Phishing Analysis

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Usuarios de Amazon
• Método: Suplantación de identidad a través de alojamiento gratuito
• Exfil: Desconocido
• Indicadores: Alojamiento gratuito y logotipo de la marca
• Riesgo: Medio

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

• atob
• eval
• fromCharCode
• unescape
• hex_escape
• unicode_escape
• base64_strings

🎯 Kit Endpoints

• https://m.media-amazon.com/images/G/01/poppin/AmazonLive/2023_Apr_Jun/amazonlivelogo_whitebg_LeftJustified.png
• https://openjsf.org/
• https://unagi
• https://${(0,fe.d)(n,t)}/custom/vsevideodataaggregatorcontracts/amazon-api-vse`,o=ge.A.get(),s=yield
• https://d231gvmk20yd16.cloudfront.net/${e}.json`,a=yield(0,o.uj)(t),{response:n}=a;if(n&&200===n.status){const{data:{url:e}={}}=n;e&&u(e)}}catch(t){c.A.error(`Failed
• https://m.media-amazon.com/images/S/sash/iu3jwAvFfCbpMfl.js?name=app-desktop
• https://www.aboutamazon.com/?utm_source=gateway&utm_medium=footer&token=about
• https://m.media-amazon.com/images/G/01/follow/follow_button_sprite.png
• https://api.eu-west-1.prod.proxy.live.amazon.in/
• https://player.live-video.net/1.19.0/amazon-ivs-wasmworker.min.wasm
• https://m.media-amazon.com/images/I/81BXdoJ-FBL.js?AUIClients/FWCIMAssets
• https://unagi-cn.amazon.com
• /?ref_=footer_logo
• https://logistics.amazon.com/marketing?utm_source=amzn&utm_medium=footer&utm_campaign=home
• https://dl.amazon.com/redirect?url=${encodeURIComponent(e)}&customFallbackUrl=${encodeURIComponent(t)}&campaignId=${a}&failureMode=MobileWebMostly`)({url:s.toString(),customFallbackUrl:p.toString(),campaignId:
• http://tiny/c1mr5h0u
• https://in-pre-prod.amazon.com
• https://${(0,fe.d)(r,t)}/custom/asvmetadataaggregationservicecontracts/amazon-api-asv`,c=yield
• https://www.amazon.com
• https://email.aboutamazon.com/l/637851/2020-10-29/pd87g?utm_source=gateway&utm_medium=amazonfooters&utm_campaign=newslettersubscribers&utm_content=amazonnewssignup
• https://m.media-amazon.com/images/S/sash/pDxWAF1pBB0dzGB.woff2
• https://m.media-amazon.com/images/I/51FVzmwFLsL.js?AUIClients/FollowButtonWidgetAssets
• https://pr-keyos-twitch.licensekeyserver.com/core/rightsmanager.asmx
• https://lodash.com/
• /ref=nav_logo
• https://m.media-amazon.com/images/S/sash/KxsQ4i4lXiocHNA.js?name=353
• https://twitter.com/intent/tweet?text={text}&url={url}
• https://images-na.ssl-images-amazon.com/images/S/amazon-avatars-global/default._SX50_QL100_SCLZZZZZZZ_.png
• https://m.media-amazon.com/images/I/${o}.${l?
• https://m.media-amazon.com/images/G/01/shopbylook/shoppable-images/next_tab_control._CB416468320_.svg
• http://www.apache.org/licenses/LICENSE-2.0
• https://m.media-amazon.com/images/G/01/poppin/social_share_logo/icon_twitter.png
• https://m.media-amazon.com/images/I/21pj1OVABnL.js?AUIClients/ShareWidgetTriggerAssets
• https://tiny.amazon.com/hnqhhg9
• https://m.media-amazon.com/images/I/31hknpW-QwL.js?AUIClients/BotDetectionJSSignalCollectionAsset
• https://sustainability.aboutamazon.com/?utm_source=gateway&utm_medium=footer&ref_=susty_footer
• https://www.pinterest.com/pin/create/button/

📡 API Calls Detected

• GET
• POST
• https://9eya4arjbh.execute-api.us-east-1.amazonaws.com/prod/reportvideo
• https://

📤 Form Action Targets

• /s/ref=nb_sb_noss
• get

🦠 Malicious Files