urlscan.io logo urlscan.io
SecurityTrails logo

mixflix-aa.herokuapp.com Open in urlscan Pro
3.225.186.86  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://mixflix-aa.herokuapp.com/
Submission: On March 23 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 3.225.186.86, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is mixflix-aa.herokuapp.com.
This is the only time mixflix-aa.herokuapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
3 3.225.186.86 14618 (AMAZON-AES)
1 151.101.112.193 54113 (FASTLY)
1 2a00:86c0:209... 40027 (NETFLIX-ASN)
5 3
Apex Domain
Subdomains		 Transfer
3 herokuapp.com
mixflix-aa.herokuapp.com
109 KB
1 nflxext.com
assets.nflxext.com
332 KB
1 imgur.com
i.imgur.com
25 KB
5 3
Domain Requested by
3 mixflix-aa.herokuapp.com mixflix-aa.herokuapp.com
1 assets.nflxext.com mixflix-aa.herokuapp.com
1 i.imgur.com mixflix-aa.herokuapp.com
5 3

This site contains no links.

Subject Issuer Validity Valid
*.imgur.com
DigiCert SHA2 Secure Server CA		 2020-01-15 -
2022-03-16		 2 years crt.sh
*.1.nflxso.net
DigiCert SHA2 Secure Server CA		 2021-03-02 -
2021-04-03		 a month crt.sh

This page contains 1 frames:

Primary Page: http://mixflix-aa.herokuapp.com/
Frame ID: 53DFFE940A5C09EA32AFD44FD64F2883
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^Cowboy$/i
Overall confidence: 100%
Detected patterns
  • headers server /^Cowboy$/i

Page Statistics

5
Requests

40 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

467 kB
Transfer

697 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
mixflix-aa.herokuapp.com/ 		572 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://mixflix-aa.herokuapp.com/
Protocol
HTTP/1.1
Server
3.225.186.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-186-86.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
cec4133e4a69e53128407597252fa1d3471a245ed6a006a32023a92fd609df92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
mixflix-aa.herokuapp.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
Cowboy
Date
Tue, 23 Mar 2021 17:23:44 GMT
Connection
keep-alive
X-Frame-Options
SAMEORIGIN
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Permitted-Cross-Domain-Policies
none
Referrer-Policy
strict-origin-when-cross-origin
Content-Type
text/html; charset=utf-8
Etag
W/"cec4133e4a69e53128407597252fa1d3"
Cache-Control
max-age=0, private, must-revalidate
Set-Cookie
_mixflix_session=IiZh2WeDyJIOd2Dfq%2Bc5DewKE5krnO3grfW13UxjSP61VBYOIso0CClQCX6tx7DS498nl%2BQ%2BskJnS1h%2FiJjX40GACWeEnxJThwCWlubYEoJoDNnqBOhzd26y50N648CXn%2FAhX0ifouJcdnPi%2FNs%3D--c8MRLeOxmq7IeAX5--gkK57pMq3EnWjUy5gHhGyw%3D%3D; path=/; HttpOnly
X-Request-Id
d7546906-01cb-4d59-8f5c-0e196ce8a017
X-Runtime
0.084413
Transfer-Encoding
chunked
Via
1.1 vegur
application-33a87f5ccd944d50640e8980297cf615b80945d823e6843e00f32e642b3ef19f.css
mixflix-aa.herokuapp.com/assets/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://mixflix-aa.herokuapp.com/assets/application-33a87f5ccd944d50640e8980297cf615b80945d823e6843e00f32e642b3ef19f.css
Requested by
Host: mixflix-aa.herokuapp.com
URL: http://mixflix-aa.herokuapp.com/
Protocol
HTTP/1.1
Server
3.225.186.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-186-86.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
33a87f5ccd944d50640e8980297cf615b80945d823e6843e00f32e642b3ef19f

