urlscan.io logo urlscan.io
SecurityTrails logo

35.156.183.71 Open in urlscan Pro
35.156.183.71  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://35.156.183.71/pagamento.html
Submission: On July 22 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 18 HTTP transactions. The main IP is 35.156.183.71, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is 35.156.183.71.
TLS certificate: Issued by R3 on July 21st 2022. Valid for: 3 months.
This is the only time 35.156.183.71 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
1 35.156.183.71 16509 (AMAZON-02)
12 2a00:86c0:209... 40027 (NETFLIX-ASN)
1 192.225.158.3 30286 (THM)
1 3 185.32.241.65 30286 (THM)
18 5
Apex Domain
Subdomains		 Transfer
12 nflxext.com
codex.nflxext.com — Cisco Umbrella Rank: 71206
assets.nflxext.com — Cisco Umbrella Rank: 2121
740 KB
3 netflix.com
www.netflix.com Failed
secured.netflix.com — Cisco Umbrella Rank: 244582
1 KB
1 online-metrix.net
lg9m47phhsdv5jzqqhvefvj6wvvitlpl6rgadbjh9b2a69f8f1e128cfsac.d.aa.online-metrix.net
438 B
0 Failed
function sub() { [native code] }. Failed
18 4
Domain Requested by
8 assets.nflxext.com 35.156.183.71
codex.nflxext.com
4 codex.nflxext.com 35.156.183.71
3 secured.netflix.com 1 redirects 35.156.183.71
1 lg9m47phhsdv5jzqqhvefvj6wvvitlpl6rgadbjh9b2a69f8f1e128cfsac.d.aa.online-metrix.net 35.156.183.71
0 www.netflix.com Failed 35.156.183.71
0 mhtml.blink Failed 35.156.183.71
18 6

This site contains links to these domains. Also see Links.

Domain
www.netflix.com
help.netflix.com
Subject Issuer Validity Valid
acessando-contassl0.dns.army
R3		 2022-07-21 -
2022-10-19		 3 months crt.sh
*.1.nflxso.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-27 -
2022-07-29		 a month crt.sh
*.d.aa.online-metrix.net
Trustwave Organization Validation SHA256 CA, Level 1		 2022-02-23 -
2023-03-27		 a year crt.sh
secured.netflix.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-11 -
2023-02-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://35.156.183.71/pagamento.html
Frame ID: DF0EE51F6A60B78B4E0E34C537D05EA7
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Netflix

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

18
Requests

78 %
HTTPS

25 %
IPv6

4
Domains

6
Subdomains

5
IPs

2
Countries

747 kB
Transfer

2076 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=0a04b491-475e-47cc-b05c-2bdb6c2aa842&m=2 HTTP 302
  • https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=0a04b491-475e-47cc-b05c-2bdb6c2aa842&k=1

