amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care
Open in
urlscan Pro
185.3.166.164
Malicious Activity!
Public Scan
URL:
http://amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care/IDSWebAuths/login.html.appIdKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3...
Submission: On July 26 via automatic, source openphish
Submission: On July 26 via automatic, source openphish
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 22 HTTP transactions.
The main IP is 185.3.166.164, located in
Hemel Hempstead, United Kingdom and
belongs to ICH-AS, GB.
The main domain is amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care.
This is the only time amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care was scanned on urlscan.io!
This is the only time amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 7 | 185.3.166.164 185.3.166.164 | 57168 (ICH-AS) (ICH-AS) | |
| 5 | 52.84.77.194 52.84.77.194 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 10 | 72.21.206.121 72.21.206.121 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 22 | 3 |
7
185.3.166.164
(Hemel Hempstead, United Kingdom)
ASN57168 (ICH-AS, GB)
PTR: alpha.cloudns.io
ASN57168 (ICH-AS, GB)
PTR: alpha.cloudns.io
| amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care |
5
52.84.77.194
(Seattle, United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-84-77-194.atl52.r.cloudfront.net
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-84-77-194.atl52.r.cloudfront.net
| images-na.ssl-images-amazon.com |
10
72.21.206.121
(Ashburn, United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: 206-121.amazon.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: 206-121.amazon.com
| fls-na.amazon.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 10 |
amazon.com
fls-na.amazon.com |
43 B |
| 7 |
amazan-assistance.care
amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care |
143 KB |
| 5 |
ssl-images-amazon.com
images-na.ssl-images-amazon.com |
129 KB |
| 22 | 3 |
| Domain | Requested by | |
|---|---|---|
| 10 | fls-na.amazon.com |
amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care
|
| 7 | amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care |
amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care
|
| 5 | images-na.ssl-images-amazon.com |
amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care
|
| 22 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.amazon.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| Images-na.ssl-images-amazon.com Symantec Class 3 Secure Server CA - G4 |
2016-09-23 - 2017-10-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care/IDSWebAuths/login.html.appIdKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&path=/signin/account/manage&sslEnabled=true/902e6d49ea28b4a4fc0fecd20ef9997d/Amazon%20Sign%20In%20Erorr.html
Frame ID: 31233.1
Requests: 22 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
URL: https://www.amazon.com/ref=ap_frn_logo
Title: Amazon
Title: Amazon
Search URL Search Domain Scan URL
URL: https://www.amazon.com/ap/forgotpassword?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin&prevRID=XVWXDHS8AXGX1FG5K383&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=usflex&openid.mode=checkid_setup&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=usflex&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
Title: Forgot your password?
Title: Forgot your password?
Search URL Search Domain Scan URL
URL: https://www.amazon.com/ap/register?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2F%3Fie%3DUTF8%26ref_%3Dnav_ya_signin&prevRID=XVWXDHS8AXGX1FG5K383&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=usflex&openid.mode=checkid_setup&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=usflex&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
Title: Create your Amazon account
Title: Create your Amazon account
Search URL Search Domain Scan URL
URL: https://www.amazon.com/gp/help/customer/display.html/ref=ap_desktop_footer_cou?ie=UTF8&nodeId=508088
Title: Conditions of Use
Title: Conditions of Use
Search URL Search Domain Scan URL
URL: https://www.amazon.com/gp/help/customer/display.html/ref=ap_desktop_footer_privacy_notice?ie=UTF8&nodeId=468496
Title: Privacy Notice
Title: Privacy Notice
Search URL Search Domain Scan URL
URL: https://www.amazon.com/help
Title: Help
Title: Help
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
Amazon%20Sign%20In%20Erorr.html
amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care/IDSWebAuths/login.html.appIdKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&path=/sig... |
47 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ClientSideMetricsAUIJavascript-6f4530fbabd6f27cfdd6766c550b5c5327f8aa3d._V2_.js
amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care/IDSWebAuths/login.html.appIdKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&path=/sig... |
18 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
AmazonUI-def1dfe3edcac538e27845c3cfc11fa83c842d7e._V2_.css
amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care/IDSWebAuths/login.html.appIdKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&path=/sig... |
117 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
AmazonUI-f6f291c6a8d2841689003a47eaa9202b1dad6fba._V2_.js
amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care/IDSWebAuths/login.html.appIdKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&path=/sig... |
270 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
AuthenticationPortalAssets-407d80b49b84bc64bddf7ae71f4ca3d4f5dd5e12._V2_.js
amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care/IDSWebAuths/login.html.appIdKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&path=/sig... |
29 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
FWCIMAssets-9eca65ae1db46e414189af742840edf68b3a432a._V2_.js
amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care/IDSWebAuths/login.html.appIdKey=af1139274f266b22b68c2a3e7ad932cb3c0bbe854e13a79af78dcc73136882c3&path=/sig... |
15 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
AmazonUI-f6f291c6a8d2841689003a47eaa9202b1dad6fba._V2_.js
images-na.ssl-images-amazon.com/images/G/01/AUIClients/ |
270 KB 84 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
AuthenticationPortalAssets-407d80b49b84bc64bddf7ae71f4ca3d4f5dd5e12._V2_.js
images-na.ssl-images-amazon.com/images/G/01/AUIClients/ |
29 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
FWCIMAssets-9eca65ae1db46e414189af742840edf68b3a432a._V2_.js
images-na.ssl-images-amazon.com/images/G/01/AUIClients/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
AmazonUIBaseCSS-sprite_1x-a45c662e707240b03417f6ca8b97bcb486f27428._V2_.png
images-na.ssl-images-amazon.com/images/G/01/AUIClients/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
csm-features:impression-tracking
fls-na.amazon.com/1/action-impressions/1/OP/csm/action/ |
0 0 |
Other
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
/
fls-na.amazon.com/1/batch/1/OE/ |
0 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
/
fls-na.amazon.com/1/batch/1/OE/ |
0 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
uedata
amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care/ap/ |
207 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ATVPDKIKX0DER:181-9333268-8037505:XVWXDHS8AXGX1FG5K383$uedata=s:%2Fap%2Fuedata%3Fld%26v%3D0.417.0%26id%3DXVWXDHS8AXGX1FG5K383%26sw%3D1600%26sh%3D1200%26vw%3D1600%26vh%3D1200%26m%3D1%26sc%3DXVWXDHS8...
fls-na.amazon.com/1/batch/1/OP/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ClientSideMetricsAUIJavascript-6f4530fbabd6f27cfdd6766c550b5c5327f8aa3d._V2_.js
images-na.ssl-images-amazon.com/images/G/01/AUIClients/ |
18 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
/
fls-na.amazon.com/1/batch/1/OE/ |
0 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
/
fls-na.amazon.com/1/batch/1/OE/ |
0 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
/
fls-na.amazon.com/1/batch/1/OE/ |
0 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
/
fls-na.amazon.com/1/batch/1/OE/ |
0 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
/
fls-na.amazon.com/1/batch/1/OE/ |
0 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
/
fls-na.amazon.com/1/batch/1/OE/ |
0 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care/ | Name: csm-hit Value: s-XVWXDHS8AXGX1FG5K383|1501092943965 |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
amazon.prime.com.gp.help.customer.display.html-node.rnclaime.540590.amazan-assistance.care
fls-na.amazon.com
images-na.ssl-images-amazon.com
185.3.166.164
52.84.77.194
72.21.206.121
1ba86e9410a29c123008488d0e0e64df658db3ffe67c2f0f48ebdd594a2641fd
3425e9036117199702c5eea1bec0a4cecc8b779edae5e4870e688d67d12ac71a
3f53253fce3afece4093cefb87b86a33748691f105d1509746d631e132987274
481d432b9d9952da24ed30ff58462952b6635f2aebae16619be65888371f79f6
a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce
c60a6e4c794976f99d557152c217c3af0148133169ceb4bd85ec33f5f4c0d75b
d40d87bbec8176bd995c20b28452836fcdabaedc867211725b3f736bf6d68e76
e00072c683f1b13a61567589e57d28f3e30471def9caa6bc9c791ad7ca060c79
f673179c95a80604cf7306c3c23f90c263df6b1e61d2f2f9fa0804c6a785bc5c