oferta-vip.org Open in urlscan Pro
160.153.133.212 Malicious Activity! Public Scan

URL:
http://oferta-vip.org/
Submission: On March 28 via api (March 28th 2020, 3:51:17 pm UTC) from BR

Summary HTTP 15 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 5 domains to perform 15 HTTP transactions. The main IP is 160.153.133.212, located in Scottsdale, United States and belongs to GODADDY-AMS, DE. The main domain is oferta-vip.org.

This is the only time oferta-vip.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
5	160.153.133.212 160.153.133.212	21501 (GODADDY-AMS) (GODADDY-AMS)
3	2a00:86c0:209... 2a00:86c0:2090::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
2	2a00:86c0:209... 2a00:86c0:2091::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
1 2	74.50.51.79 74.50.51.79	36024 (AS-TIERP-...) (AS-TIERP-36024)
1	2a02:26f0:170... 2a02:26f0:1700:1b1::33c4	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a01:578:3::2... 2a01:578:3::22f8:3baf	16509 (AMAZON-02) (AMAZON-02)
15	7

5 160.153.133.212 (Scottsdale, United States)

ASN21501 (GODADDY-AMS, DE)
PTR: ip-160-153-133-212.ip.secureserver.net

oferta-vip.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:86c0:2090::1 (United Kingdom)

ASN40027 (NETFLIX-ASN, US)

codex.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:86c0:2091::1 (United Kingdom)

ASN40027 (NETFLIX-ASN, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.50.51.79 (United States) 1 redirects

ASN36024 (AS-TIERP-36024, US)

ethn.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:1700:1b1::33c4 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

adtech.nflximg.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a01:578:3::22f8:3baf (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

www.netflix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	nflxext.com codex.nflxext.com assets.nflxext.com	451 KB
5	oferta-vip.org oferta-vip.org	27 KB
2	ethn.io 1 redirects ethn.io	1 KB
2	netflix.com www.netflix.com Failed	2 KB
1	nflximg.net adtech.nflximg.net
15	5

	Domain	Requested by
5	oferta-vip.org	oferta-vip.org codex.nflxext.com
3	codex.nflxext.com	oferta-vip.org
2	ethn.io	1 redirects
2	assets.nflxext.com	oferta-vip.org
2	www.netflix.com	oferta-vip.org codex.nflxext.com
1	adtech.nflximg.net	codex.nflxext.com
15	6

This site contains links to these domains. Also see Links.

Domain
help.netflix.com
www.netflix.com
media.netflix.com
ir.netflix.com
jobs.netflix.com
fast.com

Subject Issuer	Validity	Valid
*.1.nflxso.net DigiCert SHA2 Secure Server CA	`2020-03-07` - `2020-04-07`	a month	crt.sh
*.ethn.io Let's Encrypt Authority X3	`2020-03-26` - `2020-06-24`	3 months	crt.sh
assets.nflxext.com DigiCert SHA2 Secure Server CA	`2020-02-19` - `2022-02-19`	2 years	crt.sh
www.netflix.com DigiCert SHA2 Secure Server CA	`2020-01-13` - `2022-01-13`	2 years	crt.sh

This page contains 2 frames:

Primary Page: http://oferta-vip.org/
Frame ID: EC19928010F47C8DEC269C9F686F6D21
Requests: 14 HTTP requests in this frame

Frame: https://adtech.nflximg.net/adtech_iframe_target_03.html?data=%7B%22is_member%22%3A%22anonymous%22%2C%22membership_status%22%3A%22NON_REGISTERED_MEMBER%22%2C%22session%22%3A%22n%2Fa%22%2C%22country%22%3A%22BR%22%2C%22referrer%22%3A%22nmLanding%22%2C%22source%22%3A%22%22%2C%22fbaId%22%3A%22ce9b7a2a-2a73-42ff-9787-ebc9581b4e2f%22%7D
Frame ID: 6776DB2006BBD03AA54331C1F8795459
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

15
Requests

60 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

4
Countries

481 kB
Transfer

663 kB
Size

0
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://help.netflix.com/support/412
Title: Perguntas frequentes

