oferta-vip.org
Open in
urlscan Pro
160.153.133.212
Malicious Activity!
Public Scan
Submission: On March 28 via api from BR
Summary
This is the only time oferta-vip.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 160.153.133.212 160.153.133.212 | 21501 (GODADDY-AMS) (GODADDY-AMS) | |
3 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
2 | 2a00:86c0:209... 2a00:86c0:2091::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
1 2 | 74.50.51.79 74.50.51.79 | 36024 (AS-TIERP-...) (AS-TIERP-36024) | |
1 | 2a02:26f0:170... 2a02:26f0:1700:1b1::33c4 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a01:578:3::2... 2a01:578:3::22f8:3baf | 16509 (AMAZON-02) (AMAZON-02) | |
15 | 7 |
ASN21501 (GODADDY-AMS, DE)
PTR: ip-160-153-133-212.ip.secureserver.net
oferta-vip.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
nflxext.com
codex.nflxext.com assets.nflxext.com |
451 KB |
5 |
oferta-vip.org
oferta-vip.org |
27 KB |
2 |
ethn.io
1 redirects
ethn.io |
1 KB |
2 |
netflix.com
www.netflix.com Failed |
2 KB |
1 |
nflximg.net
adtech.nflximg.net |
|
15 | 5 |
Domain | Requested by | |
---|---|---|
5 | oferta-vip.org |
oferta-vip.org
codex.nflxext.com |
3 | codex.nflxext.com |
oferta-vip.org
|
2 | ethn.io | 1 redirects |
2 | assets.nflxext.com |
oferta-vip.org
|
2 | www.netflix.com |
oferta-vip.org
codex.nflxext.com |
1 | adtech.nflximg.net |
codex.nflxext.com
|
15 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
help.netflix.com |
www.netflix.com |
media.netflix.com |
ir.netflix.com |
jobs.netflix.com |
fast.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.1.nflxso.net DigiCert SHA2 Secure Server CA |
2020-03-07 - 2020-04-07 |
a month | crt.sh |
*.ethn.io Let's Encrypt Authority X3 |
2020-03-26 - 2020-06-24 |
3 months | crt.sh |
assets.nflxext.com DigiCert SHA2 Secure Server CA |
2020-02-19 - 2022-02-19 |
2 years | crt.sh |
www.netflix.com DigiCert SHA2 Secure Server CA |
2020-01-13 - 2022-01-13 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
http://oferta-vip.org/
Frame ID: EC19928010F47C8DEC269C9F686F6D21
Requests: 14 HTTP requests in this frame
Frame:
https://adtech.nflximg.net/adtech_iframe_target_03.html?data=%7B%22is_member%22%3A%22anonymous%22%2C%22membership_status%22%3A%22NON_REGISTERED_MEMBER%22%2C%22session%22%3A%22n%2Fa%22%2C%22country%22%3A%22BR%22%2C%22referrer%22%3A%22nmLanding%22%2C%22source%22%3A%22%22%2C%22fbaId%22%3A%22ce9b7a2a-2a73-42ff-9787-ebc9581b4e2f%22%7D
Frame ID: 6776DB2006BBD03AA54331C1F8795459
Requests: 1 HTTP requests in this frame
15 Outgoing links
These are links going to different origins than the main page.
Title: Perguntas frequentes
Search URL Search Domain Scan URL
Title: Centro de ajuda
Search URL Search Domain Scan URL
Title: Conta
Search URL Search Domain Scan URL
Title: Imprensa
Search URL Search Domain Scan URL
Title: Relações com investidores
Search URL Search Domain Scan URL
Title: Carreiras
Search URL Search Domain Scan URL
Title: Cartão pré-pago
Search URL Search Domain Scan URL
Title: Formas de assistir
Search URL Search Domain Scan URL
Title: Termos de uso
Search URL Search Domain Scan URL
Title: Privacidade
Search URL Search Domain Scan URL
Title: Preferências de cookies
Search URL Search Domain Scan URL
Title: Informações corporativas
Search URL Search Domain Scan URL
Title: Entre em contato
Search URL Search Domain Scan URL
Title: Teste de velocidade
Search URL Search Domain Scan URL
Title: Avisos legais
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- http://ethn.io/mob/12798.js?guid=7PLAMI4OXRCOLP7HJHDGVG6Q3I HTTP 301
- https://ethn.io/mob/12798.js?guid=7PLAMI4OXRCOLP7HJHDGVG6Q3I
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
oferta-vip.org/ |
71 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-1c8ae6bf/js/js/bootstrap.js,common%7Cbootstrap.js/1/7523/bck/true/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-nmhp-js-1c8ae6bf/js/js/signup%7Chome%7Clite%7Cclient.js/1/7523/l/true/ |
59 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
WebsiteDetect
www.netflix.com/ichnaea/cl2/freeform/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E2.0.0/truthBundle/webui/0.0.1-shakti-css-1c8ae6bf/css/css/less%7Cpages%7Chome%7Cconcord.less/2/0A0O050I0a0H0S0V0P0J0N0U0Z/none/true/ |
111 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BR-pt-20180618-popsignuptwoweeks-perspective_alpha_website_large.jpg
assets.nflxext.com/ffe/siteui/vlv3/b6bfb2e7-d3a4-41a6-abc0-6a02edb739ba/19326c36-3c30-4596-95b5-f429476cb7ac/ |
337 KB 338 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
asset_TV_UI.png
oferta-vip.org/assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
asset_mobile_tablet_UI_2.png
oferta-vip.org/assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
asset_website_UI.png
oferta-vip.org/assets.nflxext.com/ffe/siteui/acquisition/home/thisIsNetflix/modules/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ |
72 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
12798.js
ethn.io/mob/ Redirect Chain
|
0 771 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebsiteTTI
oferta-vip.org/ichnaea/cl2/freeform/ |
315 B 507 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
adtech_iframe_target_03.html
adtech.nflximg.net/ Frame 6776 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
cl2
www.netflix.com/ichnaea/ |
0 1 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
cl2
www.netflix.com/ichnaea/ |
0 1 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.netflix.com
- URL
- https://www.netflix.com/ichnaea/cl2/freeform/WebsiteDetect?source=wwwhead&fetchType=css&modalView=nmLanding
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| netflix object| Codex object| C object| global object| process object| __core-js_shared__0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
adtech.nflximg.net
assets.nflxext.com
codex.nflxext.com
ethn.io
oferta-vip.org
www.netflix.com
www.netflix.com
160.153.133.212
2a00:86c0:2090::1
2a00:86c0:2091::1
2a01:578:3::22f8:3baf
2a02:26f0:1700:1b1::33c4
74.50.51.79
009d4b3e2fb9344f35ea3680edd7808c242936a516e81c2e054e654a9f2dabb0
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
9d3f87c529d20599d9d32389ce2ff04b133d63db18983b6f52dc4141bf7f0637
c3c87eb0d62265af3b2c77b38add55585deb9af71dac05351a959319292e46f2
c3d5126c791375ccca246b131f3362854fb15399d640951500ea83cb6d48b48c
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e25acdc8906ee5fd65e5906da6adc6b5e9f5e8d8067450c6a74ec72279537190
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855