amazon-b.top Open in urlscan Pro
2.58.228.140 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://amazon-b.top/amazon/login/login.php
Submission: On October 21 via manual (October 21st 2020, 11:19:10 am UTC) from CH

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 2.58.228.140, located in Hong Kong and belongs to AS40676, US. The main domain is amazon-b.top.
TLS certificate: Issued by TrustAsia TLS RSA CA on October 21st 2020. Valid for: a year.

This is the only time amazon-b.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon Japan (Online)

Domain & IP information

	IP Address		AS Autonomous System
12	2.58.228.140 2.58.228.140		40676 (AS40676) (AS40676)
12	1

12 2.58.228.140 (Hong Kong)

ASN40676 (AS40676, US)

amazon-b.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	amazon-b.top amazon-b.top	202 KB
12	1

	Domain	Requested by
12	amazon-b.top	amazon-b.top
12	1

This site contains no links.

Subject Issuer	Validity	Valid
amazon-b.top TrustAsia TLS RSA CA	`2020-10-21` - `2021-10-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://amazon-b.top/amazon/login/login.php
Frame ID: 34B9A22D7154D51A372B55F3DA9DACB1
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

202 kB
Transfer

557 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login.php Show response amazon-b.top/amazon/login/	13 KB 5 KB	1469ms 676ms	Document text/html	2.58.228.140 AS40676
General Check archive.org Show headers Download Go to Full URL https://amazon-b.top/amazon/login/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.58.228.140 , Hong Kong, ASN40676 (AS40676, US), Reverse DNS Software nginx / Resource Hash `431b0f299a481e1d6edfd4ccccd0f0860f75cb9c5a7bfb3d011c102bfc81ffae` Request headers :method GET :authority amazon-b.top :scheme https :path /amazon/login/login.php pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 server nginx date Wed, 21 Oct 2020 11:18:53 GMT content-type text/html; charset=utf-8 vary Accept-Encoding set-cookie PHPSESSID=jm9pvo54g6notjvp5eripba9c6; path=/ expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache content-encoding gzip
GET H2	200	61ccss.css amazon-b.top/amazon/login/static/css/	133 KB 28 KB	349ms 347ms	Stylesheet text/css	2.58.228.140 AS40676
General Check archive.org Show headers Download Go to Full URL https://amazon-b.top/amazon/login/static/css/61ccss.css Requested by Host: amazon-b.top URL: https://amazon-b.top/amazon/login/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.58.228.140 , Hong Kong, ASN40676 (AS40676, US), Reverse DNS Software nginx / Resource Hash `11eba57b5417362f44b4cd0c9b613eecd5716222b14f8317997c7772b322480c` Request headers Referer https://amazon-b.top/amazon/login/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 11:18:53 GMT content-encoding gzip last-modified Sat, 12 Sep 2020 10:19:46 GMT server nginx etag W/"5f5ca0c2-215a5" vary Accept-Encoding content-type text/css status 200 cache-control max-age=43200 expires Wed, 21 Oct 2020 23:18:53 GMT
GET H2	200	01Scss.css amazon-b.top/amazon/login/static/css/	49 KB 10 KB	360ms 358ms	Stylesheet text/css	2.58.228.140 AS40676
General Check archive.org Show headers Download Go to Full URL https://amazon-b.top/amazon/login/static/css/01Scss.css Requested by Host: amazon-b.top URL: https://amazon-b.top/amazon/login/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.58.228.140 , Hong Kong, ASN40676 (AS40676, US), Reverse DNS Software nginx / Resource Hash `768163ea85bed1a02f74c76a990471969bf40e1b0a2ab522d743dfa1e8872b64` Request headers Referer https://amazon-b.top/amazon/login/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 11:18:53 GMT content-encoding gzip last-modified Sat, 12 Sep 2020 10:19:46 GMT server nginx etag W/"5f5ca0c2-c4f5" vary Accept-Encoding content-type text/css status 200 cache-control max-age=43200 expires Wed, 21 Oct 2020 23:18:53 GMT
GET H2	200	11Hcss.css amazon-b.top/amazon/login/static/css/	2 KB 914 B	360ms 358ms	Stylesheet text/css	2.58.228.140 AS40676
General Check archive.org Show headers Download Go to Full URL https://amazon-b.top/amazon/login/static/css/11Hcss.css Requested by Host: amazon-b.top URL: https://amazon-b.top/amazon/login/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.58.228.140 , Hong Kong, ASN40676 (AS40676, US), Reverse DNS Software nginx / Resource Hash `2726b276dab1228ed7e29aef6370fccd6801ed15d3bde151684d3120d36a29d4` Request headers Referer https://amazon-b.top/amazon/login/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 11:18:53 GMT content-encoding gzip last-modified Sat, 12 Sep 2020 10:19:46 GMT server nginx etag W/"5f5ca0c2-7ee" vary Accept-Encoding content-type text/css status 200 cache-control max-age=43200 expires Wed, 21 Oct 2020 23:18:53 GMT
GET H2	200	jquery.min.js Show response amazon-b.top/amazon/login/static/js/	156 KB 46 KB	535ms 533ms	Script application/javascript	2.58.228.140 AS40676
General Check archive.org Show headers Download Go to Full URL https://amazon-b.top/amazon/login/static/js/jquery.min.js Requested by Host: amazon-b.top URL: https://amazon-b.top/amazon/login/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.58.228.140 , Hong Kong, ASN40676 (AS40676, US), Reverse DNS Software nginx / Resource Hash `89db88fadaf63fd4e91d869fed81834918debd6eacbe6e47b5ad54e061996aed` Request headers Referer https://amazon-b.top/amazon/login/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 11:18:53 GMT content-encoding gzip last-modified Sat, 12 Sep 2020 10:19:36 GMT server nginx etag W/"5f5ca0b8-26f30" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=43200 expires Wed, 21 Oct 2020 23:18:53 GMT
GET H2	200	jquery.validate.min.js Show response amazon-b.top/amazon/login/static/js/	34 KB 9 KB	677ms 675ms	Script application/javascript	2.58.228.140 AS40676
