amazon-support-qafj.update-information.su
Open in
urlscan Pro
93.157.63.171
Malicious Activity!
Public Scan
Effective URL: https://amazon-support-qafj.update-information.su/login/verification/
Submission: On January 27 via manual from GB
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on January 26th 2020. Valid for: 3 months.
This is the only time amazon-support-qafj.update-information.su was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 192.254.187.133 192.254.187.133 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
4 7 | 93.157.63.171 93.157.63.171 | 43350 (NFORCE) (NFORCE) | |
11 | 13.35.250.160 13.35.250.160 | 16509 (AMAZON-02) (AMAZON-02) | |
5 | 50.19.130.19 50.19.130.19 | 14618 (AMAZON-AES) (AMAZON-AES) | |
19 | 3 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
acceleratedwebbusiness.club |
ASN43350 (NFORCE, NL)
PTR: bestwwin.com
amazon-support-qafj.update-information.su |
ASN16509 (AMAZON-02, US)
PTR: server-13-35-250-160.fra6.r.cloudfront.net
images-na.ssl-images-amazon.com | |
m.media-amazon.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-50-19-130-19.compute-1.amazonaws.com
fls-na.amazon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
ssl-images-amazon.com
images-na.ssl-images-amazon.com |
276 KB |
7 |
update-information.su
4 redirects
amazon-support-qafj.update-information.su |
69 KB |
5 |
amazon.com
fls-na.amazon.com |
777 B |
2 |
media-amazon.com
m.media-amazon.com |
28 KB |
1 |
acceleratedwebbusiness.club
1 redirects
acceleratedwebbusiness.club |
190 B |
19 | 5 |
Domain | Requested by | |
---|---|---|
9 | images-na.ssl-images-amazon.com |
amazon-support-qafj.update-information.su
|
7 | amazon-support-qafj.update-information.su | 4 redirects |
5 | fls-na.amazon.com |
amazon-support-qafj.update-information.su
images-na.ssl-images-amazon.com |
2 | m.media-amazon.com |
amazon-support-qafj.update-information.su
|
1 | acceleratedwebbusiness.club | 1 redirects |
19 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.update-information.su Let's Encrypt Authority X3 |
2020-01-26 - 2020-04-25 |
3 months | crt.sh |
Images-na.ssl-images-amazon.com DigiCert Global CA G2 |
2019-05-02 - 2020-04-23 |
a year | crt.sh |
fls-na.amazon.com Amazon |
2019-12-30 - 2020-11-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://amazon-support-qafj.update-information.su/login/verification/
Frame ID: BEB057590F05AF65934DD738C4B4D777
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://acceleratedwebbusiness.club/newsletter-NfyXSv2bP/?rewrite=redirect/602eed5f0e38cbd6e0797bf5ffb56693-id-3...
HTTP 302
https://amazon-support-qafj.update-information.su/?cl=craig.colclough@platform.co.uk HTTP 301
https://amazon-support-qafj.update-information.su/login/ HTTP 301
https://amazon-support-qafj.update-information.su/login/verification/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://acceleratedwebbusiness.club/newsletter-NfyXSv2bP/?rewrite=redirect/602eed5f0e38cbd6e0797bf5ffb56693-id-3LIfYng-to-amzn-account
HTTP 302
https://amazon-support-qafj.update-information.su/?cl=craig.colclough@platform.co.uk HTTP 301
https://amazon-support-qafj.update-information.su/login/ HTTP 301
