urlscan.io logo urlscan.io
SecurityTrails logo

ast.1910genetics.com Open in urlscan Pro
15.237.249.87  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://renew.gria.io/
Effective URL: https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209...
Submission: On December 05 via manual from HU — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 7 HTTP transactions. The main IP is 15.237.249.87, located in Paris, France and belongs to AMAZON-02, US. The main domain is ast.1910genetics.com.
TLS certificate: Issued by R10 on November 16th 2024. Valid for: 3 months.
This is the only time ast.1910genetics.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 98.80.5.19 14618 (AMAZON-AES)
1 7 15.237.249.87 16509 (AMAZON-02)
1 142.251.40.170 15169 (GOOGLE)
7 2
Apex Domain
Subdomains		 Transfer
7 1910genetics.com
ast.1910genetics.com
345 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 415
31 KB
1 gria.io
renew.gria.io
180 B
7 3
Domain Requested by
7 ast.1910genetics.com 1 redirects ast.1910genetics.com
1 ajax.googleapis.com ast.1910genetics.com
1 renew.gria.io 1 redirects
7 3

This site contains no links.

Subject Issuer Validity Valid
ast.1910genetics.com
R10		 2024-11-16 -
2025-02-14		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca
Frame ID: 48AF7BDA5336A26969EE9F2B16525F5A
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

NetfIix

Page URL History Show full URLs

  1. https://renew.gria.io/ HTTP 302
    https://ast.1910genetics.com/ HTTP 302
    https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

375 kB
Transfer

434 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://renew.gria.io/ HTTP 302
    https://ast.1910genetics.com/ HTTP 302
    https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
ast.1910genetics.com/
Redirect Chain
  • https://renew.gria.io/
  • https://ast.1910genetics.com/
  • https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
15.237.249.87 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-237-249-87.eu-west-3.compute.amazonaws.com
Software
nginx / PHP/7.4.33 PleskLin
Resource Hash
970d76e544e77650021675bcea1315bddb4045e8e8c430f2f6c9c2389101eb2f
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
1469
content-type
text/html; charset=UTF-8
date
Thu, 05 Dec 2024 14:53:18 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=15768000; includeSubDomains
vary
Accept-Encoding
x-powered-by
PHP/7.4.33 PleskLin

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-length
54
content-type
text/html; charset=UTF-8
date
Thu, 05 Dec 2024 14:53:17 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca
pragma
no-cache
server
nginx
strict-transport-security
max-age=15768000; includeSubDomains
x-powered-by
PHP/7.4.33 PleskLin
login.css
ast.1910genetics.com/src/css/ 		2 KB
984 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ast.1910genetics.com/src/css/login.css
Requested by
Host: ast.1910genetics.com
URL: https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
15.237.249.87 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-237-249-87.eu-west-3.compute.amazonaws.com
Software
nginx / PleskLin
Resource Hash
df234c603596f23bf114ee6da496a704dffa0485405f7df59517b58ffe0a388f
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
content-encoding
br
etag
W/"65300416-9e9"
date
Thu, 05 Dec 2024 14:53:18 GMT
content-type
text/css
last-modified
Wed, 18 Oct 2023 16:13:10 GMT
server
nginx
x-powered-by
PleskLin
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: ast.1910genetics.com
URL: https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.170 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f10.1e100.net
Software
sffe /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ast.1910genetics.com/

Response headers

content-encoding
gzip
age
601431
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Fri, 28 Nov 2025 15:49:27 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 28 Nov 2024 15:49:27 GMT
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
31017
x-xss-protection
0
server
sffe
logo.svg
ast.1910genetics.com/src/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ast.1910genetics.com/src/img/logo.svg
Requested by
Host: ast.1910genetics.com
URL: https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
15.237.249.87 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-237-249-87.eu-west-3.compute.amazonaws.com
Software
nginx / PleskLin
Resource Hash
0c12d5374247e16fced565a207d010bf39f1eb55ee0394581ced67b2e6fa7b92
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
etag
"65300416-45e"
accept-ranges
bytes
content-length
1118
date
Thu, 05 Dec 2024 14:53:18 GMT
content-type
image/svg+xml
last-modified
Wed, 18 Oct 2023 16:13:10 GMT
server
nginx
x-powered-by
PleskLin
fb.png
ast.1910genetics.com/src/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ast.1910genetics.com/src/img/fb.png
Requested by
Host: ast.1910genetics.com
URL: https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
15.237.249.87 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-237-249-87.eu-west-3.compute.amazonaws.com
Software
nginx / PleskLin
Resource Hash
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
etag
"65300416-5af"
accept-ranges
bytes
content-length
1455
date
Thu, 05 Dec 2024 14:53:18 GMT
content-type
image/png
last-modified
Wed, 18 Oct 2023 16:13:10 GMT
server
nginx
x-powered-by
PleskLin
back.jpg
ast.1910genetics.com/src/img/ 		322 KB
322 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ast.1910genetics.com/src/img/back.jpg
Requested by
Host: ast.1910genetics.com
URL: https://ast.1910genetics.com/src/css/login.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
15.237.249.87 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-237-249-87.eu-west-3.compute.amazonaws.com
Software
nginx / PleskLin
Resource Hash
5112587a097996eace609b27acbb2e3dc8a0d41e06613746c8e1c64e4fd4aae1
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ast.1910genetics.com/src/css/login.css

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
etag
"65300416-50629"
accept-ranges
bytes
content-length
329257
date
Thu, 05 Dec 2024 14:53:18 GMT
content-type
image/jpeg
last-modified
Wed, 18 Oct 2023 16:13:10 GMT
server
nginx
x-powered-by
PleskLin
fav.ico
ast.1910genetics.com/src/img/ 		17 KB
17 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://ast.1910genetics.com/src/img/fav.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
15.237.249.87 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-237-249-87.eu-west-3.compute.amazonaws.com
Software
nginx / PleskLin
Resource Hash
abe8012eb65c0dc0ac3e87dcc1e60e1908ebd8f12b7c47a5df1856f7a7bb1edd
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
etag
"65300416-423e"
accept-ranges
bytes
content-length
16958
date
Thu, 05 Dec 2024 14:53:19 GMT
content-type
image/vnd.microsoft.icon
last-modified
Wed, 18 Oct 2023 16:13:10 GMT
server
nginx
x-powered-by
PleskLin

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

1 Cookies

Domain/Path Name / Value
ast.1910genetics.com/ Name: PHPSESSID
Value: e4vl6v0iln846gbhq3m3bjn22i

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://ast.1910genetics.com/login.php?enc=68d87ec52e40e30b6727b62dfadc4278&p=1&dispatch=9ad1e92df8d42a03f640a6a7532bef969209c8ca
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15768000; includeSubDomains