netflxonilne.com Open in urlscan Pro
176.31.60.250 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://netflxonilne.com/
Submission: On February 26 via automatic, source openphish (February 26th 2024, 12:27:59 am UTC) — Scanned from FR

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 176.31.60.250, located in Paris, France and belongs to OVH, FR. The main domain is netflxonilne.com.

This is the only time netflxonilne.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
7	176.31.60.250 176.31.60.250	16276 (OVH) (OVH)
3	2a00:86c0:209... 2a00:86c0:2091::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
10	2

7 176.31.60.250 (Paris, France)

ASN16276 (OVH, FR)
PTR: frsrv.serversdaddy.com

netflxonilne.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:86c0:2091::1 (United States)

ASN40027 (NETFLIX-ASN, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	netflxonilne.com netflxonilne.com	389 KB
3	nflxext.com assets.nflxext.com — Cisco Umbrella Rank: 5162	155 KB
10	2

	Domain	Requested by
7	netflxonilne.com	netflxonilne.com
3	assets.nflxext.com	netflxonilne.com
10	2

This site contains no links.

Subject Issuer	Validity	Valid
*.1.nflxso.net DigiCert Secure Site ECC CA-1	`2024-02-02` - `2024-03-07`	a month	crt.sh

This page contains 1 frames:

Primary Page: http://netflxonilne.com/
Frame ID: 70961650C116B20B8A99549A21BC3B0A
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Netflix

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

30 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

544 kB
Transfer

542 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response netflxonilne.com/	53 KB 53 KB	105ms 22ms	Document text/html	176.31.60.250 OVH
General Check archive.org Show headers Download Go to Full URL http://netflxonilne.com/ Protocol HTTP/1.1 Server 176.31.60.250 Paris, France, ASN16276 (OVH, FR), Reverse DNS frsrv.serversdaddy.com Software Apache / Resource Hash `a2b68d1f7b627a4693a63196e8971d3bf0f7a21f10f69df5c73e1bf714edbc3c` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Length 54533 Content-Type text/html Date Mon, 26 Feb 2024 00:27:53 GMT Keep-Alive timeout=5, max=100 Last-Modified Wed, 22 Nov 2017 05:38:50 GMT Server Apache
GET H/1.1	200 OK	css_1.css netflxonilne.com/css/	101 KB 101 KB	43ms 22ms	Stylesheet text/css	176.31.60.250 OVH
General Check archive.org Show headers Download Go to Full URL http://netflxonilne.com/css/css_1.css Requested by Host: netflxonilne.com URL: http://netflxonilne.com/ Protocol HTTP/1.1 Server 176.31.60.250 Paris, France, ASN16276 (OVH, FR), Reverse DNS frsrv.serversdaddy.com Software Apache / Resource Hash `fce8bcdd1b0070562494f5fe8483e9447fa892959bcca2741fae6e5a9402222b` Request headers accept-language fr-FR,fr;q=0.9 Referer http://netflxonilne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Mon, 26 Feb 2024 00:27:53 GMT Last-Modified Wed, 22 Nov 2017 05:38:50 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 103360
GET H/1.1	200 OK	css_2.css netflxonilne.com/css/	127 KB 127 KB	45ms 23ms	Stylesheet text/css	176.31.60.250 OVH
General Check archive.org Show headers Download Go to Full URL http://netflxonilne.com/css/css_2.css Requested by Host: netflxonilne.com URL: http://netflxonilne.com/ Protocol HTTP/1.1 Server 176.31.60.250 Paris, France, ASN16276 (OVH, FR), Reverse DNS frsrv.serversdaddy.com Software Apache / Resource Hash `14e90a33a528f27f5445a17fa9bf2e48cd6db1f37884bfd72c04afc47404821b` Request headers accept-language fr-FR,fr;q=0.9 Referer http://netflxonilne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Mon, 26 Feb 2024 00:27:53 GMT Last-Modified Wed, 22 Nov 2017 05:38:50 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 129612
GET H/1.1	200 OK	main.css netflxonilne.com/css/	1 KB 2 KB	46ms 23ms	Stylesheet text/css	176.31.60.250 OVH
General Check archive.org Show headers Download Go to Full URL http://netflxonilne.com/css/main.css Requested by Host: netflxonilne.com URL: http://netflxonilne.com/ Protocol HTTP/1.1 Server 176.31.60.250 Paris, France, ASN16276 (OVH, FR), Reverse DNS frsrv.serversdaddy.com Software Apache / Resource Hash `73d7a671c117c0175acc3af1a17f2ffa78caa0b5dd37ea23cd30d4c857d1e132` Request headers accept-language fr-FR,fr;q=0.9 Referer http://netflxonilne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Mon, 26 Feb 2024 00:27:53 GMT Last-Modified Wed, 22 Nov 2017 05:38:50 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1507
GET H/1.1	200 OK	jquery-1.11.3.min.js Show response netflxonilne.com/js/	94 KB 94 KB	48ms 24ms	Script application/javascript	176.31.60.250 OVH
General Check archive.org Show headers Download Go to Full URL http://netflxonilne.com/js/jquery-1.11.3.min.js Requested by Host: netflxonilne.com URL: http://netflxonilne.com/ Protocol HTTP/1.1 Server 176.31.60.250 Paris, France, ASN16276 (OVH, FR), Reverse DNS frsrv.serversdaddy.com Software Apache / Resource Hash `20e11ce61890c08c0529911822233c9023ebc367df6c1050dec105e2b9628104` Request headers accept-language fr-FR,fr;q=0.9 Referer http://netflxonilne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Mon, 26 Feb 2024 00:27:53 GMT Last-Modified Wed, 22 Nov 2017 05:38:50 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 95962
GET H/1.1	200 OK	jquery.mask.min.js Show response netflxonilne.com/js/	8 KB 8 KB	49ms 25ms	Script application/javascript	176.31.60.250 OVH
General Check archive.org Show headers Download Go to Full URL http://netflxonilne.com/js/jquery.mask.min.js Requested by Host: netflxonilne.com URL: http://netflxonilne.com/ Protocol HTTP/1.1 Server 176.31.60.250 Paris, France, ASN16276 (OVH, FR), Reverse DNS frsrv.serversdaddy.com Software Apache / Resource Hash `ba5186caca524a2e96e4a81384e88ac0d81b180766f8847bcd7e8598fd9fdc98` Request headers accept-language fr-FR,fr;q=0.9 Referer http://netflxonilne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Mon, 26 Feb 2024 00:27:53 GMT Last-Modified Wed, 22 Nov 2017 05:38:50 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7990
GET H/1.1	200 OK	main.js Show response netflxonilne.com/js/	4 KB 4 KB	68ms 21ms	Script application/javascript	176.31.60.250 OVH
General Check archive.org Show headers Download Go to Full URL http://netflxonilne.com/js/main.js Requested by Host: netflxonilne.com URL: http://netflxonilne.com/ Protocol HTTP/1.1 Server 176.31.60.250 Paris, France, ASN16276 (OVH, FR), Reverse DNS frsrv.serversdaddy.com Software Apache / Resource Hash `ac978c6ea7ba131b16e8324828bfa250593b9b6aed4fe8c43d3db80a2f0983e2` Request headers accept-language fr-FR,fr;q=0.9 Referer http://netflxonilne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Mon, 26 Feb 2024 00:27:53 GMT Last-Modified Wed, 22 Nov 2017 05:38:50 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3724
GET H/1.1	200 OK	FB-f-Logo__blue_57.png assets.nflxext.com/ffe/siteui/login/images/	1 KB 2 KB	94ms 30ms	Image image/png	2a00:86c0:2091::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/ffe/siteui/login/images/FB-f-Logo__blue_57.png Requested by Host: netflxonilne.com URL: http://netflxonilne.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2091::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece` Request headers accept-language fr-FR,fr;q=0.9 Referer http://netflxonilne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Mon, 26 Feb 2024 00:27:53 GMT Last-Modified Thu, 30 Jun 2016 17:48:49 GMT Server nginx Content-MD5 ozykfvEQtuPsUIa4d2QH0w== Content-Type image/png Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 1455 Expires Mon, 04 Mar 2024 00:27:54 GMT
GET H/1.1	200 OK	login-the-crown_2-1500x1000.jpg assets.nflxext.com/ffe/siteui/acquisition/login/	84 KB 85 KB	23ms 23ms	Image image/jpeg	2a00:86c0:2091::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/ffe/siteui/acquisition/login/login-the-crown_2-1500x1000.jpg Requested by Host: netflxonilne.com URL: http://netflxonilne.com/css/css_1.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2091::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `baafd74a4cb4dc594b614eeb45c7267bb1af729d9271752460348ece16532d04` Request headers accept-language fr-FR,fr;q=0.9 Referer http://netflxonilne.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Mon, 26 Feb 2024 00:27:54 GMT Last-Modified Mon, 24 Oct 2016 20:49:51 GMT Server nginx Content-MD5 5GY/BZWwL7HDlH/B8V64Eg== Content-Type image/jpeg Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 86226 Expires Mon, 04 Mar 2024 00:27:55 GMT
GET H/1.1	200 OK	nf-icon-v1-88.woff assets.nflxext.com/ffe/siteui/fonts/	69 KB 69 KB	106ms 54ms	Font font/woff	2a00:86c0:2091::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Full URL https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-88.woff Requested by Host: netflxonilne.com URL: http://netflxonilne.com/css/css_1.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2091::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `ba892f7903e737d06c952be4ed3266746ed5e1090377fbc5d2ac975626c4533a` Request headers Referer http://netflxonilne.com/ Origin http://netflxonilne.com accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Mon, 26 Feb 2024 00:27:54 GMT Last-Modified Fri, 27 Jan 2017 22:53:52 GMT Server nginx Content-MD5 ezBCotj2o1GiKPEVK1YDAg== Content-Type font/woff Access-Control-Allow-Origin * Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 70204 Expires Mon, 04 Mar 2024 00:27:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| $jscomp

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nflxext.com
netflxonilne.com
176.31.60.250
2a00:86c0:2091::1
14e90a33a528f27f5445a17fa9bf2e48cd6db1f37884bfd72c04afc47404821b
20e11ce61890c08c0529911822233c9023ebc367df6c1050dec105e2b9628104
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
73d7a671c117c0175acc3af1a17f2ffa78caa0b5dd37ea23cd30d4c857d1e132
a2b68d1f7b627a4693a63196e8971d3bf0f7a21f10f69df5c73e1bf714edbc3c
ac978c6ea7ba131b16e8324828bfa250593b9b6aed4fe8c43d3db80a2f0983e2
ba5186caca524a2e96e4a81384e88ac0d81b180766f8847bcd7e8598fd9fdc98
ba892f7903e737d06c952be4ed3266746ed5e1090377fbc5d2ac975626c4533a
baafd74a4cb4dc594b614eeb45c7267bb1af729d9271752460348ece16532d04
fce8bcdd1b0070562494f5fe8483e9447fa892959bcca2741fae6e5a9402222b

netflxonilne.com Open in urlscan Pro 176.31.60.250 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

30 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

544 kBTransfer

542 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

netflxonilne.com Open in urlscan Pro
176.31.60.250 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

30 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

544 kB
Transfer

542 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!