www.syntaxlife.com
Open in
urlscan Pro
172.104.198.117
Malicious Activity!
Public Scan
Effective URL: https://www.syntaxlife.com/nachrichten-sys/?sub1=557df4a8090c4586a305aa28b94b4493&sub2=hamza&txid=21068&utm_campaign=Jul_12...
Submission: On July 19 via manual from IN
Summary
TLS certificate: Issued by R3 on June 11th 2021. Valid for: 3 months.
This is the only time www.syntaxlife.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Lion's Den Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 54.191.241.67 54.191.241.67 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 52.186.31.137 52.186.31.137 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
15 | 172.104.198.117 172.104.198.117 | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
15 | 1 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.lightutil.com |
ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1798-117.members.linode.com
www.syntaxlife.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
syntaxlife.com
www.syntaxlife.com |
669 KB |
1 |
lightutil.com
1 redirects
www.lightutil.com |
662 B |
1 |
bmetrack.com
1 redirects
clt1360673.bmetrack.com |
588 B |
15 | 3 |
Domain | Requested by | |
---|---|---|
15 | www.syntaxlife.com |
www.syntaxlife.com
|
1 | www.lightutil.com | 1 redirects |
1 | clt1360673.bmetrack.com | 1 redirects |
15 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.vbpol29.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
syntaxlife.com R3 |
2021-06-11 - 2021-09-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.syntaxlife.com/nachrichten-sys/?sub1=557df4a8090c4586a305aa28b94b4493&sub2=hamza&txid=21068&utm_campaign=Jul_12_2021_Email&utm_medium=email&utm_source=BenchmarkEmail
Frame ID: 8BD002404B53CB17BD79337C921B4066
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://clt1360673.bmetrack.com/c/l?u=C8152B9&e=12B2DC8&c=14C321&t=1&l=65357C60&email=wNXIr0fwlVESzeYyvgYFA3...
HTTP 302
https://www.lightutil.com/275GFGM5/QTXT8SN/?creative_id=65213&sub1=hamza&utm_source=BenchmarkEmail&utm... HTTP 302
https://www.syntaxlife.com/nachrichten-sys/?sub1=557df4a8090c4586a305aa28b94b4493&sub2=hamza&txid=21068... Page URL
Detected technologies
CentOS (Operating Systems) ExpandDetected patterns
- headers server /CentOS/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://clt1360673.bmetrack.com/c/l?u=C8152B9&e=12B2DC8&c=14C321&t=1&l=65357C60&email=wNXIr0fwlVESzeYyvgYFA3yrlWTUC3EV&seq=1
HTTP 302
https://www.lightutil.com/275GFGM5/QTXT8SN/?creative_id=65213&sub1=hamza&utm_source=BenchmarkEmail&utm_campaign=Jul_12_2021_Email&utm_medium=email HTTP 302
https://www.syntaxlife.com/nachrichten-sys/?sub1=557df4a8090c4586a305aa28b94b4493&sub2=hamza&txid=21068&utm_campaign=Jul_12_2021_Email&utm_medium=email&utm_source=BenchmarkEmail Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
www.syntaxlife.com/nachrichten-sys/ Redirect Chain
|
20 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.syntaxlife.com/nachrichten-sys/css/ |
14 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btcnews.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
23 KB 23 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1header-right.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
22 KB 22 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hd-hero1.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
118 KB 118 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2018-03-28_12.06.48.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
188 KB 189 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
carsten-maschmeyer-und-judith-williams.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
71 KB 71 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ccccc.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
138 KB 138 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof1.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof2.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof3.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof4.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof5.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
184dc9ab-6565-4fbf-a6a5-27cb70a870e3.jpg
www.syntaxlife.com/nachrichten-sys/img/ |
62 KB 62 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
www.syntaxlife.com/netdna.bootstrapcdn.com/font-awesome/4.7.0/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Lion's Den Scam (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| dayNames object| monthNames object| now0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
clt1360673.bmetrack.com
www.lightutil.com
www.syntaxlife.com
172.104.198.117
52.186.31.137
54.191.241.67
0d20702b033de73ed5afaceea2524d588e48807c71aa4ad631736caa3984a465
122dd532737cf3aceb8cf02a967ab236b9bef64f064aa0146ec2161b4a6d7128
1707346b93ea4f91be70ba1d144c800813af2ef6d7bf2a9785665d2e9764b4c8
31899c4c4724ff2e88ecaa889871452a3e754145119737ee0b050ec16d54e3ad
44d22dd34c6e3f0c9253be6aa002e79f353981ba21ec8b5f92c1a82923d65908
4f51b53dba3c024c6ddb381aa17367a54be11c30b3a9411d9b0691aa3493882e
5e4a39e9f9298e25b326bd92f08b9cca6b15f0d617677c8ef2a6a3c037a8a0a1
6ef18c874e412f0827a0830ddf7f9f6ace52e3ba01e85dfb0de890601d085b30
70d81524ff46cf40ab5b8dafa8597489819bed792aeffde58837e55b99013464
957b235c804a6133fde0ec58b633ebb46ef644ab03806227741694f505db5cf5
c155aa91c885690a76b7980782929e024d0a9c1c0eb718467f1984b190e91e39
df99f7229bbfb0bdf5ed771fca5acc2fcbe96e41429bc2b2451f238c42d3f948
f5653349d4d9eade79c3484fc521672332ffba22afbf1022e80ecb56973814c4
f6894acedc5915b51c9f1857f0da8ea062475edaff3b391b7cd7ffdf7115ad91