verify-amzcase-review629749656.com

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 6 HTTP transactions. The main IP is 50.115.172.112, located in United States and belongs to VIRP, US. The main domain is verify-amzcase-review629749656.com.
TLS certificate: Issued by R3 on June 27th 2022. Valid for: 3 months.

This is the only time verify-amzcase-review629749656.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	99.81.160.34 99.81.160.34	16509 (AMAZON-02) (AMAZON-02)
1 1	2606:4700:303... 2606:4700:3037::6815:3ea2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	50.115.172.112 50.115.172.112	32875 (VIRP) (VIRP)
1	2600:9000:20e... 2600:9000:20eb:1600:1d:d7f6:39d0:c781	16509 (AMAZON-02) (AMAZON-02)
6	3

3 99.81.160.34 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-160-34.eu-west-1.compute.amazonaws.com

amazon-caseid368241.lnk.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:3ea2 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cocc.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 50.115.172.112 (United States) 1 redirects

ASN32875 (VIRP, US)
PTR: s5tr9cu6.avxmarketing.com

verify-amzcase-review629749656.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:1600:1d:d7f6:39d0:c781 (United States)

ASN16509 (AMAZON-02, US)

m.media-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	verify-amzcase-review629749656.com 1 redirects verify-amzcase-review629749656.com	222 KB
3	lnk.to amazon-caseid368241.lnk.to	83 KB
1	media-amazon.com m.media-amazon.com — Cisco Umbrella Rank: 505	28 KB
1	cocc.me 1 redirects cocc.me	722 B
6	4

	Domain	Requested by
3	verify-amzcase-review629749656.com	1 redirects amazon-caseid368241.lnk.to verify-amzcase-review629749656.com
3	amazon-caseid368241.lnk.to	amazon-caseid368241.lnk.to
1	m.media-amazon.com	verify-amzcase-review629749656.com
1	cocc.me	1 redirects
6	4

This site contains links to these domains. Also see Links.

Domain
www.amazon.com

Subject Issuer	Validity	Valid
lnk.to Amazon	`2021-09-08` - `2022-10-07`	a year	crt.sh
verify-amzcase-review629749656.com R3	`2022-06-27` - `2022-09-25`	3 months	crt.sh
Images-na.ssl-images-amazon.com DigiCert Global CA G2	`2022-02-01` - `2023-01-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://verify-amzcase-review629749656.com/ap/signin
Frame ID: B7E8DA4880CA13194D35DABD1F874B04
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Amazon Sign-In

Page URL History Show full URLs

https://amazon-caseid368241.lnk.to/website Page URL
https://cocc.me/z4KQh HTTP 301
https://verify-amzcase-review629749656.com/?verify HTTP 302
https://verify-amzcase-review629749656.com/ap/signin Page URL

Page Statistics

6
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

332 kB
Transfer

334 kB
Size

5
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.amazon.com/ap/forgotpassword?showRememberMe=true&openid.pape.max_auth_age=0&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=usflex&openid.return_to=https%3A%2F%2Fwww.amazon.com%2F%3Fref_%3Dnav_ya_signin&prevRID=BRHA9NYG75BQK2E6TR1F&openid.assoc_handle=usflex&openid.mode=checkid_setup&prepopulatedLoginId=&failedSignInCount=0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://www.amazon.com/ap/register?showRememberMe=true&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.com%2F%3Fref_%3Dnav_ya_signin&prevRID=5E2S0M02YQK0KWXY6QRW&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=usflex&openid.mode=checkid_setup&prepopulatedLoginId=&failedSignInCount=0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=usflex&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
Title: Create your Amazon account

