urlscan.io logo urlscan.io
SecurityTrails logo

main.dquvxneatcvlx.amplifyapp.com Open in urlscan Pro
18.66.15.85  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://main.dquvxneatcvlx.amplifyapp.com/
Effective URL: https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q
Submission: On September 28 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 18.66.15.85, located in United States and belongs to AMAZON-02, US. The main domain is main.dquvxneatcvlx.amplifyapp.com.
TLS certificate: Issued by Amazon on September 26th 2022. Valid for: a year.
This is the only time main.dquvxneatcvlx.amplifyapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

IP Address AS Autonomous System
7 18.66.15.85 16509 (AMAZON-02)
7 1
Apex Domain
Subdomains		 Transfer
7 amplifyapp.com
main.dquvxneatcvlx.amplifyapp.com
38 KB
7 1
Domain Requested by
7 main.dquvxneatcvlx.amplifyapp.com main.dquvxneatcvlx.amplifyapp.com
7 1

This site contains links to these domains. Also see Links.

Domain
www.amazon.com
Subject Issuer Validity Valid
*.dquvxneatcvlx.amplifyapp.com
Amazon		 2022-09-26 -
2023-10-25		 a year crt.sh

This page contains 1 frames:

Primary Page: https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q
Frame ID: DEF8FD9D7970325BC6AC9BC6034AC41F
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Amazon Billing Verification Center

Page URL History Show full URLs

  1. https://main.dquvxneatcvlx.amplifyapp.com/ Page URL
  2. https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q Page URL

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

38 kB
Transfer

129 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://main.dquvxneatcvlx.amplifyapp.com/ Page URL
  2. https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
main.dquvxneatcvlx.amplifyapp.com/ 		128 B
508 B 		Document
General
Check archive.org
Download Go to
Full URL
https://main.dquvxneatcvlx.amplifyapp.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.15.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-15-85.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f1c7b8aca7dc227db935da88c0f51c74a11fab93e64168b54f3b626849343278

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
public, max-age=0, s-maxage=2
content-length
128
content-type
text/html
date
Wed, 28 Sep 2022 10:27:47 GMT
etag
"6e6136f90821c1dc2a96589b4d9c1d60"
last-modified
Mon, 26 Sep 2022 10:57:55 GMT
server
AmazonS3
via
1.1 7813cdcdfb1cffa9f5c7d09f66440476.cloudfront.net (CloudFront)
x-amz-cf-id
maxzW_1nvv2EYxVhfUSGUmWhT0W22w5TV7VAECUbTgX3blup2mCFFA==
x-amz-cf-pop
VIE50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
Primary Request b.html
main.dquvxneatcvlx.amplifyapp.com/ 		88 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.15.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-15-85.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cc109786c5a13f2eb0f76ba41f6a8e8eb9b162a204bb0d18ece4cae9f4225f2a

