urlscan.io logo urlscan.io
SecurityTrails logo

lvs-netflix.com Open in urlscan Pro
162.0.209.192  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://lvs-netflix.com/
Submission Tags: @phishunt_io
Submission: On April 15 via api from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 162.0.209.192, located in United States and belongs to NAMECHEAP-NET, US. The main domain is lvs-netflix.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 14th 2021. Valid for: a year.
This is the only time lvs-netflix.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
1 162.0.209.192 22612 (NAMECHEAP...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 4
Domain Requested by
1 ci5.googleusercontent.com lvs-netflix.com
1 ci6.googleusercontent.com lvs-netflix.com
1 ci3.googleusercontent.com lvs-netflix.com
1 lvs-netflix.com
4 4

This site contains links to these domains. Also see Links.

Domain
help.netflix.com
www.netflix.com
Subject Issuer Validity Valid
lvs-netflix.com
Sectigo RSA Domain Validation Secure Server CA		 2021-04-14 -
2022-04-14		 a year crt.sh
*.googleusercontent.com
GTS CA 1O1		 2021-03-16 -
2021-06-08		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://lvs-netflix.com/
Frame ID: B56E4106FCEFBB888EE0A38E83B31E55
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

4
Requests

100 %
HTTPS

75 %
IPv6

2
Domains

4
Subdomains

4
IPs

2
Countries

14 kB
Transfer

71 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
lvs-netflix.com/ 		65 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lvs-netflix.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.209.192 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business126-2.web-hosting.com
Software
Apache /
Resource Hash
fa0c2899833c60a4943cce410669e93f0015a3a5712906e7f23f96ddb355b012
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
lvs-netflix.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 15 Apr 2021 06:41:52 GMT
server
Apache
last-modified
Wed, 14 Apr 2021 22:30:48 GMT
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-length
6420
content-type
text/html
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
referrer-policy
no-referrer-when-downgrade
ZQQN6HNOJ3zD6LKGPp006t6hiteN6naAXik7db17NYjKUtw3QcbyS_Mu-ntwGYc_BvH2RHwBF5wZoRBUqMnd2ve5COD_KJuzDf8g__8eiw8=s0-d-e1-ft
ci3.googleusercontent.com/proxy/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ci3.googleusercontent.com/proxy/ZQQN6HNOJ3zD6LKGPp006t6hiteN6naAXik7db17NYjKUtw3QcbyS_Mu-ntwGYc_BvH2RHwBF5wZoRBUqMnd2ve5COD_KJuzDf8g__8eiw8=s0-d-e1-ft
Requested by
Host: lvs-netflix.com
URL: https://lvs-netflix.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
b97ac7f4ab2b2012e933f3630a164a66a56d4e01dc6ebf38e8f1cd3ba7bd2590
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://lvs-netflix.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 15 Apr 2021 06:41:52 GMT
x-content-type-options
nosniff
server
fife
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=151484
content-disposition
attachment;filename="unnamed.png"
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3526
x-xss-protection
0
expires
Sat, 17 Apr 2021 00:46:36 GMT
L9T5WYvtTUI0IDGrvb56b8xj8k0TmO_NQG7ZCMnAU97DLzW6axTq1HTzlIe2vKU2rWid6sn0Frs0JoZwj8WxWo2Snt9BWiMt_3ttFRKmlZAwNWcwl3ZoKUzB-levauW9gDDYMgxJX988ax-tspiKysy8Q2HyWwEH4usQTcmmamqG5iNbWU7PShZT1nob5TyYiNwbU...
ci6.googleusercontent.com/proxy/ 		43 B
441 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ci6.googleusercontent.com/proxy/L9T5WYvtTUI0IDGrvb56b8xj8k0TmO_NQG7ZCMnAU97DLzW6axTq1HTzlIe2vKU2rWid6sn0Frs0JoZwj8WxWo2Snt9BWiMt_3ttFRKmlZAwNWcwl3ZoKUzB-levauW9gDDYMgxJX988ax-tspiKysy8Q2HyWwEH4usQTcmmamqG5iNbWU7PShZT1nob5TyYiNwbUxiohII6FOQaRFPCoUZLxk-EUOlZgf0vYuJn9HTjfkBQaUEekjpwj4sKOopHgfTe0Etqmq_3bPXD1PyZ74nN8SCKKE3NTyQrq2eqPQoWM-YQG0KdVLzL0GzUUd4N2pWFW2rvi8g1WJpVAB3vkmHxAMid-th1tR5i9tieDvhiEQqjZ4yP8VtOYrJcHQXC2BuB6Fi38LtctSPHRjAylaUU65n5sptK9_xwyojA7LhHqZrF13EnZpiS4qxtPylko81yz_bnYpbs3sY6ew4OLPJl7ziI5Iz8SiiaGl3jnYJqzMRTBnCEWWznhq367OZgy1B9iSC-Yeqk74uNxdCADXZeVjEhaBibOkIDOAZOOt98Scj60gM8feHsRhHNNfGDHUbd7Ea7mKwnjiIA2gBDMk6Bv9mWY4cHSihEROW8ORCLZssXjKSeGEBn9Rpq_cLGOPcowfrXVIzVtf2iuaBVjS16bPLeUtb5NSCFL6CN9zkROw=s0-d-e1-ft
Requested by
Host: lvs-netflix.com
URL: https://lvs-netflix.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
e1da5cd02d74bb5ba944e3ce44037860ac9f42392eec6c99b9543910e1a3a5fe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://lvs-netflix.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 15 Apr 2021 06:41:52 GMT
x-content-type-options
nosniff
server
fife
vary
Origin
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform, must-revalidate
content-disposition
attachment;filename="unnamed.gif"
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
expires
Fri, 16 Apr 2021 06:41:52 GMT
O4liAkf7VnArvS18l8abw8nafEXuI3awedQ-dqbWZ0XBIfFlrAGc7pcZddbt3yTrE_V4rii6FMQB0fXdjwgeM35duoGHqYMKsJ9DHA=s0-d-e1-ft
ci5.googleusercontent.com/proxy/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ci5.googleusercontent.com/proxy/O4liAkf7VnArvS18l8abw8nafEXuI3awedQ-dqbWZ0XBIfFlrAGc7pcZddbt3yTrE_V4rii6FMQB0fXdjwgeM35duoGHqYMKsJ9DHA=s0-d-e1-ft
Requested by
Host: lvs-netflix.com
URL: https://lvs-netflix.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
e9dd777fb2236aeeb7f8f7681aeea7a0a35b49334ca69f6f4fa7ad83ec6ff9b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://lvs-netflix.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 15 Apr 2021 06:41:52 GMT
x-content-type-options
nosniff
server
fife
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
max-age=427543
content-disposition
attachment;filename="unnamed.png"
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2778
x-xss-protection
0
expires
Tue, 20 Apr 2021 05:27:35 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block