swissglhwanina-b52ba4.ingress-daribow.ewp.live Open in urlscan Pro
63.250.43.13 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://soccertickets.ca/chh.php
Effective URL:
https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php
Submission Tags: 7601623
Submission: On July 16 via api (July 16th 2022, 7:25:23 pm UTC) from NL — Scanned from CA

Summary HTTP 10 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 10 HTTP transactions. The main IP is 63.250.43.13, located in United States and belongs to NAMECHEAP-NET, US. The main domain is swissglhwanina-b52ba4.ingress-daribow.ewp.live.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 24th 2022. Valid for: a year.

This is the only time swissglhwanina-b52ba4.ingress-daribow.ewp.live was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	157.245.121.133 157.245.121.133	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	63.250.43.13 63.250.43.13	22612 (NAMECHEAP...) (NAMECHEAP-NET)
4	2a00:86c0:209... 2a00:86c0:2090::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
2	2a00:86c0:209... 2a00:86c0:2091::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
10	5

1 157.245.121.133 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: celestial.hockeytickets.ca

soccertickets.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.250.43.13 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: ingress-daribow.easywp.com

swissglhwanina-b52ba4.ingress-daribow.ewp.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:86c0:2090::1 (United States)

ASN40027 (NETFLIX-ASN, US)

codex.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:86c0:2091::1 (United States)

ASN40027 (NETFLIX-ASN, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	nflxext.com codex.nflxext.com — Cisco Umbrella Rank: 38505 assets.nflxext.com — Cisco Umbrella Rank: 3636	696 KB
2	ewp.live swissglhwanina-b52ba4.ingress-daribow.ewp.live	51 KB
1	soccertickets.ca soccertickets.ca	372 B
0	netflix.com Failed www.netflix.com Failed
10	4

	Domain	Requested by
4	codex.nflxext.com	swissglhwanina-b52ba4.ingress-daribow.ewp.live
2	assets.nflxext.com	swissglhwanina-b52ba4.ingress-daribow.ewp.live codex.nflxext.com
2	swissglhwanina-b52ba4.ingress-daribow.ewp.live	swissglhwanina-b52ba4.ingress-daribow.ewp.live
1	soccertickets.ca
0	www.netflix.com Failed	swissglhwanina-b52ba4.ingress-daribow.ewp.live
10	5

This site contains links to these domains. Also see Links.

Domain
www.netflix.com
policies.google.com
help.netflix.com

Subject Issuer	Validity	Valid
soccertickets.ca cPanel, Inc. Certification Authority	`2022-07-03` - `2022-10-01`	3 months	crt.sh
*.ingress-daribow.ewp.live Sectigo RSA Domain Validation Secure Server CA	`2022-05-24` - `2023-05-24`	a year	crt.sh
*.1.nflxso.net DigiCert TLS RSA SHA256 2020 CA1	`2022-06-26` - `2022-07-26`	a month	crt.sh

This page contains 1 frames:

Primary Page: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php
Frame ID: D5BDE861519CCF10790E9ED4C94C5B96
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Netflix

Page URL History Show full URLs

https://soccertickets.ca/chh.php Page URL
https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

10
Requests

90 %
HTTPS

50 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

748 kB
Transfer

1788 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.netflix.com/
Title: Netflix

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://help.netflix.com/support/412
Title: Häufig gestellte Fragen (FAQ)

Search URL Search Domain Scan URL

URL: https://help.netflix.com/
Title: Hilfe-Center

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/termsofuse
Title: Nutzungsbedingungen

Search URL Search Domain Scan URL

URL: https://www.netflix.com/de/login
Title: Cookie-Einstellungen

Search URL Search Domain Scan URL

URL: https://help.netflix.com/de/node/68708
Title: Impressum

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/privacy
Title: Datenschutz

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://soccertickets.ca/chh.php Page URL
https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 chh.php Show response
soccertickets.ca/ 205 B
372 B 95ms
24ms Document
text/html 157.245.121.133
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://soccertickets.ca/chh.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

157.245.121.133 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

celestial.hockeytickets.ca

Software

nginx /

Resource Hash

a7daa2d5fbc532f64ada88aa7ed02c0735b5a1f132bb6788bf5a26f0d64bf087

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 16 Jul 2022 19:25:15 GMT
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-nginx-cache-status: EXPIRED
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block

GET
H2 200 Primary Request ccn.php Show response
swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ 256 KB
51 KB 462ms
223ms Document
text/html 63.250.43.13
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.13 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.easywp.com