Request headers

Referer
https://main.dquvxneatcvlx.amplifyapp.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0, s-maxage=2
content-encoding
gzip
content-type
text/html
date
Wed, 28 Sep 2022 10:27:48 GMT
etag
W/"470eff3c273a87c8d72dd6322e90390a"
last-modified
Mon, 26 Sep 2022 10:57:55 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 7813cdcdfb1cffa9f5c7d09f66440476.cloudfront.net (CloudFront)
x-amz-cf-id
X016OAcTmycjr3O6BEKuVlms7xjjL8pQS4lJy362kM_TZlQMGfV5RQ==
x-amz-cf-pop
VIE50-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
site-wide-a04329._V1_.css
main.dquvxneatcvlx.amplifyapp.com/content/ 		31 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://main.dquvxneatcvlx.amplifyapp.com/content/site-wide-a04329._V1_.css
Requested by
Host: main.dquvxneatcvlx.amplifyapp.com
URL: https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.15.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-15-85.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
10765b5e83a4ccbc5edbfcc4f3ada63b02c76cc1d29c21f1202fc54bd018710c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Wed, 28 Sep 2022 10:27:48 GMT
content-encoding
gzip
via
1.1 7813cdcdfb1cffa9f5c7d09f66440476.cloudfront.net (CloudFront)
last-modified
Mon, 26 Sep 2022 10:57:55 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-P1
x-amz-server-side-encryption
AES256
etag
W/"c5b431e3ddb3b23e34e512492e79b9f3"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/css
cache-control
public, max-age=0, s-maxage=2
x-amz-cf-id
9J24IYThcbdh7smEByQjQmc8HNzPMR1Fzn0Diy46eKrW9GNoBBKp-g==
BeaconSprite-US-01._V141013396_.png
main.dquvxneatcvlx.amplifyapp.com/content/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://main.dquvxneatcvlx.amplifyapp.com/content/BeaconSprite-US-01._V141013396_.png
Requested by
Host: main.dquvxneatcvlx.amplifyapp.com
URL: https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.15.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-15-85.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4514d4d04b4644de38864be5ac0c945f94eec540dcef27061330658e46d848a9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Wed, 28 Sep 2022 10:27:48 GMT
via
1.1 7813cdcdfb1cffa9f5c7d09f66440476.cloudfront.net (CloudFront)
last-modified
Mon, 26 Sep 2022 10:57:55 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-P1
x-amz-server-side-encryption
AES256
etag
"ce0ad8aebf91c79d98779ea2686ee3a8"
x-cache
Miss from cloudfront
content-type
image/png
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
content-length
6148
x-amz-cf-id
bbXSVlZHdiS8CIxf5hD0cI98kFIXTOTMQ5AXp0TWLea3To29Ic-Ezw==
transparent-pixel._V192234675_.gif
main.dquvxneatcvlx.amplifyapp.com/content/ 		43 B
423 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://main.dquvxneatcvlx.amplifyapp.com/content/transparent-pixel._V192234675_.gif
Requested by
Host: main.dquvxneatcvlx.amplifyapp.com
URL: https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.15.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-15-85.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Wed, 28 Sep 2022 10:27:48 GMT
via
1.1 7813cdcdfb1cffa9f5c7d09f66440476.cloudfront.net (CloudFront)
last-modified
Mon, 26 Sep 2022 10:57:55 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-P1
x-amz-server-side-encryption
AES256
etag
"6851dbf491ae442da3314f19e8aff085"
x-cache
Miss from cloudfront
content-type
image/gif
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
content-length
43
x-amz-cf-id
EHOGA7JYhJiaizpWzEPS32zXBpGSxSQXpT7FZcNEnd-BA5iJxAdrbg==
confirm-card._V17236_.png
main.dquvxneatcvlx.amplifyapp.com/content/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://main.dquvxneatcvlx.amplifyapp.com/content/confirm-card._V17236_.png
Requested by
Host: main.dquvxneatcvlx.amplifyapp.com
URL: https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.15.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-15-85.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b924ce130dc972a751e5bd741fb35cd7cb8d7a94894916d941f48e35abddf5dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Wed, 28 Sep 2022 10:27:48 GMT
via
1.1 7813cdcdfb1cffa9f5c7d09f66440476.cloudfront.net (CloudFront)
last-modified
Mon, 26 Sep 2022 10:57:55 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-P1
x-amz-server-side-encryption
AES256
etag
"7e55e6c7d2697e6cac416c1f2eaf9d65"
x-cache
Miss from cloudfront
content-type
image/png
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
content-length
2167
x-amz-cf-id
cn-4lolQ866N4kcmMDWnwpjAzzAbSZM7H3CwCVTmgIKzXnsVE5SRLg==
navAmazonLogoFooter._V169459313_.gif
main.dquvxneatcvlx.amplifyapp.com/content/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://main.dquvxneatcvlx.amplifyapp.com/content/navAmazonLogoFooter._V169459313_.gif
Requested by
Host: main.dquvxneatcvlx.amplifyapp.com
URL: https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.15.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-15-85.vie50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bde31848f3c02d44b188927f63b8724262cf12a30a2bef988f81698ecbbf5790

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://main.dquvxneatcvlx.amplifyapp.com/b.html?amazon.com/b/ref=si3_store_su/?ie=UTF8&node=293522011Blv1KxDr2OE5uAP092q
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date
Wed, 28 Sep 2022 10:27:48 GMT
via
1.1 7813cdcdfb1cffa9f5c7d09f66440476.cloudfront.net (CloudFront)
last-modified
Mon, 26 Sep 2022 10:57:55 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-P1
x-amz-server-side-encryption
AES256
etag
"c195e2f844e4a1c00a03570593ce5ecf"
x-cache
Miss from cloudfront
content-type
image/gif
cache-control
public, max-age=0, s-maxage=2
accept-ranges
bytes
content-length
1216
x-amz-cf-id
d3xEU9fjLEV5z6p-2WSQXdaLCE-j62QkpGqVymlPU9BMV3mv7HzePg==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| container object| AmazonPopoverImages string| _navbarSpriteUrl function| Navbar object| _navbar undefined| iss string| issHost string| issMktid object| issSearchAliases function| updateISSCompletion undefined| dealNotifier object| errant

0 Cookies