Search URL Search Domain Scan URL

URL: https://help.netflix.com/
Title: Centro de ajuda

Search URL Search Domain Scan URL

URL: https://www.netflix.com/youraccount
Title: Conta

Search URL Search Domain Scan URL

URL: https://media.netflix.com/
Title: Imprensa

Search URL Search Domain Scan URL

URL: http://ir.netflix.com/
Title: Relações com investidores

Search URL Search Domain Scan URL

URL: https://jobs.netflix.com/jobs
Title: Carreiras

Search URL Search Domain Scan URL

URL: https://www.netflix.com/redeem
Title: Cartão pré-pago

Search URL Search Domain Scan URL

URL: https://www.netflix.com/watch
Title: Formas de assistir

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/termsofuse
Title: Termos de uso

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/privacy
Title: Privacidade

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/privacy#cookies
Title: Preferências de cookies

Search URL Search Domain Scan URL

URL: https://help.netflix.com/pt/node/2101
Title: Informações corporativas

Search URL Search Domain Scan URL

URL: https://help.netflix.com/contactus
Title: Entre em contato

Search URL Search Domain Scan URL

URL: https://fast.com/
Title: Teste de velocidade

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/notices
Title: Avisos legais

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

http://ethn.io/mob/12798.js?guid=7PLAMI4OXRCOLP7HJHDGVG6Q3I HTTP 301
https://ethn.io/mob/12798.js?guid=7PLAMI4OXRCOLP7HJHDGVG6Q3I

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
oferta-vip.org/ 71 KB
25 KB 73ms
43ms Document
text/html 160.153.133.212
GODADDY-AMS

General

Check archive.org

Show headers Download Go to

Full URL: http://oferta-vip.org/
Protocol: HTTP/1.1
Server: 160.153.133.212 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS: ip-160-153-133-212.ip.secureserver.net
Software: Apache /
Resource Hash: c3d5126c791375ccca246b131f3362854fb15399d640951500ea83cb6d48b48c

Request headers

Host: oferta-vip.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 28 Mar 2020 15:50:56 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Tue, 26 Jun 2018 07:44:12 GMT
ETag: "1be014b-11b12-56f86aa004b00-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 25659
Keep-Alive: timeout=5
Content-Type: text/html

GET
H/1.1 200
OK none Show response
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-1c8ae6bf/js/js/bootstrap.js,common%7Cbootstrap.js/1/7523/bck/true/ 13 KB
5 KB 154ms
127ms Script
application/javascript 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-1c8ae6bf/js/js/bootstrap.js,common%7Cbootstrap.js/1/7523/bck/true/none

Requested by

Host: oferta-vip.org
URL: http://oferta-vip.org/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2090::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

c3c87eb0d62265af3b2c77b38add55585deb9af71dac05351a959319292e46f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://oferta-vip.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sat, 28 Mar 2020 15:50:56 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=16070400
req_id: 8c0fa385-22b1-4ff6-b2d1-868f1aaaf678
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Expires: Wed, 30 Sep 2020 15:50:56 GMT

GET
H/1.1 200
OK none Show response
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-1c8ae6bf/js/js/signup%7Chome%7Clite%7Cclient.js/1/7523/l/true/ 59 KB
19 KB 144ms
115ms Script
application/javascript 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-1c8ae6bf/js/js/signup%7Chome%7Clite%7Cclient.js/1/7523/l/true/none

Requested by

Host: oferta-vip.org
URL: http://oferta-vip.org/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2090::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

9d3f87c529d20599d9d32389ce2ff04b133d63db18983b6f52dc4141bf7f0637

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://oferta-vip.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sat, 28 Mar 2020 15:50:56 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=16070400
req_id: b1b2c0ce-65a6-4915-ac75-708aa3d5a771
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Expires: Wed, 30 Sep 2020 15:50:56 GMT

GET WebsiteDetect
www.netflix.com/ichnaea/cl2/freeform/ 0
0

GET
H/1.1 200
OK none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-css-1c8ae6bf/css/css/less%7Cpages%7Chome%7Cconcord.less/2/0A0O050I0a0H0S0V0P0J0N0U0Z/none/true/ 111 KB
17 KB 119ms
97ms Stylesheet
text/css 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-css-1c8ae6bf/css/css/less%7Cpages%7Chome%7Cconcord.less/2/0A0O050I0a0H0S0V0P0J0N0U0Z/none/true/none

