![](/screenshots/1e0dea0d-b742-4980-8c45-f38c0d18f0bb.png)
capasjm.com
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Effective URL: http://capasjm.com/login.php?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.ca%2F%3F_encoding...
Submission: On June 05 via automatic, source openphish — Scanned from DE
Summary
This is the only time capasjm.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::2003 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2600:9000:206... 2600:9000:206f:1200:1d:d7f6:39d0:c781 | 16509 (AMAZON-02) (AMAZON-02) | |
9 | 5 |
ASN16509 (AMAZON-02, US)
images-na.ssl-images-amazon.com | |
m.media-amazon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
ssl-images-amazon.com
images-na.ssl-images-amazon.com — Cisco Umbrella Rank: 825 |
29 KB |
2 |
capasjm.com
capasjm.com |
8 KB |
1 |
media-amazon.com
m.media-amazon.com — Cisco Umbrella Rank: 557 |
28 KB |
1 |
gstatic.com
www.gstatic.com |
145 KB |
1 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
967 B |
9 | 5 |
Domain | Requested by | |
---|---|---|
3 | images-na.ssl-images-amazon.com |
capasjm.com
|
2 | capasjm.com |
capasjm.com
|
1 | m.media-amazon.com |
images-na.ssl-images-amazon.com
|
1 | www.gstatic.com |
www.google.com
|
1 | www.google.com |
capasjm.com
www.gstatic.com |
9 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.amazon.co.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.google.com GTS CA 1C3 |
2022-05-09 - 2022-08-01 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-05-09 - 2022-08-01 |
3 months | crt.sh |
Images-na.ssl-images-amazon.com DigiCert Global CA G2 |
2022-02-01 - 2023-01-02 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://capasjm.com/login.php?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.ca%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=caflex&openid.mode=checkid_setup&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&
Frame ID: 29A2607B9DF49E8B60EC54E30A4F4D26
Requests: 8 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeFqiQgAAAAAHXoTXKCvv7-x_uEtN7_Scm-ALPP&co=aHR0cDovL2NhcGFzam0uY29tOjgw&hl=de&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=c36lh683ofco
Frame ID: 5F2E19DCD91E3974172D0F92796A0763
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/1e0dea0d-b742-4980-8c45-f38c0d18f0bb.png)
Page Title
Amazon Sign InPage URL History Show full URLs
- http://capasjm.com/ Page URL
- http://capasjm.com/login.php?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amaz... Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/reCAPTCHA.png)
Detected patterns
- /recaptcha/api\.js
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title: Conditions of Use & Sale
Search URL Search Domain Scan URL
Title: Privacy Notice
Search URL Search Domain Scan URL
Title: Cookies Notices
Search URL Search Domain Scan URL
Title: Interest-Based Ads Notice
Search URL Search Domain Scan URL
Title: Conditions of Use
Search URL Search Domain Scan URL
Title: Privacy Notice
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://capasjm.com/ Page URL
- http://capasjm.com/login.php?openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.ca%2F%3F_encoding%3DUTF8%26ref_%3Dnav_newcust&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=caflex&openid.mode=checkid_setup&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0& Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
capasjm.com/ |
966 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
850 B 967 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
capasjm.com/ |
13 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__de.js
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ |
365 KB 145 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
anchor
www.google.com/recaptcha/api2/ Frame 5F2E |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
61A6IErPNXL._RC%7C11Fd9tJOdtL.css,11tfezETfFL.css,31Q3id-QR0L.css,31U9HrBLKmL.css_.css
images-na.ssl-images-amazon.com/images/I/ |
133 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
01SdjaY0ZsL._RC%7C31jdWD+JB+L.css,41O23DtqM3L.css_.css
images-na.ssl-images-amazon.com/images/I/ |
36 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
113GJdhRnnL.css
images-na.ssl-images-amazon.com/images/I/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mPGmT0r6IeTyIee.png
m.media-amazon.com/images/S/sash/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.google.com
- URL
- https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeFqiQgAAAAAHXoTXKCvv7-x_uEtN7_Scm-ALPP&co=aHR0cDovL2NhcGFzam0uY29tOjgw&hl=de&v=M-QqaF9xk6BpjLH22uHZRhXt&size=normal&cb=c36lh683ofco
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
capasjm.com
images-na.ssl-images-amazon.com
m.media-amazon.com
www.google.com
www.gstatic.com
www.google.com
2600:9000:206f:1200:1d:d7f6:39d0:c781
2a00:1450:4001:812::2003
2a00:1450:4001:812::2004
2a06:98c1:3120::3
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
44ebe6874211b69b2c6773b6493ef27cc8037d5ec63c40d204b599e07212acb5
65e3ba66df0c9c45a17ac62283069d21d5e4a473d649a1d574a562a44f9a09c3
686bad9ed0ebf2f7cdbf20a0dbcfeb109f45b626bb09d7fe4937c9b23a07113c
ba49da01868602a45c431e69b0fdbc1a9dde1c9437c009463ae0262f882cf50f