52.62.160.1 Open in urlscan Pro
52.62.160.1 Malicious Activity! Public Scan

URL:
https://52.62.160.1/?rid=6i0mGqq
Submission: On August 04 via manual (August 4th 2020, 11:24:07 am UTC)

Summary HTTP 19 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 4 domains to perform 19 HTTP transactions. The main IP is 52.62.160.1, located in Sydney, Australia and belongs to AMAZON-02, US. The main domain is 52.62.160.1.
TLS certificate: Issued by Amazon on December 17th 2019. Valid for: a year.

This is the only time 52.62.160.1 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	52.62.160.1 52.62.160.1	16509 (AMAZON-02) (AMAZON-02)
7	2a00:86c0:209... 2a00:86c0:2091::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
2	2a01:578:3::3... 2a01:578:3::36e5:4c2	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:801::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:818::2003	15169 (GOOGLE) (GOOGLE)
19	6

1 52.62.160.1 (Sydney, Australia)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-62-160-1.ap-southeast-2.compute.amazonaws.com

52.62.160.1	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:86c0:2091::1 (United Kingdom)

ASN40027 (NETFLIX-ASN, US)

codex.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:578:3::36e5:4c2 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

www.netflix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	nflxext.com codex.nflxext.com assets.nflxext.com	670 KB
2	google.com www.google.com	732 B
2	netflix.com www.netflix.com Failed	3 KB
1	gstatic.com www.gstatic.com	131 KB
19	4

	Domain	Requested by
4	codex.nflxext.com	52.62.160.1
3	assets.nflxext.com	52.62.160.1
2	www.google.com	codex.nflxext.com www.gstatic.com
2	www.netflix.com	52.62.160.1 codex.nflxext.com
1	www.gstatic.com	www.google.com
19	5

This site contains links to these domains. Also see Links.

Domain
www.netflix.com
policies.google.com
help.netflix.com

Subject Issuer	Validity	Valid
sagovau.com Amazon	`2019-12-17` - `2021-01-17`	a year	crt.sh
*.1.nflxso.net DigiCert SHA2 Secure Server CA	`2020-07-24` - `2020-08-26`	a month	crt.sh
www.netflix.com DigiCert SHA2 Secure Server CA	`2020-01-13` - `2022-01-13`	2 years	crt.sh
www.google.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-07-07` - `2020-09-29`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://52.62.160.1/?rid=6i0mGqq
Frame ID: E5F40DCC6687DA3CE3EEEF1F5174ECD3
Requests: 18 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf8hrcUAAAAAIpQAFW2VFjtiYnThOjZOA5xvLyR&co=aHR0cHM6Ly81Mi42Mi4xNjAuMTo0NDM.&hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&size=invisible&cb=t0bd63vk0jzt
Frame ID: 1307E272F7D69D60B43A24AE0D54D778
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

19
Requests

63 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

6
IPs

4
Countries

875 kB
Transfer

2039 kB
Size

1
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.netflix.com/
Title: Netflix

Search URL Search Domain Scan URL

URL: https://www.netflix.com/au/login
Title: +61

Search URL Search Domain Scan URL

URL: https://www.netflix.com/LoginHelp
Title: Need help?

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://www.netflix.com/giftterms
Title: Gift Card Terms

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/termsofuse
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/privacy
Title: Privacy Statement

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
52.62.160.1/ 331 KB
71 KB 1721ms
1096ms Document
text/html 52.62.160.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.62.160.1/?rid=6i0mGqq
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.62.160.1 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-62-160-1.ap-southeast-2.compute.amazonaws.com
Software: nginx/1.13.8 /
Resource Hash: d7bf403b32f5e1078f6266150bbef62d1c5c32a2d563d980d58f61163f4d79e1

Request headers

:method: GET
:authority: 52.62.160.1
:scheme: https
:path: /?rid=6i0mGqq
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Tue, 04 Aug 2020 11:23:46 GMT
content-type: text/html; charset=utf-8
server: nginx/1.13.8
content-encoding: gzip
vary: Accept-Encoding

GET
H/1.1 200
OK none Show response
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-ve0d6d2cb/js/js/bootstrap.js,common%7Cbootstrap.js/2/4K034j4905454t4J070o004L4o4m4F4b4u4x0a024H13/bck/true/ 9 KB
4 KB 25ms
6ms Script
application/javascript 2a00:86c0:2091::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-ve0d6d2cb/js/js/bootstrap.js,common%7Cbootstrap.js/2/4K034j4905454t4J070o004L4o4m4F4b4u4x0a024H13/bck/true/none

Requested by

Host: 52.62.160.1
URL: https://52.62.160.1/?rid=6i0mGqq

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

896f4bfd636c4428757955d428c40c5a5d2a181a3232404704fe539c3b079f23

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://52.62.160.1/?rid=6i0mGqq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 04 Aug 2020 11:23:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=16070400
req_id: 13040291-6e9e-4f86-b45b-1d36ac05b816
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Content-Length: 3628
Expires: Fri, 05 Feb 2021 23:43:52 GMT

GET
H/1.1 200
OK none Show response
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-ve0d6d2cb/js/js/components%7Clogin%7CloginControllerClient.js/2/4K034j4905454t4J070o004L4o4m4F4b4u4x0a024H13/l/true/ 843 KB
257 KB 136ms
116ms Script
application/javascript 2a00:86c0:2091::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-ve0d6d2cb/js/js/components%7Clogin%7CloginControllerClient.js/2/4K034j4905454t4J070o004L4o4m4F4b4u4x0a024H13/l/true/none

Requested by

Host: 52.62.160.1
URL: https://52.62.160.1/?rid=6i0mGqq

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

3d701d02e441b1c2b3f6b94beedf61120208a1da2d57afd3ba4e4ae6f2dc065a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://52.62.160.1/?rid=6i0mGqq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 04 Aug 2020 11:23:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=16070400
req_id: 2a49e544-ebe4-4602-83b1-f2cc40785b34
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Expires: Sat, 06 Feb 2021 11:23:46 GMT

GET WebsiteDetect
www.netflix.com/personalization/cl2/freeform/ 0
0

GET
H/1.1 200
OK none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-ve0d6d2cb/css/css/less%7Ccore%7Cerror-page.less/1/vFxM3wm8EJL/none/true/ 11 KB
3 KB 24ms
5ms Stylesheet
text/css 2a00:86c0:2091::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-ve0d6d2cb/css/css/less%7Ccore%7Cerror-page.less/1/vFxM3wm8EJL/none/true/none

Requested by

Host: 52.62.160.1
URL: https://52.62.160.1/?rid=6i0mGqq

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

61c3738272cf954cc5afab921385ac1d43fb1cfef827be5a457d1405d37c84d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://52.62.160.1/?rid=6i0mGqq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 04 Aug 2020 11:23:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=16070400
req_id: e1775ef6-f93b-4125-a8f6-70c85e93651d
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Content-Length: 2591
Expires: Sat, 06 Feb 2021 11:22:41 GMT

GET
H/1.1 200
OK none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-ve0d6d2cb/css/css/less%7Clogin%7CloginBase.less,less%7Cpages%7Clogin%7CLogin.less/1/vFxM3wm8EJL/none/true/ 128 KB
21 KB 127ms
108ms Stylesheet
text/css 2a00:86c0:2091::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-ve0d6d2cb/css/css/less%7Clogin%7CloginBase.less,less%7Cpages%7Clogin%7CLogin.less/1/vFxM3wm8EJL/none/true/none

Requested by

Host: 52.62.160.1
URL: https://52.62.160.1/?rid=6i0mGqq

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

51c038ea7dc83e1fb98bbfb506253c7d469409d85542bc68066f4447ca474a1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://52.62.160.1/?rid=6i0mGqq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 04 Aug 2020 11:23:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=16070400
req_id: ee74b61f-dd09-4c1a-abe9-96e0ad65121e
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Expires: Sat, 06 Feb 2021 11:23:46 GMT

