amazonupdates.sytes.net
Open in
urlscan Pro
159.89.184.232
Malicious Activity!
Public Scan
Effective URL: https://amazonupdates.sytes.net/ap/signin?_encoding=UTF8&ignoreAuthState=1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%...
Submission: On February 25 via api from US
Summary
TLS certificate: Issued by amazonupdates.sytes.net on February 25th 2020. Valid for: a year.
This is the only time amazonupdates.sytes.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 3 | 159.89.184.232 159.89.184.232 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
9 | 143.204.201.243 143.204.201.243 | 16509 (AMAZON-02) (AMAZON-02) | |
10 | 2 |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-201-243.fra53.r.cloudfront.net
images-na.ssl-images-amazon.com | |
m.media-amazon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ssl-images-amazon.com
images-na.ssl-images-amazon.com |
270 KB |
3 |
sytes.net
2 redirects
amazonupdates.sytes.net |
14 KB |
1 |
media-amazon.com
m.media-amazon.com |
28 KB |
10 | 3 |
Domain | Requested by | |
---|---|---|
8 | images-na.ssl-images-amazon.com |
amazonupdates.sytes.net
|
3 | amazonupdates.sytes.net | 2 redirects |
1 | m.media-amazon.com |
amazonupdates.sytes.net
|
10 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.amazon.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
amazonupdates.sytes.net amazonupdates.sytes.net |
2020-02-25 - 2021-02-24 |
a year | crt.sh |
Images-na.ssl-images-amazon.com DigiCert Global CA G2 |
2019-05-02 - 2020-04-23 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://amazonupdates.sytes.net/ap/signin?_encoding=UTF8&ignoreAuthState=1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select
Frame ID: 1D06C59BCA865E196A92151BB48786DD
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://amazonupdates.sytes.net/
HTTP 302
https://amazonupdates.sytes.net/ap/ HTTP 302
https://amazonupdates.sytes.net/ap/signin?_encoding=UTF8&ignoreAuthState=1&openid.assoc_handle=usflex&openid... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Forgot your password?
Search URL Search Domain Scan URL
Title: Create your Amazon account
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://amazonupdates.sytes.net/
HTTP 302
https://amazonupdates.sytes.net/ap/ HTTP 302
https://amazonupdates.sytes.net/ap/signin?_encoding=UTF8&ignoreAuthState=1&openid.assoc_handle=usflex&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
signin
amazonupdates.sytes.net/ap/ Redirect Chain
|
54 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
61Brdu0o6LL._RC%7C11Fd9tJOdtL.css,21y5jWQoUML.css,31Q3id-QR0L.css,31P8A7PnBZL.css_.css
images-na.ssl-images-amazon.com/images/I/ |
137 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
01SdjaY0ZsL._RC%7C41brt7ioFML.css,21NC23gT6pL.css_.css
images-na.ssl-images-amazon.com/images/I/ |
34 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11BFk7eGdOL.css
images-na.ssl-images-amazon.com/images/I/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fwcim._CB454428048_.js
images-na.ssl-images-amazon.com/images/G/01/x-locale/common/login/ |
406 KB 115 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
61kzhTBl2qL._RC%7C11-BZEJ8lnL.js,61q-U9rAZ3L.js,31x4ENTlVIL.js,31f4+QIEeqL.js,01N6xzIJxbL.js,518BI433aLL.js,01rpauTep4L.js,31QZSjMuoeL.js,61ofwvddDeL.js,01KsMxlPtzL.js_.js
images-na.ssl-images-amazon.com/images/I/ |
314 KB 98 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
21owEZn4uNL._RC%7C21-UQZYo-gL.js,217NUsZfSWL.js,314IrYrtGEL.js,21KwapY0t9L.js,0195HMSwv7L.js,51dbeLCz6YL.js_.js
images-na.ssl-images-amazon.com/images/I/ |
71 KB 21 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
01moEMrtu9L.js
images-na.ssl-images-amazon.com/images/I/ |
518 B 891 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
21CMa1rIFJL.js
images-na.ssl-images-amazon.com/images/I/ |
8 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png
m.media-amazon.com/images/G/01/AUIClients/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate number| ue_t0 number| aPageStart number| ue_ihe object| d number| n boolean| __fwcimLoaded object| fwcim boolean| __fwcimShimProfileReady object| jQuery16403275594361674883 boolean| loginWithOTPState1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
amazonupdates.sytes.net/ | Name: PHPSESSID Value: 8d4c420e3ae54a75fe03496573567509 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
amazonupdates.sytes.net
images-na.ssl-images-amazon.com
m.media-amazon.com
143.204.201.243
159.89.184.232
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
7297fefc30fd1af0c1932494664f69abb5a216fd195a3a0e76f0e6356c193adb
8ff52030ae312e1688bd111f80d21dc533e457cdefd9cdf07722ec9f51de79bb
9120b41bc0973f437a2e06805abbbfcd26662850c1f8c6a2c39fba160943e75d
a92c7781f7370152af9407e0dce95794aca10cbc52bb2ab66e2f2bd72bd93235
ac6c8a640f5b8fea68c8aeaaad4e145c8261be36ba09df844e4121fb69e90cc7
ac8314f195ed04dedbdb0938c3effa333e4050bb8d1bd644298d0cd886431679
b2cc97c937b2669ac42786fb13c686bf7f24222ad042f0cee1764024d251c4d4
c092acaee632310a390ebb387b1cb71a231d1ea8cb10bdb0b4a2b0be31274d93
c82cbf7f99b7bc38c257ec34e6b9c2512f87d6dc417035b81dbc343cc056f9d3