evershineenterprises.co.in

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 148.66.136.53, located in Singapore and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is evershineenterprises.co.in.

This is the only time evershineenterprises.co.in was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 5	148.66.136.53 148.66.136.53	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
3	2a00:86c0:209... 2a00:86c0:2091::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
7	2

5 148.66.136.53 (Singapore) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)

evershineenterprises.co.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:86c0:2091::1 (United States)

ASN40027 (NETFLIX-ASN, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	evershineenterprises.co.in 1 redirects evershineenterprises.co.in	72 KB
3	nflxext.com assets.nflxext.com — Cisco Umbrella Rank: 4129	178 KB
7	2

	Domain	Requested by
5	evershineenterprises.co.in	1 redirects evershineenterprises.co.in
3	assets.nflxext.com	evershineenterprises.co.in
7	2

This site contains links to these domains. Also see Links.

Domain
help.netflix.com

Subject Issuer	Validity	Valid
*.1.nflxso.net DigiCert Secure Site ECC CA-1	`2023-06-11` - `2023-07-13`	a month	crt.sh

This page contains 1 frames:

Primary Page: http://evershineenterprises.co.in/netflix/update/
Frame ID: 7A4128C41E212F773FBA3C855E98FD62
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Netflix

Page URL History Show full URLs

http://evershineenterprises.co.in/netflix/update HTTP 301
http://evershineenterprises.co.in/netflix/update/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

43 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

250 kB
Transfer

511 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://help.netflix.com/contactus
Title: Questions? Contact us.

Search URL Search Domain Scan URL

URL: https://help.netflix.com/support/412
Title: FAQ

Search URL Search Domain Scan URL

URL: https://help.netflix.com/
Title: Help Center

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/termsofuse
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/corpinfo
Title: Corporate Information

