Report - ameriexserves.shop/amex

Report Overview

Visited public
2025-01-13 11:04:25
Tags
URL
ameriexserves.shop/amex
Finishing URL
ameriexserves.shop/amex/
IP / ASN
165.154.245.45
#142002 Scloud Pte Ltd
Title
ameriexserves.shop/amex/

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ameriexserves.shop	unknown	2025-01-10	2025-01-10	2025-01-10	3.4 kB	678 kB	165.154.245.45

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2025-01-11	medium	ameriexserves.shop/amex	American Express

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-13	medium	ameriexserves.shop	Sinkholed
2025-01-13	medium	ameriexserves.shop	Sinkholed
2025-01-13	medium	ameriexserves.shop	Sinkholed
2025-01-13	medium	ameriexserves.shop	Sinkholed
2025-01-13	medium	ameriexserves.shop	Sinkholed
2025-01-13	medium	ameriexserves.shop	Sinkholed
2025-01-13	medium	ameriexserves.shop	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	ameriexserves.shop/amex/assets/index-CAwzByGI.js	ScriptElement	264 kB	2024-12-18	2025-02-02
Pretty URL ameriexserves.shop/amex/assets/index-CAwzByGI.js IP 165.154.245.45 ASN #142002 Scloud Pte Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-18 12:51 Last Seen2025-02-02 16:59 Times Seen54 Hash 2cf954ef842ccbaa24ebe9cab4036da6 b2e65cb7e382355762311589e34ae3e8f3cba36a 127472b16b4faa9b5d2232d7df7ee43bee09c7fd8f977ae6633ffc8de0cc71c0 Loading...

HTTP Transactions (7)

URL IP Response Size

ameriexserves.shop/amex

165.154.245.45

301 Moved Permanently

169 B

URL User Request GET HTTP/1.1
ameriexserves.shop/amex
IP
165.154.245.45:443
ASN
#142002 Scloud Pte Ltd

Certificate
IssuerLet's Encrypt
Subjectameriexserves.shop
Fingerprint2E:9E:0F:54:7A:2F:DE:CB:F4:22:E9:54:A6:2F:72:83:5E:CD:82:B8
ValidityFri, 10 Jan 2025 09:56:30 GMT - Thu, 10 Apr 2025 09:56:29 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
169 B (169 bytes)
Hash
39e66888286cb07b86add9a31464222a
3a0dba54ac77b023e39a0eba16b1ede9c755e431
c3c9c8654de1babbf8efba986f0e929283946376440ef79776108d3a88fcdc3c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	American Express
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /amex HTTP/1.1
Host: ameriexserves.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx/1.26.2
Date: Mon, 13 Jan 2025 11:04:01 GMT
Content-Type: text/html
Content-Length: 169
Location: https://ameriexserves.shop/amex/
Connection: keep-alive

ameriexserves.shop/amex/

165.154.245.45

200 OK

304 B

URL User Request GET HTTP/1.1
ameriexserves.shop/amex/
IP
165.154.245.45:443
ASN
#142002 Scloud Pte Ltd

Certificate
IssuerLet's Encrypt
Subjectameriexserves.shop
Fingerprint2E:9E:0F:54:7A:2F:DE:CB:F4:22:E9:54:A6:2F:72:83:5E:CD:82:B8
ValidityFri, 10 Jan 2025 09:56:30 GMT - Thu, 10 Apr 2025 09:56:29 GMT

File type
HTML document, ASCII text
Size
304 B (304 bytes)
Hash
16d4c4e8cc01df83c733386b26dd44cb
8b2317fcd194aa8ced9b6ba511e173beff5f78a9
d1b378598ee3634e72a53e5b720cb2b2e0233b2e3da1f29392ee10ff1873cd1a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /amex/ HTTP/1.1
Host: ameriexserves.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.2
Date: Mon, 13 Jan 2025 11:04:01 GMT
Content-Type: text/html
Last-Modified: Sat, 14 Dec 2024 17:37:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"675dc26c-1de"
Content-Encoding: gzip

ameriexserves.shop/amex/assets/index-krZVZrcs.css

165.154.245.45

200 OK

4.9 kB

URL GET HTTP/1.1
ameriexserves.shop/amex/assets/index-krZVZrcs.css
IP
165.154.245.45:443
ASN
#142002 Scloud Pte Ltd

