neitflix-ar.com
Open in
urlscan Pro
192.185.71.15
Malicious Activity!
Public Scan
Submission Tags: falconsandbox
Submission: On February 11 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on February 8th 2022. Valid for: 3 months.
This is the only time neitflix-ar.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 192.185.71.15 192.185.71.15 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
2 2 | 195.154.113.3 195.154.113.3 | 12876 (Online SAS) (Online SAS) | |
1 | 163.172.59.20 163.172.59.20 | 12876 (Online SAS) (Online SAS) | |
1 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
7 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: gator4185.hostgator.com
neitflix-ar.com |
ASN12876 (Online SAS, FR)
PTR: 195-154-113-3.rev.poneytelecom.eu
3.top4top.net | |
3.top4top.io |
ASN12876 (Online SAS, FR)
PTR: 163-172-59-20.rev.poneytelecom.eu
i.top4top.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
neitflix-ar.com
neitflix-ar.com |
20 KB |
2 |
top4top.io
1 redirects
3.top4top.io i.top4top.io |
1 MB |
1 |
nflxext.com
assets.nflxext.com — Cisco Umbrella Rank: 4787 |
78 KB |
1 |
top4top.net
1 redirects
3.top4top.net |
88 B |
0 |
holmanonline.com
Failed
assets.nflxext.holmanonline.com Failed |
|
7 | 5 |
Domain | Requested by | |
---|---|---|
3 | neitflix-ar.com |
neitflix-ar.com
|
1 | assets.nflxext.com |
neitflix-ar.com
|
1 | i.top4top.io |
neitflix-ar.com
|
1 | 3.top4top.io | 1 redirects |
1 | 3.top4top.net | 1 redirects |
0 | assets.nflxext.holmanonline.com Failed |
neitflix-ar.com
|
7 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
neitflix-ar.com.probusinesscompany.com R3 |
2022-02-08 - 2022-05-09 |
3 months | crt.sh |
*.1.nflxso.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-02-03 - 2022-03-08 |
a month | crt.sh |
This page contains 1 frames:
Primary Page:
https://neitflix-ar.com/oam-login.php
Frame ID: 02FB77EC3E0D4311BEA08E05E83579AE
Requests: 7 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://3.top4top.net/p_142705xbg1.png HTTP 301
- https://3.top4top.io/p_142705xbg1.png HTTP 302
- https://i.top4top.io/p_142705xbg1.png
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
oam-login.php
neitflix-ar.com/ |
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z.css
neitflix-ar.com/css/ |
35 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a.css
neitflix-ar.com/css/ |
49 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Modernizr-2.5.3.forms.js
assets.nflxext.holmanonline.com/webalizer/images/modernizr.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
html5Forms.js
assets.nflxext.holmanonline.com/webalizer/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p_142705xbg1.png
i.top4top.io/ Redirect Chain
|
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-80.woff
assets.nflxext.com/ffe/siteui/fonts/ |
78 KB 78 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- assets.nflxext.holmanonline.com
- URL
- http://assets.nflxext.holmanonline.com/webalizer/images/modernizr.com/Modernizr-2.5.3.forms.js
- Domain
- assets.nflxext.holmanonline.com
- URL
- http://assets.nflxext.holmanonline.com/webalizer/images/html5Forms.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
3.top4top.io
3.top4top.net
assets.nflxext.com
assets.nflxext.holmanonline.com
i.top4top.io
neitflix-ar.com
assets.nflxext.holmanonline.com
163.172.59.20
192.185.71.15
195.154.113.3
2a00:86c0:2090::1
2555364bdd6374d0c273c69322f2f78554c02fe630ee6582eeb2d2c9031d1a9d
698fb5d54408ab060621f9ea2afe61243bc13b693d92fde9f59e4a2fe6d986cd
865ff2ca0947e876f04a570a09633832091736c24e78366ae0dfbe6bceb11057
d4f860902b5016f6f716623feab9195e24a47d242231dda667fa712e43776a8c
ff9c631a863e781506433428ad7577bfea44b8e1bcfdbf04fe90df72c2ff9940