs.com/js/atgsvcs.js
24 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
revph.html
hangdandung.com/wp-content/cache/busting/ |
47 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
expresscommon.css
rewards.americanexpress.com/loyalty/redemption/rewards/cart/express/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
s_code_mr.js
hangdandung.com/wp-content/cache/busting/navigation/shared/nav/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clear.gif
rewards.americanexpress.com/loyalty/rewards/cart/shop/images/ |
43 B 496 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
inav_ngi_nested.css
www.aexp-static.com/nav/ngn/css/ |
90 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo_bluebox.gif
www.aexp-static.com/nav/ngn/img/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clear.gif
www.aexp-static.com/nav/ngn/img/ |
43 B 214 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
clear.gif
rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/images/ |
43 B 383 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.js
hangdandung.com/wp-content/cache/busting/loyalty/redemption/rewards/cart/express/js/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
layouts.js
hangdandung.com/loyalty/redemption/rewards/cart/express/js/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cidcheckcontent.css
rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/css/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Amex_CID.png
rewards.americanexpress.com/loyalty/rewards/acctmgmt/images/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Amex_CSC.png
rewards.americanexpress.com/loyalty/rewards/acctmgmt/images/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
img_mr_basic.gif
rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/images/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
shoppingcart_contents.js
hangdandung.com/loyalty/redemption/rewards/cart/shop/js/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
commonFunctions.js
hangdandung.com/wp-content/cache/busting/v/ngn/js/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
left_arrow.gif
rewards.americanexpress.com/loyalty/redemption/rewards/cart/shop/images/ |
231 B 570 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
atgsvcs.js
hangdandung.com/wp-content/cache/busting/atgsvcs.com/js/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iNav_ngi_sprite_new.gif
www.aexp-static.com/nav/ngn/img/ |
23 KB 23 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
img_shdw_mainNav.png
www.aexp-static.com/nav/ngn/img/ |
143 B 338 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cidSprite.gif
rewards.americanexpress.com/loyalty/rewards/cart/shop/images/ |
18 KB 18 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
commonsprite.gif
rewards.americanexpress.com/loyalty/rewards/cart/shop/images/ |
31 KB 31 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iNav_ngi_sprite_footer.gif
www.aexp-static.com/nav/ngn/img/ |
934 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.0 |
lr.php
as00.estara.com/fs/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- hangdandung.com
- URL
- https://hangdandung.com/loyalty/redemption/rewards/cart/shop/js/shoppingcart_contents.js
- Domain
- hangdandung.com
- URL
- https://hangdandung.com/wp-content/cache/busting/v/ngn/js/commonFunctions.js
- Domain
- hangdandung.com
- URL
- https://hangdandung.com/wp-content/cache/busting/atgsvcs.com/js/atgsvcs.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: American Express (Financial)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask string| omn_hierarchy string| omn_pagename string| excludeOmniture function| submitFormContinue function| eStara_quick_append function| eStara_loadlr undefined| s_code function| focustomsg function| getErrorMsg_CIDContent function| onBlurError function| gotocontinue0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
as00.estara.com
hangdandung.com
rewards.americanexpress.com
www.aexp-static.com
hangdandung.com
103.221.220.25
104.111.236.50
104.111.250.201
8.20.172.116
0d4e7d13d424c4569af233a3188ac42edaa093a12bced0dba6095c00047006e3
194b37addb793c71c33302afb3239216455121d66303067e15904eedd0a66b12
455f3d2788a19c162410f405d4b74c47460c42c3bab7c86a778cfd92e3a4c89e
526f6dc15a9273d806ae1fda4a7fe7d68fb9349c8da9de261fe6cfa4706a1f15
641e856a6f9353b820697aa83e7919aabf9f97d0e83c62156abe8426b164e128
7fc622e13c9914c35e1cecfebfb5e422d7a6874d5c3adb9706e2e7c7954f622c
801278de3a8c03503c196f3bedf6f979ceddb8210638e76dcf49cd811829724b
82e400c090fb5260267fa339b115e8fe2cb3171303e252844d9756f252f39099
93fc543a45b44b6b9f3831a1dd893cef84684a87cbf2455b6358ad4d3040757e
aaf9f77fccfd151089d074ed25f5ac3ec51a21a4bd7f253c301bac4500f28a03
b12de721b00549cb961bce8202d81fc352b69f8b6373fbc8e6f7d0516a24793b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b754eb74fa8f416b4803252f7994d7aa22d697a5eb77f0b4df8e3839f9621c9e
cf5f4862c77aa8ccb461cb4d3343fd653dd27719292b63952abe849814be417a
d3c6dbfeb63c1155df3a80a04d72d9c0c95ed561d54c9694019c28eac1920c1b
ea4a220863723b001d8302dd02ed2cb9950a85192f26053615104cebc788fc64