aamazon.gq
Open in
urlscan Pro
94.242.54.17
Malicious Activity!
Public Scan
Submission: On June 27 via api from US
Summary
This is the only time aamazon.gq was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Spotify (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 94.242.54.17 94.242.54.17 | 43317 (FISHNET-AS) (FISHNET-AS) | |
4 | 151.101.1.194 151.101.1.194 | 54113 (FASTLY) (FASTLY - Fastly) | |
15 | 3 |
ASN43317 (FISHNET-AS, RU)
PTR: server1.server-sz.com
aamazon.gq |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
aamazon.gq
aamazon.gq |
189 KB |
4 |
fastly.net
sp-bootstrap.global.ssl.fastly.net |
225 KB |
15 | 2 |
Domain | Requested by | |
---|---|---|
11 | aamazon.gq |
aamazon.gq
|
4 | sp-bootstrap.global.ssl.fastly.net |
aamazon.gq
|
15 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh | |
*.freetls.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2019-01-02 - 2020-01-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://aamazon.gq/
Frame ID: BD1DCA8A41A4BA8A8DE34EC60D308A84
Requests: 16 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
aamazon.gq/ |
27 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
landing.css
aamazon.gq/files/ |
63 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtm.js
aamazon.gq/files/ |
104 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
aamazon.gq/files/ |
91 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
marketing.js
aamazon.gq/files/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spotify.css
aamazon.gq/files/ |
383 KB 75 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
landingpage.css
aamazon.gq/files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
landingpage.css
aamazon.gq/files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
aamazon.gq/ |
11 KB 11 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plan-checklist.svg
aamazon.gq/i/home/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plan-checklist-free.svg
aamazon.gq/i/home/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mx.svg
sp-bootstrap.global.ssl.fastly.net/8.3.0/images/flags/ |
19 KB 8 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circular-bold.woff2
sp-bootstrap.global.ssl.fastly.net/8.3.0/fonts/ |
74 KB 74 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circular-black.woff2
sp-bootstrap.global.ssl.fastly.net/8.3.0/fonts/ |
72 KB 73 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circular-book.woff2
sp-bootstrap.global.ssl.fastly.net/8.3.0/fonts/ |
68 KB 69 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Spotify (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery object| spweb object| google_tag_manager object| dataLayer0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aamazon.gq
sp-bootstrap.global.ssl.fastly.net
151.101.1.194
94.242.54.17
27c6c010b56541288cf75fa5e8773311aadac4e60add1a00351da2664fcad6cf
2b7fe7bd06a32533cb922e67b3f2e6122e8b3401be89f6c9ad2128e30412c288
6384070e855e2ec15caefb6334ab2c4b1b9e798ce2e369cc00f0d47a41138e0d
6b2edd300c8205e0417227061860fed7fe9a77dab77c8a09bb983112b0fe970d
70c65bd0e084398a87baa298c1fafa52afff402096cb350d563d309565c07e83
755ddebf8fb1b8f153f636bca6f44add01d36a4d5790e8ee45433fa5ca0801d5
7e9d99f451cf9fb976eab80b72178996a1318f02d8a452909351761120c8d5e6
99f757b5d894b3b8f64572ac4c6c14d86a7f175dd638739873c6d97628089e56
a51706f9f121b12d58046076988f0fb8ba8db095bedd4137ae7697975eed5629
c6e97b4628d92c284fc96019b0d9aa188e394dd0c89eaab87af9c86ddcb1f199
d77456e48416e475066a580b2050cee4f86a3819556d0ddf90d81250f3af9de2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fdf0e3938479eb6e108e7869436051b7072b9a18ecb98b3c6b49d1b29d8bc758