e-rihs.ro
Open in
urlscan Pro
85.120.20.194
Malicious Activity!
Public Scan
Submission: On January 06 via manual from RO — Scanned from DE
Summary
TLS certificate: Issued by R3 on December 6th 2022. Valid for: 3 months.
This is the only time e-rihs.ro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 85.120.20.194 85.120.20.194 | 8708 (RCS-RDS 7...) (RCS-RDS 73-75 Dr. Staicovici) | |
13 | 2a00:86c0:209... 2a00:86c0:2091::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
18 | 2 |
ASN8708 (RCS-RDS 73-75 Dr. Staicovici, RO)
PTR: 85-120-20-194.rdsnet.ro
e-rihs.ro |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
nflxext.com
assets.nflxext.com — Cisco Umbrella Rank: 748 |
77 KB |
5 |
e-rihs.ro
e-rihs.ro |
59 KB |
18 | 2 |
Domain | Requested by | |
---|---|---|
13 | assets.nflxext.com |
e-rihs.ro
|
5 | e-rihs.ro |
e-rihs.ro
|
18 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
help.netflix.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
e-rihs.ro R3 |
2022-12-06 - 2023-03-06 |
3 months | crt.sh |
*.1.nflxso.net DigiCert Secure Site ECC CA-1 |
2022-12-26 - 2023-01-26 |
a month | crt.sh |
This page contains 1 frames:
Primary Page:
https://e-rihs.ro/net/index.html
Frame ID: 5B6F2ADE77D0C9A70306887922C1BE9E
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Netflix - assista a séries online, assista a filmes onlineDetected technologies
React (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+data-react
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Termos de uso
Search URL Search Domain Scan URL
Title: Privacidade
Search URL Search Domain Scan URL
Title: Preferências de cookies
Search URL Search Domain Scan URL
Title: Informações corporativas
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
e-rihs.ro/net/ |
36 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stylo.css
e-rihs.ro/net/ |
102 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
question_mark.png
e-rihs.ro/net/ |
564 B 747 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FPPfZux.png
e-rihs.ro/net/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
e-rihs.ro/net/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
carrot_sprite_16x33.png
assets.nflxext.com/en_us/layout/ecweb/common/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
12_11_2014_icon_visa_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
859 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10_18_2014_icon_master_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
833 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10_18_2014_icon_amex_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
525 B 844 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
elo.png
assets.nflxext.com/en_us/layout/ecweb/payment/icons/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_BR_bancodobrasil.png
assets.nflxext.com/ffe/siteui/acquisition/payment/mop_icons_global/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_BR_bradesco_min.png
assets.nflxext.com/ffe/siteui/acquisition/payment/mop_icons_global/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
itau.png
assets.nflxext.com/en_us/layout/ecweb/payment/icons/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
santander_wtext.png
assets.nflxext.com/us/layout/ecweb/payment/icons/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_BR_bradescol.png
assets.nflxext.com/ffe/siteui/acquisition/payment/mop_icons_global/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_BR_santander.png
assets.nflxext.com/ffe/siteui/acquisition/payment/mop_icons_global/ |
837 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_BR_caixa.png
assets.nflxext.com/ffe/siteui/acquisition/payment/mop_icons_global/ |
502 B 821 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-86.woff
assets.nflxext.com/ffe/siteui/fonts/ |
57 KB 57 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery boolean| boolopen1 boolean| boolopen2 boolean| boolopen3 function| Central function| Arrow1 function| Arrow2 function| Arrow3 function| validateCardNumber function| vercpf function| validarCpf function| luhnCheck function| formatar function| somenteNumeros function| checkdados0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15724800; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
e-rihs.ro
2a00:86c0:2091::1
85.120.20.194
08068a7e03138b0025b4d826c6c4eada83669185f9a7f765d59912a98769fa24
33564d1c4a08e60768378e26a3ac886c1a0f58c160d637be1b9bb0d044ae6162
4958e4d47607004834b13d3c29d91f8c15b2ab2c488a15d9745a039e970f0bf3
6ece9412b58a131bbb0ce73029ef36ea72ff1c02a52ba4ac0d3d1c935428ccce
70964a39bdf853ba9cf9a793787cb9b0fb4ecb24264ba45d833e5def5706b859
75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
7b47da4f6902f762e00c3154fcf6abf1b4cc479c2ddf94c4010b495ec70cf607
7ed65da4bcdc5f0f68d20f2b489f2f1e4df6d5b1235ece01afd24624126be504
973576ba6483c6c75d1d55339c1cac5d742abef700ede0903341ab222a2ee7c2
a47661d7ad003fe7df9ac30d1ce3b984dd9186b676f77b41e0d53f2f4ce4ac8b
a5debefd6fc7e3e3adeec48a20144724bb9045828428f0f63d60cb88d46437b7
aae6e08f118a0bd028d83abee2f2dbc26258ee7262e9cd69c46f25af915bc7ce
ad6359c0a735146ccabcc7b795a71880ec8fe07c7ed5a50f6716e278cbd541f3
c58f7fa76b1c75c769ed1097053fee521fa60d296515a336421e8e4beae76121
ca4bab10768d5a8cff7c84dab4bf9fbb7cbaac472a83d44bbaab7486eaab4b09
cc5859d74f8cde62e1cdeeea341f85f9725d4f4398f58203aa1e5080faf1685a
d27e15b875885e587343fe782c51a6cb34c5d31af5379402537d2bce05535ae5
ff8c5fa6c551cf41c5c42853e02733edb5ad2558050e179a30cf19a2086c5e7e