urlscan.io logo urlscan.io
SecurityTrails logo

suatulanhelectrolux.vn Open in urlscan Pro
45.76.178.173  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://suatulanhelectrolux.vn/p.html
Submission: On February 22 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 4 HTTP transactions. The main IP is 45.76.178.173, located in Singapore, Singapore and belongs to AS-CHOOPA, US. The main domain is suatulanhelectrolux.vn.
TLS certificate: Issued by R3 on January 23rd 2021. Valid for: 3 months.
This is the only time suatulanhelectrolux.vn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
1 45.76.178.173 20473 (AS-CHOOPA)
1 2a01:578:3::3... 16509 (AMAZON-02)
2 2a00:86c0:209... 40027 (NETFLIX-ASN)
4 3
Domain Requested by
2 assets.nflxext.com suatulanhelectrolux.vn
1 beaconimages.netflix.net suatulanhelectrolux.vn
1 suatulanhelectrolux.vn
4 3

This site contains links to these domains. Also see Links.

Domain
www.netflix.com
abonnement.on-the-web.tv
help.netflix.com
Subject Issuer Validity Valid
suatulanhelectrolux.vn
R3		 2021-01-23 -
2021-04-23		 3 months crt.sh
beaconimages.netflix.net
DigiCert SHA2 Secure Server CA		 2020-05-07 -
2021-05-07		 a year crt.sh
*.1.nflxso.net
DigiCert SHA2 Secure Server CA		 2021-01-29 -
2021-03-04		 a month crt.sh

This page contains 1 frames:

Primary Page: https://suatulanhelectrolux.vn/p.html
Frame ID: 2B1C35800ABB8DADEF1A55C82FB1DF7F
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

4
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

12 kB
Transfer

24 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request p.html
suatulanhelectrolux.vn/ 		17 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://suatulanhelectrolux.vn/p.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.76.178.173 Singapore, Singapore, ASN20473 (AS-CHOOPA, US),
Reverse DNS
Software
Nginx / DLEMP
Resource Hash
637211a04384bf2fe3a1c928fd906b02ae15a6d3994ffb1dff54ef447be844a2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
suatulanhelectrolux.vn
:scheme
https
:path
/p.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 22 Feb 2021 16:10:00 GMT
content-type
text/html
last-modified
Sat, 20 Feb 2021 10:27:39 GMT
vary
Accept-Encoding
etag
W/"6030e41b-448f"
server
Nginx
x-powered-by
DLEMP
strict-transport-security
max-age=31536000
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-encoding
gzip
BAQgBEAEa4AJ2THSsgosiINnMMOKPnivWxqowDheSceAoDJ2B6kILle3hj6LgIlnBAzD4yCs-Lg6GkYK1u4DMW03U0WZuSpGs6YcbsrE3KLcsp_riuIMTBr2sR_JvA07f8l8hq7YqmCedUKDuaNeppYMgkQqMon8p1xNJ5SO-cAr_W88LK6lp3NnvwBAhlpk0y9Xs...
beaconimages.netflix.net/img/ 		43 B
941 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beaconimages.netflix.net/img/BAQgBEAEa4AJ2THSsgosiINnMMOKPnivWxqowDheSceAoDJ2B6kILle3hj6LgIlnBAzD4yCs-Lg6GkYK1u4DMW03U0WZuSpGs6YcbsrE3KLcsp_riuIMTBr2sR_JvA07f8l8hq7YqmCedUKDuaNeppYMgkQqMon8p1xNJ5SO-cAr_W88LK6lp3NnvwBAhlpk0y9XsBpAb-Kr5yn4Fog0H4HUMEVDvK5SnnbJdr2t8XKjAvO4IOmx2GpTsfLceZaOGagD18CwFJ1Lx1Kea4dLNf8wVMiNfeAW_vggYeYM1DS5LotH2zF58P5KKDROOjI59wzOJnoVyhxpyY1nwzEzZNaivduuaVXlIXh60BYFUixPFixggD0UPMEmAudJmptOkkLEVRKZwg_AHYSH8AYA1q3G4Vn7PyVXAV51MY5iLJHNmMBKT1cmx7nBH6Tx8VDKrIhxV--Yhmx61gOYkOWaaZThbKOYVTb9y
Requested by
Host: suatulanhelectrolux.vn
URL: https://suatulanhelectrolux.vn/p.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:578:3::3f20:c3d6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
beacon i-0f0a70836af2450aa /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
X-Xss-Protection 1; mode=block; report=https://ichnaea-web.netflix.com/log/freeform/xssreport

