urlscan.io logo urlscan.io
SecurityTrails logo

www.ideamix.com.tw Open in urlscan Pro
219.84.199.181  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
Submission Tags: @ipnigh
Submission: On January 08 via api from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 21 HTTP transactions. The main IP is 219.84.199.181, located in Taiwan and belongs to SONET-TW Sony Network Taiwan Limited, TW. The main domain is www.ideamix.com.tw.
This is the only time www.ideamix.com.tw was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
4 219.84.199.181 18182 (SONET-TW ...)
1 209.197.3.7 20446 (HIGHWINDS3)
1 2 2a03:2880:f01... 32934 (FACEBOOK)
1 2a00:86c0:209... 40027 (NETFLIX-ASN)
21 5
Domain Requested by
4 www.ideamix.com.tw www.ideamix.com.tw
2 staticxx.facebook.com 1 redirects www.ideamix.com.tw
1 assets.nflxext.com www.ideamix.com.tw
1 e2b8u3v8.map2.ssl.hwcdn.net www.ideamix.com.tw
0 cipmepknanmbbaneimacddfemfbfgpgo Failed www.ideamix.com.tw
21 5

This site contains links to these domains. Also see Links.

Domain
help.netflix.com
Subject Issuer Validity Valid
*.map2.ssl.hwcdn.net
COMODO RSA Domain Validation Secure Server CA		 2018-04-10 -
2020-04-09		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2019-12-06 -
2020-03-05		 3 months crt.sh
*.1.nflxso.net
DigiCert SHA2 Secure Server CA		 2019-12-25 -
2020-01-30		 a month crt.sh

This page contains 3 frames:

Primary Page: http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
Frame ID: 178308CA642058080438584B3914D1DD
Requests: 19 HTTP requests in this frame

Frame: https://e2b8u3v8.map2.ssl.hwcdn.net/dc/603151/12c/Ff516c03fcea9dba0f93c.html
Frame ID: 1CE919C4B4BCB105515E9CD7C89E890F
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter.php?version=45
Frame ID: 915B80FF91F332D76AB34B0B4320381D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • html /<[^>]+data-react/i

Page Statistics

21
Requests

14 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

709 kB
Transfer

707 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://staticxx.facebook.com/connect/xd_arbiter/r/__Bz3h5RzMx.js?version=42 HTTP 302
  • https://staticxx.facebook.com/connect/xd_arbiter.php?version=45

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.ideamix.com.tw/colorbox/morocain/hawes/netflix/ 		197 KB
197 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
Protocol
HTTP/1.1
Server
219.84.199.181 , Taiwan, ASN18182 (SONET-TW Sony Network Taiwan Limited, TW),
Reverse DNS
so199-181.asiawhere.com
Software
Apache / PleskLin
Resource Hash
6362589369268a5d313f9edcb3a4d15a8cfe676ece32f27838d2c44b5e9c76e4

Request headers

Host
www.ideamix.com.tw
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 08 Jan 2020 12:20:41 GMT
Server
Apache
X-Powered-By
PleskLin
Connection
close
Transfer-Encoding
chunked
Content-Type
text/html
a1.css
www.ideamix.com.tw/colorbox/morocain/hawes/netflix/css/ 		123 KB
124 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/css/a1.css
Requested by
Host: www.ideamix.com.tw
URL: http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
Protocol
HTTP/1.1
Server
219.84.199.181 , Taiwan, ASN18182 (SONET-TW Sony Network Taiwan Limited, TW),
Reverse DNS
so199-181.asiawhere.com
Software
Apache / PleskLin
Resource Hash
49060d84cc94b80f4971175583226cf78ca1bf52e68cc269202bdc89c4767de0

Request headers

Referer
http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 08 Jan 2020 12:20:42 GMT
ETag
"190276e-1eda1-59b92cc190d77"
Last-Modified
Tue, 07 Jan 2020 20:41:15 GMT
Server
Apache
X-Powered-By
PleskLin
Content-Type
text/css
Connection
close
Accept-Ranges
bytes
Content-Length
126369
MA-fr-20181015-popsignuptwoweeks-perspective_alpha_website_large.jpg
www.ideamix.com.tw/colorbox/morocain/hawes/netflix/img/ 		314 KB
314 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/img/MA-fr-20181015-popsignuptwoweeks-perspective_alpha_website_large.jpg
Requested by
Host: www.ideamix.com.tw
URL: http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
Protocol
HTTP/1.1
Server
219.84.199.181 , Taiwan, ASN18182 (SONET-TW Sony Network Taiwan Limited, TW),
Reverse DNS
so199-181.asiawhere.com
Software
Apache / PleskLin
Resource Hash
f89cdc86d26ca35c39b7e7a32882d678c776ce2b69c4f89e36e7c16c52d21337

