www.identify-safe-amzn.com-restoring.com
Open in
urlscan Pro
139.99.200.206
Malicious Activity!
Public Scan
Effective URL: https://www.identify-safe-amzn.com-restoring.com/ap/signin?_encoding=UTF8&ignoreAuthState=1&openid.assoc_handle=jpflex&openid.claimed_id=http%253...
Submission: On September 03 via manual from TW
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on August 21st 2018. Valid for: 3 months.
This is the only time www.identify-safe-amzn.com-restoring.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online) Amazon Japan (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.10 67.199.248.10 | 395224 (BITLY-AS) (BITLY-AS - Bitly Inc) | |
1 1 | 38.99.250.10 38.99.250.10 | 1286 (IVAS01) (IVAS01 - Altay Corporation) | |
2 19 | 139.99.200.206 139.99.200.206 | 16276 (OVH) (OVH) | |
4 | 2600:9000:20b... 2600:9000:20bb:1a00:1d:d7f6:39c8:6281 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 2600:9000:20b... 2600:9000:20bb:9c00:1d:d7f6:39c8:6281 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 54.186.40.159 54.186.40.159 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
24 | 4 |
ASN1286 (IVAS01 - Altay Corporation, US)
PTR: server.idenityforce8.net
38.99.250.10 |
ASN16276 (OVH, FR)
PTR: 206.ip-139-99-200.eu
www.identify-safe-amzn.com-restoring.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
images-na.ssl-images-amazon.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
m.media-amazon.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-186-40-159.us-west-2.compute.amazonaws.com
fls-fe.amazon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
com-restoring.com
2 redirects
www.identify-safe-amzn.com-restoring.com |
414 KB |
4 |
ssl-images-amazon.com
images-na.ssl-images-amazon.com |
123 KB |
2 |
media-amazon.com
m.media-amazon.com |
30 KB |
1 |
amazon.com
fls-fe.amazon.com |
149 B |
1 |
bit.ly
1 redirects
bit.ly |
420 B |
24 | 5 |
Domain | Requested by | |
---|---|---|
19 | www.identify-safe-amzn.com-restoring.com |
2 redirects
www.identify-safe-amzn.com-restoring.com
|
4 | images-na.ssl-images-amazon.com |
www.identify-safe-amzn.com-restoring.com
|
2 | m.media-amazon.com |
www.identify-safe-amzn.com-restoring.com
|
1 | fls-fe.amazon.com | |
1 | bit.ly | 1 redirects |
24 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.amazon.co.jp |
Subject Issuer | Validity | Valid | |
---|---|---|---|
identify-safe-amzn.com-restoring.com Let's Encrypt Authority X3 |
2018-08-21 - 2018-11-19 |
3 months | crt.sh |
Images-na.ssl-images-amazon.com DigiCert Global CA G2 |
2018-05-30 - 2019-07-19 |
a year | crt.sh |
fls-fe.amazon.com Amazon |
2018-05-10 - 2019-05-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.identify-safe-amzn.com-restoring.com/ap/signin?_encoding=UTF8&ignoreAuthState=1&openid.assoc_handle=jpflex&openid.claimed_id=http%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select&openid.identity=http%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0&openid.ns.pape=&openid.pape.max_auth_age=&openid.return_to=https%253A%252F%252Fwww.amazon.co.jp%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_ya_signin&switch_account=
Frame ID: 6365D8019F718187E546F32803821A8D
Requests: 24 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://bit.ly/2NxxGT3?jptby2
HTTP 301
http://38.99.250.10/SSL.php HTTP 302
https://www.identify-safe-amzn.com-restoring.com/?:Socket443 HTTP 302
https://www.identify-safe-amzn.com-restoring.com/ap/signin?_encoding=UTF8&ignoreAuthState=1&openid.assoc_handle=jpflex&openid... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
CentOS (Operating Systems) Expand
Detected patterns
- headers server /CentOS/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: パスワードを忘れた場合
Search URL Search Domain Scan URL
Title: その他のログインに関する問題
Search URL Search Domain Scan URL
Title: Amazonアカウントを作成
Search URL Search Domain Scan URL
Title: 利用規約
Search URL Search Domain Scan URL
Title: プライバシー規約
Search URL Search Domain Scan URL
Title: ヘルプ
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/2NxxGT3?jptby2
HTTP 301
http://38.99.250.10/SSL.php HTTP 302
https://www.identify-safe-amzn.com-restoring.com/?:Socket443 HTTP 302
https://www.identify-safe-amzn.com-restoring.com/ap/signin?_encoding=UTF8&ignoreAuthState=1&openid.assoc_handle=jpflex&openid.claimed_id=http%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select&openid.identity=http%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0&openid.ns.pape=&openid.pape.max_auth_age=&openid.return_to=https%253A%252F%252Fwww.amazon.co.jp%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_ya_signin&switch_account= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 21- https://www.identify-safe-amzn.com-restoring.com/ap/uedata?ld&v=0.200897.0&id=NC91SB8M7B9EBE79634F&m=1&sc=NC91SB8M7B9EBE79634F&ue=3&bb=673&cf=1085&pc=1632&tc=-3687&na_=-3687&ul_=-1535955128866&_ul=-1535955128866&rd_=-1535955128866&_rd=-1535955128866&fe_=-501&lk_=-501&_lk=-501&co_=-501&_co=-501&sc_=-1535955128866&rq_=-500&rs_=-98&_rs=153&dl_=-4&di_=1204&de_=1204&_de=1208&_dc=1631&ld_=1631&_ld=-1535955128866&ntd=0&ty=0&rc=0&hob=2&hoe=3&ld=1632&t=1535955130498&ctb=1&rt=cf:10-5-5-0-1-0-1__ld:21-14-5-0-3-0-1&ec=5&ecf=5&csmtags=aui|aui:aui_build_date:3.17.8.3-2018-06-19|aui:aui_build_date:3.18.5-2018-04-12&viz=visible:3&aftb=1 HTTP 302