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://evershineenterprises.co.in/netflix/update HTTP 301
http://evershineenterprises.co.in/netflix/update/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response evershineenterprises.co.in/netflix/update/ Redirect Chain http://evershineenterprises.co.in/netflix/update http://evershineenterprises.co.in/netflix/update/	11 KB 3 KB	459ms 459ms	Document text/html	148.66.136.53 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://evershineenterprises.co.in/netflix/update/ Protocol HTTP/1.1 Server 148.66.136.53 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / PHP/7.4.33 Resource Hash `7225dce04616869acf868470c9f635c97cc1c1304dce951840130ac5c9bbd413` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 accept-language zh-SG,zh;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 3087 Content-Type text/html; charset=UTF-8 Date Thu, 29 Jun 2023 15:21:09 GMT Keep-Alive timeout=5 Server Apache Vary Accept-Encoding X-Powered-By PHP/7.4.33 Redirect headers Connection Keep-Alive Content-Length 257 Content-Type text/html; charset=iso-8859-1 Date Thu, 29 Jun 2023 15:21:09 GMT Keep-Alive timeout=5 Location http://evershineenterprises.co.in/netflix/update/ Server Apache
GET H/1.1	200 OK	style.css evershineenterprises.co.in/netflix/update/assets/css/	217 KB 35 KB	12ms 11ms	Stylesheet text/css	148.66.136.53 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://evershineenterprises.co.in/netflix/update/assets/css/style.css Requested by Host: evershineenterprises.co.in URL: http://evershineenterprises.co.in/netflix/update/ Protocol HTTP/1.1 Server 148.66.136.53 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `73ab9a0d44bf454ca0190571a80cce77d3292f47bd6d8e273a4a628cf304c6b1` Request headers accept-language zh-SG,zh;q=0.9 Referer http://evershineenterprises.co.in/netflix/update/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Thu, 29 Jun 2023 15:21:09 GMT Content-Encoding gzip Last-Modified Fri, 02 Jun 2023 23:41:04 GMT Server Apache ETag "4240cee-36268-5fd2e160fa400-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 35625
GET H/1.1	200 OK	jquery.js Show response evershineenterprises.co.in/netflix/update/assets/js/	87 KB 31 KB	12ms 9ms	Script application/javascript	148.66.136.53 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://evershineenterprises.co.in/netflix/update/assets/js/jquery.js Requested by Host: evershineenterprises.co.in URL: http://evershineenterprises.co.in/netflix/update/ Protocol HTTP/1.1 Server 148.66.136.53 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127` Request headers accept-language zh-SG,zh;q=0.9 Referer http://evershineenterprises.co.in/netflix/update/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Thu, 29 Jun 2023 15:21:09 GMT Content-Encoding gzip Last-Modified Fri, 02 Jun 2023 23:41:04 GMT Server Apache ETag "4240cea-15d9d-5fd2e160fa400-gzip" Vary Accept-Encoding Upgrade h2,h2c Content-Type application/javascript Connection Upgrade, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 30905
GET H/1.1	200 OK	main.js Show response evershineenterprises.co.in/netflix/update/assets/js/	19 KB 3 KB	7ms 4ms	Script application/javascript	148.66.136.53 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://evershineenterprises.co.in/netflix/update/assets/js/main.js Requested by Host: evershineenterprises.co.in URL: http://evershineenterprises.co.in/netflix/update/ Protocol HTTP/1.1 Server 148.66.136.53 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS Software Apache / Resource Hash `e69fe58af35c0362191ab831ad708bd0ba946471fb0939b45ad10eba1ba368b4` Request headers accept-language zh-SG,zh;q=0.9 Referer http://evershineenterprises.co.in/netflix/update/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Thu, 29 Jun 2023 15:21:09 GMT Content-Encoding gzip Last-Modified Fri, 02 Jun 2023 23:41:04 GMT Server Apache ETag "4240ce9-4ce3-5fd2e160fa400-gzip" Vary Accept-Encoding Upgrade h2,h2c Content-Type application/javascript Connection Upgrade, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 2878
GET H/1.1	200 OK	NetflixSans_W_Rg.woff2 assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/	52 KB 52 KB	14ms 3ms	Font font/woff2	2a00:86c0:2091::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Full URL https://assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Rg.woff2 Requested by Host: evershineenterprises.co.in URL: http://evershineenterprises.co.in/netflix/update/assets/css/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2091::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167` Request headers Referer http://evershineenterprises.co.in/ Origin http://evershineenterprises.co.in accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Thu, 29 Jun 2023 15:21:09 GMT Last-Modified Thu, 17 Jan 2019 20:16:30 GMT Server nginx Content-MD5 C/MXfx/tbZUxeCIfukPH6A== Content-Type font/woff2 Access-Control-Allow-Origin * Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 53304 Expires Thu, 06 Jul 2023 15:21:10 GMT
GET H/1.1	200 OK	NetflixSans_W_Md.woff2 assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/	53 KB 53 KB	37ms 15ms	Font font/woff2	2a00:86c0:2091::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Full URL https://assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Md.woff2 Requested by Host: evershineenterprises.co.in URL: http://evershineenterprises.co.in/netflix/update/assets/css/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2091::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e` Request headers Referer http://evershineenterprises.co.in/ Origin http://evershineenterprises.co.in accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Thu, 29 Jun 2023 15:21:09 GMT Last-Modified Thu, 17 Jan 2019 20:16:30 GMT Server nginx Content-MD5 6naZIbDPpPxtTRouCx+l/w== Content-Type font/woff2 Access-Control-Allow-Origin * Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 53940 Expires Thu, 06 Jul 2023 15:21:10 GMT
GET H/1.1	200 OK	nf-icon-v1-93.woff assets.nflxext.com/ffe/siteui/fonts/	72 KB 72 KB	8ms 5ms	Font font/woff	2a00:86c0:2091::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Full URL https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff Requested by Host: evershineenterprises.co.in URL: http://evershineenterprises.co.in/netflix/update/assets/css/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2091::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d` Request headers Referer http://evershineenterprises.co.in/ Origin http://evershineenterprises.co.in accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36 Response headers Date Thu, 29 Jun 2023 15:21:09 GMT Last-Modified Mon, 29 Jan 2018 01:50:51 GMT Server nginx Content-MD5 fPYVbMSBJEtaJUNi17c/AA== Content-Type font/woff Access-Control-Allow-Origin * Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 73572 Expires Thu, 06 Jul 2023 15:21:10 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nflxext.com
evershineenterprises.co.in
148.66.136.53
2a00:86c0:2091::1
7225dce04616869acf868470c9f635c97cc1c1304dce951840130ac5c9bbd413
73ab9a0d44bf454ca0190571a80cce77d3292f47bd6d8e273a4a628cf304c6b1
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167
e69fe58af35c0362191ab831ad708bd0ba946471fb0939b45ad10eba1ba368b4
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

evershineenterprises.co.in Open in urlscan Pro 148.66.136.53 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

43 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

250 kBTransfer

511 kBSize

0 Cookies

6 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

evershineenterprises.co.in Open in urlscan Pro
148.66.136.53 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

43 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

250 kB
Transfer

511 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!