techstubs.com Open in urlscan Pro
150.107.31.75 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://techstubs.com/
Submission: On January 15 via api (January 15th 2024, 3:32:57 am UTC) from US — Scanned from US

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 9 HTTP transactions. The main IP is 150.107.31.75, located in Thailand and belongs to POP-IDC-TH POPIDC powered by CSLoxinfo, TH. The main domain is techstubs.com.
TLS certificate: Issued by R3 on January 11th 2024. Valid for: 3 months.

This is the only time techstubs.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
5	150.107.31.75 150.107.31.75	131447 (POP-IDC-T...) (POP-IDC-TH POPIDC powered by CSLoxinfo)
1	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
2	2a00:86c0:209... 2a00:86c0:2090::1	40027 (NETFLIX-ASN) (NETFLIX-ASN)
1	2403:6200:fff... 2403:6200:ffff:ffa4:8000::16	45758 (TTBP-AS-A...) (TTBP-AS-AP Triple T Broadband Public Company Limited)
9	4

5 150.107.31.75 (Thailand)

ASN131447 (POP-IDC-TH POPIDC powered by CSLoxinfo, TH)
PTR: ns35.appservhosting.com

techstubs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:86c0:2090::1 (United States)

ASN40027 (NETFLIX-ASN, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2403:6200:ffff:ffa4:8000::16 (Thailand)

ASN45758 (TTBP-AS-AP Triple T Broadband Public Company Limited, TH)

occ-0-3844-64.1.nflxso.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	techstubs.com techstubs.com	1 MB
2	nflxext.com assets.nflxext.com — Cisco Umbrella Rank: 5604	60 KB
1	nflxso.net occ-0-3844-64.1.nflxso.net	248 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 324	25 KB
9	4

	Domain	Requested by
5	techstubs.com	techstubs.com
2	assets.nflxext.com	techstubs.com
1	occ-0-3844-64.1.nflxso.net	techstubs.com
1	cdn.jsdelivr.net	techstubs.com
9	4

This site contains no links.

Subject Issuer	Validity	Valid
techstubs.com R3	`2024-01-11` - `2024-04-10`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
*.1.nflxso.net DigiCert Secure Site ECC CA-1	`2024-01-11` - `2024-02-12`	a month	crt.sh

This page contains 1 frames:

Primary Page: https://techstubs.com/
Frame ID: 30DA30BCA3F89DFCD93A4697C961AEE3
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Document

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

9
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1408 kB
Transfer

1545 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
techstubs.com/ 16 KB
4 KB 2053ms
276ms Document
text/html 150.107.31.75
POP-IDC-TH POPIDC...

General

Check archive.org

Show headers Download Go to

Full URL: https://techstubs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 150.107.31.75 , Thailand, ASN131447 (POP-IDC-TH POPIDC powered by CSLoxinfo, TH),
Reverse DNS: ns35.appservhosting.com
Software: nginx / PHP/8.3.1
Resource Hash: 34121f2cc8da598a22b7fdca312e5e7d09ed750e72d15eed51d326364904dd1e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Connection: Upgrade, close
Content-Encoding: gzip
Content-Length: 3873
Content-Type: text/html
Date: Mon, 15 Jan 2024 03:32:49 GMT
Server: nginx
Upgrade: h2,h2c
Vary: Accept-Encoding
X-Powered-By: PHP/8.3.1

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/ 152 KB
25 KB 54ms
14ms Stylesheet
text/css 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css

Requested by

Host: techstubs.com
URL: https://techstubs.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://techstubs.com/
Origin: https://techstubs.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 15 Jan 2024 03:32:49 GMT
x-content-type-options: nosniff
content-encoding: br
age: 18812813
x-jsd-version: 5.0.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25360
x-served-by: cache-fra-eddf8230097-FRA, cache-lga21975-LGA
x-jsd-version-type: version
etag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 404
Not Found bootstrap.bundle.min.js
techstubs.com/img/https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/ 0
0 292ms
279ms Script
text/html 150.107.31.75
POP-IDC-TH POPIDC...

