acquisition.idchub.app
Open in
urlscan Pro
34.206.69.110
Malicious Activity!
Public Scan
Effective URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/
Submission: On August 03 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by DigiCert EV RSA CA G2 on May 10th 2023. Valid for: a year.
This is the only time acquisition.idchub.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: American Express (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 34.206.69.110 34.206.69.110 | 14618 (AMAZON-AES) (AMAZON-AES) | |
12 | 54.231.199.65 54.231.199.65 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2a00:1450:400... 2a00:1450:4001:829::200a | 15169 (GOOGLE) (GOOGLE) | |
15 | 3 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-69-110.compute-1.amazonaws.com
acquisition.idchub.app |
ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
idcfiles.s3.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
amazonaws.com
idcfiles.s3.amazonaws.com |
2 MB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 79 |
1 KB |
2 |
idchub.app
1 redirects
acquisition.idchub.app |
11 KB |
15 | 3 |
Domain | Requested by | |
---|---|---|
12 | idcfiles.s3.amazonaws.com |
acquisition.idchub.app
idcfiles.s3.amazonaws.com |
2 | fonts.googleapis.com |
acquisition.idchub.app
|
2 | acquisition.idchub.app | 1 redirects |
15 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
acquisition.idchub.app DigiCert EV RSA CA G2 |
2023-05-10 - 2024-05-08 |
a year | crt.sh |
*.s3.amazonaws.com Amazon RSA 2048 M01 |
2023-03-21 - 2023-12-19 |
9 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://acquisition.idchub.app/en-idc/acq/accounts/login/
Frame ID: C620F28D177531EA0DBF4A3026E5A361
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://acquisition.idchub.app/
HTTP 302
https://acquisition.idchub.app/en-idc/acq/accounts/login/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Django (Web Frameworks) Expand
Detected patterns
- (?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Select2 (JavaScript Libraries) Expand
Detected patterns
- select2(?:\.min|\.full)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://acquisition.idchub.app/
HTTP 302
https://acquisition.idchub.app/en-idc/acq/accounts/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
acquisition.idchub.app/en-idc/acq/accounts/login/ Redirect Chain
|
10 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.1.min.js
idcfiles.s3.amazonaws.com/static/js/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
popper.min.js
idcfiles.s3.amazonaws.com/static/js/ |
21 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
idcfiles.s3.amazonaws.com/static/lib/bootstrap/js/ |
59 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
select2.min.js
idcfiles.s3.amazonaws.com/static/lib/select2/ |
69 KB 70 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap-datepicker.min.js
idcfiles.s3.amazonaws.com/static/lib/bootstrap-datepicker/js/ |
33 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.js
idcfiles.s3.amazonaws.com/static/js/ |
6 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
output.c97124229c1c.css
idcfiles.s3.amazonaws.com/static/CACHE/css/ |
176 KB 177 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
output.15d6ad4dfdb4.css
idcfiles.s3.amazonaws.com/static/CACHE/css/ |
15 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
output.314eb2774f4a.css
idcfiles.s3.amazonaws.com/static/CACHE/css/ |
62 KB 63 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
output.f8dfbf7e96b5.css
idcfiles.s3.amazonaws.com/static/CACHE/css/ |
565 B 950 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
875 B 476 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
idcfiles.s3.amazonaws.com/static/img/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background-idc.jpg
idcfiles.s3.amazonaws.com/static/img/ |
1 MB 1 MB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: American Express (Financial)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| Popper object| bootstrap function| UUID function| form_errors function| newToast function| btnLoading function| init_country_select function| flag_select2 function| update_city_options function| init_validation function| new_ticket function| save_ticket function| toggleMenu3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
acquisition.idchub.app/ | Name: AWSALB Value: VJvtlp6kli4KfICnvJBgeLXhUt3tc51niIRVS65dnpXqACKDNM703miHlzx/Q8Sn/jDQ7JrLKzB2HKTxQ0edKyz6OPZP7Gh8SGl20uvlKC4VRkXrbVPrP8TRvOD5 |
|
acquisition.idchub.app/ | Name: AWSALBCORS Value: VJvtlp6kli4KfICnvJBgeLXhUt3tc51niIRVS65dnpXqACKDNM703miHlzx/Q8Sn/jDQ7JrLKzB2HKTxQ0edKyz6OPZP7Gh8SGl20uvlKC4VRkXrbVPrP8TRvOD5 |
|
acquisition.idchub.app/ | Name: csrftoken Value: bohoZ0xkYHnzNnXPdjSn8sJ527ULYlMECGPYY9Pb8ys6hdqr2AizXklj9dkcQmjP |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15768000 |
X-Content-Type-Options | nosniff nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 1; mode=block 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
acquisition.idchub.app
fonts.googleapis.com
idcfiles.s3.amazonaws.com
2a00:1450:4001:829::200a
34.206.69.110
54.231.199.65
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab
15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81
2e1169242cd64306cd449c02cbd99fd94e2d8a9c13f111b0fcedae7d96db5f65
314eb2774f4abc6dfee424b44d172c6b268d3f527cb8d973308f36068434b44b
38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff
6ea55ea86749ee1fe560fabac6b3effd81b33046fa74dc657e24d41d28110a9f
765a4d8a354e6adc74fc9bf6312274977e82b0e42e01147d648bfd221ec164e5
80bbd5be45a524bdbb122e6e34df705780ee6ea56655d6ac9ad9e92c1e12362d
83827390a36e0f78e2e3307ef3e2ae6b67b83c6edf5b85f6d7e66b98a331f3e6
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
c97124229c1ccc14376ba7ed2ea1c66558816ac87f8408c53bffc14afc752698
d67e275d853c297024837a57545bfa7dc91b3c3cfd71f865a9c696787dc87fe1
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8dfbf7e96b55b39bf6eeda178161528ea48a18ddd951f7b660cb7b2f058d231