translated.turbopages.org
Open in
urlscan Pro
213.180.193.193
Malicious Activity!
Public Scan
Effective URL: https://translated.turbopages.org/proxy_u/en-sk.en.3b59a852-64dcbb3a-33e790cb-74722d776562/https/v.netici7767.repl.co/1.php
Submission Tags: @ecarlesi possiblethreat #phishing #netflix Search All
Submission: On August 16 via api from CA — Scanned from CA
Summary
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on March 21st 2023. Valid for: 6 months.
This is the only time translated.turbopages.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 216.239.34.21 216.239.34.21 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 213.180.204.193 213.180.204.193 | 13238 (YANDEX) (YANDEX) | |
2 3 | 213.180.193.193 213.180.193.193 | 13238 (YANDEX) (YANDEX) | |
7 | 178.154.131.217 178.154.131.217 | 13238 (YANDEX) (YANDEX) | |
1 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 34.120.194.28 34.120.194.28 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
6 | 45.57.90.1 45.57.90.1 | 2906 (AS-SSI) (AS-SSI) | |
1 | 142.250.65.202 142.250.65.202 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.217.13.99 172.217.13.99 | 15169 (GOOGLE) (GOOGLE) | |
3 | 5.255.255.77 5.255.255.77 | 13238 (YANDEX) (YANDEX) | |
1 | 213.180.204.194 213.180.204.194 | 13238 (YANDEX) (YANDEX) | |
23 | 9 |
ASN15169 (GOOGLE, US)
PTR: any-in-2215.1e100.net
podporapredplat.com |
ASN13238 (YANDEX, RU)
PTR: translate.yandex.ru
translate.yandex.com |
ASN13238 (YANDEX, RU)
PTR: z5h64q92x9.net
translated.turbopages.org |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 28.194.120.34.bc.googleusercontent.com
v.netici7767.repl.co |
ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: yul02s04-in-f3.1e100.net
fonts.gstatic.com |
ASN13238 (YANDEX, RU)
PTR: translate.yandex.net
translate.yandex.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
yastatic.net
yastatic.net — Cisco Umbrella Rank: 6466 |
90 KB |
6 |
nflxext.com
assets.nflxext.com — Cisco Umbrella Rank: 4094 |
186 KB |
3 |
yandex.ru
yandex.ru — Cisco Umbrella Rank: 2014 |
1 KB |
3 |
turbopages.org
2 redirects
translated.turbopages.org — Cisco Umbrella Rank: 487670 |
16 KB |
2 |
repl.co
v.netici7767.repl.co |
312 KB |
1 |
yandex.net
translate.yandex.net — Cisco Umbrella Rank: 28472 |
904 B |
1 |
gstatic.com
fonts.gstatic.com |
46 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 73 |
998 B |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1179 |
7 KB |
1 |
yandex.com
1 redirects
translate.yandex.com — Cisco Umbrella Rank: 207451 |
624 B |
1 |
podporapredplat.com
1 redirects
podporapredplat.com |
282 B |
23 | 11 |
Domain | Requested by | |
---|---|---|
7 | yastatic.net |
translated.turbopages.org
|
6 | assets.nflxext.com |
translated.turbopages.org
assets.nflxext.com |
3 | yandex.ru |
translated.turbopages.org
|
3 | translated.turbopages.org | 2 redirects |
2 | v.netici7767.repl.co |
translated.turbopages.org
v.netici7767.repl.co |
1 | translate.yandex.net |
yastatic.net
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
v.netici7767.repl.co
|
1 | maxcdn.bootstrapcdn.com |
translated.turbopages.org
|
1 | translate.yandex.com | 1 redirects |
1 | podporapredplat.com | 1 redirects |
23 | 11 |
This site contains links to these domains. Also see Links.