General

Check archive.org

Show headers Download Go to

Full URL: https://techstubs.com/img/https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js
Requested by: Host: techstubs.com
URL: https://techstubs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 150.107.31.75 , Thailand, ASN131447 (POP-IDC-TH POPIDC powered by CSLoxinfo, TH),
Reverse DNS: ns35.appservhosting.com
Software: nginx /
Resource Hash

Request headers

Referer: https://techstubs.com/
Origin: https://techstubs.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Upgrade: h2,h2c
Date: Mon, 15 Jan 2024 03:32:49 GMT
Server: nginx
Connection: Upgrade, close
Content-Length: 2223
Content-Type: text/html; charset=UTF-8

GET
H/1.1 404
Not Found jquery.min.js
techstubs.com/img/https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/ 0
0 848ms
285ms Script
text/html 150.107.31.75
POP-IDC-TH POPIDC...

General

Check archive.org

Show headers Download Go to

Full URL: https://techstubs.com/img/https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
Requested by: Host: techstubs.com
URL: https://techstubs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 150.107.31.75 , Thailand, ASN131447 (POP-IDC-TH POPIDC powered by CSLoxinfo, TH),
Reverse DNS: ns35.appservhosting.com
Software: nginx /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://techstubs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Upgrade: h2,h2c
Date: Mon, 15 Jan 2024 03:32:50 GMT
Server: nginx
Connection: Upgrade, close
Content-Length: 2211
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK bg-techdtubs.png
techstubs.com/img/ 1 MB
1 MB 847ms
284ms Image
image/png 150.107.31.75
POP-IDC-TH POPIDC...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://techstubs.com/img/bg-techdtubs.png
Requested by: Host: techstubs.com
URL: https://techstubs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 150.107.31.75 , Thailand, ASN131447 (POP-IDC-TH POPIDC powered by CSLoxinfo, TH),
Reverse DNS: ns35.appservhosting.com
Software: nginx /
Resource Hash: bb3c1a17c8f93cab5e4bb2dcabf259eda90df37f5c30ba938b61f51d42732e24

Request headers

accept-language: en-US,en;q=0.9
Referer: https://techstubs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Mon, 15 Jan 2024 03:32:50 GMT
Last-Modified: Mon, 15 Jan 2024 02:52:40 GMT
Server: nginx
ETag: "10711d-60ef31b71113f"
Upgrade: h2,h2c
Content-Type: image/png
Connection: Upgrade, close
Accept-Ranges: bytes
Content-Length: 1077533

GET
H/1.1 200
OK logo%20techdtubs-white.png
techstubs.com/img/ 18 KB
19 KB 838ms
286ms Image
image/png 150.107.31.75
POP-IDC-TH POPIDC...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://techstubs.com/img/logo%20techdtubs-white.png
Requested by: Host: techstubs.com
URL: https://techstubs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 150.107.31.75 , Thailand, ASN131447 (POP-IDC-TH POPIDC powered by CSLoxinfo, TH),
Reverse DNS: ns35.appservhosting.com
Software: nginx /
Resource Hash: b58c6c8a49fd4cdb27c1cf88e4a51941051646e75b6c7639d732aeb62e4f23d0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://techstubs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Mon, 15 Jan 2024 03:32:50 GMT
Last-Modified: Fri, 12 Jan 2024 11:12:33 GMT
Server: nginx
ETag: "498f-60ebdbda8ee76"
Upgrade: h2,h2c
Content-Type: image/png
Connection: Upgrade, close
Accept-Ranges: bytes
Content-Length: 18831

GET
H/1.1 200
OK tv.png
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ 11 KB
11 KB 57ms
23ms Image
image/png 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/tv.png
Requested by: Host: techstubs.com
URL: https://techstubs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: b68ea2c7bea397aa11fadb189ce7d83862baebaf03ece643eb5aa9fb5f755056

Request headers

accept-language: en-US,en;q=0.9
Referer: https://techstubs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Mon, 15 Jan 2024 03:32:50 GMT
Last-Modified: Wed, 14 Nov 2018 18:20:41 GMT
Server: nginx
Content-MD5: d5lKZzJ7qVff2IDjOpHwQQ==
Content-Type: image/png
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11418
Expires: Mon, 22 Jan 2024 03:32:51 GMT

