3.16.138.113 Open in urlscan Pro
3.16.138.113 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://3.16.138.113/
Effective URL:
http://3.16.138.113/login.html
Submission: On May 06 via api (May 6th 2019, 8:20:28 am UTC) from GB

Summary HTTP 15 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 2 domains to perform 15 HTTP transactions. The main IP is 3.16.138.113, located in Fairfield, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is 3.16.138.113.

This is the only time 3.16.138.113 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
4 15	3.16.138.113 3.16.138.113	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a02:26f0:6c0... 2a02:26f0:6c00:286::33c4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2620:108:700f... 2620:108:700f::36c9:5b26	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2620:108:700f... 2620:108:700f::36d5:e8ba	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
15	4

15 3.16.138.113 (Fairfield, United States) 4 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-16-138-113.us-east-2.compute.amazonaws.com

3.16.138.113	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:286::33c4 (European Union)

ASN20940 (AKAMAI-ASN1, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:108:700f::36c9:5b26 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

www.netflix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:108:700f::36d5:e8ba (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

www.netflix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	netflix.com www.netflix.com	1021 B
2	nflxext.com assets.nflxext.com	157 KB
15	2

	Domain	Requested by
2	www.netflix.com	3.16.138.113
2	assets.nflxext.com	3.16.138.113
15	2

This site contains links to these domains. Also see Links.

Domain
www.netflix.com
help.netflix.com

Subject Issuer	Validity	Valid
assets.nflxext.com DigiCert SHA2 Secure Server CA	`2018-03-09` - `2020-03-09`	2 years	crt.sh
www.netflix.com DigiCert SHA2 Secure Server CA	`2018-02-07` - `2020-02-07`	2 years	crt.sh

This page contains 2 frames:

Primary Page: http://3.16.138.113/login.html
Frame ID: 47A5E9A24A1E0ADD765F72675A846C34
Requests: 14 HTTP requests in this frame

Frame: http://3.16.138.113/Netflix_files/xaOI6zd9HW9.html
Frame ID: FFD224FA7D3E04336A6583AD4828F36D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://3.16.138.113/ HTTP 302
http://3.16.138.113/login.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

15
Requests

27 %
HTTPS

75 %
IPv6

2
Domains

2
Subdomains

4
IPs

2
Countries

1437 kB
Transfer

1435 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.netflix.com/
Title: Netflix

Search URL Search Domain Scan URL

URL: https://www.netflix.com/LoginHelp
Title: Forgot your email or password?

Search URL Search Domain Scan URL

URL: https://www.netflix.com/giftterms
Title: Gift Card Terms

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/termsofuse
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/privacy
Title: Privacy Statement

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://3.16.138.113/ HTTP 302
http://3.16.138.113/login.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

http://3.16.138.113/ichnaea/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=js&modalView=login HTTP 302
http://3.16.138.113/ichnaea/cl2/freeform/login.html

Request Chain 7

http://3.16.138.113/ichnaea/cl2/freeform/WebsiteScreen?source=wwwhead&fetchType=js&winw=1600&winh=1200&screenw=1600&screenh=1200&ratio=1 HTTP 302
http://3.16.138.113/ichnaea/cl2/freeform/login.html

Request Chain 11

http://3.16.138.113/ichnaea/log HTTP 302
http://3.16.138.113/ichnaea/login.html

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login.html Show response
3.16.138.113/
Redirect Chain

http://3.16.138.113/
http://3.16.138.113/login.html

240 KB
240 KB

234ms
116ms

Document
text/html

3.16.138.113
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://3.16.138.113/login.html
Protocol: HTTP/1.1
Server: 3.16.138.113 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-16-138-113.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 53a882090787933350210770e49c74e0f80e5ffb75b7dc284955b92e896aafe6

Request headers

Host: 3.16.138.113
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Host: 3.16.138.113
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 246138

Redirect headers

Host: 3.16.138.113
Connection: close
X-Powered-By: PHP/7.0.33-0ubuntu0.16.04.4
Location: login.html
Content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK none.js Show response
3.16.138.113/Netflix_files/ 24 KB
24 KB 223ms
111ms Script
application/javascript 3.16.138.113
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://3.16.138.113/Netflix_files/none.js
Requested by: Host: 3.16.138.113
URL: http://3.16.138.113/login.html
Protocol: HTTP/1.1
Server: 3.16.138.113 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-16-138-113.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 36d6338e657cdef8022ef6782c4a709216a661166abaf141cd55e9286d774fda

