sign.amazon.report.account.update.zemfxeqztg.buzz Open in urlscan Pro
69.48.153.79 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bechakena.com.bd/shell.php?type=book
Effective URL:
https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493
Submission: On August 10 via manual (August 10th 2023, 2:23:30 pm UTC) from ZA — Scanned from SG

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 69.48.153.79, located in United States and belongs to A2HOSTING, US. The main domain is sign.amazon.report.account.update.zemfxeqztg.buzz.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 8th 2023. Valid for: 3 months.

This is the only time sign.amazon.report.account.update.zemfxeqztg.buzz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online) Amazon Japan (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	18.136.249.105 18.136.249.105	16509 (AMAZON-02) (AMAZON-02)
11	69.48.153.79 69.48.153.79	55293 (A2HOSTING) (A2HOSTING)
11	1

1 18.136.249.105 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server2971.quanticdynamics.cloud

bechakena.com.bd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 69.48.153.79 (United States)

ASN55293 (A2HOSTING, US)
PTR: server.bina2you.co.uk

sign.amazon.report.account.update.zemfxeqztg.buzz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	zemfxeqztg.buzz sign.amazon.report.account.update.zemfxeqztg.buzz	219 KB
1	bechakena.com.bd 1 redirects bechakena.com.bd	305 B
11	2

	Domain	Requested by
11	sign.amazon.report.account.update.zemfxeqztg.buzz	sign.amazon.report.account.update.zemfxeqztg.buzz
1	bechakena.com.bd	1 redirects
11	2

This site contains no links.

Subject Issuer	Validity	Valid
sign.amazon.report.account.update.zemfxeqztg.buzz cPanel, Inc. Certification Authority	`2023-08-08` - `2023-11-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493
Frame ID: 7850232A2547E5E9822C5AF7FDA6EB64
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Amazon Sign-in

Page URL History Show full URLs

https://bechakena.com.bd/shell.php?type=book HTTP 302
https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493 Page URL

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

219 kB
Transfer

536 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bechakena.com.bd/shell.php?type=book HTTP 302
https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
sign.amazon.report.account.update.zemfxeqztg.buzz/
Redirect Chain

https://bechakena.com.bd/shell.php?type=book
https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493

3 KB
2 KB

5675ms
2534ms

Document
text/html

69.48.153.79
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

69.48.153.79 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

server.bina2you.co.uk

Software

LiteSpeed / PHP/8.1.21

Resource Hash

c438bfc039c472b25def71834b4514a9dcb6a8c1497f08f93fbec0d630adc0fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods: POST, OPTIONS, GET
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control: public, max-age=3600
content-encoding: br
content-length: 1480
content-type: text/html; charset=UTF-8
date: Thu, 10 Aug 2023 14:23:24 GMT
expires: Thu, 10 Aug 2023 15:23:24 GMT
server: LiteSpeed
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN,DENY
x-powered-by: PHP/8.1.21
x-xss-protection: 1; mode=block

Redirect headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 10 Aug 2023 14:23:16 GMT
Keep-Alive: timeout=5, max=100
LOCATION: https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493
Server: Apache
Transfer-Encoding: chunked

GET
H2 200 main.26569d68.chunk.css
sign.amazon.report.account.update.zemfxeqztg.buzz/static/css/ 103 KB
22 KB 849ms
847ms Stylesheet
text/css 69.48.153.79
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/css/main.26569d68.chunk.css

Requested by

Host: sign.amazon.report.account.update.zemfxeqztg.buzz
URL: https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

69.48.153.79 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

server.bina2you.co.uk

Software

LiteSpeed /

Resource Hash

48c926fab7c2d2b712d29042337a98d989b152df861289a0fa14ea28357257df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 14:23:24 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 22027
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Aug 2023 22:15:58 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN,DENY
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
cache-control: public, max-age=31536000
accept-ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
expires: Fri, 09 Aug 2024 14:23:24 GMT

GET
H2 200 3.b341397e.chunk.js Show response
sign.amazon.report.account.update.zemfxeqztg.buzz/static/js/ 247 KB
74 KB 599ms
598ms Script
application/javascript 69.48.153.79
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/js/3.b341397e.chunk.js

Requested by

Host: sign.amazon.report.account.update.zemfxeqztg.buzz
URL: https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

69.48.153.79 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

server.bina2you.co.uk

Software

LiteSpeed /

Resource Hash

029e6ab701ef269caf2dea15e78fd140cb1ef335e4fa9551e6bca3d3dc4d3824

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 14:23:24 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 75770
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Aug 2023 22:15:58 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN,DENY
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
cache-control: public, max-age=31536000
accept-ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
expires: Fri, 09 Aug 2024 14:23:24 GMT

GET
H2 200 main.04cccc3d.chunk.js Show response
sign.amazon.report.account.update.zemfxeqztg.buzz/static/js/ 54 KB
17 KB 342ms
341ms Script
application/javascript 69.48.153.79
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/js/main.04cccc3d.chunk.js

Requested by

Host: sign.amazon.report.account.update.zemfxeqztg.buzz
URL: https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

69.48.153.79 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

server.bina2you.co.uk

Software

LiteSpeed /

Resource Hash

247059d05620de24ba970032abdd7c705ae21a3fb16b9749971dc4788648e3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 14:23:24 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 17627
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Aug 2023 22:15:58 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN,DENY
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
cache-control: public, max-age=31536000
accept-ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
expires: Fri, 09 Aug 2024 14:23:24 GMT

POST
H3 200 supply Show response
sign.amazon.report.account.update.zemfxeqztg.buzz/api/ 1 KB
1 KB 326ms
325ms XHR
text/html 69.48.153.79
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://sign.amazon.report.account.update.zemfxeqztg.buzz/api/supply

Requested by

Host: sign.amazon.report.account.update.zemfxeqztg.buzz
URL: https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/js/3.b341397e.chunk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

69.48.153.79 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

server.bina2you.co.uk

Software

LiteSpeed / PHP/8.1.21

Resource Hash

7b0cc0e47d246f7aeff667926776d525905694f081c28719c81dbc462aefd1e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 14:23:26 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: PHP/8.1.21
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 690
x-xss-protection: 1; mode=block
server: LiteSpeed
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN,DENY
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
cache-control: public, max-age=3600
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
expires: Thu, 10 Aug 2023 15:23:26 GMT

GET
H3 200 pDxWAF1pBB0dzGB.2c1d70d6.woff2
sign.amazon.report.account.update.zemfxeqztg.buzz/static/media/ 16 KB
16 KB 330ms
329ms Font
font/woff2 69.48.153.79
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/media/pDxWAF1pBB0dzGB.2c1d70d6.woff2

Requested by

Host: sign.amazon.report.account.update.zemfxeqztg.buzz
URL: https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/css/main.26569d68.chunk.css

Protocol

Security

QUIC, , AES_128_GCM

Server

69.48.153.79 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

server.bina2you.co.uk

Software

LiteSpeed /

Resource Hash

cded49f94fc16dc0a14923975e159fbf4b14844593e612c1342c9e34e2f96821

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/css/main.26569d68.chunk.css
Origin: https://sign.amazon.report.account.update.zemfxeqztg.buzz
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 14:23:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-length: 16616
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Aug 2023 22:15:58 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN,DENY
access-control-allow-methods: POST, OPTIONS, GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=2592000
vary: User-Agent
accept-ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
expires: Sat, 09 Sep 2023 14:23:26 GMT

POST
H3 200 ping Show response
sign.amazon.report.account.update.zemfxeqztg.buzz/api/ 2 B
111 B 684ms
637ms XHR
text/html 69.48.153.79
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://sign.amazon.report.account.update.zemfxeqztg.buzz/api/ping

Requested by

Host: sign.amazon.report.account.update.zemfxeqztg.buzz
URL: https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/js/3.b341397e.chunk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

69.48.153.79 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

server.bina2you.co.uk

Software

LiteSpeed / PHP/8.1.21

Resource Hash

565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://sign.amazon.report.account.update.zemfxeqztg.buzz/ap/signin?session=ork1nffkxl53xhm1zo3rh4s14idwr63x9kq5ez5d0vqo1q9n4lvujzhm75d45ni0
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 10 Aug 2023 14:23:26 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: PHP/8.1.21
content-length: 6
x-xss-protection: 1; mode=block
server: LiteSpeed
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN,DENY
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
cache-control: public, max-age=3600
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
expires: Thu, 10 Aug 2023 15:23:26 GMT

GET
H3 200 0.b3491ad5.chunk.js Show response
sign.amazon.report.account.update.zemfxeqztg.buzz/static/js/ 22 KB
7 KB 318ms
318ms Script
application/javascript 69.48.153.79
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/js/0.b3491ad5.chunk.js

Requested by

Host: sign.amazon.report.account.update.zemfxeqztg.buzz
URL: https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493

Protocol

Security

QUIC, , AES_128_GCM

Server

69.48.153.79 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

server.bina2you.co.uk

Software

LiteSpeed /

Resource Hash

ee58d4a92736a825248251164317d15e59e1270fff5635920c1bfd68b6ac5d6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sign.amazon.report.account.update.zemfxeqztg.buzz/ap/signin?session=ork1nffkxl53xhm1zo3rh4s14idwr63x9kq5ez5d0vqo1q9n4lvujzhm75d45ni0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 14:23:26 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 7456
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Aug 2023 22:15:58 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN,DENY
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
cache-control: public, max-age=31536000
accept-ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
expires: Fri, 09 Aug 2024 14:23:26 GMT

GET
H3 200 13.36fc15e3.chunk.js Show response
sign.amazon.report.account.update.zemfxeqztg.buzz/static/js/ 12 KB
3 KB 334ms
334ms Script
application/javascript 69.48.153.79
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/js/13.36fc15e3.chunk.js

Requested by

Host: sign.amazon.report.account.update.zemfxeqztg.buzz
URL: https://sign.amazon.report.account.update.zemfxeqztg.buzz/?views=&vid=64d4f2d5d41d19f1a9182493

Protocol

Security

QUIC, , AES_128_GCM

Server

69.48.153.79 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

server.bina2you.co.uk

Software

LiteSpeed /

Resource Hash

3d88168c0f1a9c19180119fb533febc3b67a49553b3909bafa4fbd03fbe05bc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sign.amazon.report.account.update.zemfxeqztg.buzz/ap/signin?session=ork1nffkxl53xhm1zo3rh4s14idwr63x9kq5ez5d0vqo1q9n4lvujzhm75d45ni0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 14:23:26 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2700
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Aug 2023 22:15:58 GMT
server: LiteSpeed
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN,DENY
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: POST, OPTIONS, GET
cache-control: public, max-age=31536000
accept-ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
expires: Fri, 09 Aug 2024 14:23:26 GMT

GET
H3 200 main.d33128ec.png
sign.amazon.report.account.update.zemfxeqztg.buzz/static/media/ 60 KB
61 KB 396ms
396ms Image
image/png 69.48.153.79
A2HOSTING

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/media/main.d33128ec.png

Requested by

Host: sign.amazon.report.account.update.zemfxeqztg.buzz
URL: https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/css/main.26569d68.chunk.css

Protocol

Security

QUIC, , AES_128_GCM

Server

69.48.153.79 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

server.bina2you.co.uk

Software

LiteSpeed /

Resource Hash

c5e829691be4103e8f645ee962bbc3de1ca51d083d147f1716fbf5d59f99c86a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/css/main.26569d68.chunk.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 14:23:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-length: 61917
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Aug 2023 22:15:58 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN,DENY
access-control-allow-methods: POST, OPTIONS, GET
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
vary: User-Agent
accept-ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
expires: Sat, 09 Sep 2023 14:23:26 GMT

GET
H3 200 KFPk-9IF4FqAqY-.4de52a40.woff2
sign.amazon.report.account.update.zemfxeqztg.buzz/static/media/ 16 KB
16 KB 323ms
323ms Font
font/woff2 69.48.153.79
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/media/KFPk-9IF4FqAqY-.4de52a40.woff2

Requested by

Host: sign.amazon.report.account.update.zemfxeqztg.buzz
URL: https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/css/main.26569d68.chunk.css

Protocol

Security

QUIC, , AES_128_GCM

Server

69.48.153.79 , United States, ASN55293 (A2HOSTING, US),

Reverse DNS

server.bina2you.co.uk

Software

LiteSpeed /

Resource Hash

4065b43ba3db8da5390ba0708555889f78e86483fe0226ef79ea22d07c306b89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/css/main.26569d68.chunk.css
Origin: https://sign.amazon.report.account.update.zemfxeqztg.buzz
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 14:23:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-length: 16460
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Aug 2023 22:15:58 GMT
server: LiteSpeed
x-frame-options: SAMEORIGIN,DENY
access-control-allow-methods: POST, OPTIONS, GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=2592000
vary: User-Agent
accept-ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
expires: Sat, 09 Sep 2023 14:23:26 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online) Amazon Japan (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackJsonpa

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			sign.amazon.report.account.update.zemfxeqztg.buzz/	1970-01-20 13:54:41	Name: session Value: 39BMhUvTBsL47RVkLp9agwVtaisb97iL
			sign.amazon.report.account.update.zemfxeqztg.buzz/	1970-01-20 13:54:41	Name: language Value: en

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://sign.amazon.report.account.update.zemfxeqztg.buzz/static/js/main.04cccc3d.chunk.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN,DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bechakena.com.bd
sign.amazon.report.account.update.zemfxeqztg.buzz
18.136.249.105
69.48.153.79
029e6ab701ef269caf2dea15e78fd140cb1ef335e4fa9551e6bca3d3dc4d3824
247059d05620de24ba970032abdd7c705ae21a3fb16b9749971dc4788648e3ba
3d88168c0f1a9c19180119fb533febc3b67a49553b3909bafa4fbd03fbe05bc0
4065b43ba3db8da5390ba0708555889f78e86483fe0226ef79ea22d07c306b89
48c926fab7c2d2b712d29042337a98d989b152df861289a0fa14ea28357257df
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
7b0cc0e47d246f7aeff667926776d525905694f081c28719c81dbc462aefd1e2
c438bfc039c472b25def71834b4514a9dcb6a8c1497f08f93fbec0d630adc0fb
c5e829691be4103e8f645ee962bbc3de1ca51d083d147f1716fbf5d59f99c86a
cded49f94fc16dc0a14923975e159fbf4b14844593e612c1342c9e34e2f96821
ee58d4a92736a825248251164317d15e59e1270fff5635920c1bfd68b6ac5d6b

sign.amazon.report.account.update.zemfxeqztg.buzz Open in urlscan Pro 69.48.153.79 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

219 kBTransfer

536 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

sign.amazon.report.account.update.zemfxeqztg.buzz Open in urlscan Pro
69.48.153.79 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

219 kB
Transfer

536 kB
Size

2
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!