my-support-account.eu Open in urlscan Pro
185.98.139.79  Malicious Activity! Public Scan

URL: https://my-support-account.eu/
Submission Tags: @ecarlesi possiblethreat phishing netflix Search All
Submission: On December 17 via api from IT — Scanned from FR

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 185.98.139.79, located in France and belongs to LWS Groupe LWS SARL, FR. The main domain is my-support-account.eu.
TLS certificate: Issued by R11 on December 17th 2024. Valid for: 3 months.
This is the only time my-support-account.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
11 185.98.139.79 210403 (LWS Group...)
1 104.26.12.205 13335 (CLOUDFLAR...)
12 3
Apex Domain
Subdomains
Transfer
11 my-support-account.eu
my-support-account.eu
915 KB
1 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2001
316 B
12 2
Domain Requested by
11 my-support-account.eu my-support-account.eu
1 api.ipify.org my-support-account.eu
12 2

This site contains no links.

Subject Issuer Validity Valid
my-support-account.eu
R11
2024-12-17 -
2025-03-17
3 months crt.sh
ipify.org
WE1
2024-11-13 -
2025-02-11
3 months crt.sh

This page contains 1 frames:

Primary Page: https://my-support-account.eu/
Frame ID: F6D2EDD63C30F02C77A682CF11CF6819
Requests: 13 HTTP requests in this frame

Screenshot

Page Title

Netflix

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

915 kB
Transfer

2361 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
my-support-account.eu/
457 B
549 B
Document
General
Full URL
https://my-support-account.eu/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.98.139.79 , France, ASN210403 (LWS Groupe LWS SARL, FR),
Reverse DNS
vps108009.serveur-vps.net
Software
nginx / PleskLin
Resource Hash
d599f4f0c849565a17251a72f9d1b7f3a4761fe1be5898b8828f22baffb55a4d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
294
content-type
text/html
date
Tue, 17 Dec 2024 14:35:12 GMT
etag
"1c9-61a528d634e80-gzip"
last-modified
Fri, 07 Jun 2024 20:22:02 GMT
server
nginx
strict-transport-security
max-age=15768000; includeSubDomains
vary
Accept-Encoding
x-accel-version
0.01
x-powered-by
PleskLin
index-Dgk5N0rH.js
my-support-account.eu/assets/
2 MB
549 KB
Script
General
Full URL
https://my-support-account.eu/assets/index-Dgk5N0rH.js
Requested by
Host: my-support-account.eu
URL: https://my-support-account.eu/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.98.139.79 , France, ASN210403 (LWS Groupe LWS SARL, FR),
Reverse DNS
vps108009.serveur-vps.net
Software
nginx / PleskLin
Resource Hash
4e905956238bf33b2b0ebe49fcc8d7ef040ecc46d093330d9dd74404e6c34348
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://my-support-account.eu
Referer
https://my-support-account.eu/

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
content-encoding
br
etag
W/"66636bea-1ee32b"
date
Tue, 17 Dec 2024 14:35:12 GMT
content-type
text/javascript
last-modified
Fri, 07 Jun 2024 20:22:02 GMT
server
nginx
x-powered-by
PleskLin
index-jck1m3kq.css
my-support-account.eu/assets/
13 KB
3 KB
Stylesheet
General
Full URL
https://my-support-account.eu/assets/index-jck1m3kq.css
Requested by
Host: my-support-account.eu
URL: https://my-support-account.eu/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.98.139.79 , France, ASN210403 (LWS Groupe LWS SARL, FR),
Reverse DNS
vps108009.serveur-vps.net
Software
nginx / PleskLin
Resource Hash
d6f8e9b1af7f5182eb1d7e537eb6deadfc0f064748a0b05e3416fd146512d005
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://my-support-account.eu
Referer
https://my-support-account.eu/

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
content-encoding
br
etag
W/"66636bea-33af"
date
Tue, 17 Dec 2024 14:35:12 GMT
content-type
text/css
last-modified
Fri, 07 Jun 2024 20:22:02 GMT
server
nginx
x-powered-by
PleskLin
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dd39180510da25e3848b1fbdffda6acb27f1219aab4a0894a4ad26b07bd05056

