www.netflixpromocao.com Open in urlscan Pro
187.17.111.100  Malicious Activity! Public Scan

URL: https://www.netflixpromocao.com/
Submission: On April 26 via automatic, source certstream-suspicious

Summary

This website contacted 7 IPs in 5 countries across 5 domains to perform 22 HTTP transactions. The main IP is 187.17.111.100, located in Brazil and belongs to Universo Online S.A., BR. The main domain is www.netflixpromocao.com.
TLS certificate: Issued by RapidSSL RSA CA 2018 on March 10th 2020. Valid for: a year.
This is the only time www.netflixpromocao.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
7 187.17.111.100 7162 (Universo ...)
4 2a00:86c0:209... 40027 (NETFLIX-ASN)
7 2a00:86c0:209... 40027 (NETFLIX-ASN)
1 74.50.51.79 36024 (AS-TIERP-...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a01:578:3::3... 16509 (AMAZON-02)
22 7
Domain Requested by
7 assets.nflxext.com www.netflixpromocao.com
7 www.netflixpromocao.com www.netflixpromocao.com
codex.nflxext.com
4 codex.nflxext.com www.netflixpromocao.com
1 www.netflix.com codex.nflxext.com
1 adtech.nflximg.net codex.nflxext.com
1 ethn.io codex.nflxext.com
22 6

This site contains links to these domains. Also see Links.

Domain
help.netflix.com
media.netflix.com
ir.netflix.com
jobs.netflix.com
fast.com
Subject Issuer Validity Valid
*.sslblindado.com
RapidSSL RSA CA 2018
2020-03-10 -
2021-04-09
a year crt.sh
*.1.nflxso.net
DigiCert SHA2 Secure Server CA
2020-03-30 -
2020-05-03
a month crt.sh
*.ethn.io
Let's Encrypt Authority X3
2020-03-26 -
2020-06-24
3 months crt.sh
assets.nflxext.com
DigiCert SHA2 Secure Server CA
2020-02-19 -
2022-02-19
2 years crt.sh
www.netflix.com
DigiCert SHA2 Secure Server CA
2020-01-13 -
2022-01-13
2 years crt.sh

This page contains 2 frames:

Primary Page: https://www.netflixpromocao.com/
Frame ID: 116490C0A6BC052A1BF2563689D5BF65
Requests: 21 HTTP requests in this frame

Frame: https://adtech.nflximg.net/adtech_iframe_target_03.html?data=%7B%22is_member%22%3A%22anonymous%22%2C%22membership_status%22%3A%22NON_REGISTERED_MEMBER%22%2C%22session%22%3A%22n%2Fa%22%2C%22country%22%3A%22BR%22%2C%22referrer%22%3A%22nmLanding%22%2C%22source%22%3A%22%22%2C%22fbaId%22%3A%22c3366e14-4b5b-4e47-8582-949c9b998b68%22%7D
Frame ID: 1D7E6C3538DDB1FE8F8ED69508476621
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

22
Requests

64 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

5
Countries

1520 kB
Transfer

2525 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.netflixpromocao.com/
75 KB
29 KB
Document
General
Full URL
https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
187.17.111.100 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS
Software
Apache /
Resource Hash
a8cf73e0efa7c2ecbe6dcf6c97c5c196f8aa5628d1d8045e1ebaccad882490f8

