scch5s-chsusr20.xyz Open in urlscan Pro
64.225.6.221 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://scch5s-chsusr20.xyz/ntx/
Effective URL:
https://scch5s-chsusr20.xyz/ntx/229f3af1/dd47?2fcce29e=aad1024b725c6977c2a1367f7e3b4e57
Submission Tags: @ecarlesi possiblethreat Search All
Submission: On August 30 via api (August 30th 2023, 2:10:59 am UTC) from PL — Scanned from PL

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 64.225.6.221, located in Clifton, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is scch5s-chsusr20.xyz.
TLS certificate: Issued by R3 on August 29th 2023. Valid for: 3 months.

This is the only time scch5s-chsusr20.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address		AS Autonomous System
1 9	64.225.6.221 64.225.6.221		14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
8	1

9 64.225.6.221 (Clifton, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

scch5s-chsusr20.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	scch5s-chsusr20.xyz 1 redirects scch5s-chsusr20.xyz	598 KB
8	1

	Domain	Requested by
9	scch5s-chsusr20.xyz	1 redirects scch5s-chsusr20.xyz
8	1

This site contains no links.

Subject Issuer	Validity	Valid
www.scch5s-chsusr20.xyz R3	`2023-08-29` - `2023-11-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://scch5s-chsusr20.xyz/ntx/229f3af1/dd47?2fcce29e=aad1024b725c6977c2a1367f7e3b4e57
Frame ID: 55E5E8A63A86A20A705D2D715D3E71F4
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

https://scch5s-chsusr20.xyz/ntx/ HTTP 302
https://scch5s-chsusr20.xyz/ntx/5302 Page URL
https://scch5s-chsusr20.xyz/ntx/229f3af1/ Page URL
https://scch5s-chsusr20.xyz/ntx/229f3af1/dd47?2fcce29e=aad1024b725c6977c2a1367f7e3b4e57 Page URL

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

597 kB
Transfer

595 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://scch5s-chsusr20.xyz/ntx/ HTTP 302
https://scch5s-chsusr20.xyz/ntx/5302 Page URL
https://scch5s-chsusr20.xyz/ntx/229f3af1/ Page URL
https://scch5s-chsusr20.xyz/ntx/229f3af1/dd47?2fcce29e=aad1024b725c6977c2a1367f7e3b4e57 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://scch5s-chsusr20.xyz/ntx/ HTTP 302
https://scch5s-chsusr20.xyz/ntx/5302