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
update.php
my-support-account.eu/Panel/stats/
4 B
310 B
XHR
General
Full URL
https://my-support-account.eu/Panel/stats/update.php?put=totale
Requested by
Host: my-support-account.eu
URL: https://my-support-account.eu/assets/index-Dgk5N0rH.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.98.139.79 , France, ASN210403 (LWS Groupe LWS SARL, FR),
Reverse DNS
vps108009.serveur-vps.net
Software
nginx / PHP/8.3.14, PleskLin
Resource Hash
a4c3ed04a95a3da14a9d235c83d868bed7c0f45cf7f3faa751ee8f50598d2211
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://my-support-account.eu/

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
vary
Accept-Encoding
content-encoding
gzip
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-length
24
date
Tue, 17 Dec 2024 14:35:13 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/8.3.14, PleskLin
server
nginx
access-control-allow-headers
Content-Type
favicon.ico
my-support-account.eu/
10 KB
10 KB
Other
General
Full URL
https://my-support-account.eu/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.98.139.79 , France, ASN210403 (LWS Groupe LWS SARL, FR),
Reverse DNS
vps108009.serveur-vps.net
Software
nginx / PleskLin
Resource Hash
9c5f7722c5df8eb24dda20ecc01c9f73e3103e10052fd980da4e7d9f753a97d3
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://my-support-account.eu/

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
etag
"6661b16c-267e"
accept-ranges
bytes
content-length
9854
date
Tue, 17 Dec 2024 14:35:13 GMT
content-type
image/vnd.microsoft.icon
last-modified
Thu, 06 Jun 2024 12:54:04 GMT
server
nginx
x-powered-by
PleskLin
/
api.ipify.org/
22 B
316 B
XHR
General
Full URL
https://api.ipify.org/?format=json
Requested by
Host: my-support-account.eu
URL: https://my-support-account.eu/assets/index-Dgk5N0rH.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3428ca50e21f5b120e2d3a1cf99d239f28d08b9f0b22ab620aa594cbf29e594

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://my-support-account.eu/

Response headers

cf-cache-status
DYNAMIC
cf-ray
8f37a3703e29d6ce-CDG
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=18420&min_rtt=18266&rtt_var=3156&sent=7&recv=11&lost=0&retrans=0&sent_bytes=4025&recv_bytes=2297&delivery_rate=213590&cwnd=253&unsent_bytes=0&cid=ef823ccdf7a85406&ts=129&x=0"
content-length
22
date
Tue, 17 Dec 2024 14:35:13 GMT
content-type
application/json
vary
Origin
server
cloudflare
panel.php
my-support-account.eu/config/
194 B
449 B
XHR
General
Full URL
https://my-support-account.eu/config/panel.php
Requested by
Host: my-support-account.eu
URL: https://my-support-account.eu/assets/index-Dgk5N0rH.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.98.139.79 , France, ASN210403 (LWS Groupe LWS SARL, FR),
Reverse DNS
vps108009.serveur-vps.net
Software
nginx / PHP/8.3.14, PleskLin
Resource Hash
a5acdcf6cd3c2d33f9339a291beac06ad158da6d3d204c5372726b5ade140995
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://my-support-account.eu/

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
vary
Accept-Encoding
content-encoding
gzip
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-length
162
date
Tue, 17 Dec 2024 14:35:13 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/8.3.14, PleskLin
server
nginx
access-control-allow-headers
Content-Type
check.php
my-support-account.eu/antibots/
76 B
373 B
XHR
General
Full URL
https://my-support-account.eu/antibots/check.php?ip=149.202.77.77
Requested by
Host: my-support-account.eu
URL: https://my-support-account.eu/assets/index-Dgk5N0rH.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.98.139.79 , France, ASN210403 (LWS Groupe LWS SARL, FR),
Reverse DNS
vps108009.serveur-vps.net
Software
nginx / PHP/8.3.14, PleskLin
Resource Hash
e807d7e32bbe65c2dcb45df9b531bedf5f7207953bb148a81651177a5154349d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://my-support-account.eu/

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
vary
Accept-Encoding
content-encoding
gzip
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-length
87
date
Tue, 17 Dec 2024 14:35:13 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/8.3.14, PleskLin
server
nginx
access-control-allow-headers
Content-Type
update.php
my-support-account.eu/Panel/stats/
4 B
310 B
XHR
General
Full URL
https://my-support-account.eu/Panel/stats/update.php?put=real
Requested by
Host: my-support-account.eu
URL: https://my-support-account.eu/assets/index-Dgk5N0rH.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.98.139.79 , France, ASN210403 (LWS Groupe LWS SARL, FR),
Reverse DNS
vps108009.serveur-vps.net
Software
nginx / PHP/8.3.14, PleskLin
Resource Hash
a4c3ed04a95a3da14a9d235c83d868bed7c0f45cf7f3faa751ee8f50598d2211
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://my-support-account.eu/

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
vary
Accept-Encoding
content-encoding
gzip
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
content-length
24
date
Tue, 17 Dec 2024 14:35:13 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/8.3.14, PleskLin
server
nginx
access-control-allow-headers
Content-Type
favicon.ico
my-support-account.eu/
10 KB
0
Other
General
Full URL
https://my-support-account.eu/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.98.139.79 , France, ASN210403 (LWS Groupe LWS SARL, FR),
Reverse DNS
vps108009.serveur-vps.net
Software
nginx / PleskLin
Resource Hash
9c5f7722c5df8eb24dda20ecc01c9f73e3103e10052fd980da4e7d9f753a97d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://my-support-account.eu/login

Response headers

etag
"6661b16c-267e"
accept-ranges
bytes
content-length
9854
date
Tue, 17 Dec 2024 14:35:13 GMT
content-type
image/vnd.microsoft.icon
last-modified
Thu, 06 Jun 2024 12:54:04 GMT
server
nginx
x-powered-by
PleskLin
bg-img-DshQzFTz.jpg
my-support-account.eu/assets/
297 KB
298 KB
Image
General
Full URL
https://my-support-account.eu/assets/bg-img-DshQzFTz.jpg
Requested by
Host: my-support-account.eu
URL: https://my-support-account.eu/assets/index-jck1m3kq.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.98.139.79 , France, ASN210403 (LWS Groupe LWS SARL, FR),
Reverse DNS
vps108009.serveur-vps.net
Software
nginx / PleskLin
Resource Hash
c498734d932cd53d7be996c240bbe057c4395f1540acf8a2f51ec972c67d339e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://my-support-account.eu/assets/index-jck1m3kq.css

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
etag
"66636bea-4a49d"
accept-ranges
bytes
content-length
304285
date
Tue, 17 Dec 2024 14:35:13 GMT
content-type
image/jpeg
last-modified
Fri, 07 Jun 2024 20:22:02 GMT
server
nginx
x-powered-by
PleskLin
NetflixSans_W_Md-DZqwgeFE.woff2
my-support-account.eu/assets/
53 KB
53 KB
Font
General
Full URL
https://my-support-account.eu/assets/NetflixSans_W_Md-DZqwgeFE.woff2
Requested by
Host: my-support-account.eu
URL: https://my-support-account.eu/assets/index-jck1m3kq.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.98.139.79 , France, ASN210403 (LWS Groupe LWS SARL, FR),
Reverse DNS
vps108009.serveur-vps.net
Software
nginx / PleskLin
Resource Hash
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://my-support-account.eu
Referer
https://my-support-account.eu/assets/index-jck1m3kq.css

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
etag
"66636bea-d2b4"
accept-ranges
bytes
content-length
53940
date
Tue, 17 Dec 2024 14:35:13 GMT
content-type
font/woff2
last-modified
Fri, 07 Jun 2024 20:22:02 GMT
server
nginx
x-powered-by
PleskLin

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| __reactRouterVersion

0 Cookies

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://my-support-account.eu/login
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15768000; includeSubDomains