balkumarisaccos.com - urlscan.io

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 7 HTTP transactions. The main IP is 173.254.24.11, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is balkumarisaccos.com.
TLS certificate: Issued by R3 on December 6th 2020. Valid for: 3 months.

This is the only time balkumarisaccos.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 5	173.254.24.11 173.254.24.11	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
2 2	195.154.113.3 195.154.113.3	12876 (Online SAS) (Online SAS)
1	163.172.59.20 163.172.59.20	12876 (Online SAS) (Online SAS)
1	2a00:86c0:209... 2a00:86c0:2091::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
7	4

5 173.254.24.11 (Provo, United States) 2 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: rsb11.rhostbh.com

balkumarisaccos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.154.113.3 (France) 2 redirects

ASN12876 (Online SAS, FR)
PTR: 195-154-113-3.rev.poneytelecom.eu

3.top4top.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
3.top4top.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.172.59.20 (France)

ASN12876 (Online SAS, FR)
PTR: 163-172-59-20.rev.poneytelecom.eu

i.top4top.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:86c0:2091::1 (United Kingdom)

ASN40027 (NETFLIX-ASN, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	balkumarisaccos.com 2 redirects balkumarisaccos.com	20 KB
2	top4top.io 1 redirects 3.top4top.io i.top4top.io	1 MB
1	nflxext.com assets.nflxext.com	78 KB
1	top4top.net 1 redirects 3.top4top.net	88 B
0	holmanonline.com Failed assets.nflxext.holmanonline.com Failed
7	5

	Domain	Requested by
5	balkumarisaccos.com	2 redirects balkumarisaccos.com
1	assets.nflxext.com	balkumarisaccos.com
1	i.top4top.io	balkumarisaccos.com
1	3.top4top.io	1 redirects
1	3.top4top.net	1 redirects
0	assets.nflxext.holmanonline.com Failed	balkumarisaccos.com
7	6

This site contains no links.

Subject Issuer	Validity	Valid
balkumarisaccos.com R3	`2020-12-06` - `2021-03-06`	3 months	crt.sh
top4top.io R3	`2021-01-24` - `2021-04-24`	3 months	crt.sh
*.1.nflxso.net DigiCert SHA2 Secure Server CA	`2021-01-23` - `2021-02-23`	a month	crt.sh

This page contains 1 frames:

Primary Page: https://balkumarisaccos.com/build/less/skins/net/oam-login.php
Frame ID: 879F9068D1B439A98A63B4EFE0FEBC7E
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://balkumarisaccos.com/build/less/skins/net HTTP 301
https://balkumarisaccos.com/build/less/skins/net/ HTTP 302
https://balkumarisaccos.com/build/less/skins/net/oam-login.php Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

7
Requests

71 %
HTTPS

25 %
IPv6

5
Domains

6
Subdomains

4
IPs

3
Countries

1567 kB
Transfer

1632 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://balkumarisaccos.com/build/less/skins/net HTTP 301
https://balkumarisaccos.com/build/less/skins/net/ HTTP 302
https://balkumarisaccos.com/build/less/skins/net/oam-login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://3.top4top.net/p_142705xbg1.png HTTP 301
https://3.top4top.io/p_142705xbg1.png HTTP 301
https://i.top4top.io/p_142705xbg1.png

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request oam-login.php Show response balkumarisaccos.com/build/less/skins/net/ Redirect Chain https://balkumarisaccos.com/build/less/skins/net https://balkumarisaccos.com/build/less/skins/net/ https://balkumarisaccos.com/build/less/skins/net/oam-login.php	4 KB 2 KB	578ms 578ms	Document text/html	173.254.24.11 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://balkumarisaccos.com/build/less/skins/net/oam-login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.254.24.11 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS rsb11.rhostbh.com Software nginx/1.16.1 / Resource Hash `3b1dc9872698a920ae502d9755f589b165910503af139fd453d411db3cd25f2c` Request headers Host balkumarisaccos.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Server nginx/1.16.1 Date Thu, 28 Jan 2021 03:05:07 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Content-Encoding gzip Redirect headers Server nginx/1.16.1 Date Thu, 28 Jan 2021 03:05:07 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Location oam-login.php
GET H/1.1	200 OK	z.css balkumarisaccos.com/build/less/skins/net/css/	35 KB 8 KB	183ms 182ms	Stylesheet text/css	173.254.24.11 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://balkumarisaccos.com/build/less/skins/net/css/z.css Requested by Host: balkumarisaccos.com URL: https://balkumarisaccos.com/build/less/skins/net/oam-login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.254.24.11 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS rsb11.rhostbh.com Software nginx/1.16.1 / Resource Hash `865ff2ca0947e876f04a570a09633832091736c24e78366ae0dfbe6bceb11057` Request headers Referer https://balkumarisaccos.com/build/less/skins/net/oam-login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 28 Jan 2021 03:05:08 GMT Content-Encoding gzip Last-Modified Wed, 27 Jan 2021 12:07:49 GMT Server nginx/1.16.1 Connection keep-alive Transfer-Encoding chunked Content-Type text/css
GET H/1.1	200 OK	a.css balkumarisaccos.com/build/less/skins/net/css/	49 KB 10 KB	364ms 181ms	Stylesheet text/css	173.254.24.11 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://balkumarisaccos.com/build/less/skins/net/css/a.css Requested by Host: balkumarisaccos.com URL: https://balkumarisaccos.com/build/less/skins/net/oam-login.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.254.24.11 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS rsb11.rhostbh.com Software nginx/1.16.1 / Resource Hash `698fb5d54408ab060621f9ea2afe61243bc13b693d92fde9f59e4a2fe6d986cd` Request headers Referer https://balkumarisaccos.com/build/less/skins/net/oam-login.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 28 Jan 2021 03:05:08 GMT Content-Encoding gzip Last-Modified Wed, 27 Jan 2021 12:07:49 GMT Server nginx/1.16.1 Connection keep-alive Transfer-Encoding chunked Content-Type text/css
GET		Modernizr-2.5.3.forms.js assets.nflxext.holmanonline.com/webalizer/images/modernizr.com/	0 0

GET		html5Forms.js assets.nflxext.holmanonline.com/webalizer/images/	0 0

GET H2	200	p_142705xbg1.png i.top4top.io/ Redirect Chain https://3.top4top.net/p_142705xbg1.png https://3.top4top.io/p_142705xbg1.png https://i.top4top.io/p_142705xbg1.png	1 MB 1 MB	135ms 51ms	Image image/png	163.172.59.20 Online SAS
General Check archive.org Show headers Download Go to Show image Full URL https://i.top4top.io/p_142705xbg1.png Requested by Host: balkumarisaccos.com URL: https://balkumarisaccos.com/build/less/skins/net/css/a.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 163.172.59.20 , France, ASN12876 (Online SAS, FR), Reverse DNS 163-172-59-20.rev.poneytelecom.eu Software nginx / Resource Hash `ff9c631a863e781506433428ad7577bfea44b8e1bcfdbf04fe90df72c2ff9940` Request headers Referer https://balkumarisaccos.com/build/less/skins/net/css/a.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-file-id x30528836x date Thu, 28 Jan 2021 03:05:08 GMT last-modified Thu, 28 Nov 2019 14:39:59 GMT server nginx etag "5ddfdc3f-16ebf7" content-type image/png cache-control max-age=7200 x-ok 0 content-disposition inline; filename="netbackround.PNG" accept-ranges bytes content-length 1502199 expires Thu, 28 Jan 2021 05:05:08 GMT Redirect headers location https://i.top4top.io/p_142705xbg1.png date Thu, 28 Jan 2021 03:05:08 GMT server nginx content-length 71 vary Accept content-type text/plain; charset=utf-8
GET H/1.1	200 OK	nf-icon-v1-80.woff assets.nflxext.com/ffe/siteui/fonts/	78 KB 78 KB	26ms 6ms	Font font/woff	2a00:86c0:2091::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Full URL https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-80.woff Requested by Host: balkumarisaccos.com URL: https://balkumarisaccos.com/build/less/skins/net/css/z.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `2555364bdd6374d0c273c69322f2f78554c02fe630ee6582eeb2d2c9031d1a9d` Request headers Origin https://balkumarisaccos.com Referer https://balkumarisaccos.com/build/less/skins/net/css/z.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 28 Jan 2021 03:05:08 GMT Last-Modified Thu, 28 Jan 2016 20:46:04 GMT Server nginx Content-MD5 GkWpE2r/FESZk08OjSTsgQ== Content-Type font/woff Access-Control-Allow-Origin * Cache-Control public, max-age=7940 Connection keep-alive Accept-Ranges bytes Content-Length 79392 Expires Sun, 10 Jan 2021 10:36:08 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: assets.nflxext.holmanonline.com
URL: http://assets.nflxext.holmanonline.com/webalizer/images/modernizr.com/Modernizr-2.5.3.forms.js

Domain: assets.nflxext.holmanonline.com
URL: http://assets.nflxext.holmanonline.com/webalizer/images/html5Forms.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3.top4top.io
3.top4top.net
assets.nflxext.com
assets.nflxext.holmanonline.com
balkumarisaccos.com
i.top4top.io
assets.nflxext.holmanonline.com
163.172.59.20
173.254.24.11
195.154.113.3
2a00:86c0:2091::1
2555364bdd6374d0c273c69322f2f78554c02fe630ee6582eeb2d2c9031d1a9d
3b1dc9872698a920ae502d9755f589b165910503af139fd453d411db3cd25f2c
698fb5d54408ab060621f9ea2afe61243bc13b693d92fde9f59e4a2fe6d986cd
865ff2ca0947e876f04a570a09633832091736c24e78366ae0dfbe6bceb11057
ff9c631a863e781506433428ad7577bfea44b8e1bcfdbf04fe90df72c2ff9940

balkumarisaccos.com Open in urlscan Pro 173.254.24.11 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

71 %HTTPS

25 %IPv6

5 Domains

6 Subdomains

4 IPs

3 Countries

1567 kBTransfer

1632 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

balkumarisaccos.com Open in urlscan Pro
173.254.24.11 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

71 %
HTTPS

25 %
IPv6

5
Domains

6
Subdomains

4
IPs

3
Countries

1567 kB
Transfer

1632 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!