www.colmartiazul.com.ar
Open in
urlscan Pro
200.85.158.72
Malicious Activity!
Public Scan
URL:
http://www.colmartiazul.com.ar/css/fonts/ec/ec/cuent/
Submission Tags: @ipnigh
Submission: On January 14 via api from GB
Submission Tags: @ipnigh
Submission: On January 14 via api from GB
Summary
This website contacted 3 IPs
in 3 countries
across 3 domains to perform 15 HTTP transactions.
The main IP is 200.85.158.72, located in
Argentina and
belongs to ELSERVER S.R.L, AR.
The main domain is www.colmartiazul.com.ar.
This is the only time www.colmartiazul.com.ar was scanned on urlscan.io!
This is the only time www.colmartiazul.com.ar was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 7 | 200.85.158.72 200.85.158.72 | 52270 (ELSERVER ...) (ELSERVER S.R.L) | |
| 7 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN - Netflix Streaming Services Inc.) | |
| 1 2 | 91.235.133.103 91.235.133.103 | 30286 (THM) (THM - ThreatMetrix Inc.) | |
| 15 | 3 |
7
200.85.158.72
(Argentina)
ASN52270 (ELSERVER S.R.L, AR)
PTR: ar86.xvserver.com
ASN52270 (ELSERVER S.R.L, AR)
PTR: ar86.xvserver.com
| www.colmartiazul.com.ar |
7
2a00:86c0:2090::1
(United Kingdom)
ASN40027 (NETFLIX-ASN - Netflix Streaming Services Inc., US)
ASN40027 (NETFLIX-ASN - Netflix Streaming Services Inc., US)
| assets.nflxext.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 7 |
nflxext.com
assets.nflxext.com |
89 KB |
| 7 |
colmartiazul.com.ar
www.colmartiazul.com.ar |
24 KB |
| 2 |
netflix.com
1 redirects
secured.netflix.com |
989 B |
| 15 | 3 |
| Domain | Requested by | |
|---|---|---|
| 7 | assets.nflxext.com |
www.colmartiazul.com.ar
|
| 7 | www.colmartiazul.com.ar |
www.colmartiazul.com.ar
|
| 2 | secured.netflix.com |
1 redirects
www.colmartiazul.com.ar
|
| 15 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.netflix.com |
| www.verisign.com |
| help.netflix.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.1.nflxso.net DigiCert SHA2 Secure Server CA |
2019-12-26 - 2020-01-28 |
a month | crt.sh |
| secured.netflix.com DigiCert SHA2 Secure Server CA |
2018-02-04 - 2020-02-04 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.colmartiazul.com.ar/css/fonts/ec/ec/cuent/
Frame ID: 8D231B4E0E0180B86C641233FEAFD5CE
Requests: 15 HTTP requests in this frame
8 Outgoing links
These are links going to different origins than the main page.
URL: https://www.netflix.com/
Title: Netflix
Title: Netflix
Search URL Search Domain Scan URL
URL: https://www.netflix.com/SignOut
Title: Desconectar
Title: Desconectar
Search URL Search Domain Scan URL
URL: https://www.netflix.com/youraccount
Title: Su cuenta
Title: Su cuenta
Search URL Search Domain Scan URL
URL: https://www.verisign.com/verisign-trust-seal
Title: ABOUT TRUST ONLINE
Title: ABOUT TRUST ONLINE
Search URL Search Domain Scan URL
URL: https://help.netflix.com/contactus
Title: Preguntas? Contáctenos.
Title: Preguntas? Contáctenos.
Search URL Search Domain Scan URL
URL: https://help.netflix.com/legal/termsofuse
Title: Términos de Uso
Title: Términos de Uso
Search URL Search Domain Scan URL
URL: https://help.netflix.com/legal/privacy
Title: Intimidad
Title: Intimidad
Search URL Search Domain Scan URL
URL: https://help.netflix.com/legal/privacy#cookies
Title: Preferencias de Cookie
Title: Preferencias de Cookie
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=060FE70C-23F7-45C7-0DA7-6CAAF3A3D8C7&m=1 HTTP 302
- https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=060fe70c-23f7-45c7-0da7-6caaf3a3d8c7&k=1
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
www.colmartiazul.com.ar/css/fonts/ec/ec/cuent/ |
21 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
z.css
www.colmartiazul.com.ar/css/fonts/ec/ec/cuent/js/ |
99 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear_003.png
www.colmartiazul.com.ar/css/fonts/ec/ec/cuent/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear_002.png
www.colmartiazul.com.ar/css/fonts/ec/ec/cuent/js/ |
81 B 350 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
question_mark.png
www.colmartiazul.com.ar/css/fonts/ec/ec/cuent/js/ |
564 B 835 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
www.colmartiazul.com.ar/css/fonts/ec/ec/cuent/js/ |
81 B 349 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear_003.png
www.colmartiazul.com.ar/css/fonts/ec/ec/cuent/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
carrot_sprite_16x33.png
assets.nflxext.com/en_us/layout/ecweb/common/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
12_11_2014_icon_visa_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
859 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
10_18_2014_icon_master_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
833 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
10_18_2014_icon_amex_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
525 B 854 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
10_18_2014_icon_discovery_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
886 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
paypal.png
assets.nflxext.com/en_us/layout/ecweb/payment/icons/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
clear.png
secured.netflix.com/fp/ Redirect Chain
|
81 B 474 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
nf-icon-v1-80.woff
assets.nflxext.com/ffe/siteui/fonts/ |
78 KB 78 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| netflix0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
secured.netflix.com
www.colmartiazul.com.ar
200.85.158.72
2a00:86c0:2090::1
91.235.133.103
2555364bdd6374d0c273c69322f2f78554c02fe630ee6582eeb2d2c9031d1a9d
4958e4d47607004834b13d3c29d91f8c15b2ab2c488a15d9745a039e970f0bf3
694668a605f294bff15137923aadc4576ef0fbc158f035e1bcedf521a6cf1fd8
7ed65da4bcdc5f0f68d20f2b489f2f1e4df6d5b1235ece01afd24624126be504
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
973576ba6483c6c75d1d55339c1cac5d742abef700ede0903341ab222a2ee7c2
a47661d7ad003fe7df9ac30d1ce3b984dd9186b676f77b41e0d53f2f4ce4ac8b
cc5859d74f8cde62e1cdeeea341f85f9725d4f4398f58203aa1e5080faf1685a
d7e33ae9841d6a3551ecdcdd6bbcd8d34c23be82a4993baee0cd2ede9a250c82
e16dc5679ddf1021c71518191d4433112cd9c72317275ae5bdfab2a98ed36311
f878f94a441977a2a0ec43492ea6a7c6910cfc773b38d2d71eb917e63ff8db98