urlscan.io logo urlscan.io
SecurityTrails logo

promo3meses-netflix.site Open in urlscan Pro
172.67.178.189  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://promo3meses-netflix.site/
Effective URL: https://promo3meses-netflix.site/br
Submission Tags: @ecarlesi possiblethreat phishing netflix Search All
Submission: On August 09 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 172.67.178.189, located in United States and belongs to CLOUDFLARENET, US. The main domain is promo3meses-netflix.site.
TLS certificate: Issued by WE1 on August 9th 2024. Valid for: 3 months.
This is the only time promo3meses-netflix.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
2 11 172.67.178.189 13335 (CLOUDFLAR...)
1 104.17.25.14 13335 (CLOUDFLAR...)
1 2a04:4e42:200... 54113 (FASTLY)
11 4
Apex Domain
Subdomains		 Transfer
11 promo3meses-netflix.site
promo3meses-netflix.site
2 MB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 410
20 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336
27 KB
11 3
Domain Requested by
11 promo3meses-netflix.site 2 redirects promo3meses-netflix.site
cdnjs.cloudflare.com
1 cdn.jsdelivr.net promo3meses-netflix.site
1 cdnjs.cloudflare.com promo3meses-netflix.site
11 3

This site contains links to these domains. Also see Links.

Domain
www.onetrust.com
Subject Issuer Validity Valid
promo3meses-netflix.site
WE1		 2024-08-09 -
2024-11-07		 3 months crt.sh
cdnjs.cloudflare.com
WE1		 2024-07-31 -
2024-10-29		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh

This page contains 2 frames:

Primary Page: https://promo3meses-netflix.site/br
Frame ID: 5F676A9A03E98DDED59B0CABA0CB1EEA
Requests: 22 HTTP requests in this frame

Frame: https://promo3meses-netflix.site/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/main.js
Frame ID: 05721A71C55224A081773FD7AC4DA423
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Netflix Brasil - assistir a séries online, assistir a filmes online

Page URL History Show full URLs

  1. https://promo3meses-netflix.site/ HTTP 302
    https://promo3meses-netflix.site/br Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /npm/sweetalert2@([\d.]+)
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

11
Requests

91 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

2183 kB
Transfer

4209 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://promo3meses-netflix.site/ HTTP 302
    https://promo3meses-netflix.site/br Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • https://promo3meses-netflix.site/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://promo3meses-netflix.site/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/main.js

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request br
promo3meses-netflix.site/
Redirect Chain
  • https://promo3meses-netflix.site/
  • https://promo3meses-netflix.site/br
3 MB
2 MB 		Document
General
Check archive.org
Download Go to
Full URL
https://promo3meses-netflix.site/br
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.178.189 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.1.29
Resource Hash
ccf111653e673f40eb05d6e1acacc49a2e78175356c3460f2c090bde3fc747ed

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8b061af46d36526c-MXP
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 09 Aug 2024 07:41:42 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2BQ4dgXRi3%2Fm4ffoQI3RZ10WGbuxqJ2fgRv3cPuOOdPtko7qdnn8YbLe20zzqTJeM5kDSVD36u4yUuQZz3g5IM3%2FWw004UfPMOiQ5tWBikmUhP2Axq8iYx0XdnK4yLrYiIm5TazV0lKAOSk%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/8.1.29

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8b061af1d85b526c-MXP
content-type
text/html; charset=UTF-8
date
Fri, 09 Aug 2024 07:41:42 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kF24cR8ic0e9ewYDQCB3%2FMQBEafuD4XeNvMfJbmtKamvfkn8hkt2defQREbzvV9VnZEe7SqpZjDKDZB2qB%2FWGYAfzBuNT41q0eNB7f8cbt5R%2FpaZXEXfe%2B3bi5MByJTUp7RJcp9x5gA6H4s%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.1.29
truncated
/ 		394 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
77666f993ea7dde7aeea942766c8fddd0c531a6bc7f1f63c9880cb33f439492d

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		52 KB
52 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167

Request headers

Referer
Origin
https://promo3meses-netflix.site
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		11 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b68ea2c7bea397aa11fadb189ce7d83862baebaf03ece643eb5aa9fb5f755056

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		54 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eaa7941cbc06d30c54d52c6d3272a7549d45a23baf7405c6712d97904692da9d

Request headers

Referer
Origin
https://promo3meses-netflix.site
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		53 KB
53 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e

Request headers

Referer
Origin
https://promo3meses-netflix.site
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ 		134 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
81cf64888a7b3f6848b09695b034026d9ad685665b91d54597ecbb6197c6acbb

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		248 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3c9b69316d945274ad1aa9a29f181f8853fec110d44027f5bd06ed3ffa3124ac

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		48 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
492fdebd363e40cbba153a244bcfe2a7f5f7cf20aff0805fe45d5c7e2180b875

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		20 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e1fa26cc34fda574edc01d09e374d6f10735a3fa621bdde87c104ee15453d4b6

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		272 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6e43a8bb3f972ef0b96dc5e7b24340934646fb8932bda39a8feea67cbbe3e145

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
675dd7b68acf580f893bec532f5b260b8f984b67734a9a6831334b2ff4aad384

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
application/octet-stream
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		22 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4f99e4c2ed1c2b7de72f47102c64d601567f8efaad5944a08c86786cad4050e6

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ 		85 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: promo3meses-netflix.site
URL: https://promo3meses-netflix.site/br
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://promo3meses-netflix.site/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 09 Aug 2024 07:41:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1347913
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27433
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-1538f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d7WRpDtPiS9uB2C8ScGm%2Fs%2BY1Mo23cymJ%2BmxSRLEiopwE7MS4JCuKtWCUvXUIU0Y%2FMJvQ%2FtjecAC6blEXkmtbUosMbMWd9%2BX2rswndJG9nlHDySg39ePwLkSdreKzui9emjNqzw8"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8b061b06ac780e13-MXP
expires
Wed, 30 Jul 2025 07:41:45 GMT
jquery.mask.min.js
promo3meses-netflix.site/public/_js/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promo3meses-netflix.site/public/_js/jquery.mask.min.js
Requested by
Host: promo3meses-netflix.site
URL: https://promo3meses-netflix.site/br
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.178.189 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f830833b6661d5fb63e23d3d245e91edc7c52aa547ca19eca7c91c7570483975

Request headers

Referer
https://promo3meses-netflix.site/br
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 09 Aug 2024 07:41:45 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 09 Aug 2024 06:44:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"66b5bae3-12fc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0GL9mrveUrzeD%2B4zTcHYbk4%2F4s2Y7pfJmbsG72z2PD5SuJrecG2C7fufbWunbXki679apTvyslUUanG%2BTv58SD1yYmOvUc9MtL3fKYqmdWEjU7PxspLPzvn4INfOaUEOqZ46pMuJeSVEAac%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=315360000
cf-ray
8b061b055abe526c-MXP
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
base.js
promo3meses-netflix.site/public/_js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promo3meses-netflix.site/public/_js/base.js
Requested by
Host: promo3meses-netflix.site
URL: https://promo3meses-netflix.site/br
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.178.189 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2cd30c6533db15d58ffb5044ad8c664d3dc8f9588e12fe1a8923273d7773c44

Request headers

Referer
https://promo3meses-netflix.site/br
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 09 Aug 2024 07:41:45 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 09 Aug 2024 06:44:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"66b5bae3-156c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xO9UJZMp2H%2B6NfnsbMhUwEjYObeutsHiYjoKN9v3CYvTtMm1FrVoYkB97G2WAQheQb%2BIDxon%2Bkdr3LtgGjZFc8CheHhU%2Bb4ADLIDY26a6zUJMXJmK4aEZCcN%2BfPsb1fhVZvrshCviW7GB8k%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=315360000
cf-ray
8b061b055ac8526c-MXP
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
online.js
promo3meses-netflix.site/public/_js/ 		581 B
794 B 		Script
General
Check archive.org
Download Go to
Full URL
https://promo3meses-netflix.site/public/_js/online.js
Requested by
Host: promo3meses-netflix.site
URL: https://promo3meses-netflix.site/br
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.178.189 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a093aae6d2bc873dcd58b98a618493902b779d5ba4d757efbd46a3f2b506e7e

Request headers

Referer
https://promo3meses-netflix.site/br
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 09 Aug 2024 07:41:45 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Fri, 09 Aug 2024 06:44:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"66b5bae2-245"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=27S0p14qFlCsUhoDUvfetpqzTv6vXH6YO4zQtgqEoVldnLLaK5V%2FeajFOiePM%2BlkolN2D9wOSk8nMEsJmgotaCdkWjfOxySP8me0GEDFs4ld8MLvLM8Upi1EPFNxJB%2Fjld6yzVm28AxwsNw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=315360000
cf-ray
8b061b055acb526c-MXP
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
sweetalert2@11
cdn.jsdelivr.net/npm/ 		75 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/sweetalert2@11
Requested by
Host: promo3meses-netflix.site
URL: https://promo3meses-netflix.site/br
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ad3ab4c622eed4d8f0e66077932dc3661a48e5685876436541b19751cd128ba1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo3meses-netflix.site/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 09 Aug 2024 07:41:45 GMT
x-content-type-options
nosniff
content-encoding
br
age
11883
x-jsd-version
11.12.4
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
19565
x-served-by
cache-fra-eddf8230029-FRA, cache-mxp6948-MXP
x-jsd-version-type
version
etag
W/"12da3-ovl4d0ysiwlhvi1Tg4NELKs9OyA"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
main.js
promo3meses-netflix.site/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/ Frame 0572
Redirect Chain
  • https://promo3meses-netflix.site/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://promo3meses-netflix.site/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/main.js?
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promo3meses-netflix.site/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/main.js?
Protocol
H3
Server
172.67.178.189 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5421b98477323305c6a40590e955e4bd65ba3a840d7a8cd144a82aefd01703a4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 09 Aug 2024 07:41:45 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oOyNffzW%2BAOlhV4bEtrMRw8VPAMBQo1Q%2FlH8GMUFcDSaGdRJhwv0b0UsNxiSlIM5f%2BbxvQRVHOltuS%2BO61L5mgxSiH%2F2%2FxBiCoFkGk4Fae2XMnrX6S61mANf9PmBCM8U%2BVZU4p%2Btx7FtrFo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray
8b061b092970526c-MXP
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Fri, 09 Aug 2024 07:41:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KLuVBIzCpIiC%2FBq%2BgF6AGYtIua9qTdY7hDM5iRLjKuC6F3VcLSXC18kvpQpP5ly6ZyFE737PrilmA2%2BIzCkAkJsRC5L0GM8NuH7s90GPN64bik%2BH1KKZiYawLdIsrTyfhZoz63OJnVB7mbE%3D"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/main.js?
access-control-allow-origin
*
cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray
8b061b08b8a7526c-MXP
alt-svc
h3=":443"; ma=86400
content-length
0
8b061af46d36526c
promo3meses-netflix.site/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 0572 		0
704 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://promo3meses-netflix.site/cdn-cgi/challenge-platform/h/g/jsd/r/8b061af46d36526c
Requested by
Host: promo3meses-netflix.site
URL: https://promo3meses-netflix.site/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.178.189 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 09 Aug 2024 07:41:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A6Rwg4GaD6ROZcmah%2FhmjmFAeM8XwJuof5nMqORUaBf35XHwJCkuvw%2BJNBIyH%2FKw9h%2BN25PzOG7OUW1zMtuoBKHHkk2TwD8LGfum2shGyufcnv9SuEF7L5fPQKLX7TFfSpntmKy0pT6cdnA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
8b061b0b3ce2526c-MXP
alt-svc
h3=":443"; ma=86400
content-length
0
online.php
promo3meses-netflix.site/public/_php/ 		12 B
519 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://promo3meses-netflix.site/public/_php/online.php
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.178.189 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.1.29
Resource Hash
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://promo3meses-netflix.site/br
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 09 Aug 2024 07:41:49 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.1.29
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H7dbohximEATvGVAQ9SMNAL3UwDEeHRmS4zpOjp%2BI%2BOrDlfQsVhILwtR3Tznwj%2FLaFXaxjrSAdUXiy7eFTsGoMORszluirizRQI%2BnBiz1B3NhQRobVs3OQA1j%2BkM8KcddVaSshO9ijpqwgA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
8b061b217a28526c-MXP
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
online.php
promo3meses-netflix.site/public/_php/ 		12 B
519 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://promo3meses-netflix.site/public/_php/online.php
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.178.189 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.1.29
Resource Hash
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://promo3meses-netflix.site/br
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 09 Aug 2024 07:41:53 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.1.29
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MJQuG9B8EOuaG4UXfMy1x2T7f5YDAes8x%2BmleHS1WmN9IXEoIIjG6jrb0R4D%2FIxUyXE8MrOtgFHrEz1x9rM8OFE%2F%2BjKGx8o0Pp4vp%2BelKs0pZyzPWDeGfsp2agWKmoxsHDxy75Hc326wO0M%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
8b061b3a4d2d526c-MXP
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
online.php
promo3meses-netflix.site/public/_php/ 		12 B
516 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://promo3meses-netflix.site/public/_php/online.php
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.178.189 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.1.29
Resource Hash
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://promo3meses-netflix.site/br
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 09 Aug 2024 07:41:57 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.1.29
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cuo0akDusWf39uCUXwcJwiUF9Btz6kryFkR3VMuFsew5fzPL2cx7dz3clbonZVvaMQ%2B27u5AXbCB5PXKuziEz7uGhoDzxi%2FseN5IgBKuTQZ9HqSxEGbZlaLW4bH1%2Bx5fwsLZ55zpWnzNkOg%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
8b061b53387e526c-MXP
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery string| message function| clickIE function| clickNS function| disableselect function| reEnable function| mascaraMike function| pulacampo function| desfocaCampo function| SomenteNumero function| checkCard function| verificarCPF function| sendTime function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal

2 Cookies

Domain/Path Name / Value
promo3meses-netflix.site/ Name: PHPSESSID
Value: 1vjt7f90h7m4o5pmquu65gccm6
.promo3meses-netflix.site/ Name: cf_clearance
Value: gIfQpKVjcW9Kr7gvHJZmNtEiwsbavw8evaVNVWzMgxg-1723189306-1.0.1.1-3dOXOmcmaqErr6c4RrRxgLggx4YCbeQq.xThZh0x6VC4ZZvP3atrmFjoUwdn2wxl_dBhjyIxBY06_2LdIA8yuQ

1 Console Messages

Source Level URL
Text
deprecation warning URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js(Line 1)
Message:
Listener added for a 'DOMNodeInserted' mutation event. This event type is deprecated, and will be removed from this browser VERY soon. Usage of this event listener will cause performance issues today, and represents a large risk of imminent site breakage. Consider using MutationObserver instead. See https://chromestatus.com/feature/5083947249172480 for more information.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
promo3meses-netflix.site
104.17.25.14
172.67.178.189
2a04:4e42:200::485
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
3c9b69316d945274ad1aa9a29f181f8853fec110d44027f5bd06ed3ffa3124ac
492fdebd363e40cbba153a244bcfe2a7f5f7cf20aff0805fe45d5c7e2180b875
4f99e4c2ed1c2b7de72f47102c64d601567f8efaad5944a08c86786cad4050e6
5421b98477323305c6a40590e955e4bd65ba3a840d7a8cd144a82aefd01703a4
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
675dd7b68acf580f893bec532f5b260b8f984b67734a9a6831334b2ff4aad384
6e43a8bb3f972ef0b96dc5e7b24340934646fb8932bda39a8feea67cbbe3e145
77666f993ea7dde7aeea942766c8fddd0c531a6bc7f1f63c9880cb33f439492d
81cf64888a7b3f6848b09695b034026d9ad685665b91d54597ecbb6197c6acbb
9a093aae6d2bc873dcd58b98a618493902b779d5ba4d757efbd46a3f2b506e7e
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e
a2cd30c6533db15d58ffb5044ad8c664d3dc8f9588e12fe1a8923273d7773c44
ad3ab4c622eed4d8f0e66077932dc3661a48e5685876436541b19751cd128ba1
b68ea2c7bea397aa11fadb189ce7d83862baebaf03ece643eb5aa9fb5f755056
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167
ccf111653e673f40eb05d6e1acacc49a2e78175356c3460f2c090bde3fc747ed
e1fa26cc34fda574edc01d09e374d6f10735a3fa621bdde87c104ee15453d4b6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaa7941cbc06d30c54d52c6d3272a7549d45a23baf7405c6712d97904692da9d
f830833b6661d5fb63e23d3d245e91edc7c52aa547ca19eca7c91c7570483975