URL: https://rajus.in/net/oam-login.php
Submission: On May 14 via automatic, source phishtank

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 7 HTTP transactions. The main IP is 162.241.224.233, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is rajus.in.
TLS certificate: Issued by R3 on March 17th 2021. Valid for: 3 months.
This is the only time rajus.in was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
3 162.241.224.233 46606 (UNIFIEDLA...)
2 2 195.154.113.3 12876 (Online SAS)
1 163.172.59.20 12876 (Online SAS)
1 2a00:86c0:209... 40027 (NETFLIX-ASN)
7 4
Apex Domain
Subdomains
Transfer
3 rajus.in
rajus.in
20 KB
2 top4top.io
3.top4top.io
i.top4top.io
1 MB
1 nflxext.com
assets.nflxext.com
78 KB
1 top4top.net
3.top4top.net
88 B
0 holmanonline.com Failed
assets.nflxext.holmanonline.com Failed
7 5
Domain Requested by
3 rajus.in rajus.in
1 assets.nflxext.com rajus.in
1 i.top4top.io rajus.in
1 3.top4top.io 1 redirects
1 3.top4top.net 1 redirects
0 assets.nflxext.holmanonline.com Failed rajus.in
7 6

This site contains no links.

Subject Issuer Validity Valid
webdisk.rajus.in
R3
2021-03-17 -
2021-06-15
3 months crt.sh
top4top.io
R3
2021-04-18 -
2021-07-17
3 months crt.sh
*.1.nflxso.net
DigiCert SHA2 Secure Server CA
2021-05-12 -
2021-06-16
a month crt.sh

This page contains 1 frames:

Primary Page: https://rajus.in/net/oam-login.php
Frame ID: 0D072A584B6922977F6E2CD38C9F9866
Requests: 7 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

7
Requests

71 %
HTTPS

25 %
IPv6

5
Domains

6
Subdomains

4
IPs

2
Countries

1567 kB
Transfer

1632 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://3.top4top.net/p_142705xbg1.png HTTP 301
  • https://3.top4top.io/p_142705xbg1.png HTTP 302
  • https://i.top4top.io/p_142705xbg1.png

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request oam-login.php
rajus.in/net/
4 KB
1 KB
Document
General
Full URL
https://rajus.in/net/oam-login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.224.233 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
box5220.bluehost.com
Software
Apache /
Resource Hash
3b1dc9872698a920ae502d9755f589b165910503af139fd453d411db3cd25f2c

Request headers

:method
GET
:authority
rajus.in
:scheme
https
:path
/net/oam-login.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 14 May 2021 15:04:47 GMT
server
Apache
vary
Accept-Encoding
content-encoding
gzip
host-header
c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length
1361
content-type
text/html; charset=UTF-8
z.css
rajus.in/net/css/
35 KB
8 KB
Stylesheet
General
Full URL
https://rajus.in/net/css/z.css
Requested by
Host: rajus.in
URL: https://rajus.in/net/oam-login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.224.233 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
box5220.bluehost.com
Software
Apache /
Resource Hash
865ff2ca0947e876f04a570a09633832091736c24e78366ae0dfbe6bceb11057

Request headers

:path
/net/css/z.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
rajus.in
referer
https://rajus.in/net/oam-login.php
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://rajus.in/net/oam-login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 14 May 2021 15:04:48 GMT
content-encoding
gzip
last-modified
Thu, 28 Nov 2019 23:46:58 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
text/css
host-header
c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length
8516
a.css
rajus.in/net/css/
49 KB
10 KB
Stylesheet
General
Full URL
https://rajus.in/net/css/a.css
Requested by
Host: rajus.in
URL: https://rajus.in/net/oam-login.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.241.224.233 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
box5220.bluehost.com
Software
Apache /
Resource Hash
698fb5d54408ab060621f9ea2afe61243bc13b693d92fde9f59e4a2fe6d986cd

Request headers

:path
/net/css/a.css
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
rajus.in
referer
https://rajus.in/net/oam-login.php
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://rajus.in/net/oam-login.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 14 May 2021 15:04:48 GMT
content-encoding
gzip
last-modified
Thu, 28 Nov 2019 23:34:00 GMT
server
Apache
accept-ranges
bytes
vary
Accept-Encoding
content-type
text/css
host-header
c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length
10316
Modernizr-2.5.3.forms.js
assets.nflxext.holmanonline.com/webalizer/images/modernizr.com/
0
0

html5Forms.js
assets.nflxext.holmanonline.com/webalizer/images/
0
0

p_142705xbg1.png
i.top4top.io/
Redirect Chain
  • https://3.top4top.net/p_142705xbg1.png
  • https://3.top4top.io/p_142705xbg1.png
  • https://i.top4top.io/p_142705xbg1.png
1 MB
1 MB
Image
General
Full URL
https://i.top4top.io/p_142705xbg1.png
Requested by
Host: rajus.in
URL: https://rajus.in/net/css/a.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
163.172.59.20 , France, ASN12876 (Online SAS, FR),
Reverse DNS
163-172-59-20.rev.poneytelecom.eu
Software
nginx /
Resource Hash
ff9c631a863e781506433428ad7577bfea44b8e1bcfdbf04fe90df72c2ff9940

Request headers

Referer
https://rajus.in/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-file-id
x30528836x
date
Fri, 14 May 2021 15:04:49 GMT
last-modified
Thu, 28 Nov 2019 14:39:59 GMT
server
nginx
etag
"5ddfdc3f-16ebf7"
content-type
image/png
cache-control
max-age=7200
content-disposition
inline; filename="netbackround.PNG"
accept-ranges
bytes
content-length
1502199
expires
Fri, 14 May 2021 17:04:49 GMT

Redirect headers

location
https://i.top4top.io/p_142705xbg1.png
date
Fri, 14 May 2021 15:04:49 GMT
server
nginx
content-length
59
vary
Accept
content-type
text/plain; charset=utf-8
nf-icon-v1-80.woff
assets.nflxext.com/ffe/siteui/fonts/
78 KB
78 KB
Font
General
Full URL
https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-80.woff
Requested by
Host: rajus.in
URL: https://rajus.in/net/css/z.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
2555364bdd6374d0c273c69322f2f78554c02fe630ee6582eeb2d2c9031d1a9d

Request headers

Origin
https://rajus.in
Referer
https://rajus.in/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 14 May 2021 15:04:48 GMT
Last-Modified
Thu, 28 Jan 2016 20:46:04 GMT
Server
nginx
Content-MD5
GkWpE2r/FESZk08OjSTsgQ==
Content-Type
font/woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=604801
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
79392
Expires
Sun, 25 Apr 2021 23:44:30 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
assets.nflxext.holmanonline.com
URL
http://assets.nflxext.holmanonline.com/webalizer/images/modernizr.com/Modernizr-2.5.3.forms.js
Domain
assets.nflxext.holmanonline.com
URL
http://assets.nflxext.holmanonline.com/webalizer/images/html5Forms.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

0 Cookies