login.amazon-verify1.com Open in urlscan Pro
162.240.97.226 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://lynxshort.com/g6wni
Effective URL:
https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf
Submission: On August 28 via manual (August 28th 2023, 8:41:20 pm UTC) from US — Scanned from DE

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 5 domains to perform 19 HTTP transactions. The main IP is 162.240.97.226, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is login.amazon-verify1.com.
TLS certificate: Issued by R3 on August 28th 2023. Valid for: 3 months.

This is the only time login.amazon-verify1.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::681a:8d1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 5	2606:4700:303... 2606:4700:3031::6815:1d2b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	45.79.107.149 45.79.107.149	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1 6	162.240.97.226 162.240.97.226	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
3	2600:9000:249... 2600:9000:2490:5000:1d:d7f6:39d2:2dc1	16509 (AMAZON-02) (AMAZON-02)
19	5

1 2606:4700:20::681a:8d1 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

lynxshort.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3031::6815:1d2b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

connectbusinessapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.79.107.149 (Fremont, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1206-149.members.linode.com

logicpara.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 162.240.97.226 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-240-97-226.unifiedlayer.com

login.amazon-verify1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2490:5000:1d:d7f6:39d2:2dc1 (United States)

ASN16509 (AMAZON-02, US)

m.media-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	amazon-verify1.com 1 redirects login.amazon-verify1.com	314 KB
5	connectbusinessapi.com 1 redirects connectbusinessapi.com	94 KB
3	media-amazon.com m.media-amazon.com — Cisco Umbrella Rank: 540	61 KB
3	logicpara.com logicpara.com	38 KB
1	lynxshort.com 1 redirects lynxshort.com	1 KB
19	5

	Domain	Requested by
6	login.amazon-verify1.com	1 redirects connectbusinessapi.com login.amazon-verify1.com
5	connectbusinessapi.com	1 redirects connectbusinessapi.com
3	m.media-amazon.com	login.amazon-verify1.com
3	logicpara.com	connectbusinessapi.com logicpara.com
1	lynxshort.com	1 redirects
19	5

This site contains no links.

Subject Issuer	Validity	Valid
connectbusinessapi.com GTS CA 1P5	`2023-08-20` - `2023-11-18`	3 months	crt.sh
logicpara.com cPanel, Inc. Certification Authority	`2023-08-10` - `2023-11-08`	3 months	crt.sh
login.amazon-verify1.com R3	`2023-08-28` - `2023-11-26`	3 months	crt.sh
images-na.ssl-images-amazon.com DigiCert Global CA G2	`2022-10-26` - `2023-10-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf
Frame ID: A3F0A58E8C9C69F85A73ED9CBC94D1AC
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Amazon-Anmeldung

Page URL History Show full URLs

https://lynxshort.com/g6wni HTTP 301
https://connectbusinessapi.com/botprotection?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1... HTTP 301
https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=... Page URL
https://login.amazon-verify1.com/?verify HTTP 307
https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

79 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

1
Countries

507 kB
Transfer

791 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://lynxshort.com/g6wni HTTP 301
https://connectbusinessapi.com/botprotection?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 HTTP 301
https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 Page URL
https://login.amazon-verify1.com/?verify HTTP 307
https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://lynxshort.com/g6wni HTTP 301
https://connectbusinessapi.com/botprotection?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 HTTP 301
https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response connectbusinessapi.com/botprotection/ Redirect Chain https://lynxshort.com/g6wni https://connectbusinessapi.com/botprotection?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274	27 KB 19 KB	161ms 160ms	Document text/html	2606:4700:3031::6815:1d2b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6815:1d2b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `11fd7484ec8cbffef67c9548603a883b612ea7cd7bf9a8c29a211729a50fad4e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7fdf5fc68ed039e5-FRA content-encoding br content-type text/html; charset=UTF-8 date Mon, 28 Aug 2023 20:41:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BZkF1%2BEBNT4srrVY8mfVxEpGiljbWlzDCCr%2B3t87Q6LAgc%2FFBhTrlot0JnemRAF2VFHs9xGhQFC%2Bv%2BPwXqkI2EF0CYFrqLV5YCddWOAqRMPcy3o2zySRWMl5eox%2BvYY%2BHQwWywckeFvVSqlZVTieywaJfGjE"}],"group":"cf-nel","max_age":604800} server cloudflare Redirect headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7fdf5fc59d9939e5-FRA content-type text/html; charset=iso-8859-1 date Mon, 28 Aug 2023 20:41:16 GMT location https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IoLasn1OJZfnki8HO%2BFa%2FA24Y%2F4TAXVXvthKSR%2BpIxoJ%2Fey1LaDGi9UjqN4t4LttWldW1wsQTcw4QSgYx%2B%2B%2F2fCD5CRJMaBcWsBZQ9PaeeHgdN6Tngg4S7jC0MHxox5LL8S1kyLmp%2FUehpJ9o9%2BeBCWBr%2B%2Fk"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H3	200	bootstrap.min.css connectbusinessapi.com/botprotection/assets/	198 KB 27 KB	31ms 30ms	Stylesheet text/css	2606:4700:3031::6815:1d2b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://connectbusinessapi.com/botprotection/assets/bootstrap.min.css Requested by Host: connectbusinessapi.com URL: https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:1d2b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `271c781f52347903b3f59ba495f5ad39d819979bff460462ab91c4ddf6c53926` Request headers accept-language de-DE,de;q=0.9 Referer https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Mon, 28 Aug 2023 20:41:16 GMT content-encoding br cf-cache-status HIT last-modified Mon, 06 Mar 2023 02:11:29 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 5242 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HPc5X8KV416HKQBWvuykhqcTl3poLasga%2BfsrtXZcc4qdJ3AvWFkdqamMOL2%2Bj70Mk8My0qqIzFivnnouPShNQ8qXU59ZWvtUubuWWjd%2Fkcap5pxAVg4jTFBSgzxsNT8mDdtsMHL0yoW%2BiuaXDxblP%2F5wmc0"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 7fdf5fc7ac013618-FRA alt-svc h3=":443"; ma=86400
GET H3	200	secure_jquery-3.6.0.min.js Show response connectbusinessapi.com/botprotection/assets/	87 KB 32 KB	37ms 37ms	Script application/javascript	2606:4700:3031::6815:1d2b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://connectbusinessapi.com/botprotection/assets/secure_jquery-3.6.0.min.js Requested by Host: connectbusinessapi.com URL: https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:1d2b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers accept-language de-DE,de;q=0.9 Referer https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Mon, 28 Aug 2023 20:41:16 GMT content-encoding br cf-cache-status HIT last-modified Mon, 06 Mar 2023 02:11:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 5242 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ClJJp7exz%2BxwYlxZE2owHFhfvQL9CtXkCUteKyjPu30BrHz9OpGXqHQ9%2Bm0fqaNI8jCp3wT8y37vo8E9h0nHGUdRO7jRA1d3XDvs7y8CEZ3e9fq99qbgua4MdlCGJaFx%2BLM6X05F0h5yAr5R4W9W43xPb4eG"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 7fdf5fc7ac033618-FRA alt-svc h3=":443"; ma=86400
