www.netflix20.ml
Open in
urlscan Pro
2a00:1450:4001:818::2013
Malicious Activity!
Public Scan
Submission: On July 08 via api from ES
Summary
TLS certificate: Issued by GTS CA 1D2 on July 6th 2020. Valid for: 3 months.
This is the only time www.netflix20.ml was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 2a00:1450:400... 2a00:1450:4001:818::2013 | 15169 (GOOGLE) (GOOGLE) | |
5 | 2a00:1450:400... 2a00:1450:4001:81e::2009 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::200a | 15169 (GOOGLE) (GOOGLE) | |
4 | 2a00:1450:400... 2a00:1450:4001:801::2010 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700:20:... 2606:4700:20::ac43:45d7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::200e | 15169 (GOOGLE) (GOOGLE) | |
3 | 2a00:1450:400... 2a00:1450:4001:818::2003 | 15169 (GOOGLE) (GOOGLE) | |
6 | 2606:4700:303... 2606:4700:3033::681f:51f5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 35.222.120.150 35.222.120.150 | 15169 (GOOGLE) (GOOGLE) | |
24 | 9 |
ASN15169 (GOOGLE, US)
www.blogger.com | |
resources.blogblog.com |
ASN15169 (GOOGLE, US)
storage.googleapis.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN15169 (GOOGLE, US)
PTR: 150.120.222.35.bc.googleusercontent.com
anthill.instapage.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
cldoffers.net
cldoffers.net |
4 KB |
5 |
googleapis.com
fonts.googleapis.com storage.googleapis.com |
114 KB |
4 |
blogger.com
www.blogger.com |
59 KB |
3 |
gstatic.com
fonts.gstatic.com |
33 KB |
2 |
netflix20.ml
www.netflix20.ml |
13 KB |
1 |
instapage.com
anthill.instapage.com |
280 B |
1 |
google-analytics.com
www.google-analytics.com |
18 KB |
1 |
blogblog.com
resources.blogblog.com |
611 B |
1 |
cpabuild.com
cpabuild.com |
6 KB |
24 | 9 |
Domain | Requested by | |
---|---|---|
6 | cldoffers.net |
cpabuild.com
|
4 | storage.googleapis.com |
www.netflix20.ml
|
4 | www.blogger.com |
www.netflix20.ml
|
3 | fonts.gstatic.com |
www.netflix20.ml
|
2 | www.netflix20.ml |
www.netflix20.ml
|
1 | anthill.instapage.com |
www.netflix20.ml
|
1 | www.google-analytics.com |
www.netflix20.ml
|
1 | resources.blogblog.com |
www.netflix20.ml
|
1 | cpabuild.com |
www.netflix20.ml
|
1 | fonts.googleapis.com |
www.netflix20.ml
|
24 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.blogger.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.netflix20.ml GTS CA 1D2 |
2020-07-06 - 2020-10-04 |
3 months | crt.sh |
*.blogger.com GTS CA 1O1 |
2020-06-17 - 2020-09-09 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-06-17 - 2020-09-09 |
3 months | crt.sh |
*.storage.googleapis.com GTS CA 1O1 |
2020-06-17 - 2020-09-09 |
3 months | crt.sh |
cpabuild.com Cloudflare Inc ECC CA-3 |
2020-07-03 - 2021-07-03 |
a year | crt.sh |
*.google.com GTS CA 1O1 |
2020-06-17 - 2020-09-09 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-06-17 - 2020-09-09 |
3 months | crt.sh |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2020-04-21 - 2020-10-09 |
6 months | crt.sh |
anthill.instapage.com Let's Encrypt Authority X3 |
2020-05-18 - 2020-08-16 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.netflix20.ml/
Frame ID: 3ED6680FF92AA3E7022CBE27797B2373
Requests: 23 HTTP requests in this frame
Frame:
https://cldoffers.net/public/offers/customTemplates.php?it=945098&w=1600&h=1200&key=d3553&m=0&r=
Frame ID: 19A47CDDA2F67CBCBD0070AAEE188F9B
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Blogger (Blogs) ExpandDetected patterns
- meta generator /^Blogger$/i
Python (Programming Languages) Expand
Detected patterns
- meta generator /^Blogger$/i
Java (Programming Languages) Expand
Detected patterns
- headers server /GSE/i
OpenGSE (Web Servers) Expand
Detected patterns
- headers server /GSE/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: GET NOW!