Request headers

Referer: http://3.16.138.113/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Connection: close
Host: 3.16.138.113
Content-Length: 24871
Content-Type: application/javascript

GET
H/1.1 200
OK none_002.js Show response
3.16.138.113/Netflix_files/ 655 KB
655 KB 228ms
114ms Script
application/javascript 3.16.138.113
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://3.16.138.113/Netflix_files/none_002.js
Requested by: Host: 3.16.138.113
URL: http://3.16.138.113/login.html
Protocol: HTTP/1.1
Server: 3.16.138.113 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-16-138-113.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: abfe0e1b195380596a8d28abb2d472cc1cc670ac7f8a9582ca45bf3fb1b0950f

Request headers

Referer: http://3.16.138.113/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Connection: close
Host: 3.16.138.113
Content-Length: 670267
Content-Type: application/javascript

GET
H/1.1 404
Not Found WebsiteDetect.asc
3.16.138.113/Netflix_files/ 0
0 217ms
108ms Stylesheet
text/html 3.16.138.113
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://3.16.138.113/Netflix_files/WebsiteDetect.asc
Requested by: Host: 3.16.138.113
URL: http://3.16.138.113/login.html
Protocol: HTTP/1.1
Server: 3.16.138.113 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-16-138-113.us-east-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: http://3.16.138.113/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Connection: close
Host: 3.16.138.113
Content-Length: 564
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK sdk.js Show response
3.16.138.113/Netflix_files/ 213 KB
213 KB 234ms
117ms Script
application/javascript 3.16.138.113
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://3.16.138.113/Netflix_files/sdk.js
Requested by: Host: 3.16.138.113
URL: http://3.16.138.113/login.html
Protocol: HTTP/1.1
Server: 3.16.138.113 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-16-138-113.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: d69b388d3d3c136484970f6ee5e1ebb2dfe51fbd4af2ea731d8de40cfce3816e

Request headers

Referer: http://3.16.138.113/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Connection: close
Host: 3.16.138.113
Content-Length: 218405
Content-Type: application/javascript

GET
H/1.1 200
OK none.css
3.16.138.113/Netflix_files/ 101 KB
101 KB 222ms
110ms Stylesheet
text/css 3.16.138.113
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://3.16.138.113/Netflix_files/none.css
Requested by: Host: 3.16.138.113
URL: http://3.16.138.113/login.html
Protocol: HTTP/1.1
Server: 3.16.138.113 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-16-138-113.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 601553a598f6c89f43b5f373d84fdf182db3af0acd6df215f9e4f62ee6c4dcb6

Request headers

Referer: http://3.16.138.113/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Connection: close
Host: 3.16.138.113
Content-Length: 103683
Content-Type: text/css; charset=UTF-8

GET
H/1.1 200
OK FB-f-Logo__blue_57.png
3.16.138.113/Netflix_files/ 1 KB
2 KB 342ms
119ms Image
image/png 3.16.138.113
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://3.16.138.113/Netflix_files/FB-f-Logo__blue_57.png
Requested by: Host: 3.16.138.113
URL: http://3.16.138.113/login.html
Protocol: HTTP/1.1
Server: 3.16.138.113 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-16-138-113.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece

Request headers

Referer: http://3.16.138.113/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Connection: close
Host: 3.16.138.113
Content-Length: 1455
Content-Type: image/png

GET
H/1.1

404
Not Found

http://3.16.138.113/ichnaea/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=js&modalView=login
http://3.16.138.113/ichnaea/cl2/freeform/login.html

564 B
690 B

238ms
119ms

XHR
text/html

3.16.138.113
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://3.16.138.113/ichnaea/cl2/freeform/login.html
Requested by: Host: 3.16.138.113
URL: http://3.16.138.113/login.html
Protocol: HTTP/1.1
Server: 3.16.138.113 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-16-138-113.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: cc8d2b8d33ace3d0bb5c2fc706c58d089636edec72f8c87f695318cbfe56b79d

Request headers

Referer: http://3.16.138.113/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Connection: close
Host: 3.16.138.113
Content-Length: 564
Content-Type: text/html; charset=UTF-8

Redirect headers

Location: login.html
Connection: close
X-Powered-By: PHP/7.0.33-0ubuntu0.16.04.4
Host: 3.16.138.113
Content-type: text/html; charset=UTF-8

GET
H/1.1

404
Not Found

http://3.16.138.113/ichnaea/cl2/freeform/WebsiteScreen?source=wwwhead&fetchType=js&winw=1600&winh=1200&screenw=1600&screenh=1200&ratio=1
http://3.16.138.113/ichnaea/cl2/freeform/login.html

