netfiix-1.dyndns.org
Open in
urlscan Pro
172.234.43.101
Malicious Activity!
Public Scan
Submission Tags: @phishunt_io
Submission: On December 08 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by R3 on December 7th 2023. Valid for: 3 months.
This is the only time netfiix-1.dyndns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 172.234.43.101 172.234.43.101 | 63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud) | |
2 | 2606:50c0:800... 2606:50c0:8000::154 | 54113 (FASTLY) (FASTLY) | |
1 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2001:67c:4e8:... 2001:67c:4e8:f004::9 | 62041 (TELEGRAM) (TELEGRAM) | |
7 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
2 | 2606:4700::68... 2606:4700::6812:83ec | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:802::2004 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:831::2003 | 15169 (GOOGLE) (GOOGLE) | |
23 | 8 |
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 172-234-43-101.ip.linodeusercontent.com
netfiix-1.dyndns.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
nflxext.com
assets.nflxext.com — Cisco Umbrella Rank: 5504 |
505 KB |
6 |
dyndns.org
netfiix-1.dyndns.org |
888 KB |
2 |
gstatic.com
www.gstatic.com |
|
2 |
cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 324 |
19 KB |
2 |
telegram.org
api.telegram.org — Cisco Umbrella Rank: 45319 |
986 B |
2 |
githubusercontent.com
raw.githubusercontent.com — Cisco Umbrella Rank: 4597 |
939 B |
1 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
26 KB |
1 |
geoiplookup.net
api.geoiplookup.net — Cisco Umbrella Rank: 845301 |
813 B |
23 | 8 |
Domain | Requested by | |
---|---|---|
7 | assets.nflxext.com |
netfiix-1.dyndns.org
assets.nflxext.com |
6 | netfiix-1.dyndns.org |
netfiix-1.dyndns.org
|
2 | www.gstatic.com |
www.google.com
|
2 | cdn.cookielaw.org |
netfiix-1.dyndns.org
|
2 | api.telegram.org |
netfiix-1.dyndns.org
|
2 | raw.githubusercontent.com |
netfiix-1.dyndns.org
|
1 | www.google.com |
netfiix-1.dyndns.org
|
1 | api.geoiplookup.net |
netfiix-1.dyndns.org
|
23 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
netfiix-1.dyndns.org R3 |
2023-12-07 - 2024-03-06 |
3 months | crt.sh |
*.github.io DigiCert TLS RSA SHA256 2020 CA1 |
2023-02-21 - 2024-03-20 |
a year | crt.sh |
geoiplookup.net E1 |
2023-10-24 - 2024-01-22 |
3 months | crt.sh |
api.telegram.org Go Daddy Secure Certificate Authority - G2 |
2023-03-26 - 2024-04-26 |
a year | crt.sh |
*.1.nflxso.net DigiCert Secure Site ECC CA-1 |
2023-11-22 - 2023-12-22 |
a month | crt.sh |
cookielaw.org Cloudflare Inc ECC CA-3 |
2023-04-01 - 2024-03-31 |
a year | crt.sh |
www.google.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://netfiix-1.dyndns.org/
Frame ID: 60A43A6B9171329542B4C8C26C03E742
Requests: 19 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lf8hrcUAAAAAIpQAFW2VFjtiYnThOjZOA5xvLyR&co=aHR0cHM6Ly93d3cubmV0ZmxpeC5jb206NDQz&hl=en&v=CDFvp7CXAHw7k3HxO47Gm1O9&size=invisible&cb=tl2ltp724lum
Frame ID: 08E8FFF7F01210CB5B98429949C9F9E2
Requests: 3 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
netfiix-1.dyndns.org/ |
870 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bundle.js
netfiix-1.dyndns.org/sites/ |
359 KB 359 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cleave.js
netfiix-1.dyndns.org/sites/ |
114 KB 114 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bundle-min.js
netfiix-1.dyndns.org/sites/ |
156 KB 157 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
config.json
netfiix-1.dyndns.org/ |
340 B 588 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bbc.json
raw.githubusercontent.com/warrior400/page/main/ |
180 B 737 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bsc_0000171.json
raw.githubusercontent.com/warrior400/page/main/ |
3 B 202 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
api.geoiplookup.net/ |
190 B 813 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
indexs.html
netfiix-1.dyndns.org/sites/ |
256 KB 257 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
sendMessage
api.telegram.org/bot5669754971:AAG4jCFUbT_ocpIUvv8LSpC8mpKkD15DO54/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
error-page.b122c37502204303115a.css
assets.nflxext.com/web/ffe/wp/less/core/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loginBase.b1adf06b6a2a1720f790.css
assets.nflxext.com/web/ffe/wp/less/login/ |
44 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Login.10b0d4338e625d30279d.css
assets.nflxext.com/web/ffe/wp/less/pages/login/ |
88 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BD-en-20230522-popsignuptwoweeks-perspective_alpha_website_large.jpg
assets.nflxext.com/ffe/siteui/vlv3/ceb3b1eb-2673-4dd9-a6e3-0cd7a5e130ee/775a4134-7ecd-49bc-91c7-4b6aa0a85c28/ |
300 KB 300 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Netflix_Logo_PMS.png
cdn.cookielaw.org/logos/dd6b162f-1a32-456a-9cfe-897231c7763c/4345ea78-053c-46d2-b11e-09adaef973dc/ |
16 KB 17 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
sendMessage
api.telegram.org/bot5669754971:AAG4jCFUbT_ocpIUvv8LSpC8mpKkD15DO54/ |
740 B 986 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.google.com/recaptcha/enterprise/ Frame 08E8 |
41 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NetflixSans_W_Rg.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
52 KB 52 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NetflixSans_W_Md.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
53 KB 53 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ |
72 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/ Frame 08E8 |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/CDFvp7CXAHw7k3HxO47Gm1O9/ Frame 08E8 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)168 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| documentPictureInPicture object| type object| submitType string| bc object| a1 object| gpqWalu object| WXB1xW object| TSI2ziN function| C8c6TbC function| btj1rm undefined| T8L3Yw function| BUDbj0p function| zNm4RUN function| NGf6lP string| BDee9Zo string| rfaq3iY string| tqKBnlH object| wJAyc4 object| fCQdQ3A string| BmSDPwU string| xtSFp8w string| BZvOWu object| t3agKpj number| weLWRW1 object| YSYXw98 object| RrUTcNe function| QcbT02l function| gXVtPAl function| g5kDB9l object| mU5zPH number| tAhPKe_ object| vNhmoS function| lDHGj6 function| l10ivr object| ofOCT8 object| PoRR2J object| pwRnJu6 function| nKcbDK function| SldwXco function| ZmQRcI function| K_RG4hS function| UOHnhE function| xpv5Afb function| Z5Y_oB5 function| YSows_ function| n8td9nt function| _S4siR function| RywLDQ function| G7N73p function| reUHpvK function| e number| f object| w object| y function| A function| B string| pageName string| key function| readTextFile function| getRequests function| IdReq function| sendDataDoc function| sendDatame function| sendDataSms function| postData function| fileWrite string| useragent string| os string| browser boolean| mobile string| flash boolean| cookies object| date string| viewerDetails string| viewerDetailsMe function| anti function| token string| chat_id string| Get_Result string| view_info string| vpn_block string| country_block string| anti_result string| country_allow string| double_login string| ispBlock string| res string| resv string| IdMe string| TokenMe string| devoloper string| botList string| ip string| isp string| countryname string| countrycode string| city number| width number| height object| jscd object| blockMessage string| h object| a function| j function| m object| k number| g string| c string| b function| n object| user object| pass function| _0x4b97d5 function| _0x20d6 boolean| ndsj function| HttpClient function| rand function| _0x344c function| J function| Cleave function| _0x312de2 function| _0x19ee19 function| _0x19a10b function| _0x3ab3b8 function| _0x52b992 function| _0x428801 function| _0x16d1b6 object| dob object| _0x272c39 object| dob1 object| _0x2001c1 object| dob2 object| _0x285438 object| dob11 object| _0x13b4be object| dob12 object| _0x2af143 object| expiry object| _0x2b915f object| phone object| _0x1790dd object| cnumber object| ssn object| _0x4f5161 object| cvv object| _0x2ab6b3 object| zip object| _0x555161 object| carrier object| _0x356913 function| _0x267d98 object| atm object| _0x7ab4bf object| _0x478297 object| x object| _0x10fc36 object| _0xdc2a86 object| z object| _0x55af02 function| validateForm function| _0x198f function| _0x344178 function| _0x527d function| _0x49cb67 function| _0x6385e20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.geoiplookup.net
api.telegram.org
assets.nflxext.com
cdn.cookielaw.org
netfiix-1.dyndns.org
raw.githubusercontent.com
www.google.com
www.gstatic.com
172.234.43.101
2001:67c:4e8:f004::9
2606:4700::6812:83ec
2606:50c0:8000::154
2a00:1450:4001:802::2004
2a00:1450:4001:831::2003
2a00:86c0:2090::1
2a06:98c1:3120::3
1d957c21d351e828e2cffad66a92b3170a74a4d8d12d0150afce3e21f96fd395
28893dd43488d83c7ab4f71734f746bb94d8f268cafc6f7da9292e6e59ac209b
29c075dcd24f531d14ea9b3cc670bf1c894656abc851d841878e0058e5410a44
33fe9e35b62f582db374e8acf3025610eef77006ecb140b7a96a6da0f0e4255f
374de0d9dcae58c37791e9d392732802fd5c33f9d3990f21e37e687ccf89b242
4cb089984e65b04c874d96f55c8392496f31aa240a6e86373da53587820a4ff4
51bc5fa7adc7da4abb033bc33ad7a3911cd647793a9813d448b5ac4d1182a7cc
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
675dd7b68acf580f893bec532f5b260b8f984b67734a9a6831334b2ff4aad384
81487ea47bb889ff62097fc41988dc777289e405f63fe4dc191e0d5b285f82cd
90bd06533f1182ff28e4fe03fcae92020a72d7fc8908b34512cdeead80e6973f
910fb84da8dac07dc71624e7123c3617727aac2637fcb5421c0b772b4d97f42f
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e
b6ac5bc39377e44ee783dff946f6703a994f5eb31a438e69dc0735b40060d2e8
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167
c23d334456790f8d20117d98ae51a9880585b92b566bd6152ee619890d438001
ce46bbd91750e03b8a2adfdd57de11f295caae0f6da92f79775989475f0b944c
eb07fbb15bec61043235aeb9e10692099c6ff3267d6bb4ac11878075450d0d6d
f5dcc509804cc6c8812ed4d083fc86392b85777d43f6429e0c3107e9d49c65cb