www.33duoduo.icu
Open in
urlscan Pro
156.254.30.252
Malicious Activity!
Public Scan
Submission: On June 18 via automatic, source phishtank
Summary
This is the only time www.33duoduo.icu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 156.254.30.252 156.254.30.252 | 394281 (XHOSTSERVER) (XHOSTSERVER) | |
7 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
1 | 106.120.159.77 106.120.159.77 | 23724 (CHINANET-...) (CHINANET-IDC-BJ-AP IDC) | |
1 | 39.156.68.163 39.156.68.163 | 9808 (CMNET-GD ...) (CMNET-GD Guangdong Mobile Communication Co.Ltd.) | |
13 | 4 |
ASN40027 (NETFLIX-ASN, US)
codex.nflxext.com | |
assets.nflxext.com |
ASN23724 (CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation, CN)
push.zhanzhang.baidu.com |
ASN9808 (CMNET-GD Guangdong Mobile Communication Co.Ltd., CN)
api.share.baidu.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
nflxext.com
codex.nflxext.com assets.nflxext.com |
707 KB |
4 |
33duoduo.icu
www.33duoduo.icu |
25 KB |
2 |
baidu.com
push.zhanzhang.baidu.com api.share.baidu.com |
868 B |
13 | 3 |
Domain | Requested by | |
---|---|---|
4 | codex.nflxext.com |
www.33duoduo.icu
|
4 | www.33duoduo.icu |
www.33duoduo.icu
|
3 | assets.nflxext.com |
www.33duoduo.icu
|
1 | api.share.baidu.com |
www.33duoduo.icu
|
1 | push.zhanzhang.baidu.com |
www.33duoduo.icu
|
13 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.1.nflxso.net DigiCert SHA2 Secure Server CA |
2020-05-24 - 2020-06-29 |
a month | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.33duoduo.icu/Login?nextpage=https://www.netflix.com/youraccount
Frame ID: 75733380206B8AC32B722FD23E2FF1AB
Requests: 13 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Login
www.33duoduo.icu/ |
62 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-v1b8c742f/js/js/bootstrap.js,common%7Cbootstrap.js/2/4P034m4a4C05464w4O070p004Q4r4g4p4I4d4x4k4A0b024L14/bck/true/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-v1b8c742f/js/js/components%7Clogin%7Cfallback%7CfallbackLoginControllerClient.js/2/4P034m4a4C05464w4O070p004Q4r4g4p4I4d4x4k4A0b024L14/l/... |
810 KB 248 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebsiteDetect
www.33duoduo.icu/personalization/cl2/freeform/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-v1b8c742f/css/css/less%7Ccore%7Cerror-page.less/1/lstDvLun9CIK/none/true/ |
20 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-v1b8c742f/css/css/less%7Clogin%7CloginBase.less,less%7Cpages%7Clogin%7CLogin.less/1/lstDvLun9CIK/none/true/ |
160 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tj.js
www.33duoduo.icu/ |
0 154 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.js
www.33duoduo.icu/ |
0 154 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
US-en-20200302-popsignuptwoweeks-perspective_alpha_website_large.jpg
assets.nflxext.com/ffe/siteui/vlv3/3b48f428-24ed-4692-bb04-bc7771854131/087be50f-41d9-44bb-842b-8ddb05e1d4da/ |
351 KB 351 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FB-f-Logo__blue_57.png
assets.nflxext.com/ffe/siteui/login/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ |
72 KB 72 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
push.js
push.zhanzhang.baidu.com/ |
281 B 752 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
api.share.baidu.com/ |
0 116 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.share.baidu.com
assets.nflxext.com
codex.nflxext.com
push.zhanzhang.baidu.com
www.33duoduo.icu
106.120.159.77
156.254.30.252
2a00:86c0:2090::1
39.156.68.163
0d627bd95e495edbe0e4ed7b0917196a62a4240f02783dc45f6fe8c524a5a367
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
424117ca4acd7082ff24d44c4ef44667a2085155d3f8857f7128801326a6c58b
674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2
7ca79ff0ed486bf9df8ee6fa9d536573f3ab59b6d72180ae6b2155b0fe2f828e
940f8a052acf52910da3a3270c6473d1cbd7ce8bc8253d7ba629d35aeffdf947
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
c92decd92a0491b9fdc651bd8a19b3ddc80dd869d507834aaaf7568b2a8f56db
d22aba1c96f027aa9ce3cc366dae2864f0fb57a98b6b41ffeb58ed4fb5c7d343
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855