ff-magazin.com
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Submission Tags: @ecarlesi threat phishing amazon Search All
Submission: On September 30 via api from IT — Scanned from NL
Summary
TLS certificate: Issued by WE1 on September 27th 2024. Valid for: 3 months.
This is the only time ff-magazin.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
16 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 52.48.171.237 52.48.171.237 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2600:9000:249... 2600:9000:2490:fe00:3:12d0:8d40:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 44.215.129.188 44.215.129.188 | 14618 (AMAZON-AES) (AMAZON-AES) | |
23 | 6 |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-171-237.eu-west-1.compute.amazonaws.com
fls-eu.amazon.com |
ASN16509 (AMAZON-02, US)
d35uxhjf90umnp.cloudfront.net |
ASN14618 (AMAZON-AES, US)
PTR: ec2-44-215-129-188.compute-1.amazonaws.com
unagi-na.amazon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
ff-magazin.com
ff-magazin.com |
602 KB |
3 |
amazon.com
fls-eu.amazon.com — Cisco Umbrella Rank: 13499 unagi-na.amazon.com — Cisco Umbrella Rank: 1056 |
719 B |
1 |
cloudfront.net
d35uxhjf90umnp.cloudfront.net |
12 KB |
23 | 3 |
Domain | Requested by | |
---|---|---|
18 | ff-magazin.com |
ff-magazin.com
|
2 | fls-eu.amazon.com |
ff-magazin.com
|
1 | unagi-na.amazon.com |
ff-magazin.com
|
1 | d35uxhjf90umnp.cloudfront.net |
ff-magazin.com
|
23 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ff-magazin.com WE1 |
2024-09-27 - 2024-12-26 |
3 months | crt.sh |
fls-eu.amazon.com Amazon RSA 2048 M03 |
2024-09-05 - 2025-10-04 |
a year | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2024-07-30 - 2025-07-03 |
a year | crt.sh |
unagi-na.amazon.com Amazon RSA 2048 M01 |
2024-01-18 - 2025-01-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ff-magazin.com/b1cf7d5dd846479a818ee24e59027923.html
Frame ID: E08851CE0DB594E296DFC8E9C6F96B38
Requests: 23 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
b1cf7d5dd846479a818ee24e59027923.html
ff-magazin.com/ |
113 KB 44 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
speculation
ff-magazin.com/cdn-cgi/ |
128 B 467 B |
Other
application/speculationrules+json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
617yUmK-YcL._RC11Fd9tJOdtL.css,21T2IUX33TL.css,31WoRZHct0L.css,31XzAwLFEEL.css_.css
ff-magazin.com/static/css/ |
129 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
01SdjaY0ZsL._RC31jdWD_JB_L.css,51E5CuE4VpL.css_.css
ff-magazin.com/static/css/ |
62 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
21sHKQBL2NL.css
ff-magazin.com/static/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
AuthenticationPortalSigninEU.js
ff-magazin.com/static/js/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
A21TJRUUN4KGV:259-1082621-3382720:B0M1ZEV6D7RPCPCAMSZJ$uedata=s:%2Fap%2Fuedata%3Fstaticb%26id%3DB0M1ZEV6D7RPCPCAMSZJ:0
fls-eu.amazon.com/1/batch/1/OP/ |
43 B 151 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
61xJcNKKLXL._RC11Y_5x_kkTL.js,514Z0GBG2eL.js,31quly41aVL.js,31LHsGF3dBL.js,01N6xzIJxbL.js,51NnTYPBTOL.js,01rpauTep4L.js,31KAmOFMMyL.js,6115_vE3YgL.js,01KsMxlPtzL.js_.js
ff-magazin.com/static/js/ |
310 KB 125 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
21ZMwVh4T0L._RC21OJDARBhQL.js,218GJg15I8L.js,31lucpmF4CL.js,2119M3Ks9rL.js,61Ar-B9CLsL.js_.js
ff-magazin.com/static/js/ |
117 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
01wGDSlxwdL.js
ff-magazin.com/static/js/ |
521 B 943 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
41PUkKpoyiL.js
ff-magazin.com/static/js/ |
24 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
8150jbgvn9L.js
ff-magazin.com/static/js/ |
323 KB 124 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
31jdfgcsPAL.js
ff-magazin.com/static/js/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
71MFMsTQG0L.js
ff-magazin.com/static/js/ |
177 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
51RddlGAZmL.js
ff-magazin.com/static/js/ |
58 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
71v46YykigL.js
ff-magazin.com/static/js/ |