https://amazon-support-qafj.update-information.su/login/verification/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- https://amazon-support-qafj.update-information.su/ap/uedata?ld&v=0.202502.0&id=XPQB09PFK58WMG2SAPHM&sw=1600&sh=1200&vw=1600&vh=1200&m=1&sc=XPQB09PFK58WMG2SAPHM&ue=19&bb=176&be=224&pc=581&tc=-5610&na_=-5610&ul_=-1580117483613&_ul=-1580117483613&rd_=-1580117483613&_rd=-1580117483613&fe_=-105&lk_=-105&_lk=-105&co_=-105&_co=-105&sc_=-1580117483613&rq_=-105&rs_=-4&_rs=42&dl_=-2&di_=225&de_=225&_de=225&_dc=581&ld_=581&_ld=-1580117483613&ntd=-1&ty=0&rc=0&hob=18&hoe=19&ld=582&t=1580117484195&ctb=1&rt=__ld:10-5-3-1-3-0-1&csmtags=aui|aui:aui_build_date:3.18.15-2018-12-04|aui:aui_build_date:3.18.5-2018-04-12|fls-na&viz=visible:19&pty=AuthenticationPortal&spty=ForgotPwdApp:ForgotPwdChallengePage&pti=undefined&tid=XPQB09PFK58WMG2SAPHM&aftb=1 HTTP 301
- https://amazon-support-qafj.update-information.su/login/verification/
- https://amazon-support-qafj.update-information.su/ap/uedata?at&v=0.202502.0&id=XPQB09PFK58WMG2SAPHM&m=1&sc=adblk_no&pc=626&at=626&t=1580117484239&csmtags=adblk_no&pty=AuthenticationPortal&spty=ForgotPwdApp:ForgotPwdChallengePage&pti=undefined&tid=XPQB09PFK58WMG2SAPHM&aftb=1 HTTP 301
- https://amazon-support-qafj.update-information.su/login/verification/
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
amazon-support-qafj.update-information.su/login/verification/ Redirect Chain
|
51 KB 51 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
61Brdu0o6LL._RC%7C11Fd9tJOdtL.css,21y5jWQoUML.css,31Q3id-QR0L.css,31P8A7PnBZL.css_.css
images-na.ssl-images-amazon.com/images/I/ |
137 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
01SdjaY0ZsL._RC%7C41D-iasvQCL.css,21EmREG-NIL.css_.css
images-na.ssl-images-amazon.com/images/I/ |
34 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11BFk7eGdOL.css
images-na.ssl-images-amazon.com/images/I/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ATVPDKIKX0DER:131-9332265-7126935:XPQB09PFK58WMG2SAPHM$uedata=s:%2Fap%2Fuedata%3Fstaticb%26id%3DXPQB09PFK58WMG2SAPHM:0
fls-na.amazon.com/1/batch/1/OP/ |
43 B 149 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fwcim._CB460999895_.js
images-na.ssl-images-amazon.com/images/G/01/x-locale/common/login/ |
406 KB 115 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
61o5HuBKUHL._RC%7C11IYhapguOL.js,61gNSqUmJPL.js,31fv8bqHLoL.js,31f4+QIEeqL.js,01N6xzIJxbL.js,51ac7ZDYV+L.js,01rpauTep4L.js,31JzIBuTmgL.js,61lz4OyN3AL.js,01KsMxlPtzL.js_.js
images-na.ssl-images-amazon.com/images/I/ |
315 KB 98 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
21SVD3V6NFL._RC%7C21ZhT+enYQL.js,212UAvKLpCL.js,31GD6F9NBYL.js,219MTuM4twL.js,01ITjFttdBL.js,514kf3PkAaL.js_.js
images-na.ssl-images-amazon.com/images/I/ |
75 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
01moEMrtu9L.js
images-na.ssl-images-amazon.com/images/I/ |
518 B 892 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
21Y1It8TRGL.js
images-na.ssl-images-amazon.com/images/I/ |
8 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png
m.media-amazon.com/images/G/01/AUIClients/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
amazon-support-qafj.update-information.su/login/verification/ Redirect Chain
|
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ATVPDKIKX0DER:131-9332265-7126935:XPQB09PFK58WMG2SAPHM$uedata=s:%2Fap%2Fuedata%3Fld%26v%3D0.202502.0%26id%3DXPQB09PFK58WMG2SAPHM%26sw%3D1600%26sh%3D1200%26vw%3D1600%26vh%3D1200%26m%3D1%26sc%3DXPQB0...
fls-na.amazon.com/1/batch/1/OP/ |
43 B 149 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ClientSideMetricsAUIJavascript@jserrorsForester.d727867491aa5bec2e4c2e1e85bf6315beaae6ce._V2_.js
images-na.ssl-images-amazon.com/images/G/01/AUIClients/ |
9 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
showads.v2.js
m.media-amazon.com/images/G/01/csm/ |
23 B 459 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
amazon-support-qafj.update-information.su/login/verification/ Redirect Chain
|
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ATVPDKIKX0DER:131-9332265-7126935:XPQB09PFK58WMG2SAPHM$uedata=s:%2Fap%2Fuedata%3Fat%26v%3D0.202502.0%26id%3DXPQB09PFK58WMG2SAPHM%26m%3D1%26sc%3Dadblk_no%26pc%3D626%26at%3D626%26t%3D1580117484239%26...
fls-na.amazon.com/1/batch/1/OP/ |
43 B 149 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
fls-na.amazon.com/1/batch/1/OE/ |
0 165 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
fls-na.amazon.com/1/batch/1/OE/ |
0 165 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)63 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate number| ue_t0 object| ue_csm number| ue_hob string| ue_err_chan string| ue_id string| ue_url number| ue_navtiming string| ue_mid string| ue_sid string| ue_sn string| ue_furl string| ue_surl number| ue_int number| ue_fcsn number| ue_urt string| ue_rpl_ns number| ue_ddq string| ue_fpf number| ue_rsc number| ue_mcimp number| ue_sbuimp number| ue_swi number| ue_hoe function| ue_viz number| ue_ihb object| ue function| ueLogError object| ue_err number| ueinit function| uei function| ueh function| ues function| uet function| uex function| onLd function| onLdEnd function| onUl function| onstop number| aPageStart number| ue_cmi number| ue_ihe object| ue_cel_stub object| ue_mcm_stub object| amzn boolean| __fwcimLoaded object| fwcim boolean| __fwcimShimProfileReady object| ue_mbl string| ue_pty string| ue_spty number| ue_adb number| ue_adb_rtla number| ue_ibe function| _uess number| ue_fadb function| ue_isAdb object| ue_utils number| ue_unrt object| jQuery16408990366535048939 boolean| loginWithOTPState number| ue_adb_chk5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
amazon-support-qafj.update-information.su/ | Name: csm-hit Value: tb:s-XPQB09PFK58WMG2SAPHM|1580117483788&t:1580117483789 |
|
.update-information.su/ | Name: AmazonSession Value: 64eadd892ffc6bc9e4e6a55462cd0804 |
|
amazon-support-qafj.update-information.su/ | Name: AmazonSession Value: 64eadd892ffc6bc9e4e6a55462cd0804 |
|
amazon-support-qafj.update-information.su/login | Name: AmazonSession Value: 64eadd892ffc6bc9e4e6a55462cd0804 |
|
amazon-support-qafj.update-information.su/login/verification | Name: AmazonSession Value: 64eadd892ffc6bc9e4e6a55462cd0804 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
acceleratedwebbusiness.club
amazon-support-qafj.update-information.su
fls-na.amazon.com
images-na.ssl-images-amazon.com
m.media-amazon.com
13.35.250.160
192.254.187.133
50.19.130.19
93.157.63.171
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
622bf70175e727e8cbbf3aeafa912d79bee75e37604a762af1e1d576c7f2032a
7ed2858e4ebabf29b07626268f1a96076227b8c900f4742c102c853d0e920f9f
88ea58255d4cd82340f7acaabe0e6a99f195a4dc2ca6ef56ec503d03b331bee5
8f5eefd5526868259a942d9a1c2d496f1096b2ebff85c516884dffe8a9717104
8ff52030ae312e1688bd111f80d21dc533e457cdefd9cdf07722ec9f51de79bb
9120b41bc0973f437a2e06805abbbfcd26662850c1f8c6a2c39fba160943e75d
945a4ab2444c1647867d380a27d5e8783cc00cba6f9ab9e811296160bd1b8537
a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce
a3dac25714c6c54715d8b03bd0ddaf24b940774270184e800a39f3f9b5c5696c
ac6c8a640f5b8fea68c8aeaaad4e145c8261be36ba09df844e4121fb69e90cc7
b2cc97c937b2669ac42786fb13c686bf7f24222ad042f0cee1764024d251c4d4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f42d0723aedbb792aa92cfd7fb1d92ede64d89c87c5b91f8c8a1fbc44125e51c