GET
H/1.1 200
OK WebsiteDetect Show response
www.netflix.com/personalization/cl2/freeform/ 0
1 KB 128ms
37ms XHR
text/plain 2a01:578:3::36e5:4c2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netflix.com/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=js&modalView=login

Requested by

Host: 52.62.160.1
URL: https://52.62.160.1/?rid=6i0mGqq

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a01:578:3::36e5:4c2 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

clingest-secure i-0d8a2ad577b893eb9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://52.62.160.1/?rid=6i0mGqq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 04 Aug 2020 11:23:46 GMT
Via: 1.1 i-0ea3006a6dd59524b (eu-west-1)
X-Content-Type-Options: nosniff
X-Netflix_proxy_execution-time: 6
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Allow: GET, POST, OPTIONS
Server: clingest-secure i-0d8a2ad577b893eb9
X-Frame-Options: DENY
X-Netflix_nfstatus: 1_1
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Originating-URL: https://www.netflix.com/personalization/cl2/freeform/WebsiteDetect?modalView=login&source=wwwhead&fetchType=js
Access-Control-Allow-Origin: https://52.62.160.1
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,Authorization,Content-Type,Cookie,debugRequest,X-Netflix.application.name,X-Netflix.application.version,X-Netflix.certification.version,X-Netflix.Client.Request.Name,X-Netflix.device.type,X-Netflix.esn,X-Netflix.ichnaea.request.type,X-Netflix.oauth.consumer.key,X-Netflix.oauth.token,X-Netflix.request.uuid,X-Netflix.user.id
Expires: Mon, 03 Aug 2020 11:23:47 GMT

GET
H/1.1 200
OK WebsiteScreen Show response
www.netflix.com/personalization/cl2/freeform/ 0
2 KB 132ms
38ms XHR
text/plain 2a01:578:3::36e5:4c2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netflix.com/personalization/cl2/freeform/WebsiteScreen?source=wwwhead&fetchType=js&winw=1600&winh=1200&screenw=1600&screenh=1200&ratio=1

Requested by

Host: 52.62.160.1
URL: https://52.62.160.1/?rid=6i0mGqq

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a01:578:3::36e5:4c2 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

clingest-secure i-05d270931c50c4752 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://52.62.160.1/?rid=6i0mGqq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 04 Aug 2020 11:23:47 GMT
Via: 1.1 i-0129c43228cb3b744 (eu-west-1)
X-Content-Type-Options: nosniff
X-Netflix_proxy_execution-time: 6
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Allow: GET, POST, OPTIONS
Server: clingest-secure i-05d270931c50c4752
X-Frame-Options: DENY
X-Netflix_nfstatus: 1_1
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Originating-URL: https://www.netflix.com/personalization/cl2/freeform/WebsiteScreen?source=wwwhead&fetchType=js&winw=1600&screenh=1200&screenw=1600&winh=1200&ratio=1
Access-Control-Allow-Origin: https://52.62.160.1
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept,Authorization,Content-Type,Cookie,debugRequest,X-Netflix.application.name,X-Netflix.application.version,X-Netflix.certification.version,X-Netflix.Client.Request.Name,X-Netflix.device.type,X-Netflix.esn,X-Netflix.ichnaea.request.type,X-Netflix.oauth.consumer.key,X-Netflix.oauth.token,X-Netflix.request.uuid,X-Netflix.user.id
Expires: Mon, 03 Aug 2020 11:23:47 GMT

