netflx-ca-member.com
Open in
urlscan Pro
51.159.28.184
Malicious Activity!
Public Scan
Effective URL: http://netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/
Submission: On June 02 via api from GB
Summary
This is the only time netflx-ca-member.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 18 | 51.159.28.184 51.159.28.184 | 12876 (AS12876) (AS12876) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:286::33c4 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:297::33c4 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
19 | 4 |
ASN12876 (AS12876, FR)
PTR: 51-159-28-184.rev.poneytelecom.eu
netflx-ca-member.com |
ASN32934 (FACEBOOK - Facebook, Inc., US)
connect.facebook.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
netflx-ca-member.com
2 redirects
netflx-ca-member.com |
1 MB |
2 |
nflxext.com
assets.nflxext.com |
407 KB |
1 |
facebook.net
connect.facebook.net |
59 KB |
19 | 3 |
Domain | Requested by | |
---|---|---|
18 | netflx-ca-member.com |
2 redirects
netflx-ca-member.com
|
2 | assets.nflxext.com |
netflx-ca-member.com
|
1 | connect.facebook.net |
netflx-ca-member.com
|
19 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.netflix.com |
help.netflix.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
assets.nflxext.com DigiCert SHA2 Secure Server CA |
2018-03-09 - 2020-03-09 |
2 years | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2019-04-22 - 2019-07-21 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/
Frame ID: 975EDC904A63D086C6210568E578260D
Requests: 18 HTTP requests in this frame
Frame:
http://netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/ntfx_fichiers/d_vbiawPdxB.html
Frame ID: 4206F42B86CD375504B1E1DEBEDE2DF0
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://netflx-ca-member.com/
HTTP 302
http://netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc HTTP 301
http://netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Facebook (Widgets) Expand
Detected patterns
- script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Netflix
Search URL Search Domain Scan URL
Title: Need help?
Search URL Search Domain Scan URL
Title: Questions? Contact us.
Search URL Search Domain Scan URL
Title: Gift Card Terms
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy Statement
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://netflx-ca-member.com/
HTTP 302
http://netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc HTTP 301
http://netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/ Redirect Chain
|
324 KB 325 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/ntfx_fichiers/ |
9 KB 9 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none_002
netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/ntfx_fichiers/ |
670 KB 671 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebsiteDetect.txt
netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/ntfx_fichiers/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdk_002.js
netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/ntfx_fichiers/ |
199 KB 199 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdk.js
netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/ntfx_fichiers/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none.css
netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/ntfx_fichiers/ |
124 KB 124 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TN-en-20190422-popsignuptwoweeks-perspective_alpha_website_large.jpg
assets.nflxext.com/ffe/siteui/vlv3/02dd3f21-2c34-4989-a48b-827dd9edc446/c0c77354-b3d2-40e0-a13c-2d8e70b482a1/ |
333 KB 334 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FB-f-Logo__blue_57.png
netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/ntfx_fichiers/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sdk.js
connect.facebook.net/en_US/ |
195 KB 59 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebsiteDetect
netflx-ca-member.com/personalization/cl2/freeform/ |
359 B 559 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebsiteScreen
netflx-ca-member.com/personalization/cl2/freeform/ |
359 B 559 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ |
72 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d_vbiawPdxB.html
netflx-ca-member.com/cec76c8c6bad987a188d963ef198a7bc/ntfx_fichiers/ Frame 4206 |
35 KB 35 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
log
netflx-ca-member.com/personalization/ |
336 B 536 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
cl2
netflx-ca-member.com/personalization/ |
336 B 536 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
cl2
netflx-ca-member.com/personalization/ |
336 B 536 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
cl2
netflx-ca-member.com/personalization/ |
336 B 536 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
cl2
netflx-ca-member.com/personalization/ |
336 B 536 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| FB object| netflix object| Codex object| C object| global object| process object| util function| jQuery object| jQuery111102685056476900507 function| fbAsyncInit1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.netflx-ca-member.com/ | Name: cL Value: 1559461213156%7C155946121320429445%7C155946121355424343%7C%7C4%7Cnull |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
connect.facebook.net
netflx-ca-member.com
2a02:26f0:6c00:286::33c4
2a02:26f0:6c00:297::33c4
2a03:2880:f02d:12:face:b00c:0:3
51.159.28.184
154e9866c94f43a17d75aed32adc27020f95f614232f8b3cfedd7fc4bf2a48d3
190b31c1e0f1252f0c5ef584e21130816f408f00bd464e54144140872d0e79f1
1f82e425c5d2f5eb54498df01d1c9de2ea5abf5f2ffb963bb8c52376eb6b1c33
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
4bf8427b0a82febee7a31f97a16600a1947f7a1754522228f87f5c02b0a7a353
556ef963706264e9e99ff844f404d2295ca34caffe2b4e704b1ec112d2b79416
5b237df9747580e02d089ae852c0893d9af6fae7f1348a990ce6e0fe9b564c2a
66c88b411a77b9b6472b90c46ed6f610377c7a23cfb9ceb0c7b30945066b7c96
7d289b49c2b172b7a4549a5f5956bf7f3e913d6a767bfef45270a6f083742cfa
919e7f3678f68a452d2a2fa6fb674585c7c3c99205f479630f8ecae34a28c939
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
a74e0c2e7479322afc91b7a6b6d0ca07f304c207bbcdfcf788fd827d1f3d361f
c3a878343f68933757d70f8ac474cb95b0f8d2cd29fa7ef1f3d94652c569794a
da9e66dd794292a6f5e298bb6520ca292982c073b29f8ed21dd7187d4840ffb5
eca1f56c337c6156ea7a195f6a1dbc7797220855a71a0b960cc9cd1490f56753