Amazon logo

Amazon phishing & impersonation

E-commerceamazon.com
3
Impersonation sightings
3
Distinct hosts
2026-07-02
Last detected
4
Official domains

ScanMalware watches every scanned site for signs it is impersonating Amazon — the brand name in the page title or screenshot text, the brand's logo/favicon on a non-official host, and lookalike domains. A match on a host outside Amazon's official domains is recorded below.

Official domains
amazon.coma2z.comamazonaws.comaws.amazon.com
Also known as
aws

Detected impersonation sites

HostTitleDetected byVerdictDate
www.twine.netTwine: Expert freelancers to help your business growPage text{"verdict": "Low Risk", "confidence": 73, "risk level": "low", "risk factors": ["Brand Impersonation (Amazon)"], "overall score": 27, "recommendations": [], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Amazon branding on non-official domain (www.twine.net)"], "password fields": 0, "impersonated brand": "Amazon", "brand mismatch detected": true, "impersonated brand slug": "amazon", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 65, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": []}, "safe browsing": {"score": 100, "issues": [], "threats": [], "positive signals": ["No Google Safe Browsing threats detected"]}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 23, "total risk": 0, "valid count": 23, "invalid count": 0, "not found count": 0}, "network security": {"score": 65, "issues": [], "mixed content": false, "secure requests": 171, "security headers": {"detected": true}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 1, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}}, "threat categories": [], "security indicators": {"negative": ["⚠️ CRITICAL: Brand impersonation detected - Amazon branding on non-official domain (www.twine.net)"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "Good network security practices", "No Google Safe Browsing threats detected", "No visual similarity to known brand sites"], "warnings": []}}2026-07-02View scan →
www.freethink.comMeet the humanoids: 8 robots ready to revolutionize workPage text{"verdict": "Low Risk", "confidence": 66, "risk level": "low", "risk factors": ["Brand Impersonation (Amazon)", "References flagged external domain(s): foreignaffairs.com"], "overall score": 34, "recommendations": [], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Amazon branding on non-official domain (www.freethink.com)"], "password fields": 0, "impersonated brand": "Amazon", "brand mismatch detected": true, "impersonated brand slug": "amazon", "disguised password fields": 0, "brand impersonation detected": true}, "ioc matches": {"external": [{"indicator": "foreignaffairs.com", "threat type": "known attacker"}]}, "url analysis": {"score": 65, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": []}, "safe browsing": {"score": 100, "issues": [], "threats": [], "positive signals": ["No Google Safe Browsing threats detected"]}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 77, "total risk": 0, "valid count": 77, "invalid count": 0, "not found count": 0}, "network security": {"score": 65, "issues": [], "mixed content": false, "secure requests": 241, "security headers": {"detected": true}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 30, "issues": ["Excessive redirects (11)"], "total redirects": 11, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 2, "compromised wordpress detected": false}}, "threat categories": [], "security indicators": {"negative": ["Excessive redirects (11)", "⚠️ CRITICAL: Brand impersonation detected - Amazon branding on non-official domain (www.freethink.com)"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "Good network security practices", "No Google Safe Browsing threats detected", "No visual similarity to known brand sites"], "warnings": []}}2026-07-01View scan →
dft-prod.my.connect.awsAmazon Connect - Whoops!Page text{"verdict": "Low Risk", "confidence": 72, "risk level": "low", "risk factors": ["Brand Impersonation (Amazon)"], "overall score": 28, "recommendations": ["📋 Website lacks important security headers"], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Amazon branding on non-official domain (dft-prod.my.connect.aws)"], "password fields": 0, "impersonated brand": "Amazon", "brand mismatch detected": true, "impersonated brand slug": "amazon", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 65, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": []}, "safe browsing": {"score": 100, "issues": [], "threats": [], "positive signals": ["No Google Safe Browsing threats detected"]}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 2, "total risk": 0, "valid count": 2, "invalid count": 0, "not found count": 0}, "network security": {"score": 60, "issues": ["No security headers detected"], "mixed content": false, "secure requests": 1, "security headers": {"detected": false}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"favicon brand": {"brand": "connect.aws", "source": "umbrella", "on legit domain": true}, "matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 3, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}}, "threat categories": [], "security indicators": {"negative": ["No security headers detected", "⚠️ CRITICAL: Brand impersonation detected - Amazon branding on non-official domain (dft-prod.my.connect.aws)"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "No Google Safe Browsing threats detected", "No visual similarity to known brand sites"], "warnings": []}}2026-07-01View scan →