General Check archive.org Show headers Download Go to Full URL https://amazon-b.top/amazon/login/static/js/jquery.validate.min.js Requested by Host: amazon-b.top URL: https://amazon-b.top/amazon/login/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.58.228.140 , Hong Kong, ASN40676 (AS40676, US), Reverse DNS Software nginx / Resource Hash `f59dc66c08474ec52a21ab66cd6ba46a4e4ace29b0b82e2306add18741ae9c2a` Request headers Referer https://amazon-b.top/amazon/login/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 11:18:53 GMT content-encoding gzip last-modified Sat, 12 Sep 2020 10:19:36 GMT server nginx etag W/"5f5ca0b8-867d" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=43200 expires Wed, 21 Oct 2020 23:18:53 GMT
GET H2	200	sire.form.js Show response amazon-b.top/amazon/login/static/js/	3 KB 1 KB	677ms 675ms	Script application/javascript	2.58.228.140 AS40676
General Check archive.org Show headers Download Go to Full URL https://amazon-b.top/amazon/login/static/js/sire.form.js Requested by Host: amazon-b.top URL: https://amazon-b.top/amazon/login/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.58.228.140 , Hong Kong, ASN40676 (AS40676, US), Reverse DNS Software nginx / Resource Hash `9c441acfd95a33ab228828376dda482631e0a8a0153d60794abbf16b32d247b0` Request headers Referer https://amazon-b.top/amazon/login/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 11:18:53 GMT content-encoding gzip last-modified Sat, 12 Sep 2020 10:19:36 GMT server nginx etag W/"5f5ca0b8-c90" vary Accept-Encoding content-type application/javascript status 200 cache-control max-age=43200 expires Wed, 21 Oct 2020 23:18:53 GMT
GET H2	200	21Qcss.css amazon-b.top/amazon/login/static/css/	79 KB 16 KB	528ms 527ms	Stylesheet text/css	2.58.228.140 AS40676
General Check archive.org Show headers Download Go to Full URL https://amazon-b.top/amazon/login/static/css/21Qcss.css Requested by Host: amazon-b.top URL: https://amazon-b.top/amazon/login/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.58.228.140 , Hong Kong, ASN40676 (AS40676, US), Reverse DNS Software nginx / Resource Hash `7ac7d3edb543cef54c17951395f8e75f644d0b91bb1fe4ae337590ec22e52673` Request headers Referer https://amazon-b.top/amazon/login/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 11:18:53 GMT content-encoding gzip last-modified Sat, 12 Sep 2020 10:19:46 GMT server nginx etag W/"5f5ca0c2-13a17" vary Accept-Encoding content-type text/css status 200 cache-control max-age=43200 expires Wed, 21 Oct 2020 23:18:53 GMT
GET H2	200	219css.css amazon-b.top/amazon/login/static/css/	5 KB 2 KB	528ms 527ms	Stylesheet text/css	2.58.228.140 AS40676
General Check archive.org Show headers Download Go to Full URL https://amazon-b.top/amazon/login/static/css/219css.css Requested by Host: amazon-b.top URL: https://amazon-b.top/amazon/login/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.58.228.140 , Hong Kong, ASN40676 (AS40676, US), Reverse DNS Software nginx / Resource Hash `465c2a9824f70ca7950230859a2ac72673c455d109994e1465fd6f0e2cf27245` Request headers Referer https://amazon-b.top/amazon/login/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 11:18:53 GMT content-encoding gzip last-modified Sat, 12 Sep 2020 10:19:46 GMT server nginx etag W/"5f5ca0c2-152d" vary Accept-Encoding content-type text/css status 200 cache-control max-age=43200 expires Wed, 21 Oct 2020 23:18:53 GMT
GET H2	200	new-nav-sm-smile-sprite-global-1.png amazon-b.top/amazon/login/static/picture/	11 KB 11 KB	188ms 188ms	Image image/png	2.58.228.140 AS40676
General Check archive.org Show headers Download Go to Show image Full URL https://amazon-b.top/amazon/login/static/picture/new-nav-sm-smile-sprite-global-1.png Requested by Host: amazon-b.top URL: https://amazon-b.top/amazon/login/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.58.228.140 , Hong Kong, ASN40676 (AS40676, US), Reverse DNS Software nginx / Resource Hash `f5b6e0ff10a1f98ca5f76330837e57d20ca904b94123540bdb966bebff747a89` Request headers Referer https://amazon-b.top/amazon/login/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 11:18:54 GMT last-modified Sat, 12 Sep 2020 10:19:36 GMT server nginx etag "5f5ca0b8-2c03" content-type image/png status 200 cache-control max-age=2592000 accept-ranges bytes content-length 11267 expires Fri, 20 Nov 2020 11:18:54 GMT
GET H2	200	new-nav-sm-smile-sprite-global-1.png amazon-b.top/amazon/login/static/image/	11 KB 11 KB	184ms 184ms	Image image/png	2.58.228.140 AS40676
General Check archive.org Show headers Download Go to Show image Full URL https://amazon-b.top/amazon/login/static/image/new-nav-sm-smile-sprite-global-1.png Requested by Host: amazon-b.top URL: https://amazon-b.top/amazon/login/login.php Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.58.228.140 , Hong Kong, ASN40676 (AS40676, US), Reverse DNS Software nginx / Resource Hash `f5b6e0ff10a1f98ca5f76330837e57d20ca904b94123540bdb966bebff747a89` Request headers Referer https://amazon-b.top/amazon/login/login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 11:18:54 GMT last-modified Sat, 12 Sep 2020 10:19:38 GMT server nginx etag "5f5ca0ba-2c03" content-type image/png status 200 cache-control max-age=2592000 accept-ranges bytes content-length 11267 expires Fri, 20 Nov 2020 11:18:54 GMT
GET H2	200	AmazonUIBaseCSS-sprite_2x-a3d92a.png amazon-b.top/amazon/login/static/image/	60 KB 61 KB	195ms 195ms	Image image/png	2.58.228.140 AS40676
General Check archive.org Show headers Download Go to Show image Full URL https://amazon-b.top/amazon/login/static/image/AmazonUIBaseCSS-sprite_2x-a3d92a.png Requested by Host: amazon-b.top URL: https://amazon-b.top/amazon/login/static/css/61ccss.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.58.228.140 , Hong Kong, ASN40676 (AS40676, US), Reverse DNS Software nginx / Resource Hash `c5e829691be4103e8f645ee962bbc3de1ca51d083d147f1716fbf5d59f99c86a` Request headers Referer https://amazon-b.top/amazon/login/static/css/61ccss.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 11:18:54 GMT last-modified Sat, 12 Sep 2020 10:19:38 GMT server nginx etag "5f5ca0ba-f1dd" content-type image/png status 200 cache-control max-age=2592000 accept-ranges bytes content-length 61917 expires Fri, 20 Nov 2020 11:18:54 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon Japan (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			amazon-b.top/	1969-12-31 23:59:59	Name: PHPSESSID Value: jm9pvo54g6notjvp5eripba9c6

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

amazon-b.top
2.58.228.140
11eba57b5417362f44b4cd0c9b613eecd5716222b14f8317997c7772b322480c
2726b276dab1228ed7e29aef6370fccd6801ed15d3bde151684d3120d36a29d4
431b0f299a481e1d6edfd4ccccd0f0860f75cb9c5a7bfb3d011c102bfc81ffae
465c2a9824f70ca7950230859a2ac72673c455d109994e1465fd6f0e2cf27245
768163ea85bed1a02f74c76a990471969bf40e1b0a2ab522d743dfa1e8872b64
7ac7d3edb543cef54c17951395f8e75f644d0b91bb1fe4ae337590ec22e52673
89db88fadaf63fd4e91d869fed81834918debd6eacbe6e47b5ad54e061996aed
9c441acfd95a33ab228828376dda482631e0a8a0153d60794abbf16b32d247b0
c5e829691be4103e8f645ee962bbc3de1ca51d083d147f1716fbf5d59f99c86a
f59dc66c08474ec52a21ab66cd6ba46a4e4ace29b0b82e2306add18741ae9c2a
f5b6e0ff10a1f98ca5f76330837e57d20ca904b94123540bdb966bebff747a89

amazon-b.top Open in urlscan Pro 2.58.228.140 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

202 kBTransfer

557 kBSize

1 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

Indicators

amazon-b.top Open in urlscan Pro
2.58.228.140 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

202 kB
Transfer

557 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!