nonfliex.com Open in urlscan Pro
2a02:2350:5:105:1680:0:1d9e:a3b3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://syncronack.com/xx/32ae0f2a01b3c644885e14a4fe41eba0/
Effective URL:
http://nonfliex.com/dirToextract/upget/input/grade.php
Submission: On April 24 via api (April 24th 2019, 2:15:06 pm UTC) from CA

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 19 HTTP transactions. The main IP is 2a02:2350:5:105:1680:0:1d9e:a3b3, located in Denmark and belongs to ONECOM, DK. The main domain is nonfliex.com.

This is the only time nonfliex.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online) Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2001:4860:480... 2001:4860:4802:38::15	15169 (GOOGLE) (GOOGLE - Google LLC)
1 12	2a02:2350:5:1... 2a02:2350:5:105:1680:0:1d9e:a3b3	51468 (ONECOM) (ONECOM)
8	2a02:26f0:eb:... 2a02:26f0:eb:39a::33c4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
19	3

1 2001:4860:4802:38::15 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

syncronack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a02:2350:5:105:1680:0:1d9e:a3b3 (Denmark) 1 redirects

ASN51468 (ONECOM, DK)

nonfliex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:26f0:eb:39a::33c4 (European Union)

ASN20940 (AKAMAI-ASN1, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	nonfliex.com 1 redirects nonfliex.com	39 KB
8	nflxext.com assets.nflxext.com	20 KB
1	syncronack.com 1 redirects syncronack.com	240 B
19	3

	Domain	Requested by
12	nonfliex.com	1 redirects nonfliex.com
8	assets.nflxext.com	nonfliex.com
1	syncronack.com	1 redirects
19	3

This site contains no links.

Subject Issuer	Validity	Valid
assets.nflxext.com DigiCert SHA2 Secure Server CA	`2018-03-09` - `2020-03-09`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://nonfliex.com/dirToextract/upget/input/grade.php
Frame ID: A973292A50527D1AD3CA51A8A2BDF3E0
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://syncronack.com/xx/32ae0f2a01b3c644885e14a4fe41eba0/ HTTP 302
http://nonfliex.com/dirToextract/upget/input/ HTTP 302
http://nonfliex.com/dirToextract/upget/input/grade.php Page URL

Detected technologies

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /.*Varnish/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