GET
H/1.1 200
OK AU-en-20200727-popsignuptwoweeks-perspective_alpha_website_large.jpg
assets.nflxext.com/ffe/siteui/vlv3/8502631a-7c16-4132-8656-d741da3b3d3e/19d5c0c4-10ab-4170-8e2c-961bcc46cc44/ 310 KB
310 KB 471ms
451ms Image
image/jpeg 2a00:86c0:2091::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/vlv3/8502631a-7c16-4132-8656-d741da3b3d3e/19d5c0c4-10ab-4170-8e2c-961bcc46cc44/AU-en-20200727-popsignuptwoweeks-perspective_alpha_website_large.jpg
Requested by: Host: 52.62.160.1
URL: https://52.62.160.1/?rid=6i0mGqq
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 8a7129055939beb3fa798c1744ca5def54a92a46f8dbc93b1d805f04c84a664c

Request headers

Referer: https://52.62.160.1/?rid=6i0mGqq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 04 Aug 2020 11:23:47 GMT
Last-Modified: Wed, 29 Jul 2020 13:15:16 GMT
Server: nginx
Content-MD5: AnYdjVQyKwrwS4rok8neKw==
Content-Type: image/jpeg
Cache-Control: public, max-age=5060
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 317429
Expires: Tue, 04 Aug 2020 12:48:07 GMT

GET
H/1.1 200
OK FB-f-Logo__blue_57.png
assets.nflxext.com/ffe/siteui/login/images/ 1 KB
2 KB 18ms
6ms Image
image/png 2a00:86c0:2091::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/login/images/FB-f-Logo__blue_57.png
Requested by: Host: 52.62.160.1
URL: https://52.62.160.1/?rid=6i0mGqq
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece

Request headers

Referer: https://52.62.160.1/?rid=6i0mGqq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 04 Aug 2020 11:23:47 GMT
Last-Modified: Thu, 30 Jun 2016 17:48:49 GMT
Server: nginx
Content-MD5: ozykfvEQtuPsUIa4d2QH0w==
Content-Type: image/png
Cache-Control: public, max-age=1256132
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1455
Expires: Wed, 15 Apr 2020 20:00:00 GMT

GET
H/1.1 200
OK nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ 72 KB
72 KB 19ms
5ms Font
application/octet-stream 2a00:86c0:2091::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
Requested by: Host: 52.62.160.1
URL: https://52.62.160.1/?rid=6i0mGqq
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-ve0d6d2cb/css/css/less%7Clogin%7CloginBase.less,less%7Cpages%7Clogin%7CLogin.less/1/vFxM3wm8EJL/none/true/none
Origin: https://52.62.160.1

Response headers

Date: Tue, 04 Aug 2020 11:23:47 GMT
Content-Encoding: gzip
Last-Modified: Mon, 29 Jan 2018 01:50:51 GMT
Server: nginx
Content-MD5: fPYVbMSBJEtaJUNi17c/AA==
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=9402
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 73566
Expires: Tue, 14 Jul 2020 21:52:16 GMT

GET
H2 200 enterprise.js Show response
www.google.com/recaptcha/ 792 B
732 B 16ms
16ms Script
text/javascript 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6Lf8hrcUAAAAAIpQAFW2VFjtiYnThOjZOA5xvLyR

Requested by

Host: codex.nflxext.com
URL: https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-ve0d6d2cb/js/js/components%7Clogin%7CloginControllerClient.js/2/4K034j4905454t4J070o004L4o4m4F4b4u4x0a024H13/l/true/none

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

37b00448cf22a83c6b8213c0c0fb5a9f766303c40ec1ae0902b47cf8c4c3a81d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://52.62.160.1/?rid=6i0mGqq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 04 Aug 2020 11:23:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 509
x-xss-protection: 1; mode=block
expires: Tue, 04 Aug 2020 11:23:47 GMT

POST log
www.netflix.com/personalization/ 0
0

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/ 332 KB
131 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6Lf8hrcUAAAAAIpQAFW2VFjtiYnThOjZOA5xvLyR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b49b397871dff384aab300554a8f1745d86e020edd55dea9f1ad58209a1b7563

