helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com Open in urlscan Pro
114.143.205.13 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://micaerp.com/jp.php
Effective URL:
http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360
Submission: On January 15 via manual (January 15th 2020, 12:28:16 am UTC) from JP

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 114.143.205.13, located in Pune, India and belongs to HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN. The main domain is helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com.

This is the only time helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 13	114.143.205.13 114.143.205.13	17762 (HTIL-TTML...) (HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd)
1	2a04:4e42:1b:... 2a04:4e42:1b::272	54113 (FASTLY) (FASTLY - Fastly)
12	2

13 114.143.205.13 (Pune, India) 2 redirects

ASN17762 (HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN)

micaerp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:1b::272 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)

m.media-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	mhbvadhuvar.com 1 redirects helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com	9 MB
1	media-amazon.com m.media-amazon.com	5 KB
1	micaerp.com 1 redirects micaerp.com	290 B
12	3

	Domain	Requested by
12	helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com	1 redirects helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com
1	m.media-amazon.com	helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com
1	micaerp.com	1 redirects
12	3

This site contains no links.

Subject Issuer	Validity	Valid
images-na.ssl-images-amazon.com DigiCert Global CA G2	`2019-10-02` - `2020-10-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360
Frame ID: DC398AA666C64D2F364A61E1DABF6F98
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://micaerp.com/jp.php HTTP 301
http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/ HTTP 302
http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

