netflick.azurewebsites.net
Open in
urlscan Pro
52.136.50.1
Malicious Activity!
Public Scan
Effective URL: https://netflick.azurewebsites.net/
Submission Tags: @atomspam #phishing #netflix #infosec #cybersecurity #atomspam Search All
Submission: On December 07 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 01 on March 14th 2022. Valid for: a year.
This is the only time netflick.azurewebsites.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 6 | 52.136.50.1 52.136.50.1 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 104.18.10.207 104.18.10.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.16.170.253 104.16.170.253 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
azurewebsites.net
1 redirects
netflick.azurewebsites.net |
479 KB |
1 |
auth0.com
dev-w7kjs2xm5elgzkn0.us.auth0.com |
1 KB |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2558 |
22 KB |
7 | 3 |
Domain | Requested by | |
---|---|---|
6 | netflick.azurewebsites.net |
1 redirects
netflick.azurewebsites.net
|
1 | dev-w7kjs2xm5elgzkn0.us.auth0.com |
netflick.azurewebsites.net
|
1 | stackpath.bootstrapcdn.com |
netflick.azurewebsites.net
|
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.azurewebsites.net Microsoft Azure TLS Issuing CA 01 |
2022-03-14 - 2023-03-09 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-29 - 2023-01-29 |
a year | crt.sh |
*.guardian.us.auth0.com E1 |
2022-12-06 - 2023-03-06 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://netflick.azurewebsites.net/
Frame ID: 9FA29AD3B99DED304AB7C50EE5496517
Requests: 6 HTTP requests in this frame
Frame:
https://dev-w7kjs2xm5elgzkn0.us.auth0.com/authorize?audience=https%3A%2F%2Fdev-w7kjs2xm5elgzkn0.us.auth0.com%2Fapi%2Fv2%2F&client_id=2kOsOjaASF4wguDEBXFBAUElmICr4dOH&redirect_uri=https%3A%2F%2Fnetflick.azurewebsites.net&scope=openid%20profile%20email&response_type=code&response_mode=web_message&state=YjdGcWsxMTZjeTMzNDJjTHRtNE5LNy1vTzJrZzJnWERBMEFiS3ZBVnE3Xw%3D%3D&nonce=djBZRUxLLUt0V3N1YmhidkpiRlFETWU1ZlJ2RUZFRWJwTXVpSmpyT05RdA%3D%3D&code_challenge=VySszyBzY39ILVzgxZOvuo7C8eeHr4qhJ2tk3NAZI-4&code_challenge_method=S256&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS4xMi4wIn0%3D
Frame ID: 57240AC755CF57284E4B86839E3809A0
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
NetflixPage URL History Show full URLs
-
http://netflick.azurewebsites.net/
HTTP 301
https://netflick.azurewebsites.net/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://netflick.azurewebsites.net/
HTTP 301
https://netflick.azurewebsites.net/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
netflick.azurewebsites.net/ Redirect Chain
|
933 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/ |
137 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.8c96411a.js
netflick.azurewebsites.net/static/js/ |
406 KB 164 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.f779e001.css
netflick.azurewebsites.net/static/css/ |
551 B 811 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.1a5678025d58f1a441b8.jpg
netflick.azurewebsites.net/static/media/ |
296 KB 296 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.f4070143e1f521da82a1.png
netflick.azurewebsites.net/static/media/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
authorize
dev-w7kjs2xm5elgzkn0.us.auth0.com/ Frame 5724 |
1 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.netflick.azurewebsites.net/ | Name: ARRAffinity Value: c015407f2340ab83319171108305fa1072c8452284bc5ef903dfd906b4fd7902 |
|
.netflick.azurewebsites.net/ | Name: ARRAffinitySameSite Value: c015407f2340ab83319171108305fa1072c8452284bc5ef903dfd906b4fd7902 |
|
dev-w7kjs2xm5elgzkn0.us.auth0.com/ | Name: did Value: s%3Av0%3A54aa3220-75f9-11ed-b9d8-73657be894d0.zBeeJ7szEI%2B%2FnS1iqFnO3cMlzUfMeLmo6Ru0i2a9WgY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dev-w7kjs2xm5elgzkn0.us.auth0.com
netflick.azurewebsites.net
stackpath.bootstrapcdn.com
104.16.170.253
104.18.10.207
52.136.50.1
03d947af5493e0230190abd56c45f03731967b307687b74e4b9dad95ac357a7d
131556b654ab66a0d9a394a2c251cc2d852d7aeca75b562d9788b778b95440f5
34959e43e6ecf368807a84f92ad9aa6e2dcd5f0c5c1e57da55e8f3248d9d9255
4be00de09c2e0e4eb17cc5e6291a4b6afd89e324db56814f89be654d45c996ac
627ec406b21e5c25677e304aa42a3753a2eb49747bcbb9063fed0433d7fd25ab
c932af8957d46ad3b8d8e044395e10d0e857812da69f91435c63d9b3e7731b3d
fb320f9f4b4f9fd8b1c84bb90045cb11352367cf6cca7237dfa53f49097bd824