www.syntaxlife.com
Open in
urlscan Pro
172.104.198.117
Malicious Activity!
Public Scan
Effective URL: https://www.syntaxlife.com/nachrichten-sys/?sub1=4c0f203bc33b40808f960d9003f3647d&sub2=younes&txid=3518&utm_campaign=Sep_19...
Submission: On October 22 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on August 30th 2021. Valid for: 3 months.
This is the only time www.syntaxlife.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Lion's Den Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.71.90.239 54.71.90.239 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 52.186.31.137 52.186.31.137 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
15 | 172.104.198.117 172.104.198.117 | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
15 | 1 |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-71-90-239.us-west-2.compute.amazonaws.com
clt1380100.bmetrack.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.lightutil.com |
ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1798-117.members.linode.com
www.syntaxlife.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
syntaxlife.com
www.syntaxlife.com |
644 KB |
1 |
lightutil.com
1 redirects
www.lightutil.com |
662 B |
1 |
bmetrack.com
1 redirects
clt1380100.bmetrack.com |
588 B |
15 | 3 |
Domain | Requested by | |
---|---|---|
15 | www.syntaxlife.com |
www.syntaxlife.com
|
1 | www.lightutil.com | 1 redirects |
1 | clt1380100.bmetrack.com | 1 redirects |
15 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.vbpol29.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
syntaxlife.com R3 |
2021-08-30 - 2021-11-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.syntaxlife.com/nachrichten-sys/?sub1=4c0f203bc33b40808f960d9003f3647d&sub2=younes&txid=3518&utm_campaign=Sep_19_2021_Email&utm_medium=email&utm_source=BenchmarkEmail
Frame ID: 75BB2C9AC9FCCBBA72D39C29EBC2B2D0
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
BTC NachrichtenPage URL History Show full URLs
-
https://clt1380100.bmetrack.com/c/l?u=CD4D4B8&e=1314768&c=150F04&t=1&l=6A7075ED&email=S9vQaWNBRhNyrdNZltwlLn...
HTTP 302
https://www.lightutil.com/6NP2CC7/QTXT8SN/?creative_id=65213&sub1=younes&utm_source=BenchmarkEmail&utm... HTTP 302
https://www.syntaxlife.com/nachrichten-sys/?sub1=4c0f203bc33b40808f960d9003f3647d&sub2=younes&txid=3518... Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://clt1380100.bmetrack.com/c/l?u=CD4D4B8&e=1314768&c=150F04&t=1&l=6A7075ED&email=S9vQaWNBRhNyrdNZltwlLnnlkRjLUbPe&seq=1
HTTP 302
https://www.lightutil.com/6NP2CC7/QTXT8SN/?creative_id=65213&sub1=younes&utm_source=BenchmarkEmail&utm_campaign=Sep_19_2021_Email&utm_medium=email HTTP 302
https://www.syntaxlife.com/nachrichten-sys/?sub1=4c0f203bc33b40808f960d9003f3647d&sub2=younes&txid=3518&utm_campaign=Sep_19_2021_Email&utm_medium=email&utm_source=BenchmarkEmail Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
www.syntaxlife.com/nachrichten-sys/ Redirect Chain
|
20 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.syntaxlife.com/nachrichten-sys/css/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btcnews.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
23 KB 23 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1header-right.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
22 KB 22 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hd-hero1.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
118 KB 118 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2018-03-28_12.06.48.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
188 KB 189 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
carsten-maschmeyer-und-judith-williams.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
71 KB 71 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ccccc.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
138 KB 138 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof1.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof2.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof3.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof4.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof5.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
184dc9ab-6565-4fbf-a6a5-27cb70a870e3.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
62 KB 62 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
www.syntaxlife.com/netdna.bootstrapcdn.com/font-awesome/4.7.0/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Lion's Den Scam (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster object| dayNames object| monthNames object| now3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.bmetrack.com/ | Name: ASP.NET_SessionId Value: 2h2zrelqcw5os5e3becaeofx |
|
clt1380100.bmetrack.com/ | Name: sourcetracking Value: sourceid=0&phrase=%2fc%2fl%3fu%3dCD4D4B8%26e%3d1314768%26c%3d150F04%26t%3d1%26l%3d6A7075ED%26email%3dS9vQaWNBRhNyrdNZltwlLnnlkRjLUbPe%26seq%3d1&refurl=&searchphrase=u%3dCD4D4B8%26e%3d1314768%26c%3d150F04%26t%3d1%26l%3d6A7075ED%26email%3dS9vQaWNBRhNyrdNZltwlLnnlkRjLUbPe%26seq%3d1 |
|
www.syntaxlife.com/ | Name: PHPSESSID Value: eda1ce9c583b26dd5c2a13abcf5fcf65 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
clt1380100.bmetrack.com
www.lightutil.com
www.syntaxlife.com
172.104.198.117
52.186.31.137
54.71.90.239
122dd532737cf3aceb8cf02a967ab236b9bef64f064aa0146ec2161b4a6d7128
1707346b93ea4f91be70ba1d144c800813af2ef6d7bf2a9785665d2e9764b4c8
31899c4c4724ff2e88ecaa889871452a3e754145119737ee0b050ec16d54e3ad
44d22dd34c6e3f0c9253be6aa002e79f353981ba21ec8b5f92c1a82923d65908
4f51b53dba3c024c6ddb381aa17367a54be11c30b3a9411d9b0691aa3493882e
5e4a39e9f9298e25b326bd92f08b9cca6b15f0d617677c8ef2a6a3c037a8a0a1
6ef18c874e412f0827a0830ddf7f9f6ace52e3ba01e85dfb0de890601d085b30
70d81524ff46cf40ab5b8dafa8597489819bed792aeffde58837e55b99013464
957b235c804a6133fde0ec58b633ebb46ef644ab03806227741694f505db5cf5
c155aa91c885690a76b7980782929e024d0a9c1c0eb718467f1984b190e91e39
df99f7229bbfb0bdf5ed771fca5acc2fcbe96e41429bc2b2451f238c42d3f948
ee5e2c83fa518ac7ee8437ee4078aee78042f9adef2b5a26c89b189daff31cd9
f5653349d4d9eade79c3484fc521672332ffba22afbf1022e80ecb56973814c4
f6894acedc5915b51c9f1857f0da8ea062475edaff3b391b7cd7ffdf7115ad91