netserriesflixt.com Open in urlscan Pro
109.73.229.224 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.flixnetmovi.com/wartah4b6cbf18bb5c761f3684736889552f3c71389c9f/
Effective URL:
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294
Submission: On June 19 via automatic, source openphish (June 19th 2018, 6:26:57 am UTC)

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 8 HTTP transactions. The main IP is 109.73.229.224, located in Bulgaria and belongs to SINGLEHOP-LLC - SingleHop LLC, US. The main domain is netserriesflixt.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on June 11th 2018. Valid for: a year.

This is the only time netserriesflixt.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	46.30.213.31 46.30.213.31	51468 (ONECOM) (ONECOM)
6 13	109.73.229.224 109.73.229.224	32475 (SINGLEHOP...) (SINGLEHOP-LLC - SingleHop LLC)
1	2a02:26f0:6c0... 2a02:26f0:6c00:297::33c4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	2

1 46.30.213.31 (Copenhagen, Denmark) 1 redirects

ASN51468 (ONECOM, DK)
PTR: webcluster-ssl1.webpod1-cph3.one.com

www.flixnetmovi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 109.73.229.224 (Bulgaria) 6 redirects

ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: ip-109-73-229-224.siteground.com

netserriesflixt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:297::33c4 (European Union)

ASN20940 (AKAMAI-ASN1, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	netserriesflixt.com 6 redirects netserriesflixt.com	141 KB
1	nflxext.com assets.nflxext.com	78 KB
1	flixnetmovi.com 1 redirects www.flixnetmovi.com	346 B
8	3

	Domain	Requested by
13	netserriesflixt.com	6 redirects netserriesflixt.com
1	assets.nflxext.com	netserriesflixt.com
1	www.flixnetmovi.com	1 redirects
8	3

This site contains no links.

Subject Issuer	Validity	Valid
*.netserriesflixt.com AlphaSSL CA - SHA256 - G2	`2018-06-11` - `2019-06-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294
Frame ID: DC3847A684195F3836D8DDC44C7F796E
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.flixnetmovi.com/wartah4b6cbf18bb5c761f3684736889552f3c71389c9f/ HTTP 302
https://netserriesflixt.com/wmovies/tv/netflix/de/ HTTP 302
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles HTTP 301
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/ HTTP 302
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure HTTP 301
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/ HTTP 302
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login HTTP 301
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/ Page URL
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

8
Requests

88 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

217 kB
Transfer

284 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.flixnetmovi.com/wartah4b6cbf18bb5c761f3684736889552f3c71389c9f/ HTTP 302
https://netserriesflixt.com/wmovies/tv/netflix/de/ HTTP 302
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles HTTP 301
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/ HTTP 302
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure HTTP 301
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/ HTTP 302
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login HTTP 301
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/ Page URL
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://www.flixnetmovi.com/wartah4b6cbf18bb5c761f3684736889552f3c71389c9f/ HTTP 302
https://netserriesflixt.com/wmovies/tv/netflix/de/ HTTP 302
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles HTTP 301
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/ HTTP 302
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure HTTP 301
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/ HTTP 302
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login HTTP 301
https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/ Redirect Chain http://www.flixnetmovi.com/wartah4b6cbf18bb5c761f3684736889552f3c71389c9f/ https://netserriesflixt.com/wmovies/tv/netflix/de/ https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/ https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/ https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/	217 B 429 B	107ms 107ms	Document text/html	109.73.229.224 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 109.73.229.224 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS ip-109-73-229-224.siteground.com Software nginx / Resource Hash Request headers :method GET :authority netserriesflixt.com :scheme https :path /wmovies/tv/netflix/de/ManageProfiles/secure/Login/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 accept-encoding gzip, deflate cookie PHPSESSID=72cd4974287136709c5662aba1427e37 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id DC3847A684195F3836D8DDC44C7F796E Response headers status 200 server nginx date Tue, 19 Jun 2018 06:26:46 GMT content-type text/html; charset-UTF-8;charset=UTF-8 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache host-header 192fc2e7e50945beb8231a492d6a8024 x-proxy-cache MISS Redirect headers status 301 server nginx date Tue, 19 Jun 2018 06:26:46 GMT content-type text/html; charset=iso-8859-1 content-length 286 location https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/ x-proxy-cache MISS
GET H2	200	Primary Request signin.php Show response netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/	3 KB 3 KB	119ms 118ms	Document text/html	109.73.229.224 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 Requested by Host: netserriesflixt.com URL: https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 109.73.229.224 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS ip-109-73-229-224.siteground.com Software nginx / Resource Hash `e4be7fb56a5c234e6325882e18d8dcce522949a3be43b52b4db79d6dc268e3af` Request headers :method GET :authority netserriesflixt.com :scheme https :path /wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 referer https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/ accept-encoding gzip, deflate cookie PHPSESSID=72cd4974287136709c5662aba1427e37 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id DC3847A684195F3836D8DDC44C7F796E Referer https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/ Response headers status 200 server nginx date Tue, 19 Jun 2018 06:26:46 GMT content-type text/html; charset-UTF-8;charset=UTF-8 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache host-header 192fc2e7e50945beb8231a492d6a8024 x-proxy-cache MISS
GET H2	200	HF_D.css netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/css/	35 KB 7 KB	15ms 13ms	Stylesheet text/css	109.73.229.224 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/css/HF_D.css Requested by Host: netserriesflixt.com URL: https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 109.73.229.224 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS ip-109-73-229-224.siteground.com Software nginx / Resource Hash `36e6de869057493f1b0de7cbfe35120730cdfb6635dda0fb02fab67b183d9428` Request headers :path /wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/css/HF_D.css pragma no-cache cookie PHPSESSID=72cd4974287136709c5662aba1427e37 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority netserriesflixt.com referer https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 :scheme https :method GET Referer https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Tue, 19 Jun 2018 06:26:46 GMT content-encoding gzip last-modified Mon, 24 Jul 2017 17:34:50 GMT server nginx etag "8d5f-55513a1bfe280-gzip" vary Accept-Encoding content-type text/css status 200 host-header 192fc2e7e50945beb8231a492d6a8024 accept-ranges bytes content-length 7289 x-proxy-cache HIT
GET H2	200	HF_A.css netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/css/	49 KB 8 KB	26ms 25ms	Stylesheet text/css	109.73.229.224 SingleHop LLC
General Check archive.org Show headers Download Go to Full URL https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/css/HF_A.css Requested by Host: netserriesflixt.com URL: https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 109.73.229.224 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS ip-109-73-229-224.siteground.com Software nginx / Resource Hash `cc7f9a2c3dcdb0c0d9834652b55e0be1fbbecda3db90fd90dd07fa2d3b1c482d` Request headers :path /wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/css/HF_A.css pragma no-cache cookie PHPSESSID=72cd4974287136709c5662aba1427e37 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept text/css,/;q=0.1 cache-control no-cache :authority netserriesflixt.com referer https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 :scheme https :method GET Referer https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Tue, 19 Jun 2018 06:26:46 GMT content-encoding gzip last-modified Mon, 24 Jul 2017 17:34:50 GMT server nginx etag "c2a7-55513a1bfe280-gzip" vary Accept-Encoding content-type text/css status 200 host-header 192fc2e7e50945beb8231a492d6a8024 accept-ranges bytes content-length 8248 x-proxy-cache HIT