19
Requests

42 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

58 kB
Transfer

125 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://syncronack.com/xx/32ae0f2a01b3c644885e14a4fe41eba0/ HTTP 302
http://nonfliex.com/dirToextract/upget/input/ HTTP 302
http://nonfliex.com/dirToextract/upget/input/grade.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request grade.php Show response nonfliex.com/dirToextract/upget/input/ Redirect Chain http://syncronack.com/xx/32ae0f2a01b3c644885e14a4fe41eba0/ http://nonfliex.com/dirToextract/upget/input/ http://nonfliex.com/dirToextract/upget/input/grade.php	23 KB 5 KB	32ms 32ms	Document text/html	2a02:2350:5:105:1680:0:1d9e:a3b3 ONECOM
General Check archive.org Show headers Download Go to Full URL http://nonfliex.com/dirToextract/upget/input/grade.php Protocol HTTP/1.1 Server 2a02:2350:5:105:1680:0:1d9e:a3b3 , Denmark, ASN51468 (ONECOM, DK), Reverse DNS Software Apache / PHP/7.3.4 Resource Hash `8b3cacef4921fb46438a8f34a3133d446a9ba3638f74d28b41dd73ac7c113104` Request headers Host nonfliex.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 24 Apr 2019 14:14:51 GMT Server Apache X-Powered-By PHP/7.3.4 Vary Accept-Encoding Content-Encoding gzip Content-Length 4953 Content-Type text/html; charset=UTF-8 X-Varnish 280367908 Age 0 Via 1.1 varnish (Varnish/6.2) Accept-Ranges bytes Connection keep-alive Redirect headers Date Wed, 24 Apr 2019 14:14:51 GMT Server Apache X-Powered-By PHP/7.3.4 Location grade.php Content-Length 0 Content-Type text/html; charset=UTF-8 X-Varnish 280367906 Age 0 Via 1.1 varnish (Varnish/6.2) Connection keep-alive
GET H/1.1	200 OK	amine.css nonfliex.com/dirToextract/	36 KB 6 KB	31ms 28ms	Stylesheet text/css	2a02:2350:5:105:1680:0:1d9e:a3b3 ONECOM
General Check archive.org Show headers Download Go to Full URL http://nonfliex.com/dirToextract/amine.css Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol HTTP/1.1 Server 2a02:2350:5:105:1680:0:1d9e:a3b3 , Denmark, ASN51468 (ONECOM, DK), Reverse DNS Software Apache / Resource Hash `c19b0ee72acf541f722a0e54c7ebd5d97db4c28d674eb5b41695693e04ed94d0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nonfliex.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://nonfliex.com/dirToextract/upget/input/grade.php Connection keep-alive Cache-Control no-cache Referer http://nonfliex.com/dirToextract/upget/input/grade.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 24 Apr 2019 13:36:50 GMT Content-Encoding gzip Last-Modified Wed, 24 Apr 2019 12:00:22 GMT Server Apache Age 2280 ETag "91bb-58745723b7844-gzip" Vary Accept-Encoding Content-Type text/css Via 1.1 varnish (Varnish/6.2) X-Varnish 280367910 268995432 Connection keep-alive Accept-Ranges bytes Content-Length 6044
GET H/1.1	200 OK	amine1.css nonfliex.com/dirToextract/	19 KB 4 KB	59ms 28ms	Stylesheet text/css	2a02:2350:5:105:1680:0:1d9e:a3b3 ONECOM
General Check archive.org Show headers Download Go to Full URL http://nonfliex.com/dirToextract/amine1.css Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol HTTP/1.1 Server 2a02:2350:5:105:1680:0:1d9e:a3b3 , Denmark, ASN51468 (ONECOM, DK), Reverse DNS Software Apache / Resource Hash `2eda0b6398de37ffddbc3d959a449a533d9d73b00f649050dcfe4adb69e7e1a2` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nonfliex.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://nonfliex.com/dirToextract/upget/input/grade.php Connection keep-alive Cache-Control no-cache Referer http://nonfliex.com/dirToextract/upget/input/grade.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 24 Apr 2019 13:36:50 GMT Content-Encoding gzip Last-Modified Wed, 24 Apr 2019 12:00:22 GMT Server Apache Age 2280 ETag "4c7b-58745723ba301-gzip" Vary Accept-Encoding Content-Type text/css Via 1.1 varnish (Varnish/6.2) X-Varnish 212323736 216937494 Connection keep-alive Accept-Ranges bytes Content-Length 3610
GET H/1.1	200 OK	l.png nonfliex.com/dirToextract/	2 KB 3 KB	70ms 34ms	Image image/png	2a02:2350:5:105:1680:0:1d9e:a3b3 ONECOM
General Check archive.org Show headers Download Go to Show image Full URL http://nonfliex.com/dirToextract/l.png Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol HTTP/1.1 Server 2a02:2350:5:105:1680:0:1d9e:a3b3 , Denmark, ASN51468 (ONECOM, DK), Reverse DNS Software Apache / Resource Hash `208994e7418599fbe8296b8b5c8a69736b69e6915aacb9ce8077bb52ce752d11` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nonfliex.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://nonfliex.com/dirToextract/upget/input/grade.php Connection keep-alive Cache-Control no-cache Referer http://nonfliex.com/dirToextract/upget/input/grade.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 24 Apr 2019 13:36:51 GMT Via 1.1 varnish (Varnish/6.2) Last-Modified Wed, 24 Apr 2019 12:00:22 GMT Server Apache Age 2280 ETag "9ac-58745723b5124" X-Varnish 273618254 278692500 Connection keep-alive Accept-Ranges bytes Content-Type image/png Content-Length 2476
