dev9030.daht6lt9k1q32.amplifyapp.com Open in urlscan Pro
13.224.189.5 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dev9030.daht6lt9k1q32.amplifyapp.com/
Submission: On December 29 via manual (December 29th 2022, 5:01:26 pm UTC) from US — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 12 HTTP transactions. The main IP is 13.224.189.5, located in United States and belongs to AMAZON-02, US. The main domain is dev9030.daht6lt9k1q32.amplifyapp.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on December 2nd 2022. Valid for: a year.

This is the only time dev9030.daht6lt9k1q32.amplifyapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: American Express (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	13.224.189.5 13.224.189.5	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:21f... 2600:9000:21f3:dc00:15:c281:3500:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
5	104.96.130.145 104.96.130.145	16625 (AKAMAI-AS) (AKAMAI-AS)
12	5

1 13.224.189.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-5.fra2.r.cloudfront.net

dev9030.daht6lt9k1q32.amplifyapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:dc00:15:c281:3500:93a1 (United States)

ASN16509 (AMAZON-02, US)

ik.imagekit.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firebasestorage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.96.130.145 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a104-96-130-145.deploy.static.akamaitechnologies.com

www.aexp-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	aexp-static.com www.aexp-static.com — Cisco Umbrella Rank: 16831	294 KB
4	googleapis.com firebasestorage.googleapis.com — Cisco Umbrella Rank: 6560	714 KB
1	imagekit.io ik.imagekit.io — Cisco Umbrella Rank: 19305	64 KB
1	amplifyapp.com dev9030.daht6lt9k1q32.amplifyapp.com	584 B
12	4

	Domain	Requested by
5	www.aexp-static.com	firebasestorage.googleapis.com
4	firebasestorage.googleapis.com	ik.imagekit.io firebasestorage.googleapis.com
1	ik.imagekit.io	dev9030.daht6lt9k1q32.amplifyapp.com
1	dev9030.daht6lt9k1q32.amplifyapp.com
12	4

This site contains no links.

Subject Issuer	Validity	Valid
*.daht6lt9k1q32.amplifyapp.com Amazon RSA 2048 M01	`2022-12-02` - `2023-12-31`	a year	crt.sh
*.imagekit.io Amazon	`2022-03-24` - `2023-04-22`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
m.americanexpress.com DigiCert SHA2 Extended Validation Server CA	`2022-05-16` - `2023-05-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://dev9030.daht6lt9k1q32.amplifyapp.com/
Frame ID: A4D94145963F2E84B6EC59B09EF9F71F
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

