avantgardesss.com
Open in
urlscan Pro
77.104.162.180
Malicious Activity!
Public Scan
URL:
https://avantgardesss.com//components/com_fields/models/netfliix/bill.php
Submission: On March 26 via automatic, source openphish
Submission: On March 26 via automatic, source openphish
Summary
This website contacted 4 IPs
in 3 countries
across 3 domains to perform 16 HTTP transactions.
The main IP is 77.104.162.180, located in
Bulgaria and
belongs to SINGLEHOP-LLC - SingleHop LLC, US.
The main domain is avantgardesss.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 7th 2018. Valid for: 3 months.
This is the only time avantgardesss.com was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on March 7th 2018. Valid for: 3 months.
This is the only time avantgardesss.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 9 | 77.104.162.180 77.104.162.180 | 32475 (SINGLEHOP...) (SINGLEHOP-LLC - SingleHop LLC) | |
| 1 | 195.181.160.27 195.181.160.27 | 60068 (CDN77) (CDN77) | |
| 4 | 117.121.251.0 117.121.251.0 | 22822 (LLNW) (LLNW - Limelight Networks) | |
| 2 | 117.121.251.192 117.121.251.192 | 22822 (LLNW) (LLNW - Limelight Networks) | |
| 16 | 4 |
9
77.104.162.180
(Bulgaria)
ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: ip-77-104-162-180.siteground.com
ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: ip-77-104-162-180.siteground.com
| avantgardesss.com |
1
195.181.160.27
(United Kingdom)
ASN60068 (CDN77, GB)
PTR: unn-195-181-160-27.datapacket.com
ASN60068 (CDN77, GB)
PTR: unn-195-181-160-27.datapacket.com
| s11.postimg.org |
4
117.121.251.0
(Australia)
ASN22822 (LLNW - Limelight Networks, Inc., US)
PTR: https-117-121-251-0.sin.llnw.net
ASN22822 (LLNW - Limelight Networks, Inc., US)
PTR: https-117-121-251-0.sin.llnw.net
| prdbellweb.hs.llnwd.net |
2
117.121.251.192
(Australia)
ASN22822 (LLNW - Limelight Networks, Inc., US)
PTR: https-117-121-251-192.sin.llnw.net
ASN22822 (LLNW - Limelight Networks, Inc., US)
PTR: https-117-121-251-192.sin.llnw.net
| prdbellweb.hs.llnwd.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 9 |
avantgardesss.com
avantgardesss.com |
114 KB |
| 6 |
llnwd.net
prdbellweb.hs.llnwd.net |
30 KB |
| 1 |
postimg.org
s11.postimg.org |
9 KB |
| 16 | 3 |
| Domain | Requested by | |
|---|---|---|
| 9 | avantgardesss.com |
avantgardesss.com
|
| 6 | prdbellweb.hs.llnwd.net | |
| 1 | s11.postimg.org |
avantgardesss.com
|
| 16 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| avantgardesss.com Let's Encrypt Authority X3 |
2018-03-07 - 2018-06-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://avantgardesss.com//components/com_fields/models/netfliix/bill.php
Frame ID: 8F651AA147A746ADA4D1851EFC90D81D
Requests: 16 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
bill.php
avantgardesss.com//components/com_fields/models/netfliix/ |
24 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mala.css
avantgardesss.com//components/com_fields/models/netfliix/css/ |
33 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
image.png
s11.postimg.org/nxzkzbtmr/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bir.PNG
avantgardesss.com//components/com_fields/models/netfliix/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
b.PNG
avantgardesss.com//components/com_fields/models/netfliix/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fin.PNG
avantgardesss.com//components/com_fields/models/netfliix/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1.css
avantgardesss.com//components/com_fields/models/netfliix/css/ |
78 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
2.css
avantgardesss.com//components/com_fields/models/netfliix/css/ |
114 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
3.css
avantgardesss.com//components/com_fields/models/netfliix/css/ |
157 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
4.css
avantgardesss.com//components/com_fields/models/netfliix/css/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg_cBoxExtra.png
prdbellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/ |
811 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg_formTextInput.gif
prdbellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/ |
43 B 465 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bl_warning.gif
prdbellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/ |
1013 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg_gradRibbon.gif
prdbellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/ |
227 B 650 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bg_transparent.gif
prdbellweb.hs.llnwd.net/resource/web/common/all_languages/all_regions/skin/ |
43 B 465 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bellslim_semibold-webfont.woff
prdbellweb.hs.llnwd.net/resource/web/css/font/ |
26 KB 26 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
avantgardesss.com
prdbellweb.hs.llnwd.net
s11.postimg.org
117.121.251.0
117.121.251.192
195.181.160.27
77.104.162.180
038234677c46f9c530e08c832514daf43478372cd13f8683aee4d74c82b89e00
1264a78ad9c7ab774a7c41d31bdae0aac691b7d69e834d08951a9a322071abbd
13818cdaf6965fd3ac5bf4c7e2b9656b6f933c3bc9f80c20a90ea9dcdaef7cad
270cd6a910520c66c0d386e8b788dc6b9a278bbda04b033da56ce04636875d3f
3f2d7a8f5c0f74f7d617bbdfac54fdbc9b7c826da993b5e679f352b9cd79d33c
4d4054a533373a85d24d65f5290ca306133f3c22f0b2d7b71a742a277d0f7a49
5076a6d768413f31c726d8fe5fd8743b0aa111cc5104cde95c9cca4f7524bbc5
60899e76958dce03dfe5549be04c28e25fc9dfb098938a616e480a9c87d98774
7c32a3d1ded45902e167d47d0fdbfc895bfaa97a16a3c44bdf49468227ffc032
827899432da7e19a715e70e428bdb6d3e0c97a8344c5737c40a18afea482d94b
a3d2c6094e811cd7d6852d20688377e862af859684894ea8aae62308563527d8
a94b663748858879744efeb6b789df16f14e2007064d7dd8d071c63321339ab4
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bdee0e539b6b314e2b98db8a03175ee6d1fabd1158abd9bdc6fd704169febacb
c3f6f8335d41e6979a914f3a6196026970ff53cbc6232b243abb017cd3d0e592
c55920d4a7711146424b2eeb7e6fd48b68c97c139ea5303045544eddd61d1eed