Requested by
https://ameriexserves.shop/amex/
Certificate
IssuerLet's Encrypt
Subjectameriexserves.shop
Fingerprint2E:9E:0F:54:7A:2F:DE:CB:F4:22:E9:54:A6:2F:72:83:5E:CD:82:B8
ValidityFri, 10 Jan 2025 09:56:30 GMT - Thu, 10 Apr 2025 09:56:29 GMT

File type
ASCII text, with very long lines (17110)
Size
4.9 kB (4885 bytes)
Hash
e93ea18552896d8fe7e7d8510decaae3
651a009f76b4fc5f5f7637aece782a4209f46679
3167ad7fa72c34639296b2304a5da7ecba0e68268c22615916c44335924e6968

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /amex/assets/index-krZVZrcs.css HTTP/1.1
Host: ameriexserves.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ameriexserves.shop/amex/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.2
Date: Mon, 13 Jan 2025 11:04:02 GMT
Content-Type: text/css
Last-Modified: Sat, 14 Dec 2024 17:37:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"675dc26c-42d7"
Expires: Wed, 12 Feb 2025 11:04:02 GMT
Cache-Control: max-age=2592000, public, max-age=2592000
Content-Encoding: gzip

ameriexserves.shop/amex/assets/index-CAwzByGI.js

165.154.245.45

200 OK

98 kB

URL GET HTTP/1.1
ameriexserves.shop/amex/assets/index-CAwzByGI.js
IP
165.154.245.45:443
ASN
#142002 Scloud Pte Ltd

Requested by
https://ameriexserves.shop/amex/
Certificate
IssuerLet's Encrypt
Subjectameriexserves.shop
Fingerprint2E:9E:0F:54:7A:2F:DE:CB:F4:22:E9:54:A6:2F:72:83:5E:CD:82:B8
ValidityFri, 10 Jan 2025 09:56:30 GMT - Thu, 10 Apr 2025 09:56:29 GMT

File type
JavaScript source, ASCII text, with very long lines (35678)
Size
98 kB (98499 bytes)
Hash
2cf954ef842ccbaa24ebe9cab4036da6
b2e65cb7e382355762311589e34ae3e8f3cba36a
127472b16b4faa9b5d2232d7df7ee43bee09c7fd8f977ae6633ffc8de0cc71c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /amex/assets/index-CAwzByGI.js HTTP/1.1
Host: ameriexserves.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ameriexserves.shop/amex/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.2
Date: Mon, 13 Jan 2025 11:04:02 GMT
Content-Type: application/javascript
Last-Modified: Sat, 14 Dec 2024 17:37:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"675dc26c-406d2"
Expires: Wed, 12 Feb 2025 11:04:02 GMT
Cache-Control: max-age=2592000, public, max-age=2592000
Content-Encoding: gzip

ameriexserves.shop/open/visitors/info/createOrGetUserInfo

165.154.245.45

404 Not Found

9 B

URL POST HTTP/1.1
ameriexserves.shop/open/visitors/info/createOrGetUserInfo
IP
165.154.245.45:443
ASN
#142002 Scloud Pte Ltd

Requested by
https://ameriexserves.shop/amex/
Certificate
IssuerLet's Encrypt
Subjectameriexserves.shop
Fingerprint2E:9E:0F:54:7A:2F:DE:CB:F4:22:E9:54:A6:2F:72:83:5E:CD:82:B8
ValidityFri, 10 Jan 2025 09:56:30 GMT - Thu, 10 Apr 2025 09:56:29 GMT