GET H/1.1	200 OK	g.png nonfliex.com/dirToextract/	3 KB 3 KB	70ms 34ms	Image image/png	2a02:2350:5:105:1680:0:1d9e:a3b3 ONECOM
General Check archive.org Show headers Download Go to Show image Full URL http://nonfliex.com/dirToextract/g.png Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol HTTP/1.1 Server 2a02:2350:5:105:1680:0:1d9e:a3b3 , Denmark, ASN51468 (ONECOM, DK), Reverse DNS Software Apache / Resource Hash `416245edb4a2839a04cad2dc9ad2191d068f6cff165318899d8a99ebff2b1e3d` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nonfliex.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://nonfliex.com/dirToextract/upget/input/grade.php Connection keep-alive Cache-Control no-cache Referer http://nonfliex.com/dirToextract/upget/input/grade.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 24 Apr 2019 13:36:51 GMT Via 1.1 varnish (Varnish/6.2) Last-Modified Wed, 24 Apr 2019 12:00:22 GMT Server Apache Age 2280 ETag "b21-58745723b935d" X-Varnish 293864245 256414565 Connection keep-alive Accept-Ranges bytes Content-Type image/png Content-Length 2849
GET H/1.1	200 OK	amine2.css nonfliex.com/dirToextract/	9 KB 3 KB	59ms 29ms	Stylesheet text/css	2a02:2350:5:105:1680:0:1d9e:a3b3 ONECOM
General Check archive.org Show headers Download Go to Full URL http://nonfliex.com/dirToextract/amine2.css Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol HTTP/1.1 Server 2a02:2350:5:105:1680:0:1d9e:a3b3 , Denmark, ASN51468 (ONECOM, DK), Reverse DNS Software Apache / Resource Hash `328e26072a2a0cbb7dddf8bf3ea8a9b9c141b94bc5d937386fcf4381fa37dca1` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nonfliex.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://nonfliex.com/dirToextract/upget/input/grade.php Connection keep-alive Cache-Control no-cache Referer http://nonfliex.com/dirToextract/upget/input/grade.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 24 Apr 2019 13:36:50 GMT Content-Encoding gzip Last-Modified Wed, 24 Apr 2019 12:00:22 GMT Server Apache Age 2280 ETag "24d0-58745723baeab-gzip" Vary Accept-Encoding Content-Type text/css Via 1.1 varnish (Varnish/6.2) X-Varnish 260089710 243410656 Connection keep-alive Accept-Ranges bytes Content-Length 2474
GET H/1.1	200 OK	amine4.css nonfliex.com/dirToextract/	749 B 729 B	59ms 29ms	Stylesheet text/css	2a02:2350:5:105:1680:0:1d9e:a3b3 ONECOM
General Check archive.org Show headers Download Go to Full URL http://nonfliex.com/dirToextract/amine4.css Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol HTTP/1.1 Server 2a02:2350:5:105:1680:0:1d9e:a3b3 , Denmark, ASN51468 (ONECOM, DK), Reverse DNS Software Apache / Resource Hash `10b960e911a1b17e9e745fe7aa11531523dcf00c8670cd977f5c8462a3f8cc86` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nonfliex.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://nonfliex.com/dirToextract/upget/input/grade.php Connection keep-alive Cache-Control no-cache Referer http://nonfliex.com/dirToextract/upget/input/grade.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 24 Apr 2019 13:36:50 GMT Content-Encoding gzip Last-Modified Wed, 24 Apr 2019 12:00:22 GMT Server Apache Age 2280 ETag "2ed-58745723b686f-gzip" Vary Accept-Encoding Content-Type text/css Via 1.1 varnish (Varnish/6.2) X-Varnish 257174771 279511488 Connection keep-alive Accept-Ranges bytes Content-Length 366
GET H/1.1	404 Not Found	include(5) nonfliex.com/dirToextract/upget/input/Index_files/	0 0	59ms 29ms	Stylesheet text/html	2a02:2350:5:105:1680:0:1d9e:a3b3 ONECOM
General Check archive.org Show headers Download Go to Full URL http://nonfliex.com/dirToextract/upget/input/Index_files/include(5) Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol HTTP/1.1 Server 2a02:2350:5:105:1680:0:1d9e:a3b3 , Denmark, ASN51468 (ONECOM, DK), Reverse DNS Software Apache / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nonfliex.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://nonfliex.com/dirToextract/upget/input/grade.php Connection keep-alive Cache-Control no-cache Referer http://nonfliex.com/dirToextract/upget/input/grade.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 24 Apr 2019 14:14:22 GMT Via 1.1 varnish (Varnish/6.2) Server Apache Age 28 X-Varnish 280367911 261827740 Connection keep-alive Content-Type text/html; charset=iso-8859-1 Content-Length 245
GET H/1.1	200 OK	yellow.png nonfliex.com/dirToextract/	1 KB 1 KB	29ms 28ms	Image image/png	2a02:2350:5:105:1680:0:1d9e:a3b3 ONECOM