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request pagamento.html
35.156.183.71/ 		16 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://35.156.183.71/pagamento.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.156.183.71 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-156-183-71.eu-central-1.compute.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
cd0f249968e75d025fd0d5c3fa4a4789c621b20539cc982d61d6161901ccbef4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
4984
Content-Type
text/html
Date
Fri, 22 Jul 2022 13:09:31 GMT
ETag
"3f8b-5e44592bcad55-gzip"
Keep-Alive
timeout=5, max=100
Last-Modified
Thu, 21 Jul 2022 00:12:29 GMT
Server
Apache/2.4.29 (Ubuntu)
Vary
Accept-Encoding
css-4af8bc85-1ce5-4620-b43e-0c87c1f8a88b@mhtml.blink
/ 		0
0
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-vcec1d133/js/js/bootstrap.js,common%7Cbootstrap.js/2/4R034p4o4b4q05474y4Q070q004S4t4A4r4K4e4z4m4C4g4f0b024N4l/bck/true/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-vcec1d133/js/js/bootstrap.js,common%7Cbootstrap.js/2/4R034p4o4b4q05474y4Q070q004S4t4A4r4K4e4z4m4C4g4f0b024N4l/bck/true/none
Requested by
Host: 35.156.183.71
URL: https://35.156.183.71/pagamento.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
c01afef739ad9a8d74e4aa603713f52ee42210a89543f86adb7fa2d9e3a04466
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://35.156.183.71/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Fri, 22 Jul 2022 13:09:31 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=16070400
req_id
7a1b3d0e-a71b-4961-ab1f-1715f0bf885a
Connection
keep-alive
Timing-Allow-Origin
https://www.netflix.com
Content-Length
3629
Expires
Tue, 24 Jan 2023 13:09:31 GMT
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-vcec1d133/js/js/signup%7Csimplicity%7CsimpleSignupClient.js/2/4R034p4o4b4q05474y4Q070q004S4t4A4r4K4e4z4m4C4g4f0b024N4l/l/true/ 		2 MB
455 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-vcec1d133/js/js/signup%7Csimplicity%7CsimpleSignupClient.js/2/4R034p4o4b4q05474y4Q070q004S4t4A4r4K4e4z4m4C4g4f0b024N4l/l/true/none
Requested by
Host: 35.156.183.71
URL: https://35.156.183.71/pagamento.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
bb49f95d0605a60ce929973438b01ec365e16ba7d4cfae4474cd54e7934781b6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://35.156.183.71/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Fri, 22 Jul 2022 13:09:31 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=16070400
req_id
071717f5-af79-4c24-ae49-41b162036cc8
Connection
keep-alive
Timing-Allow-Origin
https://www.netflix.com
Content-Length
465214
Expires
Tue, 24 Jan 2023 13:09:31 GMT
WebsiteDetect
www.netflix.com/personalization/cl2/freeform/ 		0
0
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-vcec1d133/css/css/less%7Ccore%7Cerror-page.less/1/wGyO3xKi9FLN/none/true/ 		20 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-vcec1d133/css/css/less%7Ccore%7Cerror-page.less/1/wGyO3xKi9FLN/none/true/none
Requested by
Host: 35.156.183.71
URL: https://35.156.183.71/pagamento.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
c92decd92a0491b9fdc651bd8a19b3ddc80dd869d507834aaaf7568b2a8f56db
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://35.156.183.71/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Fri, 22 Jul 2022 13:09:31 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Content-Type
text/css; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=16070400
req_id
868a84a6-da2b-42e0-8002-335c128502fd
Connection
keep-alive
Timing-Allow-Origin
https://www.netflix.com
Content-Length
4688
Expires
Tue, 24 Jan 2023 13:09:31 GMT
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-vcec1d133/css/css/less%7Cpages%7Csignup%7Csimplicity%7Csimplicity.less/1/wGyO3xKi9FLN/none/true/ 		257 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-vcec1d133/css/css/less%7Cpages%7Csignup%7Csimplicity%7Csimplicity.less/1/wGyO3xKi9FLN/none/true/none
Requested by
Host: 35.156.183.71
URL: https://35.156.183.71/pagamento.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
b96694bf82ec1bbc8bcbae7103682af5a0532f69cacac5b4ba5147c657ab7b10
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://35.156.183.71/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Fri, 22 Jul 2022 13:09:31 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Content-Type
text/css; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=16070400
req_id
d562ecd1-bab2-43a7-a4f4-a8507de887cb
Connection
keep-alive
Timing-Allow-Origin
https://www.netflix.com
Content-Length
42035
Expires
Tue, 24 Jan 2023 13:09:31 GMT
clear.png
lg9m47phhsdv5jzqqhvefvj6wvvitlpl6rgadbjh9b2a69f8f1e128cfsac.d.aa.online-metrix.net/fp/ 		81 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lg9m47phhsdv5jzqqhvefvj6wvvitlpl6rgadbjh9b2a69f8f1e128cfsac.d.aa.online-metrix.net/fp/clear.png?org_id=lg9m47ph&session_id=31659c4e-fefb-4826-8b5a-ecd6ebebc9b1&nonce=9b2a69f8f1e128cf&pageid=2128&di=yes
Requested by
Host: 35.156.183.71
URL: https://35.156.183.71/pagamento.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.225.158.3 , United States, ASN30286 (THM, US),
Reverse DNS
d.aa.online-metrix.net
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://35.156.183.71/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 22 Jul 2022 13:09:32 GMT
X-Content-Type-Options
nosniff
Server
Apache
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
close
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
visa.svg
assets.nflxext.com//ffe/siteui/acquisition/payment/svg/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.nflxext.com//ffe/siteui/acquisition/payment/svg/visa.svg
Requested by
Host: 35.156.183.71
URL: https://35.156.183.71/pagamento.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
98351a35f23312c149c5fd1431b3a8d6df7d5975f2fde233957918b2f7dc3abd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://35.156.183.71/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Fri, 22 Jul 2022 13:09:31 GMT
Last-Modified
Wed, 10 Jul 2019 23:52:28 GMT
Server
nginx
Content-MD5
Mva4pPj+HeMw2Op1a0IYIg==
Content-Type
image/svg+xml
Cache-Control
max-age=604801
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2025
Expires
Fri, 29 Jul 2022 13:09:32 GMT
mastercard.svg
assets.nflxext.com//ffe/siteui/acquisition/payment/svg/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.nflxext.com//ffe/siteui/acquisition/payment/svg/mastercard.svg
Requested by
Host: 35.156.183.71
URL: https://35.156.183.71/pagamento.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
d58ace4a499345d17fa2758de064ae44388f74e89f064b2a5794841e75b913f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://35.156.183.71/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Fri, 22 Jul 2022 13:09:31 GMT
Last-Modified
Wed, 10 Jul 2019 23:52:28 GMT
Server
nginx
Content-MD5
O8HePKC9pfrtTH4eEub65g==
Content-Type
image/svg+xml
Cache-Control
max-age=604801
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8612
Expires
Fri, 29 Jul 2022 13:09:32 GMT
amex.svg
assets.nflxext.com//ffe/siteui/acquisition/payment/svg/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.nflxext.com//ffe/siteui/acquisition/payment/svg/amex.svg
Requested by
Host: 35.156.183.71
URL: https://35.156.183.71/pagamento.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
8ba1ccdf3062f0b12b673c4f6822e315e813a057b2581036403ea24d3bc05506

