urlscan.io logo urlscan.io
SecurityTrails logo

dolceeamaro.gr Open in urlscan Pro
185.4.135.82  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://fabrykajezyka.edu.pl/.well-known/FS/netflix
Effective URL: https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?w...
Submission: On March 20 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 185.4.135.82, located in Athens, Greece and belongs to TOPHOST, GR. The main domain is dolceeamaro.gr.
TLS certificate: Issued by R3 on March 3rd 2022. Valid for: 3 months.
This is the only time dolceeamaro.gr was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
1 2 188.68.234.112 197226 (SPRINT-SDC)
5 11 185.4.135.82 199246 (TOPHOST)
8 3
Apex Domain
Subdomains		 Transfer
11 dolceeamaro.gr
dolceeamaro.gr
129 KB
2 fabrykajezyka.edu.pl
fabrykajezyka.edu.pl
461 B
0 liluzi.cf Failed
liluzi.cf Failed
8 3
Domain Requested by
11 dolceeamaro.gr 5 redirects dolceeamaro.gr
2 fabrykajezyka.edu.pl 1 redirects
0 liluzi.cf Failed dolceeamaro.gr
8 3

This site contains no links.

Subject Issuer Validity Valid
fabrykajezyka.edu.pl
R3		 2022-02-11 -
2022-05-12		 3 months crt.sh
dolceeamaro.gr
R3		 2022-03-03 -
2022-06-01		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?websrc=&dispatched=95&id=4284237049
Frame ID: 5B74115B51E7FB7238A2C5DA9A7F1285
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

NеtfIix -Sign In

Page URL History Show full URLs

  1. https://fabrykajezyka.edu.pl/.well-known/FS/netflix HTTP 301
    https://fabrykajezyka.edu.pl/.well-known/FS/netflix/ Page URL
  2. https://dolceeamaro.gr/blogs/media/FS/N/netflix HTTP 301
    https://dolceeamaro.gr/blogs/media/FS/N/netflix/ Page URL
  3. https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers HTTP 301
    https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/ HTTP 302
    https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46 HTTP 301
    https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/ HTTP 302
    https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d... Page URL

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

128 kB
Transfer

209 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://fabrykajezyka.edu.pl/.well-known/FS/netflix HTTP 301
    https://fabrykajezyka.edu.pl/.well-known/FS/netflix/ Page URL
  2. https://dolceeamaro.gr/blogs/media/FS/N/netflix HTTP 301
    https://dolceeamaro.gr/blogs/media/FS/N/netflix/ Page URL
  3. https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers HTTP 301
    https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/ HTTP 302
    https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46 HTTP 301
    https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/ HTTP 302
    https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?websrc=&dispatched=95&id=4284237049 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://fabrykajezyka.edu.pl/.well-known/FS/netflix HTTP 301
  • https://fabrykajezyka.edu.pl/.well-known/FS/netflix/
Request Chain 1
  • https://dolceeamaro.gr/blogs/media/FS/N/netflix HTTP 301
  • https://dolceeamaro.gr/blogs/media/FS/N/netflix/

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
fabrykajezyka.edu.pl/.well-known/FS/netflix/
Redirect Chain
  • https://fabrykajezyka.edu.pl/.well-known/FS/netflix
  • https://fabrykajezyka.edu.pl/.well-known/FS/netflix/
160 B
206 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fabrykajezyka.edu.pl/.well-known/FS/netflix/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.68.234.112 , Poland, ASN197226 (SPRINT-SDC, PL),
Reverse DNS
server.sprinthost.pl
Software
LiteSpeed /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

content-type
text/html; charset=UTF-8
content-encoding
gzip
vary
Accept-Encoding
content-length
148
date
Sun, 20 Mar 2022 06:05:34 GMT
server
LiteSpeed
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Redirect headers

content-type
text/html
date
Sun, 20 Mar 2022 06:05:34 GMT
server
LiteSpeed
location
https://fabrykajezyka.edu.pl/.well-known/FS/netflix/
content-encoding
gzip
vary
Accept-Encoding
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
/
dolceeamaro.gr/blogs/media/FS/N/netflix/
Redirect Chain
  • https://dolceeamaro.gr/blogs/media/FS/N/netflix
  • https://dolceeamaro.gr/blogs/media/FS/N/netflix/
203 B
379 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dolceeamaro.gr/blogs/media/FS/N/netflix/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.4.135.82 Athens, Greece, ASN199246 (TOPHOST, GR),
Reverse DNS
server.e-kyklos.gr
Software
nginx / PHP/7.2.34 PleskLin
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://fabrykajezyka.edu.pl/.well-known/FS/netflix/

Response headers

Server
nginx
Date
Sun, 20 Mar 2022 06:05:29 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/7.2.34 PleskLin
Content-Encoding
br