Request headers

Host
www.netflixpromocao.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:23 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Server
Apache
Last-Modified
Sun, 26 Apr 2020 21:42:25 GMT
ETag
W/"12b7e-5a43879625368"
X-App-Status
1
X-Cache-Status
BYPASS
Content-Encoding
gzip
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-2c7537e4/js/js/bootstrap.js,common%7Cbootstrap.js/1/7523/bck/true/
13 KB
5 KB
Script
General
Full URL
https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-2c7537e4/js/js/bootstrap.js,common%7Cbootstrap.js/1/7523/bck/true/none
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
afa3b430ee8a6246aedd184f8985cdc3a7f7875916069aa239529145612ca6ab
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=16070400
req_id
86cadeab-6fc4-4b69-a528-244ae1e6e4ed
Connection
keep-alive
Timing-Allow-Origin
https://www.netflix.com
Expires
Thu, 29 Oct 2020 21:45:24 GMT
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-2c7537e4/js/js/signup%7Chome%7Clite%7Cclient.js/1/7523/l/true/
56 KB
19 KB
Script
General
Full URL
https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-2c7537e4/js/js/signup%7Chome%7Clite%7Cclient.js/1/7523/l/true/none
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
f0a3177373d0c8fa03b36aa0703dccf226b92f49966931e89078d28be42d8e27
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=16070400
req_id
0aef0579-535e-4ef3-ae48-e7369b71e2c2
Connection
keep-alive
Timing-Allow-Origin
https://www.netflix.com
Expires
Thu, 29 Oct 2020 21:45:24 GMT
WebsiteDetect
www.netflixpromocao.com/ichnaea/cl2/freeform/
0
0
Stylesheet
General
Full URL
https://www.netflixpromocao.com/ichnaea/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=nmLanding
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
187.17.111.100 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Content-Encoding
gzip
Server
Apache
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=iso-8859-1
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-css-2c7537e4/css/css/less%7Cpages%7Chome%7Cconcord.less/2/0A0O050I0a0x0H0S0V0P0J0T0N0U0Z/none/true/
113 KB
18 KB
Stylesheet
General
Full URL
https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-css-2c7537e4/css/css/less%7Cpages%7Chome%7Cconcord.less/2/0A0O050I0a0x0H0S0V0P0J0T0N0U0Z/none/true/none
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
bfdb2a632303a57a5a1584695d14b221b331a72330ae481f4f99e1fb06be7642
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/css; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=16070400
req_id
988b971c-6649-4601-b919-a933bebd2eae
Connection
keep-alive
Timing-Allow-Origin
https://www.netflix.com
Expires
Thu, 29 Oct 2020 21:45:24 GMT
BR-pt-20180625-popsignuptwoweeks-perspective_alpha_website_large.jpg
assets.nflxext.com/ffe/siteui/vlv3/93fa7994-c6b3-499f-9b3d-33f43756bff6/d821aaba-b7f2-42cf-abc0-7830d41448e3/
332 KB
332 KB
Image
General
Full URL
https://assets.nflxext.com/ffe/siteui/vlv3/93fa7994-c6b3-499f-9b3d-33f43756bff6/d821aaba-b7f2-42cf-abc0-7830d41448e3/BR-pt-20180625-popsignuptwoweeks-perspective_alpha_website_large.jpg
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
bd57513511b15cd1cec2f0cd1665cce454075d77ed000e3e598ed84a22720f14

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Last-Modified
Wed, 27 Jun 2018 13:03:11 GMT
Server
nginx
Content-MD5
17fJvPfShgdlcI/jNxYgdA==
Content-Type
image/jpeg
Cache-Control
public, max-age=14400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
339504
Expires
Mon, 27 Apr 2020 01:45:24 GMT
asset_cancelanytime_withdevice.png
assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/
169 KB
170 KB
Image
General
Full URL
https://assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/asset_cancelanytime_withdevice.png
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
d0a1d3ab0e60382d7cd4c92eea1d6381b9b71b5c403a95877d67fff18ac6779d

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Last-Modified
Wed, 07 Dec 2016 21:25:37 GMT
Server
nginx
Content-MD5
+rJbw3hnB2ahDh7DdxKUXg==
Content-Type
image/png
Cache-Control
public, max-age=6619870
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
173496
Expires
Wed, 15 Apr 2020 20:00:00 GMT
asset_TV_UI.png
assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/
242 KB
242 KB
Image
General
Full URL
https://assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/asset_TV_UI.png
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
103646e75938c72c1e14b79899b6a6ae8050f255a35fefadae283e55b2b48127

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Last-Modified
Thu, 06 Aug 2015 17:39:00 GMT
Server
nginx
Content-MD5
n5EgO3w3SlkN1yfDI9W23A==
Content-Type
image/png
Cache-Control
public, max-age=6617679
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
247810
Expires
Wed, 15 Apr 2020 20:00:00 GMT
asset_mobile_tablet_UI_2.png
assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/
119 KB
120 KB
Image
General
Full URL
https://assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/asset_mobile_tablet_UI_2.png
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
55bc0f00df3c8622dc3ea9146aadf47791ea0730f1a98f452f4843366bc894b9

