netulxxsp3.temp.swtest.ru
Open in
urlscan Pro
77.222.61.25
Malicious Activity!
Public Scan
Effective URL: http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Submission: On January 22 via api from IE
Summary
This is the only time netulxxsp3.temp.swtest.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 2a00:1450:400... 2a00:1450:4001:817::2001 | 15169 (GOOGLE) (GOOGLE) | |
1 13 | 77.222.61.25 77.222.61.25 | 44112 (SWEB-AS) (SWEB-AS) | |
13 | 2 |
ASN15169 (GOOGLE, US)
netulxxspain.blogspot.be | |
netulxxspain.blogspot.com |
ASN44112 (SWEB-AS, RU)
PTR: vh289.sweb.ru
netulxxsp3.temp.swtest.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
swtest.ru
1 redirects
netulxxsp3.temp.swtest.ru |
379 KB |
1 |
blogspot.com
netulxxspain.blogspot.com |
15 KB |
1 |
blogspot.be
1 redirects
netulxxspain.blogspot.be |
394 B |
13 | 3 |
Domain | Requested by | |
---|---|---|
13 | netulxxsp3.temp.swtest.ru |
1 redirects
netulxxspain.blogspot.com
netulxxsp3.temp.swtest.ru |
1 | netulxxspain.blogspot.com | |
1 | netulxxspain.blogspot.be | 1 redirects |
13 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
misc-sni.blogspot.com GTS CA 1O1 |
2021-01-05 - 2021-03-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login
Frame ID: BF8CF0A5589BA9499BF645BBB5DFED85
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://netulxxspain.blogspot.be/?m=1
HTTP 302
https://netulxxspain.blogspot.com/?m=1 Page URL
-
http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/index.php
HTTP 302
http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login Page URL
Detected technologies
Java (Programming Languages) ExpandDetected patterns
- headers server /GSE/i
OpenGSE (Web Servers) Expand
Detected patterns
- headers server /GSE/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://netulxxspain.blogspot.be/?m=1
HTTP 302
https://netulxxspain.blogspot.com/?m=1 Page URL
-
http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/index.php
HTTP 302
http://netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://netulxxspain.blogspot.be/?m=1 HTTP 302
- https://netulxxspain.blogspot.com/?m=1
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
netulxxspain.blogspot.com/ Redirect Chain
|
70 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/ Redirect Chain
|
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylef.css
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
angular.min.js
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/ |
163 KB 57 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/ |
276 KB 83 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.min.js
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/ |
47 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mask.js
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/ |
18 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.js
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/js/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nonechaditk.css
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/ |
123 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
alpha_website_small.jpg
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/ |
113 KB 113 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FB-f-Logo__blue_57.png
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
site-spinner-240-light.png
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
netulxxsp3.temp.swtest.ru/netflixspain/netflixspain/N/style/css/ |
72 KB 72 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated object| angular function| $ function| jQuery function| preventBack0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
netulxxsp3.temp.swtest.ru
netulxxspain.blogspot.be
netulxxspain.blogspot.com
2a00:1450:4001:817::2001
77.222.61.25
3e379956c11b27e761265f7d50f07f680407c9bfe4b067856b9408755ec08255
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
5a7ed665f614fe2c62e79a477715dd18c8afae67f7c580bc049e013feb2864b7
72722ddd75997f291cacc6c055df484a0ef63841294f3e8d9aff87e744960aa0
7633e37bf9ad7fe483668ca0e9762b78802ed69f3acc1f7e2559193b32eba48c
86c051eb57fe97e4dc99fd4cba7334c3faef8e6d3655da6f2b04176f523d96f5
8c50aa8567731858e81bcfd2027718d9a7c8fd7bf54cf496499adbf5da5741b9
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
a7aaba567a989c0a456f9ff8934a87c98877d4396c27aaa0e29b2bf3e62bba70
c0e9155be4a3da4dd0e58ae4b84dfe8dcd4ed07e4d714a10414a80d43336e943
cf1f0d954cbbbcb32d170b1ff68c5b082a1086f34f2bbee825ca88b7c9fb213a
feef06333a75846b918f306264e5fa05fb60ccba9392da8454abc5dc41df4376