de7.shocknodes.com
Open in
urlscan Pro
116.203.17.176
Malicious Activity!
Public Scan
Submission: On May 11 via manual from DE
Summary
This is the only time de7.shocknodes.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 116.203.17.176 116.203.17.176 | 24940 (HETZNER-AS) (HETZNER-AS) | |
6 | 2600:9000:212... 2600:9000:2127:ae00:1d:d7f6:39cf:a761 | 16509 (AMAZON-02) (AMAZON-02) | |
5 | 35.170.231.226 35.170.231.226 | 14618 (AMAZON-AES) (AMAZON-AES) | |
21 | 4 |
ASN24940 (HETZNER-AS, DE)
PTR: static.176.17.203.116.clients.your-server.de
de7.shocknodes.com |
ASN16509 (AMAZON-02, US)
images-na.ssl-images-amazon.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-35-170-231-226.compute-1.amazonaws.com
fls-na.amazon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
shocknodes.com
1 redirects
de7.shocknodes.com |
451 KB |
6 |
ssl-images-amazon.com
images-na.ssl-images-amazon.com |
109 KB |
5 |
amazon.com
fls-na.amazon.com |
1 KB |
21 | 3 |
Domain | Requested by | |
---|---|---|
9 | de7.shocknodes.com |
1 redirects
de7.shocknodes.com
|
6 | images-na.ssl-images-amazon.com |
de7.shocknodes.com
|
5 | fls-na.amazon.com |
de7.shocknodes.com
images-na.ssl-images-amazon.com |
21 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.amazon.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
Images-na.ssl-images-amazon.com DigiCert Global CA G2 |
2021-03-23 - 2022-03-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://de7.shocknodes.com:31145/home/
Frame ID: 878ECD032422401ACE4871C883D8A367
Requests: 21 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://de7.shocknodes.com:31145/home
HTTP 301
http://de7.shocknodes.com:31145/home/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Title: Amazon
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Forgot your password?
Search URL Search Domain Scan URL
Title: Create an account
Search URL Search Domain Scan URL
Title: Conditions of Use and Sale
Search URL Search Domain Scan URL
Title: Privacy Notice
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Conditions of Use
Search URL Search Domain Scan URL
Title: Privacy Notice
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://de7.shocknodes.com:31145/home
HTTP 301
http://de7.shocknodes.com:31145/home/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- http://de7.shocknodes.com:31145/ap/uedata?ld&v=0.832.1&id=9DPJK285PKKVMQJVDC3S&sw=1600&sh=1200&vw=1600&vh=1200&m=1&sc=9DPJK285PKKVMQJVDC3S&ue=2&bb=160&cf=162&be=230&pc=250&tc=-132&na_=-132&ul_=-1620736945764&_ul=-1620736945764&rd_=-131&_rd=-64&fe_=-64&lk_=-64&_lk=-64&co_=-64&_co=-64&sc_=-1620736945764&rq_=-63&rs_=-29&_rs=4&dl_=-12&di_=231&de_=231&_de=231&_dc=250&ld_=250&_ld=-1620736945764&ntd=-1&ty=0&rc=1&hob=1&hoe=160&ld=251&t=1620736946015&ctb=1&bfform=1&bft=1&rt=cf:6-5-1-0-1-0-1__ld:10-8-1-0-2-0-1&ec=3&ecf=3&csmtags=aui|aui:aui_build_date:3.14.6.0-patch_gesture-2015-05-17|fls-na&viz=visible:2&pty=AuthenticationPortal&spty=SignInApplication&pti=null&aftb=1 HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home
- http://de7.shocknodes.com:31145/ap/uedata?at&v=0.832.1&id=9DPJK285PKKVMQJVDC3S&ctb=1&m=1&sc=9DPJK285PKKVMQJVDC3S&pc=10252&at=10252&t=1620736956016&bfform=1&bft=1&ec=8&ecf=8&pty=AuthenticationPortal&spty=SignInApplication&pti=null&aftb=1 HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home HTTP 302
- http://de7.shocknodes.com:31145/ap/home
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
de7.shocknodes.com/home/ Redirect Chain
|
41 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
csmCELLS-min-413530770.js
de7.shocknodes.com/home/file/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jserrors-min-3018617914.js
de7.shocknodes.com/home/file/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
forester-client-min-758617388.js
de7.shocknodes.com/home/file/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AmazonUI-fcf27290b68379bc8ce89fd6edf394527c9f9508.css
de7.shocknodes.com/home/file/ |
158 KB 159 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AuthenticationPortalAssets-91e71591932f7ca4b3cbc7f8ccd7d20e1e.js
de7.shocknodes.com/home/file/ |
13 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AmazonUI-0c393f23e4e79393f8d612052b6b2ae69f322e96.js
de7.shocknodes.com/home/file/ |
232 KB 232 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fwcim.js
de7.shocknodes.com/home/file/ |
13 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AuthenticationPortalAssets-91e71591932f7ca4b3cbc7f8ccd7d20e1eca7c0b.secure.weblab-AP_MOBILE_AUI_CLIENT_SIDE_FORM_VALIDATION_47148-T1.min._V2_.js
images-na.ssl-images-amazon.com/images/G/01/AUIClients/ |
13 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AmazonUI-0c393f23e4e79393f8d612052b6b2ae69f322e96.rendering_engine-not-trident.secure.min._V2_.js
images-na.ssl-images-amazon.com/images/G/01/AUIClients/ |
232 KB 73 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aui_sprite_0029-1x._V1_.png
images-na.ssl-images-amazon.com/images/G/01/amazonui/sprites/ |
21 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
home
de7.shocknodes.com/ap/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ATVPDKIKX0DER:187-3070994-5563811:9DPJK285PKKVMQJVDC3S$uedata=s:%2Fap%2Fuedata%3Fld%26v%3D0.832.1%26id%3D9DPJK285PKKVMQJVDC3S%26sw%3D1600%26sh%3D1200%26vw%3D1600%26vh%3D1200%26m%3D1%26sc%3D9DPJK285...
fls-na.amazon.com/1/batch/1/OP/ |
43 B 224 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ATVPDKIKX0DER:187-3070994-5563811:9DPJK285PKKVMQJVDC3S$uedata=s:%2Fap%2Fuedata%3Fld%26v%3D0.832.1%26id%3D9DPJK285PKKVMQJVDC3S%26sc0%3DcsmCELLSframework%26bb0%3D86%26pc0%3D86%26ld0%3D86%26t0%3D16207...
fls-na.amazon.com/1/batch/1/OP/ |
43 B 224 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
forester-client-min-758617388.js
images-na.ssl-images-amazon.com/images/G/01/browser-scripts/forester-client/ |
7 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jserrors-min-3018617914.js
images-na.ssl-images-amazon.com/images/G/01/browser-scripts/jserrors/ |
2 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
csmCELLS-min-413530770.js
images-na.ssl-images-amazon.com/images/G/01/browser-scripts/csmCELLS/ |
7 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
fls-na.amazon.com/1/batch/1/OE/ |
0 293 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
fls-na.amazon.com/1/batch/1/OE/ |
0 293 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
home
de7.shocknodes.com/ap/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ATVPDKIKX0DER:187-3070994-5563811:9DPJK285PKKVMQJVDC3S$uedata=s:%2Fap%2Fuedata%3Fat%26v%3D0.832.1%26id%3D9DPJK285PKKVMQJVDC3S%26ctb%3D1%26m%3D1%26sc%3D9DPJK285PKKVMQJVDC3S%26pc%3D10252%26at%3D10252...
fls-na.amazon.com/1/batch/1/OP/ |
43 B 224 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- de7.shocknodes.com
- URL
- http://de7.shocknodes.com:31145/ap/home
- Domain
- de7.shocknodes.com
- URL
- http://de7.shocknodes.com:31145/ap/home
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)59 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated number| ue_t0 object| ue_csm number| ue_hob string| ue_err_chan string| ue_id string| ue_url number| ue_navtiming string| ue_mid string| ue_sid string| ue_sn string| ue_furl number| ue_fcsn string| ue_fpf number| ue_swi function| ue_viz object| ue function| ueLogError object| ue_err number| ueinit function| uei function| ueh function| ues function| uet function| uex function| onLd function| onLdEnd function| onUl function| onstop number| aPageStart object| ue_cel object| ue_pdm object| ue_vpm object| ue_fem object| AmazonUIPageJS object| P object| cel_widgets number| ue_tbno number| ue_tble number| ue_hoe number| useCel number| useCelFF object| amzn function| cf function| setMetadataF1 object| fwcim string| message string| ue_pty string| ue_spty object| ue_pti function| _uess function| _uec object| jQuery1640007747702375322740 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
de7.shocknodes.com
fls-na.amazon.com
images-na.ssl-images-amazon.com
de7.shocknodes.com
116.203.17.176
2600:9000:2127:ae00:1d:d7f6:39cf:a761
35.170.231.226
11b2083cdc7b8f40bb37f550418ab53b58f37716c343a53b37904427dd2d779e
193eeb962dd725bae3612a8223b8c57eb1d8642835ca1c3728ba06e7273a5568
76f59189bddcbf6e0902d3a27397b21ebfbe50d1ada946774a78c112cafbef98
8fdf315acd492d219fa5878134b780145d76a8eb73fe2bf32c024ebb4b145380
a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce
a4b1507176705848bc5b15271539a7f2bc3d1f49f2a1322579aa849923578cea
b2fc26abe2657b66a036b8e70953bedca25e45321f107faf4b14cabecbed31b9
c97197d3ade2125e98fa97832817347132495756fc2c2f9eb9dd679ad3940857
ce80ee2ee4c7f0f305633f0b21df9706727e3cad8e33fdd770eaff7473eedf3a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fcfc9b92b833358277d2100ab1ea98e8a036c8b564be471873f40e353e74d03c