12
Requests

8 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

9197 kB
Transfer

9195 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://micaerp.com/jp.php HTTP 301
http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/ HTTP 302
http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/ Redirect Chain http://micaerp.com/jp.php http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/ http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360	4 KB 4 KB	339ms 335ms	Document text/html	114.143.205.13 HTIL-TTML-IN-AP T...
General Check archive.org Show headers Download Go to Full URL http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 Protocol HTTP/1.1 Server 114.143.205.13 Pune, India, ASN17762 (HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN), Reverse DNS Software Apache / Resource Hash `dcdc3ae7adeaaf99082860d27b29c769f098f12881351252dbb618fe92e8cd48` Request headers Host helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Cookie PHPSESSID=15e9ea3236eb090510fb494d53aed3bf Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Wed, 15 Jan 2020 00:27:57 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Keep-Alive timeout=10, max=99 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Wed, 15 Jan 2020 00:27:56 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Set-Cookie PHPSESSID=15e9ea3236eb090510fb494d53aed3bf; path=/ location ?reason=auth&_-SESSION=621069360 Keep-Alive timeout=10, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	fonts.css helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/css/	244 B 486 B	168ms 167ms	Stylesheet text/css	114.143.205.13 HTIL-TTML-IN-AP T...
General Check archive.org Show headers Download Go to Full URL http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/css/fonts.css?r=16099664 Requested by Host: helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com URL: http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 Protocol HTTP/1.1 Server 114.143.205.13 Pune, India, ASN17762 (HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN), Reverse DNS Software Apache / Resource Hash `929b86b1bdddcbfdf7cb4ede49dfe0ff07dcd6d85bee0ee4c0fb3f4b859a05e7` Request headers Referer http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Wed, 15 Jan 2020 00:27:57 GMT Last-Modified Thu, 15 Aug 2019 13:15:56 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=100 Content-Length 244
GET H/1.1	200 OK	main.css helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/css/	7 KB 7 KB	334ms 303ms	Stylesheet text/css	114.143.205.13 HTIL-TTML-IN-AP T...
General Check archive.org Show headers Download Go to Full URL http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/css/main.css?r=535897589 Requested by Host: helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com URL: http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 Protocol HTTP/1.1 Server 114.143.205.13 Pune, India, ASN17762 (HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN), Reverse DNS Software Apache / Resource Hash `c1497cdcf6ebe7cff2572d62063c167ab7ab593650cfbeac9c55f7fa59c752af` Request headers Referer http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Wed, 15 Jan 2020 00:27:58 GMT Last-Modified Thu, 15 Aug 2019 13:16:10 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=100 Content-Length 7146
GET H/1.1	200 OK	login_responsive.css helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/css/	123 B 365 B	320ms 289ms	Stylesheet text/css	114.143.205.13 HTIL-TTML-IN-AP T...
General Check archive.org Show headers Download Go to Full URL http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/css/login_responsive.css?r=316192454 Requested by Host: helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com URL: http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 Protocol HTTP/1.1 Server 114.143.205.13 Pune, India, ASN17762 (HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN), Reverse DNS Software Apache / Resource Hash `03f212eec83727584a98ef1602160ea0bc9e0493fcb102848affef5e8a64b9cc` Request headers Referer http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Wed, 15 Jan 2020 00:27:58 GMT Last-Modified Thu, 15 Aug 2019 13:16:02 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=100 Content-Length 123
GET H/1.1	200 OK	cryptolib.js Show response helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/js/	1 KB 1 KB	349ms 319ms	Script application/javascript	114.143.205.13 HTIL-TTML-IN-AP T...
General Check archive.org Show headers Download Go to Full URL http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/js/cryptolib.js?r=1834297808 Requested by Host: helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com URL: http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 Protocol HTTP/1.1 Server 114.143.205.13 Pune, India, ASN17762 (HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN), Reverse DNS Software Apache / Resource Hash `266039dbbc5fb10559a70c69bed3b105dc63d7662664e36b405d56ad72658c46` Request headers Referer http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Wed, 15 Jan 2020 00:27:58 GMT Last-Modified Thu, 15 Aug 2019 13:15:16 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=100 Content-Length 1047
GET H/1.1	200 OK	main.js Show response helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/js/	3 KB 4 KB	334ms 304ms	Script application/javascript	114.143.205.13 HTIL-TTML-IN-AP T...
General Check archive.org Show headers Download Go to Full URL http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/js/main.js?r=570542813 Requested by Host: helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com URL: http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 Protocol HTTP/1.1 Server 114.143.205.13 Pune, India, ASN17762 (HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN), Reverse DNS Software Apache / Resource Hash `3c33fcffff5c98dec9ffab0870221f24fc1cc28e2b1e8e865fcba911a01bd7dc` Request headers Referer http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Wed, 15 Jan 2020 00:27:58 GMT Last-Modified Wed, 23 Oct 2019 15:25:04 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=100 Content-Length 3528
GET H/1.1	200 OK	logo.png helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/img/	2 KB 2 KB	171ms 171ms	Image image/png	114.143.205.13 HTIL-TTML-IN-AP T...
General Check archive.org Show headers Download Go to Show image Full URL http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/img/logo.png Requested by Host: helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com URL: http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 Protocol HTTP/1.1 Server 114.143.205.13 Pune, India, ASN17762 (HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN), Reverse DNS Software Apache / Resource Hash `2383da8f9a6d59d0371553e68f87c4c4ca7b3e9b57423b7c89a5fc4a40792817` Request headers Referer http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/css/main.css?r=535897589 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Wed, 15 Jan 2020 00:27:58 GMT Last-Modified Thu, 15 Aug 2019 03:49:28 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=99 Content-Length 2099
GET H/1.1	200 OK	uiSprite.png helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/img/	25 KB 25 KB	166ms 166ms	Image image/png	114.143.205.13 HTIL-TTML-IN-AP T...
General Check archive.org Show headers Download Go to Show image Full URL http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/img/uiSprite.png Requested by Host: helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com URL: http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 Protocol HTTP/1.1 Server 114.143.205.13 Pune, India, ASN17762 (HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN), Reverse DNS Software Apache / Resource Hash `3425e9036117199702c5eea1bec0a4cecc8b779edae5e4870e688d67d12ac71a` Request headers Referer http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/css/main.css?r=535897589 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Wed, 15 Jan 2020 00:27:58 GMT Last-Modified Tue, 06 Aug 2019 04:13:56 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=99 Content-Length 25262
GET H2	200	InternationalCustomerPreferencesNavMobileAssets-icp_sprite-6b737a23dc2fdf9eef2fe592c2f05017215df7e7._V2_.png m.media-amazon.com/images/G/01/AUIClients/	4 KB 5 KB	192ms 95ms	Image image/png	2a04:4e42:1b::272 Fastly
General Check archive.org Show headers Download Go to Show image Full URL https://m.media-amazon.com/images/G/01/AUIClients/InternationalCustomerPreferencesNavMobileAssets-icp_sprite-6b737a23dc2fdf9eef2fe592c2f05017215df7e7._V2_.png Requested by Host: helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com URL: http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:1b::272 , Ascension Island, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software / Resource Hash `b43e965b8091fd5f7a8da650c60ca16ae6deff284ea8db39c7ec7ef9dba20c48` Request headers Referer http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/css/main.css?r=535897589 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers date Wed, 15 Jan 2020 00:27:58 GMT last-modified Fri, 18 Nov 2016 18:41:19 GMT age 17722 x-served-by cache-iad2142-IAD, cache-hhn4057-HHN x-cache HIT from fastly, MISS from fastly content-type image/png status 200 cache-control max-age=630720000,public x-amz-ir-id d03ab5a6-4dbf-4024-b035-8c7f00c585f4 accept-ranges bytes timing-allow-origin https://www.amazon.com access-control-allow-origin * content-length 4488 expires Mon, 09 Jan 2040 19:32:36 GMT
GET H/1.1	200 OK	hiragino-kaku-gothic-pro-w3.otf helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/fonts/	9 MB 9 MB	172ms 172ms	Font font/otf	114.143.205.13 HTIL-TTML-IN-AP T...
General Check archive.org Show headers Download Go to Full URL http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/fonts/hiragino-kaku-gothic-pro-w3.otf Requested by Host: helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com URL: http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 Protocol HTTP/1.1 Server 114.143.205.13 Pune, India, ASN17762 (HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN), Reverse DNS Software Apache / Resource Hash `0a3595c8c5046c21f0210dcc58f25405a3421798cf75d7a422ad7c515bf3f0a7` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Referer http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/css/fonts.css?r=16099664 Origin http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com Response headers Date Wed, 15 Jan 2020 00:27:58 GMT Last-Modified Fri, 25 Nov 2016 05:41:48 GMT Server Apache Content-Type font/otf Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=10, max=99 Content-Length 9367476
GET H/1.1	200 OK	md5.ajax.php Show response helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/ajax/	17 B 216 B	3673ms 3672ms	XHR application/json	114.143.205.13 HTIL-TTML-IN-AP T...
General Check archive.org Show headers Download Go to Full URL http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/ajax/md5.ajax.php?f=../index.php Requested by Host: helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com URL: http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/js/cryptolib.js?r=1834297808 Protocol HTTP/1.1 Server 114.143.205.13 Pune, India, ASN17762 (HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN), Reverse DNS Software Apache / Resource Hash `9856d781b4c2f8e077b806072ae238717688d11b460d4402839e78e9144bb561` Request headers Referer http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Wed, 15 Jan 2020 00:28:00 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=10, max=98 Transfer-Encoding chunked Content-Type application/json
GET H/1.1	200 OK	md5.ajax.php Show response helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/ajax/	17 B 216 B	325ms 323ms	XHR application/json	114.143.205.13 HTIL-TTML-IN-AP T...
General Check archive.org Show headers Download Go to Full URL http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/ajax/md5.ajax.php?f=../inc/config.inc.php Requested by Host: helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com URL: http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/assets/js/cryptolib.js?r=1834297808 Protocol HTTP/1.1 Server 114.143.205.13 Pune, India, ASN17762 (HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd, IN), Reverse DNS Software Apache / Resource Hash `9856d781b4c2f8e077b806072ae238717688d11b460d4402839e78e9144bb561` Request headers Referer http://helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/?reason=auth&_-SESSION=621069360 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 Response headers Date Wed, 15 Jan 2020 00:28:03 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=10, max=97 Transfer-Encoding chunked Content-Type application/json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| CryptoLib

