leadsmomentum.net
Open in
urlscan Pro
2a06:98c1:3120::c
Malicious Activity!
Public Scan
Submission: On January 18 via automatic, source openphish — Scanned from NL
Summary
TLS certificate: Issued by E1 on December 5th 2022. Valid for: 3 months.
This is the only time leadsmomentum.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 2a06:98c1:312... 2a06:98c1:3120::c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 2a00:86c0:209... 2a00:86c0:2091::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
1 3 | 91.235.134.23 91.235.134.23 | 30286 (THM) (THM) | |
18 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
leadsmomentum.net
leadsmomentum.net |
318 KB |
7 |
nflxext.com
assets.nflxext.com — Cisco Umbrella Rank: 1250 |
89 KB |
3 |
netflix.com
1 redirects
secured.netflix.com — Cisco Umbrella Rank: 250991 |
1 KB |
18 | 3 |
Domain | Requested by | |
---|---|---|
9 | leadsmomentum.net |
leadsmomentum.net
|
7 | assets.nflxext.com |
leadsmomentum.net
|
3 | secured.netflix.com |
1 redirects
leadsmomentum.net
|
18 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.netflix.com |
www.verisign.com |
help.netflix.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.leadsmomentum.net E1 |
2022-12-05 - 2023-03-05 |
3 months | crt.sh |
*.1.nflxso.net DigiCert Secure Site ECC CA-1 |
2022-12-24 - 2023-01-24 |
a month | crt.sh |
secured.netflix.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-01-11 - 2023-02-08 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://leadsmomentum.net/dee.chpr/NETFLIX/YourAccountPayment/
Frame ID: A82E93D896BC742B483F768E0B011B6A
Requests: 15 HTTP requests in this frame
Frame:
https://leadsmomentum.net/dee.chpr/NETFLIX/YourAccountPayment/js/ls_fp.html
Frame ID: 2B7D4765935A6C30956A663D9F7B4E93
Requests: 3 HTTP requests in this frame
8 Outgoing links
These are links going to different origins than the main page.
Title: Netflix
Search URL Search Domain Scan URL
Title: Sign Out
Search URL Search Domain Scan URL
Title: Your Account
Search URL Search Domain Scan URL
Title: ABOUT TRUST ONLINE
Search URL Search Domain Scan URL
Title: Questions? Contact us.
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Cookie Preferences
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=060FE70C-23F7-45C7-0DA7-6CAAF3A3D8C7&m=1 HTTP 302
- https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=060fe70c-23f7-45c7-0da7-6caaf3a3d8c7&k=1
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
leadsmomentum.net/dee.chpr/NETFLIX/YourAccountPayment/ |
225 KB 43 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
z.css
leadsmomentum.net/dee.chpr/NETFLIX/YourAccountPayment/js/ |
98 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clear_003.png
leadsmomentum.net/dee.chpr/NETFLIX/YourAccountPayment/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
clear_002.png
leadsmomentum.net/dee.chpr/NETFLIX/YourAccountPayment/js/ |
81 B 654 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
question_mark.png
leadsmomentum.net/dee.chpr/NETFLIX/YourAccountPayment/js/ |
564 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
clear.png
leadsmomentum.net/dee.chpr/NETFLIX/YourAccountPayment/js/ |
81 B 612 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bk.js
leadsmomentum.net/dee.chpr/NETFLIX/YourAccountPayment/js/ |
899 KB 254 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
carrot_sprite_16x33.png
assets.nflxext.com/en_us/layout/ecweb/common/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
12_11_2014_icon_visa_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
859 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10_18_2014_icon_master_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
833 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10_18_2014_icon_amex_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
525 B 844 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10_18_2014_icon_discovery_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
886 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-80.woff
assets.nflxext.com/ffe/siteui/fonts/ |
78 KB 78 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ls_fp.html
leadsmomentum.net/dee.chpr/NETFLIX/YourAccountPayment/js/ Frame 2B7D |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
paypal.png
assets.nflxext.com/en_us/layout/ecweb/payment/icons/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
secured.netflix.com/fp/ Redirect Chain
|
81 B 474 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
clear.png
leadsmomentum.net/dee.chpr/NETFLIX/YourAccountPayment/js/ls_fp_data/ Frame 2B7D |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
secured.netflix.com/fp/ Frame 2B7D |
0 387 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| oncontentvisibilityautostatechange object| netflix object| Requireify function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
secured.netflix.com/ | Name: thx_guid Value: effdd4271473416795a41ee019ab66c7 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
leadsmomentum.net
secured.netflix.com
2a00:86c0:2091::1
2a06:98c1:3120::c
91.235.134.23
2555364bdd6374d0c273c69322f2f78554c02fe630ee6582eeb2d2c9031d1a9d
4958e4d47607004834b13d3c29d91f8c15b2ab2c488a15d9745a039e970f0bf3
4c7554307ad23e5fce8c5f39196c7e88840b2c61afcbb44ae30ef6e10f16d7e1
694668a605f294bff15137923aadc4576ef0fbc158f035e1bcedf521a6cf1fd8
7ed65da4bcdc5f0f68d20f2b489f2f1e4df6d5b1235ece01afd24624126be504
89600f34c7033ed7ecf8d5163def92f40ff5c01c64732bc303d05f5f088bf821
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
973576ba6483c6c75d1d55339c1cac5d742abef700ede0903341ab222a2ee7c2
a47661d7ad003fe7df9ac30d1ce3b984dd9186b676f77b41e0d53f2f4ce4ac8b
cc5859d74f8cde62e1cdeeea341f85f9725d4f4398f58203aa1e5080faf1685a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
efb09c24d38a6e7492ffd2cab4ae46ebfd96bd3d3ceb4a84b6b515dc677b4e66
f878f94a441977a2a0ec43492ea6a7c6910cfc773b38d2d71eb917e63ff8db98
f8a13e32f7929406e31f64a8d276947ed5b5d3a62301e16e1a6fe755b6ae4988