login-amzon.me.maill02.com Open in urlscan Pro
198.46.85.96  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response login-amzon.me.maill02.com/	23 KB 23 KB	134ms 54ms	Document text/html	198.46.85.96 IMH-IAD
General Check archive.org Show headers Download Go to Full URL http://login-amzon.me.maill02.com/ Protocol HTTP/1.1 Server 198.46.85.96 , United States, ASN54641 (IMH-IAD, US), Reverse DNS vps88369.servconfig.com Software Apache / Resource Hash 6f6387f7ecbe78da8138f6ec2e56175c31b72fb4147d7f6e540dfd5ecce95a3a Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Sun, 29 Jan 2023 15:08:53 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	new-nav-sprite-global-2x_blueheaven-account._CB658093420_.png login-amzon.me.maill02.com/statics/	20 KB 20 KB	76ms 54ms	Image image/png	198.46.85.96 IMH-IAD
General Check archive.org Show headers Download Go to Show image Full URL http://login-amzon.me.maill02.com/statics/new-nav-sprite-global-2x_blueheaven-account._CB658093420_.png Requested by Host: login-amzon.me.maill02.com URL: http://login-amzon.me.maill02.com/ Protocol HTTP/1.1 Server 198.46.85.96 , United States, ASN54641 (IMH-IAD, US), Reverse DNS vps88369.servconfig.com Software Apache / Resource Hash 3b48af9153e92423d79f2d3bdc3e0b15e482ceb87e5c3ce3af5bd6f593cead9d Request headers accept-language en-US,en;q=0.9 Referer http://login-amzon.me.maill02.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sun, 29 Jan 2023 15:08:53 GMT Last-Modified Sun, 29 Jan 2023 03:27:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 20296
GET H/1.1	200 OK	BgnVchebDR5Ds4h.png login-amzon.me.maill02.com/statics/	60 KB 61 KB	107ms 54ms	Image image/png	198.46.85.96 IMH-IAD
General Check archive.org Show headers Download Go to Show image Full URL http://login-amzon.me.maill02.com/statics/BgnVchebDR5Ds4h.png Requested by Host: login-amzon.me.maill02.com URL: http://login-amzon.me.maill02.com/ Protocol HTTP/1.1 Server 198.46.85.96 , United States, ASN54641 (IMH-IAD, US), Reverse DNS vps88369.servconfig.com Software Apache / Resource Hash c5e829691be4103e8f645ee962bbc3de1ca51d083d147f1716fbf5d59f99c86a Request headers accept-language en-US,en;q=0.9 Referer http://login-amzon.me.maill02.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sun, 29 Jan 2023 15:08:54 GMT Last-Modified Sun, 29 Jan 2023 03:27:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 61917
GET H2	200	pDxWAF1pBB0dzGB.woff2 m.media-amazon.com/images/S/sash/	16 KB 17 KB	292ms 79ms	Font application/font-woff2	2600:9000:23ca:5600:1d:d7f6:39d2:2dc1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.media-amazon.com/images/S/sash/pDxWAF1pBB0dzGB.woff2 Requested by Host: login-amzon.me.maill02.com URL: http://login-amzon.me.maill02.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:23ca:5600:1d:d7f6:39d2:2dc1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash 013d1dc68fadda651c773b6deb153e3e8b4dd612fb2af70db48c87af7808d1e7 Request headers Referer http://login-amzon.me.maill02.com/ Origin http://login-amzon.me.maill02.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 01 Sep 2022 22:24:03 GMT via 1.1 d4b67fda8355378cec4afc079701f8e6.cloudfront.net (CloudFront) age 12933891 x-amz-cf-pop JFK50-P2 edge-cache-tag x-cache-782,/images/S/sash/pDxWAF1pBB0dzGB x-nginx-cache-status HIT x-cache Hit from cloudfront server-timing provider;desc="cf" content-length 16616 surrogate-key x-cache-782 /images/S/sash/pDxWAF1pBB0dzGB last-modified Fri, 30 Oct 2020 21:19:16 GMT server Server content-type application/font-woff2; charset=utf-8 access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id 4d6f378b-8335-4018-bf90-d257529e5f1c accept-ranges bytes timing-allow-origin https://www.amazon.in, https://www.amazon.com x-amz-cf-id Kl-29RuZyxfoXzXoHq7n_zy8AXeJmT3jj8SvEIR1pmEvn4WNJccLRQ== expires Sun, 15 Jun 2042 04:04:30 GMT
GET H2	200	KFPk-9IF4FqAqY-.woff2 m.media-amazon.com/images/S/sash/	16 KB 17 KB	294ms 83ms	Font application/font-woff2	2600:9000:23ca:5600:1d:d7f6:39d2:2dc1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.media-amazon.com/images/S/sash/KFPk-9IF4FqAqY-.woff2 Requested by Host: login-amzon.me.maill02.com URL: http://login-amzon.me.maill02.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:23ca:5600:1d:d7f6:39d2:2dc1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash 0eef431cee18b1dc43636dd2a7703b7c0ce9f6bdbad9f280b7313d0ded232327 Request headers Referer http://login-amzon.me.maill02.com/ Origin http://login-amzon.me.maill02.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 07 Jul 2022 17:29:03 GMT via 1.1 d4b67fda8355378cec4afc079701f8e6.cloudfront.net (CloudFront) age 17789991 x-amz-cf-pop JFK50-P2 edge-cache-tag x-cache-554,/images/S/sash/KFPk-9IF4FqAqY- x-nginx-cache-status HIT x-cache Hit from cloudfront server-timing provider;desc="cf" content-length 16460 surrogate-key x-cache-554 /images/S/sash/KFPk-9IF4FqAqY- last-modified Fri, 30 Oct 2020 21:19:26 GMT server Server content-type application/font-woff2; charset=utf-8 access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id c3db6eb2-71d5-4652-b230-55b618f180ea accept-ranges bytes timing-allow-origin https://www.amazon.in, https://www.amazon.com x-amz-cf-id 4jKDgT92xKKOohFoVtcz3bFMYrQjbsIqQ5MLaLZ_vCUeUyOdhvlSPQ== expires Sun, 22 Jun 2042 02:46:01 GMT
GET H2	200	jquery-3.6.3.min.js Show response code.jquery.com/	88 KB 31 KB	120ms 36ms	Script application/javascript	2001:4de0:ac18::1:a:2b STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.3.min.js Requested by Host: login-amzon.me.maill02.com URL: http://login-amzon.me.maill02.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US), Reverse DNS Software nginx / Resource Hash a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575 Request headers Referer http://login-amzon.me.maill02.com/ Origin http://login-amzon.me.maill02.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Sun, 29 Jan 2023 15:08:54 GMT content-encoding gzip x-sp-metadata HS256.CJa02p4GEo4BCiQ3MDJiYjA4OS1hNzIzLTQwNDUtYmRkNC0wY2EwOGNiNzI0N2QQ+OiCoKvU+wIaBgiGmNqeBiITMjAwMTo1NTA6MWQwNToxOjoxMijyogIwAzgEQhZUTFNfQUVTXzEyOF9HQ01fU0hBMjU2WiAzZTliMjA2MTAwOThiNmM5YmZmOTUzODU2ZTU4MDE2YRosCAESJGJiOTlkNmUxLTEzZWMtNGEzNi05NmQwLWI3ODdmYTY0ZTFiYRjG8gEiGAgCEhRjZHMwNDAubWkxLmh3Y2RuLm5ldA==.r+950OPOLPkLy/7wKfRwQR2m8KtpPM7XzsNSn8QkvOo= last-modified Tue, 20 Dec 2022 21:10:40 GMT server nginx etag W/"63a224d0-15f5b" vary Accept-Encoding x-hw 1675004934.dop222.mi1.t,1675004934.cds064.mi1.hn,1675004934.cds040.mi1.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 31046

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online) Amazon Japan (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery function| isNumeric function| ValidateEmail function| _fetch

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
login-amzon.me.maill02.com
m.media-amazon.com
198.46.85.96
2001:4de0:ac18::1:a:2b
2600:9000:23ca:5600:1d:d7f6:39d2:2dc1
013d1dc68fadda651c773b6deb153e3e8b4dd612fb2af70db48c87af7808d1e7
0eef431cee18b1dc43636dd2a7703b7c0ce9f6bdbad9f280b7313d0ded232327
3b48af9153e92423d79f2d3bdc3e0b15e482ceb87e5c3ce3af5bd6f593cead9d
6f6387f7ecbe78da8138f6ec2e56175c31b72fb4147d7f6e540dfd5ecce95a3a
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
c5e829691be4103e8f645ee962bbc3de1ca51d083d147f1716fbf5d59f99c86a