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Last-Modified
Fri, 02 Dec 2016 17:50:02 GMT
Server
nginx
Content-MD5
3JhtgZwFPethgKNDIK8piA==
Content-Type
image/png
Cache-Control
public, max-age=2496777
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
122232
Expires
Wed, 15 Apr 2020 20:00:00 GMT
asset_website_UI.png
assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/
170 KB
170 KB
Image
General
Full URL
https://assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/asset_website_UI.png
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
fcb40d090bcfa2ef6b71c945cc84cb6c339b8b5b053df9e7d759961257dd9b8d

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Last-Modified
Thu, 06 Aug 2015 17:39:00 GMT
Server
nginx
Content-MD5
ZsfB+1txst6v+Sm7zTus9w==
Content-Type
image/png
Cache-Control
public, max-age=5071458
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
174061
Expires
Wed, 15 Apr 2020 20:00:00 GMT
WebsiteDetect
www.netflixpromocao.com/ichnaea/cl2/freeform/
232 B
410 B
XHR
General
Full URL
https://www.netflixpromocao.com/ichnaea/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=js&modalView=nmLanding
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
187.17.111.100 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS
Software
Apache /
Resource Hash
4ef6df9c29c255e89084e042da329adf6c8f4e9af1c3b58b7cf8d76a67b576da

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Content-Encoding
gzip
Server
Apache
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=iso-8859-1
WebsiteScreen
www.netflixpromocao.com/ichnaea/cl2/freeform/
232 B
410 B
XHR
General
Full URL
https://www.netflixpromocao.com/ichnaea/cl2/freeform/WebsiteScreen?source=wwwhead&fetchType=js&winw=1600&winh=1200&screenw=1600&screenh=1200&ratio=1
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
187.17.111.100 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS
Software
Apache /
Resource Hash
34aa2eb8c6cb57d732a0e738f0034a5b321c8dcb991fa654e393f52a8cd37e26

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Content-Encoding
gzip
Server
Apache
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=iso-8859-1
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-js-2c7537e4/js/js/signup%7Csimplicity%7CsimpleSignupClient.js/2/gy0ogqg3g14Bg50B0t4vgagx0s0P01gzg94Jgcg60ygogl4Fgbf-ge4H4G0ngt/l/true/
1 MB
340 KB
XHR
General
Full URL
https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-js-2c7537e4/js/js/signup%7Csimplicity%7CsimpleSignupClient.js/2/gy0ogqg3g14Bg50B0t4vgagx0s0P01gzg94Jgcg60ygogl4Fgbf-ge4H4G0ngt/l/true/none
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2090::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
ecc5ddfc71b0a01cb154f09f311357345c222f164cc343820b313a6df591c618
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
nginx
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=16070400
req_id
b13fe45b-03f6-4e38-a7c1-6c50f7513c3b
Connection
keep-alive
Timing-Allow-Origin
https://www.netflix.com
Expires
Thu, 29 Oct 2020 21:45:24 GMT
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-css-2c7537e4/css/css/less%7Cpages%7Csignup%7Csimplicity%7Csimplicity.less/2/0A0O050I0a0x0H0S0V0P0J0T0N0U0Z/none/true/
0
0

chevron-right-whitespace.png
assets.nflxext.com/ffe/siteui/acquisition/home/
216 B
544 B
Image
General
Full URL
https://assets.nflxext.com/ffe/siteui/acquisition/home/chevron-right-whitespace.png
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
f91f9b912721d13e879269b58530a681c52ad1c33efc31903e61bf1e94f14ff1

Request headers

Referer
https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-css-2c7537e4/css/css/less%7Cpages%7Chome%7Cconcord.less/2/0A0O050I0a0x0H0S0V0P0J0T0N0U0Z/none/true/none
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Last-Modified
Thu, 31 May 2018 20:03:34 GMT
Server
nginx
Content-MD5
035eX9jZ41XxFze/yDsCbA==
Content-Type
image/png
Cache-Control
public, max-age=5071465
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
216
Expires
Wed, 15 Apr 2020 20:00:00 GMT
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/
72 KB
72 KB
Font
General
Full URL
https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-css-2c7537e4/css/css/less%7Cpages%7Chome%7Cconcord.less/2/0A0O050I0a0x0H0S0V0P0J0T0N0U0Z/none/true/none
Origin
https://www.netflixpromocao.com