Request headers

Referer
http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 08 Jan 2020 12:20:42 GMT
ETag
"1902788-4e852-59b92cc195f7f"
Last-Modified
Tue, 07 Jan 2020 20:41:15 GMT
Server
Apache
X-Powered-By
PleskLin
Content-Type
image/jpeg
Connection
close
Accept-Ranges
bytes
Content-Length
321618
FB-f-Logo__blue_57.png
www.ideamix.com.tw/colorbox/morocain/hawes/netflix/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/img/FB-f-Logo__blue_57.png
Requested by
Host: www.ideamix.com.tw
URL: http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
Protocol
HTTP/1.1
Server
219.84.199.181 , Taiwan, ASN18182 (SONET-TW Sony Network Taiwan Limited, TW),
Reverse DNS
so199-181.asiawhere.com
Software
Apache / PleskLin
Resource Hash
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece

Request headers

Referer
http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Wed, 08 Jan 2020 12:20:43 GMT
ETag
"1902782-5af-59b92cc194fdf"
Last-Modified
Tue, 07 Jan 2020 20:41:15 GMT
Server
Apache
X-Powered-By
PleskLin
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
1455
Ff516c03fcea9dba0f93c.html
e2b8u3v8.map2.ssl.hwcdn.net/dc/603151/12c/ Frame 1CE9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://e2b8u3v8.map2.ssl.hwcdn.net/dc/603151/12c/Ff516c03fcea9dba0f93c.html
Requested by
Host: www.ideamix.com.tw
URL: http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.197.3.7 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip0x007.map2.ssl.hwcdn.net
Software
/
Resource Hash

Request headers

Host
e2b8u3v8.map2.ssl.hwcdn.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
nested-navigate
Referer
http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/

Response headers

Date
Wed, 08 Jan 2020 12:20:43 GMT
Connection
Keep-Alive
Accept-Ranges
bytes
Cache-Control
max-age=333300
Content-Encoding
gzip
Content-Length
34111
Content-Type
text/html
Access-Control-Allow-Origin
*
X-HW
1578486043.dop001.wa1.t,1578486043.cds003.wa1.shn,1578486043.dop001.wa1.t,1578486043.cds005.wa1.c
xd_arbiter.php
staticxx.facebook.com/connect/ Frame 915B
Redirect Chain
  • https://staticxx.facebook.com/connect/xd_arbiter/r/__Bz3h5RzMx.js?version=42
  • https://staticxx.facebook.com/connect/xd_arbiter.php?version=45
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://staticxx.facebook.com/connect/xd_arbiter.php?version=45
Requested by
Host: www.ideamix.com.tw
URL: http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter.php?version=45
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/

Response headers

status
200
content-type
text/html; charset=utf-8
expires
Tue, 05 Jan 2021 23:40:38 GMT
strict-transport-security
max-age=15552000; preload
content-encoding
br
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cache-control
public,max-age=31536000,immutable
x-fb-debug
4jeG90qv1MeKEYtTmnOmpXsJ6oGqZeuD/cTyDq3u7xtQ6mUyRFBphWDr2O9XtKOP8LS7L4I/n2tw49Q1yG213Q==
content-length
12375
x-fb-trip-id
1850256238
date
Wed, 08 Jan 2020 12:20:43 GMT
alt-svc
h3-24=":443"; ma=3600

Redirect headers

status
302
location
https://staticxx.facebook.com/connect/xd_arbiter.php?version=45
x-xss-protection
0
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
H7qh8M40uCW/Utw1ewoGWn00La5SntaFkHyObIAhBdDJyKPGmGRIspK7A+Be98sr1nTmEwwL0l4FvoNwhnz54A==
content-length
0
x-fb-trip-id
1850256238
date
Wed, 08 Jan 2020 12:20:43 GMT
alt-svc
h3-24=":443"; ma=3600
web-search-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
video-search-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
google-images-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
google-translate-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
wikipedia-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
btn_settings@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 		0
0
facebook-share-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
twitter-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
pinterest-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
google-plus-center-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
linkedin-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
btn_settings@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 		0
0
dropToShareHint@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 		0
0
dropToSearchHint@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 		0
0
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ 		72 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
Requested by
Host: www.ideamix.com.tw
URL: http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:86c0:2090::1 , United Kingdom, ASN40027 (NETFLIX-ASN - Netflix Streaming Services Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
http://www.ideamix.com.tw/colorbox/morocain/hawes/netflix/css/a1.css
Origin
http://www.ideamix.com.tw

Response headers

Date
Wed, 08 Jan 2020 12:20:44 GMT
Last-Modified
Mon, 29 Jan 2018 01:50:51 GMT
Server
nginx
Content-MD5
fPYVbMSBJEtaJUNi17c/AA==
Content-Type
font/woff
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=18395721
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
73572
Expires
Wed, 15 Apr 2020 20:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/web-search-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/video-search-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-images-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-translate-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/wikipedia-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/btn_settings@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/facebook-share-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/twitter-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/pinterest-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-plus-center-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/linkedin-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/btn_settings@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/dropToShareHint@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/dropToSearchHint@2x.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies