netulxxsp3.temp.swtest.ru Open in urlscan Pro
77.222.61.25 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://netulxxspain.blogspot.be/?m=1
Effective URL:
http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Submission: On January 22 via api (January 22nd 2021, 2:25:21 am UTC) from IE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 77.222.61.25, located in Russian Federation and belongs to SWEB-AS, RU. The main domain is netulxxsp3.temp.swtest.ru.

This is the only time netulxxsp3.temp.swtest.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2a00:1450:400... 2a00:1450:4001:817::2001	15169 (GOOGLE) (GOOGLE)
1 13	77.222.61.25 77.222.61.25	44112 (SWEB-AS) (SWEB-AS)
13	2

2 2a00:1450:4001:817::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

netulxxspain.blogspot.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
netulxxspain.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 77.222.61.25 (Russian Federation) 1 redirects

ASN44112 (SWEB-AS, RU)
PTR: vh289.sweb.ru

netulxxsp3.temp.swtest.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	swtest.ru 1 redirects netulxxsp3.temp.swtest.ru	379 KB
1	blogspot.com netulxxspain.blogspot.com	15 KB
1	blogspot.be 1 redirects netulxxspain.blogspot.be	394 B
13	3

	Domain	Requested by
13	netulxxsp3.temp.swtest.ru	1 redirects netulxxspain.blogspot.com netulxxsp3.temp.swtest.ru
1	netulxxspain.blogspot.com
1	netulxxspain.blogspot.be	1 redirects
13	3

This site contains no links.

Subject Issuer	Validity	Valid
misc-sni.blogspot.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Frame ID: BF8CF0A5589BA9499BF645BBB5DFED85
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://netulxxspain.blogspot.be/?m=1 HTTP 302
https://netulxxspain.blogspot.com/?m=1 Page URL
http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/index.php HTTP 302
http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login Page URL

Detected technologies

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

OpenGSE (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

Page Statistics

13
Requests

8 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

394 kB
Transfer

911 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://netulxxspain.blogspot.be/?m=1 HTTP 302
https://netulxxspain.blogspot.com/?m=1 Page URL
http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/index.php HTTP 302
http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://netulxxspain.blogspot.be/?m=1 HTTP 302
https://netulxxspain.blogspot.com/?m=1

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
netulxxspain.blogspot.com/
Redirect Chain

https://netulxxspain.blogspot.be/?m=1
https://netulxxspain.blogspot.com/?m=1

70 KB
15 KB

421ms
385ms

Document
text/html

2a00:1450:4001:817::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://netulxxspain.blogspot.com/?m=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: netulxxspain.blogspot.com
:scheme: https
:path: /?m=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
expires: Fri, 22 Jan 2021 02:25:01 GMT
date: Fri, 22 Jan 2021 02:25:01 GMT
cache-control: private, max-age=0
last-modified: Thu, 21 Jan 2021 13:05:54 GMT
etag: W/"b75c3926abb7f5812f240ae90fa3601c79ebb376823facff3f620e910fbf348d"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 15406
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

location: https://netulxxspain.blogspot.com/?m=1
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Fri, 22 Jan 2021 02:25:01 GMT
expires: Fri, 22 Jan 2021 02:25:01 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 184
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

Primary Request login Show response
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/
Redirect Chain

http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/index.php
http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login

12 KB
4 KB

74ms
73ms

Document
text/html

77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Requested by: Host: netulxxspain.blogspot.com
URL: https://netulxxspain.blogspot.com/?m=1
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 / PHP/7.4.10
Resource Hash: 72722ddd75997f291cacc6c055df484a0ef63841294f3e8d9aff87e744960aa0

Request headers

Host: netulxxsp3.temp.swtest.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://netulxxspain.blogspot.com/?m=1

Response headers

Server: nginx/1.19.1
Date: Fri, 22 Jan 2021 02:25:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.10
Content-Encoding: gzip

Redirect headers

Server: nginx/1.19.1
Date: Fri, 22 Jan 2021 02:25:01 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=10
X-Powered-By: PHP/7.4.10
Location: login

GET
H/1.1 200
OK stylef.css
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/ 8 KB
2 KB 67ms
65ms Stylesheet
text/css 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/stylef.css
Requested by: Host: netulxxsp3.temp.swtest.ru
URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: feef06333a75846b918f306264e5fa05fb60ccba9392da8454abc5dc41df4376

Request headers

Referer: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 22 Jan 2021 02:25:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 03 Jan 2021 21:27:02 GMT
Server: nginx/1.19.1
ETag: W/"2fb0d9e-1e2c-5b805a25e7580"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK angular.min.js Show response
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/ 163 KB
57 KB 153ms
139ms Script
application/x-javascript 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/angular.min.js
Requested by: Host: netulxxsp3.temp.swtest.ru
URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9

Request headers

Referer: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 22 Jan 2021 02:25:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 03 Jan 2021 21:27:06 GMT
Server: nginx/1.19.1
ETag: W/"2fb0da0-28cdb-5b805a29b7e80"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK jquery.min.js Show response
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/ 276 KB
83 KB 169ms
155ms Script
application/x-javascript 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/jquery.min.js
Requested by: Host: netulxxsp3.temp.swtest.ru
URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: c0e9155be4a3da4dd0e58ae4b84dfe8dcd4ed07e4d714a10414a80d43336e943

Request headers

Referer: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 22 Jan 2021 02:25:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 03 Jan 2021 21:27:06 GMT
Server: nginx/1.19.1
ETag: W/"2fb0da4-4508d-5b805a29b7e80"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK jquery.validate.min.js Show response
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/ 47 KB
13 KB 179ms
165ms Script
application/x-javascript 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/jquery.validate.min.js
Requested by: Host: netulxxsp3.temp.swtest.ru
URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 7633e37bf9ad7fe483668ca0e9762b78802ed69f3acc1f7e2559193b32eba48c

Request headers

Referer: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 22 Jan 2021 02:25:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 03 Jan 2021 21:27:06 GMT
Server: nginx/1.19.1
ETag: W/"2fb0da5-bdba-5b805a29b7e80"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK jquery.mask.js Show response
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/ 18 KB
5 KB 170ms
156ms Script
application/x-javascript 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/jquery.mask.js
Requested by: Host: netulxxsp3.temp.swtest.ru
URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a

Request headers

Referer: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 22 Jan 2021 02:25:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 03 Jan 2021 21:27:06 GMT
Server: nginx/1.19.1
ETag: W/"2fb0da3-47fe-5b805a29b7e80"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK style.js Show response
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/ 2 KB
1 KB 129ms
63ms Script
application/x-javascript 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/style.js
Requested by: Host: netulxxsp3.temp.swtest.ru
URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 86c051eb57fe97e4dc99fd4cba7334c3faef8e6d3655da6f2b04176f523d96f5

Request headers

Referer: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 22 Jan 2021 02:25:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 03 Jan 2021 21:27:06 GMT
Server: nginx/1.19.1
ETag: W/"2fb0da6-859-5b805a29b7e80"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK nonechaditk.css
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/ 123 KB
20 KB 175ms
162ms Stylesheet
text/css 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/nonechaditk.css
Requested by: Host: netulxxsp3.temp.swtest.ru
URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: a7aaba567a989c0a456f9ff8934a87c98877d4396c27aaa0e29b2bf3e62bba70

Request headers

Referer: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 22 Jan 2021 02:25:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 03 Jan 2021 21:26:58 GMT
Server: nginx/1.19.1
ETag: W/"2fb07f0-1ec23-5b805a2216c80"
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

GET
H/1.1 200
OK alpha_website_small.jpg
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/ 113 KB
113 KB 133ms
120ms Image
image/jpeg 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/alpha_website_small.jpg
Requested by: Host: netulxxsp3.temp.swtest.ru
URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 3e379956c11b27e761265f7d50f07f680407c9bfe4b067856b9408755ec08255

Request headers

Referer: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 22 Jan 2021 02:25:02 GMT
Last-Modified: Sun, 03 Jan 2021 21:26:54 GMT
Server: nginx/1.19.1
ETag: "2fb07e3-1c4c8-5b805a1e46380"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=10
Content-Length: 115912

GET
H/1.1 200
OK FB-f-Logo__blue_57.png
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/ 1 KB
2 KB 146ms
133ms Image
image/png 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/FB-f-Logo__blue_57.png
Requested by: Host: netulxxsp3.temp.swtest.ru
URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece

Request headers

Referer: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 22 Jan 2021 02:25:02 GMT
Last-Modified: Sun, 03 Jan 2021 21:26:54 GMT
Server: nginx/1.19.1
ETag: "2fb07e7-5af-5b805a1e46380"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=10
Content-Length: 1455

GET
H/1.1 200
OK site-spinner-240-light.png
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/ 5 KB
5 KB 145ms
133ms Image
image/png 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/site-spinner-240-light.png
Requested by: Host: netulxxsp3.temp.swtest.ru
URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/nonechaditk.css
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 5a7ed665f614fe2c62e79a477715dd18c8afae67f7c580bc049e013feb2864b7

Request headers

Referer: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/nonechaditk.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 22 Jan 2021 02:25:02 GMT
Last-Modified: Sun, 03 Jan 2021 21:27:02 GMT
Server: nginx/1.19.1
ETag: "2fb07f8-13e7-5b805a25e7580"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=10
Content-Length: 5095

GET
H/1.1 200
OK nf-icon-v1-93.woff
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/ 72 KB
72 KB 156ms
143ms Font
application/x-font-woff 77.222.61.25
SWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/nf-icon-v1-93.woff
Requested by: Host: netulxxsp3.temp.swtest.ru
URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/nonechaditk.css
Protocol: HTTP/1.1
Server: 77.222.61.25 , Russian Federation, ASN44112 (SWEB-AS, RU),
Reverse DNS: vh289.sweb.ru
Software: nginx/1.19.1 /
Resource Hash: 98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Request headers

Origin: http://netulxxsp3.temp.swtest.ru
Referer: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/nonechaditk.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 22 Jan 2021 02:25:02 GMT
Content-Encoding: gzip
Last-Modified: Sun, 03 Jan 2021 21:26:58 GMT
Server: nginx/1.19.1
ETag: W/"2fb07ed-11f64-5b805a2216c80"
Vary: Accept-Encoding
Content-Type: application/x-font-woff
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=10

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

netulxxsp3.temp.swtest.ru
netulxxspain.blogspot.be
netulxxspain.blogspot.com
2a00:1450:4001:817::2001
77.222.61.25
3e379956c11b27e761265f7d50f07f680407c9bfe4b067856b9408755ec08255
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
5a7ed665f614fe2c62e79a477715dd18c8afae67f7c580bc049e013feb2864b7
72722ddd75997f291cacc6c055df484a0ef63841294f3e8d9aff87e744960aa0
7633e37bf9ad7fe483668ca0e9762b78802ed69f3acc1f7e2559193b32eba48c
86c051eb57fe97e4dc99fd4cba7334c3faef8e6d3655da6f2b04176f523d96f5
8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
a7aaba567a989c0a456f9ff8934a87c98877d4396c27aaa0e29b2bf3e62bba70
c0e9155be4a3da4dd0e58ae4b84dfe8dcd4ed07e4d714a10414a80d43336e943
cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a
feef06333a75846b918f306264e5fa05fb60ccba9392da8454abc5dc41df4376

netulxxsp3.temp.swtest.ru Open in urlscan Pro 77.222.61.25 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

8 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

394 kBTransfer

911 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

netulxxsp3.temp.swtest.ru Open in urlscan Pro
77.222.61.25 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

8 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

394 kB
Transfer

911 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!