![](/screenshots/9a3f04ce-6790-4aae-b482-b548880952a7.png)
account-sys.zk-web.fr
Open in
urlscan Pro
91.121.157.224
Malicious Activity!
Public Scan
Submission: On November 10 via automatic, source certstream-suspicious — Scanned from FR
Summary
TLS certificate: Issued by R3 on November 10th 2021. Valid for: 3 months.
This is the only time account-sys.zk-web.fr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 91.121.157.224 91.121.157.224 | 16276 (OVH) (OVH) | |
5 | 2600:9000:20e... 2600:9000:20eb:5800:1d:d7f6:39cf:a761 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
7 | 3 |
ASN16509 (AMAZON-02, US)
images-eu.ssl-images-amazon.com | |
m.media-amazon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
ssl-images-amazon.com
images-eu.ssl-images-amazon.com |
35 KB |
1 |
media-amazon.com
m.media-amazon.com |
28 KB |
1 |
jquery.com
code.jquery.com |
30 KB |
1 |
zk-web.fr
account-sys.zk-web.fr |
4 KB |
7 | 4 |
Domain | Requested by | |
---|---|---|
4 | images-eu.ssl-images-amazon.com |
account-sys.zk-web.fr
|
1 | m.media-amazon.com |
images-eu.ssl-images-amazon.com
|
1 | code.jquery.com |
account-sys.zk-web.fr
|
1 | account-sys.zk-web.fr | |
7 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.amazon.fr |
Subject Issuer | Validity | Valid | |
---|---|---|---|
account-sys.zk-web.fr R3 |
2021-11-10 - 2022-02-08 |
3 months | crt.sh |
Images-na.ssl-images-amazon.com DigiCert Global CA G2 |
2021-03-23 - 2022-03-22 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://account-sys.zk-web.fr/
Frame ID: 3D10D369D73878CD8EF2D11E31D0A61F
Requests: 7 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
Title: Mot de passe oublié
Search URL Search Domain Scan URL
Title: Créer votre compte Amazon
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
account-sys.zk-web.fr/ |
15 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
31YXrY93hfL.js
images-eu.ssl-images-amazon.com/images/I/ |
9 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
61zcRmYWpgL._RC%7C11Fd9tJOdtL.css,11tfezETfFL.css,31Q3id-QR0L.css,31U9HrBLKmL.css_.css
images-eu.ssl-images-amazon.com/images/I/ |
131 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
01SdjaY0ZsL._RC%7C31jdWD+JB+L.css,41DBI6BbFkL.css_.css
images-eu.ssl-images-amazon.com/images/I/ |
36 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11qeL1AgUGL.css
images-eu.ssl-images-amazon.com/images/I/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mPGmT0r6IeTyIee.png
m.media-amazon.com/images/S/sash/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler number| ue_t0 number| aPageStart function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
account-sys.zk-web.fr/ | Name: PHPSESSID Value: i2uah4m132i7e5risuasd8ejfc |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
account-sys.zk-web.fr
code.jquery.com
images-eu.ssl-images-amazon.com
m.media-amazon.com
2001:4de0:ac18::1:a:1a
2600:9000:20eb:5800:1d:d7f6:39cf:a761
91.121.157.224
0debafeb8c39f3d5cdd9443cd018edee19d76125de4dc4765454f3008cb81a01
2e7ab1e1635ce8444d0125ad4b6ec8418449e777a6b1340ea66dc376682d9080
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
52f683fa1a75a43e86a8265f72e13a81b43eedf5770560c943e61aac50fe3fe0
8ee2d8d8ddba5c2628bbc3e5466c24e9388768b6a37e9dfa2644b4afbab4aa0f
db428c49699fc9794efcb304924aa4eecc499d357e9c2c54f618f9136301aa03
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e