Domain |
---|
translate.yandex.com |
yandex.com |
v.netici7767.repl.co |
Subject Issuer | Validity | Valid | |
---|---|---|---|
z5h64q92x9.net GlobalSign RSA OV SSL CA 2018 |
2023-03-21 - 2023-09-19 |
6 months | crt.sh |
*.yastatic-net.ru GlobalSign ECC OV SSL CA 2018 |
2023-07-10 - 2024-01-07 |
6 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
netici7767.repl.co GTS CA 1P5 |
2023-08-12 - 2023-11-10 |
3 months | crt.sh |
*.1.nflxso.net DigiCert Secure Site ECC CA-1 |
2023-08-14 - 2023-09-19 |
a month | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-07-17 - 2023-10-09 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-07-17 - 2023-10-09 |
3 months | crt.sh |
*.xn--d1acpjx3f.xn--p1ai GlobalSign ECC OV SSL CA 2018 |
2023-06-21 - 2023-12-19 |
6 months | crt.sh |
translate.yandex.net GlobalSign RSA OV SSL CA 2018 |
2023-07-08 - 2023-12-12 |
5 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://translated.turbopages.org/proxy_u/en-sk.en.3b59a852-64dcbb3a-33e790cb-74722d776562/https/v.netici7767.repl.co/1.php
Frame ID: A105D2C3016E54C3F9D073F0781AE7CE
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
NetflixPage URL History Show full URLs
-
http://podporapredplat.com/
HTTP 302
https://translate.yandex.com/translate?view=compact&url=v.netici7767.repl.co&lang=en-sk HTTP 302
https://translated.turbopages.org/proxy_u/en-sk.en.3b59a852-64dcbb3a-33e790cb-74722d776562/v.netici7767.repl.co HTTP 307
https://translated.turbopages.org/proxy_u/en-sk.en.3b59a852-64dcbb3a-33e790cb-74722d776562/https/v.netici7767.... HTTP 307
https://translated.turbopages.org/proxy_u/en-sk.en.3b59a852-64dcbb3a-33e790cb-74722d776562/https/v.netici7767.... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: v.netici7767.repl.co
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://podporapredplat.com/
HTTP 302
https://translate.yandex.com/translate?view=compact&url=v.netici7767.repl.co&lang=en-sk HTTP 302
https://translated.turbopages.org/proxy_u/en-sk.en.3b59a852-64dcbb3a-33e790cb-74722d776562/v.netici7767.repl.co HTTP 307
https://translated.turbopages.org/proxy_u/en-sk.en.3b59a852-64dcbb3a-33e790cb-74722d776562/https/v.netici7767.repl.co/ HTTP 307
https://translated.turbopages.org/proxy_u/en-sk.en.3b59a852-64dcbb3a-33e790cb-74722d776562/https/v.netici7767.repl.co/1.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
1.php
translated.turbopages.org/proxy_u/en-sk.en.3b59a852-64dcbb3a-33e790cb-74722d776562/https/v.netici7767.repl.co/ Redirect Chain
|
16 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
turbo.js
yastatic.net/s3/translate/v109.1/dist/scripts/bundles/ |
16 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tr_page_common.css
yastatic.net/s3/translate/v109.1/dist/styles/misc/ |
65 B 593 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tr_page_popup.css
yastatic.net/s3/translate/v109.1/dist/styles/misc/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tr_page_stripe.css
yastatic.net/s3/translate/v109.1/dist/styles/misc/ |
32 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tr_page.js
yastatic.net/s3/translate/v109.1/dist/scripts/addons/ |
204 KB 62 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tr_page_worker.js
yastatic.net/s3/translate/v109.1/dist/scripts/addons/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
v.netici7767.repl.co/css/ |
4 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
error-page.b122c37502204303115a.css
assets.nflxext.com/web/ffe/wp/less/core/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loginBase.db4481459b483cc78012.css
assets.nflxext.com/web/ffe/wp/less/login/ |
44 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Login.fcd0c98cb56a9e2b00f0.css
assets.nflxext.com/web/ffe/wp/less/pages/login/ |
80 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
3 KB 998 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fond.jpg
v.netici7767.repl.co/img/ |
