verificacionetflix.ml

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 4 HTTP transactions. The main IP is 76.223.127.72, located in United States and belongs to AMAZON-02, US. The main domain is verificacionetflix.ml.
TLS certificate: Issued by R3 on April 22nd 2022. Valid for: 3 months.

This is the only time verificacionetflix.ml was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	76.223.127.72 76.223.127.72	16509 (AMAZON-02) (AMAZON-02)
1	52.149.246.247 52.149.246.247	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:86c0:209... 2a00:86c0:2091::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
4	3

2 76.223.127.72 (United States)

ASN16509 (AMAZON-02, US)

verificacionetflix.ml	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.149.246.247 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

external-content.duckduckgo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:86c0:2091::1 (United States)

ASN40027 (NETFLIX-ASN, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	verificacionetflix.ml verificacionetflix.ml	2 KB
1	nflxext.com assets.nflxext.com — Cisco Umbrella Rank: 3487	206 KB
1	duckduckgo.com external-content.duckduckgo.com — Cisco Umbrella Rank: 5339	156 KB
4	3

	Domain	Requested by
2	verificacionetflix.ml	verificacionetflix.ml
1	assets.nflxext.com	verificacionetflix.ml
1	external-content.duckduckgo.com	verificacionetflix.ml
4	3

This site contains no links.

Subject Issuer	Validity	Valid
verificacionetflix.ml R3	`2022-04-22` - `2022-07-21`	3 months	crt.sh
*.duckduckgo.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-05` - `2022-11-26`	a year	crt.sh
*.1.nflxso.net DigiCert TLS RSA SHA256 2020 CA1	`2022-04-14` - `2022-05-17`	a month	crt.sh

This page contains 1 frames:

Primary Page: https://verificacionetflix.ml/
Frame ID: 918C391B1797CC50EE3831058F910189
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Netflix

Page Statistics

4
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

363 kB
Transfer

363 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
verificacionetflix.ml/ 2 KB
1 KB 160ms
70ms Document
text/html 76.223.127.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://verificacionetflix.ml/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

76.223.127.72 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

3b63b85dec0d1756460bee11fc3de64c961390d0b6ca8bd07757ba4335c7181b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
age: 474
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="index.html"
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 22 Apr 2022 05:44:58 GMT
etag: W/"3b63b85dec0d1756460bee11fc3de64c961390d0b6ca8bd07757ba4335c7181b"
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-cache: HIT
x-vercel-id: iad1:iad1::pxtzn-1650606298416-8d48b3fe1ffd

GET
H2 200 index.css
verificacionetflix.ml/ 2 KB
942 B 30ms
30ms Stylesheet
text/css 76.223.127.72
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://verificacionetflix.ml/index.css

Requested by

Host: verificacionetflix.ml
URL: https://verificacionetflix.ml/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

76.223.127.72 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

fbcca89444d52fb6f81cb6a40ab29b4e081fbeab3f0282639cd39615aa192252

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://verificacionetflix.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 22 Apr 2022 05:44:58 GMT
content-encoding: br
server: Vercel
age: 113
x-vercel-id: iad1:iad1::pxtzn-1650606298510-f7518c22a230
etag: W/"fbcca89444d52fb6f81cb6a40ab29b4e081fbeab3f0282639cd39615aa192252"
strict-transport-security: max-age=63072000
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
content-disposition: inline; filename="index.css"
x-vercel-cache: HIT

GET
H2 200 /
external-content.duckduckgo.com/iu/ 154 KB
156 KB 116ms
52ms Image
image/png 52.149.246.247
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fyetiograch.pl%2Fwp-content%2Fuploads%2F2016%2F01%2FNetflix-Logo.png&f=1&nofb=1

Requested by

Host: verificacionetflix.ml
URL: https://verificacionetflix.ml/

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

52.149.246.247 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

82f66f496a7682cbbacc862ce6cec43ccbd9d19cff8a056301bd70ccaed9c446

Security Headers

Name	Value
Content-Security-Policy	default-src 'none' ; connect-src https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; manifest-src https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; media-src https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; script-src blob: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; img-src data: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; style-src https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-src blob: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; form-action https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://verificacionetflix.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-duckduckgo-locale: en_US
strict-transport-security: max-age=31536000
referrer-policy: origin
server: nginx
date: Fri, 22 Apr 2022 05:44:58 GMT
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
content-type: image/png
x-xss-protection: 1;mode=block
cache-control: max-age=31536000
permissions-policy: interest-cohort=()
content-security-policy: default-src 'none' ; connect-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; manifest-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; media-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; script-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; img-src data: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; style-src https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-src blob: https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; form-action https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ;
x-content-type-options: nosniff
expires: Sat, 22 Apr 2023 05:44:58 GMT

GET
H/1.1 200
OK MX-es-20220411-popsignuptwoweeks-perspective_alpha_website_medium.jpg
assets.nflxext.com/ffe/siteui/vlv3/8459cea4-79ab-4f27-9ef0-a7c92a30a9bb/33a014db-d0a9-4f93-8cb4-35c61c35b4f0/ 205 KB
206 KB 176ms
99ms Image
image/jpeg 2a00:86c0:2091::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/vlv3/8459cea4-79ab-4f27-9ef0-a7c92a30a9bb/33a014db-d0a9-4f93-8cb4-35c61c35b4f0/MX-es-20220411-popsignuptwoweeks-perspective_alpha_website_medium.jpg
Requested by: Host: verificacionetflix.ml
URL: https://verificacionetflix.ml/index.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2091::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 3f96f766c48c5914dd86c0c70ca2362b40dbce24de9061b8eab405087584b5f3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://verificacionetflix.ml/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 22 Apr 2022 05:44:58 GMT
Last-Modified: Wed, 13 Apr 2022 12:51:43 GMT
Server: nginx
Content-MD5: mrchSteRvw0/dZbJ0F1How==
Content-Type: image/jpeg
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 210286
Expires: Fri, 29 Apr 2022 05:44:59 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nflxext.com
external-content.duckduckgo.com
verificacionetflix.ml
2a00:86c0:2091::1
52.149.246.247
76.223.127.72
3b63b85dec0d1756460bee11fc3de64c961390d0b6ca8bd07757ba4335c7181b
3f96f766c48c5914dd86c0c70ca2362b40dbce24de9061b8eab405087584b5f3
82f66f496a7682cbbacc862ce6cec43ccbd9d19cff8a056301bd70ccaed9c446
fbcca89444d52fb6f81cb6a40ab29b4e081fbeab3f0282639cd39615aa192252

verificacionetflix.ml Open in urlscan Pro 76.223.127.72 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

4 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

363 kBTransfer

363 kBSize

0 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

verificacionetflix.ml Open in urlscan Pro
76.223.127.72 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

363 kB
Transfer

363 kB
Size

0
Cookies

4 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!