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Last-Modified
Mon, 29 Jan 2018 01:50:51 GMT
Server
nginx
Content-MD5
fPYVbMSBJEtaJUNi17c/AA==
Content-Type
font/woff
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=13767383
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
73572
Expires
Wed, 15 Apr 2020 20:00:00 GMT
DebugEvent
www.netflixpromocao.com/ichnaea/cl2/freeform/
229 B
229 B
Image
General
Full URL
https://www.netflixpromocao.com/ichnaea/cl2/freeform/DebugEvent?source=www&action=cssSimplicityPrefetch&statusCode=0&startTime=1587937524408&endTime=1587937524640
Requested by
Host: www.netflixpromocao.com
URL: https://www.netflixpromocao.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
187.17.111.100 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS
Software
Apache /
Resource Hash
efbe94384f62a21a0a133eeca7b2a738b1d373aa88ebbebf16f1b6406dc41060

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:24 GMT
Content-Encoding
gzip
Server
Apache
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=iso-8859-1
12798.js
ethn.io/mob/
0
771 B
Script
General
Full URL
https://ethn.io/mob/12798.js?guid=4FHMV2M6YZA45CG3ROCJIWQBU4
Requested by
Host: codex.nflxext.com
URL: https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-2c7537e4/js/js/signup%7Chome%7Clite%7Cclient.js/1/7523/l/true/none
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.50.51.79 , United States, ASN36024 (AS-TIERP-36024, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' https: ; style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=0;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:25 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Request-Id
99ffcaa2-00b1-4f47-bd68-67a58a71df01
X-Runtime
0.013122
Referrer-Policy
same-origin
Server
nginx
Vary
Accept-Encoding
Strict-Transport-Security
max-age=0;
Content-Type
text/javascript; charset=utf-8
Cache-Control
no-cache
Feature-Policy
camera 'none'; geolocation 'none', microphone *
Content-Security-Policy
default-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' https: ; style-src 'self' https: 'unsafe-inline'
WebsiteTTI
www.netflixpromocao.com/ichnaea/cl2/freeform/
229 B
408 B
XHR
General
Full URL
https://www.netflixpromocao.com/ichnaea/cl2/freeform/WebsiteTTI?source=www&timeToInteractive=1231&firstByte=849&wire=6&domReady=1231&docLoad=1819&shakti=432&previousPage=0&navigateTTI=1456
Requested by
Host: codex.nflxext.com
URL: https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-2c7537e4/js/js/signup%7Chome%7Clite%7Cclient.js/1/7523/l/true/none
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
187.17.111.100 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS
Software
Apache /
Resource Hash
f0aa52a66b20cc6d1c47c093634b427b5d283fb3bc3a3773180d7d406776952e

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:25 GMT
Content-Encoding
gzip
Server
Apache
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=iso-8859-1
adtech_iframe_target_03.html
adtech.nflximg.net/ Frame 1D7E
0
0
Document
General
Full URL
https://adtech.nflximg.net/adtech_iframe_target_03.html?data=%7B%22is_member%22%3A%22anonymous%22%2C%22membership_status%22%3A%22NON_REGISTERED_MEMBER%22%2C%22session%22%3A%22n%2Fa%22%2C%22country%22%3A%22BR%22%2C%22referrer%22%3A%22nmLanding%22%2C%22source%22%3A%22%22%2C%22fbaId%22%3A%22c3366e14-4b5b-4e47-8582-949c9b998b68%22%7D
Requested by
Host: codex.nflxext.com
URL: https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-2c7537e4/js/js/signup%7Chome%7Clite%7Cclient.js/1/7523/l/true/none
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:297::33c4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash

Request headers

Host
adtech.nflximg.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.netflixpromocao.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.netflixpromocao.com/

Response headers

Accept-Ranges
bytes
Content-Type
text/html
ETag
"15ea117e697201fb35e5598e829da564:1473219202"
Last-Modified
Wed, 07 Sep 2016 03:33:19 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
Content-Encoding
gzip
Date
Sun, 26 Apr 2020 21:45:25 GMT
Content-Length
1403
Connection
keep-alive
DebugEvent
www.netflixpromocao.com/ichnaea/cl2/freeform/
229 B
229 B
Image
General
Full URL
https://www.netflixpromocao.com/ichnaea/cl2/freeform/DebugEvent?source=www&action=jsSimplicityPrefetch&statusCode=200&startTime=1587937524407&endTime=1587937525211
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
187.17.111.100 , Brazil, ASN7162 (Universo Online S.A., BR),
Reverse DNS
Software
Apache /
Resource Hash
efbe94384f62a21a0a133eeca7b2a738b1d373aa88ebbebf16f1b6406dc41060

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 26 Apr 2020 21:45:25 GMT
Content-Encoding
gzip
Server
Apache
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=iso-8859-1
cl2
www.netflix.com/ichnaea/
0
1 KB
XHR
General
Full URL
https://www.netflix.com/ichnaea/cl2
Requested by
Host: codex.nflxext.com
URL: https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-2c7537e4/js/js/signup%7Chome%7Clite%7Cclient.js/1/7523/l/true/none
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:578:3::3412:60e3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
clingest-secure i-05adf15f78d17c39a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.netflixpromocao.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

Date
Sun, 26 Apr 2020 21:45:25 GMT
Via
1.1 i-07b88cce8dba5ac24 (eu-west-1)
X-Content-Type-Options
nosniff
X-Netflix_proxy_execution-time
8
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Pragma
no-cache
Allow
GET, POST, OPTIONS
Server
clingest-secure i-05adf15f78d17c39a
X-Frame-Options
DENY
X-Netflix_nfstatus
1_1
Strict-Transport-Security
max-age=31536000
Access-Control-Allow-Methods
GET, POST, OPTIONS
X-Originating-URL
https://www.netflix.com/ichnaea/cl2
Access-Control-Allow-Origin
https://www.netflixpromocao.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
X-Ichnaea
~0=true~RL=0
Access-Control-Allow-Headers
Authorization,Content-Type,Accept,Cookie,X-Netflix.application.name,X-Netflix.application.version,X-Netflix.esn,X-Netflix.device.type,X-Netflix.certification.version,X-Netflix.request.uuid,X-Netflix.user.id,X-Netflix.oauth.consumer.key,X-Netflix.oauth.token,X-Netflix.ichnaea.request.type,debugRequest
Expires
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
codex.nflxext.com
URL
https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-css-2c7537e4/css/css/less%7Cpages%7Csignup%7Csimplicity%7Csimplicity.less/2/0A0O050I0a0x0H0S0V0P0J0T0N0U0Z/none/true/none

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| netflix object| Codex object| C object| global object| process object| __core-js_shared__

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adtech.nflximg.net
assets.nflxext.com
codex.nflxext.com
ethn.io
www.netflix.com
www.netflixpromocao.com
codex.nflxext.com
187.17.111.100
2a00:86c0:2090::1
2a00:86c0:2091::1
2a01:578:3::3412:60e3
2a02:26f0:6c00:297::33c4
74.50.51.79
103646e75938c72c1e14b79899b6a6ae8050f255a35fefadae283e55b2b48127
34aa2eb8c6cb57d732a0e738f0034a5b321c8dcb991fa654e393f52a8cd37e26
4ef6df9c29c255e89084e042da329adf6c8f4e9af1c3b58b7cf8d76a67b576da
55bc0f00df3c8622dc3ea9146aadf47791ea0730f1a98f452f4843366bc894b9
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
a8cf73e0efa7c2ecbe6dcf6c97c5c196f8aa5628d1d8045e1ebaccad882490f8
afa3b430ee8a6246aedd184f8985cdc3a7f7875916069aa239529145612ca6ab
bd57513511b15cd1cec2f0cd1665cce454075d77ed000e3e598ed84a22720f14
bfdb2a632303a57a5a1584695d14b221b331a72330ae481f4f99e1fb06be7642
d0a1d3ab0e60382d7cd4c92eea1d6381b9b71b5c403a95877d67fff18ac6779d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecc5ddfc71b0a01cb154f09f311357345c222f164cc343820b313a6df591c618
efbe94384f62a21a0a133eeca7b2a738b1d373aa88ebbebf16f1b6406dc41060
f0a3177373d0c8fa03b36aa0703dccf226b92f49966931e89078d28be42d8e27
f0aa52a66b20cc6d1c47c093634b427b5d283fb3bc3a3773180d7d406776952e
f91f9b912721d13e879269b58530a681c52ad1c33efc31903e61bf1e94f14ff1
fcb40d090bcfa2ef6b71c945cc84cb6c339b8b5b053df9e7d759961257dd9b8d