Request headers

Referer
http://mixflix-aa.herokuapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 23 Mar 2021 17:23:44 GMT
Content-Encoding
gzip
Last-Modified
Tue, 23 Mar 2021 05:05:37 GMT
Server
Cowboy
Vary
Accept-Encoding
Content-Type
text/css
Via
1.1 vegur
Connection
keep-alive
Content-Length
2018
application-9057400ab403f56a8437549fcd68e4c4630be167f71e9d9f192ba54c8ba58765.js
mixflix-aa.herokuapp.com/assets/ 		331 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mixflix-aa.herokuapp.com/assets/application-9057400ab403f56a8437549fcd68e4c4630be167f71e9d9f192ba54c8ba58765.js
Requested by
Host: mixflix-aa.herokuapp.com
URL: http://mixflix-aa.herokuapp.com/
Protocol
HTTP/1.1
Server
3.225.186.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-186-86.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
9057400ab403f56a8437549fcd68e4c4630be167f71e9d9f192ba54c8ba58765

Request headers

Referer
http://mixflix-aa.herokuapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 23 Mar 2021 17:23:44 GMT
Content-Encoding
gzip
Last-Modified
Tue, 23 Mar 2021 15:12:14 GMT
Server
Cowboy
Vary
Accept-Encoding
Content-Type
application/javascript
Via
1.1 vegur
Connection
keep-alive
Content-Length
107767
CA5t28a.png
i.imgur.com/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/CA5t28a.png
Requested by
Host: mixflix-aa.herokuapp.com
URL: http://mixflix-aa.herokuapp.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
f95ae50f08a5d4482ea19656309d4368f547926930b72b9e866164ed9768caaf
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Referer
http://mixflix-aa.herokuapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 23 Mar 2021 17:23:45 GMT
x-content-type-options
nosniff
age
434996
x-cache
HIT, MISS
content-length
25647
x-served-by
cache-bwi5121-BWI, cache-hhn4039-HHN
last-modified
Thu, 18 Mar 2021 16:33:50 GMT
server
cat factory 1.0
x-timer
S1616520225.129051,VS0,VE123
etag
"79a13b116fafb80d44314b61edd2fa2d"
strict-transport-security
max-age=300
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-cache-hits
1, 0
US-en-20210315-popsignuptwoweeks-perspective_alpha_website_large.jpg
assets.nflxext.com/ffe/siteui/vlv3/c43f3cc0-6f02-4b8a-9470-7b1732eb937d/3d037465-1692-41b0-84a8-073ccb74255f/ 		332 KB
332 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.nflxext.com/ffe/siteui/vlv3/c43f3cc0-6f02-4b8a-9470-7b1732eb937d/3d037465-1692-41b0-84a8-073ccb74255f/US-en-20210315-popsignuptwoweeks-perspective_alpha_website_large.jpg
Requested by
Host: mixflix-aa.herokuapp.com
URL: http://mixflix-aa.herokuapp.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
a423387d2c8970ad8db92fbce983dbdc4ff0a4803777efc60966847e60339a8b

Request headers

Referer
http://mixflix-aa.herokuapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Tue, 23 Mar 2021 17:23:45 GMT
Last-Modified
Wed, 17 Mar 2021 13:55:10 GMT
Server
nginx
Content-MD5
e521tL8wMCotCMjnBHQRGg==
Content-Type
image/jpeg
Cache-Control
public, max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
339798
Expires
Wed, 24 Mar 2021 14:06:56 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| Rails boolean| _rails_loaded object| ActiveStorage object| ActionCable object| App function| login function| logout function| signup function| getState function| dispatch

1 Cookies

Domain/Path Name / Value
mixflix-aa.herokuapp.com/ Name: _mixflix_session
Value: IiZh2WeDyJIOd2Dfq%2Bc5DewKE5krnO3grfW13UxjSP61VBYOIso0CClQCX6tx7DS498nl%2BQ%2BskJnS1h%2FiJjX40GACWeEnxJThwCWlubYEoJoDNnqBOhzd26y50N648CXn%2FAhX0ifouJcdnPi%2FNs%3D--c8MRLeOxmq7IeAX5--gkK57pMq3EnWjUy5gHhGyw%3D%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block