General Check archive.org Show headers Download Go to Show image Full URL http://nonfliex.com/dirToextract/yellow.png Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol HTTP/1.1 Server 2a02:2350:5:105:1680:0:1d9e:a3b3 , Denmark, ASN51468 (ONECOM, DK), Reverse DNS Software Apache / Resource Hash `c31e5ae9166763db7211b4719f4b8cbe34e7b15c0c4fa510e9f60510d94fb1ce` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nonfliex.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://nonfliex.com/dirToextract/upget/input/grade.php Connection keep-alive Cache-Control no-cache Referer http://nonfliex.com/dirToextract/upget/input/grade.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 24 Apr 2019 13:36:51 GMT Via 1.1 varnish (Varnish/6.2) Last-Modified Wed, 24 Apr 2019 12:00:22 GMT Server Apache Age 2280 ETag "46d-58745723b60ab" X-Varnish 212323737 273613707 Connection keep-alive Accept-Ranges bytes Content-Type image/png Content-Length 1133
GET H/1.1	404 Not Found	include(5) nonfliex.com/dirToextract/upget/input/Index_files/	0 0	29ms 28ms	Stylesheet text/html	2a02:2350:5:105:1680:0:1d9e:a3b3 ONECOM
General Check archive.org Show headers Download Go to Full URL http://nonfliex.com/dirToextract/upget/input/Index_files/include(5) Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol HTTP/1.1 Server 2a02:2350:5:105:1680:0:1d9e:a3b3 , Denmark, ASN51468 (ONECOM, DK), Reverse DNS Software Apache / Resource Hash Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nonfliex.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://nonfliex.com/dirToextract/upget/input/grade.php Connection keep-alive Cache-Control no-cache Referer http://nonfliex.com/dirToextract/upget/input/grade.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 24 Apr 2019 14:14:22 GMT Via 1.1 varnish (Varnish/6.2) Server Apache Age 28 X-Varnish 280367912 261827740 Connection keep-alive Content-Type text/html; charset=iso-8859-1 Content-Length 245
GET H2	200	logo-reg2x.png assets.nflxext.com/us/layout/ecweb/common/	2 KB 3 KB	27ms 7ms	Image image/png	2a02:26f0:eb:39a::33c4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/us/layout/ecweb/common/logo-reg2x.png Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:eb:39a::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `208994e7418599fbe8296b8b5c8a69736b69e6915aacb9ce8077bb52ce752d11` Request headers Referer http://nonfliex.com/dirToextract/amine.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 24 Apr 2019 14:14:51 GMT last-modified Wed, 17 Dec 2014 02:28:12 GMT server Apache content-md5 /BOlrhca3xsD/NqjSmgdLQ== etag "fc13a5ae171adf1b03fcdaa34a681d2d:1418785352" content-type image/png status 200 cache-control max-age=4277 accept-ranges bytes content-length 2476 expires Wed, 24 Apr 2019 15:26:08 GMT
GET H2	200	icon_lock_27x34_yellow.png assets.nflxext.com/us/layout/ecweb/common/	1 KB 2 KB	30ms 10ms	Image image/png	2a02:26f0:eb:39a::33c4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/us/layout/ecweb/common/icon_lock_27x34_yellow.png Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:eb:39a::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `35e275b35dda959f3002f691b1959082e5f60fc2627b29001f2c2bbca13de647` Request headers Referer http://nonfliex.com/dirToextract/amine2.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 24 Apr 2019 14:14:51 GMT last-modified Wed, 17 Dec 2014 02:28:12 GMT server Apache content-md5 jtNRYTdegB/IQc3Zi9ox9A== etag "8ed35161375e801fc841cdd98bda31f4:1418785351" content-type image/png status 200 cache-control max-age=2572 accept-ranges bytes content-length 1350 expires Wed, 24 Apr 2019 14:57:43 GMT
GET H2	200	arrows.png assets.nflxext.com/us/layout/ecweb/common/	7 KB 7 KB	32ms 13ms	Image image/png	2a02:26f0:eb:39a::33c4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/us/layout/ecweb/common/arrows.png Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:eb:39a::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `88ab88d7977d9f98b91aa6bf8f68aead26da14583a385c6ed9225188a5b0167a` Request headers Referer http://nonfliex.com/dirToextract/amine4.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 24 Apr 2019 14:14:51 GMT last-modified Wed, 17 Dec 2014 02:28:11 GMT server Apache content-md5 U6mWdrV9oCiDt6REoIRTMw== etag "53a99676b57da02883b7a444a0845333:1418785348" content-type image/png status 200 cache-control max-age=5574 accept-ranges bytes content-length 7340 expires Wed, 24 Apr 2019 15:47:45 GMT
GET H2	200	carrot_sprite_16x33.png assets.nflxext.com/us/layout/ecweb/common/	1 KB 2 KB	27ms 10ms	Image image/png	2a02:26f0:eb:39a::33c4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/us/layout/ecweb/common/carrot_sprite_16x33.png Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:eb:39a::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `a47661d7ad003fe7df9ac30d1ce3b984dd9186b676f77b41e0d53f2f4ce4ac8b` Request headers Referer http://nonfliex.com/dirToextract/amine1.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 24 Apr 2019 14:14:51 GMT last-modified Wed, 17 Dec 2014 02:28:11 GMT server Apache content-md5 S5zo1aDe9OUlKAAcIeVx8w== etag "4b9ce8d5a0def4e52528001c21e571f3:1418785349" content-type image/png status 200 cache-control max-age=9403 accept-ranges bytes content-length 1449 expires Wed, 24 Apr 2019 16:51:34 GMT