307 KB 307 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NetflixSans_W_Rg.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
52 KB 52 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1Ptug8zYS_SKggPNyC0ITw.woff2
fonts.gstatic.com/s/raleway/v28/ |
45 KB 46 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NetflixSans_W_Bd.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
54 KB 54 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NetflixSans_W_Md.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
53 KB 53 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
turbo.js
yastatic.net/s3/translate/v109.1/dist/scripts/bundles/ |
16 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
*
yandex.ru/clck/click/dtype=stred/pid=453/cid=74186/ytr_counter_name=first_translation_request/ytr_time=12101/ytr_host=https%3A%2F%2Fv.netici7767.repl.co%2F1.php/ytr_lang=en-sk/ytr_url=https%3A%2F%2... |
43 B 894 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate
translate.yandex.net/api/v1/tr.json/ |
610 B 904 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
*
yandex.ru/clck/click/dtype=stred/pid=453/cid=74186/ytr_counter_name=dcl_event/ytr_time=12133/ytr_host=https://v.netici7767.repl.co/1.php/ytr_lang=en-ru/ytr_url=https://v.netici7767.repl.co/1.php/yt... |
43 B 373 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
*
yandex.ru/clck/click/dtype=stred/pid=453/cid=74096/ytr_counter_name=url_translation_time/ytr_time=578/ytr_error=0/ytr_counter=1/ytr_host=https%3A%2F%2Fv.netici7767.repl.co%2F1.php/ytr_lang=en-sk/yt... |
43 B 126 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| __core-js_shared__ object| core object| Ya object| yt function| initTurboPageApp6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.yandex.com/ | Name: _yasc Value: VmY38zus3ixQJg0LG9nwIQHnwyJCw0u6wfEpACD2Ip3PrU8pGeHCmCh3pLrP |
|
.yandex.com/ | Name: i Value: f1RB8rt98nOC9jrcFFYHo13fL7106weH7KrMK7hwG2+6Jce8DmVEkTJfGfEEqz7wxBMRgi+P0M9i+mYkqKr4H28xP/4= |
|
.yandex.com/ | Name: yandexuid Value: 4179944711692187450 |
|
.turbopages.org/ | Name: _yasc Value: iKMlIJLAshOIi+V5wJm9CTFtR9QWHc9bNurxaVNsnsE1Dwz9I15O4uJYPk/W |
|
.yandex.ru/ | Name: i Value: zDlJNUkesI3DyqlcWKFH/JWDyBgM5fjvIv7QuLverydSNMR4t0/xtC88qNzsL6Qg8hjYGwkvEFaXKqrj7LHmb8l8nN0= |
|
.yandex.ru/ | Name: yandexuid Value: 8466692561692187455 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
podporapredplat.com
translate.yandex.com
translate.yandex.net
translated.turbopages.org
v.netici7767.repl.co
yandex.ru
yastatic.net
104.18.11.207
142.250.65.202
172.217.13.99
178.154.131.217
213.180.193.193
213.180.204.193
213.180.204.194
216.239.34.21
34.120.194.28
45.57.90.1
5.255.255.77
2532477e8d513907453281875c0094b15c2de4f140f4a009b93cc870d58c7ebe
2578d84257821ea44b1333609474b85b37e6902626f4c322d4565cf894626ee3
25fee228870a47e60a3364441f6ee08c554dcda68e14de11204643f4f11d50a0
2e68f05b126cde1fd536bdc1731b4d302b8729da3533cb45699ccc6714d2dba2
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
5da315580f658c5cf759032561f8346157dd2b47855a7a820b4fbfc2af15e706
64ff50635f01862246140b7752377d30beb0129cc2c3637b52327d0af8f2671b
69e04a5daeb29d28ea3a0621b8b42e81fea5cbf98c51260a482693abc7433ba6
6cc71e5053b6599423f3ba402e6e50c04907b9ba93c3211a56dd32e3a2e6cf4d
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7e928161cd626935d39ff08188caa3f3a918811ca87194082dedf28b697ce6fd
89a3506e5e15a2cee9feb5422374cca721ba83ee9dfa92f26091ec0f5af51d16
910fb84da8dac07dc71624e7123c3617727aac2637fcb5421c0b772b4d97f42f
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e
a3262e29ede50f5466f519748606b47cd46000e99868e90f3294ff7d404d1fff
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167
cc8bd510ecf0f1286a4def691fc8c24040089908c96bf6bd0608da25a530ef38
cf26c5c4ac4e79b88ab50f275bfd3afabb991240ec6f7ac3efd505d3329d4692
d83b795a23947b8db87e38319edf3f4e62e569bfe7cec19e64fb3e6dab62471f
d964e693f725d8f156dfa25536c43521e441f5ae0c709cd4cdd5feca2c4ce4a3