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 15e9ea3236eb090510fb494d53aed3bf

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com
m.media-amazon.com
micaerp.com
114.143.205.13
2a04:4e42:1b::272
03f212eec83727584a98ef1602160ea0bc9e0493fcb102848affef5e8a64b9cc
0a3595c8c5046c21f0210dcc58f25405a3421798cf75d7a422ad7c515bf3f0a7
2383da8f9a6d59d0371553e68f87c4c4ca7b3e9b57423b7c89a5fc4a40792817
266039dbbc5fb10559a70c69bed3b105dc63d7662664e36b405d56ad72658c46
3425e9036117199702c5eea1bec0a4cecc8b779edae5e4870e688d67d12ac71a
3c33fcffff5c98dec9ffab0870221f24fc1cc28e2b1e8e865fcba911a01bd7dc
929b86b1bdddcbfdf7cb4ede49dfe0ff07dcd6d85bee0ee4c0fb3f4b859a05e7
9856d781b4c2f8e077b806072ae238717688d11b460d4402839e78e9144bb561
b43e965b8091fd5f7a8da650c60ca16ae6deff284ea8db39c7ec7ef9dba20c48
c1497cdcf6ebe7cff2572d62063c167ab7ab593650cfbeac9c55f7fa59c752af
dcdc3ae7adeaaf99082860d27b29c769f098f12881351252dbb618fe92e8cd48

helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com Open in urlscan Pro 114.143.205.13 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

8 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

9197 kBTransfer

9195 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

helpdesk-amazon.co.jp-verifyaccount-online-itservice.mhbvadhuvar.com Open in urlscan Pro
114.143.205.13 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

8 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

9197 kB
Transfer

9195 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!