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://amazon-caseid368241.lnk.to/website Page URL
https://cocc.me/z4KQh HTTP 301
https://verify-amzcase-review629749656.com/?verify HTTP 302
https://verify-amzcase-review629749656.com/ap/signin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	website Show response amazon-caseid368241.lnk.to/	82 KB 83 KB	223ms 114ms	Document text/html	99.81.160.34 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://amazon-caseid368241.lnk.to/website Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 99.81.160.34 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-99-81-160-34.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash `d68b0f266bd11ae0564257af4169846804cbff0233f9ef815dc695d0595ccf2d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-type text/html; charset=UTF-8 date Mon, 27 Jun 2022 20:32:31 GMT server nginx x-redirector-version redirector-v3
POST H2	200	/ Show response amazon-caseid368241.lnk.to/~/tr/pageview/	70 B 186 B	85ms 85ms	XHR application/json	99.81.160.34 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://amazon-caseid368241.lnk.to/~/tr/pageview/ Requested by Host: amazon-caseid368241.lnk.to URL: https://amazon-caseid368241.lnk.to/website Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 99.81.160.34 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-99-81-160-34.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash `e9aa352072694f86f656fbe6633991181f934c741a4e1123ead1ddade6e7531a` Request headers Referer https://amazon-caseid368241.lnk.to/website accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Content-Type application/json Response headers date Mon, 27 Jun 2022 20:32:31 GMT x-redirector-version redirector-v3 server nginx content-type application/json; charset=UTF-8
POST H2	200	/ amazon-caseid368241.lnk.to/~/tr/event/	70 B 186 B	93ms 93ms	XHR application/json	99.81.160.34 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://amazon-caseid368241.lnk.to/~/tr/event/ Requested by Host: amazon-caseid368241.lnk.to URL: https://amazon-caseid368241.lnk.to/website Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 99.81.160.34 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-99-81-160-34.eu-west-1.compute.amazonaws.com Software nginx / Resource Hash Request headers Referer https://amazon-caseid368241.lnk.to/website accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Content-Type application/json Response headers date Mon, 27 Jun 2022 20:32:31 GMT x-redirector-version redirector-v3 server nginx content-type application/json; charset=UTF-8
GET H/1.1	200 OK	Primary Request signin Show response verify-amzcase-review629749656.com/ap/ Redirect Chain https://cocc.me/z4KQh https://verify-amzcase-review629749656.com/?verify https://verify-amzcase-review629749656.com/ap/signin	7 KB 4 KB	327ms 326ms	Document text/html	50.115.172.112 VIRP
General Check archive.org Show headers Download Go to Full URL https://verify-amzcase-review629749656.com/ap/signin Requested by Host: amazon-caseid368241.lnk.to URL: https://amazon-caseid368241.lnk.to/website Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 50.115.172.112 , United States, ASN32875 (VIRP, US), Reverse DNS s5tr9cu6.avxmarketing.com Software Apache / Resource Hash `791853281babda26e528cf3c0bbaacb5b7138448e9f8dbe4fed8e104109d9b50` Request headers Referer https://amazon-caseid368241.lnk.to/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-cache, private Connection Keep-Alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Mon, 27 Jun 2022 20:32:34 GMT Keep-Alive timeout=5, max=99 Server Apache Transfer-Encoding chunked Vary Accept-Encoding Redirect headers Cache-Control no-cache, private Connection Keep-Alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Mon, 27 Jun 2022 20:32:33 GMT Keep-Alive timeout=5, max=100 Location https://verify-amzcase-review629749656.com/ap/signin Server Apache Transfer-Encoding chunked Vary Accept-Encoding
GET H/1.1	200 OK	main.css verify-amzcase-review629749656.com/assets/css/	217 KB 217 KB	176ms 175ms	Stylesheet text/css	50.115.172.112 VIRP
