lifereview.ga
Open in
urlscan Pro
187.17.111.99
Malicious Activity!
Public Scan
Submission: On June 30 via manual from HU
Summary
This is the only time lifereview.ga was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 187.17.111.99 187.17.111.99 | 7162 (Universo ...) (Universo Online S.A.) | |
3 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN - Netflix Streaming Services Inc.) | |
2 | 2a02:26f0:6c0... 2a02:26f0:6c00:297::33c4 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a01:578:3::b... 2a01:578:3::b022:81a9 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
11 | 4 |
ASN40027 (NETFLIX-ASN - Netflix Streaming Services Inc., US)
codex.nflxext.com |
ASN20940 (AKAMAI-ASN1, US)
assets.nflxext.com | |
ae.nflximg.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
www.netflix.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
nflxext.com
codex.nflxext.com assets.nflxext.com |
423 KB |
4 |
lifereview.ga
lifereview.ga |
139 KB |
2 |
netflix.com
www.netflix.com |
1022 B |
1 |
nflximg.net
ae.nflximg.net |
|
11 | 4 |
Domain | Requested by | |
---|---|---|
4 | lifereview.ga |
lifereview.ga
codex.nflxext.com |
3 | codex.nflxext.com |
lifereview.ga
|
2 | www.netflix.com |
codex.nflxext.com
lifereview.ga |
1 | ae.nflximg.net |
lifereview.ga
|
1 | assets.nflxext.com |
lifereview.ga
|
11 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
help.netflix.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh | |
*.1.nflxso.net DigiCert SHA2 Secure Server CA |
2019-06-26 - 2019-08-10 |
a month | crt.sh |
assets.nflxext.com DigiCert SHA2 Secure Server CA |
2018-03-09 - 2020-03-09 |
2 years | crt.sh |
www.netflix.com DigiCert SHA2 Secure Server CA |
2018-02-07 - 2020-02-07 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://lifereview.ga/net/
Frame ID: E5A3220B4462BB0F07C13E06FD142E7D
Requests: 10 HTTP requests in this frame
Frame:
https://ae.nflximg.net/monet/scripts/adtech_iframe_target_04.html?data=%7B%22membership_status%22%3A%22NON_REGISTERED_MEMBER%22%2C%22country%22%3A%22BR%22%2C%22source%22%3A%22https%3A%2F%2Fwww.netflix.com%2Fbr%2F%22%2C%22fbaId%22%3A%2284b74bef-1e20-4f5b-995a-be3a84dcaa5f%22%2C%22is_member%22%3A%22anonymous%22%2C%22wasFormerMember%22%3Afalse%2C%22referrer%22%3A%22registration%22%7D
Frame ID: F81442DF21E8E71C1D24AF447AD2B07D
Requests: 1 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
Title: Common questions
Search URL Search Domain Scan URL
Title: Help center
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Cookie Preferences
Search URL Search Domain Scan URL
Title: Corporate Information
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
lifereview.ga/net/ |
623 KB 115 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none.js
lifereview.ga/net/js/ |
13 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none1.js
lifereview.ga/net/js/ |
56 KB 19 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-css-vf7fb5ef5/css/css/less%7Cpages%7Csignup%7Csimplicity%7Csimplicity.less/1/zN4H9wGRUOIMTY/none/true/ |
152 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-js-vf7fb5ef5/js/js/bootstrap.js,common%7Cbootstrap.js/2/4Y034Q4t4r4e4v0g084a4A4X070u014Z4z4m4C4w0d4O4L4i4B4p4E4k4j024T/bck/true/ |
24 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-js-vf7fb5ef5/js/js/signup%7Csimplicity%7CsimpleSignupClient.js/2/4Y034Q4t4r4e4v0g084a4A4X070u014Z4z4m4C4w0d4O4L4i4B4p4E4k4j024T/l/true/ |
1 MB 319 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ |
72 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
adtech_iframe_target_04.html
ae.nflximg.net/monet/scripts/ Frame F814 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
log
lifereview.ga/ichnaea/ |
209 B 394 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
cl2
www.netflix.com/ichnaea/ |
0 0 |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
cl2
www.netflix.com/ichnaea/ |
0 1022 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| netflix object| Codex object| C object| global object| process object| __core-js_shared__ object| util function| jQuery object| jQuery111104546676297259813 object| html5 object| Modernizr0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ae.nflximg.net
assets.nflxext.com
codex.nflxext.com
lifereview.ga
www.netflix.com
187.17.111.99
2a00:86c0:2090::1
2a01:578:3::b022:81a9
2a02:26f0:6c00:297::33c4
7ad8c8c2d47662b3de7b09f5c789b09cbe453c66f7fa6fde6c9c7ab6c77bc3d1
85711c837e10e4a427025949ce5fc2edee7f54046585909ccab242452f4fd2a1
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
b83acf481c9581ab9bad014f4a5d946c4a4a59358ce0541eca1e7631ac3e0861
cda3c88b41c89240e77591f59de23312fcef9cb00f5d83fc953700a4247ba218
d7db0e1244fa029b903168f6a0b21bdc0cd0d98b6e2e8c7b39283a38d559b581
e27be853bc076807f383e8a42ab96d75fc39d91988c2d0b1272fcf2c0c48672e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fc185f2b963e204610ddf550f9a5dafcb0cb9b59d5e1bda933dd0962ec818c1c