564 B
690 B

242ms
126ms

XHR
text/html

3.16.138.113
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://3.16.138.113/ichnaea/cl2/freeform/login.html
Requested by: Host: 3.16.138.113
URL: http://3.16.138.113/login.html
Protocol: HTTP/1.1
Server: 3.16.138.113 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-16-138-113.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: cc8d2b8d33ace3d0bb5c2fc706c58d089636edec72f8c87f695318cbfe56b79d

Request headers

Referer: http://3.16.138.113/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Connection: close
Host: 3.16.138.113
Content-Length: 564
Content-Type: text/html; charset=UTF-8

Redirect headers

Location: login.html
Connection: close
X-Powered-By: PHP/7.0.33-0ubuntu0.16.04.4
Host: 3.16.138.113
Content-type: text/html; charset=UTF-8

GET
H2 200 login-the-crown_2-1500x1000.jpg
assets.nflxext.com/ffe/siteui/acquisition/login/ 84 KB
85 KB 40ms
6ms Image
image/jpeg 2a02:26f0:6c00:286::33c4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/acquisition/login/login-the-crown_2-1500x1000.jpg
Requested by: Host: 3.16.138.113
URL: http://3.16.138.113/login.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:286::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Apache /
Resource Hash: baafd74a4cb4dc594b614eeb45c7267bb1af729d9271752460348ece16532d04

Request headers

Referer: http://3.16.138.113/Netflix_files/none.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 06 May 2019 08:20:12 GMT
last-modified: Mon, 24 Oct 2016 20:49:51 GMT
server: Apache
content-md5: 5GY/BZWwL7HDlH/B8V64Eg==
content-type: image/jpeg
status: 200
cache-control: public, max-age=29849988
accept-ranges: bytes
content-length: 86226
expires: Wed, 15 Apr 2020 20:00:00 GMT

GET
H2 200 nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ 72 KB
72 KB 38ms
6ms Font
font/woff 2a02:26f0:6c00:286::33c4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
Requested by: Host: 3.16.138.113
URL: http://3.16.138.113/login.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:286::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Apache /
Resource Hash: 98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://3.16.138.113/Netflix_files/none.css
Origin: http://3.16.138.113

Response headers

date: Mon, 06 May 2019 08:20:12 GMT
last-modified: Mon, 29 Jan 2018 01:50:51 GMT
server: Apache
content-md5: fPYVbMSBJEtaJUNi17c/AA==
access-control-allow-origin: *
content-type: font/woff
status: 200
cache-control: public, max-age=29849988
accept-ranges: bytes
content-length: 73572
expires: Wed, 15 Apr 2020 20:00:00 GMT

GET
H/1.1 200
OK xaOI6zd9HW9.html Show response
3.16.138.113/Netflix_files/ Frame FFD2 42 KB
42 KB 227ms
113ms Document
text/html 3.16.138.113
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://3.16.138.113/Netflix_files/xaOI6zd9HW9.html
Requested by: Host: 3.16.138.113
URL: http://3.16.138.113/login.html
Protocol: HTTP/1.1
Server: 3.16.138.113 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-16-138-113.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: d9013ca6d10e27a1c53881852fd9bc126a0f92eb0392f7138acae4bf8947e2f3

Request headers

Host: 3.16.138.113
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://3.16.138.113/login.html
Accept-Encoding: gzip, deflate
Cookie: cL=1557130812388%7C155713081264450995%7C1557130812974795%7C%7C4%7CUNPYKR5TOVFFFKE6OU2YTRLYFY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://3.16.138.113/login.html

Response headers

Host: 3.16.138.113
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 42738

GET
H/1.1

404
Not Found

http://3.16.138.113/ichnaea/log
http://3.16.138.113/ichnaea/login.html

551 B
677 B

238ms
119ms

XHR
text/html

3.16.138.113
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://3.16.138.113/ichnaea/login.html
Requested by: Host: 3.16.138.113
URL: http://3.16.138.113/login.html
Protocol: HTTP/1.1
Server: 3.16.138.113 Fairfield, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-16-138-113.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 05dcddf6968da163e673bc78a1cfce9bc900c74d9571952003a256ced9c8f472

Request headers

Referer: http://3.16.138.113/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Connection: close
Host: 3.16.138.113
Content-Length: 551
Content-Type: text/html; charset=UTF-8