Requested by

Host: oferta-vip.org
URL: http://oferta-vip.org/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a00:86c0:2090::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

e25acdc8906ee5fd65e5906da6adc6b5e9f5e8d8067450c6a74ec72279537190

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://oferta-vip.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Sat, 28 Mar 2020 15:50:56 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=16070400
req_id: 2afee101-9b3b-4248-ae1a-dd2c83932608
Connection: keep-alive
Timing-Allow-Origin: https://www.netflix.com
Content-Length: 17404
Expires: Wed, 30 Sep 2020 13:24:37 GMT

GET
H/1.1 200
OK BR-pt-20180618-popsignuptwoweeks-perspective_alpha_website_large.jpg
assets.nflxext.com/ffe/siteui/vlv3/b6bfb2e7-d3a4-41a6-abc0-6a02edb739ba/19326c36-3c30-4596-95b5-f429476cb7ac/ 337 KB
338 KB 271ms
255ms Image
image/jpeg 2a00:86c0:2091::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/vlv3/b6bfb2e7-d3a4-41a6-abc0-6a02edb739ba/19326c36-3c30-4596-95b5-f429476cb7ac/BR-pt-20180618-popsignuptwoweeks-perspective_alpha_website_large.jpg
Requested by: Host: oferta-vip.org
URL: http://oferta-vip.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 009d4b3e2fb9344f35ea3680edd7808c242936a516e81c2e054e654a9f2dabb0

Request headers

Referer: http://oferta-vip.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Sat, 28 Mar 2020 15:50:56 GMT
Last-Modified: Wed, 20 Jun 2018 13:08:24 GMT
Server: nginx
Content-MD5: OX3fWZohpIkkIQSiz1u+8A==
Content-Type: image/jpeg
Cache-Control: public, max-age=1570144
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 345377
Expires: Wed, 15 Apr 2020 20:00:00 GMT

GET
H/1.1 404
Not Found asset_TV_UI.png
oferta-vip.org/assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/ 315 B
315 B 22ms
21ms Image
text/html 160.153.133.212
GODADDY-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://oferta-vip.org/assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/asset_TV_UI.png
Requested by: Host: oferta-vip.org
URL: http://oferta-vip.org/
Protocol: HTTP/1.1
Server: 160.153.133.212 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS: ip-160-153-133-212.ip.secureserver.net
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer: http://oferta-vip.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 28 Mar 2020 15:50:56 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found asset_mobile_tablet_UI_2.png
oferta-vip.org/assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/ 315 B
315 B 21ms
21ms Image
text/html 160.153.133.212
GODADDY-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://oferta-vip.org/assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/asset_mobile_tablet_UI_2.png
Requested by: Host: oferta-vip.org
URL: http://oferta-vip.org/
Protocol: HTTP/1.1
Server: 160.153.133.212 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS: ip-160-153-133-212.ip.secureserver.net
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer: http://oferta-vip.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 28 Mar 2020 15:50:56 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found asset_website_UI.png
oferta-vip.org/assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/ 315 B
315 B 21ms
21ms Image
text/html 160.153.133.212
GODADDY-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://oferta-vip.org/assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/asset_website_UI.png
Requested by: Host: oferta-vip.org
URL: http://oferta-vip.org/
Protocol: HTTP/1.1
Server: 160.153.133.212 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS: ip-160-153-133-212.ip.secureserver.net
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer: http://oferta-vip.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 28 Mar 2020 15:50:56 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ 72 KB
72 KB 24ms
7ms Font
font/woff 2a00:86c0:2091::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
Requested by: Host: oferta-vip.org
URL: http://oferta-vip.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2091::1 , United Kingdom, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Request headers

Referer: https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-css-1c8ae6bf/css/css/less%7Cpages%7Chome%7Cconcord.less/2/0A0O050I0a0H0S0V0P0J0N0U0Z/none/true/none
Origin: http://oferta-vip.org
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 28 Mar 2020 15:50:56 GMT
Last-Modified: Mon, 29 Jan 2018 01:50:51 GMT
Server: nginx
Content-MD5: fPYVbMSBJEtaJUNi17c/AA==
Content-Type: font/woff
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=6621670
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 73572
Expires: Wed, 15 Apr 2020 20:00:00 GMT

GET
H/1.1

200
OK

12798.js Show response
ethn.io/mob/
Redirect Chain

http://ethn.io/mob/12798.js?guid=7PLAMI4OXRCOLP7HJHDGVG6Q3I
https://ethn.io/mob/12798.js?guid=7PLAMI4OXRCOLP7HJHDGVG6Q3I

0
771 B

669ms
386ms

Script
text/javascript

74.50.51.79
AS-TIERP-36024

General

Check archive.org

Show headers Download Go to

Full URL

https://ethn.io/mob/12798.js?guid=7PLAMI4OXRCOLP7HJHDGVG6Q3I

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

74.50.51.79 , United States, ASN36024 (AS-TIERP-36024, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' https: ; style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security	max-age=0;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 28 Mar 2020 15:50:57 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block
X-Request-Id: ad644c03-74f6-48fa-bfa5-066812253e8e
X-Runtime: 0.243747
Referrer-Policy: same-origin
Server: nginx
Vary: Accept-Encoding
Strict-Transport-Security: max-age=0;
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache
Feature-Policy: camera 'none'; geolocation 'none', microphone *
Content-Security-Policy: default-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' https: ; style-src 'self' https: 'unsafe-inline'

Redirect headers

Date: Sat, 28 Mar 2020 15:50:56 GMT
Referrer-Policy: same-origin
Server: nginx
Strict-Transport-Security: max-age=0;
Content-Type: text/html
Location: https://ethn.io/mob/12798.js?guid=7PLAMI4OXRCOLP7HJHDGVG6Q3I
Feature-Policy: camera 'none'; geolocation 'none', microphone *
Content-Security-Policy: default-src 'self' https: wss:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' https: ; style-src 'self' https: 'unsafe-inline'
Connection: keep-alive
Content-Length: 178

GET
H/1.1 404
Not Found WebsiteTTI Show response
oferta-vip.org/ichnaea/cl2/freeform/ 315 B
507 B 23ms
23ms XHR
text/html 160.153.133.212
GODADDY-AMS

General

Check archive.org

Show headers Download Go to

Full URL: http://oferta-vip.org/ichnaea/cl2/freeform/WebsiteTTI?source=www&timeToInteractive=231&firstByte=43&wire=18&domReady=231&docLoad=545&shakti=61&previousPage=0&navigateTTI=261
Requested by: Host: codex.nflxext.com
URL: https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-1c8ae6bf/js/js/signup%7Chome%7Clite%7Cclient.js/1/7523/l/true/none
Protocol: HTTP/1.1
Server: 160.153.133.212 Scottsdale, United States, ASN21501 (GODADDY-AMS, DE),
Reverse DNS: ip-160-153-133-212.ip.secureserver.net
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer: http://oferta-vip.org/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 28 Mar 2020 15:50:56 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK adtech_iframe_target_03.html
adtech.nflximg.net/ Frame 6776 0
0 39ms
8ms Document
text/html 2a02:26f0:1700:1b1::33c4
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://adtech.nflximg.net/adtech_iframe_target_03.html?data=%7B%22is_member%22%3A%22anonymous%22%2C%22membership_status%22%3A%22NON_REGISTERED_MEMBER%22%2C%22session%22%3A%22n%2Fa%22%2C%22country%22%3A%22BR%22%2C%22referrer%22%3A%22nmLanding%22%2C%22source%22%3A%22%22%2C%22fbaId%22%3A%22ce9b7a2a-2a73-42ff-9787-ebc9581b4e2f%22%7D
Requested by: Host: codex.nflxext.com
URL: https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-1c8ae6bf/js/js/signup%7Chome%7Clite%7Cclient.js/1/7523/l/true/none
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:1700:1b1::33c4 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

Host: adtech.nflximg.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: http://oferta-vip.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: http://oferta-vip.org/

Response headers

Accept-Ranges: bytes
Content-Type: text/html
ETag: "15ea117e697201fb35e5598e829da564:1473219202"
Last-Modified: Wed, 07 Sep 2016 03:33:19 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Sat, 28 Mar 2020 15:50:56 GMT
Content-Length: 1403
Connection: keep-alive

OPTIONS
H/1.1 200
OK cl2 Show response
www.netflix.com/ichnaea/ 0
1 KB 34ms
34ms XHR
text/plain 2a01:578:3::22f8:3baf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netflix.com/ichnaea/cl2