Software

nginx /

Resource Hash

6ce96f13862a945aa37f1d9dd339d5de6ce83adce9330e2fd356c0b1765f860f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://soccertickets.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1306
cache-control: no-store, no-cache, must-revalidate, public
content-encoding: gzip
content-length: 52240
content-type: text/html; charset=UTF-8
date: Sat, 16 Jul 2022 19:03:29 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: HIT
x-cacheable: YES
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK none Show response
codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-js-v0f92b626/js/js/bootstrap.js,common%7Cbootstrap.js/2/0b37022P2K052I2U36070l00382T33082R322V2Y2F010N/bck/true/ 9 KB
4 KB 483ms
206ms Script
application/javascript 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-js-v0f92b626/js/js/bootstrap.js,common%7Cbootstrap.js/2/0b37022P2K052I2U36070l00382T33082R322V2Y2F010N/bck/true/none

Requested by

Host: swissglhwanina-b52ba4.ingress-daribow.ewp.live
URL: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

7211293a8f352d13946e0b3b3759e3f499d776d9ad5e8daa539172273c361af1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Sat, 16 Jul 2022 19:25:16 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=16070400
req_id: a2ced77f-d429-49f2-859a-6906bb8b654e
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Content-Length: 3632
Expires: Wed, 18 Jan 2023 19:25:16 GMT

GET
H/1.1 200
OK none Show response
codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-js-v0f92b626/js/js/components%7Clogin%7CloginControllerClient.js/2/0b37022P2K052I2U36070l00382T33082R322V2Y2F010N/l/true/ 1015 KB
302 KB 1044ms
767ms Script
application/javascript 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-js-v0f92b626/js/js/components%7Clogin%7CloginControllerClient.js/2/0b37022P2K052I2U36070l00382T33082R322V2Y2F010N/l/true/none

Requested by

Host: swissglhwanina-b52ba4.ingress-daribow.ewp.live
URL: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

d29ad4f510c2fad7b6392f24019ceb1cb13953373a07d7232a82cd7f604a075e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Sat, 16 Jul 2022 19:25:17 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=16070400
req_id: 37618d86-bd1e-4475-99ee-569fd5968808
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Content-Length: 308680
Expires: Wed, 18 Jan 2023 19:25:17 GMT

GET WebsiteDetect
www.netflix.com/personalization/cl2/freeform/ 0
0

GET
H2 404 otSDKStub.js
swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/cdn.cookielaw.org/scripttemplates/ 0
0 114ms
113ms Script
text/html 63.250.43.13
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: swissglhwanina-b52ba4.ingress-daribow.ewp.live
URL: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.13 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.easywp.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Sat, 16 Jul 2022 19:25:16 GMT
content-encoding: gzip
server: nginx
age: 0
vary: Accept-Encoding
x-cache: MISS
content-type: text/html
strict-transport-security: max-age=15768000
content-length: 167

GET
H/1.1 200
OK none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-css-v0f92b626/css/css/less%7Ccore%7Cerror-page.less/1/apmrou4tsnheq/none/true/ 11 KB
3 KB 374ms
175ms Stylesheet
text/css 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-css-v0f92b626/css/css/less%7Ccore%7Cerror-page.less/1/apmrou4tsnheq/none/true/none

Requested by

Host: swissglhwanina-b52ba4.ingress-daribow.ewp.live
URL: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

d9bac1aefff045998fd064ed279defcd96c37a53ee0ee3816d1ebab19c1ff739

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Sat, 16 Jul 2022 19:25:16 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=16070400
req_id: 6e16cd12-ada7-4f7b-ad86-5ea1013630a7
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Content-Length: 2595
Expires: Wed, 18 Jan 2023 19:25:16 GMT

GET
H/1.1 200
OK none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-css-v0f92b626/css/css/less%7Clogin%7CloginBase.less,less%7Cpages%7Clogin%7CLogin.less/1/apmrou4tsnheq/none/true/ 131 KB
22 KB 373ms
105ms Stylesheet
text/css 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-css-v0f92b626/css/css/less%7Clogin%7CloginBase.less,less%7Cpages%7Clogin%7CLogin.less/1/apmrou4tsnheq/none/true/none

Requested by

Host: swissglhwanina-b52ba4.ingress-daribow.ewp.live
URL: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

29d653b7d165cf227b1e5a51b263db8cd22aa4c5b9cffce5dcf274f8fd039405

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Sat, 16 Jul 2022 19:25:16 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=16070400
req_id: d5996c8b-0f71-4f26-a9e4-9602d234fb46
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Content-Length: 21645
Expires: Wed, 18 Jan 2023 19:25:16 GMT

GET
H/1.1 200
OK NO-en-20220530-popsignuptwoweeks-perspective_alpha_website_large.jpg
assets.nflxext.com/ffe/siteui/vlv3/5ea364b1-8e59-4693-8ad8-f0eaee32d1bf/9e66c059-e683-47bf-99cb-390c1b7b7053/ 293 KB
294 KB 564ms
323ms Image
image/jpeg 2a00:86c0:2091::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/vlv3/5ea364b1-8e59-4693-8ad8-f0eaee32d1bf/9e66c059-e683-47bf-99cb-390c1b7b7053/NO-en-20220530-popsignuptwoweeks-perspective_alpha_website_large.jpg
Requested by: Host: swissglhwanina-b52ba4.ingress-daribow.ewp.live
URL: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2091::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 2ec8a8e1bfb8e5d70244beb77207e94b3aa7ac2d5d03a7050707264901584843

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Sat, 16 Jul 2022 19:25:17 GMT
Last-Modified: Wed, 01 Jun 2022 12:49:27 GMT
Server: nginx
Content-MD5: eixBFcjMUU/p8wsrvRwkyw==
Content-Type: image/jpeg
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 300533
Expires: Sat, 23 Jul 2022 19:25:18 GMT

GET
H/1.1 200
OK nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ 72 KB
72 KB 362ms
117ms Font
font/woff 2a00:86c0:2091::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
Requested by: Host: codex.nflxext.com
URL: https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-css-v0f92b626/css/css/less%7Clogin%7CloginBase.less,less%7Cpages%7Clogin%7CLogin.less/1/apmrou4tsnheq/none/true/none
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2091::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Request headers

Referer: https://codex.nflxext.com/
Origin: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Sat, 16 Jul 2022 19:25:17 GMT
Last-Modified: Mon, 29 Jan 2018 01:50:51 GMT
Server: nginx
Content-MD5: fPYVbMSBJEtaJUNi17c/AA==
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 73572
Expires: Sat, 23 Jul 2022 19:25:18 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.netflix.com
URL: https://www.netflix.com/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=login

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/cdn.cookielaw.org/scripttemplates/otSDKStub.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php Message: Refused to apply style from 'https://www.netflix.com/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=login' because its MIME type ('') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
javascript	warning	URL: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php Message: The resource https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-js-v0f92b626/js/js/components%7Clogin%7CloginControllerClient.js/2/0b37022P2K052I2U36070l00382T33082R322V2Y2F010N/l/true/none was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://swissglhwanina-b52ba4.ingress-daribow.ewp.live/swisralina/calmara/arislla/ch/ccn.php Message: The resource https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-js-v0f92b626/js/js/bootstrap.js,common%7Cbootstrap.js/2/0b37022P2K052I2U36070l00382T33082R322V2Y2F010N/bck/true/none was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nflxext.com
codex.nflxext.com
soccertickets.ca
swissglhwanina-b52ba4.ingress-daribow.ewp.live
www.netflix.com
www.netflix.com
157.245.121.133
2a00:86c0:2090::1
2a00:86c0:2091::1
63.250.43.13
29d653b7d165cf227b1e5a51b263db8cd22aa4c5b9cffce5dcf274f8fd039405
2ec8a8e1bfb8e5d70244beb77207e94b3aa7ac2d5d03a7050707264901584843
6ce96f13862a945aa37f1d9dd339d5de6ce83adce9330e2fd356c0b1765f860f
7211293a8f352d13946e0b3b3759e3f499d776d9ad5e8daa539172273c361af1
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
a7daa2d5fbc532f64ada88aa7ed02c0735b5a1f132bb6788bf5a26f0d64bf087
d29ad4f510c2fad7b6392f24019ceb1cb13953373a07d7232a82cd7f604a075e
d9bac1aefff045998fd064ed279defcd96c37a53ee0ee3816d1ebab19c1ff739

swissglhwanina-b52ba4.ingress-daribow.ewp.live Open in urlscan Pro 63.250.43.13 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

90 %HTTPS

50 %IPv6

4 Domains

5 Subdomains

5 IPs

1 Countries

748 kBTransfer

1788 kBSize

0 Cookies

9 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

4 Console Messages

Security Headers

Indicators

swissglhwanina-b52ba4.ingress-daribow.ewp.live Open in urlscan Pro
63.250.43.13 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

90 %
HTTPS

50 %
IPv6

4
Domains

5
Subdomains

5
IPs

1
Countries

748 kB
Transfer

1788 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!