netflix.facture-mensuelle.com Open in urlscan Pro
163.172.106.253 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/
Submission: On March 28 via automatic, source phishtank (March 28th 2021, 3:09:43 am UTC)

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 163.172.106.253, located in France and belongs to Online SAS, FR. The main domain is netflix.facture-mensuelle.com.

This is the only time netflix.facture-mensuelle.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address		AS Autonomous System
11	163.172.106.253 163.172.106.253		12876 (Online SAS) (Online SAS)
11	1

11 163.172.106.253 (France)

ASN12876 (Online SAS, FR)
PTR: 163-172-106-253.rev.poneytelecom.eu

netflix.facture-mensuelle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	facture-mensuelle.com netflix.facture-mensuelle.com	227 KB
11	1

	Domain	Requested by
11	netflix.facture-mensuelle.com	netflix.facture-mensuelle.com
11	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/
Frame ID: D20D744454AC2B37B49B846372E28381
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

227 kB
Transfer

224 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/	755 B 997 B	94ms 70ms	Document text/html	163.172.106.253 Online SAS
General Check archive.org Show headers Download Go to Full URL http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ Protocol HTTP/1.1 Server 163.172.106.253 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-106-253.rev.poneytelecom.eu Software Apache / Resource Hash `baf5b296d25dbba01404d76723f66239f97101c1455206aa9f6848eaff264a17` Request headers Host netflix.facture-mensuelle.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 28 Mar 2021 03:09:27 GMT Server Apache Last-Modified Sat, 27 Mar 2021 15:01:10 GMT Accept-Ranges bytes Content-Length 755 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	app.c69a9599.css netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/css/	32 KB 32 KB	47ms 45ms	Stylesheet text/css	163.172.106.253 Online SAS
General Check archive.org Show headers Download Go to Full URL http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/css/app.c69a9599.css Requested by Host: netflix.facture-mensuelle.com URL: http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ Protocol HTTP/1.1 Server 163.172.106.253 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-106-253.rev.poneytelecom.eu Software Apache / Resource Hash `27bb5eee1df5ff6514f1436919dd0a9ae035f49338b5b1db2c499c64d5cbc850` Request headers Referer http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 28 Mar 2021 03:09:27 GMT Last-Modified Sat, 27 Mar 2021 15:01:10 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 32509
GET H/1.1	200 OK	app.393e801f.js Show response netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/js/	86 KB 86 KB	110ms 88ms	Script application/javascript	163.172.106.253 Online SAS
General Check archive.org Show headers Download Go to Full URL http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/js/app.393e801f.js Requested by Host: netflix.facture-mensuelle.com URL: http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ Protocol HTTP/1.1 Server 163.172.106.253 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-106-253.rev.poneytelecom.eu Software Apache / Resource Hash `282905797710e63d960f13bb9fca5734b231166ceecdf3fbaccedf866b23db37` Request headers Referer http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 28 Mar 2021 03:09:27 GMT Last-Modified Sat, 27 Mar 2021 15:01:10 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 87831
GET H/1.1	200 OK	chunk-vendors.cc7b8d9d.js Show response netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/js/	98 KB 99 KB	110ms 88ms	Script application/javascript	163.172.106.253 Online SAS
General Check archive.org Show headers Download Go to Full URL http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/js/chunk-vendors.cc7b8d9d.js Requested by Host: netflix.facture-mensuelle.com URL: http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ Protocol HTTP/1.1 Server 163.172.106.253 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-106-253.rev.poneytelecom.eu Software Apache / Resource Hash `50e68a9cb40529ea88157c5d996f793c073fa22e6756c2e6b4b3365cbb0f8245` Request headers Referer http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 28 Mar 2021 03:09:27 GMT Last-Modified Sat, 27 Mar 2021 15:01:10 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 100774
GET H/1.1	200 OK	8dfe97e3b76724e3276befa06361e63f.php Show response netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/	47 B 435 B	147ms 147ms	XHR text/html	163.172.106.253 Online SAS
General Check archive.org Show headers Download Go to Full URL http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/8dfe97e3b76724e3276befa06361e63f.php?path=create Requested by Host: netflix.facture-mensuelle.com URL: http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/js/chunk-vendors.cc7b8d9d.js Protocol HTTP/1.1 Server 163.172.106.253 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-106-253.rev.poneytelecom.eu Software Apache / Resource Hash `1c14c21a6012b6295ce8bd53af18d638eb7028ef8f69fba3bf4ec4416083c0d4` Request headers Accept application/json, text/plain, / Referer http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 28 Mar 2021 03:09:27 GMT Server Apache Transfer-Encoding chunked Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Connection Keep-Alive Access-Control-Allow-Headers X-Requested-With, Origin, Content-Type, X-Auth-Token , Authorization Keep-Alive timeout=5, max=99
GET H/1.1	200 OK	icon-1.svg netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/	1 KB 1 KB	66ms 64ms	Image image/svg+xml	163.172.106.253 Online SAS
General Check archive.org Show headers Download Go to Show image Full URL http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/icon-1.svg Requested by Host: netflix.facture-mensuelle.com URL: http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ Protocol HTTP/1.1 Server 163.172.106.253 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-106-253.rev.poneytelecom.eu Software Apache / Resource Hash `5069c31661d5f292883bf46fcf480947d2ed3aac5a777afadc3833c5e9861f24` Request headers Referer http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 28 Mar 2021 03:09:27 GMT Last-Modified Sat, 27 Mar 2021 15:01:10 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1171
