imsupporttv.xyz Open in urlscan Pro
23.94.190.26 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://imsupporttv.xyz/
Effective URL:
https://imsupporttv.xyz/
Submission Tags: falconsandbox
Submission: On July 16 via api (July 16th 2024, 1:41:57 pm UTC) from US — Scanned from DE

Summary HTTP 10 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 23.94.190.26, located in Buffalo, United States and belongs to AS-COLOCROSSING, US. The main domain is imsupporttv.xyz.
TLS certificate: Issued by R10 on July 16th 2024. Valid for: 3 months.

This is the only time imsupporttv.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address		AS Autonomous System
10	23.94.190.26 23.94.190.26		36352 (AS-COLOCR...) (AS-COLOCROSSING)
10	1

10 23.94.190.26 (Buffalo, United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: vmi901.hostlegends.com

imsupporttv.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	imsupporttv.xyz imsupporttv.xyz	844 KB
10	1

	Domain	Requested by
10	imsupporttv.xyz	imsupporttv.xyz
10	1

This site contains links to these domains. Also see Links.

Domain
facebook.com
twitter.com
instagram.com
youtube.com

Subject Issuer	Validity	Valid
imsupporttv.xyz R10	`2024-07-16` - `2024-10-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://imsupporttv.xyz/
Frame ID: DD9CD46DB47463216961652E7820D045
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MTDb - Movies, TV and Celebrities

Page URL History Show full URLs

http://imsupporttv.xyz/ HTTP 307
https://imsupporttv.xyz/ Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