Redirect headers

Server
nginx
Date
Sun, 20 Mar 2022 06:05:28 GMT
Content-Type
text/html; charset=iso-8859-1
Content-Length
256
Connection
keep-alive
Location
https://dolceeamaro.gr/blogs/media/FS/N/netflix/
X-Powered-By
PleskLin
Primary Request /
dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/
Redirect Chain
  • https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers
  • https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/
  • https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46
  • https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/
  • https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?websrc=&dispatched=95&id=4284237049
2 KB
972 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?websrc=&dispatched=95&id=4284237049
Requested by
Host: dolceeamaro.gr
URL: https://dolceeamaro.gr/blogs/media/FS/N/netflix/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.4.135.82 Athens, Greece, ASN199246 (TOPHOST, GR),
Reverse DNS
server.e-kyklos.gr
Software
nginx / PHP/7.2.34 PleskLin
Resource Hash
ba6c936bf9bfc610af443e56da534d992518dc818a14bf0f4d492388884773a3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://dolceeamaro.gr/blogs/media/FS/N/netflix/

Response headers

Server
nginx
Date
Sun, 20 Mar 2022 06:05:31 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/7.2.34 PleskLin
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Content-Encoding
br

Redirect headers

Server
nginx
Date
Sun, 20 Mar 2022 06:05:30 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.2.34 PleskLin
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
location
./sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?websrc=&dispatched=95&id=4284237049
sm.css
dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/Files/css/ 		86 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/Files/css/sm.css
Requested by
Host: dolceeamaro.gr
URL: https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?websrc=&dispatched=95&id=4284237049
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.4.135.82 Athens, Greece, ASN199246 (TOPHOST, GR),
Reverse DNS
server.e-kyklos.gr
Software
nginx / PleskLin
Resource Hash
172e17d2493a6e40cee3d4ad514b50a6f9a02c3e35dc779fc7b64d80cea13daf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?websrc=&dispatched=95&id=4284237049
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sun, 20 Mar 2022 06:05:31 GMT
Content-Encoding
br
ETag
W/"6236c429-158fb"
Last-Modified
Sun, 20 Mar 2022 06:05:29 GMT
Server
nginx
X-Powered-By
PleskLin
Vary
Accept-Encoding
Content-Type
text/css
Transfer-Encoding
chunked
Connection
keep-alive
login.css
dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/Files/css/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/Files/css/login.css
Requested by
Host: dolceeamaro.gr
URL: https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?websrc=&dispatched=95&id=4284237049
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.4.135.82 Athens, Greece, ASN199246 (TOPHOST, GR),
Reverse DNS
server.e-kyklos.gr
Software
nginx / PleskLin
Resource Hash
293862671606439bf1c22ef1985dad98f4d4e11f2338f13644b3d561335d57ef

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?websrc=&dispatched=95&id=4284237049
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sun, 20 Mar 2022 06:05:31 GMT
Content-Encoding
br
ETag
W/"6236c429-f46"
Last-Modified
Sun, 20 Mar 2022 06:05:29 GMT
Server
nginx
X-Powered-By
PleskLin
Vary
Accept-Encoding
Content-Type
text/css
Transfer-Encoding
chunked
Connection
keep-alive
x.jpg
dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/Files/img/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/Files/img/x.jpg
Requested by
Host: dolceeamaro.gr
URL: https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?websrc=&dispatched=95&id=4284237049
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.4.135.82 Athens, Greece, ASN199246 (TOPHOST, GR),
Reverse DNS
server.e-kyklos.gr
Software
nginx / PleskLin
Resource Hash
93c4f5aacf58a7172e358b6c56adf693dfcecb2d210cb4afd5eaf1245777bf9c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?websrc=&dispatched=95&id=4284237049
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sun, 20 Mar 2022 06:05:31 GMT
Last-Modified
Sun, 20 Mar 2022 06:05:29 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"6236c429-7fc3"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
32707
logo.jpg
dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/Files/img/ 		84 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/Files/img/logo.jpg
Requested by
Host: dolceeamaro.gr
URL: https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/Files/css/login.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.4.135.82 Athens, Greece, ASN199246 (TOPHOST, GR),
Reverse DNS
server.e-kyklos.gr
Software
nginx / PleskLin
Resource Hash
baafd74a4cb4dc594b614eeb45c7267bb1af729d9271752460348ece16532d04

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/Files/css/login.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sun, 20 Mar 2022 06:05:32 GMT
Last-Modified
Sun, 20 Mar 2022 06:05:29 GMT
Server
nginx
X-Powered-By
PleskLin
ETag
"6236c429-150d2"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
86226
nficon.png
liluzi.cf/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
liluzi.cf
URL
https://liluzi.cf/nficon.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored

1 Cookies

Domain/Path Name / Value
dolceeamaro.gr/ Name: PHPSESSID
Value: 86fa2e60olkfums8cc86us2p2h

2 Console Messages

Source Level URL
Text
security warning URL: https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?websrc=&dispatched=95&id=4284237049
Message:
Mixed Content: The page at 'https://dolceeamaro.gr/blogs/media/FS/N/netflix/vers/e5c090beb5ead46/sign_in/?websrc=789eace9bfea7d69ca09c89d38e27b08?websrc=&dispatched=95&id=4284237049' was loaded over HTTPS, but requested an insecure element 'http://liluzi.cf/nficon.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network error URL: https://liluzi.cf/nficon.png
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED