aramex.getpeakperformer.in Open in urlscan Pro
185.221.67.30 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/cdKhj2cWkh
Effective URL:
https://aramex.getpeakperformer.in/2auth/signin
Submission: On November 27 via manual (November 27th 2023, 3:02:10 pm UTC) from HU — Scanned from DE

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 185.221.67.30, located in Amsterdam, Netherlands and belongs to AS-SUISSE, SC. The main domain is aramex.getpeakperformer.in.
TLS certificate: Issued by R3 on November 25th 2023. Valid for: 3 months.

This is the only time aramex.getpeakperformer.in was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1 8	185.221.67.30 185.221.67.30	211760 (AS-SUISSE) (AS-SUISSE)
3	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	3

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.221.67.30 (Amsterdam, Netherlands) 1 redirects

ASN211760 (AS-SUISSE, SC)

aramex.getpeakperformer.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	getpeakperformer.in 1 redirects aramex.getpeakperformer.in	271 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	66 KB
1	t.co t.co — Cisco Umbrella Rank: 607	564 B
11	3

	Domain	Requested by
8	aramex.getpeakperformer.in	1 redirects t.co aramex.getpeakperformer.in
3	cdnjs.cloudflare.com	aramex.getpeakperformer.in
1	t.co
11	3

This site contains no links.

Subject Issuer	Validity	Valid
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
aramex.getpeakperformer.in R3	`2023-11-25` - `2024-02-23`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://aramex.getpeakperformer.in/2auth/signin
Frame ID: D1EF57F7709B92DEA80924D3116DB9BD
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Neftlix - Anmeldung anmelden

Page URL History Show full URLs

https://t.co/cdKhj2cWkh Page URL
https://aramex.getpeakperformer.in/verify?key=bill HTTP 302
https://aramex.getpeakperformer.in/2auth/signin Page URL

Detected technologies

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Axios (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

336 kB
Transfer

594 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/cdKhj2cWkh Page URL
https://aramex.getpeakperformer.in/verify?key=bill HTTP 302
https://aramex.getpeakperformer.in/2auth/signin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 cdKhj2cWkh
t.co/ 305 B
564 B 185ms
130ms Document
text/html 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/cdKhj2cWkh

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 193
content-type: text/html; charset=utf-8
date: Mon, 27 Nov 2023 15:02:04 GMT
expires: Mon, 27 Nov 2023 15:07:05 GMT
perf: 7626143928
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: a9142628219eb2091d96b1d57b04740b5aa9783cfa6623f9027425fdfbc9ce2c
x-response-time: 117
x-transaction-id: d55cab0ff079877f
x-xss-protection: 0

GET
H2

200

Primary Request signin Show response
aramex.getpeakperformer.in/2auth/
Redirect Chain

https://aramex.getpeakperformer.in/verify?key=bill
https://aramex.getpeakperformer.in/2auth/signin

10 KB
3 KB

171ms
170ms

Document
text/html

185.221.67.30
AS-SUISSE

General

Check archive.org

Show headers Download Go to

Full URL: https://aramex.getpeakperformer.in/2auth/signin
Requested by: Host: t.co
URL: https://t.co/cdKhj2cWkh
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.221.67.30 Amsterdam, Netherlands, ASN211760 (AS-SUISSE, SC),
Reverse DNS
Software: nginx / PHP/8.1.25 PleskLin
Resource Hash: b92263bce3bda393fad2f4b33efb2780a621f98e532082a4b992450465aea1e0

Request headers

Referer: https://t.co/cdKhj2cWkh
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, must-revalidate
content-encoding: gzip
content-length: 2002
content-type: text/html; charset=UTF-8
date: Mon, 27 Nov 2023 15:02:05 GMT
expires: -1
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/8.1.25 PleskLin

Redirect headers

cache-control: private, must-revalidate
content-type: text/html; charset=UTF-8
date: Mon, 27 Nov 2023 15:02:05 GMT
expires: -1
location: https://aramex.getpeakperformer.in/2auth/signin
pragma: no-cache
server: nginx
x-powered-by: PHP/8.1.25 PleskLin

GET
H2 200 login.css
aramex.getpeakperformer.in/dinzab/ 4 KB
1 KB 37ms
36ms Stylesheet
text/css 185.221.67.30
AS-SUISSE

General

Check archive.org

Show headers Download Go to

Full URL: https://aramex.getpeakperformer.in/dinzab/login.css
Requested by: Host: aramex.getpeakperformer.in
URL: https://aramex.getpeakperformer.in/2auth/signin
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.221.67.30 Amsterdam, Netherlands, ASN211760 (AS-SUISSE, SC),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 5f88194c51d91befd043256c77862a235a84b3e972232c7b7fc270013ff0203a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aramex.getpeakperformer.in/2auth/signin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 15:02:05 GMT
content-encoding: gzip
last-modified: Sun, 14 May 2023 15:41:18 GMT
server: nginx
etag: "e2b-5fba92b4c0380-gzip"
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 994

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/ 85 KB
27 KB 34ms
17ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.0/jquery.min.js

Requested by

Host: aramex.getpeakperformer.in
URL: https://aramex.getpeakperformer.in/2auth/signin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aramex.getpeakperformer.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 15:02:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1452611
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27437
last-modified: Tue, 01 Aug 2023 17:19:50 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93eb6-6b2d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WqD1uI8RSgC5u1g5NyP5Kphb5r1YiyqOuseKQcNqYvp3MJug%2FPPcxErV8FUd1Nx2QZF1f5qYbi31AWvqZvYIbFBjynwsumvUPyqGWKpUal0wR9hF%2FRrb12Q%2Ftq3AeCTqxhO6lD%2FnveWTIc%2BS1RPrYwuF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82cb400d5ee05d6d-FRA
expires: Sat, 16 Nov 2024 15:02:05 GMT

GET
H2 200 jq.js Show response
aramex.getpeakperformer.in/dinzab/ 87 KB
30 KB 66ms
66ms Script
application/javascript 185.221.67.30
AS-SUISSE

General

Check archive.org

Show headers Download Go to

Full URL: https://aramex.getpeakperformer.in/dinzab/jq.js
Requested by: Host: aramex.getpeakperformer.in
URL: https://aramex.getpeakperformer.in/2auth/signin
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.221.67.30 Amsterdam, Netherlands, ASN211760 (AS-SUISSE, SC),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aramex.getpeakperformer.in/2auth/signin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 15:02:05 GMT
content-encoding: gzip
last-modified: Tue, 16 Nov 2021 16:54:04 GMT
server: nginx
etag: "15d9d-5d0eac5dbe300-gzip"
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 30905

GET
H2 200 v.js Show response
aramex.getpeakperformer.in/dinzab/ 51 KB
14 KB 90ms
89ms Script
application/javascript 185.221.67.30
AS-SUISSE

General

Check archive.org

Show headers Download Go to

Full URL: https://aramex.getpeakperformer.in/dinzab/v.js
Requested by: Host: aramex.getpeakperformer.in
URL: https://aramex.getpeakperformer.in/2auth/signin
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.221.67.30 Amsterdam, Netherlands, ASN211760 (AS-SUISSE, SC),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: c5d85d054886c5b1438c896e06123d5d18a0f530f2da3c46271047b1b40cef00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aramex.getpeakperformer.in/2auth/signin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 15:02:05 GMT
content-encoding: gzip
last-modified: Tue, 16 Nov 2021 16:54:04 GMT
server: nginx
etag: "cd77-5d0eac5dbe300-gzip"
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 13778

GET
H2 200 m.js Show response
aramex.getpeakperformer.in/dinzab/ 23 KB
6 KB 38ms
37ms Script
application/javascript 185.221.67.30
AS-SUISSE

General

Check archive.org

Show headers Download Go to

Full URL: https://aramex.getpeakperformer.in/dinzab/m.js
Requested by: Host: aramex.getpeakperformer.in
URL: https://aramex.getpeakperformer.in/2auth/signin
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.221.67.30 Amsterdam, Netherlands, ASN211760 (AS-SUISSE, SC),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aramex.getpeakperformer.in/2auth/signin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 15:02:05 GMT
content-encoding: gzip
last-modified: Tue, 16 Nov 2021 16:54:04 GMT
server: nginx
etag: "5a88-5d0eac5dbe300-gzip"
x-powered-by: PleskLin
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 5877

GET
H2 200 logo.png
aramex.getpeakperformer.in/dinzab/ 18 KB
18 KB 65ms
64ms Image
image/png 185.221.67.30
AS-SUISSE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aramex.getpeakperformer.in/dinzab/logo.png
Requested by: Host: aramex.getpeakperformer.in
URL: https://aramex.getpeakperformer.in/2auth/signin
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.221.67.30 Amsterdam, Netherlands, ASN211760 (AS-SUISSE, SC),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: af58543b67ea1ae50ffb180c474c1f2337f2e344353f684eba34045b9ac1e66a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aramex.getpeakperformer.in/2auth/signin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 15:02:05 GMT
last-modified: Tue, 16 Nov 2021 16:54:04 GMT
server: nginx
etag: "468e-5d0eac5dbe300"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 18062

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 35ms
19ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: aramex.getpeakperformer.in
URL: https://aramex.getpeakperformer.in/2auth/signin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aramex.getpeakperformer.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 15:02:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1643546
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27938
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CSX8QpZPcwLm6Gbna3pKSR3jPB3NnJNmUQgHcKDm%2F5U6zWJKpj6YmRO206rLVwXLEsQjSXhf1e7CWLBZPdg7GNOK0iDkkZ%2BUPMtILfaYht2lhw%2B50W6wq0jmBxbzn0Easeewh7zpVcNpnfH0NTJHlm%2FV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82cb400d5ee15d6d-FRA
expires: Sat, 16 Nov 2024 15:02:05 GMT

GET
H2 200 axios.min.js Show response
cdnjs.cloudflare.com/ajax/libs/axios/1.4.0/ 31 KB
11 KB 26ms
26ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/axios/1.4.0/axios.min.js

Requested by

Host: aramex.getpeakperformer.in
URL: https://aramex.getpeakperformer.in/2auth/signin

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd4ce12a87594281afcee9c73a40fe7acc282bcc9e764fbb3afa1481a96a091e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aramex.getpeakperformer.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 15:02:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1457566
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 10759
last-modified: Tue, 01 Aug 2023 15:02:12 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c91e74-2a07"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ThWa%2FlqQJPgNPQ5VT4E1Bs%2BfNqne5fH2ho9c7TSYo0J0pSQmVs8Yb1CaM%2BYMdlHzGnOHNU30aCbv7k6z1h%2BrwoKSgHcblVFL4U6Ak3J4vZh0%2F0rJ0CR%2BwhX7YZJxtkpoF%2B65K%2BTume%2B8ACpx4FOyvJe4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82cb400d8f085d6d-FRA
expires: Sat, 16 Nov 2024 15:02:05 GMT

GET
H2 200 back.jpg
aramex.getpeakperformer.in/dinzab/ 197 KB
198 KB 34ms
34ms Image
image/jpeg 185.221.67.30
AS-SUISSE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aramex.getpeakperformer.in/dinzab/back.jpg
Requested by: Host: aramex.getpeakperformer.in
URL: https://aramex.getpeakperformer.in/dinzab/login.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.221.67.30 Amsterdam, Netherlands, ASN211760 (AS-SUISSE, SC),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 02991d543aff5398cf2ebf35146b98c80c8ee37e79a620eb20a71e86b68310b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aramex.getpeakperformer.in/dinzab/login.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 15:02:05 GMT
last-modified: Tue, 16 Nov 2021 16:54:04 GMT
server: nginx
etag: "315ad-5d0eac5dbe300"
x-powered-by: PleskLin
content-type: image/jpeg
accept-ranges: bytes
content-length: 202157

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-21 02:01:51	Name: muc Value: de68fe91-f1ee-41d4-aedc-7e508748c059
aramex.getpeakperformer.in/	1970-01-20 16:31:44	Name: XSRF-TOKEN Value: eyJpdiI6IkhWTUJ6RnJ1WElmQWNtemJhNlY4bGc9PSIsInZhbHVlIjoianM3d2xTNUoxZm4xTjlhd25UTkt5SWVjUnJBcENpOTBzVzk1UFBuZXpUendtMU9Fc3NGdlB1UHpoRHYvVzc5bEJxTzhjVko0Y3d4NE5CdzFrY3dCWWV0RzYyNkxwZGt3WGdzSGM4OUhxK2tMWmV0OFhGV01pTE5CTitGRFkvNHciLCJtYWMiOiI0MGE5ZWI2ZmZkNjI3Yzc4YWU4Y2FmMDEzMDM1NjkzOGU1OWI5MGMyNGQzYjQ2OTY0MjYxNTZmOGI2ZjJlN2M1IiwidGFnIjoiIn0%3D
aramex.getpeakperformer.in/	1970-01-20 16:31:44	Name: laravel_session Value: eyJpdiI6ImFCQm93UDVCS0U2YXdyVUtYRHFBY1E9PSIsInZhbHVlIjoiV1V0eE45T2x2TUR1L21HZ2tPeC9OYXIyNnVzSHRCeTZ5L0ZOaExWTFVLU0dXY1JFL2FCanJITFN0R0RsWktPSEhieGVUNjkrTDhmQ1BDWi9ZblpXY01rYnRjMkhCWHNzS2xTUDVWc3duVlA1WE9mUHVDOUx3K3hVOEtKejNseGkiLCJtYWMiOiI1MzFjMmEzODRmNjRkZDQzZmU1YWNmMDQyOTJlNWQ5MmY0YjUwNTUxOTQyNmQzMDU2OWE0OGU0YjBlMDE2ZmE3IiwidGFnIjoiIn0%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aramex.getpeakperformer.in
cdnjs.cloudflare.com
t.co
104.244.42.69
185.221.67.30
2606:4700::6811:190e
02991d543aff5398cf2ebf35146b98c80c8ee37e79a620eb20a71e86b68310b7
5f88194c51d91befd043256c77862a235a84b3e972232c7b7fc270013ff0203a
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
af58543b67ea1ae50ffb180c474c1f2337f2e344353f684eba34045b9ac1e66a
b92263bce3bda393fad2f4b33efb2780a621f98e532082a4b992450465aea1e0
c5d85d054886c5b1438c896e06123d5d18a0f530f2da3c46271047b1b40cef00
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
fd4ce12a87594281afcee9c73a40fe7acc282bcc9e764fbb3afa1481a96a091e
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

aramex.getpeakperformer.in Open in urlscan Pro 185.221.67.30 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

336 kBTransfer

594 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

aramex.getpeakperformer.in Open in urlscan Pro
185.221.67.30 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

336 kB
Transfer

594 kB
Size

3
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!