Request headers

Referer
https://suatulanhelectrolux.vn/p.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 22 Feb 2021 16:10:00 GMT
Via
1.1 i-0dab9f568b147685c (eu-west-1)
Server
beacon i-0f0a70836af2450aa
X-Netflix_nfstatus
1_1
X-Netflix_proxy_execution-time
4
X-Originating-URL
https://beaconimages.netflix.net/img/BAQgBEAEa4AJ2THSsgosiINnMMOKPnivWxqowDheSceAoDJ2B6kILle3hj6LgIlnBAzD4yCs-Lg6GkYK1u4DMW03U0WZuSpGs6YcbsrE3KLcsp_riuIMTBr2sR_JvA07f8l8hq7YqmCedUKDuaNeppYMgkQqMon8p1xNJ5SO-cAr_W88LK6lp3NnvwBAhlpk0y9XsBpAb-Kr5yn4Fog0H4HUMEVDvK5SnnbJdr2t8XKjAvO4IOmx2GpTsfLceZaOGagD18CwFJ1Lx1Kea4dLNf8wVMiNfeAW_vggYeYM1DS5LotH2zF58P5KKDROOjI59wzOJnoVyhxpyY1nwzEzZNaivduuaVXlIXh60BYFUixPFixggD0UPMEmAudJmptOkkLEVRKZwg_AHYSH8AYA1q3G4Vn7PyVXAV51MY5iLJHNmMBKT1cmx7nBH6Tx8VDKrIhxV--Yhmx61gOYkOWaaZThbKOYVTb9y
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
1; mode=block; report=https://ichnaea-web.netflix.com/log/freeform/xssreport
logo_v2.png
assets.nflxext.com/us/email/logo/newDesign/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.nflxext.com/us/email/logo/newDesign/logo_v2.png
Requested by
Host: suatulanhelectrolux.vn
URL: https://suatulanhelectrolux.vn/p.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2091::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
5703d3570d629cec3cd1b7834df70724642f2bd4e68d1106a713ff2c04c81c02

Request headers

Referer
https://suatulanhelectrolux.vn/p.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 22 Feb 2021 16:10:00 GMT
Last-Modified
Fri, 20 Jun 2014 18:20:20 GMT
Server
nginx
Content-MD5
sYEMKe2vAJcfEkVxTss1ew==
ETag
"b1810c29edaf00971f1245714ecb357b:1404782503"
Content-Type
image/png
Cache-Control
max-age=4257
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5089
Expires
Fri, 04 Sep 2020 05:13:53 GMT
netflix-crop-opacity.png
assets.nflxext.com/us/email/hitch/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.nflxext.com/us/email/hitch/netflix-crop-opacity.png
Requested by
Host: suatulanhelectrolux.vn
URL: https://suatulanhelectrolux.vn/p.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2091::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
c846f9457c1469f249766c9c79714ef23d6c25804439fb8ea5e53dce87015a3d

Request headers

Referer
https://suatulanhelectrolux.vn/p.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 22 Feb 2021 16:10:00 GMT
Last-Modified
Mon, 21 Oct 2019 17:26:02 GMT
Server
nginx
Content-MD5
hvSTPOc75hoJugerIZ28KQ==
ETag
"86f4933ce73be61a09ba07ab219dbc29:1571678762"
Content-Type
image/png
Cache-Control
max-age=12405
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1909
Expires
Wed, 13 Nov 2019 03:52:53 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block