amazon.com-index.eu Open in urlscan Pro
172.104.140.134  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.html Show response amazon.com-index.eu/of/	5 KB 6 KB	98ms 87ms	Document text/html	172.104.140.134 LINODE-AP Linode
General Check archive.org Show headers Download Go to Full URL http://amazon.com-index.eu/of/login.html?id=SxOFqvvY7Aj5pwk2 Protocol HTTP/1.1 Server 172.104.140.134 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US), Reverse DNS rxtx.com-index.eu Software Microsoft-IIS/7.5 / Resource Hash 035bc366482f45746c807bafa5a0b3e98b6c31ac43e3333146de4cf7a7464c9f Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Server Microsoft-IIS/7.5 Date Wed, 17 Nov 2021 05:02:57 GMT Connection keep-alive Content-Length 5618 Content-Type text/html; charset=utf-8 Last-Modified Mon, 15 Nov 2021 16:10:16 GMT Referrer-Policy no-referrer X-Content-Type-Options nosniff X-Frame-Options DENY X-XSS-Protection 1; mode=block Hey-Hacker GTFO
GET		fontawesome.css amazon.com-index.eu/vendor/fonts/	0 0
GET		alarm-bell.css amazon.com-index.eu/css/	0 0
GET H2	200	AmazonUIBaseCSS-sprite_1x-a45c662e707240b03417f6ca8b97bcb486f27428._V2_.png images-na.ssl-images-amazon.com/images/G/01/AUIClients/	25 KB 25 KB	75ms 12ms	Image image/png	2600:9000:2156:9400:1d:d7f6:39cf:a761 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-a45c662e707240b03417f6ca8b97bcb486f27428._V2_.png Requested by Host: amazon.com-index.eu URL: http://amazon.com-index.eu/of/login.html?id=SxOFqvvY7Aj5pwk2 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2156:9400:1d:d7f6:39cf:a761 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash 3425e9036117199702c5eea1bec0a4cecc8b779edae5e4870e688d67d12ac71a Request headers Accept-Language de-DE,de;q=0.9 Referer http://amazon.com-index.eu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Response headers date Thu, 04 Feb 2021 06:17:32 GMT via 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront) age 24741055 edge-cache-tag x-cache-857,/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-a45c662e707240b03417f6ca8b97bcb486f27428 x-cache Hit from cloudfront content-length 25262 surrogate-key x-cache-857 /images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-a45c662e707240b03417f6ca8b97bcb486f27428 last-modified Sat, 13 Feb 2016 23:21:21 GMT server Server content-type image/png access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id 9eac46d0-da62-4eb0-98e3-a63af15becc9 x-amz-cf-pop FRA50-C1 timing-allow-origin https://www.amazon.com x-amz-cf-id bpvlZLOMGyLZI2DAy7eHiYbQj6TPOGneft_2G6lXSwD8bJjJ3lzf-g== expires Tue, 29 Jan 2041 20:32:02 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

amazon.com-index.eu

URL

http://amazon.com-index.eu/vendor/fonts/fontawesome.css

Domain

amazon.com-index.eu

URL

http://amazon.com-index.eu/css/alarm-bell.css

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			amazon.com-index.eu/	1969-12-31 23:59:59	Name: KPID Value: BxZYRTLmNRjipA38rVBe3PPW

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: http://amazon.com-index.eu/of/login.html?id=SxOFqvvY7Aj5pwk2 Message: Refused to apply style from 'http://amazon.com-index.eu/vendor/fonts/fontawesome.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: http://amazon.com-index.eu/of/login.html?id=SxOFqvvY7Aj5pwk2 Message: Refused to apply style from 'http://amazon.com-index.eu/css/alarm-bell.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

amazon.com-index.eu
images-na.ssl-images-amazon.com
amazon.com-index.eu
172.104.140.134
2600:9000:2156:9400:1d:d7f6:39cf:a761
035bc366482f45746c807bafa5a0b3e98b6c31ac43e3333146de4cf7a7464c9f
3425e9036117199702c5eea1bec0a4cecc8b779edae5e4870e688d67d12ac71a