General Check archive.org Show headers Download Go to Full URL https://verify-amzcase-review629749656.com/assets/css/main.css Requested by Host: verify-amzcase-review629749656.com URL: https://verify-amzcase-review629749656.com/ap/signin Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 50.115.172.112 , United States, ASN32875 (VIRP, US), Reverse DNS s5tr9cu6.avxmarketing.com Software Apache / Resource Hash `06c385faff17ac5038a7a4c47ab0d3d79864d3cba053730b19f2f876a638a5ce` Request headers accept-language de-DE,de;q=0.9 Referer https://verify-amzcase-review629749656.com/ap/signin User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers Date Mon, 27 Jun 2022 20:32:34 GMT Last-Modified Sat, 29 Jan 2022 06:37:53 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 222366
GET H2	200	AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png m.media-amazon.com/images/G/01/AUIClients/	27 KB 28 KB	111ms 22ms	Image image/png	2600:9000:20eb:1600:1d:d7f6:39d0:c781 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://m.media-amazon.com/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png Requested by Host: verify-amzcase-review629749656.com URL: https://verify-amzcase-review629749656.com/assets/css/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20eb:1600:1d:d7f6:39d0:c781 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash `437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5` Request headers accept-language de-DE,de;q=0.9 Referer https://verify-amzcase-review629749656.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36 Response headers date Fri, 25 Feb 2022 05:54:08 GMT via 1.1 5a5b94c62ea85e0c0d78b169589b08b4.cloudfront.net (CloudFront) age 10593507 edge-cache-tag x-cache-413,/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013 x-nginx-cache-status HIT x-cache Hit from cloudfront content-length 27972 surrogate-key x-cache-413 /images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013 last-modified Fri, 22 Sep 2017 00:23:19 GMT server Server content-type image/png access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id 64f8f705-e930-42e1-8878-04e6ea13842a x-amz-cf-pop FRA2-C1 accept-ranges bytes timing-allow-origin https://www.amazon.com x-amz-cf-id _NQ5NNiXjr0kpW7K9bHonHseiJme2KWmidMkDPuQjvwzQzO53bGShQ== expires Wed, 19 Feb 2042 13:35:58 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.lnk.to/	1970-01-20 04:06:02	Name: LF_session_a8617bdf653615b23c2a07aa3fbb696c Value: 1
cocc.me/	1969-12-31 23:59:59	Name: PHPSESSID Value: 2kehf6aprhnilavar0io6dikr8
cocc.me/	1970-01-20 04:06:03	Name: short_z4KQh Value: 1
verify-amzcase-review629749656.com/	1970-01-20 04:06:09	Name: XSRF-TOKEN Value: eyJpdiI6IkVIM2hrNUQxQ2NpVDR3UDViN2hxaWc9PSIsInZhbHVlIjoiRU8xVjJ1UWRCNC9JWFZsNmhMamhQS2E1YmZNa3BCT3pJTkNtMnQybUZ4SjJDNG9EM2NuY2Q4TUtMRFFwbktqSG5zZUl1L2syYlRNYkdmYjRWcjc1bVpVU1VLbGxnY3d6UnZ3L2ZZb0UvRXp3N0N6ZWRIS2ZzU1VBL1NWZUx2MUQiLCJtYWMiOiJiYzYzNTk4N2EyN2I2M2Q3YTcyNGM4OTgxNTNmMzIxZTdmMWVmOWYzNzFhNTcyNTMyYzYzMTQ1YjM1Yjg1YjQxIiwidGFnIjoiIn0%3D
verify-amzcase-review629749656.com/	1970-01-20 04:06:09	Name: elsevezpro_session Value: eyJpdiI6Ikcxbk41U3JnOHEyVTRBQU9GY3JidXc9PSIsInZhbHVlIjoiMUpMbkpMRmxTVGtSQnBaMDQ2ZG9KK0JESzlmQ1BzdTRSU0I3QlprbkhoZHVDVDByNlQ0M21PNGRVd0JLWUdmMGxkeCtNV3IxUGRnYnZPL0gySXVOQTU4NmNjdUROYUh2U0ZYUXFudFhDUjgxbUlRNlU2Q0JDZy9qZVFiNk5RSmQiLCJtYWMiOiJkYTU1NWYzODU5MWVlNDZjN2EyZTg4MjFiN2E4ZTZjZjk5NmIzZTg3MDViNzkzNDVmOWJjOTJhNWY3ZWY0ZDAzIiwidGFnIjoiIn0%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

amazon-caseid368241.lnk.to
cocc.me
m.media-amazon.com
verify-amzcase-review629749656.com
2600:9000:20eb:1600:1d:d7f6:39d0:c781
2606:4700:3037::6815:3ea2
50.115.172.112
99.81.160.34
06c385faff17ac5038a7a4c47ab0d3d79864d3cba053730b19f2f876a638a5ce
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
791853281babda26e528cf3c0bbaacb5b7138448e9f8dbe4fed8e104109d9b50
d68b0f266bd11ae0564257af4169846804cbff0233f9ef815dc695d0595ccf2d
e9aa352072694f86f656fbe6633991181f934c741a4e1123ead1ddade6e7531a

verify-amzcase-review629749656.com Open in urlscan Pro 50.115.172.112 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

6 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

3 IPs

2 Countries

332 kBTransfer

334 kBSize

5 Cookies

2 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

5 Cookies

Indicators

verify-amzcase-review629749656.com Open in urlscan Pro
50.115.172.112 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

332 kB
Transfer

334 kB
Size

5
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!