urlscan.io logo urlscan.io
SecurityTrails logo

inkcreators.com Open in urlscan Pro
111.93.195.20  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://inkcreators.com/netflix.com-browse
Effective URL: http://inkcreators.com/netflix.com-browse/pc/
Submission: On January 07 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 21 HTTP transactions. The main IP is 111.93.195.20, located in India and belongs to TTSL-MEISISP Tata Teleservices ISP AS, IN. The main domain is inkcreators.com.
This is the only time inkcreators.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

IP Address AS Autonomous System
3 7 111.93.195.20 45820 (TTSL-MEIS...)
1 209.197.3.7 20446 (HIGHWINDS3)
1 2a03:2880:f01... 32934 (FACEBOOK)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
21 5
Domain Requested by
7 inkcreators.com 3 redirects inkcreators.com
1 assets.nflxext.com inkcreators.com
1 staticxx.facebook.com inkcreators.com
1 e2b8u3v8.map2.ssl.hwcdn.net inkcreators.com
0 cipmepknanmbbaneimacddfemfbfgpgo Failed inkcreators.com
21 5

This site contains links to these domains. Also see Links.

Domain
help.netflix.com
Subject Issuer Validity Valid
*.map2.ssl.hwcdn.net
COMODO RSA Domain Validation Secure Server CA		 2018-04-10 -
2020-04-09		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2017-12-15 -
2019-03-22		 a year crt.sh
assets.nflxext.com
DigiCert SHA2 Secure Server CA		 2018-03-09 -
2020-03-09		 2 years crt.sh

This page contains 3 frames:

Primary Page: http://inkcreators.com/netflix.com-browse/pc/
Frame ID: 306259AD6956A8F876CB4793CAB446B3
Requests: 19 HTTP requests in this frame

Frame: https://e2b8u3v8.map2.ssl.hwcdn.net/dc/603151/12c/Ff516c03fcea9dba0f93c.html
Frame ID: 03EBFA0658D10101381FDAB1AFD0E8DE
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/__Bz3h5RzMx.js?version=42
Frame ID: 19A34182C484AD23D51964D5769B9AC6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://inkcreators.com/netflix.com-browse HTTP 301
    http://inkcreators.com/netflix.com-browse/ HTTP 302
    http://inkcreators.com/netflix.com-browse/pc HTTP 301
    http://inkcreators.com/netflix.com-browse/pc/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • html /<[^>]+data-react/i

Page Statistics

21
Requests

14 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

709 kB
Transfer

708 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://inkcreators.com/netflix.com-browse HTTP 301
    http://inkcreators.com/netflix.com-browse/ HTTP 302
    http://inkcreators.com/netflix.com-browse/pc HTTP 301
    http://inkcreators.com/netflix.com-browse/pc/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
inkcreators.com/netflix.com-browse/pc/
Redirect Chain
  • http://inkcreators.com/netflix.com-browse
  • http://inkcreators.com/netflix.com-browse/
  • http://inkcreators.com/netflix.com-browse/pc
  • http://inkcreators.com/netflix.com-browse/pc/
197 KB
197 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://inkcreators.com/netflix.com-browse/pc/
Protocol
HTTP/1.1
Server
111.93.195.20 , India, ASN45820 (TTSL-MEISISP Tata Teleservices ISP AS, IN),
Reverse DNS
server1.websetready.com
Software
Apache /
Resource Hash
6599ce9daf98ae67a2b1305fc6641710d01121d56d048a399c924aab1f5b1e0e

Request headers

Host
inkcreators.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 07 Jan 2019 11:37:49 GMT
Server
Apache
Keep-Alive
timeout=5, max=97
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Mon, 07 Jan 2019 11:37:49 GMT
Server
Apache
Location
http://inkcreators.com/netflix.com-browse/pc/
Content-Length
253
Keep-Alive
timeout=5, max=98
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
a1.css
inkcreators.com/netflix.com-browse/pc/css/ 		123 KB
124 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://inkcreators.com/netflix.com-browse/pc/css/a1.css
Requested by
Host: inkcreators.com
URL: http://inkcreators.com/netflix.com-browse/pc/
Protocol
HTTP/1.1
Server
111.93.195.20 , India, ASN45820 (TTSL-MEISISP Tata Teleservices ISP AS, IN),
Reverse DNS
server1.websetready.com
Software
Apache /
Resource Hash
49060d84cc94b80f4971175583226cf78ca1bf52e68cc269202bdc89c4767de0

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
inkcreators.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://inkcreators.com/netflix.com-browse/pc/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://inkcreators.com/netflix.com-browse/pc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 07 Jan 2019 11:37:50 GMT
Last-Modified
Sat, 29 Dec 2018 21:59:06 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
126369
MA-fr-20181015-popsignuptwoweeks-perspective_alpha_website_large.jpg
inkcreators.com/netflix.com-browse/pc/img/ 		314 KB
314 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://inkcreators.com/netflix.com-browse/pc/img/MA-fr-20181015-popsignuptwoweeks-perspective_alpha_website_large.jpg
Requested by
Host: inkcreators.com
URL: http://inkcreators.com/netflix.com-browse/pc/
Protocol
HTTP/1.1
Server
111.93.195.20 , India, ASN45820 (TTSL-MEISISP Tata Teleservices ISP AS, IN),
Reverse DNS
server1.websetready.com
Software
Apache /
Resource Hash
f89cdc86d26ca35c39b7e7a32882d678c776ce2b69c4f89e36e7c16c52d21337

