dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 162.215.170.227, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca.
TLS certificate: Issued by R10 on September 11th 2024. Valid for: 3 months.

This is the only time dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	162.215.170.227 162.215.170.227	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
3	108.138.110.180 108.138.110.180	16509 (AMAZON-02) (AMAZON-02)
1	18.67.82.105 18.67.82.105	16509 (AMAZON-02) (AMAZON-02)
6	3

2 162.215.170.227 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-215-170-227.unifiedlayer.com

dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.110.180 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-110-180.jfk50.r.cloudfront.net

images-na.ssl-images-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.82.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-82-105.iad89.r.cloudfront.net

m.media-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	ssl-images-amazon.com images-na.ssl-images-amazon.com — Cisco Umbrella Rank: 856	32 KB
2	njahanlaw.ca dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca	26 KB
1	media-amazon.com m.media-amazon.com — Cisco Umbrella Rank: 442	28 KB
6	3

	Domain	Requested by
3	images-na.ssl-images-amazon.com	dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca
2	dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca
1	m.media-amazon.com	images-na.ssl-images-amazon.com
6	3

This site contains links to these domains. Also see Links.

Domain
www.amazon.it

Subject Issuer	Validity	Valid
*.njahanlaw.ca R10	`2024-09-11` - `2024-12-10`	3 months	crt.sh
images-na.ssl-images-amazon.com DigiCert Global CA G2	`2024-10-10` - `2025-09-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca/amazonde2024/index/openid.pape.max.html
Frame ID: 88F572BBD95B6ACFCF37596C22D096E6
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Amazon Anmelden

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

86 kB
Transfer

238 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.amazon.it/ap/forgotpassword?showRememberMe=true&openid.pape.max_auth_age=0&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=itflex&openid.return_to=https%3A%2F%2Fwww.amazon.it%2F%3Fref_%3Dnav_signin&prevRID=P3SQF22V8FEDG93HM4ST&openid.assoc_handle=itflex&openid.mode=checkid_setup&prepopulatedLoginId=&failedSignInCount=0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
Title: Password dimenticata

