additive-conseil.fr
Open in
urlscan Pro
2001:bc8:4::3
Malicious Activity!
Public Scan
Effective URL: http://additive-conseil.fr/Netflix.com.au/Support/Account/activation/update/login.php
Submission: On June 01 via manual from US
Summary
This is the only time additive-conseil.fr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 134.70.24.1 134.70.24.1 | 31898 (ORACLE-BM...) (ORACLE-BMC-31898) | |
2 3 | 2001:bc8:4::3 2001:bc8:4::3 | 12876 (Online SAS) (Online SAS) | |
7 | 2a00:86c0:209... 2a00:86c0:2091::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
1 | 62.210.16.62 62.210.16.62 | 12876 (Online SAS) (Online SAS) | |
6 | 2606:4700::68... 2606:4700::6810:9440 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:10:... 2606:4700:10::6814:b844 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
19 | 7 |
ASN31898 (ORACLE-BMC-31898, US)
objectstorage.us-ashburn-1.oraclecloud.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
nflxext.com
codex.nflxext.com assets.nflxext.com |
698 KB |
6 |
cookielaw.org
cdn.cookielaw.org |
108 KB |
4 |
additive-conseil.fr
2 redirects
additive-conseil.fr www.additive-conseil.fr |
35 KB |
1 |
onetrust.com
geolocation.onetrust.com |
407 B |
1 |
oraclecloud.com
objectstorage.us-ashburn-1.oraclecloud.com |
1 KB |
19 | 5 |
Domain | Requested by | |
---|---|---|
6 | cdn.cookielaw.org |
additive-conseil.fr
cdn.cookielaw.org |
4 | codex.nflxext.com |
additive-conseil.fr
|
3 | assets.nflxext.com |
additive-conseil.fr
codex.nflxext.com |
3 | additive-conseil.fr |
2 redirects
additive-conseil.fr
|
1 | geolocation.onetrust.com |
cdn.cookielaw.org
|
1 | www.additive-conseil.fr |
additive-conseil.fr
|
1 | objectstorage.us-ashburn-1.oraclecloud.com | |
19 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
policies.google.com |
help.netflix.com |
optout.aboutads.info |
onetrust.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
objectstorage.us-ashburn-1.oraclecloud.com DigiCert SHA2 Secure Server CA |
2020-04-23 - 2021-06-22 |
a year | crt.sh |
*.1.nflxso.net DigiCert SHA2 Secure Server CA |
2021-05-15 - 2021-06-15 |
a month | crt.sh |
additive-conseil.fr R3 |
2021-04-20 - 2021-07-19 |
3 months | crt.sh |
cookielaw.org Cloudflare Inc ECC CA-3 |
2020-07-01 - 2021-07-01 |
a year | crt.sh |
onetrust.com Cloudflare Inc ECC CA-3 |
2021-02-12 - 2022-02-11 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://additive-conseil.fr/Netflix.com.au/Support/Account/activation/update/login.php
Frame ID: EC5DCEF479F04377BA2E865B56DCFAD4
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://objectstorage.us-ashburn-1.oraclecloud.com/p/nyYeDcUqQbMp61adSmP7k0ALWJXt7DNnOQ4A6TXr1MNAYKz_codvwsmMZOOuyrNc/n/idiodag... Page URL
- http://additive-conseil.fr/Netflix.com.au/Support/Account/activation/update/login.php Page URL
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: FAQ
Search URL Search Domain Scan URL
Title: Help Center
Search URL Search Domain Scan URL
Title: Corporate Information
Search URL Search Domain Scan URL
Title: Cookies and Internet Advertising
Search URL Search Domain Scan URL
Title: Privacy Statement.
Search URL Search Domain Scan URL
Title: here.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://objectstorage.us-ashburn-1.oraclecloud.com/p/nyYeDcUqQbMp61adSmP7k0ALWJXt7DNnOQ4A6TXr1MNAYKz_codvwsmMZOOuyrNc/n/idiodagmlroe/b/b4d1a1e7-d03e-4035-b910-b8d6d09900deb4d1a1e7-d03e-4035-b910-b8d6d09900deb4d1a1e7-d03e-4035-b910-b8d6d09900de/o/b4d1a1e7-d03e-4035-b910-b8d6d09900deb4d1a1e7-d03e-4035-b910-b8d6d09900de/000000000000000000000000000000000000000000 Page URL
- http://additive-conseil.fr/Netflix.com.au/Support/Account/activation/update/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- http://additive-conseil.fr/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=login HTTP 301
- https://additive-conseil.fr/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=login HTTP 301
- https://www.additive-conseil.fr/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=login
- http://additive-conseil.fr/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=js&modalView=login HTTP 301
- https://additive-conseil.fr/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=js&modalView=login
- http://additive-conseil.fr/personalization/cl2/freeform/WebsiteScreen?source=wwwhead&fetchType=js&winw=1600&winh=1200&screenw=1600&screenh=1200&ratio=1 HTTP 301
- https://additive-conseil.fr/personalization/cl2/freeform/WebsiteScreen?source=wwwhead&fetchType=js&winw=1600&winh=1200&screenw=1600&screenh=1200&ratio=1
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
000000000000000000000000000000000000000000
objectstorage.us-ashburn-1.oraclecloud.com/p/nyYeDcUqQbMp61adSmP7k0ALWJXt7DNnOQ4A6TXr1MNAYKz_codvwsmMZOOuyrNc/n/idiodagmlroe/b/b4d1a1e7-d03e-4035-b910-b8d6d09900deb4d1a1e7-d03e-4035-b910-b8d6d09900... |
201 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
additive-conseil.fr/Netflix.com.au/Support/Account/activation/update/ |
199 KB 34 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-js-v9ea20e9d/js/js/bootstrap.js,common%7Cbootstrap.js/2/0b2H3i022V2M2X052I303h070m003j2_3d2S322Y3c2O31340a013e0O/bck/true/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-js-v9ea20e9d/js/js/components%7Clogin%7CloginControllerClient.js/2/0b2H3i022V2M2X052I303h070m003j2_3d2S322Y3c2O31340a013e0O/l/true/ |
896 KB 272 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebsiteDetect
www.additive-conseil.fr/personalization/cl2/freeform/ Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-css-v9ea20e9d/css/css/less%7Ccore%7Cerror-page.less/1/ayuCwJ4Hsv9BGI/none/true/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/1.22.5-shakti-css-v9ea20e9d/css/css/less%7Clogin%7CloginBase.less,less%7Cpages%7Clogin%7CLogin.less/1/ayuCwJ4Hsv9BGI/none/true/ |
132 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FR-en-20210524-popsignuptwoweeks-perspective_alpha_website_large.jpg
assets.nflxext.com/ffe/siteui/vlv3/8dc3f88b-a96a-4d8a-af9a-a69e6f3b2506/bb7a5118-ab49-46b1-b42f-d254cdebf2ba/ |
323 KB 323 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FB-f-Logo__blue_57.png
assets.nflxext.com/ffe/siteui/login/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
WebsiteDetect
additive-conseil.fr/personalization/cl2/freeform/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
WebsiteScreen
additive-conseil.fr/personalization/cl2/freeform/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
87b6a5c0-0104-4e96-a291-092c11350111.json
cdn.cookielaw.org/consent/87b6a5c0-0104-4e96-a291-092c11350111/ |
4 KB 2 KB |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ |
72 KB 72 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ |
164 B 407 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.6.0/ |
338 KB 72 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en.json
cdn.cookielaw.org/consent/87b6a5c0-0104-4e96-a291-092c11350111/d8b56389-964b-4a1f-aa83-3a9db8f1b6a4/ |
35 KB 11 KB |
Fetch
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otFlat.json
cdn.cookielaw.org/scripttemplates/6.6.0/assets/ |
12 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otPcTab.json
cdn.cookielaw.org/scripttemplates/6.6.0/assets/ |
57 KB 14 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- additive-conseil.fr
- URL
- https://additive-conseil.fr/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=js&modalView=login
- Domain
- additive-conseil.fr
- URL
- https://additive-conseil.fr/personalization/cl2/freeform/WebsiteScreen?source=wwwhead&fetchType=js&winw=1600&winh=1200&screenw=1600&screenh=1200&ratio=1
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| OptanonWrapper object| netflix object| Codex object| C object| global object| process object| util function| jQuery function| jsonFeed object| otStubData object| Optanon object| OneTrust0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
additive-conseil.fr
assets.nflxext.com
cdn.cookielaw.org
codex.nflxext.com
geolocation.onetrust.com
objectstorage.us-ashburn-1.oraclecloud.com
www.additive-conseil.fr
additive-conseil.fr
134.70.24.1
2001:bc8:4::3
2606:4700:10::6814:b844
2606:4700::6810:9440
2a00:86c0:2091::1
62.210.16.62
0c217819352260f17503b87d07a592584409bb14b7f9817cb501cff48bb0cafb
1b94f9074fc2ef1b63132fc70fe244cc5d5322e5982a80b6273a45a935ae335f
1dd4c3f1ea5b28ca04d4f2391197c4b57ef93d2d79ca0656bf6c5d588408e325
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
4b27429d411b25e69d402d57928be186a16ece667fd2a68ea3556802a3b6690b
5423ee8c983864788ec228f7d57bd875c11cc5af4a517f13ef3501366111a1c0
5fefa6bc00a2fca4d3ca705862d42dfdbb8f69124b2f0cc0896d3c7c2c05890a
6cf1725c6bf472e8a1e23e8fb8c30a77c9d16acaba39656c378559e2a28ccbd9
722171182a1f656e8d502dd5ed5708d5315b1b281536777b78242fb408e0ed9b
8fe6aa483e3c9d132bca6cb76b2b8caa4c37757981d7cb3bce26c79035baef35
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
9b78b8b5f9f92d78da5310000708c14ac0c3e27cc5d1450d1a8ed963c289474a
9ea7f0a7844cada198d1e8a28343cc081d3631c716c9dd53d889e4b7feae04ac
a3e58f09a57da5c716b830397396ccdbd247ee7e9688ebe997cfc6893a3e8c9e
ae407e415a45b6c720d8d61fef8c28756883d0f546a64e7a2969d6174c669951
d9bac1aefff045998fd064ed279defcd96c37a53ee0ee3816d1ebab19c1ff739