promo3meses-netflix.site
Open in
urlscan Pro
172.67.178.189
Malicious Activity!
Public Scan
Effective URL: https://promo3meses-netflix.site/br
Submission Tags: @ecarlesi possiblethreat phishing netflix Search All
Submission: On August 09 via api from IT — Scanned from IT
Summary
TLS certificate: Issued by WE1 on August 9th 2024. Valid for: 3 months.
This is the only time promo3meses-netflix.site was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 11 | 172.67.178.189 172.67.178.189 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:200... 2a04:4e42:200::485 | 54113 (FASTLY) (FASTLY) | |
11 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
promo3meses-netflix.site
2 redirects
promo3meses-netflix.site |
2 MB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 410 |
20 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 336 |
27 KB |
11 | 3 |
Domain | Requested by | |
---|---|---|
11 | promo3meses-netflix.site |
2 redirects
promo3meses-netflix.site
cdnjs.cloudflare.com |
1 | cdn.jsdelivr.net |
promo3meses-netflix.site
|
1 | cdnjs.cloudflare.com |
promo3meses-netflix.site
|
11 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.onetrust.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
promo3meses-netflix.site WE1 |
2024-08-09 - 2024-11-07 |
3 months | crt.sh |
cdnjs.cloudflare.com WE1 |
2024-07-31 - 2024-10-29 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3 |
2024-07-30 - 2025-08-31 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://promo3meses-netflix.site/br
Frame ID: 5F676A9A03E98DDED59B0CABA0CB1EEA
Requests: 22 HTTP requests in this frame
Frame:
https://promo3meses-netflix.site/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/main.js
Frame ID: 05721A71C55224A081773FD7AC4DA423
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
Netflix Brasil - assistir a séries online, assistir a filmes onlinePage URL History Show full URLs
-
https://promo3meses-netflix.site/
HTTP 302
https://promo3meses-netflix.site/br Page URL
Detected technologies
SweetAlert2 (JavaScript Libraries) ExpandDetected patterns
- /npm/sweetalert2@([\d.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://promo3meses-netflix.site/
HTTP 302
https://promo3meses-netflix.site/br Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 18- https://promo3meses-netflix.site/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://promo3meses-netflix.site/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/main.js
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
br
promo3meses-netflix.site/ Redirect Chain
|
3 MB 2 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
394 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
52 KB 52 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
11 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
54 KB 54 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
53 KB 53 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
134 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
248 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
48 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
20 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
272 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
16 KB 16 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
22 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ |
85 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.mask.min.js
promo3meses-netflix.site/public/_js/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
base.js
promo3meses-netflix.site/public/_js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
online.js
promo3meses-netflix.site/public/_js/ |
581 B 794 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sweetalert2@11
cdn.jsdelivr.net/npm/ |
75 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
promo3meses-netflix.site/cdn-cgi/challenge-platform/h/g/scripts/jsd/769ce3c24a3b/ Frame 0572 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
8b061af46d36526c
promo3meses-netflix.site/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 0572 |
0 704 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
online.php
promo3meses-netflix.site/public/_php/ |
12 B 519 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
online.php
promo3meses-netflix.site/public/_php/ |
12 B 519 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
online.php
promo3meses-netflix.site/public/_php/ |
12 B 516 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| $ function| jQuery string| message function| clickIE function| clickNS function| disableselect function| reEnable function| mascaraMike function| pulacampo function| desfocaCampo function| SomenteNumero function| checkCard function| verificarCPF function| sendTime function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
promo3meses-netflix.site/ | Name: PHPSESSID Value: 1vjt7f90h7m4o5pmquu65gccm6 |
|
.promo3meses-netflix.site/ | Name: cf_clearance Value: gIfQpKVjcW9Kr7gvHJZmNtEiwsbavw8evaVNVWzMgxg-1723189306-1.0.1.1-3dOXOmcmaqErr6c4RrRxgLggx4YCbeQq.xThZh0x6VC4ZZvP3atrmFjoUwdn2wxl_dBhjyIxBY06_2LdIA8yuQ |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
promo3meses-netflix.site
104.17.25.14
172.67.178.189
2a04:4e42:200::485
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
3c9b69316d945274ad1aa9a29f181f8853fec110d44027f5bd06ed3ffa3124ac
492fdebd363e40cbba153a244bcfe2a7f5f7cf20aff0805fe45d5c7e2180b875
4f99e4c2ed1c2b7de72f47102c64d601567f8efaad5944a08c86786cad4050e6
5421b98477323305c6a40590e955e4bd65ba3a840d7a8cd144a82aefd01703a4
587fa9763e3d74ded3b64a843905f5541690582aad4976207e03743a7fb5f70e
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
675dd7b68acf580f893bec532f5b260b8f984b67734a9a6831334b2ff4aad384
6e43a8bb3f972ef0b96dc5e7b24340934646fb8932bda39a8feea67cbbe3e145
77666f993ea7dde7aeea942766c8fddd0c531a6bc7f1f63c9880cb33f439492d
81cf64888a7b3f6848b09695b034026d9ad685665b91d54597ecbb6197c6acbb
9a093aae6d2bc873dcd58b98a618493902b779d5ba4d757efbd46a3f2b506e7e
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e
a2cd30c6533db15d58ffb5044ad8c664d3dc8f9588e12fe1a8923273d7773c44
ad3ab4c622eed4d8f0e66077932dc3661a48e5685876436541b19751cd128ba1
b68ea2c7bea397aa11fadb189ce7d83862baebaf03ece643eb5aa9fb5f755056
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167
ccf111653e673f40eb05d6e1acacc49a2e78175356c3460f2c090bde3fc747ed
e1fa26cc34fda574edc01d09e374d6f10735a3fa621bdde87c104ee15453d4b6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaa7941cbc06d30c54d52c6d3272a7549d45a23baf7405c6712d97904692da9d
f830833b6661d5fb63e23d3d245e91edc7c52aa547ca19eca7c91c7570483975