GET H2	200	12_11_2014_icon_visa_37x25.png assets.nflxext.com/us/ffe/siteui/acquisition/payment/	2 KB 2 KB	28ms 11ms	Image image/png	2a02:26f0:eb:39a::33c4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/us/ffe/siteui/acquisition/payment/12_11_2014_icon_visa_37x25.png Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:eb:39a::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `7334c16dc04df9eef7152086d519c011301cdbf891aacff4dd28db3d09d32e42` Request headers Referer http://nonfliex.com/dirToextract/amine1.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 24 Apr 2019 14:14:51 GMT last-modified Thu, 11 Dec 2014 21:58:16 GMT server Apache content-md5 AlPW3H84IVL0lrk4tEXlHQ== content-type image/png status 200 cache-control public, max-age=30865509 accept-ranges bytes content-length 1947 expires Wed, 15 Apr 2020 20:00:00 GMT
GET H2	200	10_18_2014_icon_amex_37x25.png assets.nflxext.com/us/ffe/siteui/acquisition/payment/	2 KB 2 KB	25ms 9ms	Image image/png	2a02:26f0:eb:39a::33c4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/us/ffe/siteui/acquisition/payment/10_18_2014_icon_amex_37x25.png Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:eb:39a::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `8ecdaac15d3a735629ac94ec194ea046e3387e8fb5315e043b093725bf21591a` Request headers Referer http://nonfliex.com/dirToextract/amine1.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 24 Apr 2019 14:14:51 GMT last-modified Wed, 19 Nov 2014 17:18:37 GMT server Apache content-md5 K2OFuI6NBcXvqmodovelug== content-type image/png status 200 cache-control public, max-age=30865509 accept-ranges bytes content-length 1573 expires Wed, 15 Apr 2020 20:00:00 GMT
GET H2	200	10_18_2014_icon_discovery_37x25.png assets.nflxext.com/us/ffe/siteui/acquisition/payment/	2 KB 2 KB	8ms 6ms	Image image/png	2a02:26f0:eb:39a::33c4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/us/ffe/siteui/acquisition/payment/10_18_2014_icon_discovery_37x25.png Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:eb:39a::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `b1004d850a57ed3b94b18c7b7ef852b2641d91538a8e76192bb5ee7f2d52903d` Request headers Referer http://nonfliex.com/dirToextract/amine1.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 24 Apr 2019 14:14:51 GMT last-modified Wed, 19 Nov 2014 17:18:37 GMT server Apache content-md5 Q5v8vUjU8uOwQvNuEqLYLw== content-type image/png status 200 cache-control public, max-age=30865509 accept-ranges bytes content-length 2001 expires Wed, 15 Apr 2020 20:00:00 GMT
GET DATA	200 OK	truncated /	52 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1b4cc145fe4bf6ea8f31828d7b0ee1dae743d16ba57df503e4a392d1ea686527` Request headers Referer http://nonfliex.com/dirToextract/amine2.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Content-Type image/png
GET H2	200	padlock_grey.png assets.nflxext.com/us/layout/ecweb/common/	358 B 575 B	26ms 24ms	Image image/png	2a02:26f0:eb:39a::33c4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/us/layout/ecweb/common/padlock_grey.png Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2a02:26f0:eb:39a::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software Apache / Resource Hash `33e8f11e8ce23cfa36e550b8a9a1d55c6cc11cd8e914fa3c2f5c15a444f768d4` Request headers Referer http://nonfliex.com/dirToextract/amine1.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 24 Apr 2019 14:14:51 GMT last-modified Wed, 17 Dec 2014 02:28:12 GMT server Apache content-md5 V7JIeHUquGdIncAz7I7XSw== etag "57b24878752ab867489dc033ec8ed74b:1418785353" content-type image/png status 200 cache-control max-age=8097 accept-ranges bytes content-length 358 expires Wed, 24 Apr 2019 16:29:48 GMT
GET H/1.1	200 OK	miscellaneous_icons.png nonfliex.com/dirToextract/	12 KB 13 KB	30ms 29ms	Image image/png	2a02:2350:5:105:1680:0:1d9e:a3b3 ONECOM
General Check archive.org Show headers Download Go to Show image Full URL http://nonfliex.com/dirToextract/miscellaneous_icons.png Requested by Host: nonfliex.com URL: http://nonfliex.com/dirToextract/upget/input/grade.php Protocol HTTP/1.1 Server 2a02:2350:5:105:1680:0:1d9e:a3b3 , Denmark, ASN51468 (ONECOM, DK), Reverse DNS Software Apache / Resource Hash `870e458ccb425f0fa08d1f3b7f0c083c12c74f4604c8819f4277c480aa03cbd8` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nonfliex.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://nonfliex.com/dirToextract/upget/input/grade.php Connection keep-alive Cache-Control no-cache Referer http://nonfliex.com/dirToextract/upget/input/grade.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 24 Apr 2019 13:36:51 GMT Via 1.1 varnish (Varnish/6.2) Last-Modified Wed, 24 Apr 2019 12:00:22 GMT Server Apache Age 2280 ETag "3113-58745723b83ef" X-Varnish 280367913 168585102 Connection keep-alive Accept-Ranges bytes Content-Type image/png Content-Length 12563

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online) Generic (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| netflix

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nflxext.com
nonfliex.com
syncronack.com
2001:4860:4802:38::15
2a02:2350:5:105:1680:0:1d9e:a3b3
2a02:26f0:eb:39a::33c4
10b960e911a1b17e9e745fe7aa11531523dcf00c8670cd977f5c8462a3f8cc86
1b4cc145fe4bf6ea8f31828d7b0ee1dae743d16ba57df503e4a392d1ea686527
208994e7418599fbe8296b8b5c8a69736b69e6915aacb9ce8077bb52ce752d11
2eda0b6398de37ffddbc3d959a449a533d9d73b00f649050dcfe4adb69e7e1a2
328e26072a2a0cbb7dddf8bf3ea8a9b9c141b94bc5d937386fcf4381fa37dca1
33e8f11e8ce23cfa36e550b8a9a1d55c6cc11cd8e914fa3c2f5c15a444f768d4
35e275b35dda959f3002f691b1959082e5f60fc2627b29001f2c2bbca13de647
416245edb4a2839a04cad2dc9ad2191d068f6cff165318899d8a99ebff2b1e3d
7334c16dc04df9eef7152086d519c011301cdbf891aacff4dd28db3d09d32e42
870e458ccb425f0fa08d1f3b7f0c083c12c74f4604c8819f4277c480aa03cbd8
88ab88d7977d9f98b91aa6bf8f68aead26da14583a385c6ed9225188a5b0167a
8b3cacef4921fb46438a8f34a3133d446a9ba3638f74d28b41dd73ac7c113104
8ecdaac15d3a735629ac94ec194ea046e3387e8fb5315e043b093725bf21591a
a47661d7ad003fe7df9ac30d1ce3b984dd9186b676f77b41e0d53f2f4ce4ac8b
b1004d850a57ed3b94b18c7b7ef852b2641d91538a8e76192bb5ee7f2d52903d
c19b0ee72acf541f722a0e54c7ebd5d97db4c28d674eb5b41695693e04ed94d0
c31e5ae9166763db7211b4719f4b8cbe34e7b15c0c4fa510e9f60510d94fb1ce

nonfliex.com Open in urlscan Pro 2a02:2350:5:105:1680:0:1d9e:a3b3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

42 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

58 kBTransfer

125 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

nonfliex.com Open in urlscan Pro
2a02:2350:5:105:1680:0:1d9e:a3b3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

42 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

58 kB
Transfer

125 kB
Size

0
Cookies

19 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!