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://35.156.183.71/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Fri, 22 Jul 2022 13:09:31 GMT
Last-Modified
Wed, 10 Jul 2019 23:52:28 GMT
Server
nginx
Content-MD5
5kwiHep63R5tjvoJpw7mYQ==
Content-Type
image/svg+xml
Cache-Control
max-age=604801
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7433
Expires
Fri, 29 Jul 2022 13:09:32 GMT
elo.svg
assets.nflxext.com//ffe/siteui/acquisition/payment/svg/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.nflxext.com//ffe/siteui/acquisition/payment/svg/elo.svg
Requested by
Host: 35.156.183.71
URL: https://35.156.183.71/pagamento.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
f8874b325bb8bddd0e7bb51fc6c7264d6ef8af430c70ec22f2f561dd4a10ed85

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://35.156.183.71/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Fri, 22 Jul 2022 13:09:31 GMT
Last-Modified
Wed, 10 Jul 2019 23:52:28 GMT
Server
nginx
Content-MD5
Pf67sbfdIOmQstW1iG3FZw==
Content-Type
image/svg+xml
Cache-Control
max-age=604801
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3287
Expires
Fri, 29 Jul 2022 13:09:32 GMT
hipercard.svg
assets.nflxext.com//ffe/siteui/acquisition/payment/svg/ 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.nflxext.com//ffe/siteui/acquisition/payment/svg/hipercard.svg
Requested by
Host: 35.156.183.71
URL: https://35.156.183.71/pagamento.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
84f0691ff963a94b675bd3bdfe5cd25f01d5964459cdfeb0131bd97bc3dfa2ac

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://35.156.183.71/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Fri, 22 Jul 2022 13:09:31 GMT
Last-Modified
Fri, 12 Jul 2019 17:01:06 GMT
Server
nginx
Content-MD5
sxBtewmakvv79H0TeZaVgg==
Content-Type
image/svg+xml
Cache-Control
max-age=604801
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
35885
Expires
Fri, 29 Jul 2022 13:09:32 GMT
clear.png
secured.netflix.com/fp/
Redirect Chain
  • https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=0a04b491-475e-47cc-b05c-2bdb6c2aa842&m=2
  • https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=0a04b491-475e-47cc-b05c-2bdb6c2aa842&k=1
81 B
474 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=0a04b491-475e-47cc-b05c-2bdb6c2aa842&k=1
Requested by
Host: 35.156.183.71
URL: https://35.156.183.71/pagamento.html
Protocol
HTTP/1.1
Server
185.32.241.65 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://35.156.183.71/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 22 Jul 2022 13:09:31 GMT
X-Content-Type-Options
nosniff
Server
Apache
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=99
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Fri, 22 Jul 2022 13:09:31 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000
P3P
CP=IVAa PSAa
Location
https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=0a04b491-475e-47cc-b05c-2bdb6c2aa842&k=1
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
Keep-Alive
timeout=2, max=100
Content-Length
300
NetflixSans_W_Rg.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ 		52 KB
52 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Rg.woff2
Requested by
Host: codex.nflxext.com
URL: https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-vcec1d133/css/css/less%7Ccore%7Cerror-page.less/1/wGyO3xKi9FLN/none/true/none
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167

