www.netflix-offer.sys4828d.xyz

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 162.0.239.210, located in Canada and belongs to NAMECHEAP-NET, US. The main domain is www.netflix-offer.sys4828d.xyz.
TLS certificate: Issued by Let's Encrypt Authority X3 on October 5th 2020. Valid for: 3 months.

This is the only time www.netflix-offer.sys4828d.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	162.0.239.210 162.0.239.210	22612 (NAMECHEAP...) (NAMECHEAP-NET)
5	2a00:86c0:209... 2a00:86c0:2090::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
7	2

2 162.0.239.210 (Canada)

ASN22612 (NAMECHEAP-NET, US)
PTR: orionis-radiotherapists.vpsrdns.web-hosting.com

www.netflix-offer.sys4828d.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:86c0:2090::1 (United Kingdom)

ASN40027 (NETFLIX-ASN, US)

codex.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	nflxext.com codex.nflxext.com assets.nflxext.com	476 KB
2	sys4828d.xyz www.netflix-offer.sys4828d.xyz	57 KB
7	2

	Domain	Requested by
3	codex.nflxext.com	www.netflix-offer.sys4828d.xyz
2	assets.nflxext.com	www.netflix-offer.sys4828d.xyz codex.nflxext.com
2	www.netflix-offer.sys4828d.xyz	www.netflix-offer.sys4828d.xyz
7	3

This site contains no links.

Subject Issuer	Validity	Valid
netflix-offer.sys4828d.xyz Let's Encrypt Authority X3	`2020-10-05` - `2021-01-03`	3 months	crt.sh
*.1.nflxso.net DigiCert SHA2 Secure Server CA	`2020-09-20` - `2020-10-24`	a month	crt.sh

This page contains 1 frames:

Primary Page: https://www.netflix-offer.sys4828d.xyz/
Frame ID: F8EDD991B614DED12B6763DA93AD518E
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /php\/?([\d.]+)?/i

CentOS (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /CentOS/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

534 kB
Transfer

1246 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.netflix-offer.sys4828d.xyz/ 57 KB
57 KB 716ms
177ms Document
text/html 162.0.239.210
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.netflix-offer.sys4828d.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.0.239.210 , Canada, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: orionis-radiotherapists.vpsrdns.web-hosting.com
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 / PHP/5.4.16
Resource Hash: 93ee95475bb86d19c28b701073829e94a003cdfc4e5edadd0205cea5fd001a85

Request headers

Host: www.netflix-offer.sys4828d.xyz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 05 Oct 2020 12:23:27 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK none Show response
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-v83299c38/js/js/bootstrap.js,common%7Cbootstrap.js/2/4M024l4k484m4A444u4L050n004N4p4w4n4G4a4v4i4y08014I12/bck/true/ 9 KB
4 KB 131ms
110ms Script
application/javascript 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-v83299c38/js/js/bootstrap.js,common%7Cbootstrap.js/2/4M024l4k484m4A444u4L050n004N4p4w4n4G4a4v4i4y08014I12/bck/true/none

Requested by

Host: www.netflix-offer.sys4828d.xyz
URL: https://www.netflix-offer.sys4828d.xyz/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2090::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4d9e1a0c7877bda20a2f86d6a0ff6916ec3738dfd4c28805d2936bb9ba07bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netflix-offer.sys4828d.xyz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 05 Oct 2020 12:23:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=16070400
req_id: 1826229b-fc24-4ae5-af94-1a9c6a0c1ba1
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Content-Length: 3628
Expires: Fri, 09 Apr 2021 12:23:28 GMT

GET
H/1.1 200
OK none Show response
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-v83299c38/js/js/components%7Clogin%7CloginControllerClient.js/2/4M024l4k484m4A444u4L050n004N4p4w4n4G4a4v4i4y08014I12/l/true/ 826 KB
253 KB 147ms
126ms Script
application/javascript 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-v83299c38/js/js/components%7Clogin%7CloginControllerClient.js/2/4M024l4k484m4A444u4L050n004N4p4w4n4G4a4v4i4y08014I12/l/true/none

Requested by

Host: www.netflix-offer.sys4828d.xyz
URL: https://www.netflix-offer.sys4828d.xyz/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2090::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

be4042ee59afb851b90aee2ee2abd5451f0641964344cf8306f700d55b763bef

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netflix-offer.sys4828d.xyz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 05 Oct 2020 12:23:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=16070400
req_id: dc663392-0e8d-4740-9512-7350a1f891f7
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Expires: Fri, 09 Apr 2021 12:23:28 GMT

