mail.na7-amazon.com Open in urlscan Pro
193.201.82.113  Malicious Activity! Public Scan

URL: https://mail.na7-amazon.com/
Submission: On January 25 via api from US — Scanned from US

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 193.201.82.113, located in Romania and belongs to THCPROJECTS, RO. The main domain is mail.na7-amazon.com.
TLS certificate: Issued by R3 on January 24th 2024. Valid for: 3 months.
This is the only time mail.na7-amazon.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

IP Address AS Autonomous System
1 193.201.82.113 51177 (THCPROJECTS)
3 2a04:4e42::272 54113 (FASTLY)
4 3
Apex Domain
Subdomains
Transfer
3 ssl-images-amazon.com
images-na.ssl-images-amazon.com — Cisco Umbrella Rank: 962
20 KB
1 na7-amazon.com
mail.na7-amazon.com
3 KB
4 2
Domain Requested by
3 images-na.ssl-images-amazon.com mail.na7-amazon.com
images-na.ssl-images-amazon.com
1 mail.na7-amazon.com
4 2

This site contains no links.

Subject Issuer Validity Valid
na7-amazon.com
R3
2024-01-24 -
2024-04-23
3 months crt.sh
images-na.ssl-images-amazon.com
DigiCert Global CA G2
2023-09-08 -
2024-06-21
9 months crt.sh

This page contains 1 frames:

Primary Page: https://mail.na7-amazon.com/
Frame ID: 6C441DFD6E48AB869A38DCD290968792
Requests: 5 HTTP requests in this frame

Screenshot


Page Statistics

4
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

23 kB
Transfer

110 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
mail.na7-amazon.com/
5 KB
3 KB
Document
General
Full URL
https://mail.na7-amazon.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.201.82.113 , Romania, ASN51177 (THCPROJECTS, RO),
Reverse DNS
s01ipx82x113.thchost.ro
Software
nginx /
Resource Hash
6b620fa350c186ce210aec1c1af3c61652ff3c0da2614e7812bdc2d5725074e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 25 Jan 2024 20:13:20 GMT
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff
x-nginx-upstream-cache-status
EXPIRED
x-server-powered-by
Engintron
x-xss-protection
1; mode=block
61-3-bWDR-L.css
images-na.ssl-images-amazon.com/images/I/
95 KB
11 KB
Stylesheet
General
Full URL
https://images-na.ssl-images-amazon.com/images/I/61-3-bWDR-L.css
Requested by
Host: mail.na7-amazon.com
URL: https://mail.na7-amazon.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::272 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
88c78d283f917ae20924b60439e8ae078cc6795065d4d59f13b40e7b6a060119

Request headers

accept-language
en-US,en;q=0.9
Referer
https://mail.na7-amazon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 25 Jan 2024 20:13:21 GMT
content-encoding
br
age
1390764
x-cache
HIT from fastly, MISS from fastly
x-nginx-cache-status
HIT
server-timing
provider;desc="fy"
content-length
10654
x-served-by
cache-iad-kcgs7200039-IAD, cache-ewr18154-EWR
last-modified
Mon, 20 Jul 2020 13:59:11 GMT
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=630720000,public
x-amz-ir-id
b3b3a163-3676-4faf-90cd-991530545528
accept-ranges
bytes
timing-allow-origin
https://www.amazon.in, https://www.amazon.com
expires
Mon, 07 Sep 2043 01:00:10 GMT
21pIdgTnwML.png
images-na.ssl-images-amazon.com/images/I/
6 KB
6 KB
Image
General
Full URL
https://images-na.ssl-images-amazon.com/images/I/21pIdgTnwML.png
Requested by
Host: images-na.ssl-images-amazon.com
URL: https://images-na.ssl-images-amazon.com/images/I/61-3-bWDR-L.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::272 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ddf42c4aee947006d3d0b60207a3dcd713b4e838c0ae7c55d8eba6327fdebe9a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://images-na.ssl-images-amazon.com/images/I/61-3-bWDR-L.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires
Tue, 25 Aug 2043 11:50:30 GMT
date
Thu, 25 Jan 2024 20:13:21 GMT
last-modified
Thu, 15 Aug 2013 17:53:57 GMT
age
1921856
x-cache
HIT from fastly, HIT from fastly
x-nginx-cache-status
HIT
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=630720000,public
x-amz-ir-id
56e09a6d-faf9-4d98-aea4-bb26f5f87f42
server-timing
provider;desc="fy"
accept-ranges
bytes
timing-allow-origin
https://www.amazon.in, https://www.amazon.com
content-length
6338
x-served-by
cache-iad-kiad7000124-IAD, cache-ewr18154-EWR
11Tz2u7Y8wL.png
images-na.ssl-images-amazon.com/images/I/
3 KB
3 KB
Image
General
Full URL
https://images-na.ssl-images-amazon.com/images/I/11Tz2u7Y8wL.png
Requested by
Host: images-na.ssl-images-amazon.com
URL: https://images-na.ssl-images-amazon.com/images/I/61-3-bWDR-L.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::272 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d41af45fc77c0071d323d5b08163fc565dcdd7f94cd22fc0e11cf2e84a9a0ff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://images-na.ssl-images-amazon.com/images/I/61-3-bWDR-L.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires
Tue, 25 Aug 2043 09:14:14 GMT
date
Thu, 25 Jan 2024 20:13:21 GMT
last-modified
Wed, 05 Feb 2014 00:50:26 GMT
age
6178842
x-cache
HIT from fastly, HIT from fastly
x-nginx-cache-status
HIT
access-control-allow-origin
*
content-type
image/png
cache-control
max-age=630720000,public
x-amz-ir-id
e5d31b5f-69a5-45d8-b0e5-8a055f8eae94
server-timing
provider;desc="fy"
accept-ranges
bytes
timing-allow-origin
https://www.amazon.in, https://www.amazon.com
content-length
2787
x-served-by
cache-iad-kjyo7100142-IAD, cache-ewr18154-EWR
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ddcf5e140c5cbeffa3e5a13f10bc2d5631ea015cfa71eaf8817b43326ddfd8ee

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block