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://52.62.160.1/?rid=6i0mGqq
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 03 Aug 2020 17:22:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 03 Aug 2020 04:06:51 GMT
server: sffe
age: 64865
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133278
x-xss-protection: 0
expires: Tue, 03 Aug 2021 17:22:42 GMT

GET
H2 200 anchor
www.google.com/recaptcha/api2/ Frame 1307 0
0 17ms
17ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf8hrcUAAAAAIpQAFW2VFjtiYnThOjZOA5xvLyR&co=aHR0cHM6Ly81Mi42Mi4xNjAuMTo0NDM.&hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&size=invisible&cb=t0bd63vk0jzt

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/IU7gZ7o6RDdDE6U4Y1YJJWnN/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1VnE5MR/F+TcMiB7WCVBVQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Lf8hrcUAAAAAIpQAFW2VFjtiYnThOjZOA5xvLyR&co=aHR0cHM6Ly81Mi42Mi4xNjAuMTo0NDM.&hl=en&v=IU7gZ7o6RDdDE6U4Y1YJJWnN&size=invisible&cb=t0bd63vk0jzt
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://52.62.160.1/?rid=6i0mGqq
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://52.62.160.1/?rid=6i0mGqq

Response headers

status: 200
content-security-policy: script-src 'report-sample' 'nonce-1VnE5MR/F+TcMiB7WCVBVQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
content-encoding: gzip
date: Tue, 04 Aug 2020 11:23:47 GMT
expires: Tue, 04 Aug 2020 11:23:47 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1103
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST cl2
www.netflix.com/personalization/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.netflix.com
URL: https://www.netflix.com/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=login

Domain: www.netflix.com
URL: https://www.netflix.com/personalization/log

Domain: www.netflix.com
URL: https://www.netflix.com/personalization/cl2

Domain: www.netflix.com
URL: https://www.netflix.com/personalization/cl2

Domain: www.netflix.com
URL: https://www.netflix.com/personalization/cl2

Domain: www.netflix.com
URL: https://www.netflix.com/personalization/cl2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			52.62.160.1/	1969-12-31 23:59:59	Name: cL Value: 1596540227724%7C159654022771902994%7C159654022765847276%7C%7C4%7Cnull

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nflxext.com
codex.nflxext.com
www.google.com
www.gstatic.com
www.netflix.com
www.netflix.com
2a00:1450:4001:801::2004
2a00:1450:4001:818::2003
2a00:86c0:2091::1
2a01:578:3::36e5:4c2
52.62.160.1
37b00448cf22a83c6b8213c0c0fb5a9f766303c40ec1ae0902b47cf8c4c3a81d
3d701d02e441b1c2b3f6b94beedf61120208a1da2d57afd3ba4e4ae6f2dc065a
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
51c038ea7dc83e1fb98bbfb506253c7d469409d85542bc68066f4447ca474a1b
61c3738272cf954cc5afab921385ac1d43fb1cfef827be5a457d1405d37c84d8
896f4bfd636c4428757955d428c40c5a5d2a181a3232404704fe539c3b079f23
8a7129055939beb3fa798c1744ca5def54a92a46f8dbc93b1d805f04c84a664c
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
b49b397871dff384aab300554a8f1745d86e020edd55dea9f1ad58209a1b7563
d7bf403b32f5e1078f6266150bbef62d1c5c32a2d563d980d58f61163f4d79e1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

52.62.160.1 Open in urlscan Pro 52.62.160.1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

19 Requests

63 %HTTPS

80 %IPv6

4 Domains

5 Subdomains

6 IPs

4 Countries

875 kBTransfer

2039 kBSize

1 Cookies

8 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

1 Cookies

Indicators

52.62.160.1 Open in urlscan Pro
52.62.160.1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

63 %
HTTPS

80 %
IPv6

4
Domains

5
Subdomains

6
IPs

4
Countries

875 kB
Transfer

2039 kB
Size

1
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!