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
9d1ead73e678fa2f51a70a933b0bf017
d205cbd6783332a212c5ae92d73c77178c2d2f28
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /open/visitors/info/createOrGetUserInfo HTTP/1.1
Host: ameriexserves.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 391
Origin: https://ameriexserves.shop
DNT: 1
Connection: keep-alive
Referer: https://ameriexserves.shop/amex/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.26.2
Date: Mon, 13 Jan 2025 11:04:03 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 9
Connection: keep-alive
Vary: Origin
Access-Control-Allow-Origin: https://ameriexserves.shop
set-cookie: locale=en-us; path=/; max-age=31557600; expires=Tue, 13 Jan 2026 17:04:03 GMT

ameriexserves.shop/amex/favicon.ico

165.154.245.45

200 OK

1.4 kB

URL GET HTTP/1.1
ameriexserves.shop/amex/favicon.ico
IP
165.154.245.45:443
ASN
#142002 Scloud Pte Ltd

Requested by
https://ameriexserves.shop/amex/
Certificate
IssuerLet's Encrypt
Subjectameriexserves.shop
Fingerprint2E:9E:0F:54:7A:2F:DE:CB:F4:22:E9:54:A6:2F:72:83:5E:CD:82:B8
ValidityFri, 10 Jan 2025 09:56:30 GMT - Thu, 10 Apr 2025 09:56:29 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.4 kB (1358 bytes)
Hash
974ccc6c4c6e1c7f04606973beb3ba20
0f96f86d488a4b5805744fa067c3cfd57c928406
265d3f591d92fadfe95f4660c382ee64a23538a7353b9880434205a102833de0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /amex/favicon.ico HTTP/1.1
Host: ameriexserves.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ameriexserves.shop/amex/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.2
Date: Mon, 13 Jan 2025 11:04:03 GMT
Content-Type: image/x-icon
Content-Length: 1358
Last-Modified: Fri, 15 Nov 2024 08:59:22 GMT
Connection: keep-alive
ETag: "67370d6a-54e"
Expires: Wed, 12 Feb 2025 11:04:03 GMT
Cache-Control: max-age=2592000, public, max-age=2592000
Accept-Ranges: bytes

ameriexserves.shop/amex/NotoSansCJKjp-Regular_subset.woff

165.154.245.45

200 OK

571 kB

URL GET HTTP/1.1
ameriexserves.shop/amex/NotoSansCJKjp-Regular_subset.woff
IP
165.154.245.45:443
ASN
#142002 Scloud Pte Ltd

Requested by
https://ameriexserves.shop/amex/
Certificate
IssuerLet's Encrypt
Subjectameriexserves.shop
Fingerprint2E:9E:0F:54:7A:2F:DE:CB:F4:22:E9:54:A6:2F:72:83:5E:CD:82:B8
ValidityFri, 10 Jan 2025 09:56:30 GMT - Thu, 10 Apr 2025 09:56:29 GMT

File type
Web Open Font Format, CFF, length 570992, version 1.0
Size
571 kB (570992 bytes)
Hash
72ba2113b5ba2bc18cccfd1e3b7ea0de
c11321ab94e5545becf2e50f6e5509912d6a40ba
94eee0ce4bf85dc67bde9b9211afe0ec2e59a0a3a252944cb116c96ee0560072

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /amex/NotoSansCJKjp-Regular_subset.woff HTTP/1.1
Host: ameriexserves.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ameriexserves.shop/amex/assets/index-krZVZrcs.css
Cookie: locale=en-us
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.26.2
Date: Mon, 13 Jan 2025 11:04:03 GMT
Content-Type: font/woff
Content-Length: 570992
Last-Modified: Wed, 13 Nov 2024 09:21:06 GMT
Connection: keep-alive
ETag: "67346f82-8b670"
Expires: Wed, 12 Feb 2025 11:04:03 GMT
Cache-Control: max-age=2592000, public, max-age=2592000
Accept-Ranges: bytes

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL POST HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP