Confirmed this to be an all in one attack. Targets Amazon then redirects to google through the same URL and forces the victim to enter their google login details. Had a pretty hard time finding the actual host of the server as they are using a proxy service in such a way that the website is non-existent via a whois lookup but I did manage to find the source IP and it looks like its hosted at bluehost.com. Again, Iām not sure if this is the actual host because these guys are using some weird techniques to hide the sites IP
Domain taken down.