netflx-secured.srv003-ssl-secure.ru Open in urlscan Pro
109.98.208.52 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://netflx-secured.srv003-ssl-secure.ru/
Submission: On October 28 via automatic, source certstream-suspicious (October 28th 2023, 5:47:13 am UTC) — Scanned from DE

Summary HTTP 15 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 109.98.208.52, located in Plopeni, Romania and belongs to RTD Bucharest, Romania, RO. The main domain is netflx-secured.srv003-ssl-secure.ru.
TLS certificate: Issued by R3 on October 28th 2023. Valid for: 3 months.

This is the only time netflx-secured.srv003-ssl-secure.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
10	109.98.208.52 109.98.208.52	9050 (RTD Bucha...) (RTD Bucharest)
1	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
4	2a00:86c0:209... 2a00:86c0:2090::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
15	3

10 109.98.208.52 (Plopeni, Romania)

ASN9050 (RTD Bucharest, Romania, RO)

netflx-secured.srv003-ssl-secure.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:86c0:2090::1 (United States)

ASN40027 (NETFLIX-ASN, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	srv003-ssl-secure.ru netflx-secured.srv003-ssl-secure.ru	1 MB
4	nflxext.com assets.nflxext.com — Cisco Umbrella Rank: 5083	506 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 762	30 KB
15	3

	Domain	Requested by
10	netflx-secured.srv003-ssl-secure.ru	netflx-secured.srv003-ssl-secure.ru
4	assets.nflxext.com	netflx-secured.srv003-ssl-secure.ru
1	code.jquery.com	netflx-secured.srv003-ssl-secure.ru
15	3

This site contains links to these domains. Also see Links.

Domain
policies.google.com
help.netflix.com
netflix.shop

Subject Issuer	Validity	Valid
netflx-secured.srv003-ssl-secure.ru R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.1.nflxso.net DigiCert Secure Site ECC CA-1	`2023-10-06` - `2023-11-06`	a month	crt.sh

This page contains 1 frames:

Primary Page: https://netflx-secured.srv003-ssl-secure.ru/
Frame ID: 05A36A89ABD980EF7B9356BF0FE043E7
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

NetfIix

Detected technologies

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1981 kB
Transfer

2032 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://help.netflix.com/support/412
Title: FAQ

Search URL Search Domain Scan URL

URL: https://help.netflix.com/
Title: Help Center

Search URL Search Domain Scan URL

URL: https://netflix.shop/
Title: Netflix Shop

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/termsofuse
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/corpinfo
Title: Corporate Information

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/dnsspi
Title: Do Not Sell or Share My Personal Information

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response netflx-secured.srv003-ssl-secure.ru/	325 KB 325 KB	187ms 68ms	Document text/html	109.98.208.52 RTD Bucharest
General Check archive.org Show headers Download Go to Full URL https://netflx-secured.srv003-ssl-secure.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 109.98.208.52 Plopeni, Romania, ASN9050 (RTD Bucharest, Romania, RO), Reverse DNS Software nginx/1.14.1 / PHP/7.4.30 Resource Hash `aedddd3f82b084237e0a640109a8ab69647134afd0f9ec20a049acfebc97efbb` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Type text/html; charset=UTF-8 Date Sat, 28 Oct 2023 05:47:06 GMT Server nginx/1.14.1 Transfer-Encoding chunked X-Powered-By PHP/7.4.30
GET H2	200	jquery-3.7.0.min.js Show response code.jquery.com/	85 KB 30 KB	58ms 33ms	Script application/javascript	2a04:4e42:600::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.7.0.min.js Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8` Request headers Referer https://netflx-secured.srv003-ssl-secure.ru/ Origin https://netflx-secured.srv003-ssl-secure.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers date Sat, 28 Oct 2023 05:47:06 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 3669828 x-cache HIT, HIT content-length 30308 x-served-by cache-lga13623-LGA, cache-fra-eddf8230075-FRA last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1698472027.858607,VS0,VE0 etag W/"28feccc0-155a6" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 23, 142402
GET H/1.1	200 OK	script.js Show response netflx-secured.srv003-ssl-secure.ru/	676 B 927 B	134ms 32ms	Script application/javascript	109.98.208.52 RTD Bucharest
General Check archive.org Show headers Download Go to Full URL https://netflx-secured.srv003-ssl-secure.ru/script.js Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 109.98.208.52 Plopeni, Romania, ASN9050 (RTD Bucharest, Romania, RO), Reverse DNS Software nginx/1.14.1 / Resource Hash `7ad0d2d33a60e39376f68f6cead85016b28f4037029e1b04210701f01c5c9689` Request headers accept-language de-DE,de;q=0.9 Referer https://netflx-secured.srv003-ssl-secure.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 05:47:06 GMT Last-Modified Sat, 28 Oct 2023 04:49:48 GMT Server nginx/1.14.1 ETag "653c92ec-2a4" Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 676
GET H/1.1	200 OK	loginControllerClient.js.d417d47045a2412d7fa8.js Show response netflx-secured.srv003-ssl-secure.ru/assets.nflxext.com/web/ffe/wp/components/login/	325 KB 325 KB	165ms 35ms	Script text/html	109.98.208.52 RTD Bucharest
General Check archive.org Show headers Download Go to Full URL https://netflx-secured.srv003-ssl-secure.ru/assets.nflxext.com/web/ffe/wp/components/login/loginControllerClient.js.d417d47045a2412d7fa8.js Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 109.98.208.52 Plopeni, Romania, ASN9050 (RTD Bucharest, Romania, RO), Reverse DNS Software nginx/1.14.1 / PHP/7.4.30 Resource Hash `aedddd3f82b084237e0a640109a8ab69647134afd0f9ec20a049acfebc97efbb` Request headers accept-language de-DE,de;q=0.9 Referer https://netflx-secured.srv003-ssl-secure.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 05:47:06 GMT Server nginx/1.14.1 Connection keep-alive X-Powered-By PHP/7.4.30 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	WebsiteDetect2afe.html netflx-secured.srv003-ssl-secure.ru/personalization/cl2/freeform/	325 KB 325 KB	129ms 63ms	Stylesheet text/html	109.98.208.52 RTD Bucharest
General Check archive.org Show headers Download Go to Full URL https://netflx-secured.srv003-ssl-secure.ru/personalization/cl2/freeform/WebsiteDetect2afe.html?source=wwwhead&fetchType=css&modalView=login Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 109.98.208.52 Plopeni, Romania, ASN9050 (RTD Bucharest, Romania, RO), Reverse DNS Software nginx/1.14.1 / PHP/7.4.30 Resource Hash `aedddd3f82b084237e0a640109a8ab69647134afd0f9ec20a049acfebc97efbb` Request headers accept-language de-DE,de;q=0.9 Referer https://netflx-secured.srv003-ssl-secure.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 05:47:06 GMT Server nginx/1.14.1 Connection keep-alive X-Powered-By PHP/7.4.30 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	otSDKStub.js Show response netflx-secured.srv003-ssl-secure.ru/cdn.cookielaw.org/scripttemplates/	325 KB 325 KB	167ms 34ms	Script text/html	109.98.208.52 RTD Bucharest
General Check archive.org Show headers Download Go to Full URL https://netflx-secured.srv003-ssl-secure.ru/cdn.cookielaw.org/scripttemplates/otSDKStub.js Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 109.98.208.52 Plopeni, Romania, ASN9050 (RTD Bucharest, Romania, RO), Reverse DNS Software nginx/1.14.1 / PHP/7.4.30 Resource Hash `aedddd3f82b084237e0a640109a8ab69647134afd0f9ec20a049acfebc97efbb` Request headers accept-language de-DE,de;q=0.9 Referer https://netflx-secured.srv003-ssl-secure.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 05:47:06 GMT Server nginx/1.14.1 Connection keep-alive X-Powered-By PHP/7.4.30 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	style.css netflx-secured.srv003-ssl-secure.ru/	10 KB 10 KB	99ms 32ms	Stylesheet text/css	109.98.208.52 RTD Bucharest
General Check archive.org Show headers Download Go to Full URL https://netflx-secured.srv003-ssl-secure.ru/style.css Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 109.98.208.52 Plopeni, Romania, ASN9050 (RTD Bucharest, Romania, RO), Reverse DNS Software nginx/1.14.1 / Resource Hash `910fb84da8dac07dc71624e7123c3617727aac2637fcb5421c0b772b4d97f42f` Request headers accept-language de-DE,de;q=0.9 Referer https://netflx-secured.srv003-ssl-secure.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 05:47:06 GMT Last-Modified Sun, 13 Aug 2023 17:50:00 GMT Server nginx/1.14.1 ETag "64d917c8-2658" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 9816
GET H/1.1	200 OK	style2.css netflx-secured.srv003-ssl-secure.ru/	44 KB 44 KB	141ms 69ms	Stylesheet text/css	109.98.208.52 RTD Bucharest
General Check archive.org Show headers Download Go to Full URL https://netflx-secured.srv003-ssl-secure.ru/style2.css Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 109.98.208.52 Plopeni, Romania, ASN9050 (RTD Bucharest, Romania, RO), Reverse DNS Software nginx/1.14.1 / Resource Hash `28893dd43488d83c7ab4f71734f746bb94d8f268cafc6f7da9292e6e59ac209b` Request headers accept-language de-DE,de;q=0.9 Referer https://netflx-secured.srv003-ssl-secure.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 05:47:06 GMT Last-Modified Sun, 13 Aug 2023 17:52:44 GMT Server nginx/1.14.1 ETag "64d9186c-ae7f" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 44671
GET H/1.1	200 OK	style3.css netflx-secured.srv003-ssl-secure.ru/	88 KB 89 KB	126ms 32ms	Stylesheet text/css	109.98.208.52 RTD Bucharest
General Check archive.org Show headers Download Go to Full URL https://netflx-secured.srv003-ssl-secure.ru/style3.css Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 109.98.208.52 Plopeni, Romania, ASN9050 (RTD Bucharest, Romania, RO), Reverse DNS Software nginx/1.14.1 / Resource Hash `1d957c21d351e828e2cffad66a92b3170a74a4d8d12d0150afce3e21f96fd395` Request headers accept-language de-DE,de;q=0.9 Referer https://netflx-secured.srv003-ssl-secure.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 05:47:06 GMT Last-Modified Sun, 13 Aug 2023 17:54:18 GMT Server nginx/1.14.1 ETag "64d918ca-16124" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 90404
GET H/1.1	200 OK	US-en-20230807-popsignuptwoweeks-perspective_alpha_website_large.jpg assets.nflxext.com/ffe/siteui/vlv3/6c884f48-f7d8-4a59-9d25-b7c138813aee/c741e848-5f1b-4230-8400-909aa0a4ac80/	328 KB 329 KB	66ms 30ms	Image image/jpeg	2a00:86c0:2090::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/ffe/siteui/vlv3/6c884f48-f7d8-4a59-9d25-b7c138813aee/c741e848-5f1b-4230-8400-909aa0a4ac80/US-en-20230807-popsignuptwoweeks-perspective_alpha_website_large.jpg Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `f080b06c7aebde7d815057f7794e5890043ea691bf6c048495c344e7dae1f077` Request headers accept-language de-DE,de;q=0.9 Referer https://netflx-secured.srv003-ssl-secure.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 05:47:06 GMT Last-Modified Wed, 09 Aug 2023 13:46:10 GMT Server nginx Content-MD5 jz54ezL5LunE3J8i6ML/fw== Content-Type image/jpeg Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 336262 Expires Sat, 04 Nov 2023 05:47:07 GMT
NotFoundb2e6.html H/1.1	400 Bad Request	WebsiteDetect Show response netflx-secured.srv003-ssl-secure.ru/personalization/cl2/freeform/	173 B 325 B	31ms 31ms	XHR text/html	109.98.208.52 RTD Bucharest
General Check archive.org Show headers Download Go to Full URL https://netflx-secured.srv003-ssl-secure.ru/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=js&modalView=login Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 109.98.208.52 Plopeni, Romania, ASN9050 (RTD Bucharest, Romania, RO), Reverse DNS Software nginx/1.14.1 / Resource Hash `0b5063d905766dc9ab913f09495eaf647107da2ef08f45de33ed2116c589f0ec` Request headers accept-language de-DE,de;q=0.9 Referer https://netflx-secured.srv003-ssl-secure.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 05:47:07 GMT Server nginx/1.14.1 Connection close Content-Length 173 Content-Type text/html
NotFoundb2e6.html H/1.1	400 Bad Request	WebsiteScreen Show response netflx-secured.srv003-ssl-secure.ru/personalization/cl2/freeform/	173 B 325 B	32ms 32ms	XHR text/html	109.98.208.52 RTD Bucharest
General Check archive.org Show headers Download Go to Full URL https://netflx-secured.srv003-ssl-secure.ru/personalization/cl2/freeform/WebsiteScreen?source=wwwhead&fetchType=js&winw=1600&winh=1200&screenw=1600&screenh=1200&ratio=1 Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 109.98.208.52 Plopeni, Romania, ASN9050 (RTD Bucharest, Romania, RO), Reverse DNS Software nginx/1.14.1 / Resource Hash `0b5063d905766dc9ab913f09495eaf647107da2ef08f45de33ed2116c589f0ec` Request headers accept-language de-DE,de;q=0.9 Referer https://netflx-secured.srv003-ssl-secure.ru/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 05:47:07 GMT Server nginx/1.14.1 Connection close Content-Length 173 Content-Type text/html
GET H/1.1	200 OK	NetflixSans_W_Rg.woff2 assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/	52 KB 52 KB	68ms 8ms	Font font/woff2	2a00:86c0:2090::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Full URL https://assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Rg.woff2 Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167` Request headers Referer https://netflx-secured.srv003-ssl-secure.ru/ Origin https://netflx-secured.srv003-ssl-secure.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 05:47:07 GMT Last-Modified Thu, 17 Jan 2019 20:16:30 GMT Server nginx Content-MD5 C/MXfx/tbZUxeCIfukPH6A== Content-Type font/woff2 Access-Control-Allow-Origin * Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 53304 Expires Sat, 04 Nov 2023 05:47:08 GMT
GET H/1.1	200 OK	NetflixSans_W_Md.woff2 assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/	53 KB 53 KB	67ms 7ms	Font font/woff2	2a00:86c0:2090::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Full URL https://assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Md.woff2 Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/style.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e` Request headers Referer https://netflx-secured.srv003-ssl-secure.ru/ Origin https://netflx-secured.srv003-ssl-secure.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 05:47:07 GMT Last-Modified Thu, 17 Jan 2019 20:16:30 GMT Server nginx Content-MD5 6naZIbDPpPxtTRouCx+l/w== Content-Type font/woff2 Access-Control-Allow-Origin * Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 53940 Expires Sat, 04 Nov 2023 05:47:08 GMT
GET H/1.1	200 OK	nf-icon-v1-93.woff assets.nflxext.com/ffe/siteui/fonts/	72 KB 72 KB	67ms 7ms	Font font/woff	2a00:86c0:2090::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Full URL https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff Requested by Host: netflx-secured.srv003-ssl-secure.ru URL: https://netflx-secured.srv003-ssl-secure.ru/style2.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d` Request headers Referer https://netflx-secured.srv003-ssl-secure.ru/ Origin https://netflx-secured.srv003-ssl-secure.ru accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36 Response headers Date Sat, 28 Oct 2023 05:47:07 GMT Last-Modified Mon, 29 Jan 2018 01:50:51 GMT Server nginx Content-MD5 fPYVbMSBJEtaJUNi17c/AA== Content-Type font/woff Access-Control-Allow-Origin * Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 73572 Expires Sat, 04 Nov 2023 05:47:08 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://netflx-secured.srv003-ssl-secure.ru/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=js&modalView=login Message: Failed to load resource: the server responded with a status of 400 (Bad Request)
network	error	URL: https://netflx-secured.srv003-ssl-secure.ru/personalization/cl2/freeform/WebsiteScreen?source=wwwhead&fetchType=js&winw=1600&winh=1200&screenw=1600&screenh=1200&ratio=1 Message: Failed to load resource: the server responded with a status of 400 (Bad Request)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nflxext.com
code.jquery.com
netflx-secured.srv003-ssl-secure.ru
109.98.208.52
2a00:86c0:2090::1
2a04:4e42:600::649
0b5063d905766dc9ab913f09495eaf647107da2ef08f45de33ed2116c589f0ec
1d957c21d351e828e2cffad66a92b3170a74a4d8d12d0150afce3e21f96fd395
28893dd43488d83c7ab4f71734f746bb94d8f268cafc6f7da9292e6e59ac209b
7ad0d2d33a60e39376f68f6cead85016b28f4037029e1b04210701f01c5c9689
910fb84da8dac07dc71624e7123c3617727aac2637fcb5421c0b772b4d97f42f
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e
aedddd3f82b084237e0a640109a8ab69647134afd0f9ec20a049acfebc97efbb
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
f080b06c7aebde7d815057f7794e5890043ea691bf6c048495c344e7dae1f077

netflx-secured.srv003-ssl-secure.ru Open in urlscan Pro 109.98.208.52 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

1981 kBTransfer

2032 kBSize

0 Cookies

9 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

netflx-secured.srv003-ssl-secure.ru Open in urlscan Pro
109.98.208.52 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1981 kB
Transfer

2032 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!