Report - www.amaznsrviceaccnt.com/signin?verify=fms

Report Overview

Visited public
2024-08-25 17:47:25
Tags
amazon phishing
URL
www.amaznsrviceaccnt.com/signin?verify=fms_3c264098adaf0ba9a9d366855d9839e2
Finishing URL
www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
IP / ASN
162.240.145.123
#46606 UNIFIEDLAYER-AS-1
Title
Amazon Sign-In
Phishing - Amazon

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-08-24 18:12:09	654 B	1.8 kB	23.36.76.226
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-08-24 18:12:06	981 B	2.7 kB	23.33.119.57
www.amaznsrviceaccnt.com	unknown	unknown	No data	No data	4.5 kB	362 kB	162.240.145.123
m.media-amazon.com	580	2016-08-18	2018-06-22 13:41:03	2024-08-24 22:46:38	456 B	29 kB	151.101.193.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	From	Size	First Seen	Last Seen
	www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/js/jquery-3.3.1.min.js	ScriptElement	108 kB	2023-03-08	2025-05-03
Pretty URL www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/js/jquery-3.3.1.min.js IP 162.240.145.123 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 04:57 Last Seen2025-05-03 07:32 Times Seen379 Hash d532c905d593a7f16eff99f24f27621e ea0f0d16f78ec4bbaf7866213a2f012d2793e14c 97ecd42dea3bc998c5efd456bc13e2c45c700fba1c581961ca1481676bf08b42 Loading...

	www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/js/jquery.validate.min.js	ScriptElement	37 kB	2023-04-16	2025-05-06
Pretty URL www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/js/jquery.validate.min.js IP 162.240.145.123 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-16 23:53 Last Seen2025-05-06 14:30 Times Seen390 Hash a55bc1a7d4b73fa8520f96ff509a33de c58c57e658a1408210d35b40d8a0420e05aa17be 8adda41c71d59c83d9e7a18df25ffc17ab7c5fa9728b2656a66c48b5ae01060f Loading...

HTTP Transactions (14)

URL IP Response Size

r11.o.lencr.org/

23.36.76.226

504 B

URL
r11.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
cc687a19f2854a47020b22f4aa1806ef
9d4058393445f64f6dda190557bf37686e19e7a0
df2db18fa10eeb1d535253183d68a561c6b52b77b539df6a0a36aec736a9da9c

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "DF2DB18FA10EEB1D535253183D68A561C6B52B77B539DF6A0A36AEC736A9DA9C"
Last-Modified: Fri, 23 Aug 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8364
Expires: Sun, 25 Aug 2024 20:06:24 GMT
Date: Sun, 25 Aug 2024 17:47:00 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
34b72ef98ffb750d7e3020d58da271c5
a0b34c22554f5cadf812b8d1f818be5dc840f211
a0d352f8b8c2248c32607b1d77c3ff6ff7382a5df118182f69aae7d7145ee100

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A0D352F8B8C2248C32607B1D77C3FF6FF7382A5DF118182F69AAE7D7145EE100"
Last-Modified: Fri, 23 Aug 2024 14:35:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9699
Expires: Sun, 25 Aug 2024 20:28:39 GMT
Date: Sun, 25 Aug 2024 17:47:00 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
5a54df7ab1a35ec424b9be7e9c3c9a4b
e7cea7d874319740ce20d0b7c37e99b5e21461ff
38f07545bd30ef0b4adec907deb75c1cb2365d645a54b545486599117707e28b

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "38F07545BD30EF0B4ADEC907DEB75C1CB2365D645A54B545486599117707E28B"
Last-Modified: Fri, 23 Aug 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9779
Expires: Sun, 25 Aug 2024 20:29:59 GMT
Date: Sun, 25 Aug 2024 17:47:00 GMT
Connection: keep-alive

r10.o.lencr.org/

23.33.119.57

504 B

URL
r10.o.lencr.org/
IP
23.33.119.57:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
44d2fa336203fefa7fcc2e369e453d16
71a006973afdbe2deb2374768a328cf9307fd4d1
cb3bf00db937121aa64ed4b8047093cd89cb7376a3c66cf46ecb6974ca047d4c

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "CB3BF00DB937121AA64ED4B8047093CD89CB7376A3C66CF46ECB6974CA047D4C"
Last-Modified: Fri, 23 Aug 2024 14:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10637
Expires: Sun, 25 Aug 2024 20:44:17 GMT
Date: Sun, 25 Aug 2024 17:47:00 GMT
Connection: keep-alive

r11.o.lencr.org/

23.33.119.27

504 B

URL
r11.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
f3a7d4b907a16e7e82883be9ff3cc7a4
cb041fb7a99151a86d3449564d72737a53edefba
b9187d8fcc431cee0496985416a1d32f8b4f32f7f454230e012a80db9bd4de1e

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B9187D8FCC431CEE0496985416A1D32F8B4F32F7F454230E012A80DB9BD4DE1E"
Last-Modified: Fri, 23 Aug 2024 14:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12217
Expires: Sun, 25 Aug 2024 21:10:39 GMT
Date: Sun, 25 Aug 2024 17:47:02 GMT
Connection: keep-alive

www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b

162.240.145.123

200 OK

10 kB

URL User Request GET HTTP/2
www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
IP
162.240.145.123:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectamaznsrviceaccnt.com
Fingerprint81:05:D2:FA:02:56:A1:79:D1:5D:AE:D6:31:B8:71:C4:7A:F0:CD:18
ValidityFri, 23 Aug 2024 12:02:03 GMT - Thu, 21 Nov 2024 12:02:02 GMT

File type
gzip compressed data, from Unix
Size
10 kB (10314 bytes)
Hash
217672e40c0e56b125a128f9ad6d95f2
aec7ea0df61126043f3f13199f3538a1ac60d79c
2a47d2e3365a07affe8e680ce8ced3aa61344c91f1fab711e74dc6dd9cba8edc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Amazon

HTTP Headers

GET /signin?verify=fms_8abde124de157edb3e1836dba79dc07b HTTP/1.1
Host: www.amaznsrviceaccnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=547d2c2b5f9c65fe1ec930addbbebe19
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
date: Sun, 25 Aug 2024 17:47:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.amaznsrviceaccnt.com/signin?verify=fms_3c264098adaf0ba9a9d366855d9839e2

162.240.145.123

302 Found

5.7 kB

URL User Request GET HTTP/2
www.amaznsrviceaccnt.com/signin?verify=fms_3c264098adaf0ba9a9d366855d9839e2
IP
162.240.145.123:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectamaznsrviceaccnt.com
Fingerprint81:05:D2:FA:02:56:A1:79:D1:5D:AE:D6:31:B8:71:C4:7A:F0:CD:18
ValidityFri, 23 Aug 2024 12:02:03 GMT - Thu, 21 Nov 2024 12:02:02 GMT

File type
gzip compressed data, from Unix
Size
5.7 kB (5722 bytes)
Hash
48f684e74b84afba981cdbf1151d1a73
cd980e463813a5907388f8155fdca03e949a8288
05b6f9859025b4a26009ebe9648bc317fb508fc3d848a5782417062ca052bc41

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Amazon

HTTP Headers

GET /signin?verify=fms_3c264098adaf0ba9a9d366855d9839e2 HTTP/1.1
Host: www.amaznsrviceaccnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
set-cookie: PHPSESSID=547d2c2b5f9c65fe1ec930addbbebe19; path=/
location: https://www.amaznsrviceaccnt.com/?ahcrot
content-type: text/html; charset=UTF-8
date: Sun, 25 Aug 2024 17:47:00 GMT
server: Apache
X-Firefox-Spdy: h2

www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/css/sign-dekstop.css

162.240.145.123

200 OK

136 kB

URL GET HTTP/2
www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/css/sign-dekstop.css
IP
162.240.145.123:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
Certificate
IssuerLet's Encrypt
Subjectamaznsrviceaccnt.com
Fingerprint81:05:D2:FA:02:56:A1:79:D1:5D:AE:D6:31:B8:71:C4:7A:F0:CD:18
ValidityFri, 23 Aug 2024 12:02:03 GMT - Thu, 21 Nov 2024 12:02:02 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
136 kB (135724 bytes)
Hash
145d4167f1247d5618d6a7d3df28aa7a
1188188a940b68ee827c7babeffc279ec06f8f13
a3987cc9ff1e96ae068bdd13278434f2d3d32e781b1e131d8e0ed2a1a8eb481b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Amazon

HTTP Headers

GET /FAMOUS/Assets/fvck/css/sign-dekstop.css HTTP/1.1
Host: www.amaznsrviceaccnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
Cookie: PHPSESSID=547d2c2b5f9c65fe1ec930addbbebe19
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 14 Nov 2021 05:32:18 GMT
accept-ranges: bytes
content-length: 135724
content-type: text/css
date: Sun, 25 Aug 2024 17:47:01 GMT
server: Apache
X-Firefox-Spdy: h2

www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/css/style.sign-desktop.css

162.240.145.123

200 OK

36 kB

URL GET HTTP/2
www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/css/style.sign-desktop.css
IP
162.240.145.123:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
Certificate
IssuerLet's Encrypt
Subjectamaznsrviceaccnt.com
Fingerprint81:05:D2:FA:02:56:A1:79:D1:5D:AE:D6:31:B8:71:C4:7A:F0:CD:18
ValidityFri, 23 Aug 2024 12:02:03 GMT - Thu, 21 Nov 2024 12:02:02 GMT

File type
ASCII text, with very long lines (20048), with CRLF line terminators
Size
36 kB (36441 bytes)
Hash
ce03668bf4cba84e446d39b1e5430fa2
a1e1d2f4e14d20921a9b13ed4ea14ce0c407e64f
0c56d79edb4b4187f79ddcecd68fae587c56402c3ed737ed954b3eda3d250967

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Amazon

HTTP Headers

GET /FAMOUS/Assets/fvck/css/style.sign-desktop.css HTTP/1.1
Host: www.amaznsrviceaccnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
Cookie: PHPSESSID=547d2c2b5f9c65fe1ec930addbbebe19
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 14 Nov 2021 05:32:18 GMT
accept-ranges: bytes
content-length: 36441
content-type: text/css
date: Sun, 25 Aug 2024 17:47:02 GMT
server: Apache
X-Firefox-Spdy: h2

www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/js/jquery.validate.min.js

162.240.145.123

200 OK

37 kB

URL GET HTTP/2
www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/js/jquery.validate.min.js
IP
162.240.145.123:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
Certificate
IssuerLet's Encrypt
Subjectamaznsrviceaccnt.com
Fingerprint81:05:D2:FA:02:56:A1:79:D1:5D:AE:D6:31:B8:71:C4:7A:F0:CD:18
ValidityFri, 23 Aug 2024 12:02:03 GMT - Thu, 21 Nov 2024 12:02:02 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (829), with CRLF line terminators
Size
37 kB (36756 bytes)
Hash
1cdeeb8eaca2a1357de0a82bd5e5526f
f0474ee246d33979152b20bfbea49045581792f3
1327e703fcf1311de11818f1fedcef1ec0ba4f60734962c6955fdffc408d5287

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Amazon

HTTP Headers

GET /FAMOUS/Assets/fvck/js/jquery.validate.min.js HTTP/1.1
Host: www.amaznsrviceaccnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
Cookie: PHPSESSID=547d2c2b5f9c65fe1ec930addbbebe19
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 14 Nov 2021 05:32:18 GMT
accept-ranges: bytes
content-length: 36756
content-type: text/javascript
date: Sun, 25 Aug 2024 17:47:02 GMT
server: Apache
X-Firefox-Spdy: h2

www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/js/jquery-3.3.1.min.js

162.240.145.123

200 OK

108 kB

URL GET HTTP/2
www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/js/jquery-3.3.1.min.js
IP
162.240.145.123:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
Certificate
IssuerLet's Encrypt
Subjectamaznsrviceaccnt.com
Fingerprint81:05:D2:FA:02:56:A1:79:D1:5D:AE:D6:31:B8:71:C4:7A:F0:CD:18
ValidityFri, 23 Aug 2024 12:02:03 GMT - Thu, 21 Nov 2024 12:02:02 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
108 kB (107631 bytes)
Hash
d532c905d593a7f16eff99f24f27621e
ea0f0d16f78ec4bbaf7866213a2f012d2793e14c
97ecd42dea3bc998c5efd456bc13e2c45c700fba1c581961ca1481676bf08b42

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Amazon

HTTP Headers

GET /FAMOUS/Assets/fvck/js/jquery-3.3.1.min.js HTTP/1.1
Host: www.amaznsrviceaccnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
Cookie: PHPSESSID=547d2c2b5f9c65fe1ec930addbbebe19
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 14 Nov 2021 05:32:18 GMT
accept-ranges: bytes
content-length: 107631
content-type: text/javascript
date: Sun, 25 Aug 2024 17:47:02 GMT
server: Apache
X-Firefox-Spdy: h2

m.media-amazon.com/images/S/sash/mPGmT0r6IeTyIee.png

151.101.193.16

200 OK

28 kB

URL GET HTTP/2
m.media-amazon.com/images/S/sash/mPGmT0r6IeTyIee.png
IP
151.101.193.16:443
ASN
#54113 FASTLY

Requested by
https://www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
Certificate
IssuerDigiCert Inc
Subjectimages-na.ssl-images-amazon.com
FingerprintB6:F4:62:54:F1:7F:55:22:93:2C:25:70:B0:AA:0F:F9:73:11:2D:88
ValidityMon, 18 Mar 2024 00:00:00 GMT - Sun, 09 Mar 2025 23:59:59 GMT

File type
PNG image data, 400 x 750, 8-bit colormap, non-interlaced
Size
28 kB (27972 bytes)
Hash
1b5a1fb097715b1604b21aba92ef6a3e
c4a765aedd886dc04d89e7e93b6a02c59ecb7013
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5

HTTP Headers

GET /images/S/sash/mPGmT0r6IeTyIee.png HTTP/1.1
Host: m.media-amazon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amaznsrviceaccnt.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
x-amz-ir-id: 135f8856-57e3-4552-972d-bcf2a44d8e12
expires: Mon, 09 Mar 2043 17:10:08 GMT
cache-control: max-age=630720000,public
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
access-control-allow-origin: *
last-modified: Tue, 17 Nov 2020 23:31:33 GMT
x-nginx-cache-status: HIT
accept-ranges: bytes
date: Sun, 25 Aug 2024 17:47:03 GMT
age: 4607304
x-served-by: cache-iad-kjyo7100113-IAD, cache-hel1410026-HEL
x-cache: HIT from fastly, HIT from fastly
server-timing: provider;desc="fy"
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 27972
X-Firefox-Spdy: h2

www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/images/favicon.ico

162.240.145.123

200 OK

18 kB

URL GET HTTP/2
www.amaznsrviceaccnt.com/FAMOUS/Assets/fvck/images/favicon.ico
IP
162.240.145.123:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
Certificate
IssuerLet's Encrypt
Subjectamaznsrviceaccnt.com
Fingerprint81:05:D2:FA:02:56:A1:79:D1:5D:AE:D6:31:B8:71:C4:7A:F0:CD:18
ValidityFri, 23 Aug 2024 12:02:03 GMT - Thu, 21 Nov 2024 12:02:02 GMT

File type
MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size
18 kB (17542 bytes)
Hash
ca6619b86c2f6e6068b69ba3aaddb7e4
c44a1bb9d14385334eb851fbb0afb19d961c1ee7
17d02e2db6dbedb95dd449d06868c147ac2c3b5371497bcb9407e75336a99e09

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Amazon

HTTP Headers

GET /FAMOUS/Assets/fvck/images/favicon.ico HTTP/1.1
Host: www.amaznsrviceaccnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
Cookie: PHPSESSID=547d2c2b5f9c65fe1ec930addbbebe19
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 14 Nov 2021 05:32:18 GMT
accept-ranges: bytes
content-length: 17542
content-type: image/x-icon
date: Sun, 25 Aug 2024 17:47:02 GMT
server: Apache
X-Firefox-Spdy: h2

www.amaznsrviceaccnt.com/?ahcrot

162.240.145.123

302 Found

9.4 kB

URL User Request GET HTTP/2
www.amaznsrviceaccnt.com/?ahcrot
IP
162.240.145.123:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectamaznsrviceaccnt.com
Fingerprint81:05:D2:FA:02:56:A1:79:D1:5D:AE:D6:31:B8:71:C4:7A:F0:CD:18
ValidityFri, 23 Aug 2024 12:02:03 GMT - Thu, 21 Nov 2024 12:02:02 GMT

File type

Size
9.4 kB (9389 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Amazon

HTTP Headers

GET /?ahcrot HTTP/1.1
Host: www.amaznsrviceaccnt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=547d2c2b5f9c65fe1ec930addbbebe19
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding
location: https://www.amaznsrviceaccnt.com/signin?verify=fms_8abde124de157edb3e1836dba79dc07b
content-type: text/html; charset=UTF-8
date: Sun, 25 Aug 2024 17:47:00 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (14)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections