aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud
Open in
urlscan Pro
111.90.158.141
Malicious Activity!
Public Scan
Effective URL: http://aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud/amazon/en144.76.109.30/Sign-In.php
Submission: On October 15 via manual from US
Summary
This is the only time aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AWS (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 12 | 111.90.158.141 111.90.158.141 | 45839 (SHINJIRU-...) (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd) | |
7 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
greenit24.cloud
2 redirects
aws.amazon.com.signin.redirect.uri.new.session.8.21354245.greenit24.cloud aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud |
1020 KB |
3 |
bg-bescheid.com
3 redirects
redirect.bg-bescheid.com |
1 KB |
7 | 2 |
Domain | Requested by | |
---|---|---|
8 | aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud |
1 redirects
aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud
|
3 | redirect.bg-bescheid.com | 3 redirects |
1 | aws.amazon.com.signin.redirect.uri.new.session.8.21354245.greenit24.cloud | 1 redirects |
7 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
aws.amazon.com |
console.aws.amazon.com |
signin.aws.amazon.com |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud/amazon/en144.76.109.30/Sign-In.php
Frame ID: 431A049CE55500E10604418F1DED6FDC
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://aws.amazon.com.signin.redirect.uri.new.session.8.21354245.greenit24.cloud/?Z289MSZzMT01ODc5NDUmczI9MTc0MjcyNjM5JnMzPUdMQg==
HTTP 302
http://redirect.bg-bescheid.com/public/?:nav=default::index&go=1&s1=587945&s2=174272639 HTTP 302
http://redirect.bg-bescheid.com/?var=Om5hdj1jbGljazo6dHJhY2tlciZkZXBsb3k9NTg3OTQ1JnVzZXI9aG9zdG1hc3RlciU0MGN... HTTP 302
http://redirect.bg-bescheid.com/public/?:nav=click::tracker&deploy=587945&user=hostmaster%40conviva.com&emai... HTTP 302
http://aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud/amazon/ HTTP 302
http://aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud/amazon/en144.76.109.30/Sign-In.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
CentOS (Operating Systems) Expand
Detected patterns
- headers server /CentOS/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Title: Amazon Web Services Login
Search URL Search Domain Scan URL
Title: payment page
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: here.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Recent Changes
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: AWS Customer Agreement
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://aws.amazon.com.signin.redirect.uri.new.session.8.21354245.greenit24.cloud/?Z289MSZzMT01ODc5NDUmczI9MTc0MjcyNjM5JnMzPUdMQg==
HTTP 302
http://redirect.bg-bescheid.com/public/?:nav=default::index&go=1&s1=587945&s2=174272639 HTTP 302
http://redirect.bg-bescheid.com/?var=Om5hdj1jbGljazo6dHJhY2tlciZkZXBsb3k9NTg3OTQ1JnVzZXI9aG9zdG1hc3RlciU0MGNvbnZpdmEuY29tJmVtYWlsX2lkPTE3NDI3MjYzOSZ1cmw9YUhSMGNEb3ZMMkYzY3k1aGJXRjZiMjR1WTI5dExuTnBaMjVwYmk1eVpXUnBjbVZqZEM1MWNta3VibVYzTG5ObGMzTnBiMjR1T0M0eU1UTTFOREV6TlM1bmNtVmxibWwwTWpRdVkyeHZkV1F2WVcxaGVtOXVMdz09 HTTP 302
http://redirect.bg-bescheid.com/public/?:nav=click::tracker&deploy=587945&user=hostmaster%40conviva.com&email_id=174272639&url=aHR0cDovL2F3cy5hbWF6b24uY29tLnNpZ25pbi5yZWRpcmVjdC51cmkubmV3LnNlc3Npb24uOC4yMTM1NDEzNS5ncmVlbml0MjQuY2xvdWQvYW1hem9uLw== HTTP 302
http://aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud/amazon/ HTTP 302
http://aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud/amazon/en144.76.109.30/Sign-In.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Sign-In.php
aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud/amazon/en144.76.109.30/ Redirect Chain
|
199 KB 199 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fwcim.js
aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud/amazon/en144.76.109.30/Amazon%20Web%20Services%20Sign-In_files/ |
380 KB 380 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
components.css
aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud/amazon/en144.76.109.30/Amazon%20Web%20Services%20Sign-In_files/ |
383 KB 383 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
grid.css
aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud/amazon/en144.76.109.30/Amazon%20Web%20Services%20Sign-In_files/ |
18 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utilities.css
aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud/amazon/en144.76.109.30/Amazon%20Web%20Services%20Sign-In_files/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Prospect_image.jpg
aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud/amazon/en144.76.109.30/Amazon%20Web%20Services%20Sign-In_files/ |
34 KB 34 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
511 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
226 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
389 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
622 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
pageload
aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud/metrics/ |
214 B 460 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AWS (Online)90 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate boolean| isMobileApp string| loginpage_error_title_unknownaccount string| loginpage_error_message_unknownaccount string| loginpage_resolveaccountdiv_warning_invalid string| loginpage_resolveaccountdiv_warning_empty string| loginpage_logindiv_password_empty string| loginpage_captchadiv_error_title string| loginpage_captchadiv_error_message string| general_error_internal_server_error_title string| general_error_internal_server_error_message string| general_error_bad_request_title string| general_error_bad_request_message function| requestParameters string| signupUrl string| contactUsMfaUrl string| contactPremiumSupportUrl string| authPortalUrl string| iamLoginUrl boolean| isAccountUpdateReAuth boolean| showErrorMessage string| errorTitle string| errorMessage boolean| __fwcimLoaded object| fwcim boolean| isFlashEnabled boolean| __fwcimShimProfileReady number| state number| VERIFY_EMAIL number| SIGNIN number| AFA string| captchaStatusToken string| csrf string| sessionId function| getMetadata object| errorMessageController object| resolverContainerController object| loginContainerController function| getCookie function| resolveIdentifier function| resolveAccountType function| resolveAccountTypeWithMetadata function| clearCaptchaState function| clearMfaUserInput function| hideAllContainers function| hideMarketingContainer function| hideSigninInnerContainer function| hideSigninInnerFullWidthContainer function| showMarketingContainer function| showSigninInnerContainer function| showSigninInnerFullWidthContainer function| hideErrors function| showSpinnerOnSigninButtonAndDisableTheButton function| removeSpinnerOnSigninButtonAndEnableTheButton function| showSpinnerOnMfaSubmitButtonAndDisableTheButton function| removeSpinnerOnMfaSubmitButtonAndEnableTheButton function| showSpinnerOnResyncMfaButtonAndDisableTheButton function| removeSpinnerOnResyncMfaButtonAndEnableTheButton function| showSpinnerOnAfaButtonAndDisableTheButton function| removeSpinnerOnAfaButtonAndEnableTheButton function| showIamSignin function| showMfaDeviceConfirmation function| showResyncMfa function| showResolverContainer function| showPasswordEntry function| showMfaEntry function| showSuspendedUserDiv function| showMfaCustomerSupport function| showForgotPasswordPopupError function| signin function| signinWithMetadata function| showCaptcha function| populateCaptcha function| handleGetResetPasswordToken function| handleGetResetPasswordTokenWithMetadata function| populatePasswordRecoveryCaptcha function| refreshForgotPasswordCaptcha function| showForgotPasswordPopup function| dismissForgotPasswordPopup function| hideAllOnPasswordRecoveryPage function| handleAjaxCallFailure function| $ function| jQuery object| SCSM function| Zepto number| currentYear function| handleLanguageOptions function| changeLanguage string| currentPath0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aws.amazon.com.signin.redirect.uri.new.session.8.21354135.greenit24.cloud
aws.amazon.com.signin.redirect.uri.new.session.8.21354245.greenit24.cloud
redirect.bg-bescheid.com
111.90.158.141
095a716973efa65689c85d85b231e0acbba9789870424b963d514a7cfdb563bc
0b1e68b1025d14dce1b3c8cf22e6d3e73ce099bc1ec98e3c11857db320f166fb
15ad7487d0aa0f1bd6531ecb0f95310350d79b3c095a951ad96e327a880cbd4b
25165c27b1009d40c169b9df35cc1735682dbe49613ab91be0099bda708a480b
262e5fddc5440a2f204fc13751d053bd603aa447df1c05f918dc1fa9bebefcc9
295437df86381a56ae94b2a5491f916167b1f85db261f4ac2f53111973c09f15
7a7bde94b92d87a0498058909beda7ee1f4b34ef0470b0c60b31c2e748f67c1a
8d82b1e7faa7f2cdecd63fbe12c5a878d88a70bf383a552c1e66f03d2b795f38
a53ae559feabec44a9d5a9f722f34d9fb0f70d010d9fc0b36ba3bc5caadf37bc
d13820cdf75388b299511df5691dd2d6cb2be9c6b879e30f0af767201e6d124e
e5dfc9d690f14190add2294bc8db4ece80ff5f3f8c07c73c85ca94a872940b24
e89be6bba4cc671c3fe91a5b721d263f88c1e3d1e1bbcccbb035fd7b524f6aa7