my-support-account.eu
Open in
urlscan Pro
185.98.139.79
Malicious Activity!
Public Scan
Submission Tags: @ecarlesi possiblethreat phishing netflix Search All
Submission: On December 17 via api from IT — Scanned from FR
Summary
TLS certificate: Issued by R11 on December 17th 2024. Valid for: 3 months.
This is the only time my-support-account.eu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 185.98.139.79 185.98.139.79 | 210403 (LWS Group...) (LWS Groupe LWS SARL) | |
1 | 104.26.12.205 104.26.12.205 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 3 |
ASN210403 (LWS Groupe LWS SARL, FR)
PTR: vps108009.serveur-vps.net
my-support-account.eu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
my-support-account.eu
my-support-account.eu |
915 KB |
1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2001 |
316 B |
12 | 2 |
Domain | Requested by | |
---|---|---|
11 | my-support-account.eu |
my-support-account.eu
|
1 | api.ipify.org |
my-support-account.eu
|
12 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
my-support-account.eu R11 |
2024-12-17 - 2025-03-17 |
3 months | crt.sh |
ipify.org WE1 |
2024-11-13 - 2025-02-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://my-support-account.eu/
Frame ID: F6D2EDD63C30F02C77A682CF11CF6819
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
my-support-account.eu/ |
457 B 549 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-Dgk5N0rH.js
my-support-account.eu/assets/ |
2 MB 549 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-jck1m3kq.css
my-support-account.eu/assets/ |
13 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
update.php
my-support-account.eu/Panel/stats/ |
4 B 310 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
my-support-account.eu/ |
10 KB 10 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.ipify.org/ |
22 B 316 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
panel.php
my-support-account.eu/config/ |
194 B 449 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.php
my-support-account.eu/antibots/ |
76 B 373 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
update.php
my-support-account.eu/Panel/stats/ |
4 B 310 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
my-support-account.eu/ |
10 KB 0 |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-img-DshQzFTz.jpg
my-support-account.eu/assets/ |
297 KB 298 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
NetflixSans_W_Md-DZqwgeFE.woff2
my-support-account.eu/assets/ |
53 KB 53 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| __reactRouterVersion0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15768000; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
my-support-account.eu
104.26.12.205
185.98.139.79
4e905956238bf33b2b0ebe49fcc8d7ef040ecc46d093330d9dd74404e6c34348
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e
9c5f7722c5df8eb24dda20ecc01c9f73e3103e10052fd980da4e7d9f753a97d3
a4c3ed04a95a3da14a9d235c83d868bed7c0f45cf7f3faa751ee8f50598d2211
a5acdcf6cd3c2d33f9339a291beac06ad158da6d3d204c5372726b5ade140995
c498734d932cd53d7be996c240bbe057c4395f1540acf8a2f51ec972c67d339e
d3428ca50e21f5b120e2d3a1cf99d239f28d08b9f0b22ab620aa594cbf29e594
d599f4f0c849565a17251a72f9d1b7f3a4761fe1be5898b8828f22baffb55a4d
d6f8e9b1af7f5182eb1d7e537eb6deadfc0f064748a0b05e3416fd146512d005
dd39180510da25e3848b1fbdffda6acb27f1219aab4a0894a4ad26b07bd05056
e807d7e32bbe65c2dcb45df9b531bedf5f7207953bb148a81651177a5154349d