ic-cite.ulm.ac.id
Open in
urlscan Pro
103.195.91.180
Malicious Activity!
Public Scan
Effective URL: https://ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/AccBilling.php?country=-&lang=en
Submission: On September 16 via manual from GB — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 10th 2021. Valid for: 3 months.
This is the only time ic-cite.ulm.ac.id was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 19 | 103.195.91.180 103.195.91.180 | 58404 (QWORDS-AS...) (QWORDS-AS-ID PT Qwords Company International) | |
6 | 45.57.91.1 45.57.91.1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
21 | 3 |
ASN58404 (QWORDS-AS-ID PT Qwords Company International, ID)
PTR: server.ulm.ac.id
ic-cite.ulm.ac.id |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
ulm.ac.id
5 redirects
ic-cite.ulm.ac.id |
225 KB |
6 |
nflxext.com
assets.nflxext.com |
74 KB |
0 |
liluzi.cf
Failed
liluzi.cf Failed |
|
21 | 3 |
Domain | Requested by | |
---|---|---|
19 | ic-cite.ulm.ac.id |
5 redirects
ic-cite.ulm.ac.id
|
6 | assets.nflxext.com |
ic-cite.ulm.ac.id
|
0 | liluzi.cf Failed |
ic-cite.ulm.ac.id
|
21 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ic-cite.ulm.ac.id cPanel, Inc. Certification Authority |
2021-09-10 - 2021-12-09 |
3 months | crt.sh |
*.1.nflxso.net DigiCert TLS RSA SHA256 2020 CA1 |
2021-09-05 - 2021-10-07 |
a month | crt.sh |
This page contains 1 frames:
Primary Page:
https://ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/AccBilling.php?country=-&lang=en
Frame ID: 1CF5CCC287DF4C36F25C6B3EEB715D2D
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
NetflixPage URL History Show full URLs
-
http://ic-cite.ulm.ac.id/neflix64r45899484890-check
HTTP 301
https://ic-cite.ulm.ac.id/neflix64r45899484890-check HTTP 301
https://ic-cite.ulm.ac.id/neflix64r45899484890-check/ HTTP 302
https://ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00 HTTP 301
https://ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/ HTTP 302
https://ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/AccBilling.php?c... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
animate.css (Web Frameworks) Expand
Detected patterns
- <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
React (JavaScript Frameworks) Expand
Detected patterns
- <[^>]+data-react
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://ic-cite.ulm.ac.id/neflix64r45899484890-check
HTTP 301
https://ic-cite.ulm.ac.id/neflix64r45899484890-check HTTP 301
https://ic-cite.ulm.ac.id/neflix64r45899484890-check/ HTTP 302
https://ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00 HTTP 301
https://ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/ HTTP 302
https://ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/AccBilling.php?country=-&lang=en Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
AccBilling.php
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/ Redirect Chain
|
16 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/assets/ |
147 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/assets/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
warning.css
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/assets/ |
107 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animate.css
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/assets/ |
23 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
set1.css
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/assets/ |
19 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.slim.min.js
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/assets/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tether.min.js
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/assets/ |
24 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/assets/ |
46 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
classie.js
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/assets/ |
2 KB 679 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.CardValidator.js
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/assets/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
12_11_2014_icon_visa_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
859 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10_18_2014_icon_master_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
833 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10_18_2014_icon_amex_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
525 B 844 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10_18_2014_icon_discovery_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
886 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_DinersClub_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
843 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprites_cc_logos.png
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/assets/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-88.woff
assets.nflxext.com/ffe/siteui/fonts/ |
69 KB 69 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
n1.png
liluzi.cf/i/yts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff
ic-cite.ulm.ac.id/neflix64r45899484890-check/cd63a3eec3319fd9c84c942a08316e00/assets/ |
96 KB 96 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- liluzi.cf
- URL
- https://liluzi.cf/i/yts/n1.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery function| Tether object| jQuery112202703432906098384 object| classie1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ic-cite.ulm.ac.id/ | Name: PHPSESSID Value: cl9vcmk1tqcrphhm20h7m968f5 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
ic-cite.ulm.ac.id
liluzi.cf
liluzi.cf
103.195.91.180
45.57.91.1
28cb3cf3a0253d7f0aecf2f52159dfc6cb9bca679a5011ff19cb30b9c52cbcfa
4958e4d47607004834b13d3c29d91f8c15b2ab2c488a15d9745a039e970f0bf3
694668a605f294bff15137923aadc4576ef0fbc158f035e1bcedf521a6cf1fd8
7428226116458939688f6ddde1465ee479600dca4066272a28272d2501f35860
7d3ed5e7e4c4aafe8c1f5d004e7eee33b5887117d2125848352a2cda86dd7ed0
7ed65da4bcdc5f0f68d20f2b489f2f1e4df6d5b1235ece01afd24624126be504
80aa5497ff31b2c001474d9432f0853c11d200a67ea4f9852ab2f7ee2fedd9c2
80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f
813476b0d963b74f5992b3feae7710e3be15826156c10eff208194612a839199
8802adf5641c1056fcf4feeeabb83be1b1e3724d9b460cecc791dfdd6422bc3b
a47f9feda7682c5085fa780e2560144c5bc70caa592a8d1a345a852948efa94a
ab27b76ccf8e5e3438cdf1c8f60f5bd2909ab8036ebb2420fe7bcae6694ee677
aebf611c1438dc7ec748e9a6364c734066b34bf2a1c7e2fc6511ed784635b50e
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
ba892f7903e737d06c952be4ed3266746ed5e1090377fbc5d2ac975626c4533a
c4ea9310d72e37fe799d48ae3fc43dcb53e3db7c4ae13763d4c5b893f6ceb64b
cc5859d74f8cde62e1cdeeea341f85f9725d4f4398f58203aa1e5080faf1685a
fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9
ff1e4ce80d4ae75efd878dc003aeb0ca3cc32a5f45e5c92b2c73a7538c05ce83