acquisition.idchub.app Open in urlscan Pro
34.206.69.110 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://acquisition.idchub.app/
Effective URL:
https://acquisition.idchub.app/en-idc/acq/accounts/login/
Submission: On August 03 via manual (August 3rd 2023, 5:13:21 am UTC) from GB — Scanned from GB

Summary HTTP 15 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 34.206.69.110, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is acquisition.idchub.app.
TLS certificate: Issued by DigiCert EV RSA CA G2 on May 10th 2023. Valid for: a year.

This is the only time acquisition.idchub.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: American Express (Financial)

Domain & IP information

	IP Address		AS Autonomous System
1 2	34.206.69.110 34.206.69.110		14618 (AMAZON-AES) (AMAZON-AES)
12	54.231.199.65 54.231.199.65		16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:829::200a		15169 (GOOGLE) (GOOGLE)
15	3

2 34.206.69.110 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-69-110.compute-1.amazonaws.com

acquisition.idchub.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 54.231.199.65 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

idcfiles.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	amazonaws.com idcfiles.s3.amazonaws.com	2 MB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 79	1 KB
2	idchub.app 1 redirects acquisition.idchub.app	11 KB
15	3

	Domain	Requested by
12	idcfiles.s3.amazonaws.com	acquisition.idchub.app idcfiles.s3.amazonaws.com
2	fonts.googleapis.com	acquisition.idchub.app
2	acquisition.idchub.app	1 redirects
15	3

This site contains no links.

Subject Issuer	Validity	Valid
acquisition.idchub.app DigiCert EV RSA CA G2	`2023-05-10` - `2024-05-08`	a year	crt.sh
*.s3.amazonaws.com Amazon RSA 2048 M01	`2023-03-21` - `2023-12-19`	9 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://acquisition.idchub.app/en-idc/acq/accounts/login/
Frame ID: C620F28D177531EA0DBF4A3026E5A361
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://acquisition.idchub.app/ HTTP 302
https://acquisition.idchub.app/en-idc/acq/accounts/login/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Django (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:powered by <a[^>]+>Django ?([\d.]+)?<\/a>|<input[^>]*name=["']csrfmiddlewaretoken["'][^>]*>)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Select2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

select2(?:\.min|\.full)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1789 kB
Transfer

1786 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://acquisition.idchub.app/ HTTP 302
https://acquisition.idchub.app/en-idc/acq/accounts/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
acquisition.idchub.app/en-idc/acq/accounts/login/
Redirect Chain

https://acquisition.idchub.app/
https://acquisition.idchub.app/en-idc/acq/accounts/login/

10 KB
10 KB

129ms
129ms

Document
text/html

34.206.69.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://acquisition.idchub.app/en-idc/acq/accounts/login/

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.206.69.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-206-69-110.compute-1.amazonaws.com

Software

nginx /

Resource Hash

83827390a36e0f78e2e3307ef3e2ae6b67b83c6edf5b85f6d7e66b98a331f3e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.americanexpress.com
cache-control: no-cache, max-age=120
content-length: 9868
content-type: text/html; charset=utf-8
date: Thu, 03 Aug 2023 05:13:15 GMT
referrer-policy: same-origin
server: nginx
strict-transport-security: max-age=15768000
vary: Cookie, Origin
x-content-type-options: nosniff nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.americanexpress.com
cache-control: no-cache, max-age=120
content-length: 0
content-type: text/html; charset=utf-8
date: Thu, 03 Aug 2023 05:13:15 GMT
location: /en-idc/acq/accounts/login/
referrer-policy: same-origin
server: nginx
strict-transport-security: max-age=15768000
vary: Origin
x-content-type-options: nosniff nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block 1; mode=block

GET
H/1.1 200
OK jquery-3.5.1.min.js Show response
idcfiles.s3.amazonaws.com/static/js/ 87 KB
88 KB 396ms
142ms Script
application/javascript 54.231.199.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://idcfiles.s3.amazonaws.com/static/js/jquery-3.5.1.min.js
Requested by: Host: acquisition.idchub.app
URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.199.65 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 05:13:16 GMT
Last-Modified: Mon, 12 Jun 2023 18:16:59 GMT
Server: AmazonS3
x-amz-request-id: YF3CH6ARAHGNCZEV
ETag: "dc5e7f18c8d36ac1d3d4753a87c98d0a"
x-amz-server-side-encryption: AES256
Content-Type: application/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 89476
x-amz-id-2: gnguDPx3ssjpwFjbpxkDCGQobhEsmTlK1//ur/5p7XvajP2tOWOBg13piht1b386mAbJRfpcs5U=

GET
H/1.1 200
OK popper.min.js Show response
idcfiles.s3.amazonaws.com/static/js/ 21 KB
21 KB 394ms
141ms Script
application/javascript 54.231.199.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://idcfiles.s3.amazonaws.com/static/js/popper.min.js
Requested by: Host: acquisition.idchub.app
URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.199.65 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 05:13:16 GMT
Last-Modified: Mon, 12 Jun 2023 18:16:59 GMT
Server: AmazonS3
x-amz-request-id: YF38CA51J3Y8DX76
ETag: "84415b7368fd6fc764cbe86039ce0626"
x-amz-server-side-encryption: AES256
Content-Type: application/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 21257
x-amz-id-2: QMOLuaKFhm6Oez8o3ji7CO5sTMap78JOREcDt+/P/Qfo4x2bNooqI2bZrmlKgSpdgQpI5t9MKEI=

GET
H/1.1 200
OK bootstrap.min.js Show response
idcfiles.s3.amazonaws.com/static/lib/bootstrap/js/ 59 KB
59 KB 525ms
130ms Script
application/javascript 54.231.199.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://idcfiles.s3.amazonaws.com/static/lib/bootstrap/js/bootstrap.min.js
Requested by: Host: acquisition.idchub.app
URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.199.65 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 05:13:16 GMT
Last-Modified: Mon, 12 Jun 2023 18:15:08 GMT
Server: AmazonS3
x-amz-request-id: YF35R878TBNW8K65
ETag: "6bea60c34c5db6797150610dacdc6bce"
x-amz-server-side-encryption: AES256
Content-Type: application/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 60174
x-amz-id-2: tRjHnPXyXJyPm6wwu5+U4vO0KDQmcAM5LoXVhZ7LCAH0NOpy4q4xuRtevf2E0mfvuw2vejBr9bc=

GET
H/1.1 200
OK select2.min.js Show response
idcfiles.s3.amazonaws.com/static/lib/select2/ 69 KB
70 KB 614ms
129ms Script
application/javascript 54.231.199.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://idcfiles.s3.amazonaws.com/static/lib/select2/select2.min.js
Requested by: Host: acquisition.idchub.app
URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.199.65 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 05:13:17 GMT
Last-Modified: Mon, 12 Jun 2023 18:15:07 GMT
Server: AmazonS3
x-amz-request-id: 79V8P8KMHHHS5506
ETag: "0f64f3a3a0c620a6756d36abaff1b4a6"
x-amz-server-side-encryption: AES256
Content-Type: application/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 70851
x-amz-id-2: sAkKsJC9f7+IK1qBUnvLg6zQNSnWZhVnNEdGND1NoeT5Fj5jVZXHyUMs8d9hWDF7wlFBozyWwLA=

GET
H/1.1 200
OK bootstrap-datepicker.min.js Show response
idcfiles.s3.amazonaws.com/static/lib/bootstrap-datepicker/js/ 33 KB
33 KB 641ms
130ms Script
application/javascript 54.231.199.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://idcfiles.s3.amazonaws.com/static/lib/bootstrap-datepicker/js/bootstrap-datepicker.min.js
Requested by: Host: acquisition.idchub.app
URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.199.65 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6ea55ea86749ee1fe560fabac6b3effd81b33046fa74dc657e24d41d28110a9f

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 05:13:17 GMT
Last-Modified: Mon, 12 Jun 2023 18:15:07 GMT
Server: AmazonS3
x-amz-request-id: 79VE8HX9KMDBQNFM
ETag: "37807363a13de55c2184eb0777ff8b13"
x-amz-server-side-encryption: AES256
Content-Type: application/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 33693
x-amz-id-2: Zjv1/gTvoqYq5u/j8jRuUj85xs/mxQn/hCIR/dVQha1MkbYzip2D1l40CvHNtmGY9zTd2JoBvZI=

GET
H/1.1 200
OK common.js Show response
idcfiles.s3.amazonaws.com/static/js/ 6 KB
7 KB 772ms
145ms Script
application/javascript 54.231.199.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://idcfiles.s3.amazonaws.com/static/js/common.js?v=1.14.0
Requested by: Host: acquisition.idchub.app
URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.199.65 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 765a4d8a354e6adc74fc9bf6312274977e82b0e42e01147d648bfd221ec164e5

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 05:13:17 GMT
Last-Modified: Mon, 12 Jun 2023 18:17:00 GMT
Server: AmazonS3
x-amz-request-id: 79V5M8T0T45PHNJK
ETag: "3e8ab06753ce684d3c84aa269753ad97"
x-amz-server-side-encryption: AES256
Content-Type: application/javascript
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 6535
x-amz-id-2: C5lmWEnr/RwLkJKVxe+1qyeIpayYAmvqx6VZjEQPY9jxj3GWLYQBp7/gRvsahSa3CCC5hS9Y/gs=

GET
H/1.1 200
OK output.c97124229c1c.css
idcfiles.s3.amazonaws.com/static/CACHE/css/ 176 KB
177 KB 394ms
141ms Stylesheet
text/css 54.231.199.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://idcfiles.s3.amazonaws.com/static/CACHE/css/output.c97124229c1c.css
Requested by: Host: acquisition.idchub.app
URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.199.65 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: c97124229c1ccc14376ba7ed2ea1c66558816ac87f8408c53bffc14afc752698

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 05:13:16 GMT
Last-Modified: Fri, 30 Oct 2020 23:31:43 GMT
Server: AmazonS3
x-amz-request-id: YF31QQ0ETZJ0H8P5
ETag: "6d20ce14897d6aa317fed95f29ea6220"
Content-Type: text/css
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 180597
x-amz-id-2: MAwoNhyWPfep8NC1+bTgfsiMXTiG9qAOreCHTxwiqZYmfwDuj2hOgn4XHQHrnn7rxWUl6742C8A=

GET
H/1.1 200
OK output.15d6ad4dfdb4.css
idcfiles.s3.amazonaws.com/static/CACHE/css/ 15 KB
15 KB 391ms
138ms Stylesheet
text/css 54.231.199.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://idcfiles.s3.amazonaws.com/static/CACHE/css/output.15d6ad4dfdb4.css
Requested by: Host: acquisition.idchub.app
URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.199.65 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 05:13:16 GMT
Last-Modified: Fri, 30 Oct 2020 23:31:47 GMT
Server: AmazonS3
x-amz-request-id: YF3F7DBX8P3C8JSZ
ETag: "9f54e6414f87e0d14b9e966f19a174f9"
Content-Type: text/css
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 14966
x-amz-id-2: benv/YE6XKbWSobXSO6gQpsCDhvSdWfdrXTevNTjo6JgU33d+a+Uw2Can2zoNm+bOKZejS3F9g8=

GET
H/1.1 200
OK output.314eb2774f4a.css
idcfiles.s3.amazonaws.com/static/CACHE/css/ 62 KB
63 KB 391ms
139ms Stylesheet
text/css 54.231.199.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://idcfiles.s3.amazonaws.com/static/CACHE/css/output.314eb2774f4a.css
Requested by: Host: acquisition.idchub.app
URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.199.65 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 314eb2774f4abc6dfee424b44d172c6b268d3f527cb8d973308f36068434b44b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 05:13:16 GMT
Last-Modified: Wed, 05 Jul 2023 20:49:19 GMT
Server: AmazonS3
x-amz-request-id: YF3CRHTVHPBAYNQW
ETag: "d62c8d5d1dd5f6cdd998c9d18d769960"
x-amz-server-side-encryption: AES256
Content-Type: text/css
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 63679
x-amz-id-2: 7B7p0R0BB/wsof4VoZDMGHD1PXXJPQQM+vdDvg30hM4a3Bf9MNUj5090sj0ewv03o3MIHdq2CY4=

GET
H/1.1 200
OK output.f8dfbf7e96b5.css
idcfiles.s3.amazonaws.com/static/CACHE/css/ 565 B
950 B 392ms
140ms Stylesheet
text/css 54.231.199.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://idcfiles.s3.amazonaws.com/static/CACHE/css/output.f8dfbf7e96b5.css
Requested by: Host: acquisition.idchub.app
URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.199.65 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: f8dfbf7e96b55b39bf6eeda178161528ea48a18ddd951f7b660cb7b2f058d231

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 05:13:16 GMT
Last-Modified: Thu, 12 Nov 2020 11:37:53 GMT
Server: AmazonS3
x-amz-request-id: YF317CH0N7M4SZZJ
ETag: "d559bf85127d402711f64bc680cdf955"
Content-Type: text/css
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 565
x-amz-id-2: pTzASTBfZnWczScVigmJifwwmzuFq0khlz0+Z2z7tlV40+iJ13bD+BkjzzMeQ5ouZ68Ct4ZOCc0=

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 148ms
52ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Material+Icons|Material+Icons+Outlined|Material+Icons+Two+Tone|Material+Icons+Round|Material+Icons+Sharp

Requested by

Host: acquisition.idchub.app
URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

80bbd5be45a524bdbb122e6e34df705780ee6ea56655d6ac9ad9e92c1e12362d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 03 Aug 2023 05:13:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 03 Aug 2023 05:13:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 03 Aug 2023 05:13:15 GMT

GET
H2 200 css2
fonts.googleapis.com/ 875 B
476 B 148ms
53ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Shadows+Into+Light+Two&display=swap

Requested by

Host: acquisition.idchub.app
URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d67e275d853c297024837a57545bfa7dc91b3c3cfd71f865a9c696787dc87fe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 03 Aug 2023 05:13:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 03 Aug 2023 05:13:15 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 03 Aug 2023 05:13:15 GMT

GET
H/1.1 200
OK logo.svg
idcfiles.s3.amazonaws.com/static/img/ 2 KB
3 KB 128ms
128ms Image
image/svg+xml 54.231.199.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idcfiles.s3.amazonaws.com/static/img/logo.svg
Requested by: Host: acquisition.idchub.app
URL: https://acquisition.idchub.app/en-idc/acq/accounts/login/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.199.65 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 05:13:17 GMT
Last-Modified: Mon, 12 Jun 2023 18:16:48 GMT
Server: AmazonS3
x-amz-request-id: 79V447JRH6NPDDCG
ETag: "d97d46fe48d19d2c4f236b9a2cfee5f3"
x-amz-server-side-encryption: AES256
Content-Type: image/svg+xml
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 2402
x-amz-id-2: 83EEwm6LN63lOVrdBc6vSmSUI6ufWc/OLHbFcIqr5IXAovmowcemmx2wnIlMwJeEy0IpEkAx2AM=

GET
H/1.1 200
OK background-idc.jpg
idcfiles.s3.amazonaws.com/static/img/ 1 MB
1 MB 132ms
132ms Image
image/jpeg 54.231.199.65
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idcfiles.s3.amazonaws.com/static/img/background-idc.jpg
Requested by: Host: idcfiles.s3.amazonaws.com
URL: https://idcfiles.s3.amazonaws.com/static/CACHE/css/output.f8dfbf7e96b5.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.199.65 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 2e1169242cd64306cd449c02cbd99fd94e2d8a9c13f111b0fcedae7d96db5f65

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://idcfiles.s3.amazonaws.com/static/CACHE/css/output.f8dfbf7e96b5.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 03 Aug 2023 05:13:17 GMT
Last-Modified: Mon, 12 Jun 2023 18:16:50 GMT
Server: AmazonS3
x-amz-request-id: 79V0CTVQDX6RSQDC
ETag: "d4dfc97e39cf4dda9a46046f659d1a51"
x-amz-server-side-encryption: AES256
Content-Type: image/jpeg
Cache-Control: max-age=86400
Accept-Ranges: bytes
Content-Length: 1270585
x-amz-id-2: 5mut+wcu6UnnHG3jzQPvpm2bpNYjNgaQvUhXUz4BWecsiE6Jpak2HxZQGTog9haBq6xaGw7SjMY=

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: American Express (Financial)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| Popper object| bootstrap function| UUID function| form_errors function| newToast function| btnLoading function| init_country_select function| flag_select2 function| update_city_options function| init_validation function| new_ticket function| save_ticket function| toggleMenu

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			acquisition.idchub.app/	1970-01-20 13:54:04	Name: AWSALB Value: VJvtlp6kli4KfICnvJBgeLXhUt3tc51niIRVS65dnpXqACKDNM703miHlzx/Q8Sn/jDQ7JrLKzB2HKTxQ0edKyz6OPZP7Gh8SGl20uvlKC4VRkXrbVPrP8TRvOD5
			acquisition.idchub.app/	1970-01-20 13:54:04	Name: AWSALBCORS Value: VJvtlp6kli4KfICnvJBgeLXhUt3tc51niIRVS65dnpXqACKDNM703miHlzx/Q8Sn/jDQ7JrLKzB2HKTxQ0edKyz6OPZP7Gh8SGl20uvlKC4VRkXrbVPrP8TRvOD5
			acquisition.idchub.app/	1970-01-20 22:28:09	Name: csrftoken Value: bohoZ0xkYHnzNnXPdjSn8sJ527ULYlMECGPYY9Pb8ys6hdqr2AizXklj9dkcQmjP

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acquisition.idchub.app
fonts.googleapis.com
idcfiles.s3.amazonaws.com
2a00:1450:4001:829::200a
34.206.69.110
54.231.199.65
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab
15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81
2e1169242cd64306cd449c02cbd99fd94e2d8a9c13f111b0fcedae7d96db5f65
314eb2774f4abc6dfee424b44d172c6b268d3f527cb8d973308f36068434b44b
38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff
6ea55ea86749ee1fe560fabac6b3effd81b33046fa74dc657e24d41d28110a9f
765a4d8a354e6adc74fc9bf6312274977e82b0e42e01147d648bfd221ec164e5
80bbd5be45a524bdbb122e6e34df705780ee6ea56655d6ac9ad9e92c1e12362d
83827390a36e0f78e2e3307ef3e2ae6b67b83c6edf5b85f6d7e66b98a331f3e6
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
c97124229c1ccc14376ba7ed2ea1c66558816ac87f8408c53bffc14afc752698
d67e275d853c297024837a57545bfa7dc91b3c3cfd71f865a9c696787dc87fe1
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8dfbf7e96b55b39bf6eeda178161528ea48a18ddd951f7b660cb7b2f058d231