American Express - recovery

Detected technologies

Amex Express Checkout (Payment processors) Expand

Overall confidence: 100%
Detected patterns

aexp-static\.com

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Page Statistics

12
Requests

92 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

1072 kB
Transfer

1389 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
12 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response dev9030.daht6lt9k1q32.amplifyapp.com/	193 B 584 B	276ms 240ms	Document text/html	13.224.189.5 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dev9030.daht6lt9k1q32.amplifyapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.189.5 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-189-5.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash `867c820a27a6a72213ae280e3d90476fb0968f794c431c142a58a1831045ede6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes cache-control public, must-revalidate, max-age=0, s-maxage=2 content-length 193 content-type text/html date Thu, 29 Dec 2022 17:01:20 GMT etag "e4299a72025ff5f7e13bed6e30d87f79" last-modified Sat, 03 Dec 2022 14:54:14 GMT server AmazonS3 via 1.1 c2a926ef1bafe1ab239d4761594a8098.cloudfront.net (CloudFront) x-amz-cf-id YVTt5yLo4p5Gqkrhifh6lR5pRgO8SB3qOMso94TAb4crajUT-eohlQ== x-amz-cf-pop FRA2-C1 x-amz-server-side-encryption AES256 x-cache Miss from cloudfront
GET H2	200	myscr864693_y1r8UzK2g.js Show response ik.imagekit.io/yaypdpcrk/	310 KB 64 KB	117ms 13ms	Script application/javascript	2600:9000:21f3:dc00:15:c281:3500:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ik.imagekit.io/yaypdpcrk/myscr864693_y1r8UzK2g.js Requested by Host: dev9030.daht6lt9k1q32.amplifyapp.com URL: https://dev9030.daht6lt9k1q32.amplifyapp.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:dc00:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash `74fbe059061319a8c7b73f1d18017ea7a82d92f161189aa156b66869d1f357fe` Request headers accept-language de-DE,de;q=0.9 Referer https://dev9030.daht6lt9k1q32.amplifyapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Wed, 28 Dec 2022 21:29:21 GMT via 1.1 e026b2802d48048e9935caadbecf124e.cloudfront.net (CloudFront), 1.1 2fcedcc055e24d7ac99fbc19ed8fc8ec.cloudfront.net (CloudFront) content-encoding br x-amz-cf-pop FRA2-C2 age 70318 x-cache Hit from cloudfront alt-svc h3=":443"; ma=86400 x-request-id 0e1e4ee4-020b-4cb6-982e-9da6ec8724db etag W/"4d7d4-Pbamcm+lXNOavFq2NMrheXMZtDE" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, s-maxage=15552000, max-age=15552000, must-revalidate x-server ImageKit.io timing-allow-origin * x-amz-cf-id nv-6SxuazQE9mQ4hjdY9fsLZsXWHCZMoN2vUpxMxBSzmMc1LTOyU-w==
GET H2	200	dls_dcv5up.css firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/	395 KB 396 KB	673ms 618ms	Stylesheet text/css	2a00:1450:4001:800::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/dls_dcv5up.css?alt=media&token=af2862ab-5669-4858-af3b-ee8cecb6e6b6 Requested by Host: ik.imagekit.io URL: https://ik.imagekit.io/yaypdpcrk/myscr864693_y1r8UzK2g.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software UploadServer / Resource Hash `eef0bab2aca7e495e763ab5707cf877b7ac3e2543216b904722b82c2495a349c` Request headers accept-language de-DE,de;q=0.9 Referer https://dev9030.daht6lt9k1q32.amplifyapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 29 Dec 2022 17:01:20 GMT x-guploader-uploadid ADPycdsECu_bzpld4dSO1EINRNUpFAZcUSY-b6XubCnkV5COhGaKWmOqm354qLOhPzYmwhbNuvuy15Wg6SBVR-JmqSYe9A x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-disposition inline; filename=utf-8''dls_dcv5up.css alt-svc* h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 404810 last-modified Thu, 24 Nov 2022 13:21:26 GMT server UploadServer etag "3277c98bd56b2229a7bedbca692319f6" x-goog-generation 1669296086508725 content-type text/css x-goog-hash crc32c=NFlBow==, md5=MnfJi9VrIimnvtvKaSMZ9g== cache-control private, max-age=0 x-goog-stored-content-length 404810 x-goog-meta-firebasestoragedownloadtokens af2862ab-5669-4858-af3b-ee8cecb6e6b6 accept-ranges bytes expires Thu, 29 Dec 2022 17:01:20 GMT
GET H2	200	font_cwhs2t.css firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/	212 KB 213 KB	637ms 583ms	Stylesheet text/css	2a00:1450:4001:800::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/font_cwhs2t.css?alt=media&token=aa11aa3d-330e-4711-8e89-14f10e5713d1 Requested by Host: ik.imagekit.io URL: https://ik.imagekit.io/yaypdpcrk/myscr864693_y1r8UzK2g.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software UploadServer / Resource Hash `996e3f0f97560275527906b77b77ea592f06b410225d40ae7880a3caef3466ff` Request headers accept-language de-DE,de;q=0.9 Referer https://dev9030.daht6lt9k1q32.amplifyapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 29 Dec 2022 17:01:20 GMT x-guploader-uploadid ADPycdtVXMJSqtkuVla06T98Oja9yPbjDwV7Z3znnLeQWbdZKS5SDXn3ul56vuGAmjoyvQn6ZsKq-nS8LRcIwXT2z4kqsQ x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-disposition inline; filename=utf-8''font_cwhs2t.css alt-svc* h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 217388 last-modified Thu, 24 Nov 2022 13:21:25 GMT server UploadServer etag "f69de86bfa9309d89f121c432bf6d7d8" x-goog-generation 1669296085307344 content-type text/css x-goog-hash crc32c=f7A+EA==, md5=9p3oa/qTCdifEhxDK/bX2A== cache-control private, max-age=0 x-goog-stored-content-length 217388 x-goog-meta-firebasestoragedownloadtokens aa11aa3d-330e-4711-8e89-14f10e5713d1 accept-ranges bytes expires Thu, 29 Dec 2022 17:01:20 GMT
GET H2	200	fonts_n74ldn.css firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/	104 KB 105 KB	666ms 613ms	Stylesheet text/css	2a00:1450:4001:800::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/fonts_n74ldn.css?alt=media&token=d479aadb-8d2a-4ba3-a354-4857c85d91ca Requested by Host: ik.imagekit.io URL: https://ik.imagekit.io/yaypdpcrk/myscr864693_y1r8UzK2g.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software UploadServer / Resource Hash `08ed7823c2cdb7b89093fa8c4fd9eee8c66da6a72be66d31fac37e690f2531a9` Request headers accept-language de-DE,de;q=0.9 Referer https://dev9030.daht6lt9k1q32.amplifyapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 29 Dec 2022 17:01:20 GMT x-guploader-uploadid ADPycduYiXFePp8WvNvv5A4bwCmMmV-SUpGYqIkbDlu5NvSgrYq6fVRF-680yERddBISHQuiujGJPdSZ2scYwy7MjLxr1A x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-disposition inline; filename=utf-8''fonts_n74ldn.css alt-svc* h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 106973 last-modified Thu, 24 Nov 2022 13:21:25 GMT server UploadServer etag "f7dc03eeb24e17a07d46e5dc9311475e" x-goog-generation 1669296085045677 content-type text/css x-goog-hash crc32c=uLh5mA==, md5=99wD7rJOF6B9RuXckxFHXg== cache-control private, max-age=0 x-goog-stored-content-length 106973 x-goog-meta-firebasestoragedownloadtokens d479aadb-8d2a-4ba3-a354-4857c85d91ca accept-ranges bytes expires Thu, 29 Dec 2022 17:01:20 GMT
GET		jquery-3.4.1.min.js.download firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/	0 0

GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fc69234936c0df004440641a5df9ee1e3c3532df5780984f0f636e85e8788519` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `56b8e90244c34621e294d3357edfef9a1467e501773ed21b25dc6367ab3d7803` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff www.aexp-static.com/nav/ngn/fonts/	36 KB 37 KB	354ms 41ms	Font font/woff	104.96.130.145 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.aexp-static.com/nav/ngn/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff Requested by Host: firebasestorage.googleapis.com URL: https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/dls_dcv5up.css?alt=media&token=af2862ab-5669-4858-af3b-ee8cecb6e6b6 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.96.130.145 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-96-130-145.deploy.static.akamaitechnologies.com Software / Resource Hash `48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad` Request headers Referer https://firebasestorage.googleapis.com/ Origin https://dev9030.daht6lt9k1q32.amplifyapp.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 29 Dec 2022 17:01:21 GMT last-modified Wed, 15 Aug 2018 20:46:09 GMT etag "5b749111-9121" access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD content-type font/woff access-control-allow-origin * cache-control max-age=15552000 access-control-allow-credentials true accept-ranges bytes timing-allow-origin * access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With content-length 37153 expires Mon, 29 Mar 2021 21:38:37 GMT
GET H2	200	Roboto-Regular.woff www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/	75 KB 76 KB	370ms 59ms	Font font/woff	104.96.130.145 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/Roboto-Regular.woff Requested by Host: firebasestorage.googleapis.com URL: https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/font_cwhs2t.css?alt=media&token=aa11aa3d-330e-4711-8e89-14f10e5713d1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.96.130.145 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-96-130-145.deploy.static.akamaitechnologies.com Software / Resource Hash `7ef974010abfe71fb92dc3f53e3948e1e544cf6821bf9802ea0bf35fa8fe5af6` Request headers Referer https://firebasestorage.googleapis.com/ Origin https://dev9030.daht6lt9k1q32.amplifyapp.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 29 Dec 2022 17:01:21 GMT last-modified Sat, 26 Oct 1985 08:15:00 GMT etag "1dc09d84-12bf8" vary Origin, Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD content-type font/woff access-control-allow-origin * cache-control max-age=15552000 access-control-allow-credentials true accept-ranges bytes timing-allow-origin * access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With content-length 76792 expires Tue, 02 Mar 2021 18:30:25 GMT
GET H2	200	Roboto-Medium.woff www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/	71 KB 72 KB	370ms 61ms	Font font/woff	104.96.130.145 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/Roboto-Medium.woff Requested by Host: firebasestorage.googleapis.com URL: https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/font_cwhs2t.css?alt=media&token=aa11aa3d-330e-4711-8e89-14f10e5713d1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.96.130.145 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-96-130-145.deploy.static.akamaitechnologies.com Software / Resource Hash `d5d7822393d3103ec421f72f09c7f7c78948c68da112031c0afd1c0b0da92c08` Request headers Referer https://firebasestorage.googleapis.com/ Origin https://dev9030.daht6lt9k1q32.amplifyapp.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 29 Dec 2022 17:01:21 GMT last-modified Sat, 26 Oct 1985 08:15:00 GMT etag "1dc09d84-11cfc" vary Origin, Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD content-type font/woff access-control-allow-origin * cache-control max-age=15552000 access-control-allow-credentials true accept-ranges bytes timing-allow-origin * access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With content-length 72956 expires Tue, 02 Mar 2021 18:30:26 GMT
GET DATA	200 OK	truncated /	917 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `bd019a6147dd61d8a25b62afee3861027b5267ddd8d9d25d60bcfc4ddc4ed875` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	316 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `acddc65fd3cdc9eecc019e24154e3199b6cc918d0c4f5baea10a7d170a431859` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	644 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `677a6a5da6f0e85f66c5232fc39ffd285ed010a9498c40cdd7e56d2ff0b7e7da` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `aceafc4f408e21149b229fc07eb7735b8aea8b3e93a421bbe6eefe54b96f208d` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	764 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5c5381a437e62da458e251201a5c46af59e750b8f40470b77d00ce9fcf08fc6b` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	984 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5cb5e693ba5e56c274a113f77c50becb662d18324b2ed681432f60ee4761de3d` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/png
GET H2	403	amex-fuid-sprite.png firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/	0 0	283ms 282ms	Image application/json	2a00:1450:4001:800::200a GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/amex-fuid-sprite.png Requested by Host: firebasestorage.googleapis.com URL: https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/fonts_n74ldn.css?alt=media&token=d479aadb-8d2a-4ba3-a354-4857c85d91ca Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/fonts_n74ldn.css?alt=media&token=d479aadb-8d2a-4ba3-a354-4857c85d91ca User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers
GET DATA	200 OK	truncated /	63 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0903fb828652cc78b037321ca97b1ffbb6c49cd6ea58eee89900c79643ffaece` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff www.aexp-static.com/nav/ngn/fonts/	37 KB 38 KB	382ms 86ms	Font font/woff	104.96.130.145 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.aexp-static.com/nav/ngn/fonts/0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff Requested by Host: firebasestorage.googleapis.com URL: https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/dls_dcv5up.css?alt=media&token=af2862ab-5669-4858-af3b-ee8cecb6e6b6 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.96.130.145 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-96-130-145.deploy.static.akamaitechnologies.com Software / Resource Hash `568d1bad8ef5d3ee9e14e5bdc304985d4d9a8d791bfe4fdb689fc2bef638466c` Request headers Referer https://firebasestorage.googleapis.com/ Origin https://dev9030.daht6lt9k1q32.amplifyapp.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 29 Dec 2022 17:01:21 GMT last-modified Wed, 15 Aug 2018 20:46:09 GMT etag "5b749111-943d" access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD content-type font/woff access-control-allow-origin * cache-control max-age=15552000 access-control-allow-credentials true accept-ranges bytes timing-allow-origin * access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With content-length 37949 expires Tue, 02 Mar 2021 18:25:18 GMT
GET H2	200	Roboto-Light.woff www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/	72 KB 72 KB	375ms 88ms	Font font/woff	104.96.130.145 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www.aexp-static.com/cdaas/one/statics/axp-dls/5.10.1/package/dist/fonts/Roboto-Light.woff Requested by Host: firebasestorage.googleapis.com URL: https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/font_cwhs2t.css?alt=media&token=aa11aa3d-330e-4711-8e89-14f10e5713d1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 104.96.130.145 Vienna, Austria, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-96-130-145.deploy.static.akamaitechnologies.com Software / Resource Hash `e9f9fab2d479b79aca1d3d3bf0a9fc36131752869363180bef040905a008cc1b` Request headers Referer https://firebasestorage.googleapis.com/ Origin https://dev9030.daht6lt9k1q32.amplifyapp.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Thu, 29 Dec 2022 17:01:21 GMT last-modified Sat, 26 Oct 1985 08:15:00 GMT etag "1dc09d84-11f84" vary Origin, Accept-Encoding access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS, HEAD content-type font/woff access-control-allow-origin * cache-control max-age=15552000 access-control-allow-credentials true accept-ranges bytes timing-allow-origin * access-control-allow-headers Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With content-length 73604 expires Tue, 02 Mar 2021 18:30:25 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: firebasestorage.googleapis.com
URL: https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/jquery-3.4.1.min.js.download?alt=media&token=41d11ae4-4601-4259-979c-7b84dfc9ba29

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: American Express (Financial)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| erp string| em number| tmp

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://ik.imagekit.io/yaypdpcrk/myscr864693_y1r8UzK2g.js(Line 13263) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/jquery-3.4.1.min.js.download?alt=media&token=41d11ae4-4601-4259-979c-7b84dfc9ba29, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://ik.imagekit.io/yaypdpcrk/myscr864693_y1r8UzK2g.js(Line 13263) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/jquery-3.4.1.min.js.download?alt=media&token=41d11ae4-4601-4259-979c-7b84dfc9ba29, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	error	URL: https://dev9030.daht6lt9k1q32.amplifyapp.com/ Message: Access to script at 'https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/jquery-3.4.1.min.js.download?alt=media&token=41d11ae4-4601-4259-979c-7b84dfc9ba29' from origin 'https://dev9030.daht6lt9k1q32.amplifyapp.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/jquery-3.4.1.min.js.download?alt=media&token=41d11ae4-4601-4259-979c-7b84dfc9ba29 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://firebasestorage.googleapis.com/v0/b/steady-voltage-369613.appspot.com/o/amex-fuid-sprite.png Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dev9030.daht6lt9k1q32.amplifyapp.com
firebasestorage.googleapis.com
ik.imagekit.io
www.aexp-static.com
firebasestorage.googleapis.com
104.96.130.145
13.224.189.5
2600:9000:21f3:dc00:15:c281:3500:93a1
2a00:1450:4001:800::200a
028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab
08ed7823c2cdb7b89093fa8c4fd9eee8c66da6a72be66d31fac37e690f2531a9
0903fb828652cc78b037321ca97b1ffbb6c49cd6ea58eee89900c79643ffaece
428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad
568d1bad8ef5d3ee9e14e5bdc304985d4d9a8d791bfe4fdb689fc2bef638466c
56b8e90244c34621e294d3357edfef9a1467e501773ed21b25dc6367ab3d7803
5c5381a437e62da458e251201a5c46af59e750b8f40470b77d00ce9fcf08fc6b
5cb5e693ba5e56c274a113f77c50becb662d18324b2ed681432f60ee4761de3d
677a6a5da6f0e85f66c5232fc39ffd285ed010a9498c40cdd7e56d2ff0b7e7da
74fbe059061319a8c7b73f1d18017ea7a82d92f161189aa156b66869d1f357fe
7ef974010abfe71fb92dc3f53e3948e1e544cf6821bf9802ea0bf35fa8fe5af6
867c820a27a6a72213ae280e3d90476fb0968f794c431c142a58a1831045ede6
996e3f0f97560275527906b77b77ea592f06b410225d40ae7880a3caef3466ff
acddc65fd3cdc9eecc019e24154e3199b6cc918d0c4f5baea10a7d170a431859
aceafc4f408e21149b229fc07eb7735b8aea8b3e93a421bbe6eefe54b96f208d
bd019a6147dd61d8a25b62afee3861027b5267ddd8d9d25d60bcfc4ddc4ed875
c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9
d5d7822393d3103ec421f72f09c7f7c78948c68da112031c0afd1c0b0da92c08
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9f9fab2d479b79aca1d3d3bf0a9fc36131752869363180bef040905a008cc1b
eef0bab2aca7e495e763ab5707cf877b7ac3e2543216b904722b82c2495a349c
fc69234936c0df004440641a5df9ee1e3c3532df5780984f0f636e85e8788519

dev9030.daht6lt9k1q32.amplifyapp.com Open in urlscan Pro 13.224.189.5 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

92 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

5 IPs

3 Countries

1072 kBTransfer

1389 kBSize

0 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

5 Console Messages

Indicators

dev9030.daht6lt9k1q32.amplifyapp.com Open in urlscan Pro
13.224.189.5 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

1072 kB
Transfer

1389 kB
Size

0
Cookies

12 HTTP transactions
12 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!