amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com
Open in
urlscan Pro
162.241.194.52
Malicious Activity!
Public Scan
Submitted URL: http://mwt.org.np/redirect-new.php
Effective URL: https://amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/signin.php?country=NL-Netherlands&lang=en
Submission: On March 18 via manual from JP
Effective URL: https://amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/signin.php?country=NL-Netherlands&lang=en
Submission: On March 18 via manual from JP
Summary
This website contacted 2 IPs
in 2 countries
across 2 domains to perform 21 HTTP transactions.
The main IP is 162.241.194.52, located in
Provo, United States and
belongs to UNIFIEDLAYER-AS-1, US.
The main domain is amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 18th 2020. Valid for: 3 months.
This is the only time amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on March 18th 2020. Valid for: 3 months.
This is the only time amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon Japan (Online) Amazon (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 148.251.213.222 148.251.213.222 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 4 24 | 162.241.194.52 162.241.194.52 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
| 21 | 2 |
24
162.241.194.52
(Provo, United States)
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: gator4306.hostgator.com
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: gator4306.hostgator.com
| amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 24 |
arfatechnologies.com
4 redirects
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com |
135 KB |
| 1 |
mwt.org.np
mwt.org.np |
675 B |
| 21 | 2 |
| Domain | Requested by | |
|---|---|---|
| 24 | amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com |
4 redirects
mwt.org.np
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com |
| 1 | mwt.org.np | |
| 21 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com Let's Encrypt Authority X3 |
2020-03-18 - 2020-06-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/signin.php?country=NL-Netherlands&lang=en
Frame ID: 15949B731068CA1DBDDF60EF8504E965
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://mwt.org.np/redirect-new.php Page URL
-
https://amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app
HTTP 301
https://amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/ HTTP 302
https://amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467 HTTP 301
https://amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/ HTTP 302
https://amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/signin.php?country=NL-Netherlands&la... Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- url /\.php(?:$|\?)/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://mwt.org.np/redirect-new.php Page URL
-
https://amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app
HTTP 301
https://amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/ HTTP 302
https://amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467 HTTP 301
https://amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/ HTTP 302
https://amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/signin.php?country=NL-Netherlands&lang=en Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
redirect-new.php
mwt.org.np/ |
419 B 675 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
signin.php
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/ Redirect Chain
|
10 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.min.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/library/bootstrap/css/ |
141 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
index.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/sheets/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ACoJP.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/css/login/ |
164 B 125 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AAigx.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/css/login/ |
116 B 112 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AbIwx.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/css/login/ |
375 B 270 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sUxIE.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/css/login/ |
145 B 122 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ABCgx.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/css/login/ |
319 B 172 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jOErH.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/css/login/ |
116 B 112 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
YinSi.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/css/login/ |
1 KB 526 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
aOIgx.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/css/login/ |
319 B 181 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
SciJM.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/css/login/ |
394 B 210 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
LiYon.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/css/login/ |
116 B 116 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
QiYue.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/css/login/ |
232 B 154 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
BangZ.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/css/login/ |
116 B 111 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
VlRqo.css
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/css/login/ |
1 KB 429 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.min.js
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/library/jquery/ |
95 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.min.js
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/library/pooper/ |
19 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.min.js
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/library/bootstrap/js/ |
48 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
amazonui.png
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com/go/app/f8a26bb636decd3a1cb482a444dad467/assets/img/ |
26 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon Japan (Online) Amazon (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| Popper object| bootstrap object| jQuery1122077151232139394720 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
amazon.co.jp.accounnt-updatepasskeyid1sh3.arfatechnologies.com
mwt.org.np
148.251.213.222
162.241.194.52
097c34db29781788f3fdb4ea861c9ac94ee7765dc89322ef09bca6e630b51c2b
0a4cb3d5e4bd0b33e3dd2c25b5b4bf027a8d6dfeb52ac51127ebd09119cd64de
150adadad66c6bee955f3090ff1ab539f5258d90e3bf1bfc1065443ab6c40ca9
1a650764ad81be01cd55b9fe213cf5bd668c91b4ce7e33b9fc45e800bf6840a4
28cc19341bff852191c04f65b0dacc81094fc6eec3cb21dba2ba98b055fda2de
2b2ad05702a1822c7b91c9a84975e22ba7f979e7c311975749beb9e417937b42
39027de76620700d412112622d93db95fb3d88b414997abd025514ff6e923095
3eb91e63305e00cdac4eb483c1f6c17d815d02d337a4779071deef5e40b92f95
533a308b3d1fcaff74127d530355f5b802462ed05500d779f3bef2467fa5a9f8
6549a77d804ef5bc859fbada07dfded3e4c8ccec4c4ec3c5c1869515ebf1ef2b
7b22fb5bc6331a3b0bd473df4ba39261add4df4da4ab9ca937dd501489b6e095
8b0107d2d86b4230245431d8cd35750d1196ad19f33554a765ac491114299b41
a23ce736c61b0b15f5a593420e25340e5ccccf1411b9b41b7eebe9850c9265c0
c4b6ed2645519ec2c128badb2a2e7720052f8441ffa94c4f0bceca02311004da
c4e800273787f882d53248d00a6b2c13e2b435d51600b4f73cc4e99a973efc25
cfe55a6a86d3a777f05477f15d5d0cc75444d41e5659fdc1e02c713a30c59166
d1550d30e03f777fb25a2761e42fd8640fc2891fe3f8319524e5a0f17ede803d
d1bd77deb69a9ab961996f9c9722281eaa6530f682fd80f21ad790b54e03e4cd
e1283c0339d0393ebf45c02a0b34618f572b82eb5dbda366385498ae01413d3d
f7032edc18df9d0e332e1a15b985029a7507c65613ce71a15255e34cade206d9
fdf0a22b61d0a4e98ac01b8033ce5197f3939e8d0a034402151019c4a6c39c35