amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com
Open in
urlscan Pro
35.234.35.59
Malicious Activity!
Public Scan
Effective URL: https://amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com/
Submission Tags: phishing amazon Search All
Submission: On November 29 via api from JP
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 27th 2020. Valid for: 3 months.
This is the only time amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 210.150.110.240 210.150.110.240 | 2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications) | |
1 | 103.235.46.39 103.235.46.39 | 55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.) | |
1 | 180.215.192.137 180.215.192.137 | 64050 (BCPL-SG B...) (BCPL-SG BGPNET Global ASN) | |
8 | 35.234.35.59 35.234.35.59 | 15169 (GOOGLE) (GOOGLE) | |
11 | 4 |
ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
PTR: 050.rakusaba.jp
amaz0n.rakusaba.jp |
ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
www.baidu.com |
ASN15169 (GOOGLE, US)
PTR: 59.35.234.35.bc.googleusercontent.com
amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
0932307927.com
amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com |
936 KB |
1 |
rayetensoft.com
www.rayetensoft.com |
340 B |
1 |
baidu.com
www.baidu.com |
603 B |
1 |
rakusaba.jp
amaz0n.rakusaba.jp |
385 B |
11 | 4 |
Domain | Requested by | |
---|---|---|
8 | amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com |
amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com
|
1 | www.rayetensoft.com |
www.baidu.com
|
1 | www.baidu.com | |
1 | amaz0n.rakusaba.jp | |
11 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
baidu.com GlobalSign Organization Validation CA - SHA256 - G2 |
2020-04-02 - 2021-07-26 |
a year | crt.sh |
amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com Let's Encrypt Authority X3 |
2020-11-27 - 2021-02-25 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com/
Frame ID: 206849327FE514D68C15FCFB84711B77
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://amaz0n.rakusaba.jp/ Page URL
- https://www.baidu.com/link?url=r3mU3N9efSbpaO6NH2Hu584W6W4eQo3gIngHEikvX8fLRKro99C8PnPfThDrtc8m&wd... Page URL
- http://www.rayetensoft.com/Sitemap Page URL
- https://amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com/ Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://amaz0n.rakusaba.jp/ Page URL
- https://www.baidu.com/link?url=r3mU3N9efSbpaO6NH2Hu584W6W4eQo3gIngHEikvX8fLRKro99C8PnPfThDrtc8m&wd=&eqid=b2dd22550001b891000000 Page URL
- http://www.rayetensoft.com/Sitemap Page URL
- https://amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
amaz0n.rakusaba.jp/ |
172 B 385 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
link
www.baidu.com/ |
588 B 603 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Sitemap
www.rayetensoft.com/ |
110 B 340 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com/ |
552 B 468 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.9083bf77c184148c87c8e29028c5c822.css
amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com/static/css/ |
5 MB 849 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
manifest.da48155ae07325978d7b.js
amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com/static/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.00855857305fee9acfa3.js
amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com/static/js/ |
234 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.26bd2427ef62ce7eb699.js
amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com/static/js/ |
5 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
16.a7b1a8e2e4d22b4a609c.js
amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com/static/js/ |
604 B 475 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jump.php
amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com/api/ |
0 322 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
17.4b106a949f60009b594b.js
amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com/static/js/ |
439 B 383 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
amaz0n.rakusaba.jp
amsazosnff705f1b6f527fe2038d5ad152f64769.0932307927.com
www.baidu.com
www.rayetensoft.com
103.235.46.39
180.215.192.137
210.150.110.240
35.234.35.59
174133453dfe262e7ae591c7b17d1844f2475fa94e68ede29426be678898bb6f
1a25610582f9c70bc209a6563895f2e6615964e31bd5270189a7b0cedd93c6a6
1d1ae0f33dbb0feb1ea822b1b162b1e431168e573c312d70273f175db4a37540
226560b5d51c71e1c28834b793ed6456abed3d08002dfc23f41820cdcb1fcf41
247d52a80e9c6250523cd19559e786f30b4b2e3b0abbc3dd023c82ef943f4dd5
3275f3ec2dbf3f3ab17555d5b79fdefc51e944e996f2d949ef3f7cdbf5a6e453
5174e0bf7e050204714107eeebf434d99cfc4d1a58d70c38658ddb9474033747
6536973819ce8526b829556af1b2ec1f4d9f5767909fcf36a0b4538eec65e6fa
96778ca027cddb37661d3b512ec8f0807e329079459a3a11de5cc21bc70aabac
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb356dd07244b83777e4dc1b9a7770a3b919d2b7227e2d8c2e583407142c18ef