844 kB
Transfer

1643 kB
Size

2
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://facebook.com/

Search URL Search Domain Scan URL

URL: https://twitter.com/

Search URL Search Domain Scan URL

URL: https://instagram.com/

Search URL Search Domain Scan URL

URL: https://youtube.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://imsupporttv.xyz/ HTTP 307
https://imsupporttv.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response imsupporttv.xyz/ Redirect Chain http://imsupporttv.xyz/ https://imsupporttv.xyz/	149 KB 36 KB	587ms 365ms	Document text/html	23.94.190.26 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://imsupporttv.xyz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.190.26 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS vmi901.hostlegends.com Software nginx / PHP/8.2.21 PleskLin Resource Hash `66210c7914bb063c322c1f29dac9833000b2231453ec94aec9528dee04e5bfd6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers cache-control private, must-revalidate content-encoding gzip content-length 36278 content-type text/html; charset=UTF-8 date Tue, 16 Jul 2024 13:41:51 GMT expires -1 pragma no-cache server nginx server-timing bootstrap;desc="Bootstrap";dur=217.14186668396, app;desc="App";dur=30, total;desc="Total";dur=248.01898002625, vary Accept-Encoding x-powered-by PHP/8.2.21 PleskLin Redirect headers Location https://imsupporttv.xyz/ Non-Authoritative-Reason HttpsUpgrades
GET H2	200	main-6c4dbbeb.css imsupporttv.xyz/build/assets/	93 KB 17 KB	116ms 116ms	Stylesheet text/css	23.94.190.26 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://imsupporttv.xyz/build/assets/main-6c4dbbeb.css Requested by Host: imsupporttv.xyz URL: https://imsupporttv.xyz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.190.26 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS vmi901.hostlegends.com Software nginx / PleskLin Resource Hash `6c4dbbeb407319e407b1f02a80217c411442f01a3f3edbbed4fec03862ce22e4` Request headers Referer https://imsupporttv.xyz/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 16 Jul 2024 13:41:51 GMT content-encoding gzip last-modified Thu, 18 Apr 2024 10:12:40 GMT server nginx etag "173ad-6165c360eb600-gzip" x-powered-by PleskLin vary Accept-Encoding content-type text/css accept-ranges bytes content-length 16860
GET H2	200	main-cf061d56.js Show response imsupporttv.xyz/build/assets/	755 KB 253 KB	125ms 125ms	Script text/javascript	23.94.190.26 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://imsupporttv.xyz/build/assets/main-cf061d56.js Requested by Host: imsupporttv.xyz URL: https://imsupporttv.xyz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.190.26 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS vmi901.hostlegends.com Software nginx / PleskLin Resource Hash `3630a3b3f6d84bc1364c2031ca41df5e134a4535f92c650bc221ac47e900134e` Request headers Referer Origin https://imsupporttv.xyz User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 16 Jul 2024 13:41:51 GMT content-encoding gzip last-modified Thu, 18 Apr 2024 10:12:40 GMT server nginx etag "bcc1b-6165c360eb600-gzip" x-powered-by PleskLin vary Accept-Encoding content-type text/javascript accept-ranges bytes
GET H2	200	logo-light.svg imsupporttv.xyz/images/	2 KB 3 KB	116ms 116ms	Image image/svg+xml	23.94.190.26 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://imsupporttv.xyz/images/logo-light.svg Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.190.26 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS vmi901.hostlegends.com Software nginx / PleskLin Resource Hash `57e669019c777f895e04f6c9878ebad488aae72df4455f210612038405030662` Request headers Referer https://imsupporttv.xyz/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 16 Jul 2024 13:41:51 GMT last-modified Thu, 18 Apr 2024 10:12:40 GMT server nginx etag "9a9-6165c360eb600" x-powered-by PleskLin content-type image/svg+xml accept-ranges bytes content-length 2473
GET H2	200	browse.jpg imsupporttv.xyz/images/landing/	69 KB 69 KB	115ms 115ms	Image image/jpeg	23.94.190.26 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://imsupporttv.xyz/images/landing/browse.jpg Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.190.26 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS vmi901.hostlegends.com Software nginx / PleskLin Resource Hash `da2a023b44cb5facb902cddc731ad67c91c3e2b4ef1d9b46c807bd83f5dbb2bd` Request headers Referer https://imsupporttv.xyz/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 16 Jul 2024 13:41:51 GMT last-modified Thu, 18 Apr 2024 10:12:40 GMT server nginx etag "11459-6165c360eb600" x-powered-by PleskLin content-type image/jpeg accept-ranges bytes content-length 70745
GET H2	200	transformers.jpg imsupporttv.xyz/images/landing/	62 KB 62 KB	117ms 117ms	Image image/jpeg	23.94.190.26 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://imsupporttv.xyz/images/landing/transformers.jpg Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.190.26 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS vmi901.hostlegends.com Software nginx / PleskLin Resource Hash `d29b962eef8bbbadc7c9dcad99d0275462ba0974ff4e1c4be803314625b47334` Request headers Referer https://imsupporttv.xyz/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 16 Jul 2024 13:41:51 GMT last-modified Thu, 18 Apr 2024 10:12:40 GMT server nginx etag "f6a1-6165c360eb600" x-powered-by PleskLin content-type image/jpeg accept-ranges bytes content-length 63137
GET H2	200	last-of-us.jpg imsupporttv.xyz/images/landing/	50 KB 51 KB	114ms 114ms	Image image/jpeg	23.94.190.26 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://imsupporttv.xyz/images/landing/last-of-us.jpg Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.190.26 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS vmi901.hostlegends.com Software nginx / PleskLin Resource Hash `99d7bff252cd4d218c451c6912406c05deb7ea41401d22e051844d33bd5279b9` Request headers Referer https://imsupporttv.xyz/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 16 Jul 2024 13:41:51 GMT last-modified Thu, 18 Apr 2024 10:12:40 GMT server nginx etag "c973-6165c360eb600" x-powered-by PleskLin content-type image/jpeg accept-ranges bytes content-length 51571
GET H2	200	localizations Show response imsupporttv.xyz/api/v1/value-lists/	91 B 1 KB	361ms 361ms	XHR application/json	23.94.190.26 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://imsupporttv.xyz/api/v1/value-lists/localizations Requested by Host: imsupporttv.xyz URL: https://imsupporttv.xyz/build/assets/main-cf061d56.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.190.26 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS vmi901.hostlegends.com Software nginx / PHP/8.2.21, PleskLin Resource Hash `fe43ea87c0bb0590e4b4e5962bbe42f87461f516482c238b1161f8e0edfc26bd` Request headers Accept application/json Referer https://imsupporttv.xyz/ X-XSRF-TOKEN eyJpdiI6ImJ0anBBekJVT1VTcFc1YUJmcmE1TWc9PSIsInZhbHVlIjoidmZEb2drbHhvR3k5ZkdJRnZLWno4QjVjSWlzMEFpSXJCeG1oK2UvVkF2MXZmTDNya1M5N1owd3o0SzRrZ20wNFo5VWk4QlJ1SXRGMldLNzNsT3JNZjIvMnNsKzlNM1IxSEZBQ0J6ZkxvYmhJckQ2S0tuQlF1NUNVWEtiSmRrQ3QiLCJtYWMiOiI0Y2FjNDA1YTA4MjJmYzBhOWIzY2FhN2Q3OTdkNTAwMTZhYzY3YzhmMjFmNTVjNDIxM2EzYjAxZTA5NTkwZDg0IiwidGFnIjoiIn0= User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers pragma no-cache date Tue, 16 Jul 2024 13:41:52 GMT content-encoding br server nginx x-powered-by PHP/8.2.21, PleskLin x-ratelimit-remaining 1499 content-type application/json access-control-allow-origin * cache-control private, must-revalidate x-ratelimit-limit 1500 expires -1
GET H2	200	landing.jpg imsupporttv.xyz/images/landing/	316 KB 317 KB	114ms 114ms	Image image/jpeg	23.94.190.26 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Show image Full URL https://imsupporttv.xyz/images/landing/landing.jpg Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.190.26 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS vmi901.hostlegends.com Software nginx / PleskLin Resource Hash `c4d143fbc63dde4eb0f0f8bd9a8ced56f7e0bd663e45b3a4b7f5f30c9f105be1` Request headers Referer https://imsupporttv.xyz/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Tue, 16 Jul 2024 13:41:51 GMT last-modified Thu, 18 Apr 2024 10:12:40 GMT server nginx etag "4f159-6165c360eb600" x-powered-by PleskLin content-type image/jpeg accept-ranges bytes content-length 323929
GET H2	200	icon-144x144.png imsupporttv.xyz/favicon/	146 KB 36 KB	359ms 359ms	Other text/html	23.94.190.26 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://imsupporttv.xyz/favicon/icon-144x144.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.190.26 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS vmi901.hostlegends.com Software nginx / PHP/8.2.21, PleskLin Resource Hash `264f7ba8ada1cabd9c1e8ec07bf6ebc61b803ff0ee6e942890d8fc23f8fa19f0` Request headers Referer https://imsupporttv.xyz/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers pragma no-cache date Tue, 16 Jul 2024 13:41:52 GMT content-encoding gzip server nginx x-powered-by PHP/8.2.21, PleskLin vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control private, must-revalidate server-timing bootstrap;desc="Bootstrap";dur=221.72904014587, app;desc="App";dur=18, total;desc="Total";dur=240.76914787292, content-length 35651 expires -1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| bootstrapData function| nanomemoize

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			imsupporttv.xyz/	1970-01-20 22:05:44	Name: XSRF-TOKEN Value: eyJpdiI6IlNiMTZ0SjB2Z0RqdTVsb2xTd0pyWVE9PSIsInZhbHVlIjoieWROYVBoQVNxU3FtaUtoTTFRWFZkeGEySkRBTTVhdHBJRmpRb2NtcXdJVVZYM0JiZnN1S2h1M1o0cjVQdXNNSlhpeUN1b3N6aVJFVytDT3B2TjBzcG1yNTNlVmhTdGRlTEtSZmh2QU9URDNhWW1TNE5kV3hNbzZVZk00YTh3aHMiLCJtYWMiOiIzZmM2NjI4NDc5MTAwZGFlMmUzYjZhZjliOThjOGI4ZmJkNTY3YWRlOTM4YmY4ZjAyYjNiNWYxZGJjMWJkZjAwIiwidGFnIjoiIn0%3D
			imsupporttv.xyz/	1970-01-20 22:05:44	Name: mtdb_session Value: eyJpdiI6IkQzeDgxOHpEZHV1cXBaVENPMXBBS0E9PSIsInZhbHVlIjoieDg0MXdsK2crek9ESWlrenl1Qk1QVGNQM050M0Zramk3TmJOWUZKanYxaHFEMXZOMWJMeUF3dnNnenFwK0RWTFNXWlFKN0F1THoxUWxmY1VTM0lFMTVJTURyU1VQM1VwNDd1Wjh6Y1FIWUZsdkVoNFVrK0JTL05uY3pQaU9SMWMiLCJtYWMiOiJiOTE5NjRkNzY0NjIyYTczNzRhMzJiYWVhNTExN2Y3NDFmMDg4MGEyMmZiOGEyYzNhMzJkYTMxODJjNzMwMTIwIiwidGFnIjoiIn0%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

imsupporttv.xyz
23.94.190.26
264f7ba8ada1cabd9c1e8ec07bf6ebc61b803ff0ee6e942890d8fc23f8fa19f0
3630a3b3f6d84bc1364c2031ca41df5e134a4535f92c650bc221ac47e900134e
57e669019c777f895e04f6c9878ebad488aae72df4455f210612038405030662
66210c7914bb063c322c1f29dac9833000b2231453ec94aec9528dee04e5bfd6
6c4dbbeb407319e407b1f02a80217c411442f01a3f3edbbed4fec03862ce22e4
99d7bff252cd4d218c451c6912406c05deb7ea41401d22e051844d33bd5279b9
c4d143fbc63dde4eb0f0f8bd9a8ced56f7e0bd663e45b3a4b7f5f30c9f105be1
d29b962eef8bbbadc7c9dcad99d0275462ba0974ff4e1c4be803314625b47334
da2a023b44cb5facb902cddc731ad67c91c3e2b4ef1d9b46c807bd83f5dbb2bd
fe43ea87c0bb0590e4b4e5962bbe42f87461f516482c238b1161f8e0edfc26bd

imsupporttv.xyz Open in urlscan Pro 23.94.190.26 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

844 kBTransfer

1643 kBSize

2 Cookies

4 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

2 Cookies

Indicators

imsupporttv.xyz Open in urlscan Pro
23.94.190.26 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

844 kB
Transfer

1643 kB
Size

2
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!