GET H3	200	bootstrap.min.js Show response connectbusinessapi.com/botprotection/assets/	57 KB 16 KB	21ms 20ms	Script application/javascript	2606:4700:3031::6815:1d2b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://connectbusinessapi.com/botprotection/assets/bootstrap.min.js Requested by Host: connectbusinessapi.com URL: https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:1d2b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b` Request headers accept-language de-DE,de;q=0.9 Referer https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Mon, 28 Aug 2023 20:41:16 GMT content-encoding br cf-cache-status HIT last-modified Mon, 06 Mar 2023 02:11:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 5242 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mVwVG%2F%2FIMx%2B9o3enBspAkq64N1DBsH2C65L%2BhDOFcGkojrQvG8c5rHlbHnVU1QhzuhbpR7nApIp5FFSkcHTKMQ1Y8OUUv%2FfCnr2i2oJ6MUoA5RNhPmXQlDpVjBQMbafIRWnsK45NO5kX6ui%2FmObEmMxj7A%2BL"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 7fdf5fc7ac053618-FRA alt-svc h3=":443"; ma=86400
GET H/1.1	200 OK	QsOAl33mYWo825e0 logicpara.com/pixel/	37 KB 37 KB	531ms 182ms	Script application/javascript	45.79.107.149 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://logicpara.com/pixel/QsOAl33mYWo825e0 Requested by Host: connectbusinessapi.com URL: https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 45.79.107.149 Fremont, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS li1206-149.members.linode.com Software Apache / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://connectbusinessapi.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Pragma cache Date Mon, 28 Aug 2023 20:41:16 GMT Server Apache Transfer-Encoding chunked Content-Type application/javascript Cache-Control max-age=300 Connection Keep-Alive Keep-Alive timeout=5, max=100 Expires Mon, 28 Aug 2023 20:46:16 GMT
GET H/1.1	200 OK	Primary Request signin Show response login.amazon-verify1.com/ Redirect Chain https://login.amazon-verify1.com/?verify https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf	16 KB 4 KB	166ms 166ms	Document text/html	162.240.97.226 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf Requested by Host: connectbusinessapi.com URL: https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.240.97.226 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-240-97-226.unifiedlayer.com Software Apache / Resource Hash `70fd74c8d939ec05caec24893b01e1ded79716d24f0961b8fd409208334c272b` Request headers Referer https://connectbusinessapi.com/botprotection/?u=aHR0cHM6Ly9sb2dpbi5hbWF6b24tdmVyaWZ5MS5jb20vP3ZlcmlmeQ==&t=1693255274 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Mon, 28 Aug 2023 20:41:17 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=99 Pragma no-cache Server Apache Transfer-Encoding chunked Vary Accept-Encoding Redirect headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Mon, 28 Aug 2023 20:41:17 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Location https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf Pragma no-cache Server Apache Transfer-Encoding chunked Vary Accept-Encoding
POST H/1.1	200 OK	QsOAl33mYWo825e0 logicpara.com/pixel-track/	0 495 B	180ms 180ms	XHR text/html	45.79.107.149 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://logicpara.com/pixel-track/QsOAl33mYWo825e0 Requested by Host: logicpara.com URL: https://logicpara.com/pixel/QsOAl33mYWo825e0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 45.79.107.149 Fremont, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS li1206-149.members.linode.com Software Apache / Resource Hash Request headers Referer https://connectbusinessapi.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Content-Type application/json Response headers Pragma no-cache Date Mon, 28 Aug 2023 20:41:16 GMT Server Apache Access-Control-Allow-Methods POST, OPTIONS Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Access-Control-Allow-Headers Content-Type Content-Length 0 Keep-Alive timeout=5, max=99 Expires Thu, 19 Nov 1981 08:52:00 GMT
OPTIONS H/1.1	200 OK	QsOAl33mYWo825e0 logicpara.com/pixel-track/	0 0	476ms 168ms	Preflight text/html	45.79.107.149 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://logicpara.com/pixel-track/QsOAl33mYWo825e0 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 45.79.107.149 Fremont, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS li1206-149.members.linode.com Software Apache / Resource Hash Request headers Accept / Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://connectbusinessapi.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Access-Control-Allow-Headers Content-Type Access-Control-Allow-Methods POST, OPTIONS Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Mon, 28 Aug 2023 20:41:16 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache
OPTIONS		QsOAl33mYWo825e0 logicpara.com/pixel-track/	0 0

POST		QsOAl33mYWo825e0 logicpara.com/pixel-track/	0 0

OPTIONS		QsOAl33mYWo825e0 logicpara.com/pixel-track/	0 0

POST		QsOAl33mYWo825e0 logicpara.com/pixel-track/	0 0

GET H/1.1	200 OK	sign-dekstop.css login.amazon-verify1.com/CR51/Assets/_hayo/css/	133 KB 133 KB	160ms 159ms	Stylesheet text/css	162.240.97.226 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://login.amazon-verify1.com/CR51/Assets/_hayo/css/sign-dekstop.css Requested by Host: login.amazon-verify1.com URL: https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.240.97.226 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-240-97-226.unifiedlayer.com Software Apache / Resource Hash `a3987cc9ff1e96ae068bdd13278434f2d3d32e781b1e131d8e0ed2a1a8eb481b` Request headers accept-language de-DE,de;q=0.9 Referer https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:41:18 GMT Last-Modified Sun, 14 Nov 2021 12:02:18 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 135724
GET H/1.1	200 OK	style.sign-desktop.css login.amazon-verify1.com/CR51/Assets/_hayo/css/	36 KB 36 KB	479ms 159ms	Stylesheet text/css	162.240.97.226 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://login.amazon-verify1.com/CR51/Assets/_hayo/css/style.sign-desktop.css Requested by Host: login.amazon-verify1.com URL: https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.240.97.226 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-240-97-226.unifiedlayer.com Software Apache / Resource Hash `0c56d79edb4b4187f79ddcecd68fae587c56402c3ed737ed954b3eda3d250967` Request headers accept-language de-DE,de;q=0.9 Referer https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:41:18 GMT Last-Modified Sun, 14 Nov 2021 12:02:18 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 36441
GET H/1.1	200 OK	jquery-3.3.1.min.js Show response login.amazon-verify1.com/CR51/Assets/_hayo/js/	105 KB 105 KB	480ms 160ms	Script application/javascript	162.240.97.226 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://login.amazon-verify1.com/CR51/Assets/_hayo/js/jquery-3.3.1.min.js Requested by Host: login.amazon-verify1.com URL: https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.240.97.226 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-240-97-226.unifiedlayer.com Software Apache / Resource Hash `97ecd42dea3bc998c5efd456bc13e2c45c700fba1c581961ca1481676bf08b42` Request headers accept-language de-DE,de;q=0.9 Referer https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:41:18 GMT Last-Modified Sun, 14 Nov 2021 12:02:18 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 107631
GET H/1.1	200 OK	jquery.validate.min.js Show response login.amazon-verify1.com/CR51/Assets/_hayo/js/	36 KB 36 KB	480ms 160ms	Script application/javascript	162.240.97.226 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://login.amazon-verify1.com/CR51/Assets/_hayo/js/jquery.validate.min.js Requested by Host: login.amazon-verify1.com URL: https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.240.97.226 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-240-97-226.unifiedlayer.com Software Apache / Resource Hash `1327e703fcf1311de11818f1fedcef1ec0ba4f60734962c6955fdffc408d5287` Request headers accept-language de-DE,de;q=0.9 Referer https://login.amazon-verify1.com/signin?verify=cr51_17964019625608632d6524073068fbbf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:41:18 GMT Last-Modified Sun, 14 Nov 2021 12:02:18 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 36756
GET H2	200	mPGmT0r6IeTyIee.png m.media-amazon.com/images/S/sash/	27 KB 28 KB	71ms 7ms	Image image/png	2600:9000:2490:5000:1d:d7f6:39d2:2dc1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://m.media-amazon.com/images/S/sash/mPGmT0r6IeTyIee.png Requested by Host: login.amazon-verify1.com URL: https://login.amazon-verify1.com/CR51/Assets/_hayo/css/sign-dekstop.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:5000:1d:d7f6:39d2:2dc1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash `437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5` Request headers accept-language de-DE,de;q=0.9 Referer https://login.amazon-verify1.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Fri, 16 Jun 2023 13:00:02 GMT via 1.1 bfb5bffe90e3b0e760933a7a07d850ba.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 age 6334876 edge-cache-tag x-cache-109,/images/S/sash/mPGmT0r6IeTyIee x-cache Hit from cloudfront x-nginx-cache-status MISS content-length 27972 surrogate-key x-cache-109 /images/S/sash/mPGmT0r6IeTyIee last-modified Tue, 17 Nov 2020 23:31:33 GMT server Server content-type image/png access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id 3709d967-27be-4bb8-b136-44655a0a6980 accept-ranges bytes timing-allow-origin https://www.amazon.in, https://www.amazon.com x-amz-cf-id AYKy1SClNVLI5wjhVy9LnO5yJyz6eMQeaISQh8xPR5gLi_jMRCoS6A== expires Thu, 11 Jun 2043 13:00:02 GMT
GET H2	200	pDxWAF1pBB0dzGB.woff2 m.media-amazon.com/images/S/sash/	16 KB 17 KB	69ms 7ms	Font application/font-woff2	2600:9000:2490:5000:1d:d7f6:39d2:2dc1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.media-amazon.com/images/S/sash/pDxWAF1pBB0dzGB.woff2 Requested by Host: login.amazon-verify1.com URL: https://login.amazon-verify1.com/CR51/Assets/_hayo/css/sign-dekstop.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:5000:1d:d7f6:39d2:2dc1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash `013d1dc68fadda651c773b6deb153e3e8b4dd612fb2af70db48c87af7808d1e7` Request headers Referer https://login.amazon-verify1.com/ Origin https://login.amazon-verify1.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Fri, 19 May 2023 07:25:30 GMT via 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 age 8774148 edge-cache-tag x-cache-298,/images/S/sash/pDxWAF1pBB0dzGB x-cache Hit from cloudfront x-nginx-cache-status HIT content-length 16616 surrogate-key x-cache-298 /images/S/sash/pDxWAF1pBB0dzGB last-modified Fri, 30 Oct 2020 21:19:16 GMT server Server content-type application/font-woff2; charset=utf-8 access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id 5b1199ea-12ba-4130-bdad-081fb94461f9 accept-ranges bytes timing-allow-origin https://www.amazon.in, https://www.amazon.com x-amz-cf-id KpyU0OTDQzk2ViEmfHeL1XHBnol-P8qioxCS91lBkxzGj6Lm5lZdPw== expires Sun, 22 Feb 2043 06:09:50 GMT
GET H2	200	KFPk-9IF4FqAqY-.woff2 m.media-amazon.com/images/S/sash/	16 KB 17 KB	73ms 12ms	Font application/font-woff2	2600:9000:2490:5000:1d:d7f6:39d2:2dc1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.media-amazon.com/images/S/sash/KFPk-9IF4FqAqY-.woff2 Requested by Host: login.amazon-verify1.com URL: https://login.amazon-verify1.com/CR51/Assets/_hayo/css/sign-dekstop.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2490:5000:1d:d7f6:39d2:2dc1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash `0eef431cee18b1dc43636dd2a7703b7c0ce9f6bdbad9f280b7313d0ded232327` Request headers Referer https://login.amazon-verify1.com/ Origin https://login.amazon-verify1.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Mon, 08 May 2023 12:14:01 GMT via 1.1 def5acc189db6e2856a956225d5cd100.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P6 age 9707237 edge-cache-tag x-cache-751,/images/S/sash/KFPk-9IF4FqAqY- x-cache Hit from cloudfront x-nginx-cache-status HIT content-length 16460 surrogate-key x-cache-751 /images/S/sash/KFPk-9IF4FqAqY- last-modified Fri, 30 Oct 2020 21:19:26 GMT server Server content-type application/font-woff2; charset=utf-8 access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id de539d7c-d1d4-40e3-9195-19e8982eb9a7 accept-ranges bytes timing-allow-origin https://www.amazon.in, https://www.amazon.com x-amz-cf-id wyRREiNNbVC3fEuxSABCquGE4S1biObpqXFGnLON8IRZhGlbD4H-dA== expires Sat, 21 Feb 2043 05:16:17 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: logicpara.com
URL: https://logicpara.com/pixel-track/QsOAl33mYWo825e0

Domain: logicpara.com
URL: https://logicpara.com/pixel-track/QsOAl33mYWo825e0

Domain: logicpara.com
URL: https://logicpara.com/pixel-track/QsOAl33mYWo825e0

Domain: logicpara.com
URL: https://logicpara.com/pixel-track/QsOAl33mYWo825e0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
lynxshort.com/	1970-01-20 14:21:02	Name: XSRF-TOKEN Value: eyJpdiI6Ik00K2s4YStpQ3VnNFRwNUpxaHhmWlE9PSIsInZhbHVlIjoiYVArTlpiXC9lcEJ0SlFYQVAxVUNta3I3SnBHZTJBamVYUnBiQ1V4UHdmXC84alhIRm5ZR1lOMFB6MEJXVTNmVmU3SnZpRk5tSjN0b1wvck45dVNLN3g5UTQwUFJzT3ErM3kzVHlmUXVDWnNnVUdRVDI5S25sNGhLRGk1YXJ1Wm5iNEsiLCJtYWMiOiJjYTlkODUyYmU5OTBjN2JhYjJiYThkZGFiODQ1NzNhNzFmM2IxZTc3MjIxZTAwMDM5YWIxZmZiMjc0NDk1MzI0In0%3D
lynxshort.com/	1970-01-20 14:21:02	Name: phpshort_session Value: eyJpdiI6IlllY0hBd2xPV0wzWWRFbFRHYlpQWGc9PSIsInZhbHVlIjoicVJhaUlNVzg4T2FXSEg0UitRK3gxakRPVlFBMDgrZzhYXC9WYzMyUHpIVnFKT0luUXgycHFTZEdyV1VOcDI0ZkR6WFFZclo3N0F1eG10Nm4ycExLNGpEeVgwSjZOY016ODh5TXR2dGFMSUJvd0NJWHUwTlwvelpoVVwvcW9WeU5kM3YiLCJtYWMiOiJhMDY3OGI1OGEzY2EwOWU5MDdjYTM4NTU1MWE3YzA1YzAwYjYzMTMzYzZiZmY5YmM3M2RhNzJhOTk4NjJmMzE4In0%3D
lynxshort.com/	1970-01-20 23:56:55	Name: dark_mode Value: 0
login.amazon-verify1.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: da013fec3e21ebfda53460c53b6052be

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connectbusinessapi.com
logicpara.com
login.amazon-verify1.com
lynxshort.com
m.media-amazon.com
logicpara.com
162.240.97.226
2600:9000:2490:5000:1d:d7f6:39d2:2dc1
2606:4700:20::681a:8d1
2606:4700:3031::6815:1d2b
45.79.107.149
013d1dc68fadda651c773b6deb153e3e8b4dd612fb2af70db48c87af7808d1e7
0a34a87842c539c1f4feec56bba982fd596b73500046a6e6fe38a22260c6577b
0c56d79edb4b4187f79ddcecd68fae587c56402c3ed737ed954b3eda3d250967
0eef431cee18b1dc43636dd2a7703b7c0ce9f6bdbad9f280b7313d0ded232327
11fd7484ec8cbffef67c9548603a883b612ea7cd7bf9a8c29a211729a50fad4e
1327e703fcf1311de11818f1fedcef1ec0ba4f60734962c6955fdffc408d5287
271c781f52347903b3f59ba495f5ad39d819979bff460462ab91c4ddf6c53926
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
70fd74c8d939ec05caec24893b01e1ded79716d24f0961b8fd409208334c272b
97ecd42dea3bc998c5efd456bc13e2c45c700fba1c581961ca1481676bf08b42
a3987cc9ff1e96ae068bdd13278434f2d3d32e781b1e131d8e0ed2a1a8eb481b
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

login.amazon-verify1.com Open in urlscan Pro 162.240.97.226 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

79 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

5 IPs

1 Countries

507 kBTransfer

791 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

4 Cookies

Indicators

login.amazon-verify1.com Open in urlscan Pro
162.240.97.226 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

79 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

1
Countries

507 kB
Transfer

791 kB
Size

4
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!