Request headers

Referer
https://codex.nflxext.com/
Origin
https://35.156.183.71
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Fri, 22 Jul 2022 13:09:31 GMT
Last-Modified
Thu, 17 Jan 2019 20:16:30 GMT
Server
nginx
Content-MD5
C/MXfx/tbZUxeCIfukPH6A==
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=604801
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
53304
Expires
Fri, 29 Jul 2022 13:09:32 GMT
clear.png
secured.netflix.com/fp/ 		81 B
474 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=0a04b491-475e-47cc-b05c-2bdb6c2aa842&m=1
Requested by
Host: 35.156.183.71
URL: https://35.156.183.71/pagamento.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.32.241.65 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://35.156.183.71/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 22 Jul 2022 13:09:31 GMT
X-Content-Type-Options
nosniff
Server
Apache
Strict-Transport-Security
max-age=31536000
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=98
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
NetflixSans_W_Md.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ 		53 KB
53 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Md.woff2
Requested by
Host: codex.nflxext.com
URL: https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-vcec1d133/css/css/less%7Ccore%7Cerror-page.less/1/wGyO3xKi9FLN/none/true/none
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e

Request headers

Referer
https://codex.nflxext.com/
Origin
https://35.156.183.71
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Fri, 22 Jul 2022 13:09:31 GMT
Last-Modified
Thu, 17 Jan 2019 20:16:30 GMT
Server
nginx
Content-MD5
6naZIbDPpPxtTRouCx+l/w==
Content-Type
font/woff2
Access-Control-Allow-Origin
*
Cache-Control
max-age=604801
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
53940
Expires
Fri, 29 Jul 2022 13:09:32 GMT
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ 		72 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
Requested by
Host: codex.nflxext.com
URL: https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-vcec1d133/css/css/less%7Cpages%7Csignup%7Csimplicity%7Csimplicity.less/1/wGyO3xKi9FLN/none/true/none
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Request headers

Referer
https://codex.nflxext.com/
Origin
https://35.156.183.71
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36

Response headers

Date
Fri, 22 Jul 2022 13:09:31 GMT
Last-Modified
Mon, 29 Jan 2018 01:50:51 GMT
Server
nginx
Content-MD5
fPYVbMSBJEtaJUNi17c/AA==
Content-Type
font/woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=604801
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
73572
Expires
Fri, 29 Jul 2022 13:09:32 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mhtml.blink
URL
cid:css-4af8bc85-1ce5-4620-b43e-0c87c1f8a88b@mhtml.blink
Domain
www.netflix.com
URL
https://www.netflix.com/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=signupSimplicity-planSelectionWithContext

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

1 Cookies

Domain/Path Name / Value
secured.netflix.com/ Name: thx_guid
Value: b81bdb22672f487d8a3dc1b6121ba307

4 Console Messages

Source Level URL
Text
network error URL: cid:css-4af8bc85-1ce5-4620-b43e-0c87c1f8a88b@mhtml.blink
Message:
Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
security error URL: https://35.156.183.71/pagamento.html
Message:
Refused to apply style from 'https://www.netflix.com/personalization/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=signupSimplicity-planSelectionWithContext' because its MIME type ('') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
javascript warning URL: https://35.156.183.71/pagamento.html
Message:
The resource https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-vcec1d133/js/js/signup%7Csimplicity%7CsimpleSignupClient.js/2/4R034p4o4b4q05474y4Q070q004S4t4A4r4K4e4z4m4C4g4f0b024N4l/l/true/none was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://35.156.183.71/pagamento.html
Message:
The resource https://codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-vcec1d133/js/js/bootstrap.js,common%7Cbootstrap.js/2/4R034p4o4b4q05474y4Q070q004S4t4A4r4K4e4z4m4C4g4f0b024N4l/bck/true/none was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.