GET
H/1.1 200
OK mobile-0819.jpg
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ 48 KB
49 KB 60ms
24ms Image
image/jpeg 2a00:86c0:2090::1
NETFLIX-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/mobile-0819.jpg
Requested by: Host: techstubs.com
URL: https://techstubs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 492fdebd363e40cbba153a244bcfe2a7f5f7cf20aff0805fe45d5c7e2180b875

Request headers

accept-language: en-US,en;q=0.9
Referer: https://techstubs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Mon, 15 Jan 2024 03:32:50 GMT
Last-Modified: Wed, 14 Aug 2019 17:59:05 GMT
Server: nginx
Content-MD5: pIMz1DwZYS7WGYf6Xb/zxQ==
Content-Type: image/jpeg
Cache-Control: max-age=604801
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 49614
Expires: Mon, 22 Jan 2024 03:32:51 GMT

GET
H/1.1 200
OK AAAABejKYujIIDQciqmGJJ8BtXkYKKTi5jiqexltvN1YmvXYIfX8B9CYwooUSIzOKneblRFthZAFsYLMgKMyNfeHwk16DmEkpIIcb6A3.png
occ-0-3844-64.1.nflxso.net/dnm/api/v6/19OhWN2dO19C9txTON9tvTFtefw/ 247 KB
248 KB 880ms
293ms Image
image/png 2403:6200:ffff:ffa4:8000::16
TTBP-AS-AP Triple...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://occ-0-3844-64.1.nflxso.net/dnm/api/v6/19OhWN2dO19C9txTON9tvTFtefw/AAAABejKYujIIDQciqmGJJ8BtXkYKKTi5jiqexltvN1YmvXYIfX8B9CYwooUSIzOKneblRFthZAFsYLMgKMyNfeHwk16DmEkpIIcb6A3.png?r=f55
Requested by: Host: techstubs.com
URL: https://techstubs.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2403:6200:ffff:ffa4:8000::16 , Thailand, ASN45758 (TTBP-AS-AP Triple T Broadband Public Company Limited, TH),
Reverse DNS
Software: nginx /
Resource Hash: eea9de1cdc682d9ea1d1e395e35baa6e35a6d685664bd636e8bf2900158134d1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://techstubs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

Date: Mon, 15 Jan 2024 03:32:50 GMT
Last-Modified: Thu, 01 Jun 2023 20:52:44 GMT
Server: nginx
Accept-CH: Device-Memory, Downlink, DPR, ECT, RTT, Save-Data, Viewport-Width, Width
ETag: "bac31463a9cffbfeed00e05c47a46595"
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=31104000, public, s-maxage=604800
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 253151

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://techstubs.com/img/https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://techstubs.com/img/https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nflxext.com
cdn.jsdelivr.net
occ-0-3844-64.1.nflxso.net
techstubs.com
150.107.31.75
2403:6200:ffff:ffa4:8000::16
2a00:86c0:2090::1
2a04:4e42:400::485
34121f2cc8da598a22b7fdca312e5e7d09ed750e72d15eed51d326364904dd1e
492fdebd363e40cbba153a244bcfe2a7f5f7cf20aff0805fe45d5c7e2180b875
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
b58c6c8a49fd4cdb27c1cf88e4a51941051646e75b6c7639d732aeb62e4f23d0
b68ea2c7bea397aa11fadb189ce7d83862baebaf03ece643eb5aa9fb5f755056
bb3c1a17c8f93cab5e4bb2dcabf259eda90df37f5c30ba938b61f51d42732e24
eea9de1cdc682d9ea1d1e395e35baa6e35a6d685664bd636e8bf2900158134d1

techstubs.com Open in urlscan Pro 150.107.31.75 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

1408 kBTransfer

1545 kBSize

0 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

techstubs.com Open in urlscan Pro
150.107.31.75 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

1408 kB
Transfer

1545 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!