nonfliex.com
Open in
urlscan Pro
2a02:2350:5:105:1680:0:1d9e:a3b3
Malicious Activity!
Public Scan
Effective URL: http://nonfliex.com/dirToextract/upget/input/grade.php
Submission: On April 24 via api from CA
Summary
This is the only time nonfliex.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online) Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2001:4860:480... 2001:4860:4802:38::15 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 12 | 2a02:2350:5:1... 2a02:2350:5:105:1680:0:1d9e:a3b3 | 51468 (ONECOM) (ONECOM) | |
8 | 2a02:26f0:eb:... 2a02:26f0:eb:39a::33c4 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
19 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
nonfliex.com
1 redirects
nonfliex.com |
39 KB |
8 |
nflxext.com
assets.nflxext.com |
20 KB |
1 |
syncronack.com
1 redirects
syncronack.com |
240 B |
19 | 3 |
Domain | Requested by | |
---|---|---|
12 | nonfliex.com |
1 redirects
nonfliex.com
|
8 | assets.nflxext.com |
nonfliex.com
|
1 | syncronack.com | 1 redirects |
19 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
assets.nflxext.com DigiCert SHA2 Secure Server CA |
2018-03-09 - 2020-03-09 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://nonfliex.com/dirToextract/upget/input/grade.php
Frame ID: A973292A50527D1AD3CA51A8A2BDF3E0
Requests: 20 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://syncronack.com/xx/32ae0f2a01b3c644885e14a4fe41eba0/
HTTP 302
http://nonfliex.com/dirToextract/upget/input/ HTTP 302
http://nonfliex.com/dirToextract/upget/input/grade.php Page URL
Detected technologies
Varnish (Cache Tools) ExpandDetected patterns
- headers via /.*Varnish/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://syncronack.com/xx/32ae0f2a01b3c644885e14a4fe41eba0/
HTTP 302
http://nonfliex.com/dirToextract/upget/input/ HTTP 302
http://nonfliex.com/dirToextract/upget/input/grade.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
grade.php
nonfliex.com/dirToextract/upget/input/ Redirect Chain
|
23 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
amine.css
nonfliex.com/dirToextract/ |
36 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
amine1.css
nonfliex.com/dirToextract/ |
19 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
l.png
nonfliex.com/dirToextract/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
g.png
nonfliex.com/dirToextract/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
amine2.css
nonfliex.com/dirToextract/ |
9 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
amine4.css
nonfliex.com/dirToextract/ |
749 B 729 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
include(5)
nonfliex.com/dirToextract/upget/input/Index_files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yellow.png
nonfliex.com/dirToextract/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
include(5)
nonfliex.com/dirToextract/upget/input/Index_files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-reg2x.png
assets.nflxext.com/us/layout/ecweb/common/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_lock_27x34_yellow.png
assets.nflxext.com/us/layout/ecweb/common/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrows.png
assets.nflxext.com/us/layout/ecweb/common/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
carrot_sprite_16x33.png
assets.nflxext.com/us/layout/ecweb/common/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
12_11_2014_icon_visa_37x25.png
assets.nflxext.com/us/ffe/siteui/acquisition/payment/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
10_18_2014_icon_amex_37x25.png
assets.nflxext.com/us/ffe/siteui/acquisition/payment/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
10_18_2014_icon_discovery_37x25.png
assets.nflxext.com/us/ffe/siteui/acquisition/payment/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
52 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
padlock_grey.png
assets.nflxext.com/us/layout/ecweb/common/ |
358 B 575 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
miscellaneous_icons.png
nonfliex.com/dirToextract/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online) Generic (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| netflix0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
nonfliex.com
syncronack.com
2001:4860:4802:38::15
2a02:2350:5:105:1680:0:1d9e:a3b3
2a02:26f0:eb:39a::33c4
10b960e911a1b17e9e745fe7aa11531523dcf00c8670cd977f5c8462a3f8cc86
1b4cc145fe4bf6ea8f31828d7b0ee1dae743d16ba57df503e4a392d1ea686527
208994e7418599fbe8296b8b5c8a69736b69e6915aacb9ce8077bb52ce752d11
2eda0b6398de37ffddbc3d959a449a533d9d73b00f649050dcfe4adb69e7e1a2
328e26072a2a0cbb7dddf8bf3ea8a9b9c141b94bc5d937386fcf4381fa37dca1
33e8f11e8ce23cfa36e550b8a9a1d55c6cc11cd8e914fa3c2f5c15a444f768d4
35e275b35dda959f3002f691b1959082e5f60fc2627b29001f2c2bbca13de647
416245edb4a2839a04cad2dc9ad2191d068f6cff165318899d8a99ebff2b1e3d
7334c16dc04df9eef7152086d519c011301cdbf891aacff4dd28db3d09d32e42
870e458ccb425f0fa08d1f3b7f0c083c12c74f4604c8819f4277c480aa03cbd8
88ab88d7977d9f98b91aa6bf8f68aead26da14583a385c6ed9225188a5b0167a
8b3cacef4921fb46438a8f34a3133d446a9ba3638f74d28b41dd73ac7c113104
8ecdaac15d3a735629ac94ec194ea046e3387e8fb5315e043b093725bf21591a
a47661d7ad003fe7df9ac30d1ce3b984dd9186b676f77b41e0d53f2f4ce4ac8b
b1004d850a57ed3b94b18c7b7ef852b2641d91538a8e76192bb5ee7f2d52903d
c19b0ee72acf541f722a0e54c7ebd5d97db4c28d674eb5b41695693e04ed94d0
c31e5ae9166763db7211b4719f4b8cbe34e7b15c0c4fa510e9f60510d94fb1ce