www.netflixmesgratis.com
Open in
urlscan Pro
209.239.122.253
Malicious Activity!
Public Scan
Submission: On May 18 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on May 18th 2020. Valid for: 3 months.
This is the only time www.netflixmesgratis.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 209.239.122.253 209.239.122.253 | 30083 (AS-30083-...) (AS-30083-GO-DADDY-COM-LLC) | |
4 | 2a00:86c0:209... 2a00:86c0:2091::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
4 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
14 | 4 |
ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: usve263091.serverprofi24.com
www.netflixmesgratis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
nflxext.com
codex.nflxext.com assets.nflxext.com |
714 KB |
4 |
netflixmesgratis.com
www.netflixmesgratis.com |
2 MB |
14 | 2 |
Domain | Requested by | |
---|---|---|
4 | assets.nflxext.com |
www.netflixmesgratis.com
|
4 | codex.nflxext.com |
www.netflixmesgratis.com
|
4 | www.netflixmesgratis.com |
www.netflixmesgratis.com
codex.nflxext.com |
14 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
help.netflix.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
netflixmesgratis.com Let's Encrypt Authority X3 |
2020-05-18 - 2020-08-16 |
3 months | crt.sh |
*.1.nflxso.net DigiCert SHA2 Secure Server CA |
2020-05-11 - 2020-06-12 |
a month | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.netflixmesgratis.com/
Frame ID: C9FB9B6B75815737DF91D293F890DD89
Requests: 14 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- headers server /php\/?([\d.]+)?/i
CentOS (Operating Systems) Expand
Detected patterns
- headers server /CentOS/i
OpenSSL (Web Server Extensions) Expand
Detected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Perguntas frequentes
Search URL Search Domain Scan URL
Title: Centro de ajuda
Search URL Search Domain Scan URL
Title: Termos de uso
Search URL Search Domain Scan URL
Title: Privacidade
Search URL Search Domain Scan URL
Title: Preferências de cookies
Search URL Search Domain Scan URL
Title: Informações corporativas
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.netflixmesgratis.com/ |
425 KB 426 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-v510011b3/js/js/bootstrap.js,common%7Cbootstrap.js/2/4P034n4m4a05464w4O070p004Q4r4h4y4p4I4d4x4k4A4f4e0b024L/bck/true/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-v510011b3/js/js/signup%7Csimplicity%7CsimpleSignupClient.js/2/4P034n4m4a05464w4O070p004Q4r4h4y4p4I4d4x4k4A4f4e0b024L/l/true/ |
1 MB 454 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebsiteDetect
www.netflixmesgratis.com/personalization/cl2/freeform/ |
425 KB 426 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-v510011b3/css/css/less%7Ccore%7Cerror-page.less/1/vFxN3twJi9EKM/none/true/ |
20 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-v510011b3/css/css/less%7Cpages%7Csignup%7Csimplicity%7Csimplicity.less/1/vFxN3twJi9EKM/none/true/ |
257 KB 41 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Checkmark.png
assets.nflxext.com/ffe/siteui/acquisition/simplicity/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
NetflixSans_W_Rg.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
NetflixSans_W_Md.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ |
72 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NetflixSans_W_Rg.woff
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
66 KB 67 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NetflixSans_W_Md.woff
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
67 KB 67 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
log
www.netflixmesgratis.com/personalization/ |
425 KB 426 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
cl2
www.netflixmesgratis.com/personalization/ |
425 KB 426 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- assets.nflxext.com
- URL
- https://assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Rg.woff2
- Domain
- assets.nflxext.com
- URL
- https://assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Md.woff2
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| netflix object| Codex object| C object| global object| process object| util function| jQuery object| jQuery11110081069577544899070 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
codex.nflxext.com
www.netflixmesgratis.com
assets.nflxext.com
209.239.122.253
2a00:86c0:2090::1
2a00:86c0:2091::1
088ee326c83393bfaf68af92cf188b04691a9d4da1e3b01c3f3c8bbb18336fe1
421fda28f37b12f33bd0d268a14a0acc0b996b69497896fe66f4f4681bdf0c9c
640d78f35663f4d233c9ce3967ae4a7deb4c28d2d3f60ff75d9335e37a3c2573
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
c92decd92a0491b9fdc651bd8a19b3ddc80dd869d507834aaaf7568b2a8f56db
d5cd1f72be8cda99b5715b173c8ae0b859debc7952e75ff97c68ea04f05e192c
e8d15d7eab9d2955a6dff5f6f630550453cfd383055e302234c36ff621045871
f16eeb16216daaec7e3832ca00c952b82cdc5517167e0c796f9c5289e768e419
f53ac195ec4f0492c102de25e9bf0d44e5de30522476b5dde94c0d87f6c5f01e