256 KB 98 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
A16Ccz05m-L.js
ff-magazin.com/static/js/ |
415 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
mPGmT0r6IeTyIee.png
ff-magazin.com/static/image/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
showads.v2.js
ff-magazin.com/static/js/ |
23 B 593 B |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.js
d35uxhjf90umnp.cloudfront.net/ |
37 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
fls-eu.amazon.com/1/batch/1/OE/ |
0 165 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
com.amazon.eel.katal.metrics.core.nexus.gamma
unagi-na.amazon.com/1/events/ |
2 B 403 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
A16Ccz05m-L.js
ff-magazin.com/static/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ff-magazin.com
- URL
- https://ff-magazin.com/static/js/A16Ccz05m-L.js?AUIClients/ACICAssets
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)79 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
number| ue_t0 object| ue_csm number| ue_hob string| ue_err_chan string| ue_id string| ue_url number| ue_navtiming string| ue_mid string| ue_sid string| ue_furl string| ue_surl number| ue_fcsn number| ue_urt string| ue_rpl_ns number| ue_ddq string| ue_fpf number| ue_sbuimp number| ue_lpsi string| ue_lob number| ue_swi function| ue_viz number| ue_hoe number| ue_ihb object| ue function| ueLogError object| ue_err number| ueinit function| uei function| ueh function| ues function| uet function| uex function| onLd function| onLdEnd function| onUl function| onstop number| aPageStart function| _pSetI function| _sw function| _pd number| ue_ihe function| csa object| app object| amzn function| cf object| metadataList object| input object| authenticationFormList number| index object| fwcimCmd boolean| acicShouldSetup function| acicEventListener function| submitForm function| setAAToken function| getClientContext function| getFwcimBlob function| getEmailAddress function| isTestEmailPattern object| ue_mbl string| ue_pty string| ue_spty number| ue_adb number| ue_adb_rtla number| ue_wtc_c number| ue_ibe function| _uess number| ue_fadb function| ue_isAdb object| ue_utils number| ue_unrt number| ue_adb_chk function| setImmediate function| clearImmediate number| __fwcimLoaded object| fwcim object| pie object| regeneratorRuntime object| SiegeCrypto object| jQuery164092725073402138112 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ff-magazin.com/ | Name: csm-hit Value: tb:s-B0M1ZEV6D7RPCPCAMSZJ|1727730252470&t:1727730255001&adb:adblk_no |
|
ff-magazin.com/ | Name: id_pkel Value: n0 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d35uxhjf90umnp.cloudfront.net
ff-magazin.com
fls-eu.amazon.com
unagi-na.amazon.com
ff-magazin.com
188.114.96.3
2600:9000:2490:fe00:3:12d0:8d40:21
2a06:98c1:3121::3
44.215.129.188
52.48.171.237
04ddbd1403035cb26bdb70f8786888a73b0cdbf208675e10f245e20dd2ef4621
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
2e5c4e5dd76d19bd957864a5485880b7dd5381be31835dc30dbb276d82652a89
432dff2bd6f663c6151a5947fa318a46463085d4f6e40761450e8b38fd0fe938
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48d371189b07243f6fef339c2bcdf872b3083af99cde012094dd21a1ec87d72c
6267b22c78747f8db9476b502c900e874aebf89e1c658b5b3282f4c01f7a54c2
6f9fb9a85e64db39d08786e8c785d2daa249d20a245ef39649211c0df777c2fb
71fe9e8b96067b662d7f2cb0d6222ad60ef3fa16eaa69bc431f8d3ae4f5dd0ac
73109ed7757bc9921ab63789df583202cb772709a571977a70bd737e17945d91
7a749e1ac030cd46fa63792b706e389756a71caec5d1d92048238bf0de145760
88ea58255d4cd82340f7acaabe0e6a99f195a4dc2ca6ef56ec503d03b331bee5
96d1c72a1edd9637dbe30c1b0693316a2a0885c94da9b6a3b61fc573dd9737f9
a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce
b3c8d89eb313890e0459eac1e88b3db96f5a4e24690da894fb7fb76dd6aa4929
c47691a714391803f4a58cb0400db014ef031fa64ea282235be2035299707eeb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f592b1b49eead8f99c977ede443e7bf79500c4aef5dbf8ca05f64ec4e743d3c4
f95bdd8640307794cff380cef8333b1ee6fc78dc37aa904356c896e4611a13b6
ff7231c17f8ac6bb63f69feee9f023841df9d2f8534e0ecca62e5c8fe376e1ba