Domain > admin.expresswages.com

More information on this domain is in AlienVault OTX

DNS Resolutions

Date	IP Address
2024-05-27	52.84.18.3 (ClassC)
2025-07-09	3.167.183.73 (ClassC)
2025-11-17	18.161.6.38 (ClassC)

HTTP/1.1 301 Moved PermanentlyDate: Mon, 17 Nov 2025 04:03:24 GMTContent-Type: text/htmlContent-Length: 167Connection: keep-aliveLocation: https://admin.expresswages.com/X-Cache: Redirect from cloudfrontVia: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront)X-Amz-Cf-Pop: HIO52-P1X-Amz-Cf-Id: fMKXmHbk79Jg26aZD-c8SgfOpkJJJ4RGDVUpe3GeLM4hQ2tVgrH30AX-Frame-Options: SAMEORIGINContent-Security-Policy: default-src self; script-src self js.refiner.io cdp.customer.io; connect-src self *.expresswages.com api.refiner.io sr-client-cfg.amplitude.com api2.amplitude.com api-sr.amplitude.com cdp.customer.io gist-queue-consumer-api.cloud.gist.build realtime.cloud.gist.build; style-src self fonts.googleapis.com unsafe-inline; font-src self fonts.gstatic.com; img-src self s3.amazonaws.com; frame-src self embed.expresswages.com js.refiner.io renderer.gist.build code.gist.buildX-Content-Type-Options: nosniffServer:

html>head>title>301 Moved Permanently/title>/head>body>center>h1>301 Moved Permanently/h1>/center>hr>center>CloudFront/center>/body>/html>

Port 443

HTTP/1.1 200 OKContent-Type: text/htmlContent-Length: 718Connection: keep-aliveDate: Mon, 17 Nov 2025 04:03:25 GMTLast-Modified: Tue, 04 Nov 2025 15:54:39 GMTETag: 2783df62064ad60176fdde95af1cbed1x-amz-server-side-encryption: AES256Accept-Ranges: bytesServer: X-Cache: Error from cloudfrontVia: 1.1 8731d2a1a7d15f67b588bf58f652f9f0.cloudfront.net (CloudFront)X-Amz-Cf-Pop: HIO52-P1X-Amz-Cf-Id: hNkpVSo3qQG2s4KqfZN46Jk75TnxJ-cIjfR8QCZIzilS6a03AJuCOQX-Frame-Options: SAMEORIGINContent-Security-Policy: default-src self; script-src self js.refiner.io cdp.customer.io; connect-src self *.expresswages.com api.refiner.io sr-client-cfg.amplitude.com api2.amplitude.com api-sr.amplitude.com cdp.customer.io gist-queue-consumer-api.cloud.gist.build realtime.cloud.gist.build; style-src self fonts.googleapis.com unsafe-inline; font-src self fonts.gstatic.com; img-src self s3.amazonaws.com; frame-src self embed.expresswages.com js.refiner.io renderer.gist.build code.gist.buildX-Content-Type-Options: nosniffStrict-Transport-Security: max-age63072000; includeSubDomains; preload

!doctype html>html langen>    head>        meta charsetUTF-8 />        link relicon typeimage/svg+xml href/logo48.png />        meta nameviewport contentwidthdevice-width, initial-scale1.0 />        meta nametheme-color content#000000 />        meta namedescription contentYour Wages, Your Terms. />        title>Express Wages | Admin/title>      script typemodule crossorigin src/assets/index-DHuhPzv-.js>/script>      link relstylesheet crossorigin href/assets/index-CO_1QJMp.css>    /head>    body>        noscript>You need to enable JavaScript to run this app./noscript>        div idroot>/div>    /body>/html>

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

Domain > admin.expresswages.com

Is this malicious?

DNS Resolutions

Port 80

Port 443