www.helpstek-netflix-support.shivafashionsinc.com
Open in
urlscan Pro
119.18.54.84
Malicious Activity!
Public Scan
Effective URL: https://www.helpstek-netflix-support.shivafashionsinc.com/app/captcha
Submission: On July 30 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by R3 on July 22nd 2021. Valid for: 3 months.
This is the only time www.helpstek-netflix-support.shivafashionsinc.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 119.18.54.84 119.18.54.84 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
1 | 2a00:86c0:209... 2a00:86c0:2091::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
10 | 2 |
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
www.helpstek-netflix-support.shivafashionsinc.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
shivafashionsinc.com
1 redirects
www.helpstek-netflix-support.shivafashionsinc.com |
166 KB |
1 |
nflxext.com
assets.nflxext.com |
85 KB |
10 | 2 |
Domain | Requested by | |
---|---|---|
10 | www.helpstek-netflix-support.shivafashionsinc.com |
1 redirects
www.helpstek-netflix-support.shivafashionsinc.com
|
1 | assets.nflxext.com |
www.helpstek-netflix-support.shivafashionsinc.com
|
10 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.shivafashionsinc.com R3 |
2021-07-22 - 2021-10-20 |
3 months | crt.sh |
*.1.nflxso.net DigiCert TLS RSA SHA256 2020 CA1 |
2021-07-25 - 2021-08-23 |
a month | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.helpstek-netflix-support.shivafashionsinc.com/app/captcha
Frame ID: C0730711E82E25C7794B6672FF43786A
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://www.helpstek-netflix-support.shivafashionsinc.com/
HTTP 302
https://www.helpstek-netflix-support.shivafashionsinc.com/app/captcha Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
- script /jquery-ui.*\.js/i
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- script /jquery-ui.*\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.helpstek-netflix-support.shivafashionsinc.com/
HTTP 302
https://www.helpstek-netflix-support.shivafashionsinc.com/app/captcha Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
captcha
www.helpstek-netflix-support.shivafashionsinc.com/app/ Redirect Chain
|
226 KB 35 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
www.helpstek-netflix-support.shivafashionsinc.com/app/js/ |
91 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui.min.js
www.helpstek-netflix-support.shivafashionsinc.com/app/js/ |
232 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sample.css
www.helpstek-netflix-support.shivafashionsinc.com/app/ |
2 KB 876 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b.css
www.helpstek-netflix-support.shivafashionsinc.com/app/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jq.css
www.helpstek-netflix-support.shivafashionsinc.com/app/js/ |
795 B 447 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin.js
www.helpstek-netflix-support.shivafashionsinc.com/app/ |
1 KB 813 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b.css
www.helpstek-netflix-support.shivafashionsinc.com/app/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-the-crown_2-1500x1000.jpg
assets.nflxext.com/ffe/siteui/acquisition/login/ |
84 KB 85 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cptcha.png
www.helpstek-netflix-support.shivafashionsinc.com/app/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| DP_jQuery_1627645597190 function| ChangeCaptcha function| check1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.helpstek-netflix-support.shivafashionsinc.com/ | Name: PHPSESSID Value: 8f2a0ed016ca60a44b6831661bb34eeb |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
www.helpstek-netflix-support.shivafashionsinc.com
119.18.54.84
2a00:86c0:2091::1
02b13270326590d6def38e34ea50ad9121dea9904a21f5ca578e12eecea93b50
20e83c0811e760b2927242f95ec205547e5b6b8553ce6537618dc74599d850c6
33c414eb7f3469597135a208b3cece8dfbbabddb80acf618a77d620312eb81e1
51eccd74b04b65a1bf62845caf8f08ebc82bf296f98324c133e762e4ff29eadf
baafd74a4cb4dc594b614eeb45c7267bb1af729d9271752460348ece16532d04
e8cee5e3c8fbcd7dcf89c51379555bb7c8d0576c9f67a62dcd6fdafc154de1a5
f53496922ff8f25b86b3b6cdedeb33a0936c740eea133caf9905bf31ebc8fa05
f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729