update.amazonsjp.tk
Open in
urlscan Pro
2606:4700:3034::6812:2d0c
Malicious Activity!
Public Scan
Effective URL: https://update.amazonsjp.tk/login.php
Submission Tags: @phishunt_io
Submission: On August 16 via api from ES
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 14th 2020. Valid for: a year.
This is the only time update.amazonsjp.tk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online) Amazon Japan (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2606:4700:303... 2606:4700:3034::6812:2d0c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 2a02:26f0:6c0... 2a02:26f0:6c00:186::108 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2600:9000:218... 2600:9000:2182:6200:3:12d0:8d40:21 | 16509 (AMAZON-02) (AMAZON-02) | |
13 | 3 |
ASN20940 (AKAMAI-ASN1, EU)
images-na.ssl-images-amazon.com | |
m.media-amazon.com |
ASN16509 (AMAZON-02, US)
d35uxhjf90umnp.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ssl-images-amazon.com
images-na.ssl-images-amazon.com |
186 KB |
2 |
media-amazon.com
m.media-amazon.com |
32 KB |
2 |
amazonsjp.tk
update.amazonsjp.tk |
7 KB |
1 |
cloudfront.net
d35uxhjf90umnp.cloudfront.net |
586 B |
13 | 4 |
Domain | Requested by | |
---|---|---|
8 | images-na.ssl-images-amazon.com |
update.amazonsjp.tk
|
2 | m.media-amazon.com |
images-na.ssl-images-amazon.com
|
2 | update.amazonsjp.tk | |
1 | d35uxhjf90umnp.cloudfront.net |
images-na.ssl-images-amazon.com
|
13 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-14 - 2021-08-14 |
a year | crt.sh |
images-fe.ssl-images-amazon.com GeoTrust RSA CA 2018 |
2020-06-24 - 2021-09-23 |
a year | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2020-05-26 - 2021-04-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://update.amazonsjp.tk/login.php
Frame ID: 6F7DC7D66D1DBB6B105EAB84C0E9CB4B
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://update.amazonsjp.tk/ Page URL
- https://update.amazonsjp.tk/login.php Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://update.amazonsjp.tk/ Page URL
- https://update.amazonsjp.tk/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
update.amazonsjp.tk/ |
1 B 422 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login.php
update.amazonsjp.tk/ |
17 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
61a7TmEWvNL._RC%7C11Fd9tJOdtL.css,21y5jWQoUML.css,31Q3id-QR0L.css,31P8A7PnBZL.css_.css
images-na.ssl-images-amazon.com/images/I/ |
134 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
01SdjaY0ZsL._RC%7C419sIPk+mYL.css,41QH6Lz6fzL.css_.css
images-na.ssl-images-amazon.com/images/I/ |
46 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11E08O3eXDL.css
images-na.ssl-images-amazon.com/images/I/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
61-6nKPKyWL._RC%7C11-BZEJ8lnL.js,61q-U9rAZ3L.js,31x4ENTlVIL.js,31f4+QIEeqL.js,01N6xzIJxbL.js,518BI433aLL.js,01rpauTep4L.js,31QZSjMuoeL.js,61ofwvddDeL.js,01KsMxlPtzL.js_.js
images-na.ssl-images-amazon.com/images/I/ |
314 KB 84 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
21G215oqvfL._RC%7C21OJDARBhQL.js,218GJg15I8L.js,31lucpmF4CL.js,21juQdw6GzL.js,01UvxCoiJ5L.js,5124LxeN-BL.js_.js
images-na.ssl-images-amazon.com/images/I/ |
76 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
01gSU6T+2-L.js
images-na.ssl-images-amazon.com/images/I/ |
518 B 635 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
31PjJSap3mL.js
images-na.ssl-images-amazon.com/images/I/ |
9 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
71WvBTzF8cL.js
images-na.ssl-images-amazon.com/images/I/ |
232 KB 49 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png
m.media-amazon.com/images/G/01/AUIClients/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AmazonUIBaseCSS-sprite_jp_1x-f8582354fc42b464ef5eb709dd98f9371d3eafea._V2_.png
m.media-amazon.com/images/G/01/AUIClients/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.js
d35uxhjf90umnp.cloudfront.net/ |
192 B 586 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online) Amazon Japan (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| setImmediate function| clearImmediate number| __fwcimLoaded object| fwcim object| jQuery16408336911798339688 boolean| __pieLoaded boolean| loginWithOTPState2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
update.amazonsjp.tk/ | Name: ZDEDebuggerPresent Value: php,phtml,php3 |
|
.amazonsjp.tk/ | Name: __cfduid Value: d7b0ddb98e001bb7b919ef4734e17a6f01597588915 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d35uxhjf90umnp.cloudfront.net
images-na.ssl-images-amazon.com
m.media-amazon.com
update.amazonsjp.tk
2600:9000:2182:6200:3:12d0:8d40:21
2606:4700:3034::6812:2d0c
2a02:26f0:6c00:186::108
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
0e7ef55738e6e8644adc5fa0b0174263e469f82b8c39d24b9f35217cb31cc592
0f4c3d7e9e112b3bbb47d0899c0a8a0fa7f567cd4e79bf2c9e3c73033f80231d
122a38d736dd4b129af47e1d4f6d955d335f55256f2f231d8ccd1a58562cd381
29c2297e18df7b9d3e0192aebef4ed9d349909dc5f3e125c17c0733600274a0a
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
63e9dc2a0c599bba82ba679ba009172b67b496ebdadd5120564999a2a720b5d5
7097c51d01e5b0e650093dbeda864e1634c946212b62d92e7d0e2e667bc99831
96d56462227c51792ec3c7930ae2bae7d0c04ee524d789ae066c7a8b189e5c16
a515dcb414d0c44f70cbdc70eb4eceae128f82667a9d143731e3b4f608f3f483
afea409bc2880d934663b6224d19e4466b9bba3168a6a66d3ba1ce96a9d76ef0
e3d155b691c3b7093ea0bde273190b7e4db12f670b26211dcbe3fd1962af70b6
fe98215ed68d14f34fc46c2bb52d784d40c8e6690f74dc39897912443f07730e