netflixbillingupdates.com.0rg.us
Open in
urlscan Pro
154.12.231.86
Malicious Activity!
Public Scan
Effective URL: https://netflixbillingupdates.com.0rg.us/core/
Submission: On June 10 via automatic, source certstream-suspicious — Scanned from US
Summary
TLS certificate: Issued by R11 on June 7th 2024. Valid for: 3 months.
This is the only time netflixbillingupdates.com.0rg.us was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 14 | 154.12.231.86 154.12.231.86 | 40021 (NL-811-40021) (NL-811-40021) | |
2 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
1 | 142.250.80.100 142.250.80.100 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:80d::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2607:f8b0:400... 2607:f8b0:4006:80c::2003 | 15169 (GOOGLE) (GOOGLE) | |
19 | 5 |
ASN40021 (NL-811-40021, US)
PTR: vmi1816267.contaboserver.net
netflixbillingupdates.com.0rg.us |
ASN15169 (GOOGLE, US)
PTR: lga34s36-in-f4.1e100.net
www.google.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
0rg.us
1 redirects
netflixbillingupdates.com.0rg.us |
972 KB |
3 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
33 KB |
2 |
nflxext.com
assets.nflxext.com — Cisco Umbrella Rank: 4653 |
303 KB |
1 |
google.com
www.google.com — Cisco Umbrella Rank: 5 |
7 KB |
19 | 4 |
Domain | Requested by | |
---|---|---|
14 | netflixbillingupdates.com.0rg.us |
1 redirects
netflixbillingupdates.com.0rg.us
|
2 | fonts.gstatic.com |
netflixbillingupdates.com.0rg.us
|
2 | assets.nflxext.com |
netflixbillingupdates.com.0rg.us
|
1 | www.gstatic.com |
netflixbillingupdates.com.0rg.us
|
1 | www.google.com |
netflixbillingupdates.com.0rg.us
|
19 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.netflix.com |
policies.google.com |
help.netflix.com |
www.onetrust.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
billingupdates.info.gf R11 |
2024-06-07 - 2024-09-05 |
3 months | crt.sh |
*.1.nflxso.net DigiCert Secure Site ECC CA-1 |
2024-05-13 - 2024-06-16 |
a month | crt.sh |
*.google.com GTS CA 1C3 |
2024-05-21 - 2024-08-13 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-05-21 - 2024-08-13 |
3 months | crt.sh |
This page contains 5 frames:
Primary Page:
https://netflixbillingupdates.com.0rg.us/core/
Frame ID: 0C115B32BA54AB9D8499116EE39A79A4
Requests: 8 HTTP requests in this frame
Frame:
https://netflixbillingupdates.com.0rg.us/core/Netflix_files/saved_resource(1).html
Frame ID: 82EEFB5C4619BCBF0B7A342AB3850939
Requests: 1 HTTP requests in this frame
Frame:
https://netflixbillingupdates.com.0rg.us/core/Netflix_files/anchor.html
Frame ID: EC0798046CEAD9FD0F1993DFA4CECE65
Requests: 8 HTTP requests in this frame
Frame:
https://netflixbillingupdates.com.0rg.us/core/Netflix_files/saved_resource(2).html
Frame ID: B7317CD3EA5641AABA91C95CE3429D98
Requests: 1 HTTP requests in this frame
Frame:
https://netflixbillingupdates.com.0rg.us/core/Netflix_files/saved_resource.html
Frame ID: 42929D57F0214C8E8258F901C094D520
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
NetflixPage URL History Show full URLs
-
https://netflixbillingupdates.com.0rg.us/
HTTP 302
https://netflixbillingupdates.com.0rg.us/core/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
12 Outgoing links
These are links going to different origins than the main page.
Title: Netflix
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: Questions? Contact us.
Search URL Search Domain Scan URL
Title: FAQ
Search URL Search Domain Scan URL
Title: Help Center
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Cookie Preferences
Search URL Search Domain Scan URL
Title: Corporate Information
Search URL Search Domain Scan URL
Title: Cookies and Internet Advertising
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://netflixbillingupdates.com.0rg.us/
HTTP 302
https://netflixbillingupdates.com.0rg.us/core/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
netflixbillingupdates.com.0rg.us/core/ Redirect Chain
|
218 KB 219 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2
netflixbillingupdates.com.0rg.us/core/Netflix_files/ |
0 215 B |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
base.29784261571369c943e5.css
netflixbillingupdates.com.0rg.us/core/Netflix_files/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MA-en-20240513-popsignuptwoweeks-perspective_alpha_website_large.jpg
assets.nflxext.com/ffe/siteui/vlv3/41c789f0-7df5-4219-94c6-c66fe500590a/f5763314-f3d4-44be-b893-5b3fccca4616/ |
293 KB 293 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saved_resource(1).html
netflixbillingupdates.com.0rg.us/core/Netflix_files/ Frame 82EE |
149 B 390 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
anchor.html
netflixbillingupdates.com.0rg.us/core/Netflix_files/ Frame EC07 |
48 KB 48 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saved_resource(2).html
netflixbillingupdates.com.0rg.us/core/Netflix_files/ Frame B731 |
149 B 390 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Netflix_Logo_PMS.png
netflixbillingupdates.com.0rg.us/core/Netflix_files/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
powered_by_logo.svg
netflixbillingupdates.com.0rg.us/core/Netflix_files/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
netflixbillingupdates.com.0rg.us/core/styles/ |
88 KB 88 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles__ltr.css
netflixbillingupdates.com.0rg.us/core/Netflix_files/ Frame EC07 |
55 KB 55 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
recaptcha__en.js.download
netflixbillingupdates.com.0rg.us/core/Netflix_files/ Frame EC07 |
518 KB 518 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cF9tiRHt4BzQa_gljZbyGUbjFHSRXJeGZWCTLs0pBwQ.js.download
netflixbillingupdates.com.0rg.us/core/Netflix_files/ Frame EC07 |
18 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cF9tiRHt4BzQa_gljZbyGUbjFHSRXJeGZWCTLs0pBwQ.js
www.google.com/js/bg/ Frame EC07 |
18 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame EC07 |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame EC07 |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame EC07 |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saved_resource.html
netflixbillingupdates.com.0rg.us/core/Netflix_files/ Frame 4292 |
149 B 390 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nficon2023.ico
assets.nflxext.com/us/ffe/siteui/common/icons/ |
10 KB 10 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 function| hidenow function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
netflixbillingupdates.com.0rg.us/ | Name: PHPSESSID Value: 2f33090d673777dab8ef3a693677117c |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
fonts.gstatic.com
netflixbillingupdates.com.0rg.us
www.google.com
www.gstatic.com
142.250.80.100
154.12.231.86
2607:f8b0:4006:80c::2003
2607:f8b0:4006:80d::2003
2a00:86c0:2090::1
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
487d9c5def62bc08f6c5d65273f9aaece71f070134169a6a6bc365055be5a92d
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5bcd12a23482b613d33777ad344775720557142681822333b148468a048c0af9
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
675dd7b68acf580f893bec532f5b260b8f984b67734a9a6831334b2ff4aad384
705f6d8911ede01cd06bf8258d96f21946e31474915c97866560932ecd290704
7a86a2eb9fe176a0e5f88a81f7170a8aea01ad4ab9949e68682ccd0664c9ff2b
97f9b10039b05e1af4a3c9b778fc72ba44cf68a376e4ec1d55f2558f16cf3e50
9c5f7722c5df8eb24dda20ecc01c9f73e3103e10052fd980da4e7d9f753a97d3
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
c1f7a7d263b2a73a72ce5e58b20404619468d134bc8bad34b3efa3a22ed698c5
c2dcd05eda965a5ba7a4240e9b9950c1964545000dcb9ad2d3c3c8419373cbe3
e38946e8eda9c1dd0e4be22ed460cc51b44cba42ffaf3899f8ef84e7333908b5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855