wildnatureamazon.com
Open in
urlscan Pro
192.185.129.109
Malicious Activity!
Public Scan
Effective URL: https://wildnatureamazon.com/GP/login.live.com/?login.srf?wa=wsignin1.0&rpsnv=12&ct=1425083828&rver=6.4.6456.0&wp=MBI_SSL_SHA...
Submission: On May 21 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on April 9th 2020. Valid for: 3 months.
This is the only time wildnatureamazon.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook (Online) Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 198.12.123.178 198.12.123.178 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:2b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 17 | 192.185.129.109 192.185.129.109 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
18 | 3 |
ASN36352 (AS-COLOCROSSING, US)
PTR: wgh11.whogohost.com
zoominfoo.space |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: bh-ht-5.webhostbox.net
wildnatureamazon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
wildnatureamazon.com
1 redirects
wildnatureamazon.com |
87 KB |
1 |
jquery.com
code.jquery.com |
24 KB |
1 |
zoominfoo.space
zoominfoo.space |
4 KB |
18 | 3 |
Domain | Requested by | |
---|---|---|
17 | wildnatureamazon.com |
1 redirects
zoominfoo.space
wildnatureamazon.com |
1 | code.jquery.com |
zoominfoo.space
|
1 | zoominfoo.space | |
18 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
webdisk.zoominfoo.space Let's Encrypt Authority X3 |
2020-04-13 - 2020-07-12 |
3 months | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
wildnatureamazon.com Let's Encrypt Authority X3 |
2020-04-09 - 2020-07-08 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://wildnatureamazon.com/GP/login.live.com/?login.srf?wa=wsignin1.0&rpsnv=12&ct=1425083828&rver=6.4.6456.0&wp=MBI_SSL_SHARED&wreply=httpsbay169.mail.live.com%default.aspxFrru3inbox&lc=1033&id=64855&mkt=en-us&cbcxt=mai&jgoogle=YW5pdGEuamFtZXNAcGFjdGdyb3VwLmNvbS5hdQ==&xma=c
Frame ID: 451449918E33368FD4EA7ABEC939174F
Requests: 5 HTTP requests in this frame
Frame:
https://wildnatureamazon.com/GP/login.live.com/others/EN-US(1).htm
Frame ID: 0270533821246FB384CDC97D2BB85008
Requests: 10 HTTP requests in this frame
Frame:
https://wildnatureamazon.com/GP/login.live.com/others/EN-US.htm
Frame ID: 18636A05475F08F302115199EA1D6F23
Requests: 3 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://zoominfoo.space/841b9457fd9014ede0e8ba949e5be76d?usr=YW5pdGEuamFtZXNAcGFjdGdyb3VwLmNvbS5hdQ%... Page URL
-
https://wildnatureamazon.com/GP/?ehdgk=YW5pdGEuamFtZXNAcGFjdGdyb3VwLmNvbS5hdQ==&isfgsValidate=c
HTTP 302
https://wildnatureamazon.com/GP/login.live.com/?login.srf?wa=wsignin1.0&rpsnv=12&ct=1425083828&rver=6.4.6... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://zoominfoo.space/841b9457fd9014ede0e8ba949e5be76d?usr=YW5pdGEuamFtZXNAcGFjdGdyb3VwLmNvbS5hdQ%3D%3D Page URL
-
https://wildnatureamazon.com/GP/?ehdgk=YW5pdGEuamFtZXNAcGFjdGdyb3VwLmNvbS5hdQ==&isfgsValidate=c
HTTP 302
https://wildnatureamazon.com/GP/login.live.com/?login.srf?wa=wsignin1.0&rpsnv=12&ct=1425083828&rver=6.4.6456.0&wp=MBI_SSL_SHARED&wreply=httpsbay169.mail.live.com%default.aspxFrru3inbox&lc=1033&id=64855&mkt=en-us&cbcxt=mai&jgoogle=YW5pdGEuamFtZXNAcGFjdGdyb3VwLmNvbS5hdQ==&xma=c Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
841b9457fd9014ede0e8ba949e5be76d
zoominfoo.space/ |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.3.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
wildnatureamazon.com/GP/login.live.com/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
R3WinLive1033.css
wildnatureamazon.com/GP/login.live.com/css/ |
25 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EN-US(1).htm
wildnatureamazon.com/GP/login.live.com/others/ Frame 0270 |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EN-US.htm
wildnatureamazon.com/GP/login.live.com/others/ Frame 1863 |
642 B 501 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
controls.png
wildnatureamazon.com/GP/login.live.com/imgs/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
wildnatureamazon.com/GP/login.live.com/css/ Frame 0270 |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mbox.js
wildnatureamazon.com/GP/login.live.com/js/ Frame 0270 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
wildnatureamazon.com/GP/login.live.com/others/ Frame 0270 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Outlook_SISU%20Refresh_Categories.jpg
wildnatureamazon.com/GP/login.live.com/imgs/ Frame 0270 |
63 KB 64 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style_win8.css
wildnatureamazon.com/GP/login.live.com/css/ Frame 0270 |
2 KB 442 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bk-coretag.js
wildnatureamazon.com/GP/login.live.com/others/ Frame 0270 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
standard
wildnatureamazon.com/GP/login.live.com/others/ Frame 0270 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header.css
wildnatureamazon.com/GP/login.live.com/css/ Frame 1863 |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_mail.png
wildnatureamazon.com/GP/login.live.com/imgs/ Frame 1863 |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bk-coretag.js
wildnatureamazon.com/GP/login.live.com/others/ Frame 0270 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
standard
wildnatureamazon.com/GP/login.live.com/others/ Frame 0270 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook (Online) Generic (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| MM_findObj function| MM_validateForm0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
wildnatureamazon.com
zoominfoo.space
192.185.129.109
198.12.123.178
2001:4de0:ac19::1:b:2b
1201c9e70331fab3bfeaae83d453b392f35eeccc008f0674c30b74492e9b1fa0
24a82e9d015004ab2b6432ed5174f67c2d260f95785b67dd702ae012b8624b6d
410ee4f488884831493ca83ee173cb43175670279c1e7561857797144d6b2601
58c85a458cff1098d73812156c77d22e35113e6843f1e6e2e265aac58b19d302
6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b
a4b5b5c02fcb5d966da4d7ed0204619e87cfaed5023d3e3fa7471abb33711c78
beeb8672e0f8f04e8afd9814718f6d61ae2ebffb41dd573ed37b181f63e87440
d7093fda3762088fab989fc2332063e24af7c61bc609bcc4053295252d8cf173
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1
e14c6d6bb316a77b4f48116c201346933681e465cb846eaf51cadc2789c12de0
faeb5d6e5a9ab11084092cf2c76235353d56612a822f680631c9d391b3743ec9