urlscan.io logo urlscan.io
SecurityTrails logo

amazon-eu.project-fountain.com Open in urlscan Pro
18.193.25.134  Public Scan

Go To Rescan Add Verdict Report
URL: https://amazon-eu.project-fountain.com/users/sign_in
Submission Tags: @phishunt_io
Submission: On January 26 via api from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 18.193.25.134, located in United States and belongs to AMAZON-02, US. The main domain is amazon-eu.project-fountain.com.
TLS certificate: Issued by R3 on January 26th 2021. Valid for: 3 months.
This is the only time amazon-eu.project-fountain.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 18.193.25.134 16509 (AMAZON-02)
1 2a04:4e42:200... 54113 (FASTLY)
7 3
Domain Requested by
6 amazon-eu.project-fountain.com amazon-eu.project-fountain.com
1 browser.sentry-cdn.com amazon-eu.project-fountain.com
7 2

This site contains links to these domains. Also see Links.

Domain
support.google.com
authy.com
Subject Issuer Validity Valid
app.amazon-eu.project-fountain.com
R3		 2021-01-26 -
2021-04-26		 3 months crt.sh
v2.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2021-01-26 -
2021-04-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://amazon-eu.project-fountain.com/users/sign_in
Frame ID: A62003DA8CA193B4476FDB08B85264DF
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i

Page Statistics

7
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

789 kB
Transfer

2881 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set sign_in
amazon-eu.project-fountain.com/users/ 		7 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://amazon-eu.project-fountain.com/users/sign_in
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.25.134 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-25-134.eu-central-1.compute.amazonaws.com
Software
nginx/1.19.3 /
Resource Hash
3bf1c8d15db48c62713848fe698d0af764504f58904aa8242a78fbc31833e5e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
amazon-eu.project-fountain.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx/1.19.3
Date
Tue, 26 Jan 2021 06:31:21 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
ETag
W/"c652f2a1893c43f63b1b4800634e0d87"
Cache-Control
max-age=0, private, must-revalidate
Set-Cookie
_session_id=44b31c91cbae4d76e18de0d909ae2d74; path=/; expires=Tue, 02 Feb 2021 06:31:21 -0000; secure; HttpOnly; SameSite=Lax
X-Request-Id
6df0072b-f139-446a-9920-757efc5324f4
X-Runtime
0.010115
Vary
Accept-Encoding
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-OBIQ-CONTROLLER-INFO
users/sessions#new
devise-92f6abbd572fb972f5430b22ab37c4a1b6eb0386e95642972788440ec528645d.css
amazon-eu.project-fountain.com/assets/ 		138 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://amazon-eu.project-fountain.com/assets/devise-92f6abbd572fb972f5430b22ab37c4a1b6eb0386e95642972788440ec528645d.css
Requested by
Host: amazon-eu.project-fountain.com
URL: https://amazon-eu.project-fountain.com/users/sign_in
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.25.134 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-25-134.eu-central-1.compute.amazonaws.com
Software
nginx/1.19.3 /
Resource Hash
92f6abbd572fb972f5430b22ab37c4a1b6eb0386e95642972788440ec528645d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://amazon-eu.project-fountain.com/users/sign_in
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 26 Jan 2021 06:31:21 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Jan 2021 20:28:05 GMT
Server
nginx/1.19.3
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
text/css
Cache-Control
public, max-age=86400
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains
bundle.min.js
browser.sentry-cdn.com/4.3.0/ 		91 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://browser.sentry-cdn.com/4.3.0/bundle.min.js
Requested by
Host: amazon-eu.project-fountain.com
URL: https://amazon-eu.project-fountain.com/users/sign_in
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:200::729 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
89a63aeffc533e0ade6d2f6e812f750adecfc5f81724fe04a0db3ac0fcb1523c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Origin
https://amazon-eu.project-fountain.com
Referer
https://amazon-eu.project-fountain.com/users/sign_in
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 26 Jan 2021 06:31:21 GMT
content-encoding
gzip
last-modified
Wed, 07 Nov 2018 14:47:54 GMT
server
Fastly
age
8297486
etag
"056752b31905bfba8c74d0362a98b2ba"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
strict-transport-security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-length
24053
expires
Fri, 22 Oct 2021 05:39:55 GMT
shared-vendors-application-78f57fef42729bc2b5d64ef561b686e560f4483e15c3c901344cd4899859d8a1.js
amazon-eu.project-fountain.com/assets/ 		355 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://amazon-eu.project-fountain.com/assets/shared-vendors-application-78f57fef42729bc2b5d64ef561b686e560f4483e15c3c901344cd4899859d8a1.js
Requested by
Host: amazon-eu.project-fountain.com
URL: https://amazon-eu.project-fountain.com/users/sign_in
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.25.134 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-25-134.eu-central-1.compute.amazonaws.com
Software
nginx/1.19.3 /
Resource Hash
78f57fef42729bc2b5d64ef561b686e560f4483e15c3c901344cd4899859d8a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://amazon-eu.project-fountain.com/users/sign_in
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 26 Jan 2021 06:31:21 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Jan 2021 20:28:05 GMT
Server
nginx/1.19.3
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript
Cache-Control
public, max-age=86400
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains
vendors-c3324b0e01c3fa58b66b.bundle.js
amazon-eu.project-fountain.com/front/v1/ 		2 MB
616 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://amazon-eu.project-fountain.com/front/v1/vendors-c3324b0e01c3fa58b66b.bundle.js
Requested by
Host: amazon-eu.project-fountain.com
URL: https://amazon-eu.project-fountain.com/users/sign_in
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.25.134 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-25-134.eu-central-1.compute.amazonaws.com
Software
nginx/1.19.3 /
Resource Hash
b32d91202559d670098082f69c7d471586664c486b2551aabef8ee5ad4f1b76e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://amazon-eu.project-fountain.com/users/sign_in
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 26 Jan 2021 06:31:21 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Jan 2021 20:36:20 GMT
Server
nginx/1.19.3
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript
Cache-Control
public, max-age=86400
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains
shared-abf6a32dff81bed77b37.bundle.js
amazon-eu.project-fountain.com/front/v1/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://amazon-eu.project-fountain.com/front/v1/shared-abf6a32dff81bed77b37.bundle.js
Requested by
Host: amazon-eu.project-fountain.com
URL: https://amazon-eu.project-fountain.com/users/sign_in
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.25.134 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-25-134.eu-central-1.compute.amazonaws.com
Software
nginx/1.19.3 /
Resource Hash
d8c8ec5cbc98dc4a6feddd02e8e2edf098535f2c24e974c9144d97b70b0edf3a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://amazon-eu.project-fountain.com/users/sign_in
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 26 Jan 2021 06:31:21 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Jan 2021 20:36:20 GMT
Server
nginx/1.19.3
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript
Cache-Control
public, max-age=86400
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains
devise-5e7b05b6d1f5d39829416f6195ae5d35fddc8d33b15de0a61183514f3a5894b2.js
amazon-eu.project-fountain.com/assets/ 		159 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://amazon-eu.project-fountain.com/assets/devise-5e7b05b6d1f5d39829416f6195ae5d35fddc8d33b15de0a61183514f3a5894b2.js
Requested by
Host: amazon-eu.project-fountain.com
URL: https://amazon-eu.project-fountain.com/users/sign_in
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.25.134 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-25-134.eu-central-1.compute.amazonaws.com
Software
nginx/1.19.3 /
Resource Hash
5e7b05b6d1f5d39829416f6195ae5d35fddc8d33b15de0a61183514f3a5894b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://amazon-eu.project-fountain.com/users/sign_in
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 26 Jan 2021 06:31:21 GMT
Content-Encoding
gzip
Last-Modified
Fri, 22 Jan 2021 20:28:05 GMT
Server
nginx/1.19.3
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript
Cache-Control
public, max-age=86400
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5dec32d42bd8464a46ce4b31fd55f1be692f193babc91665f25ff8fe8d0e7299

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| initSentry object| webpackJsonp object| Sentry function| AxDropdown function| $ function| jQuery function| Messenger object| Routes object| SENTRY_RELEASE object| __core-js_shared__ function| _ function| ga function| moment function| uuid function| Popper function| getGaTracker function| obiqAjax function| observeInputValue function| URI function| URITemplate function| Sifter object| MicroPlugin function| Selectize function| datepickerLocalize object| signedUpload object| flash_messages object| obiqDropdown

1 Cookies

Domain/Path Name / Value
amazon-eu.project-fountain.com/ Name: _session_id
Value: 44b31c91cbae4d76e18de0d909ae2d74

1 Console Messages

Source Level URL
Text
console-api log URL: https://amazon-eu.project-fountain.com/assets/shared-vendors-application-78f57fef42729bc2b5d64ef561b686e560f4483e15c3c901344cd4899859d8a1.js(Line 3)
Message:
JQMIGRATE: Migrate is installed, version 3.0.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block