rajus.in
Open in
urlscan Pro
162.241.224.233
Malicious Activity!
Public Scan
Submission: On May 14 via automatic, source phishtank
Summary
TLS certificate: Issued by R3 on March 17th 2021. Valid for: 3 months.
This is the only time rajus.in was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 162.241.224.233 162.241.224.233 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
2 2 | 195.154.113.3 195.154.113.3 | 12876 (Online SAS) (Online SAS) | |
1 | 163.172.59.20 163.172.59.20 | 12876 (Online SAS) (Online SAS) | |
1 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
7 | 4 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5220.bluehost.com
rajus.in |
ASN12876 (Online SAS, FR)
PTR: 195-154-113-3.rev.poneytelecom.eu
3.top4top.net | |
3.top4top.io |
ASN12876 (Online SAS, FR)
PTR: 163-172-59-20.rev.poneytelecom.eu
i.top4top.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
rajus.in
rajus.in |
20 KB |
2 |
top4top.io
1 redirects
3.top4top.io i.top4top.io |
1 MB |
1 |
nflxext.com
assets.nflxext.com |
78 KB |
1 |
top4top.net
1 redirects
3.top4top.net |
88 B |
0 |
holmanonline.com
Failed
assets.nflxext.holmanonline.com Failed |
|
7 | 5 |
Domain | Requested by | |
---|---|---|
3 | rajus.in |
rajus.in
|
1 | assets.nflxext.com |
rajus.in
|
1 | i.top4top.io |
rajus.in
|
1 | 3.top4top.io | 1 redirects |
1 | 3.top4top.net | 1 redirects |
0 | assets.nflxext.holmanonline.com Failed |
rajus.in
|
7 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
webdisk.rajus.in R3 |
2021-03-17 - 2021-06-15 |
3 months | crt.sh |
top4top.io R3 |
2021-04-18 - 2021-07-17 |
3 months | crt.sh |
*.1.nflxso.net DigiCert SHA2 Secure Server CA |
2021-05-12 - 2021-06-16 |
a month | crt.sh |
This page contains 1 frames:
Primary Page:
https://rajus.in/net/oam-login.php
Frame ID: 0D072A584B6922977F6E2CD38C9F9866
Requests: 7 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://3.top4top.net/p_142705xbg1.png HTTP 301
- https://3.top4top.io/p_142705xbg1.png HTTP 302
- https://i.top4top.io/p_142705xbg1.png
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
oam-login.php
rajus.in/net/ |
4 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z.css
rajus.in/net/css/ |
35 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a.css
rajus.in/net/css/ |
49 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Modernizr-2.5.3.forms.js
assets.nflxext.holmanonline.com/webalizer/images/modernizr.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
html5Forms.js
assets.nflxext.holmanonline.com/webalizer/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p_142705xbg1.png
i.top4top.io/ Redirect Chain
|
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-80.woff
assets.nflxext.com/ffe/siteui/fonts/ |
78 KB 78 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- assets.nflxext.holmanonline.com
- URL
- http://assets.nflxext.holmanonline.com/webalizer/images/modernizr.com/Modernizr-2.5.3.forms.js
- Domain
- assets.nflxext.holmanonline.com
- URL
- http://assets.nflxext.holmanonline.com/webalizer/images/html5Forms.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
3.top4top.io
3.top4top.net
assets.nflxext.com
assets.nflxext.holmanonline.com
i.top4top.io
rajus.in
assets.nflxext.holmanonline.com
162.241.224.233
163.172.59.20
195.154.113.3
2a00:86c0:2090::1
2555364bdd6374d0c273c69322f2f78554c02fe630ee6582eeb2d2c9031d1a9d
3b1dc9872698a920ae502d9755f589b165910503af139fd453d411db3cd25f2c
698fb5d54408ab060621f9ea2afe61243bc13b693d92fde9f59e4a2fe6d986cd
865ff2ca0947e876f04a570a09633832091736c24e78366ae0dfbe6bceb11057
ff9c631a863e781506433428ad7577bfea44b8e1bcfdbf04fe90df72c2ff9940