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Weitere Informationen
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.netflix20.ml/ |
37 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3455314004-widget_css_bundle.css
www.blogger.com/static/v1/widgets/ |
31 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
28 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
031a761e2b05d2bed213fd1f07412755.css
storage.googleapis.com/instapage-app-assets/425/ |
215 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a5cb880a745154a6a1a45f3465215dfd.js
storage.googleapis.com/instapage-app-assets/425/ |
201 KB 66 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
authorization.css
www.blogger.com/dyn-css/ |
1 B 665 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
13132213-0-netflix-logo.png
storage.googleapis.com/instapage-user-media/b2744156/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
locker.js
cpabuild.com/public/external/ |
22 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon18_wrench_allbkg.png
resources.blogblog.com/img/ |
475 B 611 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookienotice.js
www.netflix20.ml/js/ |
6 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2758729552-widgets.js
www.blogger.com/static/v1/widgets/ |
140 KB 51 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
45 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html.945098.d3553.0.js
cldoffers.net/public/external/v2/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_front.css
cldoffers.net/public/external/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
authorization.css
www.blogger.com/dyn-css/ |
1 B 88 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
visit
anthill.instapage.com/projects/56c2f3d796773d0a7e96a536/events/ |
35 B 280 B |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
cldoffers.net/public/clockers/MobileApps/ |
1010 B 419 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading_circle.svg
storage.googleapis.com/instapage-app-assets/img/ |
694 B 1001 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.php
cldoffers.net/public/external/ |
0 201 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
customTemplates.php
cldoffers.net/public/offers/ Frame 19A4 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
impression.php
cldoffers.net/public/external/ |
10 B 232 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)101 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| adsbygoogle string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| B64 function| base64_encode function| base64_decode function| FormErrorPosition function| InstapageFormController object| _form_controller function| MobileHelper function| $ function| jQuery function| Translate function| TranslateElement function| ijQuery function| ServerStorageLocal function| InstapageUniqueVisit function| moment number| page_version object| _Translate number| __page_id number| __version string| __variant boolean| __is_tablet string| __page_domain string| __instapage_services string| __instapage_proxy_services boolean| __preview boolean| __facebook number| __page_type number| __mobile_version object| jQuery11110938102818987788 function| is_new_mobile_visible function| iCopyKeenEvent function| iEncodePixelUrl function| iCreateTrackingPixel object| __conversions_settings object| CPABUILDSETTINGS object| CPABUILDContentLocker number| __cfRLUnblockHandlers function| CPBContentLocker function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| og_load function| CPABuildComplete function| call_locker function| BLOG_attachCsiOnload function| _WidgetManager function| _WidgetInfo function| widget_module_provide function| _AdSenseView function| _BlogArchiveView function| _AttributionView function| _BlogView function| _BlogListView function| _BlogSearchView function| _ContactFormView function| _ExampleView function| _FeaturedPostView function| _FeedView function| _FollowByEmailView function| _FollowersView function| _HeaderView function| _TextView function| _HTMLView function| _ImageView function| _LabelView function| _TextListView function| _LinkListView function| _BloggerButtonView function| _NavbarView function| _PageListView function| _PollView function| _PopularPostsView function| _ProfileView function| _RecentPostsView function| _ReportAbuseView function| _SharingView function| _StatsView function| _SubscribeView function| _SW_toggleReaderList function| _SW_hideReaderList function| _TranslateView function| _WikipediaView string| __wavt function| __gjsload__ object| cookieChoices object| _Mobile_helper object| __unique object| __keen_io_called_parameters number| r number| g number| b1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.netflix20.ml/ | Name: instapage-visit-4821868 Value: %7B%22A%22%3A%7B%22b%22%3A1%2C%22d%22%3A1594167473%7D%7D |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
anthill.instapage.com
cldoffers.net
cpabuild.com
fonts.googleapis.com
fonts.gstatic.com
resources.blogblog.com
storage.googleapis.com
www.blogger.com
www.google-analytics.com
www.netflix20.ml
2606:4700:20::ac43:45d7
2606:4700:3033::681f:51f5
2a00:1450:4001:800::200a
2a00:1450:4001:801::2010
2a00:1450:4001:808::200e
2a00:1450:4001:818::2003
2a00:1450:4001:818::2013
2a00:1450:4001:81e::2009
35.222.120.150
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
15b3fcc73003a15db7d41d2c0f6e03a432fe190c0da5603cbd71b5cc5111b6b8
1bf7206bd474b3bb85960531d6267d93df513ac645abe8fefab3b8ed4a8ffb67
25f654e30834688f9a468bfa5b0a90b6c54066dfce4c81a7975fedef029f5e13
267dae8c975546a1f326a7a069f81c3ec6b77f131ed55e0018ce76a9fbc93739
3efc61bcf3a2a65c875e501412e9db8b00b4b554e4351e01fab46c2793e87b3d
49552cf24fb4a73f0616514ddbf7938201de980b1d1323dafacd3be80e5c5faa
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
94df22701bd80fca42c776b7064a4505986161b616007963e1ba60adba6f84d5
a6e8d166b5ad43c05334f28d92b9679349171e628266016553563f0246a20297
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
b3e6cccba995c3b4fc7641d24fd855a14c91df45879c07bb15aa3aae1a3c0520
d172d750493be64a7ed84dec1dd2a0d787ba42f78bc694b0858f152c52b6620b
d1fc68b864b50ca3195bfd59a6f9594d6178bd718e540ce01e5043db6eff6888
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eec2c40d8b1bb98306990239204d8b90ca030f0def0e00dfe3117ae42991e126
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955