GET H/1.1	200 OK	icon-2.svg netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/	3 KB 3 KB	65ms 63ms	Image image/svg+xml	163.172.106.253 Online SAS
General Check archive.org Show headers Download Go to Show image Full URL http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/icon-2.svg Requested by Host: netflix.facture-mensuelle.com URL: http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ Protocol HTTP/1.1 Server 163.172.106.253 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-106-253.rev.poneytelecom.eu Software Apache / Resource Hash `9a4620a32974adc5764f26a8070cd432aa32ba8be3167320fd32bcd9cdcaed08` Request headers Referer http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 28 Mar 2021 03:09:27 GMT Last-Modified Sat, 27 Mar 2021 15:01:10 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 3158
GET H/1.1	200 OK	icon-3.svg netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/	3 KB 3 KB	100ms 62ms	Image image/svg+xml	163.172.106.253 Online SAS
General Check archive.org Show headers Download Go to Show image Full URL http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/icon-3.svg Requested by Host: netflix.facture-mensuelle.com URL: http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ Protocol HTTP/1.1 Server 163.172.106.253 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-106-253.rev.poneytelecom.eu Software Apache / Resource Hash `7601455c0af7c3e0d8e64a288249c254b8fc1b257350613a6cdd1e1aaca9a3e4` Request headers Referer http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 28 Mar 2021 03:09:27 GMT Last-Modified Sat, 27 Mar 2021 15:01:10 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2781
GET H/1.1	200 OK	8dfe97e3b76724e3276befa06361e63f.php Show response netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/	0 368 B	97ms 97ms	XHR text/html	163.172.106.253 Online SAS
General Check archive.org Show headers Download Go to Full URL http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/8dfe97e3b76724e3276befa06361e63f.php?path=refresh/eedb80f3-0836-4022-9943-b8b7e89337de Requested by Host: netflix.facture-mensuelle.com URL: http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/js/chunk-vendors.cc7b8d9d.js Protocol HTTP/1.1 Server 163.172.106.253 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-106-253.rev.poneytelecom.eu Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept application/json, text/plain, / Referer http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 28 Mar 2021 03:09:27 GMT Server Apache Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Connection Keep-Alive Access-Control-Allow-Headers X-Requested-With, Origin, Content-Type, X-Auth-Token , Authorization Content-Length 0 Keep-Alive timeout=5, max=98
GET H/1.1	200 OK	8dfe97e3b76724e3276befa06361e63f.php Show response netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/	0 369 B	307ms 286ms	XHR text/html	163.172.106.253 Online SAS
General Check archive.org Show headers Download Go to Full URL http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/8dfe97e3b76724e3276befa06361e63f.php?path=refresh/eedb80f3-0836-4022-9943-b8b7e89337de Requested by Host: netflix.facture-mensuelle.com URL: http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/js/chunk-vendors.cc7b8d9d.js Protocol HTTP/1.1 Server 163.172.106.253 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-106-253.rev.poneytelecom.eu Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept application/json, text/plain, / Referer http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 28 Mar 2021 03:09:33 GMT Server Apache Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Connection Keep-Alive Access-Control-Allow-Headers X-Requested-With, Origin, Content-Type, X-Auth-Token , Authorization Content-Length 0 Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	8dfe97e3b76724e3276befa06361e63f.php Show response netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/	0 369 B	181ms 164ms	XHR text/html	163.172.106.253 Online SAS
General Check archive.org Show headers Download Go to Full URL http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/8dfe97e3b76724e3276befa06361e63f.php?path=refresh/eedb80f3-0836-4022-9943-b8b7e89337de Requested by Host: netflix.facture-mensuelle.com URL: http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/js/chunk-vendors.cc7b8d9d.js Protocol HTTP/1.1 Server 163.172.106.253 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-106-253.rev.poneytelecom.eu Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept application/json, text/plain, / Referer http://netflix.facture-mensuelle.com/fea834beaf89cb0b8e3dcc21773bdab8/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sun, 28 Mar 2021 03:09:38 GMT Server Apache Access-Control-Allow-Methods GET, POST, OPTIONS Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Connection Keep-Alive Access-Control-Allow-Headers X-Requested-With, Origin, Content-Type, X-Auth-Token , Authorization Content-Length 0 Keep-Alive timeout=5, max=100

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

netflix.facture-mensuelle.com
163.172.106.253
1c14c21a6012b6295ce8bd53af18d638eb7028ef8f69fba3bf4ec4416083c0d4
27bb5eee1df5ff6514f1436919dd0a9ae035f49338b5b1db2c499c64d5cbc850
282905797710e63d960f13bb9fca5734b231166ceecdf3fbaccedf866b23db37
5069c31661d5f292883bf46fcf480947d2ed3aac5a777afadc3833c5e9861f24
50e68a9cb40529ea88157c5d996f793c073fa22e6756c2e6b4b3365cbb0f8245
7601455c0af7c3e0d8e64a288249c254b8fc1b257350613a6cdd1e1aaca9a3e4
9a4620a32974adc5764f26a8070cd432aa32ba8be3167320fd32bcd9cdcaed08
baf5b296d25dbba01404d76723f66239f97101c1455206aa9f6848eaff264a17
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

netflix.facture-mensuelle.com Open in urlscan Pro 163.172.106.253 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

11 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

227 kBTransfer

224 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

netflix.facture-mensuelle.com Open in urlscan Pro
163.172.106.253 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

227 kB
Transfer

224 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!