luongynhiem.com Open in urlscan Pro
103.27.62.57  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set phone.php Show response luongynhiem.com/Amazon/SignIn/	7 KB 3 KB	292ms 291ms	Document text/html	103.27.62.57 VHOST-AS-VN Viet ...
General Check archive.org Show headers Download Go to Full URL http://luongynhiem.com/Amazon/SignIn/phone.php Protocol HTTP/1.1 Server 103.27.62.57 Tân Bình, Viet Nam, ASN56150 (VHOST-AS-VN Viet Solutions Services Trading Company Limited, VN), Reverse DNS Software LiteSpeed / PHP/5.6.40 Resource Hash 35536b9d023b7fd2cb157195c72302421c6857ccf24e19fd072955a93964c12d Request headers Host luongynhiem.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers X-Powered-By PHP/5.6.40 Set-Cookie PHPSESSID=ml1f4hs6go91ft34q4foencfq6; path=/ Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Content-Type text/html; charset=UTF-8 Content-Length 2275 Content-Encoding gzip Vary Accept-Encoding,User-Agent,Accept-Encoding Date Tue, 19 Mar 2019 08:01:32 GMT Server LiteSpeed Connection Keep-Alive
GET H2	200	61gbb09bfIL._RC%7C11Fd9tJOdtL.css,21ULbzscqzL.css,31Q3id-QR0L.css,31QszevPBSL.css_.css images-na.ssl-images-amazon.com/images/I/	136 KB 23 KB	34ms 28ms	Stylesheet text/css	99.84.6.145 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://images-na.ssl-images-amazon.com/images/I/61gbb09bfIL._RC%7C11Fd9tJOdtL.css,21ULbzscqzL.css,31Q3id-QR0L.css,31QszevPBSL.css_.css Requested by Host: luongynhiem.com URL: http://luongynhiem.com/Amazon/SignIn/phone.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 99.84.6.145 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-99-84-6-145.lhr62.r.cloudfront.net Software Server / Resource Hash b06058dda50252e2ff430d60f9d799d44e0dbbad47006ea169aa9abd90146459 Request headers Referer http://luongynhiem.com/Amazon/SignIn/phone.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 16 Nov 2018 00:20:14 GMT content-encoding gzip last-modified Thu, 16 Mar 2017 06:29:45 GMT server Server age 10694221 x-cache Hit from cloudfront content-type text/css; charset=utf-8 status 200 cache-control max-age=630720000,public x-amz-ir-id 056be750-2ad6-4c44-b93e-5cba0975509c timing-allow-origin https://www.amazon.com access-control-allow-origin * x-amz-cf-id CtiLx5gqNsii1hqm2HeifnNicxK4OyVtES_p5930wNLFEI1h65H33g== via 1.1 9e62047214e4bace813d04a6aad42396.cloudfront.net (CloudFront) expires Wed, 10 Nov 2038 13:24:32 GMT
GET H2	200	AuthenticationPortalAssets-60974eab2c51181b770605eaef55c2d69d69613c._V2_.css images-na.ssl-images-amazon.com/images/G/01/AUIClients/	32 KB 7 KB	28ms 22ms	Stylesheet text/css	99.84.6.145 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/AuthenticationPortalAssets-60974eab2c51181b770605eaef55c2d69d69613c._V2_.css Requested by Host: luongynhiem.com URL: http://luongynhiem.com/Amazon/SignIn/phone.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 99.84.6.145 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-99-84-6-145.lhr62.r.cloudfront.net Software Server / Resource Hash d7f0c84a144723f16e3e284bc646810e7007f552e7444e8138ce54f616f9975b Request headers Referer http://luongynhiem.com/Amazon/SignIn/phone.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 16 Nov 2018 00:40:09 GMT content-encoding gzip last-modified Thu, 08 Mar 2018 04:04:11 GMT server Server age 10725039 x-cache Hit from cloudfront content-type text/css; charset=utf-8 status 200 cache-control max-age=630720000,public x-amz-ir-id a29821c5-b005-4a88-89a6-f68786227de5 timing-allow-origin https://www.amazon.com access-control-allow-origin * x-amz-cf-id GRHTUI31_3senw-_0tU1bK78hhVe9MSDcJ_sHDGAYz-T2gINHgpXmA== via 1.1 9e62047214e4bace813d04a6aad42396.cloudfront.net (CloudFront) expires Sat, 18 Sep 2038 21:00:30 GMT
GET H2	200	CVFAssets-e91ba5c6e67c58c7f9c4c413fa67697feade389e._V2_.css images-na.ssl-images-amazon.com/images/G/01/AUIClients/	2 KB 1 KB	30ms 25ms	Stylesheet text/css	99.84.6.145 Amazon.com
General Check archive.org Show headers Download Go to Full URL https://images-na.ssl-images-amazon.com/images/G/01/AUIClients/CVFAssets-e91ba5c6e67c58c7f9c4c413fa67697feade389e._V2_.css Requested by Host: luongynhiem.com URL: http://luongynhiem.com/Amazon/SignIn/phone.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 99.84.6.145 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-99-84-6-145.lhr62.r.cloudfront.net Software Server / Resource Hash ac6c8a640f5b8fea68c8aeaaad4e145c8261be36ba09df844e4121fb69e90cc7 Request headers Referer http://luongynhiem.com/Amazon/SignIn/phone.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 16 Nov 2018 02:01:47 GMT content-encoding gzip last-modified Mon, 16 Oct 2017 21:31:50 GMT server Server age 10652236 x-cache Hit from cloudfront content-type text/css; charset=utf-8 status 200 cache-control max-age=630720000,public x-amz-ir-id 499a8f6f-f99c-403e-b516-520b90c01169 timing-allow-origin https://www.amazon.com access-control-allow-origin * x-amz-cf-id FxyAXlI18HT0Hnp2ev0ppF87inehRBNcUTREzR3Ky1RnSN9SLFACHA== via 1.1 9e62047214e4bace813d04a6aad42396.cloudfront.net (CloudFront) expires Thu, 06 May 2038 11:03:49 GMT