GET H2	200	logo.png netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/img/	34 KB 34 KB	27ms 27ms	Image image/png	109.73.229.224 SingleHop LLC
General Check archive.org Show headers Download Go to Show image Full URL https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/img/logo.png Requested by Host: netserriesflixt.com URL: https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 109.73.229.224 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS ip-109-73-229-224.siteground.com Software nginx / Resource Hash `dd9b1c21a5e16ea328ffc4235d991babadf03be991ac4f7dbb11aac89966fcca` Request headers :path /wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/img/logo.png pragma no-cache cookie PHPSESSID=72cd4974287136709c5662aba1427e37 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority netserriesflixt.com referer https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 :scheme https :method GET Referer https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Tue, 19 Jun 2018 06:26:46 GMT last-modified Mon, 24 Jul 2017 17:34:52 GMT server nginx etag "86c8-55513a1de6700" content-type image/png status 200 host-header 192fc2e7e50945beb8231a492d6a8024 accept-ranges bytes content-length 34504 x-proxy-cache HIT
GET H2	200	fb.png netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/img/	1 KB 2 KB	38ms 38ms	Image image/png	109.73.229.224 SingleHop LLC
General Check archive.org Show headers Download Go to Show image Full URL https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/img/fb.png Requested by Host: netserriesflixt.com URL: https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 109.73.229.224 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS ip-109-73-229-224.siteground.com Software nginx / Resource Hash `3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece` Request headers :path /wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/img/fb.png pragma no-cache cookie PHPSESSID=72cd4974287136709c5662aba1427e37 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority netserriesflixt.com referer https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 :scheme https :method GET Referer https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Tue, 19 Jun 2018 06:26:46 GMT last-modified Mon, 24 Jul 2017 17:34:52 GMT server nginx etag "5af-55513a1de6700" content-type image/png status 200 host-header 192fc2e7e50945beb8231a492d6a8024 accept-ranges bytes content-length 1455 x-proxy-cache HIT
GET H2	200	login.jpg netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/img/	84 KB 84 KB	14ms 13ms	Image image/jpeg	109.73.229.224 SingleHop LLC
General Check archive.org Show headers Download Go to Show image Full URL https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/img/login.jpg Requested by Host: netserriesflixt.com URL: https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 109.73.229.224 , Bulgaria, ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US), Reverse DNS ip-109-73-229-224.siteground.com Software nginx / Resource Hash `baafd74a4cb4dc594b614eeb45c7267bb1af729d9271752460348ece16532d04` Request headers :path /wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/img/login.jpg pragma no-cache cookie PHPSESSID=72cd4974287136709c5662aba1427e37 accept-encoding gzip, deflate user-agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 accept image/webp,image/apng,image/,/;q=0.8 cache-control* no-cache :authority netserriesflixt.com referer https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/css/HF_A.css :scheme https :method GET Referer https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/css/HF_A.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Response headers date Tue, 19 Jun 2018 06:26:46 GMT last-modified Mon, 24 Jul 2017 17:34:52 GMT server nginx etag "150d2-55513a1de6700" content-type image/jpeg status 200 host-header 192fc2e7e50945beb8231a492d6a8024 accept-ranges bytes content-length 86226 x-proxy-cache HIT
GET S	200	nf-icon-v1-80.woff assets.nflxext.com/ffe/siteui/fonts/	78 KB 78 KB	37ms 6ms	Font font/woff	2a02:26f0:6c00:297::33c4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-80.woff Requested by Host: netserriesflixt.com URL: https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/signin.php?id=56915294 Protocol SPDY Server 2a02:26f0:6c00:297::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `2555364bdd6374d0c273c69322f2f78554c02fe630ee6582eeb2d2c9031d1a9d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36 Referer https://netserriesflixt.com/wmovies/tv/netflix/de/ManageProfiles/secure/Login/doc/css/HF_D.css Origin https://netserriesflixt.com Response headers date Tue, 19 Jun 2018 06:26:46 GMT last-modified Thu, 28 Jan 2016 20:46:04 GMT server Apache content-md5 GkWpE2r/FESZk08OjSTsgQ== status 200 content-type font/woff access-control-allow-origin * cache-control public, max-age=57591194 accept-ranges bytes content-length 79392 expires Wed, 15 Apr 2020 20:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			netserriesflixt.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 72cd4974287136709c5662aba1427e37

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nflxext.com
netserriesflixt.com
www.flixnetmovi.com
109.73.229.224
2a02:26f0:6c00:297::33c4
46.30.213.31
2555364bdd6374d0c273c69322f2f78554c02fe630ee6582eeb2d2c9031d1a9d
36e6de869057493f1b0de7cbfe35120730cdfb6635dda0fb02fab67b183d9428
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
baafd74a4cb4dc594b614eeb45c7267bb1af729d9271752460348ece16532d04
cc7f9a2c3dcdb0c0d9834652b55e0be1fbbecda3db90fd90dd07fa2d3b1c482d
dd9b1c21a5e16ea328ffc4235d991babadf03be991ac4f7dbb11aac89966fcca
e4be7fb56a5c234e6325882e18d8dcce522949a3be43b52b4db79d6dc268e3af

netserriesflixt.com Open in urlscan Pro 109.73.229.224 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

88 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

217 kBTransfer

284 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

netserriesflixt.com Open in urlscan Pro
109.73.229.224 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

88 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

217 kB
Transfer

284 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!