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request openid.pape.max.html Show response dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca/amazonde2024/index/	8 KB 8 KB	341ms 135ms	Document text/html	162.215.170.227 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca/amazonde2024/index/openid.pape.max.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.215.170.227 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-170-227.unifiedlayer.com Software Apache / Resource Hash `54744be25b909a8890adc4849733894e40765f466f241364ecd582d8beb46154` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers accept-ranges bytes content-length 8394 content-type text/html date Tue, 19 Nov 2024 20:39:30 GMT last-modified Mon, 29 Jul 2024 18:47:20 GMT server Apache
GET H2	200	61Brdu0o6LL._RC%7C11Fd9tJOdtL.css,21y5jWQoUML.css,31Q3id-QR0L.css,31P8A7PnBZL.css_.css images-na.ssl-images-amazon.com/images/I/	137 KB 23 KB	286ms 45ms	Stylesheet text/css	108.138.110.180 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://images-na.ssl-images-amazon.com/images/I/61Brdu0o6LL._RC%7C11Fd9tJOdtL.css,21y5jWQoUML.css,31Q3id-QR0L.css,31P8A7PnBZL.css_.css?AUIClients/AmazonUI Requested by Host: dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca URL: https://dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca/amazonde2024/index/openid.pape.max.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.110.180 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-110-180.jfk50.r.cloudfront.net Software Server / Resource Hash `8ff52030ae312e1688bd111f80d21dc533e457cdefd9cdf07722ec9f51de79bb` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca/ Response headers x-amz-ir-id a9ede42e-36e7-46e6-84a9-9b3a3f51bc77 surrogate-key x-cache-003 /images/I/61Brdu0o6LL content-encoding gzip age 588645 expires Mon, 12 Sep 2044 17:23:39 GMT alt-svc h3=":443"; ma=86400 server-timing provider;desc="cf" x-cache Hit from cloudfront x-amz-cf-id wv38EseRIu_wuBwbLOg-ac69K6kN6y7szyA0qY3vVo-OB2FuGJ_nfw== date Wed, 13 Nov 2024 01:08:46 GMT content-type text/css; charset=utf-8 last-modified Wed, 03 Jan 2018 00:13:54 GMT x-nginx-cache-status HIT edge-cache-tag x-cache-003,/images/I/61Brdu0o6LL cache-control max-age=630720000,public timing-allow-origin https://www.amazon.in, https://www.amazon.com via 1.1 6104f765cfecf9c49eb7195c359eea46.cloudfront.net (CloudFront) access-control-allow-origin * x-amz-cf-pop JFK50-P3 server Server
GET H2	200	01SdjaY0ZsL._RC%7C419sIPk+mYL.css,41+ENBGOqUL.css_.css images-na.ssl-images-amazon.com/images/I/	46 KB 8 KB	291ms 52ms	Stylesheet text/css	108.138.110.180 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://images-na.ssl-images-amazon.com/images/I/01SdjaY0ZsL._RC%7C419sIPk+mYL.css,41+ENBGOqUL.css_.css?AUIClients/AuthenticationPortalAssets Requested by Host: dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca URL: https://dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca/amazonde2024/index/openid.pape.max.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.110.180 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-110-180.jfk50.r.cloudfront.net Software Server / Resource Hash `379abf5c20c39001941fa149c641d61154d10bfe6a2e009f9c25dc060919480e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca/ Response headers x-amz-ir-id 514c3930-e8a9-403d-a7b6-068b50dccee9 surrogate-key x-cache-981 /images/I/01SdjaY0ZsL content-encoding br age 40911 expires Mon, 14 Nov 2044 09:17:40 GMT alt-svc h3=":443"; ma=86400 server-timing provider;desc="cf" x-cache Hit from cloudfront x-amz-cf-id YyZ7ph6EIh0FdHgpA9pIGOknnlHgnZoYarLtza9aFTI5fZgdWcQAXw== date Tue, 19 Nov 2024 09:17:40 GMT content-type text/css last-modified Sat, 30 May 2015 02:58:48 GMT x-nginx-cache-status MISS edge-cache-tag x-cache-981,/images/I/01SdjaY0ZsL cache-control max-age=630720000,public timing-allow-origin https://www.amazon.in, https://www.amazon.com via 1.1 6104f765cfecf9c49eb7195c359eea46.cloudfront.net (CloudFront) access-control-allow-origin * x-amz-cf-pop JFK50-P3 server Server
GET H2	200	11E08O3eXDL.css images-na.ssl-images-amazon.com/images/I/	2 KB 1 KB	287ms 48ms	Stylesheet text/css	108.138.110.180 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://images-na.ssl-images-amazon.com/images/I/11E08O3eXDL.css?AUIClients/CVFAssets Requested by Host: dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca URL: https://dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca/amazonde2024/index/openid.pape.max.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.110.180 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-110-180.jfk50.r.cloudfront.net Software Server / Resource Hash `122a38d736dd4b129af47e1d4f6d955d335f55256f2f231d8ccd1a58562cd381` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca/ Response headers x-amz-ir-id 8439bae2-7460-44a3-8e49-e7ef516a3370 surrogate-key x-cache-571 /images/I/11E08O3eXDL content-encoding br age 4406827 expires Sun, 18 Sep 2044 22:12:33 GMT alt-svc h3=":443"; ma=86400 server-timing cdn-cache-hit,cdn-pop;desc="JFK50-P3",cdn-rid;desc="loyX8lO2MyJSuWm4S18ZsAoHPiOKXZha-HRa1p5OwzOrvo0w5CDyrQ==",cdn-hit-layer;desc="EDGE",cdn-downstream-fbl;dur=3,provider;desc="cf" x-cache Hit from cloudfront x-amz-cf-id loyX8lO2MyJSuWm4S18ZsAoHPiOKXZha-HRa1p5OwzOrvo0w5CDyrQ== date Mon, 23 Sep 2024 22:12:33 GMT content-type text/css; charset=utf-8 last-modified Fri, 27 Mar 2020 19:40:05 GMT x-nginx-cache-status HIT edge-cache-tag x-cache-571,/images/I/11E08O3eXDL cache-control max-age=630720000,public timing-allow-origin https://www.amazon.in, https://www.amazon.com via 1.1 6104f765cfecf9c49eb7195c359eea46.cloudfront.net (CloudFront) access-control-allow-origin * x-amz-cf-pop JFK50-P3 server Server
GET H2	200	AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png m.media-amazon.com/images/G/01/AUIClients/	27 KB 28 KB	158ms 49ms	Image image/png	18.67.82.105 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://m.media-amazon.com/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png Requested by Host: images-na.ssl-images-amazon.com URL: https://images-na.ssl-images-amazon.com/images/I/61Brdu0o6LL._RC%7C11Fd9tJOdtL.css,21y5jWQoUML.css,31Q3id-QR0L.css,31P8A7PnBZL.css_.css?AUIClients/AmazonUI#us.not-trident Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.67.82.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-67-82-105.iad89.r.cloudfront.net Software Server / Resource Hash `437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://images-na.ssl-images-amazon.com/ Response headers x-amz-ir-id 22cc8a5f-4a10-4411-bc8c-ac48a99f4d74 surrogate-key x-cache-427 /images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013 age 6054976 expires Sun, 04 Sep 2044 00:59:32 GMT alt-svc h3=":443"; ma=86400 server-timing provider;desc="cf" x-cache Hit from cloudfront x-amz-cf-id NkCS5vRKokHLFcHKha7p-T8viCPIm8DQzDJ7cbY6anANI6BoqVMJwA== date Mon, 09 Sep 2024 00:59:32 GMT content-type image/png last-modified Fri, 22 Sep 2017 00:23:19 GMT x-nginx-cache-status HIT edge-cache-tag x-cache-427,/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013 cache-control max-age=630720000,public timing-allow-origin https://www.amazon.com via 1.1 d3cd567650e598ded7d5dd9266aa396c.cloudfront.net (CloudFront) accept-ranges bytes access-control-allow-origin * content-length 27972 x-amz-cf-pop IAD89-P2 server Server
GET H2	200	favicon.ico dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca/amazonde2024/index/	17 KB 17 KB	138ms 138ms	Other image/x-icon	162.215.170.227 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca/amazonde2024/index/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.215.170.227 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-170-227.unifiedlayer.com Software Apache / Resource Hash `17d02e2db6dbedb95dd449d06868c147ac2c3b5371497bcb9407e75336a99e09` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca/amazonde2024/index/openid.pape.max.html Response headers accept-ranges bytes content-length 17542 date Tue, 19 Nov 2024 20:39:31 GMT last-modified Fri, 23 Oct 2020 00:51:42 GMT content-type image/x-icon server Apache

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca/amazonde2024/index/openid.pape.max.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca
images-na.ssl-images-amazon.com
m.media-amazon.com
108.138.110.180
162.215.170.227
18.67.82.105
122a38d736dd4b129af47e1d4f6d955d335f55256f2f231d8ccd1a58562cd381
17d02e2db6dbedb95dd449d06868c147ac2c3b5371497bcb9407e75336a99e09
379abf5c20c39001941fa149c641d61154d10bfe6a2e009f9c25dc060919480e
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
54744be25b909a8890adc4849733894e40765f466f241364ecd582d8beb46154
8ff52030ae312e1688bd111f80d21dc533e457cdefd9cdf07722ec9f51de79bb

dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca Open in urlscan Pro 162.215.170.227 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

86 kBTransfer

238 kBSize

0 Cookies

1 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

dac7alamazon-de-non-compliant-pre-deactivate.njahanlaw.ca Open in urlscan Pro
162.215.170.227 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

86 kB
Transfer

238 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!