Requested by

Host: codex.nflxext.com
URL: https://codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-1c8ae6bf/js/js/signup%7Chome%7Clite%7Cclient.js/1/7523/l/true/none

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a01:578:3::22f8:3baf Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

clingest-secure i-088de3f8c31afd664 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block; report=https://www.netflix.com/ichnaea/log/freeform/xssreport

Request headers

Access-Control-Request-Method: POST
Origin: http://oferta-vip.org
Referer: http://oferta-vip.org/
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type

Response headers

Date: Sat, 28 Mar 2020 15:50:57 GMT
Via: 1.1 i-0a2c92608dd637c10 (eu-west-1)
X-Content-Type-Options: nosniff
X-Netflix_proxy_execution-time: 4
Connection: keep-alive
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Length: 0
X-Xss-Protection: 1; mode=block; report=https://www.netflix.com/ichnaea/log/freeform/xssreport
Allow: GET, POST, OPTIONS
Server: clingest-secure i-088de3f8c31afd664
X-Netflix_nfstatus: 1_1
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Originating-URL: https://www.netflix.com/ichnaea/cl2
Access-Control-Allow-Origin: http://oferta-vip.org
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Cookie,X-Netflix.application.name,X-Netflix.application.version,X-Netflix.esn,X-Netflix.device.type,X-Netflix.certification.version,X-Netflix.request.uuid,X-Netflix.user.id,X-Netflix.oauth.consumer.key,X-Netflix.oauth.token,X-Netflix.ichnaea.request.type,debugRequest

POST
H/1.1 200
OK cl2 Show response
www.netflix.com/ichnaea/ 0
1 KB 54ms
54ms XHR
text/plain 2a01:578:3::22f8:3baf
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netflix.com/ichnaea/cl2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a01:578:3::22f8:3baf Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

clingest-secure i-0a8aaf2854f2b1cd7 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: http://oferta-vip.org/
Origin: http://oferta-vip.org
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/json

Response headers

Date: Sat, 28 Mar 2020 15:50:57 GMT
Via: 1.1 i-09dacc9362abdc286 (eu-west-1)
X-Content-Type-Options: nosniff
X-Netflix_proxy_execution-time: 24
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Allow: GET, POST, OPTIONS
Server: clingest-secure i-0a8aaf2854f2b1cd7
X-Frame-Options: DENY
X-Netflix_nfstatus: 1_1
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Originating-URL: https://www.netflix.com/ichnaea/cl2
Access-Control-Allow-Origin: http://oferta-vip.org
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
X-Ichnaea: ~0=true~RL=0
Access-Control-Allow-Headers: Authorization,Content-Type,Accept,Cookie,X-Netflix.application.name,X-Netflix.application.version,X-Netflix.esn,X-Netflix.device.type,X-Netflix.certification.version,X-Netflix.request.uuid,X-Netflix.user.id,X-Netflix.oauth.consumer.key,X-Netflix.oauth.token,X-Netflix.ichnaea.request.type,debugRequest
Expires: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.netflix.com
URL: https://www.netflix.com/ichnaea/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=nmLanding

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adtech.nflximg.net
assets.nflxext.com
codex.nflxext.com
ethn.io
oferta-vip.org
www.netflix.com
www.netflix.com
160.153.133.212
2a00:86c0:2090::1
2a00:86c0:2091::1
2a01:578:3::22f8:3baf
2a02:26f0:1700:1b1::33c4
74.50.51.79
009d4b3e2fb9344f35ea3680edd7808c242936a516e81c2e054e654a9f2dabb0
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
9d3f87c529d20599d9d32389ce2ff04b133d63db18983b6f52dc4141bf7f0637
c3c87eb0d62265af3b2c77b38add55585deb9af71dac05351a959319292e46f2
c3d5126c791375ccca246b131f3362854fb15399d640951500ea83cb6d48b48c
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e25acdc8906ee5fd65e5906da6adc6b5e9f5e8d8067450c6a74ec72279537190
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

oferta-vip.org Open in urlscan Pro 160.153.133.212 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

15 Requests

60 %HTTPS

67 %IPv6

5 Domains

6 Subdomains

7 IPs

4 Countries

481 kBTransfer

663 kBSize

0 Cookies

15 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

oferta-vip.org Open in urlscan Pro
160.153.133.212 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

60 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

7
IPs

4
Countries

481 kB
Transfer

663 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!