201.163.98.162
Open in
urlscan Pro
201.163.98.162
Malicious Activity!
Public Scan
Effective URL: http://201.163.98.162/crm/jssource/src_files/modules/Project/home/de102cc29dbc05509b7f97227/payment.php?ip=82.102.19.136
Submission: On September 10 via api from TW
Summary
This is the only time 201.163.98.162 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online) Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 5 | 201.163.98.162 201.163.98.162 | 11172 (Alestra) (Alestra) | |
6 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
10 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
nflxext.com
assets.nflxext.com |
83 KB |
10 | 1 |
Domain | Requested by | |
---|---|---|
6 | assets.nflxext.com |
201.163.98.162
|
10 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.1.nflxso.net DigiCert SHA2 Secure Server CA |
2020-08-18 - 2020-09-20 |
a month | crt.sh |
This page contains 1 frames:
Primary Page:
http://201.163.98.162/crm/jssource/src_files/modules/Project/home/de102cc29dbc05509b7f97227/payment.php?ip=82.102.19.136
Frame ID: 291BCB6EFBF0BB117DEC3689487B45AC
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Netflix - Payment InformationPage URL History Show full URLs
-
http://201.163.98.162/crm/jssource/src_files/modules/Project/home/de102cc29dbc05509b7f97227/r1.php
HTTP 302
http://201.163.98.162/crm/jssource/src_files/modules/Project/home/de102cc29dbc05509b7f97227/paymen... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://201.163.98.162/crm/jssource/src_files/modules/Project/home/de102cc29dbc05509b7f97227/r1.php
HTTP 302
http://201.163.98.162/crm/jssource/src_files/modules/Project/home/de102cc29dbc05509b7f97227/payment.php?ip=82.102.19.136 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
payment.php
201.163.98.162/crm/jssource/src_files/modules/Project/home/de102cc29dbc05509b7f97227/ Redirect Chain
|
15 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hok.js
201.163.98.162/crm/jssource/src_files/modules/Project/home/de102cc29dbc05509b7f97227/ |
20 KB 20 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b.css
201.163.98.162/crm/jssource/src_files/modules/Project/home/de102cc29dbc05509b7f97227/css/ |
47 KB 47 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c.css
201.163.98.162/crm/jssource/src_files/modules/Project/home/de102cc29dbc05509b7f97227/css/ |
45 KB 45 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
question_mark.png
assets.nflxext.com/us/layout/ecweb/common/ |
564 B 934 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
carrot_sprite_16x33.png
assets.nflxext.com/en_us/layout/ecweb/common/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
12_11_2014_icon_visa_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
859 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10_18_2014_icon_master_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
833 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10_18_2014_icon_amex_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
525 B 849 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-80.woff
assets.nflxext.com/ffe/siteui/fonts/ |
78 KB 78 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online) Netflix (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes object| Aes object| Base64 object| Utf8 string| hea2p string| hea2t string| output string| ctrTxt0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
201.163.98.162
2a00:86c0:2090::1
1f24e58ff9d53d36818697d994c3fc7e3c4fb7191d5769c3c74fde80b72637a1
2555364bdd6374d0c273c69322f2f78554c02fe630ee6582eeb2d2c9031d1a9d
4958e4d47607004834b13d3c29d91f8c15b2ab2c488a15d9745a039e970f0bf3
554ccb9090ab0c65e1fd8357f9e9f195a77770b149eba99ef34a86b6144797b9
698b6be2d6d9c0302d13ff00cd503fd93c5a8ea57060626fefa013375efeb2ae
7ed65da4bcdc5f0f68d20f2b489f2f1e4df6d5b1235ece01afd24624126be504
847c86ae982abe9180233276125b930b4a1b6f1bd12649b0c07535c1e984def8
973576ba6483c6c75d1d55339c1cac5d742abef700ede0903341ab222a2ee7c2
a47661d7ad003fe7df9ac30d1ce3b984dd9186b676f77b41e0d53f2f4ce4ac8b
cc5859d74f8cde62e1cdeeea341f85f9725d4f4398f58203aa1e5080faf1685a