![](/screenshots/50f9502f-d18d-4394-ac3d-8185edea49b9.png)
verify-netflix.de
Open in
urlscan Pro
104.21.58.88
Malicious Activity!
Public Scan
Submission: On February 25 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on February 25th 2024. Valid for: 3 months.
This is the only time verify-netflix.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 104.21.58.88 104.21.58.88 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
4 | 2606:4700:303... 2606:4700:3035::ac43:9e68 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
verify-netflix.de
verify-netflix.de |
530 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 729 |
30 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
12 | verify-netflix.de |
verify-netflix.de
|
1 | code.jquery.com |
verify-netflix.de
|
14 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.netflix.com |
help.netflix.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
verify-netflix.de GTS CA 1P5 |
2024-02-25 - 2024-05-25 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://verify-netflix.de/nf
Frame ID: 8486E96217D01BE5BEC5303478FC2DB4
Requests: 14 HTTP requests in this frame
3 Outgoing links
These are links going to different origins than the main page.
Title: Gift Card Terms
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy Statement
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
nf
verify-netflix.de/ |
59 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
foundation.min.css
verify-netflix.de/assets/nf/css/ |
138 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.css
verify-netflix.de/assets/nf/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
actions.js
verify-netflix.de/assets/js/ |
644 B 567 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
verify-netflix.de/assets/nf/css/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fb.png
verify-netflix.de/assets/nf/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
verify-netflix.de/assets/nf/js/vendor/ |
265 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
what-input.js
verify-netflix.de/assets/nf/js/vendor/ |
13 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
foundation.min.js
verify-netflix.de/assets/nf/js/vendor/ |
479 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
large.jpg
verify-netflix.de/assets/nf/img/ |
330 KB 331 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
action
verify-netflix.de/apis/lr/ |
25 B 522 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
active
verify-netflix.de/apis/lr/ |
25 B 522 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST |
action
verify-netflix.de/apis/lr/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- verify-netflix.de
- URL
- https://verify-netflix.de/apis/lr/action
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| CbfITUOTE object| dxAYRiw function| $ function| jQuery string| lrbank string| lrinfo object| whatInput object| Foundation1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
verify-netflix.de/ | Name: PHPSESSID Value: te29r3qdge1h0vl2a3i98nj5r2 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
verify-netflix.de
verify-netflix.de
104.21.58.88
2606:4700:3035::ac43:9e68
2a04:4e42:200::649
14c3104e2568b9e9c7d1e883858bdde6241a0c70fd33aa6111eb0316acfd61d6
1682ba33f8ebfcd59a6829125863ca509d6fc9237a3add4378b39694f046d947
17fbb1f9e0c56be3310782a1ab8a2177896a879c03cab6540b1903ef8e971ae8
3160a5af41fcdd11075c6d9e50c91790151aefd58e4a1416ab5fd9ef230e0033
3290f81062ea33808a7efab4556f53b7966dba902e27d00d224ed4b745e466bb
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
6de1ea718e7d9fc8b4ac19f02aab09b379752c6484cb046ca3da7fddc8b4975b
72a83ab77aa94822f4a42349bbbd1b8875161fe9cfea1f2cdb4d4f8f2601622f
c1cbbd152a050ee0dc982af665d16b3508db3942527b4b1d65aff0127244ac9e
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
f2e7d62dc08c337882b1768df07acc2da54141ad51ae2df68a2f6bd05d7b4816
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e