dev8401.d1h3hp46e2tlhf.amplifyapp.com Open in urlscan Pro
18.65.216.88 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html
Submission: On October 06 via api (October 6th 2023, 3:50:57 am UTC) from JP — Scanned from JP

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 13 HTTP transactions. The main IP is 18.65.216.88, located in United States and belongs to AMAZON-02, US. The main domain is dev8401.d1h3hp46e2tlhf.amplifyapp.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on October 3rd 2023. Valid for: a year.

This is the only time dev8401.d1h3hp46e2tlhf.amplifyapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	18.65.216.88 18.65.216.88	16509 (AMAZON-02) (AMAZON-02)
1	2404:6800:400... 2404:6800:4004:801::200a	15169 (GOOGLE) (GOOGLE)
10 10	99.84.133.89 99.84.133.89	16509 (AMAZON-02) (AMAZON-02)
10	13.33.174.111 13.33.174.111	16509 (AMAZON-02) (AMAZON-02)
1	194.1.147.82 194.1.147.82	210250 (WPX) (WPX)
13	4

1 18.65.216.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-216-88.nrt57.r.cloudfront.net

dev8401.d1h3hp46e2tlhf.amplifyapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:801::200a (Australia)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 99.84.133.89 (United States) 10 redirects

ASN16509 (AMAZON-02, US)
PTR: server-99-84-133-89.nrt57.r.cloudfront.net

cdn.glitch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 13.33.174.111 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-174-111.nrt57.r.cloudfront.net

cdn.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.1.147.82 (Chicago, United States)

ASN210250 (WPX, BG)
PTR: wpx.net

smallenvelop.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	glitch.me cdn.glitch.me — Cisco Umbrella Rank: 71658	2 MB
10	glitch.com 10 redirects cdn.glitch.com — Cisco Umbrella Rank: 79831	4 KB
1	smallenvelop.com smallenvelop.com
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 405	30 KB
1	amplifyapp.com dev8401.d1h3hp46e2tlhf.amplifyapp.com	3 KB
13	5

	Domain	Requested by
10	cdn.glitch.me	dev8401.d1h3hp46e2tlhf.amplifyapp.com
10	cdn.glitch.com	10 redirects
1	smallenvelop.com	dev8401.d1h3hp46e2tlhf.amplifyapp.com
1	ajax.googleapis.com	dev8401.d1h3hp46e2tlhf.amplifyapp.com
1	dev8401.d1h3hp46e2tlhf.amplifyapp.com
13	5

This site contains no links.

Subject Issuer	Validity	Valid
*.d1h3hp46e2tlhf.amplifyapp.com Amazon RSA 2048 M03	`2023-10-03` - `2024-10-31`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
smallenvelop.com R3	`2023-08-27` - `2023-11-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html
Frame ID: BD9DB72F4FE66D67ED7E53CFF75D0EBB
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Wells Fargo - Personal & Business Banking - Student, Auto & Home Loans - Investing & Insurance

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

23 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

2076 kB
Transfer

2130 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh1.png HTTP 301
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh1.png

Request Chain 2

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh2.png HTTP 301
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh2.png

Request Chain 3

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh3.png HTTP 301
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh3.png

Request Chain 4

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh4.png HTTP 301
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh4.png

Request Chain 5

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh5.png HTTP 301
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh5.png

Request Chain 6

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh6.png HTTP 301
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh6.png

Request Chain 7

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fwgh.png HTTP 301
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fwgh.png

Request Chain 8

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh7.png HTTP 301
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh7.png

Request Chain 9

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh8.png HTTP 301
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh8.png

Request Chain 11

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fwsm.png HTTP 301
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fwsm.png

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request login.html Show response
dev8401.d1h3hp46e2tlhf.amplifyapp.com/ 8 KB
3 KB 1190ms
1036ms Document
text/html 18.65.216.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.65.216.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-65-216-88.nrt57.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bd80340acb759ffe39d1a3f315050df69afdc96c4b50eec3338167e2a15f3bce

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, s-maxage=2
content-encoding: gzip
content-type: text/html
date: Fri, 06 Oct 2023 03:50:52 GMT
etag: W/"bb8ad4f405b683e894009551ec21789a"
last-modified: Tue, 03 Oct 2023 12:26:10 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 1f88c7299546f5776a82ea1db20fdb38.cloudfront.net (CloudFront)
x-amz-cf-id: SXjVGZh1aCeqI_F_wttmS98K0tsmGgpjyliCxGwNphCTq0SpGha8JQ==
x-amz-cf-pop: NRT57-P4
x-cache: Miss from cloudfront

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 84 KB
30 KB 52ms
4ms Script
text/javascript 2404:6800:4004:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

Requested by

Host: dev8401.d1h3hp46e2tlhf.amplifyapp.com
URL: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:801::200a , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sat, 30 Sep 2023 14:05:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 481540
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30028
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 29 Sep 2024 14:05:12 GMT

GET
H/1.1

200
OK

3f4822e0-356f-4640-b413-68f91511b9e3%2Fh1.png
cdn.glitch.me/
Redirect Chain

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh1.png
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh1.png

14 KB
14 KB

33ms
11ms

Image
image/png

13.33.174.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh1.png

Requested by

Host: dev8401.d1h3hp46e2tlhf.amplifyapp.com
URL: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html

Protocol

HTTP/1.1

Server

13.33.174.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-174-111.nrt57.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c825218949fd1e01b648571a1aac2422f382e713ca07d75a9fa028c27c54e2e7

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Tue, 03 Oct 2023 02:28:17 GMT
Via: 1.1 13f9acb9132808e8bc1d9cdb66665fd2.cloudfront.net (CloudFront)
Content-Security-Policy: script-src 'none'
Last-Modified: Thu, 03 Jun 2021 13:35:00 GMT
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C2
Age: 264156
ETag: "6f2b8e2a5b7abbe4b327ee70ccb7a197"
Vary: Origin
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 14261
X-Amz-Cf-Id: 5bjFePaTI1nz4zg-idynxR7bp0UNePcwi1jxi3F1f0zjlR9x2gtzrw==

Redirect headers

Date: Thu, 05 Oct 2023 11:39:24 GMT
Via: 1.1 c7f3213e2a3260f1c4aa8c8f7832ebbc.cloudfront.net (CloudFront)
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C3
Age: 58289
Vary: Origin
X-Cache: Hit from cloudfront
Location: https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh1.png
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: jif1w4L2ItCJMeC90DtKWLl6kpQIaW4lvtGIRMQSx04sJDdg4jnGAA==

GET
H/1.1

200
OK

3f4822e0-356f-4640-b413-68f91511b9e3%2Fh2.png
cdn.glitch.me/
Redirect Chain

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh2.png
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh2.png

574 KB
575 KB

35ms
9ms

Image
image/png

13.33.174.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh2.png

Requested by

Host: dev8401.d1h3hp46e2tlhf.amplifyapp.com
URL: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html

Protocol

HTTP/1.1

Server

13.33.174.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-174-111.nrt57.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

b6be67d9d00be08a457ed89b27760835f16a845b8cd3937ada7510fd470d4330

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 11:39:24 GMT
Via: 1.1 62c43884c965f87176688b6ced39f190.cloudfront.net (CloudFront)
Content-Security-Policy: script-src 'none'
Last-Modified: Thu, 03 Jun 2021 13:41:12 GMT
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C2
Age: 58288
ETag: "ee44fb9abea5dbac582f63c31cdd446d"
Vary: Origin
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 588281
X-Amz-Cf-Id: Lea42CfpX9pqlk4Q8HcPwmp_rxGe_cvBGApMS-pwyDy_8Hb1iqv-ag==

Redirect headers

Date: Thu, 05 Oct 2023 11:39:24 GMT
Via: 1.1 b7266636fdf7ecedde402af38ca2d5a4.cloudfront.net (CloudFront)
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C3
Age: 58289
Vary: Origin
X-Cache: Hit from cloudfront
Location: https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh2.png
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: 8GsuyVYsXcX2gqOiPNIGXQvaWjOeWBi93khycOXuNL0Bi3BeNeqzJA==

GET
H/1.1

200
OK

3f4822e0-356f-4640-b413-68f91511b9e3%2Fh3.png
cdn.glitch.me/
Redirect Chain

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh3.png
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh3.png

371 KB
371 KB

37ms
9ms

Image
image/png

13.33.174.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh3.png

Requested by

Host: dev8401.d1h3hp46e2tlhf.amplifyapp.com
URL: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html

Protocol

HTTP/1.1

Server

13.33.174.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-174-111.nrt57.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

64701075a3cdc35fcff4383b98a6a42d827b62ec99c2ab6f41595fdee80d9f99

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 11:39:25 GMT
Via: 1.1 eb8aeaf3ded189317a41c3566ccb58de.cloudfront.net (CloudFront)
Content-Security-Policy: script-src 'none'
Last-Modified: Thu, 03 Jun 2021 13:41:40 GMT
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C2
Age: 58288
ETag: "6093b8f239bf7ab3e7b1557c696070e2"
Vary: Origin
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 379570
X-Amz-Cf-Id: uE0Q_u_Re34HyzTt0ShPqU4tMvHL0B3-sTtMdmCT6jvhQxLxMXXtgQ==

Redirect headers

Date: Thu, 05 Oct 2023 11:39:24 GMT
Via: 1.1 0fdd05f152588a84969bff9452442f70.cloudfront.net (CloudFront)
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C3
Age: 58288
Vary: Origin
X-Cache: Hit from cloudfront
Location: https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh3.png
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: LlkdYVJRupuaVBJzC2ZspVBIdreymgwYwMuxn2RbQRII10YqMr-0VQ==

GET
H/1.1

200
OK

3f4822e0-356f-4640-b413-68f91511b9e3%2Fh4.png
cdn.glitch.me/
Redirect Chain

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh4.png
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh4.png

652 KB
652 KB

37ms
7ms

Image
image/png

13.33.174.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh4.png

Requested by

Host: dev8401.d1h3hp46e2tlhf.amplifyapp.com
URL: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html

Protocol

HTTP/1.1

Server

13.33.174.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-174-111.nrt57.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

132aee365fd34939b9f166f3d496c106c8b88164f15a660ed447c56be369ab34

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 11:39:25 GMT
Via: 1.1 497e68f1c2171c15557d721da06055d0.cloudfront.net (CloudFront)
Content-Security-Policy: script-src 'none'
Last-Modified: Thu, 03 Jun 2021 13:35:09 GMT
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C2
Age: 58288
ETag: "3932a63a3396b0762167c3164b124cff"
Vary: Origin
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 667181
X-Amz-Cf-Id: H4ich5f9wqHzZ7sSXK8dB-erv_-9BV1NJHFUfM-_KkKkO7v2uLGUng==

Redirect headers

Date: Thu, 05 Oct 2023 11:39:24 GMT
Via: 1.1 ca1bfbfd9295e7865d816048e88d6b34.cloudfront.net (CloudFront)
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C3
Age: 58288
Vary: Origin
X-Cache: Hit from cloudfront
Location: https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh4.png
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: PUv9j7pyj0xBWop_jgxbJVaAdjGhcPcrQvpvJNhOj1PDKLvbdZhMgw==

GET
H/1.1

200
OK

3f4822e0-356f-4640-b413-68f91511b9e3%2Fh5.png
cdn.glitch.me/
Redirect Chain

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh5.png
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh5.png

305 KB
305 KB

46ms
17ms

Image
image/png

13.33.174.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh5.png

Requested by

Host: dev8401.d1h3hp46e2tlhf.amplifyapp.com
URL: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html

Protocol

HTTP/1.1

Server

13.33.174.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-174-111.nrt57.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

69007d0509bdbb2e53417d9e6dc5e24fae3abd22fa6f97c36a754f1c86bffb6a

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 11:39:25 GMT
Via: 1.1 25d5704e1dc4bae769b7de8ab2325790.cloudfront.net (CloudFront)
Content-Security-Policy: script-src 'none'
Last-Modified: Thu, 03 Jun 2021 13:35:04 GMT
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C2
Age: 58288
ETag: "558cd28596e5d9e0c493d1488d20a886"
Vary: Origin
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 312201
X-Amz-Cf-Id: AB2lhxSP4o1Ny7n_poxE0zWJP4pHVWx0L1S9CAV9CSo0xU1exsG4sg==

Redirect headers

Date: Thu, 05 Oct 2023 11:39:25 GMT
Via: 1.1 21c2c408f4c2c958f8382e583ddedf58.cloudfront.net (CloudFront)
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C3
Age: 58288
Vary: Origin
X-Cache: Hit from cloudfront
Location: https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh5.png
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: zXjIkisitgxLnhhZnRrn3O8Nzwqum7tYwGdVYMoLODdRzGQJOZ--LA==

GET
H/1.1

200
OK

3f4822e0-356f-4640-b413-68f91511b9e3%2Fh6.png
cdn.glitch.me/
Redirect Chain

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh6.png
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh6.png

78 KB
79 KB

35ms
6ms

Image
image/png

13.33.174.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh6.png

Requested by

Host: dev8401.d1h3hp46e2tlhf.amplifyapp.com
URL: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html

Protocol

HTTP/1.1

Server

13.33.174.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-174-111.nrt57.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

936092ba9c06f61e13c0b6ecae042d05285d56adf45a9df84bbddc7cfe591d35

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 11:39:25 GMT
Via: 1.1 bcaa73dd9eb58937e5bb422fc78109e0.cloudfront.net (CloudFront)
Content-Security-Policy: script-src 'none'
Last-Modified: Thu, 03 Jun 2021 13:35:05 GMT
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C2
Age: 58288
ETag: "ce3b29be912c0b050cdc0fc79a94adef"
Vary: Origin
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 79879
X-Amz-Cf-Id: 99QGMXtb9rTPQEHzqRMuVi9kiyHzHWOgq5ZsJKzkeMyAGJaZ4DTuRw==

Redirect headers

Date: Thu, 05 Oct 2023 11:39:24 GMT
Via: 1.1 0fdd05f152588a84969bff9452442f70.cloudfront.net (CloudFront)
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C3
Age: 58288
Vary: Origin
X-Cache: Hit from cloudfront
Location: https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh6.png
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: fR3k-zz_zoQFe_F68FmTfHMBhDiyUglBaJ9pcwmsrla4uszka-klKA==

GET
H/1.1

200
OK

3f4822e0-356f-4640-b413-68f91511b9e3%2Fwgh.png
cdn.glitch.me/
Redirect Chain

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fwgh.png
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fwgh.png

805 B
1 KB

26ms
4ms

Image
image/png

13.33.174.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fwgh.png

Requested by

Host: dev8401.d1h3hp46e2tlhf.amplifyapp.com
URL: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html

Protocol

HTTP/1.1

Server

13.33.174.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-174-111.nrt57.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

0cf4053b2bdee051d2ab31f6f11c1209d72416c0eb7b8eb685d8ded21ddbaa33

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 11:39:24 GMT
Via: 1.1 497e68f1c2171c15557d721da06055d0.cloudfront.net (CloudFront)
Content-Security-Policy: script-src 'none'
Last-Modified: Thu, 03 Jun 2021 13:41:12 GMT
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C2
Age: 58288
ETag: "2b3e0bd5a236647da989eab2eda547b8"
Vary: Origin
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 805
X-Amz-Cf-Id: iVoCDkujECnZVvvv5f5zZlMVgJpMjwwKrCUSzptZeTk_vXXy170Dew==

Redirect headers

Date: Thu, 05 Oct 2023 11:39:24 GMT
Via: 1.1 0fdd05f152588a84969bff9452442f70.cloudfront.net (CloudFront)
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C3
Age: 58289
Vary: Origin
X-Cache: Hit from cloudfront
Location: https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fwgh.png
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: HIOm_pgfq3f356JpyS72OOTBZ23au--IruZE-NGEji_onIskTJd-2Q==

GET
H/1.1

200
OK

3f4822e0-356f-4640-b413-68f91511b9e3%2Fh7.png
cdn.glitch.me/
Redirect Chain

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh7.png
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh7.png

2 KB
3 KB

29ms
5ms

Image
image/png

13.33.174.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh7.png

Requested by

Host: dev8401.d1h3hp46e2tlhf.amplifyapp.com
URL: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html

Protocol

HTTP/1.1

Server

13.33.174.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-174-111.nrt57.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5eac933db9ba5f389b619fdec096c8d46199a6b79151fbd150ebe6a9fbd1afef

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 11:39:25 GMT
Via: 1.1 25d5704e1dc4bae769b7de8ab2325790.cloudfront.net (CloudFront)
Content-Security-Policy: script-src 'none'
Last-Modified: Thu, 03 Jun 2021 13:34:54 GMT
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C2
Age: 58288
ETag: "696093423ea02cc0c9b4fd18b8e8b7f4"
Vary: Origin
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 2494
X-Amz-Cf-Id: EeQ15PdQU2-VRwt4zrd38dA6y8m5dkp-dqch6CwVbEwNQoxEMBHP_A==

Redirect headers

Date: Thu, 05 Oct 2023 11:39:24 GMT
Via: 1.1 c7f3213e2a3260f1c4aa8c8f7832ebbc.cloudfront.net (CloudFront)
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C3
Age: 58289
Vary: Origin
X-Cache: Hit from cloudfront
Location: https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh7.png
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: jICIU1hVBk-Mu-EuoxOhHvWpo9ofacOJKud3SP3btI7fNt3oEpXxUA==

GET
H/1.1

200
OK

3f4822e0-356f-4640-b413-68f91511b9e3%2Fh8.png
cdn.glitch.me/
Redirect Chain

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh8.png
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh8.png

41 KB
42 KB

31ms
7ms

Image
image/png

13.33.174.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh8.png

Requested by

Host: dev8401.d1h3hp46e2tlhf.amplifyapp.com
URL: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html

Protocol

HTTP/1.1

Server

13.33.174.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-174-111.nrt57.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1b4892f30b9813460d34686941d020ac817638b7adbd4a15ada7f483d50c9ab8

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 11:39:25 GMT
Via: 1.1 bcaa73dd9eb58937e5bb422fc78109e0.cloudfront.net (CloudFront)
Content-Security-Policy: script-src 'none'
Last-Modified: Thu, 03 Jun 2021 13:35:03 GMT
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C2
Age: 58288
ETag: "3cdaa937ad31115d46162d4eea8d8534"
Vary: Origin
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 42236
X-Amz-Cf-Id: 8k0fO5Z2vtbPwIWEst3pn4YhIKnU0UspYKBYg9CB20SuQutKBLrE-A==

Redirect headers

Date: Thu, 05 Oct 2023 11:39:24 GMT
Via: 1.1 21c2c408f4c2c958f8382e583ddedf58.cloudfront.net (CloudFront)
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C3
Age: 58289
Vary: Origin
X-Cache: Hit from cloudfront
Location: https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fh8.png
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: POTQn4DeoDNIz2npIv1HjUWM5JNj2Hy3h_WTFVhZ0o-EwGtZXsiDDw==

GET
H2 404 Preloader_11.gif
smallenvelop.com/wp-content/uploads/2014/08/ 0
0 922ms
905ms Image
text/html 194.1.147.82
WPX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif
Requested by: Host: dev8401.d1h3hp46e2tlhf.amplifyapp.com
URL: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 194.1.147.82 Chicago, United States, ASN210250 (WPX, BG),
Reverse DNS: wpx.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

GET
H/1.1

200
OK

3f4822e0-356f-4640-b413-68f91511b9e3%2Fwsm.png
cdn.glitch.me/
Redirect Chain

https://cdn.glitch.com/3f4822e0-356f-4640-b413-68f91511b9e3%2Fwsm.png
https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fwsm.png

445 B
976 B

27ms
4ms

Image
image/png

13.33.174.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fwsm.png

Requested by

Host: dev8401.d1h3hp46e2tlhf.amplifyapp.com
URL: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/login.html

Protocol

HTTP/1.1

Server

13.33.174.111 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-174-111.nrt57.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

531cded22ff35a41599c2d57d8d5ecdb90e295c7ad02833cc37c77872eb90c64

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dev8401.d1h3hp46e2tlhf.amplifyapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Thu, 05 Oct 2023 11:39:25 GMT
Via: 1.1 eb8aeaf3ded189317a41c3566ccb58de.cloudfront.net (CloudFront)
Content-Security-Policy: script-src 'none'
Last-Modified: Thu, 03 Jun 2021 13:34:57 GMT
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C2
Age: 58288
ETag: "e7c295bdba2ab819e9c1783a8044ed9a"
Vary: Origin
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 445
X-Amz-Cf-Id: DPAGiv9s8rh3WTzdTYpZiCsVie8zUKrPIxGocQKRZdwWpM_j92Rmyg==

Redirect headers

Date: Thu, 05 Oct 2023 11:39:24 GMT
Via: 1.1 0fdd05f152588a84969bff9452442f70.cloudfront.net (CloudFront)
Server: AmazonS3
X-Amz-Cf-Pop: NRT57-C3
Age: 58289
Vary: Origin
X-Cache: Hit from cloudfront
Location: https://cdn.glitch.me/3f4822e0-356f-4640-b413-68f91511b9e3%2Fwsm.png
Connection: keep-alive
Content-Length: 0
X-Amz-Cf-Id: 6deL8SW7parx5JrnkkU8yGgzQHgd-Tm17VjNExM3W9kb7mcN1aoKug==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.glitch.com
cdn.glitch.me
dev8401.d1h3hp46e2tlhf.amplifyapp.com
smallenvelop.com
13.33.174.111
18.65.216.88
194.1.147.82
2404:6800:4004:801::200a
99.84.133.89
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0cf4053b2bdee051d2ab31f6f11c1209d72416c0eb7b8eb685d8ded21ddbaa33
132aee365fd34939b9f166f3d496c106c8b88164f15a660ed447c56be369ab34
1b4892f30b9813460d34686941d020ac817638b7adbd4a15ada7f483d50c9ab8
531cded22ff35a41599c2d57d8d5ecdb90e295c7ad02833cc37c77872eb90c64
5eac933db9ba5f389b619fdec096c8d46199a6b79151fbd150ebe6a9fbd1afef
64701075a3cdc35fcff4383b98a6a42d827b62ec99c2ab6f41595fdee80d9f99
69007d0509bdbb2e53417d9e6dc5e24fae3abd22fa6f97c36a754f1c86bffb6a
936092ba9c06f61e13c0b6ecae042d05285d56adf45a9df84bbddc7cfe591d35
b6be67d9d00be08a457ed89b27760835f16a845b8cd3937ada7510fd470d4330
bd80340acb759ffe39d1a3f315050df69afdc96c4b50eec3338167e2a15f3bce
c825218949fd1e01b648571a1aac2422f382e713ca07d75a9fa028c27c54e2e7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

dev8401.d1h3hp46e2tlhf.amplifyapp.com Open in urlscan Pro 18.65.216.88 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

23 %HTTPS

20 %IPv6

5 Domains

5 Subdomains

4 IPs

2 Countries

2076 kBTransfer

2130 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

dev8401.d1h3hp46e2tlhf.amplifyapp.com Open in urlscan Pro
18.65.216.88 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

23 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

2076 kB
Transfer

2130 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!