GET
H/1.1 404
Not Found WebsiteDetect
www.netflix-offer.sys4828d.xyz/personalization/cl2/freeform/ 0
0 338ms
176ms Stylesheet
text/html 162.0.239.210
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.netflix-offer.sys4828d.xyz/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=login
Requested by: Host: www.netflix-offer.sys4828d.xyz
URL: https://www.netflix-offer.sys4828d.xyz/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.0.239.210 , Canada, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: orionis-radiotherapists.vpsrdns.web-hosting.com
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 /
Resource Hash

Request headers

Referer: https://www.netflix-offer.sys4828d.xyz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 05 Oct 2020 12:23:28 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-v83299c38/css/css/less%7Clogin%7CloginBase.less,less%7Cpages%7Clogin%7CLogin.less/1/4zJBR6AlmscIPQ/none/true/ 161 KB
25 KB 181ms
160ms Stylesheet
text/css 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-v83299c38/css/css/less%7Clogin%7CloginBase.less,less%7Cpages%7Clogin%7CLogin.less/1/4zJBR6AlmscIPQ/none/true/none

Requested by

Host: www.netflix-offer.sys4828d.xyz
URL: https://www.netflix-offer.sys4828d.xyz/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2090::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

7e9fb4a1eb5c1629ff82e1648517cd5b02afc5509267317517ec8483ecf51989

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netflix-offer.sys4828d.xyz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 05 Oct 2020 12:23:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=16070400
req_id: 05d3c251-9fa6-4eca-92bf-58d1e0db28aa
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Expires: Fri, 09 Apr 2021 12:23:28 GMT

GET
H/1.1 200
OK US-en-20200106-popsignuptwoweeks-perspective_alpha_website_small.jpg
assets.nflxext.com/ffe/siteui/vlv3/d1f1a1dc-c017-4189-8fc2-193a3f3699b8/6cb68914-5a96-4fcf-b023-788b04a5f9c4/ 121 KB
122 KB 121ms
100ms Image
image/jpeg 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/vlv3/d1f1a1dc-c017-4189-8fc2-193a3f3699b8/6cb68914-5a96-4fcf-b023-788b04a5f9c4/US-en-20200106-popsignuptwoweeks-perspective_alpha_website_small.jpg
Requested by: Host: www.netflix-offer.sys4828d.xyz
URL: https://www.netflix-offer.sys4828d.xyz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 1456e309f9117d9b25a5494994e88e65d28fc9d1a7f33d4c40a054b11d10e3c6

Request headers

Referer: https://www.netflix-offer.sys4828d.xyz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 05 Oct 2020 12:23:28 GMT
Last-Modified: Wed, 08 Jan 2020 18:45:01 GMT
Server: nginx
Content-MD5: JhQZsfOLxmt9/iLiVroKXQ==
Content-Type: image/jpeg
Cache-Control: public, max-age=10078
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 124346
Expires: Mon, 05 Oct 2020 15:11:26 GMT

GET
H/1.1 200
OK nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ 72 KB
72 KB 19ms
5ms Font
application/octet-stream 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
Requested by: Host: codex.nflxext.com
URL: https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-v83299c38/css/css/less%7Clogin%7CloginBase.less,less%7Cpages%7Clogin%7CLogin.less/1/4zJBR6AlmscIPQ/none/true/none
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Request headers

Origin: https://www.netflix-offer.sys4828d.xyz
Referer: https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-v83299c38/css/css/less%7Clogin%7CloginBase.less,less%7Cpages%7Clogin%7CLogin.less/1/4zJBR6AlmscIPQ/none/true/none
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 05 Oct 2020 12:23:28 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jan 2018 01:50:51 GMT
Server: nginx
Content-MD5: fPYVbMSBJEtaJUNi17c/AA==
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1635
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 73566
Expires: Mon, 20 Jul 2020 10:38:29 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nflxext.com
codex.nflxext.com
www.netflix-offer.sys4828d.xyz
162.0.239.210
2a00:86c0:2090::1
1456e309f9117d9b25a5494994e88e65d28fc9d1a7f33d4c40a054b11d10e3c6
7e9fb4a1eb5c1629ff82e1648517cd5b02afc5509267317517ec8483ecf51989
93ee95475bb86d19c28b701073829e94a003cdfc4e5edadd0205cea5fd001a85
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
be4042ee59afb851b90aee2ee2abd5451f0641964344cf8306f700d55b763bef
cf4d9e1a0c7877bda20a2f86d6a0ff6916ec3738dfd4c28805d2936bb9ba07bd

www.netflix-offer.sys4828d.xyz Open in urlscan Pro 162.0.239.210 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

50 %IPv6

2 Domains

3 Subdomains

2 IPs

2 Countries

534 kBTransfer

1246 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

www.netflix-offer.sys4828d.xyz Open in urlscan Pro
162.0.239.210 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

534 kB
Transfer

1246 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!