orders-amazon.net
Open in
urlscan Pro
207.67.44.188
Malicious Activity!
Public Scan
Submission: On May 15 via api from US
Summary
This is the only time orders-amazon.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 207.67.44.188 207.67.44.188 | 3549 (LVLT-3549) (LVLT-3549) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::2003 | 15169 (GOOGLE) (GOOGLE) | |
15 | 3 |
ASN3549 (LVLT-3549, US)
PTR: 207-67-44-188.static.ctl.one
orders-amazon.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
orders-amazon.net
orders-amazon.net |
99 KB |
1 |
gstatic.com
fonts.gstatic.com |
14 KB |
1 |
googleapis.com
fonts.googleapis.com |
888 B |
15 | 3 |
Domain | Requested by | |
---|---|---|
13 | orders-amazon.net |
orders-amazon.net
|
1 | fonts.gstatic.com |
orders-amazon.net
|
1 | fonts.googleapis.com |
orders-amazon.net
|
15 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/index.php?id=6bac52af8bfffa725f809f067622db0d
Frame ID: 7BF26860C61F2B84C59020D58A7D5118
Requests: 15 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
SWFObject (Miscellaneous) Expand
Detected patterns
- script /swfobject.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
index.php
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
crypto-sha1.js
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
crypto-md5.js
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ppid.js
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/ |
36 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
swfobject.js
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-latest.js
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/ |
92 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default.js
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/ |
17 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default.css
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Amazon_Login_9.css
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css
fonts.googleapis.com/ |
765 B 888 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img.php
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/ |
30 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img.php
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
art.php
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/ |
0 285 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
art.php
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d/ |
0 285 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)67 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| ppid object| PluginDetect object| swfobject boolean| pluginEnabled boolean| javaPluginEnabled string| pluginEngine boolean| formPrivacyEnabled string| pwPlaceholderText boolean| usePWFieldAsTextEnabled boolean| usePWFieldCollectValueEnabled boolean| pageExitPopupEnabled boolean| pageExitPopupReturnEnabled function| $ function| jQuery string| defError function| def_ErrorHandler boolean| gpsEnabled function| enableGPS boolean| localIPDetectEnabled function| enableLocalIPDetect function| getLocalIPDetectEnabled string| localIPList function| appendLocalIPList function| getLocalIPList undefined| pageExitPopupText boolean| pageExitPopupReturned function| getPageExitPopupEnabled function| enablePageExitPopup function| disablePageExitPopup function| setPageExitPopupText function| getPageExitPopupText function| getPageExitPopupReturnEnabled function| getPageExitPopupReturned function| enablePageExitPopupReturn function| disablePageExitPopupReturn function| popupBeforeUnload string| navArt function| clearNavArt function| appendNavArt function| getNavArt function| makeArt function| makePart function| flashPassHash function| flashPassHashDash function| runOtherTests function| testInputValuesMatch number| clipArtSequence number| clipArtTimeOut function| clipArt function| popperText boolean| pageExitRedirectTimeOut function| pageExitRedirect function| countDownTimer function| twoStepAuthStepOne function| twoStepAuthStepTwo function| usePWFieldAsText function| usePWFieldCollectValue object| e string| art string| part object| p object| versionEnabled object| vendor object| len number| clipArtSpeed1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
orders-amazon.net/acaa0eaf461/c1f1493f75ba96d52353649d | Name: id Value: 6bac52af8bfffa725f809f067622db0d |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | sameorigin |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
orders-amazon.net
207.67.44.188
2a00:1450:4001:809::2003
2a00:1450:4001:821::200a
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
046d4e188d09e220ee898d31dd87c2d6450bbf17985dd5308e6a0c04aa610711
07959bf1ea197ec8899529dbbb3c569baba274d6a7271d96910b2442c1119bc2
1663936816776a26f7596daceca3e5cea7617aadfdb7be7aa59d6f11ba29a585
1caaefc76cfb922c7b797ce45903abc2e87f74d42daec5b4dd1e2c12a6cc112a
297f94efb77daa1cec364488b7ad1ab28f7689bb48169ae2b9d9721f59630374
8677971b119ccdb82af697ff0e08f218490d15116f221d44301f1cc8797e67d4
8e51e8f65ce478c332da4b392ce37f88ed9b0ef393671a85160d5d49b007ec74
c56b3d2bf1c327d068d7eff4058d0791c87d2c193af06686502c9c129f1b7e2e
d86e052a8143180402f57be1bdeb8c53d552e30994cde0f7273b6166f124189a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ebf6ee5d635158ce0ff6e437ccebdf1686c60852a3c44b4fc44a3f4d1592ea
f2180838cb1d24f173e51774709e965e42f6322a532e64e646b65a2264568e18
ff4e4975ef403004f8fe8e59008db7ad47f54b10d84c72eb90e728d1ec9157ce