Redirect headers

Location: login.html
Connection: close
X-Powered-By: PHP/7.0.33-0ubuntu0.16.04.4
Host: 3.16.138.113
Content-type: text/html; charset=UTF-8

OPTIONS
H/1.1 200
OK cl2 Show response
www.netflix.com/ichnaea/ 0
0 726ms
184ms XHR
text/plain 2620:108:700f::36c9:5b26
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://www.netflix.com/ichnaea/cl2
Requested by: Host: 3.16.138.113
URL: http://3.16.138.113/Netflix_files/none_002.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:108:700f::36c9:5b26 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Request-Method: POST
Origin: http://3.16.138.113
Referer: http://3.16.138.113/login.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

Access-Control-Allow-Origin: http://3.16.138.113
Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Cookie,X-Netflix.application.name,X-Netflix.application.version,X-Netflix.esn,X-Netflix.device.type,X-Netflix.certification.version,X-Netflix.request.uuid,X-Netflix.user.id,X-Netflix.oauth.consumer.key,X-Netflix.oauth.token,X-Netflix.ichnaea.request.type,debugRequest
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK cl2 Show response
www.netflix.com/ichnaea/ 0
1021 B 729ms
185ms XHR
text/plain 2620:108:700f::36d5:e8ba
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netflix.com/ichnaea/cl2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:108:700f::36d5:e8ba , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

ichnaea i-0de8005e7ff7bd1c1 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block; report=https://ichnaea-web.netflix.com/log/freeform/xssreport

Request headers

Referer: http://3.16.138.113/login.html
Origin: http://3.16.138.113
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/json

Response headers

Date: Mon, 06 May 2019 08:20:18 GMT
Via: 1.1 i-0b1ee7a039bd4272b (us-west-2)
X-Content-Type-Options: nosniff
X-Netflix_proxy_execution-time: 4
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block; report=https://ichnaea-web.netflix.com/log/freeform/xssreport
Allow: GET, POST, OPTIONS
Server: ichnaea i-0de8005e7ff7bd1c1
X-Netflix_nfstatus: 1_1
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Originating-URL: https://www.netflix.com/ichnaea/cl2
Access-Control-Allow-Origin: http://3.16.138.113
Access-Control-Allow-Credentials: true
X-Ichnaea: ~O=true~RL=127
Content-Type: text/plain
Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Cookie,X-Netflix.application.name,X-Netflix.application.version,X-Netflix.esn,X-Netflix.device.type,X-Netflix.certification.version,X-Netflix.request.uuid,X-Netflix.user.id,X-Netflix.oauth.consumer.key,X-Netflix.oauth.token,X-Netflix.ichnaea.request.type,debugRequest

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			3.16.138.113/	1969-12-31 23:59:59	Name: cL Value: 1557130812388%7C155713081264450995%7C1557130812974795%7C%7C4%7CUNPYKR5TOVFFFKE6OU2YTRLYFY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nflxext.com
www.netflix.com
2620:108:700f::36c9:5b26
2620:108:700f::36d5:e8ba
2a02:26f0:6c00:286::33c4
3.16.138.113
05dcddf6968da163e673bc78a1cfce9bc900c74d9571952003a256ced9c8f472
36d6338e657cdef8022ef6782c4a709216a661166abaf141cd55e9286d774fda
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
53a882090787933350210770e49c74e0f80e5ffb75b7dc284955b92e896aafe6
601553a598f6c89f43b5f373d84fdf182db3af0acd6df215f9e4f62ee6c4dcb6
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
abfe0e1b195380596a8d28abb2d472cc1cc670ac7f8a9582ca45bf3fb1b0950f
baafd74a4cb4dc594b614eeb45c7267bb1af729d9271752460348ece16532d04
cc8d2b8d33ace3d0bb5c2fc706c58d089636edec72f8c87f695318cbfe56b79d
d69b388d3d3c136484970f6ee5e1ebb2dfe51fbd4af2ea731d8de40cfce3816e
d9013ca6d10e27a1c53881852fd9bc126a0f92eb0392f7138acae4bf8947e2f3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

3.16.138.113 Open in urlscan Pro 3.16.138.113 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

27 %HTTPS

75 %IPv6

2 Domains

2 Subdomains

4 IPs

2 Countries

1437 kBTransfer

1435 kBSize

1 Cookies

5 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

1 Cookies

Indicators

3.16.138.113 Open in urlscan Pro
3.16.138.113 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

27 %
HTTPS

75 %
IPv6

2
Domains

2
Subdomains

4
IPs

2
Countries

1437 kB
Transfer

1435 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!