amazon.co.jp.z18b.cn
Open in
urlscan Pro
112.175.150.41
Malicious Activity!
Public Scan
Effective URL: https://amazon.co.jp.z18b.cn/indedni.php
Submission Tags: phishing
Submission: On July 31 via api from JP
Summary
TLS certificate: Issued by TrustAsia TLS RSA CA on July 31st 2020. Valid for: a year.
This is the only time amazon.co.jp.z18b.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon Japan (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 112.175.150.41 112.175.150.41 | 4766 (KIXS-AS-K...) (KIXS-AS-KR Korea Telecom) | |
9 | 112.175.150.34 112.175.150.34 | 4766 (KIXS-AS-K...) (KIXS-AS-KR Korea Telecom) | |
1 | 183.131.168.119 183.131.168.119 | 4134 (CHINANET-...) (CHINANET-BACKBONE No.31) | |
12 | 3 |
ASN4134 (CHINANET-BACKBONE No.31,Jin-rong Street, CN)
images-cn.ssl-images-amazon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
googlecdn.xyz
googlecdn.xyz |
139 KB |
2 |
z18b.cn
amazon.co.jp.z18b.cn |
1 KB |
1 |
ssl-images-amazon.com
images-cn.ssl-images-amazon.com |
61 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
9 | googlecdn.xyz |
amazon.co.jp.z18b.cn
|
2 | amazon.co.jp.z18b.cn |
amazon.co.jp.z18b.cn
|
1 | images-cn.ssl-images-amazon.com | |
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
amazon.co.jp.z18b.cn TrustAsia TLS RSA CA |
2020-07-31 - 2021-07-31 |
a year | crt.sh |
googlecdn.xyz TrustAsia TLS RSA CA |
2020-07-27 - 2021-07-27 |
a year | crt.sh |
images-cn-8.ssl-images-amazon.com DigiCert SHA2 High Assurance Server CA |
2020-06-24 - 2022-06-29 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://amazon.co.jp.z18b.cn/indedni.php
Frame ID: 8AA5E9F869EE3D8B2499D53EF3E7D4E8
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://amazon.co.jp.z18b.cn/main.html Page URL
- https://amazon.co.jp.z18b.cn/indedni.php Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://amazon.co.jp.z18b.cn/main.html Page URL
- https://amazon.co.jp.z18b.cn/indedni.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
main.html
amazon.co.jp.z18b.cn/ |
278 B 399 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.gif
googlecdn.xyz/style/img/ |
16 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
indedni.php
amazon.co.jp.z18b.cn/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
610ccss.css
googlecdn.xyz/style/css/ |
136 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0101Scss.css
googlecdn.xyz/style/css/ |
51 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
110Hcss.css
googlecdn.xyz/style/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.gif
googlecdn.xyz/style/img/ |
65 KB 65 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html_login_z.php
googlecdn.xyz/ |
10 KB 3 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
21Qcss.css
googlecdn.xyz/style/css/ |
79 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
219css.css
googlecdn.xyz/style/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new-nav-sm-smile-sprite-global-1x_blueheaven._CB485919093_.png
googlecdn.xyz/style/img/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AmazonUIBaseCSS-sprite_2x-a3d92a134e6afaec4974bceac0812b73d0b635c1._V2_.png
images-cn.ssl-images-amazon.com/images/G/01/AUIClients/ |
60 KB 61 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon Japan (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| show_html_login0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
amazon.co.jp.z18b.cn
googlecdn.xyz
images-cn.ssl-images-amazon.com
112.175.150.34
112.175.150.41
183.131.168.119
02c80291ad5fa3334da6b8f80e368a0fee14a8f434ca343d2bcc6dad790b733e
1bb7c3bc2087f1cadf18906bbf1d7b52a521978c1e4cadf7cbf8094950f71cd6
532eed2055110803b669571594ddb3d454d2ae899dd655c3ca1677226008b696
8648087363e39d439fd609a8f0606b07f3e146fc08e7835b1245d7f9bf686425
a9cbb1bf76842af4b1ea189e81c51abace026240d669c9d30b409314bc0bff44
c5e829691be4103e8f645ee962bbc3de1ca51d083d147f1716fbf5d59f99c86a
c953b09e79a5ab6486e56a028133196a94186132ea14580c5c315718f7302989
d11990876191b150b342ab38b8398bd43a36c3ac491776971b79ba35051ca286
de93b975c47a5b40673b584699117e302ef4ef54e9b6b5d3d29c9827abdab217
e718ce5acfdf9334d95a7e72b19f5768d71312d653891e53e8c50a2e6a065ad8
f4c0ffb3cedc791f07074f2768189223a18a8f327ff882694f05c42aab9ce9d8