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
inkcreators.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://inkcreators.com/netflix.com-browse/pc/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://inkcreators.com/netflix.com-browse/pc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 07 Jan 2019 11:37:50 GMT
Last-Modified
Sat, 29 Dec 2018 21:59:06 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
321618
FB-f-Logo__blue_57.png
inkcreators.com/netflix.com-browse/pc/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://inkcreators.com/netflix.com-browse/pc/img/FB-f-Logo__blue_57.png
Requested by
Host: inkcreators.com
URL: http://inkcreators.com/netflix.com-browse/pc/
Protocol
HTTP/1.1
Server
111.93.195.20 , India, ASN45820 (TTSL-MEISISP Tata Teleservices ISP AS, IN),
Reverse DNS
server1.websetready.com
Software
Apache /
Resource Hash
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
inkcreators.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://inkcreators.com/netflix.com-browse/pc/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://inkcreators.com/netflix.com-browse/pc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 07 Jan 2019 11:37:51 GMT
Last-Modified
Sat, 29 Dec 2018 21:59:06 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1455
Ff516c03fcea9dba0f93c.html
e2b8u3v8.map2.ssl.hwcdn.net/dc/603151/12c/ Frame 03EB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://e2b8u3v8.map2.ssl.hwcdn.net/dc/603151/12c/Ff516c03fcea9dba0f93c.html
Requested by
Host: inkcreators.com
URL: http://inkcreators.com/netflix.com-browse/pc/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.197.3.7 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip0x007.map2.ssl.hwcdn.net
Software
/
Resource Hash

Request headers

Host
e2b8u3v8.map2.ssl.hwcdn.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://inkcreators.com/netflix.com-browse/pc/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://inkcreators.com/netflix.com-browse/pc/

Response headers

Date
Mon, 07 Jan 2019 11:37:53 GMT
Connection
Keep-Alive
Accept-Ranges
bytes
Cache-Control
max-age=333300
Content-Encoding
gzip
Content-Length
34111
Content-Type
text/html
Access-Control-Allow-Origin
*
X-HW
1546861073.dop005.pa1.t,1546861073.cds008.pa1.shn,1546861073.dop005.pa1.t,1546861073.cds010.pa1.c
__Bz3h5RzMx.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 19A3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://staticxx.facebook.com/connect/xd_arbiter/r/__Bz3h5RzMx.js?version=42
Requested by
Host: inkcreators.com
URL: http://inkcreators.com/netflix.com-browse/pc/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter/r/__Bz3h5RzMx.js?version=42
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
http://inkcreators.com/netflix.com-browse/pc/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://inkcreators.com/netflix.com-browse/pc/

Response headers

status
200
content-type
text/html; charset=utf-8
expires
Thu, 02 Jan 2020 20:07:39 GMT
cache-control
public,max-age=31536000,immutable
strict-transport-security
max-age=15552000; preload
content-encoding
br
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
expect-ct
max-age=86400, report-uri="http://reports.fb.com/expectct/"
x-fb-debug
65Pd4O/U/jE5yQGkk5QwjpJDTgFm0SPxlpEAizovM+7goZhrbIWrsnSyjp4SNJ1djXYsPuzvq02enNnXmEUMIA==
content-length
11960
date
Mon, 07 Jan 2019 11:37:53 GMT
web-search-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
video-search-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
google-images-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
google-translate-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
wikipedia-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
btn_settings@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 		0
0
facebook-share-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
twitter-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
pinterest-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
google-plus-center-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
linkedin-content@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ 		0
0
btn_settings@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 		0
0
dropToShareHint@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 		0
0
dropToSearchHint@2x.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ 		0
0
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ 		72 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
Requested by
Host: inkcreators.com
URL: http://inkcreators.com/netflix.com-browse/pc/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:297::33c4 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://inkcreators.com/netflix.com-browse/pc/css/a1.css
Origin
http://inkcreators.com

Response headers

date
Mon, 07 Jan 2019 11:37:53 GMT
last-modified
Mon, 29 Jan 2018 01:50:51 GMT
server
Apache
content-md5
fPYVbMSBJEtaJUNi17c/AA==
access-control-allow-origin
*
content-type
font/woff
status
200
cache-control
public, max-age=40119727
accept-ranges
bytes
content-length
73572
expires
Wed, 15 Apr 2020 20:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/web-search-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/video-search-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-images-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-translate-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/wikipedia-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/btn_settings@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/facebook-share-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/twitter-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/pinterest-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-plus-center-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/linkedin-content@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/btn_settings@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/dropToShareHint@2x.png
Domain
cipmepknanmbbaneimacddfemfbfgpgo
URL
chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/dropToSearchHint@2x.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

0 Cookies