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/1.8.3/	91 KB 33 KB	11ms 5ms	Script text/javascript	2a00:1450:4001:81f::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js Requested by Host: luongynhiem.com URL: http://luongynhiem.com/Amazon/SignIn/phone.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:81f::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer http://luongynhiem.com/Amazon/SignIn/phone.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Sat, 09 Mar 2019 00:58:26 GMT content-encoding gzip x-content-type-options nosniff age 889387 status 200 alt-svc quic=":443"; ma=2592000; v="46,44,43,39" content-length 33593 x-xss-protection 1; mode=block last-modified Tue, 20 Dec 2016 18:17:03 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Sun, 08 Mar 2020 00:58:26 GMT
GET H2	200	sc-unified._CB341165134_.png images-na.ssl-images-amazon.com/images/G/01/rainier/nav/	3 KB 3 KB	31ms 26ms	Image image/png	99.84.6.145 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://images-na.ssl-images-amazon.com/images/G/01/rainier/nav/sc-unified._CB341165134_.png Requested by Host: luongynhiem.com URL: http://luongynhiem.com/Amazon/SignIn/phone.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 99.84.6.145 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-99-84-6-145.lhr62.r.cloudfront.net Software Server / Resource Hash 6d41af45fc77c0071d323d5b08163fc565dcdd7f94cd22fc0e11cf2e84a9a0ff Request headers Referer http://luongynhiem.com/Amazon/SignIn/phone.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 02 Nov 2018 23:25:23 GMT via 1.1 9e62047214e4bace813d04a6aad42396.cloudfront.net (CloudFront) last-modified Tue, 18 Mar 2014 00:19:47 GMT server Server age 11799314 x-cache Hit from cloudfront content-type image/png status 200 cache-control max-age=630720000,public x-amz-ir-id 8755330d-d581-4b26-b9a9-91c087998752 timing-allow-origin https://www.amazon.com access-control-allow-origin * content-length 2787 x-amz-cf-id c4qeU3yDZoyGeIzRxRToEQhyRNEhBvP2DyRKZb2U_U7kbpyr7qODgQ== expires Wed, 18 May 2033 03:33:20 GMT
GET H2	200	AmazonUIBaseCSS-sprite_1x-28bd59af93d9b1c745bb0aca4de58763b54df7cf._V2_.png m.media-amazon.com/images/G/01/AUIClients/	26 KB 26 KB	67ms 9ms	Image image/png	54.192.201.69 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL https://m.media-amazon.com/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-28bd59af93d9b1c745bb0aca4de58763b54df7cf._V2_.png Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.192.201.69 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS server-54-192-201-69.fra50.r.cloudfront.net Software Server / Resource Hash e1283c0339d0393ebf45c02a0b34618f572b82eb5dbda366385498ae01413d3d Request headers Referer https://images-na.ssl-images-amazon.com/images/I/61gbb09bfIL._RC%7C11Fd9tJOdtL.css,21ULbzscqzL.css,31Q3id-QR0L.css,31QszevPBSL.css_.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Sat, 09 Dec 2017 17:41:16 GMT via 1.1 147e057d2f96cf5a0082d96978e38a5b.cloudfront.net (CloudFront) age 8762608 x-cache Hit from cloudfront status 200 content-length 26119 last-modified Wed, 14 Jun 2017 09:29:41 GMT server Server content-type image/png; charset=utf-8 access-control-allow-origin * access-control-expose-headers content-length,x-cache cache-control max-age=630720000,public x-amz-ir-id ffe6ee04-aff9-4287-ad4b-ded0ab4e2556 timing-allow-origin https://www.amazon.com x-amz-cf-id 4Ska2CP--yFw7doU6lr2b5ypYhq6bKvtYi2tWRy4o2zkn-fcuhyKNA== expires Wed, 18 May 2033 03:33:20 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			luongynhiem.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: ml1f4hs6go91ft34q4foencfq6

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
images-na.ssl-images-amazon.com
luongynhiem.com
m.media-amazon.com
103.27.62.57
2a00:1450:4001:81f::200a
54.192.201.69
99.84.6.145
35536b9d023b7fd2cb157195c72302421c6857ccf24e19fd072955a93964c12d
61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
6d41af45fc77c0071d323d5b08163fc565dcdd7f94cd22fc0e11cf2e84a9a0ff
ac6c8a640f5b8fea68c8aeaaad4e145c8261be36ba09df844e4121fb69e90cc7
b06058dda50252e2ff430d60f9d799d44e0dbbad47006ea169aa9abd90146459
d7f0c84a144723f16e3e284bc646810e7007f552e7444e8138ce54f616f9975b
e1283c0339d0393ebf45c02a0b34618f572b82eb5dbda366385498ae01413d3d