lnk-managedacc-sce8uenckslogs.dedyn.io

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 162.241.121.60, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is lnk-managedacc-sce8uenckslogs.dedyn.io.
TLS certificate: Issued by R3 on January 4th 2023. Valid for: 3 months.

This is the only time lnk-managedacc-sce8uenckslogs.dedyn.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 4	54.74.1.102 54.74.1.102	16509 (AMAZON-02) (AMAZON-02)
1 4	162.241.121.60 162.241.121.60	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1	2600:9000:206... 2600:9000:206f:5800:1d:d7f6:39d2:2dc1	16509 (AMAZON-02) (AMAZON-02)
7	3

4 54.74.1.102 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-74-1-102.eu-west-1.compute.amazonaws.com

lnk.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 162.241.121.60 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-121-60.webhostbox.net

lnk-managedacc-sce8uenckslogs.dedyn.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:5800:1d:d7f6:39d2:2dc1 (United States)

ASN16509 (AMAZON-02, US)

m.media-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	dedyn.io 1 redirects lnk-managedacc-sce8uenckslogs.dedyn.io	272 KB
4	lnk.to 1 redirects lnk.to — Cisco Umbrella Rank: 89838	86 KB
1	media-amazon.com m.media-amazon.com — Cisco Umbrella Rank: 417	28 KB
7	3

	Domain	Requested by
4	lnk-managedacc-sce8uenckslogs.dedyn.io	1 redirects lnk.to lnk-managedacc-sce8uenckslogs.dedyn.io
4	lnk.to	1 redirects lnk.to
1	m.media-amazon.com	lnk-managedacc-sce8uenckslogs.dedyn.io
7	3

This site contains no links.

Subject Issuer	Validity	Valid
lnk.to Amazon	`2022-08-09` - `2023-09-07`	a year	crt.sh
lnk-managedacc-sce8uenckslogs.dedyn.io R3	`2023-01-04` - `2023-04-04`	3 months	crt.sh
images-na.ssl-images-amazon.com DigiCert Global CA G2	`2022-10-26` - `2023-10-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://lnk-managedacc-sce8uenckslogs.dedyn.io/?4c18a6d7e609bd5bc03f47cde3ecca2f7b1f4112=ff2a6b6b0b4b5b2c43e945104008d359&p=signin&country=DE&lang=de
Frame ID: FFE060920EA77DF53B5F501E2072BC47
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Amazon Sign In

Page URL History Show full URLs

http://lnk.to/gkiu7m5t HTTP 302
https://lnk.to/gkiu7m5t Page URL
https://lnk-managedacc-sce8uenckslogs.dedyn.io/?xXXxXXX HTTP 301
https://lnk-managedacc-sce8uenckslogs.dedyn.io/?4c18a6d7e609bd5bc03f47cde3ecca2f7b1f4112=ff2a6b6b0b4b5b2c43e945104008d359&p... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

386 kB
Transfer

384 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://lnk.to/gkiu7m5t HTTP 302
https://lnk.to/gkiu7m5t Page URL
https://lnk-managedacc-sce8uenckslogs.dedyn.io/?xXXxXXX HTTP 301
https://lnk-managedacc-sce8uenckslogs.dedyn.io/?4c18a6d7e609bd5bc03f47cde3ecca2f7b1f4112=ff2a6b6b0b4b5b2c43e945104008d359&p=signin&country=DE&lang=de Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://lnk.to/gkiu7m5t HTTP 302
https://lnk.to/gkiu7m5t

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	gkiu7m5t Show response lnk.to/ Redirect Chain http://lnk.to/gkiu7m5t https://lnk.to/gkiu7m5t	85 KB 85 KB	289ms 188ms	Document text/html	54.74.1.102 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://lnk.to/gkiu7m5t Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.74.1.102 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-74-1-102.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash `210df77f1dac6f9f943178347ce528f0f119e9dcb01a9029c2381249b20b5910` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-type text/html; charset=UTF-8 date Thu, 05 Jan 2023 13:19:32 GMT server nginx x-redirector-version redirector-v3 Redirect headers Connection keep-alive Content-Length 0 Date Thu, 05 Jan 2023 13:19:32 GMT cache-control no-cache location https://lnk.to/gkiu7m5t
POST H2	200	/ lnk.to/~/tr/pageview/	70 B 186 B	140ms 139ms	XHR application/json	54.74.1.102 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://lnk.to/~/tr/pageview/ Requested by Host: lnk.to URL: https://lnk.to/gkiu7m5t Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.74.1.102 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-74-1-102.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash Request headers Referer https://lnk.to/gkiu7m5t accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-Type application/json Response headers date Thu, 05 Jan 2023 13:19:32 GMT x-redirector-version redirector-v3 server nginx content-type application/json; charset=UTF-8
POST H2	200	/ Show response lnk.to/~/tr/event/	70 B 186 B	119ms 119ms	XHR application/json	54.74.1.102 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://lnk.to/~/tr/event/ Requested by Host: lnk.to URL: https://lnk.to/gkiu7m5t Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.74.1.102 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-74-1-102.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash `dbb1c91109053368f8660f5d3c776ef4a92598627be382f25eaedb5dbde3a371` Request headers Referer https://lnk.to/gkiu7m5t accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Content-Type application/json Response headers date Thu, 05 Jan 2023 13:19:32 GMT x-redirector-version redirector-v3 server nginx content-type application/json; charset=UTF-8
GET H/1.1	200 OK	Primary Request / Show response lnk-managedacc-sce8uenckslogs.dedyn.io/ Redirect Chain https://lnk-managedacc-sce8uenckslogs.dedyn.io/?xXXxXXX https://lnk-managedacc-sce8uenckslogs.dedyn.io/?4c18a6d7e609bd5bc03f47cde3ecca2f7b1f4112=ff2a6b6b0b4b5b2c43e945104008d359&p=signin&country=DE&lang=de	13 KB 13 KB	226ms 225ms	Document text/html	162.241.121.60 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL https://lnk-managedacc-sce8uenckslogs.dedyn.io/?4c18a6d7e609bd5bc03f47cde3ecca2f7b1f4112=ff2a6b6b0b4b5b2c43e945104008d359&p=signin&country=DE&lang=de Requested by Host: lnk.to URL: https://lnk.to/gkiu7m5t Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.60 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 162-241-121-60.webhostbox.net Software Apache / Resource Hash `b7095d430fec4164441c997775a88b5c4b9d34d572f4bb2f879b8916884a72d8` Request headers Referer https://lnk.to/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Thu, 05 Jan 2023 13:19:34 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=99 Pragma no-cache Server Apache Transfer-Encoding chunked Redirect headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Thu, 05 Jan 2023 13:19:32 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Location ?4c18a6d7e609bd5bc03f47cde3ecca2f7b1f4112=ff2a6b6b0b4b5b2c43e945104008d359&p=signin&country=DE&lang=de Pragma no-cache Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	jquery.min.js Show response lnk-managedacc-sce8uenckslogs.dedyn.io/assets/js/	85 KB 85 KB	353ms 233ms	Script application/javascript	162.241.121.60 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL https://lnk-managedacc-sce8uenckslogs.dedyn.io/assets/js/jquery.min.js Requested by Host: lnk-managedacc-sce8uenckslogs.dedyn.io URL: https://lnk-managedacc-sce8uenckslogs.dedyn.io/?4c18a6d7e609bd5bc03f47cde3ecca2f7b1f4112=ff2a6b6b0b4b5b2c43e945104008d359&p=signin&country=DE&lang=de Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.60 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 162-241-121-60.webhostbox.net Software Apache / Resource Hash `a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855` Request headers accept-language de-DE,de;q=0.9 Referer https://lnk-managedacc-sce8uenckslogs.dedyn.io/?4c18a6d7e609bd5bc03f47cde3ecca2f7b1f4112=ff2a6b6b0b4b5b2c43e945104008d359&p=signin&country=DE&lang=de User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Thu, 05 Jan 2023 13:19:34 GMT Last-Modified Fri, 10 Dec 2021 10:22:46 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 86926
GET H/1.1	200 OK	main.css lnk-managedacc-sce8uenckslogs.dedyn.io/assets/css/	173 KB 174 KB	267ms 239ms	Stylesheet text/css	162.241.121.60 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL https://lnk-managedacc-sce8uenckslogs.dedyn.io/assets/css/main.css Requested by Host: lnk-managedacc-sce8uenckslogs.dedyn.io URL: https://lnk-managedacc-sce8uenckslogs.dedyn.io/?4c18a6d7e609bd5bc03f47cde3ecca2f7b1f4112=ff2a6b6b0b4b5b2c43e945104008d359&p=signin&country=DE&lang=de Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.241.121.60 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 162-241-121-60.webhostbox.net Software Apache / Resource Hash `c53294daa2b521e9c969be5ad264b0c281463b9a9f0fbe341b802d6485a24d19` Request headers accept-language de-DE,de;q=0.9 Referer https://lnk-managedacc-sce8uenckslogs.dedyn.io/?4c18a6d7e609bd5bc03f47cde3ecca2f7b1f4112=ff2a6b6b0b4b5b2c43e945104008d359&p=signin&country=DE&lang=de User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers Date Thu, 05 Jan 2023 13:19:34 GMT Last-Modified Wed, 03 Jun 2020 08:08:28 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 177536
GET H2	200	AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png m.media-amazon.com/images/G/01/AUIClients/	27 KB 28 KB	131ms 22ms	Image image/png	2600:9000:206f:5800:1d:d7f6:39d2:2dc1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://m.media-amazon.com/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png Requested by Host: lnk-managedacc-sce8uenckslogs.dedyn.io URL: https://lnk-managedacc-sce8uenckslogs.dedyn.io/assets/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:206f:5800:1d:d7f6:39d2:2dc1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash `437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5` Request headers accept-language de-DE,de;q=0.9 Referer https://lnk-managedacc-sce8uenckslogs.dedyn.io/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 19 Aug 2022 10:56:52 GMT via 1.1 910fc18161f0602555cc5b6397ca26f2.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-C1 age 12018163 edge-cache-tag x-cache-753,/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013 x-cache Hit from cloudfront x-nginx-cache-status HIT content-length 27972 surrogate-key x-cache-753 /images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013 last-modified Fri, 22 Sep 2017 00:23:19 GMT server Server content-type image/png access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id 12149201-44ee-4fd1-a3b2-32f78a666f58 accept-ranges bytes timing-allow-origin https://www.amazon.com x-amz-cf-id WSIvTSsfB6Y16e9NoGVkL3oPXjYrzWjv4nXcZKk4l-r98V32JgbCHA== expires Thu, 14 Aug 2042 06:23:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.lnk.to/	1970-01-20 08:42:05	Name: LF_session_0ba45e3dead2884933c710a1aab17f56 Value: 1
			lnk-managedacc-sce8uenckslogs.dedyn.io/	1969-12-31 23:59:59	Name: PHPSESSID Value: bdb7dd9f7422f1bbb91b06a0523c61de

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lnk-managedacc-sce8uenckslogs.dedyn.io
lnk.to
m.media-amazon.com
162.241.121.60
2600:9000:206f:5800:1d:d7f6:39d2:2dc1
54.74.1.102
210df77f1dac6f9f943178347ce528f0f119e9dcb01a9029c2381249b20b5910
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855
b7095d430fec4164441c997775a88b5c4b9d34d572f4bb2f879b8916884a72d8
c53294daa2b521e9c969be5ad264b0c281463b9a9f0fbe341b802d6485a24d19
dbb1c91109053368f8660f5d3c776ef4a92598627be382f25eaedb5dbde3a371

lnk-managedacc-sce8uenckslogs.dedyn.io Open in urlscan Pro 162.241.121.60 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

386 kBTransfer

384 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

2 Cookies

Indicators

lnk-managedacc-sce8uenckslogs.dedyn.io Open in urlscan Pro
162.241.121.60 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

386 kB
Transfer

384 kB
Size

2
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!