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	5302 Show response scch5s-chsusr20.xyz/ntx/ Redirect Chain https://scch5s-chsusr20.xyz/ntx/ https://scch5s-chsusr20.xyz/ntx/5302	313 B 611 B	514ms 514ms	Document text/html	64.225.6.221 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://scch5s-chsusr20.xyz/ntx/5302 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.225.6.221 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `6a1c15454f5138fec5a658a319cf79b37860c72a3bec36cf3247188cb6a0b950` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language pl-PL,pl;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Length 313 Content-Type text/html; charset=UTF-8 Date Wed, 30 Aug 2023 02:10:51 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=99 Pragma no-cache Server Apache Redirect headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Wed, 30 Aug 2023 02:10:49 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=100 Pragma no-cache Server Apache location 5302
GET H/1.1	200 OK	/ scch5s-chsusr20.xyz/ntx/229f3af1/	157 B 455 B	401ms 401ms	Document text/html	64.225.6.221 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://scch5s-chsusr20.xyz/ntx/229f3af1/ Requested by Host: scch5s-chsusr20.xyz URL: https://scch5s-chsusr20.xyz/ntx/5302 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.225.6.221 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash Request headers Referer https://scch5s-chsusr20.xyz/ntx/5302 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language pl-PL,pl;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Length 157 Content-Type text/html; charset=UTF-8 Date Wed, 30 Aug 2023 02:10:51 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=98 Pragma no-cache Server Apache
GET H/1.1	200 OK	Primary Request dd47 Show response scch5s-chsusr20.xyz/ntx/229f3af1/	11 KB 11 KB	403ms 402ms	Document text/html	64.225.6.221 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://scch5s-chsusr20.xyz/ntx/229f3af1/dd47?2fcce29e=aad1024b725c6977c2a1367f7e3b4e57 Requested by Host: scch5s-chsusr20.xyz URL: https://scch5s-chsusr20.xyz/ntx/229f3af1/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.225.6.221 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `119255d3c2ce4db71816b4076ac74f74bbed57f976255359f3304f232f0472a5` Request headers Referer https://scch5s-chsusr20.xyz/ntx/229f3af1/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language pl-PL,pl;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Wed, 30 Aug 2023 02:10:52 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=97 Pragma no-cache Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	a34c99f375d3b093c2949571ce23cc72.css scch5s-chsusr20.xyz/ntx/229f3af1/c50ce64883f7b2/	17 KB 18 KB	132ms 120ms	Stylesheet text/css	64.225.6.221 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://scch5s-chsusr20.xyz/ntx/229f3af1/c50ce64883f7b2/a34c99f375d3b093c2949571ce23cc72.css Requested by Host: scch5s-chsusr20.xyz URL: https://scch5s-chsusr20.xyz/ntx/229f3af1/dd47?2fcce29e=aad1024b725c6977c2a1367f7e3b4e57 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.225.6.221 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `580313d63e88f33b4d8d89c6f5f29c322fcfe577312ddb9774734d8f74b3f13c` Request headers accept-language pl-PL,pl;q=0.9 Referer https://scch5s-chsusr20.xyz/ntx/229f3af1/dd47?2fcce29e=aad1024b725c6977c2a1367f7e3b4e57 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Wed, 30 Aug 2023 02:10:52 GMT Last-Modified Tue, 29 Aug 2023 18:05:06 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 17835
GET H/1.1	200 OK	244a46412c341d369f73e72ad19caf8d.css scch5s-chsusr20.xyz/ntx/229f3af1/c50ce64883/	160 KB 160 KB	254ms 122ms	Stylesheet text/css	64.225.6.221 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://scch5s-chsusr20.xyz/ntx/229f3af1/c50ce64883/244a46412c341d369f73e72ad19caf8d.css Requested by Host: scch5s-chsusr20.xyz URL: https://scch5s-chsusr20.xyz/ntx/229f3af1/dd47?2fcce29e=aad1024b725c6977c2a1367f7e3b4e57 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.225.6.221 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `f3af5197b5f021da5886ab40919e6a58a9c4c10f5ac863f379480efaf36d3d8f` Request headers accept-language pl-PL,pl;q=0.9 Referer https://scch5s-chsusr20.xyz/ntx/229f3af1/dd47?2fcce29e=aad1024b725c6977c2a1367f7e3b4e57 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Wed, 30 Aug 2023 02:10:52 GMT Last-Modified Tue, 29 Aug 2023 18:05:06 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 163583
GET H/1.1	200 OK	a327fb8226d2a31f233981ce09059b36.jpg scch5s-chsusr20.xyz/ntx/229f3af1/c50ce64883f7/	334 KB 334 KB	344ms 118ms	Image image/jpeg	64.225.6.221 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://scch5s-chsusr20.xyz/ntx/229f3af1/c50ce64883f7/a327fb8226d2a31f233981ce09059b36.jpg Requested by Host: scch5s-chsusr20.xyz URL: https://scch5s-chsusr20.xyz/ntx/229f3af1/dd47?2fcce29e=aad1024b725c6977c2a1367f7e3b4e57 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.225.6.221 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `2b36a7ce0e200271c455c3770bfb6025d44b41024ae1ef30b98a554ca2403c1b` Request headers accept-language pl-PL,pl;q=0.9 Referer https://scch5s-chsusr20.xyz/ntx/229f3af1/dd47?2fcce29e=aad1024b725c6977c2a1367f7e3b4e57 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Wed, 30 Aug 2023 02:10:52 GMT Last-Modified Tue, 29 Aug 2023 18:05:06 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 341594
GET H/1.1	200 OK	bc2b6e625cfa5a4114afc67ab0686a2b.png scch5s-chsusr20.xyz/ntx/229f3af1/c50ce64883f7b2/	1 KB 2 KB	372ms 124ms	Image image/png	64.225.6.221 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://scch5s-chsusr20.xyz/ntx/229f3af1/c50ce64883f7b2/bc2b6e625cfa5a4114afc67ab0686a2b.png Requested by Host: scch5s-chsusr20.xyz URL: https://scch5s-chsusr20.xyz/ntx/229f3af1/dd47?2fcce29e=aad1024b725c6977c2a1367f7e3b4e57 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.225.6.221 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece` Request headers accept-language pl-PL,pl;q=0.9 Referer https://scch5s-chsusr20.xyz/ntx/229f3af1/dd47?2fcce29e=aad1024b725c6977c2a1367f7e3b4e57 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Wed, 30 Aug 2023 02:10:52 GMT Last-Modified Tue, 29 Aug 2023 18:05:06 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1455
GET H/1.1	200 OK	a7c05fe0cddef2222d2ce1f6d2ca4ff2.woff scch5s-chsusr20.xyz/ntx/229f3af1/c50ce64883/	72 KB 72 KB	122ms 122ms	Font font/woff	64.225.6.221 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://scch5s-chsusr20.xyz/ntx/229f3af1/c50ce64883/a7c05fe0cddef2222d2ce1f6d2ca4ff2.woff Requested by Host: scch5s-chsusr20.xyz URL: https://scch5s-chsusr20.xyz/ntx/229f3af1/c50ce64883/244a46412c341d369f73e72ad19caf8d.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.225.6.221 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache / Resource Hash `98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d` Request headers Referer https://scch5s-chsusr20.xyz/ntx/229f3af1/c50ce64883/244a46412c341d369f73e72ad19caf8d.css Origin https://scch5s-chsusr20.xyz accept-language pl-PL,pl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Wed, 30 Aug 2023 02:10:52 GMT Last-Modified Tue, 29 Aug 2023 18:05:06 GMT Server Apache Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 73572

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
scch5s-chsusr20.xyz/ntx	1969-12-31 23:59:59	Name: 45471 Value: 1600
scch5s-chsusr20.xyz/ntx	1969-12-31 23:59:59	Name: 041a9 Value: 1200
scch5s-chsusr20.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: 5a4a6c7d298782ab5749bb154b911299
scch5s-chsusr20.xyz/	1970-01-20 15:05:53	Name: e063877e9d86e144c394faa503cf96e44474a761 Value: b30c2657aff42569fd1706658efc2e61d0546aa9
scch5s-chsusr20.xyz/	1970-01-20 15:05:53	Name: 84585ac0f63485ae6d5a45d5906e9da7a46c2b98 Value: 1693361450

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

scch5s-chsusr20.xyz
64.225.6.221
119255d3c2ce4db71816b4076ac74f74bbed57f976255359f3304f232f0472a5
2b36a7ce0e200271c455c3770bfb6025d44b41024ae1ef30b98a554ca2403c1b
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
580313d63e88f33b4d8d89c6f5f29c322fcfe577312ddb9774734d8f74b3f13c
6a1c15454f5138fec5a658a319cf79b37860c72a3bec36cf3247188cb6a0b950
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
f3af5197b5f021da5886ab40919e6a58a9c4c10f5ac863f379480efaf36d3d8f

scch5s-chsusr20.xyz Open in urlscan Pro 64.225.6.221 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

597 kBTransfer

595 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

5 Cookies

Indicators

scch5s-chsusr20.xyz Open in urlscan Pro
64.225.6.221 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

597 kB
Transfer

595 kB
Size

5
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!