URL: https://fbplusamazon.com/
Submission: On March 23 via automatic, source certstream-suspicious

Summary

This website contacted 4 IPs in 2 countries across 2 domains to perform 5 HTTP transactions. The main IP is 104.31.75.248, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is fbplusamazon.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on March 23rd 2018. Valid for: 6 months.
This is the only time fbplusamazon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 5 104.31.75.248 13335 (CLOUDFLAR...)
2 3 104.31.74.248 13335 (CLOUDFLAR...)
1 2.16.186.96 20940 (AKAMAI-ASN1)
5 4
Apex Domain
Subdomains
Transfer
8 fbplusamazon.com
fbplusamazon.com
4 KB
1 imgaft.com
ak2.imgaft.com Failed
9 KB
5 2
Domain Requested by
8 fbplusamazon.com 6 redirects fbplusamazon.com
1 ak2.imgaft.com fbplusamazon.com
5 2

This site contains no links.

Subject Issuer Validity Valid
sni221810.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2018-03-23 -
2018-09-29
6 months crt.sh

This page contains 1 frames:

Primary Page: https://fbplusamazon.com/
Frame ID: 962BA5D3F723F806687657DFFA978CCE
Requests: 5 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://fbplusamazon.com/ HTTP 302
    https://fbplusamazon.com/UiZNM/ HTTP 302
    https://fbplusamazon.com/ HTTP 302
    https://fbplusamazon.com/URiRZ/ HTTP 302
    https://fbplusamazon.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js/i

Page Statistics

5
Requests

20 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

4
IPs

2
Countries

11 kB
Transfer

12 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://fbplusamazon.com/ HTTP 302
    https://fbplusamazon.com/UiZNM/ HTTP 302
    https://fbplusamazon.com/ HTTP 302
    https://fbplusamazon.com/URiRZ/ HTTP 302
    https://fbplusamazon.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://fbplusamazon.com/img.aspx?q=L3MkWGAkBQVmAGx5AQx0BGN1AQD5ZQLlAPHlAzpyZ3R0ZQNyZwMyWGAkWGV2ovHmpGNyZwMwWGAkZPHlAzIzWGAkZPHlAzLyZ3RyZwMyMlHmpGVjZGtjZmVmZQpjZQZlWGV2L3xyZ3RkWGV2qTpyZ3RlWGV2rPHmpFHlAz56WGAkZPHlAzMjWGAkZwZ4WGV2nT5aWGAkZFHlAaOjWGAknTLyZwMzM3NyZ3Rj-1 HTTP 302
  • http://fbplusamazon.com/PgpUT/img.aspx?q=L3MkWGAkBQVmAGx5AQx0BGN1AQD5ZQLlAPHlAzpyZ3R0ZQNyZwMyWGAkWGV2ovHmpGNyZwMwWGAkZPHlAzIzWGAkZPHlAzLyZ3RyZwMyMlHmpGVjZGtjZmVmZQpjZQZlWGV2L3xyZ3RkWGV2qTpyZ3RlWGV2rPHmpFHlAz56WGAkZPHlAzMjWGAkZwZ4WGV2nT5aWGAkZFHlAaOjWGAknTLyZwMzM3NyZ3Rj-1 HTTP 302
  • http://fbplusamazon.com/img.aspx?q=L3MkWGAkBQVmAGx5AQx0BGN1AQD5ZQLlAPHlAzpyZ3R0ZQNyZwMyWGAkWGV2ovHmpGNyZwMwWGAkZPHlAzIzWGAkZPHlAzLyZ3RyZwMyMlHmpGVjZGtjZmVmZQpjZQZlWGV2L3xyZ3RkWGV2qTpyZ3RlWGV2rPHmpFHlAz56WGAkZPHlAzMjWGAkZwZ4WGV2nT5aWGAkZFHlAaOjWGAknTLyZwMzM3NyZ3Rj-1

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
fbplusamazon.com/
Redirect Chain
  • https://fbplusamazon.com/
  • https://fbplusamazon.com/UiZNM/
  • https://fbplusamazon.com/
  • https://fbplusamazon.com/URiRZ/
  • https://fbplusamazon.com/
3 KB
2 KB
Document
General
Full URL
https://fbplusamazon.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.31.75.248 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
625eb6c362ae542a37a12385d758fd0c53b9cc85acef1d37b84f23fe5f83f74f

Request headers

:path
/
pragma
no-cache
accept-encoding
gzip, deflate
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
cache-control
no-cache
:authority
fbplusamazon.com
cookie
__cfduid=d4cc04f824ef580289bff60fd13bde1261521813630
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Mar 2018 14:00:32 GMT
content-encoding
gzip
server
cloudflare
x-aspnet-version
4.0.30319
age
0
x-powered-by
ASP.NET
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html; charset=utf-8
status
200
cache-control
no-cache
cf-ray
40016cc089672324-FRA
expires
-1

Redirect headers

pragma
no-cache
date
Fri, 23 Mar 2018 14:00:32 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
302
location
/
cache-control
no-cache
cf-ray
40016cbe988f2324-FRA
jquery2.0.3.js
ak2.imgaft.com/script/
0
0

backstretch.js
ak2.imgaft.com/script/
0
0

img.aspx
fbplusamazon.com/
Redirect Chain
  • http://fbplusamazon.com/img.aspx?q=L3MkWGAkBQVmAGx5AQx0BGN1AQD5ZQLlAPHlAzpyZ3R0ZQNyZwMyWGAkWGV2ovHmpGNyZwMwWGAkZPHlAzIzWGAkZPHlAzLyZ3RyZwMyMlHmpGVjZGtjZmVmZQpjZQZlWGV2L3xyZ3RkWGV2qTpyZ3RlWGV2rPHmpF...
  • http://fbplusamazon.com/PgpUT/img.aspx?q=L3MkWGAkBQVmAGx5AQx0BGN1AQD5ZQLlAPHlAzpyZ3R0ZQNyZwMyWGAkWGV2ovHmpGNyZwMwWGAkZPHlAzIzWGAkZPHlAzLyZ3RyZwMyMlHmpGVjZGtjZmVmZQpjZQZlWGV2L3xyZ3RkWGV2qTpyZ3RlWGV2...
  • http://fbplusamazon.com/img.aspx?q=L3MkWGAkBQVmAGx5AQx0BGN1AQD5ZQLlAPHlAzpyZ3R0ZQNyZwMyWGAkWGV2ovHmpGNyZwMwWGAkZPHlAzIzWGAkZPHlAzLyZ3RyZwMyMlHmpGVjZGtjZmVmZQpjZQZlWGV2L3xyZ3RkWGV2qTpyZ3RlWGV2rPHmpF...
43 B
353 B
Image
General
Full URL
http://fbplusamazon.com/img.aspx?q=L3MkWGAkBQVmAGx5AQx0BGN1AQD5ZQLlAPHlAzpyZ3R0ZQNyZwMyWGAkWGV2ovHmpGNyZwMwWGAkZPHlAzIzWGAkZPHlAzLyZ3RyZwMyMlHmpGVjZGtjZmVmZQpjZQZlWGV2L3xyZ3RkWGV2qTpyZ3RlWGV2rPHmpFHlAz56WGAkZPHlAzMjWGAkZwZ4WGV2nT5aWGAkZFHlAaOjWGAknTLyZwMzM3NyZ3Rj-1
Requested by
Host: fbplusamazon.com
URL: https://fbplusamazon.com/
Protocol
HTTP/1.1
Server
104.31.74.248 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Mar 2018 14:00:33 GMT
Server
cloudflare
X-AspNet-Version
4.0.30319
Age
1
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
CF-RAY
40016cc7e6672666-FRA
Expires
-1

Redirect headers

Pragma
no-cache
Date
Fri, 23 Mar 2018 14:00:33 GMT
Server
cloudflare
Transfer-Encoding
chunked
Location
/img.aspx?q=L3MkWGAkBQVmAGx5AQx0BGN1AQD5ZQLlAPHlAzpyZ3R0ZQNyZwMyWGAkWGV2ovHmpGNyZwMwWGAkZPHlAzIzWGAkZPHlAzLyZ3RyZwMyMlHmpGVjZGtjZmVmZQpjZQZlWGV2L3xyZ3RkWGV2qTpyZ3RlWGV2rPHmpFHlAz56WGAkZPHlAzMjWGAkZwZ4WGV2nT5aWGAkZFHlAaOjWGAknTLyZwMzM3NyZ3Rj-1
cache-control
no-cache
Connection
keep-alive
CF-RAY
40016cc5f59c2666-FRA
website-coming-soon-blank.png
ak2.imgaft.com/images/
8 KB
9 KB
Image
General
Full URL
http://ak2.imgaft.com/images/website-coming-soon-blank.png
Requested by
Host: fbplusamazon.com
URL: https://fbplusamazon.com/
Protocol
HTTP/1.1
Server
2.16.186.96 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-96.deploy.akamaitechnologies.com
Software
Microsoft-IIS/7.5 / ASP.NET
Resource Hash
f19db2ffeb413aceca8b2cff6a6105fb6bbc67510763db77632a9b61b9b16bcd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Response headers

Date
Fri, 23 Mar 2018 14:00:32 GMT
Last-Modified
Fri, 31 Oct 2014 22:47:42 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ASP.NET
ETag
"07be0ad5cf5cf1:0"
Content-Type
image/png
Cache-Control
max-age=3888000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8452

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ak2.imgaft.com
URL
http://ak2.imgaft.com/script/jquery2.0.3.js
Domain
ak2.imgaft.com
URL
http://ak2.imgaft.com/script/backstretch.js

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| impspacer

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ak2.imgaft.com
fbplusamazon.com
ak2.imgaft.com
104.31.74.248
104.31.75.248
2.16.186.96
625eb6c362ae542a37a12385d758fd0c53b9cc85acef1d37b84f23fe5f83f74f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
f19db2ffeb413aceca8b2cff6a6105fb6bbc67510763db77632a9b61b9b16bcd