- https://www.identify-safe-amzn.com-restoring.com/ap/signin?_encoding=UTF8&ignoreAuthState=1&openid.assoc_handle=jpflex&openid.claimed_id=http%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select&openid.identity=http%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0%252Fidentifier_select&openid.mode=checkid_setup&openid.ns=http%253A%252F%252Fspecs.openid.net%252Fauth%252F2.0&openid.ns.pape=&openid.pape.max_auth_age=&openid.return_to=https%253A%252F%252Fwww.amazon.co.jp%252F%253F_encoding%253DUTF8%2526ref_%253Dnav_ya_signin&switch_account=
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
signin
www.identify-safe-amzn.com-restoring.com/ap/ Redirect Chain
|
54 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
61By1ZwBpVL.css
www.identify-safe-amzn.com-restoring.com/resources/assets/css/signin/ |
133 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AuthenticationPortalAssets.css
www.identify-safe-amzn.com-restoring.com/resources/assets/css/signin/ |
32 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CVFAssets.css
www.identify-safe-amzn.com-restoring.com/resources/assets/css/signin/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
61tHvuwljLL.js
www.identify-safe-amzn.com-restoring.com/resources/assets/js/signin/ |
535 KB 116 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AuthenticationPortalAssets.js
www.identify-safe-amzn.com-restoring.com/resources/assets/js/signin/ |
123 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AuthenticationPortalInlineAssets.js
www.identify-safe-amzn.com-restoring.com/resources/assets/js/signin/ |
518 B 841 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CVFAssets.js
www.identify-safe-amzn.com-restoring.com/resources/assets/js/signin/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
www.identify-safe-amzn.com-restoring.com/resources/assets/js/ |
129 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
noConflict.js
www.identify-safe-amzn.com-restoring.com/resources/assets/js/ |
29 B 474 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fwcim.js
www.identify-safe-amzn.com-restoring.com/resources/assets/js/signin/ |
387 KB 110 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.creditCardValidator.js
www.identify-safe-amzn.com-restoring.com/resources/assets/js/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fileuploader.min.js
www.identify-safe-amzn.com-restoring.com/resources/assets/js/ |
27 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.js
www.identify-safe-amzn.com-restoring.com/resources/assets/js/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
www.identify-safe-amzn.com-restoring.com/resources/assets/css/ |
1 KB 953 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fileuploader.css
www.identify-safe-amzn.com-restoring.com/resources/assets/css/ |
16 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
61tHvuwljLL._RC%7C11IYhapguOL.js,61Z-hR1QEiL.js,31pYyxAZJRL.js,31Qll8kfk9L.js,01N6xzIJxbL.js,516fQ5+zVmL.js,01rpauTep4L.js,31JzIBuTmgL.js,61uDiYnK9wL.js,01BBu+b9t0L.js_.js
images-na.ssl-images-amazon.com/images/I/ |
313 KB 97 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
AuthenticationPortalAssets-3cbd67cb821687489829ed6a61d9e8b52e65d2e3._V2_.js
images-na.ssl-images-amazon.com/images/G/01/AUIClients/ |
75 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
AuthenticationPortalInlineAssets-662783336058590306af126b0eeae5125982f026._V2_.js
images-na.ssl-images-amazon.com/images/G/01/AUIClients/ |
518 B 798 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
CVFAssets-53acd8e88d87f09d7e0bebd849f2fa4b112e99c7._V2_.js
images-na.ssl-images-amazon.com/images/G/01/AUIClients/ |
8 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
AmazonUIBaseCSS-sprite_jp_1x-f8582354fc42b464ef5eb709dd98f9371d3eafea._V2_.png
m.media-amazon.com/images/G/01/AUIClients/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
AmazonUIBaseCSS-sprite_1x-28bd59af93d9b1c745bb0aca4de58763b54df7cf._V2_.png
m.media-amazon.com/images/G/01/AUIClients/ |
26 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signin
www.identify-safe-amzn.com-restoring.com/ap/ Redirect Chain
|
54 KB 54 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
A1VC38T7YXB528:358-1630713-1646539:NC91SB8M7B9EBE79634F$uedata=s:%2Fap%2Fuedata%3Fld%26v%3D0.200897.0%26id%3DNC91SB8M7B9EBE79634F%26m%3D1%26sc%3DNC91SB8M7B9EBE79634F%26ue%3D3%26bb%3D673%26cf%3D1085...
fls-fe.amazon.com/1/batch/1/OP/ |
43 B 149 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online) Amazon Japan (Online)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
number| ue_t0 object| ue_csm number| ue_hob string| ue_err_chan string| ue_id string| ue_url number| ue_navtiming string| ue_mid string| ue_sid string| ue_sn string| ue_furl string| ue_surl number| ue_fcsn number| ue_urt string| ue_rpl_ns string| ue_fpf number| ue_swi function| ue_viz number| ue_hoe object| ue function| ueLogError object| ue_err number| ueinit function| uei function| ueh function| ues function| uet function| uex function| onLd function| onLdEnd function| onUl function| onstop number| aPageStart function| $ function| jQuery object| Scamazon object| amzn function| cf object| jQuery16409151136516620544 boolean| loginWithOTPState boolean| __fwcimLoaded object| fwcim boolean| __fwcimShimProfileReady function| go_to_hell function| checkValue1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.identify-safe-amzn.com-restoring.com/ | Name: csm-hit Value: s-NC91SB8M7B9EBE79634F|1535955129539 |
11 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bit.ly
fls-fe.amazon.com
images-na.ssl-images-amazon.com
m.media-amazon.com
www.identify-safe-amzn.com-restoring.com
139.99.200.206
2600:9000:20bb:1a00:1d:d7f6:39c8:6281
2600:9000:20bb:9c00:1d:d7f6:39c8:6281
38.99.250.10
54.186.40.159
67.199.248.10
2222775a0ca3087714816bbc5d9a307ecfd9416b60a352e7c7783f4f77b51171
5508aa6933812c0953f62341f772884a15e50a222f6bcd2bf1a9b7247b1f85df
5850acb2d3fe19212922138b6585625119d56c2bbc25a58e75b3c7fe9f5a2620
61fb9cb6d66cca3f549daf004fdb10cf72389a3cfbfd84f232f66ee1cee5be31
7b20088140e577973c04a505f675c43721ac649c3c99f4462c0f40d8728fb2dd
9e015258a21b9541b1a20cda62f0a00e07cef86efb5923c2d7d9418109e46795
a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce
a3b846d3c224f7d3cab0015a83152a15447aa9bae4470c1ca7f291b3a7a58dad
a42678108ab8aaf2c3b7ec7cfeae91a0c30eece042685e8fde416d980dd7ac6e
a4368678d716a7f4e296a6091a9772fcfca408bf8ecc6bbd0a8ff1393fc87e17
a515dcb414d0c44f70cbdc70eb4eceae128f82667a9d143731e3b4f608f3f483
ac6c8a640f5b8fea68c8aeaaad4e145c8261be36ba09df844e4121fb69e90cc7
b942fd1c45ab231e835bddbaadf6551202a2c3fc953c9419912d030439dac73a
bef5c7809f549d3550b2a54a3ff284cd1c72a0d19b4d5bf40df967336f9072cd
c5f8fcc96153880f57cb501646dca91ab644f972b43a851e3b087ce4339e5079
d5d721e98ba7a207ad3e0f2422170c7cdef2c02c50951096c11a3870ac7d4824
d7f0c84a144723f16e3e284bc646810e7007f552e7444e8138ce54f616f9975b
d9f499dc2e4755aea39befdb10b097560b67bda2d1788d14a68b793ed0f8477e
e1283c0339d0393ebf45c02a0b34618f572b82eb5dbda366385498ae01413d3d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e605618a086fe7d6a8cf916fccd3201cb0fcad05d88b507a14afbbd32252a7cf
fc31430fa39ca1617e3956628fdd8f8da18f10a2e0b78e95e973a79f32fa0dbe