techstubs.com
Open in
urlscan Pro
150.107.31.75
Malicious Activity!
Public Scan
Submission: On January 15 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on January 11th 2024. Valid for: 3 months.
This is the only time techstubs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 150.107.31.75 150.107.31.75 | 131447 (POP-IDC-T...) (POP-IDC-TH POPIDC powered by CSLoxinfo) | |
1 | 2a04:4e42:400... 2a04:4e42:400::485 | 54113 (FASTLY) (FASTLY) | |
2 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
1 | 2403:6200:fff... 2403:6200:ffff:ffa4:8000::16 | 45758 (TTBP-AS-A...) (TTBP-AS-AP Triple T Broadband Public Company Limited) | |
9 | 4 |
ASN131447 (POP-IDC-TH POPIDC powered by CSLoxinfo, TH)
PTR: ns35.appservhosting.com
techstubs.com |
ASN45758 (TTBP-AS-AP Triple T Broadband Public Company Limited, TH)
occ-0-3844-64.1.nflxso.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
techstubs.com
techstubs.com |
1 MB |
2 |
nflxext.com
assets.nflxext.com — Cisco Umbrella Rank: 5604 |
60 KB |
1 |
nflxso.net
occ-0-3844-64.1.nflxso.net |
248 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 324 |
25 KB |
9 | 4 |
Domain | Requested by | |
---|---|---|
5 | techstubs.com |
techstubs.com
|
2 | assets.nflxext.com |
techstubs.com
|
1 | occ-0-3844-64.1.nflxso.net |
techstubs.com
|
1 | cdn.jsdelivr.net |
techstubs.com
|
9 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
techstubs.com R3 |
2024-01-11 - 2024-04-10 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3 |
2023-09-27 - 2024-10-28 |
a year | crt.sh |
*.1.nflxso.net DigiCert Secure Site ECC CA-1 |
2024-01-11 - 2024-02-12 |
a month | crt.sh |
This page contains 1 frames:
Primary Page:
https://techstubs.com/
Frame ID: 30DA30BCA3F89DFCD93A4697C961AEE3
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
DocumentDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
techstubs.com/ |
16 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/ |
152 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.bundle.min.js
techstubs.com/img/https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
techstubs.com/img/https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-techdtubs.png
techstubs.com/img/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo%20techdtubs-white.png
techstubs.com/img/ |
18 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tv.png
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-0819.jpg
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ |
48 KB 49 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AAAABejKYujIIDQciqmGJJ8BtXkYKKTi5jiqexltvN1YmvXYIfX8B9CYwooUSIzOKneblRFthZAFsYLMgKMyNfeHwk16DmEkpIIcb6A3.png
occ-0-3844-64.1.nflxso.net/dnm/api/v6/19OhWN2dO19C9txTON9tvTFtefw/ |
247 KB 248 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
cdn.jsdelivr.net
occ-0-3844-64.1.nflxso.net
techstubs.com
150.107.31.75
2403:6200:ffff:ffa4:8000::16
2a00:86c0:2090::1
2a04:4e42:400::485
34121f2cc8da598a22b7fdca312e5e7d09ed750e72d15eed51d326364904dd1e
492fdebd363e40cbba153a244bcfe2a7f5f7cf20aff0805fe45d5c7e2180b875
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
b58c6c8a49fd4cdb27c1cf88e4a51941051646e75b6c7639d732aeb62e4f23d0
b68ea2c7bea397aa11fadb189ce7d83862baebaf03ece643eb5aa9fb5f755056
bb3c1a17c8f93cab5e4bb2dcabf259eda90df37f5c30ba938b61f51d42732e24
eea9de1cdc682d9ea1d1e395e35baa6e35a6d685664bd636e8bf2900158134d1