netflix.volkanoo.club
Open in
urlscan Pro
199.188.201.148
Malicious Activity!
Public Scan
Submission Tags: @phishunt_io
Submission: On November 18 via api from ES
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 17th 2020. Valid for: a year.
This is the only time netflix.volkanoo.club was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 199.188.201.148 199.188.201.148 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::200a | 15169 (GOOGLE) (GOOGLE) | |
2 4 | 2606:4700:303... 2606:4700:3034::681f:4047 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2600:9000:201... 2600:9000:2016:f000:3:b5aa:ad80:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:81d::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::2001 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:80b::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:1b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
6 | 2600:9000:201... 2600:9000:2016:9800:1a:60a5:c0c0:21 | 16509 (AMAZON-02) (AMAZON-02) | |
23 | 8 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server291-5.web-hosting.com
netflix.volkanoo.club |
ASN16509 (AMAZON-02, US)
d13nu0oomnx5ti.cloudfront.net |
ASN15169 (GOOGLE, US)
doc-0o-98-docs.googleusercontent.com |
ASN16509 (AMAZON-02, US)
d1xkyo9j4r7vnn.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
volkanoo.club
netflix.volkanoo.club |
111 KB |
7 |
cloudfront.net
d13nu0oomnx5ti.cloudfront.net d1xkyo9j4r7vnn.cloudfront.net |
50 KB |
4 |
nekudo.com
2 redirects
geoip.nekudo.com |
758 B |
2 |
gstatic.com
fonts.gstatic.com |
18 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
76 KB |
1 |
googleusercontent.com
doc-0o-98-docs.googleusercontent.com |
74 KB |
1 |
google.com
1 redirects
drive.google.com |
958 B |
1 |
googleapis.com
fonts.googleapis.com |
468 B |
23 | 8 |
Domain | Requested by | |
---|---|---|
9 | netflix.volkanoo.club |
netflix.volkanoo.club
|
6 | d1xkyo9j4r7vnn.cloudfront.net |
d13nu0oomnx5ti.cloudfront.net
|
4 | geoip.nekudo.com |
2 redirects
netflix.volkanoo.club
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | maxcdn.bootstrapcdn.com |
netflix.volkanoo.club
|
1 | doc-0o-98-docs.googleusercontent.com |
netflix.volkanoo.club
|
1 | drive.google.com | 1 redirects |
1 | d13nu0oomnx5ti.cloudfront.net |
netflix.volkanoo.club
|
1 | fonts.googleapis.com |
netflix.volkanoo.club
|
23 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
free-netflix.site |
Subject Issuer | Validity | Valid | |
---|---|---|---|
netflix.volkanoo.club Sectigo RSA Domain Validation Secure Server CA |
2020-11-17 - 2021-11-17 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-10-28 - 2021-01-20 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-01 - 2021-08-01 |
a year | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2020-05-26 - 2021-04-21 |
a year | crt.sh |
*.googleusercontent.com GTS CA 1O1 |
2020-10-28 - 2021-01-20 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-10-28 - 2021-01-20 |
3 months | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2020-09-22 - 2021-10-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://netflix.volkanoo.club/
Frame ID: 06B35E3368EFA811EB9B7F12509045A3
Requests: 23 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://geoip.nekudo.com/api?callback=geo HTTP 301
- https://geoip.nekudo.com/shutdown
- https://geoip.nekudo.com/api?callback=geo HTTP 301
- https://geoip.nekudo.com/shutdown
- https://drive.google.com/uc?id=1AQrLEzYbJ5huhca08l0kigKh2XzQiMQQ HTTP 302
- https://doc-0o-98-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/moecjho3iaosg6amu8tgsdrh2gsmpllg/1605674100000/14167946795487961995/*/1AQrLEzYbJ5huhca08l0kigKh2XzQiMQQ
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
netflix.volkanoo.club/ |
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_bower.css
netflix.volkanoo.club/css/ |
114 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
netflix.volkanoo.club/css/maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ |
31 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
netflix.volkanoo.club/css/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
721 B 468 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shutdown
geoip.nekudo.com/ Redirect Chain
|
0 0 |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top-logo.html
netflix.volkanoo.club/img/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
210fd2a.js
d13nu0oomnx5ti.cloudfront.net/ |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_bower.js
netflix.volkanoo.club/js/ |
128 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chance.min.js
netflix.volkanoo.club/css/cdnjs.cloudflare.com/ajax/libs/chance/1.0.4/ |
117 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scripts.js
netflix.volkanoo.club/js/ |
667 B 563 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shutdown
geoip.nekudo.com/ Redirect Chain
|
0 0 |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1AQrLEzYbJ5huhca08l0kigKh2XzQiMQQ
doc-0o-98-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/moecjho3iaosg6amu8tgsdrh2gsmpllg/1605674100000/14167946795487961995/*/ Redirect Chain
|
72 KB 74 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Iurf6YBj_oCad4k1l4qkHrRpiZtK6GwN9w.woff2
fonts.gstatic.com/s/tajawal/v3/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Iurf6YBj_oCad4k1l4qkHrFpiZtK6Gw.woff2
fonts.gstatic.com/s/tajawal/v3/ |
10 KB 10 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html.1153240.64881.0.js
d1xkyo9j4r7vnn.cloudfront.net/public/external/v2/ |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_front.css
d1xkyo9j4r7vnn.cloudfront.net/public/external/ |
6 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
background.jpg
netflix.volkanoo.club/img/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
d1xkyo9j4r7vnn.cloudfront.net/public/clockers/PrimeApps/ |
1010 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
guid
d1xkyo9j4r7vnn.cloudfront.net/public/ |
0 277 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.php
d1xkyo9j4r7vnn.cloudfront.net/public/external/ |
78 B 359 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.php
d1xkyo9j4r7vnn.cloudfront.net/public/external/ |
78 B 359 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| geo object| CPABUILDSETTINGS object| CPABUILDContentLocker number| __cfRLUnblockHandlers function| CPBContentLocker function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| og_load function| CPABuildComplete function| call_locker function| $ function| jQuery function| Chance object| chance0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
d13nu0oomnx5ti.cloudfront.net
d1xkyo9j4r7vnn.cloudfront.net
doc-0o-98-docs.googleusercontent.com
drive.google.com
fonts.googleapis.com
fonts.gstatic.com
geoip.nekudo.com
maxcdn.bootstrapcdn.com
netflix.volkanoo.club
199.188.201.148
2001:4de0:ac19::1:b:1b
2600:9000:2016:9800:1a:60a5:c0c0:21
2600:9000:2016:f000:3:b5aa:ad80:21
2606:4700:3034::681f:4047
2a00:1450:4001:800::2001
2a00:1450:4001:809::200a
2a00:1450:4001:80b::2003
2a00:1450:4001:81d::200e
0153350ce5ace94708d5b44dc2361ae8b0c6e8abe391723cef8f62985b2db419
06afaf9777dfd02addafdee0800c9cd992e5d1f20b9da2234935b42ccbc2ed07
189083154f91ef6cffba4abe2bd4c741c59eb3cb59ec28831afb6c2e1dacd105
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2eeb7cafad9561a494830b9eed8586027817c5ae3cacdae21b42ae293afd426b
4f9ab988aca3e1f77328c2848a1b42efc98e05a9a69102e0232ccf66f7eb80ed
63078c40f079be8d70c0c2e57233ab095fe19f152fcf151c25846667eb2e9655
787b7bce556b3b4b3155465e11a53dcbcea6d1545581538906df7618a2dac742
91a314f0a24da224575549925e82f9a4055357d5d7c2d1159b0e6af99a534384
9c31422dc22d89f10b886829058f1f77ddfc42e612b29724c8fbef5a3fbaf0e9
9ef4a63fc5e0a14a7301d693d65d6acfc44cdf14853c4a20890198f2d5e52e3b
a592900a843de403fe737d53c67a186eef5b025677f64a389d16c1c6dd5068f6
a7081a117335212b9e7f2e348f7369a64423d51db1666310b3451e7375f0b7de
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
ae1df32f028cc1ab83471711b69773c079ad4fe2bb80cc510e5a1c7d15de5831
c3991727c56bf16a5e42e4a66cf08a9cc93814115e592c54712543ab93d703cf
cd3aa49662ad918796d633b400c4251fcce47a232a584cf06f3bec1a2502fd16
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855