{"report_id":"f8b92d43-9a94-45df-a9a0-f2a6abbf1c48","version":6,"status":"done","tags":["amazon","phishing"],"date":"2026-05-28T12:28:03Z","url":{"schema":"http","addr":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com/desktop","fqdn":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","domain":"blackangelfest.com","tld":"com"},"ip":{"addr":"57.159.27.163","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"India","country_code":"IN"},"final":{"url":{"schema":"https","addr":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com/desktop/","fqdn":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","domain":"blackangelfest.com","tld":"com"},"title":"Amazon Sign-In","dom":{"size":371657,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (65070)","md5":"bcdc3d59a825416f9a5c7ac9bf619c7a","sha1":"fab512ff077e0ba258a84b0bce8fb04cb688b319","sha256":"0c800fa7d702e6a5a82f024b77ac4e5a20fb0442bdcd95ae48e9f2fcbd008ccb","sha512":"cb39646cd55b5ec0ea49c934348178c2b303ee6469673758827ceea6f8baa506f8fe456919bf4100461d55dbc832e3f1bcc0baba291c2e407fad9a4009b88d29","ssdeep":"6144:ompyyyYBBw58Al7BoOLVdS8sd1+3LsHYeX+rQxL0g7vhpTBjvhpTGvhpTA:obyNAl7+O5dwdE3LsHYy5Xp9dpcpc","tlshash":"c784023564b1053d1313c26ce6de3dc4af04c683c966c9daf278b3a5bf98574aa28bc4","dom_hash":"domhash5533e050faeeac1ddbfcdd6c3267afb0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com/desktop","fqdn":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","domain":"blackangelfest.com","tld":"com"},"ip":{"addr":"57.159.27.163","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"India","country_code":"IN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-02T12:28:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-28","alert":"Phishing Block","trigger":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]},"summary":[{"fqdn":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","ip":{"addr":"57.159.27.163","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"India","country_code":"IN"},"domain_registered":"2021-11-17","domain_rank":0,"first_seen":"2026-05-28T05:05:55.216761Z","last_seen":"2026-05-28T05:05:55.216761Z","alert_count":8,"request_count":2,"received_data":743869,"sent_data":1103,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com/desktop/","fqdn":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","domain":"blackangelfest.com","tld":"com"},"ip":{"addr":"57.159.27.163","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"India","country_code":"IN"},"introduction_type":"scriptElement","is_inline":true,"md5":"96d9e4459868828666cac237a7ac4970","sha1":"9700fb6d1dfc196b8cc2414a86018c275395da07","sha256":"7f59a21cee916c3d94a296f6b193bd4d43a82034f390637951608290354fa93f","sha512":"e928281257e39487bee2c109b7d76c15b0cdaee363366d2cba3938122de313680c321400de19b45482248f2d01d42f6e95dbaf3d837c51bea4dd4704ebebbc25","ssdeep":"","tlshash":"5a310fdaa67309718bdb95692acb0248357004276c50d658393c40c80ff6e8679eafdb","size":1555,"data":"","first_seen":"2026-02-14T04:01:50.127Z","last_seen":"2026-05-28T12:28:05.035282Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com/desktop","fqdn":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","domain":"blackangelfest.com","tld":"com"},"ip":{"addr":"57.159.27.163","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"India","country_code":"IN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-28T12:27:41.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 16:41:18 GMT","end":"Sun, 23 Aug 2026 16:41:17 GMT"},"fingerprint":{"sha1":"A8:9D:2B:9B:E9:00:0B:AD:70:78:F3:0D:3B:90:7D:CB:89:42:32:1F","sha256":"2D:10:9C:0B:CA:6A:0D:96:DE:1A:65:03:4A:D1:C1:AB:63:08:5A:98:D2:98:78:86:20:FC:79:83:D8:5C:7F:9B"}}},"request":{"raw":"GET /desktop HTTP/1.1\r\nHost: ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Thu, 28 May 2026 12:27:41 GMT\r\nServer: Apache\r\nLocation: https://ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com/desktop/\r\nCache-Control: max-age=604800\r\nExpires: Thu, 04 Jun 2026 12:27:41 GMT\r\nContent-Length: 340\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":371430,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T21:09:45.625607Z","times_seen":16191656,"resource_available":true,"data":null}},"time_used":753,"timings":{"blocked":307,"dns":23,"connect":139,"send":0,"wait":138,"receive":0,"ssl":143},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-28","alert":"Phishing Block","trigger":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com/desktop/","fqdn":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","domain":"blackangelfest.com","tld":"com"},"ip":{"addr":"57.159.27.163","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"India","country_code":"IN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-28T12:27:41.588Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 16:41:18 GMT","end":"Sun, 23 Aug 2026 16:41:17 GMT"},"fingerprint":{"sha1":"A8:9D:2B:9B:E9:00:0B:AD:70:78:F3:0D:3B:90:7D:CB:89:42:32:1F","sha256":"2D:10:9C:0B:CA:6A:0D:96:DE:1A:65:03:4A:D1:C1:AB:63:08:5A:98:D2:98:78:86:20:FC:79:83:D8:5C:7F:9B"}}},"request":{"raw":"GET /desktop/ HTTP/1.1\r\nHost: ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Thu, 28 May 2026 12:27:41 GMT\r\nServer: Apache\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: PHPSESSID=15d18c2a4b49cef26d5ed6f9c12df1a7; path=/\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\nX-Frame-Options: SAMEORIGIN\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\nReferrer-Policy: strict-origin-when-cross-origin\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":371430,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (65066)","md5":"c8ebafff9067171e3f91b4942a443035","sha1":"eeb7837189eda7dd0a553445c22a58c1f6fef7b1","sha256":"c905b4857891efd7840b75ff15b73b3b76a3cd41a57693f692a927d81c0ade79","sha512":"d1d5e6b0eb2483b86e009b82863d52b9aeada344c6135d12d88d33036554035e73c6d1c86f380ea97d2f9fd7538f5dbb55982bce145ef2ea37dce54f6d30838d","ssdeep":"6144:mmpyyyYBBw58Al7BoOLVdS8sd1+3LsHYeX+rQxL0g7vhpTBjvhpTGvhpTR:mbyNAl7+O5dwdE3LsHYy5Xp9dpcpl","tlshash":"fa84023564b1053d1313826ce6de3dc4ef04c683c966c99af278b3a5bf98574aa38bc5","first_seen":"2026-02-14T04:01:50.12318Z","last_seen":"2026-05-28T12:28:05.034258Z","times_seen":10,"resource_available":true,"data":null}},"time_used":699,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":141,"receive":558,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-05-28","alert":"Phishing Block","trigger":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-28","alert":"Sinkholed","trigger":"ammazzon.view-invoice.myaccount-setting.invoice.ammazzon.blackangelfest.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}}]}