35.156.183.71
Open in
urlscan Pro
35.156.183.71
Malicious Activity!
Public Scan
Submission: On July 22 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on July 21st 2022. Valid for: 3 months.
This is the only time 35.156.183.71 was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 35.156.183.71 35.156.183.71 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
1 | 192.225.158.3 192.225.158.3 | 30286 (THM) (THM) | |
1 3 | 185.32.241.65 185.32.241.65 | 30286 (THM) (THM) | |
18 | 5 |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-183-71.eu-central-1.compute.amazonaws.com
35.156.183.71 |
ASN40027 (NETFLIX-ASN, US)
codex.nflxext.com | |
assets.nflxext.com |
ASN30286 (THM, US)
PTR: d.aa.online-metrix.net
lg9m47phhsdv5jzqqhvefvj6wvvitlpl6rgadbjh9b2a69f8f1e128cfsac.d.aa.online-metrix.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
nflxext.com
codex.nflxext.com — Cisco Umbrella Rank: 71206 assets.nflxext.com — Cisco Umbrella Rank: 2121 |
740 KB |
3 |
netflix.com
www.netflix.com Failed secured.netflix.com — Cisco Umbrella Rank: 244582 |
1 KB |
1 |
online-metrix.net
lg9m47phhsdv5jzqqhvefvj6wvvitlpl6rgadbjh9b2a69f8f1e128cfsac.d.aa.online-metrix.net |
438 B |
0 |
Failed
function sub() { [native code] }. Failed |
|
18 | 4 |
Domain | Requested by | |
---|---|---|
8 | assets.nflxext.com |
35.156.183.71
codex.nflxext.com |
4 | codex.nflxext.com |
35.156.183.71
|
3 | secured.netflix.com |
1 redirects
35.156.183.71
|
1 | lg9m47phhsdv5jzqqhvefvj6wvvitlpl6rgadbjh9b2a69f8f1e128cfsac.d.aa.online-metrix.net |
35.156.183.71
|
0 | www.netflix.com Failed |
35.156.183.71
|
0 | mhtml.blink Failed |
35.156.183.71
|
18 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.netflix.com |
help.netflix.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
acessando-contassl0.dns.army R3 |
2022-07-21 - 2022-10-19 |
3 months | crt.sh |
*.1.nflxso.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-06-27 - 2022-07-29 |
a month | crt.sh |
*.d.aa.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1 |
2022-02-23 - 2023-03-27 |
a year | crt.sh |
secured.netflix.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-01-11 - 2023-02-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://35.156.183.71/pagamento.html
Frame ID: DF0EE51F6A60B78B4E0E34C537D05EA7
Requests: 18 HTTP requests in this frame
9 Outgoing links
These are links going to different origins than the main page.
Title: Netflix
Search URL Search Domain Scan URL
Title: Sair
Search URL Search Domain Scan URL
Title: Dúvidas? Entre em contato.
Search URL Search Domain Scan URL
Title: Perguntas frequentes
Search URL Search Domain Scan URL
Title: Centro de ajuda
Search URL Search Domain Scan URL
Title: Termos de uso
Search URL Search Domain Scan URL
Title: Privacidade
Search URL Search Domain Scan URL
Title: Preferências de cookies
Search URL Search Domain Scan URL
Title: Informações corporativas
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=0a04b491-475e-47cc-b05c-2bdb6c2aa842&m=2 HTTP 302
- https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=0a04b491-475e-47cc-b05c-2bdb6c2aa842&k=1
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
pagamento.html
35.156.183.71/ |
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css-4af8bc85-1ce5-4620-b43e-0c87c1f8a88b@mhtml.blink
/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-vcec1d133/js/js/bootstrap.js,common%7Cbootstrap.js/2/4R034p4o4b4q05474y4Q070q004S4t4A4r4K4e4z4m4C4g4f0b024N4l/bck/true/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-vcec1d133/js/js/signup%7Csimplicity%7CsimpleSignupClient.js/2/4R034p4o4b4q05474y4Q070q004S4t4A4r4K4e4z4m4C4g4f0b024N4l/l/true/ |
2 MB 455 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
WebsiteDetect
www.netflix.com/personalization/cl2/freeform/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-vcec1d133/css/css/less%7Ccore%7Cerror-page.less/1/wGyO3xKi9FLN/none/true/ |
20 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-vcec1d133/css/css/less%7Cpages%7Csignup%7Csimplicity%7Csimplicity.less/1/wGyO3xKi9FLN/none/true/ |
257 KB 41 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
lg9m47phhsdv5jzqqhvefvj6wvvitlpl6rgadbjh9b2a69f8f1e128cfsac.d.aa.online-metrix.net/fp/ |
81 B 438 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
visa.svg
assets.nflxext.com//ffe/siteui/acquisition/payment/svg/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mastercard.svg
assets.nflxext.com//ffe/siteui/acquisition/payment/svg/ |
8 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
amex.svg
assets.nflxext.com//ffe/siteui/acquisition/payment/svg/ |
7 KB 8 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
elo.svg
assets.nflxext.com//ffe/siteui/acquisition/payment/svg/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hipercard.svg
assets.nflxext.com//ffe/siteui/acquisition/payment/svg/ |
35 KB 35 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
secured.netflix.com/fp/ Redirect Chain
|
81 B 474 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NetflixSans_W_Rg.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
52 KB 52 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
secured.netflix.com/fp/ |
81 B 474 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NetflixSans_W_Md.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
53 KB 53 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ |
72 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- mhtml.blink
- URL
- cid:css-4af8bc85-1ce5-4620-b43e-0c87c1f8a88b@mhtml.blink
- Domain
- www.netflix.com
- URL
- https://www.netflix.com/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=signupSimplicity-planSelectionWithContext
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
secured.netflix.com/ | Name: thx_guid Value: b81bdb22672f487d8a3dc1b6121ba307 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
codex.nflxext.com
lg9m47phhsdv5jzqqhvefvj6wvvitlpl6rgadbjh9b2a69f8f1e128cfsac.d.aa.online-metrix.net
mhtml.blink
secured.netflix.com
www.netflix.com
mhtml.blink
www.netflix.com
185.32.241.65
192.225.158.3
2a00:86c0:2090::1
35.156.183.71
84f0691ff963a94b675bd3bdfe5cd25f01d5964459cdfeb0131bd97bc3dfa2ac
8ba1ccdf3062f0b12b673c4f6822e315e813a057b2581036403ea24d3bc05506
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
98351a35f23312c149c5fd1431b3a8d6df7d5975f2fde233957918b2f7dc3abd
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e
b96694bf82ec1bbc8bcbae7103682af5a0532f69cacac5b4ba5147c657ab7b10
bb49f95d0605a60ce929973438b01ec365e16ba7d4cfae4474cd54e7934781b6
c01afef739ad9a8d74e4aa603713f52ee42210a89543f86adb7fa2d9e3a04466
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167
c92decd92a0491b9fdc651bd8a19b3ddc80dd869d507834aaaf7568b2a8f56db
cd0f249968e75d025fd0d5c3fa4a4789c621b20539cc982d61d6161901ccbef4
d58ace4a499345d17fa2758de064ae44388f74e89f064b2a5794841e75b913f2
f8874b325bb8bddd0e7bb51fc6c7264d6ef8af430c70ec22f2f561dd4a10ed85