Report - main.d1rqan5j5td705.amplifyapp.com/otp3.html

Report Overview

Visited public
2024-09-15 13:24:41
Tags
URL
main.d1rqan5j5td705.amplifyapp.com/otp3.html
Finishing URL
main.d1rqan5j5td705.amplifyapp.com/otp3.html
IP / ASN
54.240.174.93
#16509 AMAZON-02
Title
PayPal

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-14 18:12:51	1.3 kB	3.6 kB	23.36.77.32
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2024-09-15 08:11:09	676 B	1.7 kB	54.230.218.11
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-09-14 18:12:16	981 B	2.7 kB	23.33.119.57
main.d1rqan5j5td705.amplifyapp.com	unknown	2018-04-17	2024-03-10 10:38:24	2024-03-10 10:38:24	500 B	232 kB	54.240.174.7

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-09-14	medium	main.d1rqan5j5td705.amplifyapp.com/otp3.html	PayPal Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	From	Size	First Seen	Last Seen
	main.d1rqan5j5td705.amplifyapp.com/otp3.html	ScriptElement	444 B	2023-10-24	2025-05-09
Pretty URL main.d1rqan5j5td705.amplifyapp.com/otp3.html IP 54.240.174.7 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-24 21:10 Last Seen2025-05-09 18:11 Times Seen129 Hash b37afbe52c8565f19f3f670c1eded78f 9240556974a9f4aa28aa88699327bc9b4713db64 1a626a5060a390c4588206a022ec9f0131f0c90f7b81ab84c6b5fd87a9d56e44 Loading...

	about:srcdoc#185	ScriptElement	444 B	2023-10-24	2025-05-09
Pretty URL about:srcdoc#185 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 21:10 Last Seen2025-05-09 18:11 Times Seen129 Hash b37afbe52c8565f19f3f670c1eded78f 9240556974a9f4aa28aa88699327bc9b4713db64 1a626a5060a390c4588206a022ec9f0131f0c90f7b81ab84c6b5fd87a9d56e44 Loading...

	about:srcdoc#187	ScriptElement	448 B	2024-02-13	2024-10-11
Pretty URL about:srcdoc#187 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-13 16:11 Last Seen2024-10-11 08:59 Times Seen12 Hash 84d6f6ef8bbd60460453c2e47d4500ba b39a3ba455ce7b56bac5b8ed385133d14aab833d 0e327820c6ba0210574b511cb3cf43893b6e3adbff05d32b2357f98902f72237 Loading...

HTTP Transactions (10)

URL IP Response Size

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
8ddc0c958da73dfad4d42a6ae9a6dff6
6ed3ed6b818e91ac249cbfbb1fb14c96f19117c3
4320d78c549884fe858d0985285c94e70ac95e66ac557e8043514247c23feb0c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4320D78C549884FE858D0985285C94E70AC95E66AC557E8043514247C23FEB0C"
Last-Modified: Fri, 13 Sep 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6157
Expires: Sun, 15 Sep 2024 15:06:53 GMT
Date: Sun, 15 Sep 2024 13:24:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
cbe3df23d7a1a604654e06ccca10ab85
907419e4690cac7c3af83a771260ec3dd8118bf3
a50cd1c21ca6fcd7b91806cc79bb4669602f2ed234d5722704df5959affecad0

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A50CD1C21CA6FCD7B91806CC79BB4669602F2ED234D5722704DF5959AFFECAD0"
Last-Modified: Sun, 15 Sep 2024 00:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11127
Expires: Sun, 15 Sep 2024 16:29:43 GMT
Date: Sun, 15 Sep 2024 13:24:16 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
050718ab9dc2838d2e9024055cb41483
6e55983a400fc690d87e12582f4fa8553e7b95c6
d86c86521d6dffa0ae29cccbe08a53af825337b4d0e308884bf33122ee11e415

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D86C86521D6DFFA0AE29CCCBE08A53AF825337B4D0E308884BF33122EE11E415"
Last-Modified: Sun, 15 Sep 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14331
Expires: Sun, 15 Sep 2024 17:23:07 GMT
Date: Sun, 15 Sep 2024 13:24:16 GMT
Connection: keep-alive

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
4aaf920b0e024bb35ff50b9458452740
866f603aeb95a602d2c1571113073592fb8b02fd
f685060d4f84c492fb2299c54fa57efd051aed26f349a437b7e21a224f49935c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Sun, 15 Sep 2024 13:24:16 GMT
Server: ECAcc (amb/6B38)
X-Cache: Miss from cloudfront
Via: 1.1 0c35b89cb607eddb1b7cc5d6ada865d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: VIU0c-XFYLhacOuDQsyoxzSw0LYZDGzP8WnBBcLyKCP4da5JOjlsFw==

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
14f167e71d8f49f0b7b3456f7e0d1139
c71676c9b8d66326a877780f7ef66512f362f623
658fa4c02b7173a1edd360b308d5a7c4b2e368c43a45ba39463a13776a20628c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "658FA4C02B7173A1EDD360B308D5A7C4B2E368C43A45BA39463A13776A20628C"
Last-Modified: Sun, 15 Sep 2024 02:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2700
Expires: Sun, 15 Sep 2024 14:09:17 GMT
Date: Sun, 15 Sep 2024 13:24:17 GMT
Connection: keep-alive

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
4aaf920b0e024bb35ff50b9458452740
866f603aeb95a602d2c1571113073592fb8b02fd
f685060d4f84c492fb2299c54fa57efd051aed26f349a437b7e21a224f49935c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Sun, 15 Sep 2024 13:24:17 GMT
Server: ECAcc (amb/6AFD)
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ENFZQOdckHgmRbYtXXS18niDRbInxw9XqThTumtrfMXd2Gbl3bMOag==

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ca723553e74ec93d39dd2f922b78cd33
19488770f771507f7cc656302076d90be4453b52
7868b9d67d4d3aa59f3cfae358b4252f060290eee91b140396c820b9387af260

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7868B9D67D4D3AA59F3CFAE358B4252F060290EEE91B140396C820B9387AF260"
Last-Modified: Sun, 15 Sep 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11936
Expires: Sun, 15 Sep 2024 16:43:15 GMT
Date: Sun, 15 Sep 2024 13:24:19 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ca723553e74ec93d39dd2f922b78cd33
19488770f771507f7cc656302076d90be4453b52
7868b9d67d4d3aa59f3cfae358b4252f060290eee91b140396c820b9387af260

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7868B9D67D4D3AA59F3CFAE358B4252F060290EEE91B140396C820B9387AF260"
Last-Modified: Sun, 15 Sep 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11936
Expires: Sun, 15 Sep 2024 16:43:15 GMT
Date: Sun, 15 Sep 2024 13:24:19 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.57

504 B

URL
r11.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
ca723553e74ec93d39dd2f922b78cd33
19488770f771507f7cc656302076d90be4453b52
7868b9d67d4d3aa59f3cfae358b4252f060290eee91b140396c820b9387af260

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7868B9D67D4D3AA59F3CFAE358B4252F060290EEE91B140396C820B9387AF260"
Last-Modified: Sun, 15 Sep 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11936
Expires: Sun, 15 Sep 2024 16:43:15 GMT
Date: Sun, 15 Sep 2024 13:24:19 GMT
Connection: keep-alive

main.d1rqan5j5td705.amplifyapp.com/otp3.html

54.240.174.7

200 OK

232 kB

URL User Request GET HTTP/2
main.d1rqan5j5td705.amplifyapp.com/otp3.html
IP
54.240.174.7:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subject*.d1rqan5j5td705.amplifyapp.com
Fingerprint3E:93:DA:59:4C:C1:F7:63:57:57:B9:1F:CC:77:99:DB:35:DA:53:FC
ValidityMon, 04 Mar 2024 00:00:00 GMT - Thu, 03 Apr 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (63938)
Size
232 kB (231951 bytes)
Hash
449704cb33bd46c4976df742fb186dd9
2e6f6e4f70f81c382292ae1b2243bd84badfdfe8
2cce72cca5f79336495062dcdfc9fe18167d12b62e6064fba7fc084e7eebb41e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	PayPal Inc.

HTTP Headers

GET /otp3.html HTTP/1.1
Host: main.d1rqan5j5td705.amplifyapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
date: Sun, 15 Sep 2024 13:24:17 GMT
server: AmazonS3
etag: W/"449704cb33bd46c4976df742fb186dd9"
last-modified: Tue, 05 Mar 2024 07:13:42 GMT
cache-control: public, max-age=0, s-maxage=2
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: CMGhKHVUkIBbuaBmNO2Y34dp9HAAEeSc_3pWBjwtVynBa2NcryUjgw==
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN