na7-amazon.com - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 193.201.82.113, located in Romania and belongs to THCPROJECTS, RO. The main domain is na7-amazon.com.
TLS certificate: Issued by R3 on July 25th 2023. Valid for: 3 months.

This is the only time na7-amazon.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	193.201.82.113 193.201.82.113	51177 (THCPROJECTS) (THCPROJECTS)
3	2600:9000:225... 2600:9000:2251:dc00:1d:d7f6:39d2:2dc1	16509 (AMAZON-02) (AMAZON-02)
4	3

1 193.201.82.113 (Romania)

ASN51177 (THCPROJECTS, RO)
PTR: s01ipx82x113.thchost.ro

na7-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2251:dc00:1d:d7f6:39d2:2dc1 (United States)

ASN16509 (AMAZON-02, US)

images-na.ssl-images-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	ssl-images-amazon.com images-na.ssl-images-amazon.com — Cisco Umbrella Rank: 860	21 KB
1	na7-amazon.com na7-amazon.com	3 KB
4	2

	Domain	Requested by
3	images-na.ssl-images-amazon.com	na7-amazon.com images-na.ssl-images-amazon.com
1	na7-amazon.com
4	2

This site contains no links.

Subject Issuer	Validity	Valid
*.na7-amazon.com R3	`2023-07-25` - `2023-10-23`	3 months	crt.sh
images-na.ssl-images-amazon.com DigiCert Global CA G2	`2022-10-26` - `2023-10-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://na7-amazon.com/
Frame ID: 5B2DA8828A77E24BF18E34CB3236B72A
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

4
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

24 kB
Transfer

110 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
na7-amazon.com/ 5 KB
3 KB 472ms
134ms Document
text/html 193.201.82.113
THCPROJECTS

General

Check archive.org

Show headers Download Go to

Full URL

https://na7-amazon.com/

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

193.201.82.113 , Romania, ASN51177 (THCPROJECTS, RO),

Reverse DNS

s01ipx82x113.thchost.ro

Software

nginx /

Resource Hash

6b620fa350c186ce210aec1c1af3c61652ff3c0da2614e7812bdc2d5725074e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 24 Aug 2023 09:27:43 GMT
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-upstream-cache-status: EXPIRED
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block

GET
H2 200 61-3-bWDR-L.css
images-na.ssl-images-amazon.com/images/I/ 95 KB
11 KB 118ms
28ms Stylesheet
text/css 2600:9000:2251:dc00:1d:d7f6:39d2:2dc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://images-na.ssl-images-amazon.com/images/I/61-3-bWDR-L.css
Requested by: Host: na7-amazon.com
URL: https://na7-amazon.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:dc00:1d:d7f6:39d2:2dc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 88c78d283f917ae20924b60439e8ae078cc6795065d4d59f13b40e7b6a060119

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://na7-amazon.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Sat, 05 Aug 2023 21:54:29 GMT
content-encoding: br
via: 1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
age: 1596794
edge-cache-tag: x-cache-641,/images/I/61-3-bWDR-L
x-cache: Hit from cloudfront
x-nginx-cache-status: MISS
surrogate-key: x-cache-641 /images/I/61-3-bWDR-L
last-modified: Mon, 20 Jul 2020 13:59:11 GMT
server: Server
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=630720000,public
x-amz-ir-id: b84c4f92-3504-4edc-b464-61f09e8531d2
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
x-amz-cf-id: enZ-Mrhn4snBIJTw0Ir6lTEoDuCZoymYcJ6yliErOeXswOhJspNZhQ==
expires: Fri, 31 Jul 2043 21:54:29 GMT

GET
H2 200 21pIdgTnwML.png
images-na.ssl-images-amazon.com/images/I/ 6 KB
7 KB 27ms
27ms Image
image/png 2600:9000:2251:dc00:1d:d7f6:39d2:2dc1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images-na.ssl-images-amazon.com/images/I/21pIdgTnwML.png
Requested by: Host: images-na.ssl-images-amazon.com
URL: https://images-na.ssl-images-amazon.com/images/I/61-3-bWDR-L.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:dc00:1d:d7f6:39d2:2dc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: ddf42c4aee947006d3d0b60207a3dcd713b4e838c0ae7c55d8eba6327fdebe9a

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://images-na.ssl-images-amazon.com/images/I/61-3-bWDR-L.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 19:42:45 GMT
via: 1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
age: 2987098
edge-cache-tag: x-cache-927,/images/I/21pIdgTnwML
x-cache: Hit from cloudfront
x-nginx-cache-status: HIT
content-length: 6338
surrogate-key: x-cache-927 /images/I/21pIdgTnwML
last-modified: Thu, 15 Aug 2013 17:53:57 GMT
server: Server
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=630720000,public
x-amz-ir-id: 0c63ceb8-12ef-4a31-891b-36c7d5cbd8d1
accept-ranges: bytes
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
x-amz-cf-id: cvJi3xT9AHKe3dou7_ALHpiD5MFCuO_p_PdEi0e6SGu2cw4Gcz1nFQ==
expires: Tue, 14 Jul 2043 08:02:53 GMT

GET
H2 200 11Tz2u7Y8wL.png
images-na.ssl-images-amazon.com/images/I/ 3 KB
3 KB 25ms
25ms Image
image/png 2600:9000:2251:dc00:1d:d7f6:39d2:2dc1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images-na.ssl-images-amazon.com/images/I/11Tz2u7Y8wL.png
Requested by: Host: images-na.ssl-images-amazon.com
URL: https://images-na.ssl-images-amazon.com/images/I/61-3-bWDR-L.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:dc00:1d:d7f6:39d2:2dc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 6d41af45fc77c0071d323d5b08163fc565dcdd7f94cd22fc0e11cf2e84a9a0ff

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://images-na.ssl-images-amazon.com/images/I/61-3-bWDR-L.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 21 Jul 2023 01:48:34 GMT
via: 1.1 b4904c5988fd0eaae341a12cc47f3766.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
age: 2965149
edge-cache-tag: x-cache-354,/images/I/11Tz2u7Y8wL
x-cache: Hit from cloudfront
x-nginx-cache-status: HIT
content-length: 2787
surrogate-key: x-cache-354 /images/I/11Tz2u7Y8wL
last-modified: Wed, 05 Feb 2014 00:50:26 GMT
server: Server
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=630720000,public
x-amz-ir-id: b07ab0f2-6f2d-4ec8-bf8b-abc892925ed0
accept-ranges: bytes
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
x-amz-cf-id: kLCuFs99nifyF4f7OQlbJVD-H96UTG1eKSfNBr1z3oVijchSR7CjyA==
expires: Tue, 14 Jul 2043 00:48:22 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ddcf5e140c5cbeffa3e5a13f10bc2d5631ea015cfa71eaf8817b43326ddfd8ee

Request headers

accept-language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

images-na.ssl-images-amazon.com
na7-amazon.com
193.201.82.113
2600:9000:2251:dc00:1d:d7f6:39d2:2dc1
6b620fa350c186ce210aec1c1af3c61652ff3c0da2614e7812bdc2d5725074e0
6d41af45fc77c0071d323d5b08163fc565dcdd7f94cd22fc0e11cf2e84a9a0ff
88c78d283f917ae20924b60439e8ae078cc6795065d4d59f13b40e7b6a060119
ddcf5e140c5cbeffa3e5a13f10bc2d5631ea015cfa71eaf8817b43326ddfd8ee
ddf42c4aee947006d3d0b60207a3dcd713b4e838c0ae7c55d8eba6327fdebe9a

na7-amazon.com Open in urlscan Pro 193.201.82.113 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

4 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

24 kBTransfer

110 kBSize

0 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

na7-amazon.com Open in urlscan Pro
193.201.82.113 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

24 kB
Transfer

110 kB
Size

0
Cookies

4 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!