amazingconsumerdeals.xyz
Open in
urlscan Pro
2606:4700:3033::681f:4e85
Malicious Activity!
Public Scan
Effective URL: https://amazingconsumerdeals.xyz/vod/7/?clickid=1601312907&h=1043087159417024504&f=880619659117986880&ffn=1042338815568354109&r=B...
Submission: On September 28 via manual from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 27th 2020. Valid for: a year.
This is the only time amazingconsumerdeals.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 47.242.139.4 47.242.139.4 | 45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co.) | |
1 | 212.7.204.100 212.7.204.100 | 60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands) | |
1 1 | 216.189.51.65 216.189.51.65 | 6921 (ARACHNITEC) (ARACHNITEC) | |
1 1 | 2606:4700:303... 2606:4700:3030::ac43:8419 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
15 | 2606:4700:303... 2606:4700:3033::681f:4e85 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::2003 | 15169 (GOOGLE) (GOOGLE) | |
17 | 3 |
ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)
sw8x.info |
ASN6921 (ARACHNITEC, US)
PTR: 216-189-51-65.for-global-telecom.com
go.dejeconia.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
amazingconsumerdeals.xyz
amazingconsumerdeals.xyz |
323 KB |
1 |
gstatic.com
www.gstatic.com |
2 KB |
1 |
ondemandvideo.monster
1 redirects
1.ondemandvideo.monster |
907 B |
1 |
dejeconia.com
1 redirects
go.dejeconia.com |
335 B |
1 |
rdtk.io
jtuzd.rdtk.io |
826 B |
1 |
sw8x.info
1 redirects
sw8x.info |
200 B |
17 | 6 |
Domain | Requested by | |
---|---|---|
15 | amazingconsumerdeals.xyz |
amazingconsumerdeals.xyz
|
1 | www.gstatic.com |
amazingconsumerdeals.xyz
|
1 | 1.ondemandvideo.monster | 1 redirects |
1 | go.dejeconia.com | 1 redirects |
1 | jtuzd.rdtk.io | |
1 | sw8x.info | 1 redirects |
17 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
1.ondemandvideo.monster |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.rdtk.io GoGetSSL RSA DV CA |
2020-05-19 - 2021-08-17 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-09-27 - 2021-09-27 |
a year | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-09-03 - 2020-11-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://amazingconsumerdeals.xyz/vod/7/?clickid=1601312907&h=1043087159417024504&f=880619659117986880&ffn=1042338815568354109&r=Bayern&b=Hetzner%20online%20ag&d=1.ondemandvideo.monster
Frame ID: 1B61FEFF6170AB901DC049368A35048A
Requests: 17 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://sw8x.info/czAeG15ttW
HTTP 302
https://jtuzd.rdtk.io/5f70d955a490370001785f87?thru=thru Page URL
-
http://go.dejeconia.com/ts5603-sms-vod-us?clickid=5f72188b5e8af10001452e8c&thru=thru
HTTP 302
https://1.ondemandvideo.monster/?flux_fts=oozptaplattcaopoozeltxiioqtaacaccxlpia83c8&flux_cost=&clickid=1601... HTTP 307
https://amazingconsumerdeals.xyz/vod/7/?clickid=1601312907&h=1043087159417024504&f=880619659117986880&ffn=104... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: RESTART MEMBERSHIP & ACTIVATE BONUS
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://sw8x.info/czAeG15ttW
HTTP 302
https://jtuzd.rdtk.io/5f70d955a490370001785f87?thru=thru Page URL
-
http://go.dejeconia.com/ts5603-sms-vod-us?clickid=5f72188b5e8af10001452e8c&thru=thru
HTTP 302
https://1.ondemandvideo.monster/?flux_fts=oozptaplattcaopoozeltxiioqtaacaccxlpia83c8&flux_cost=&clickid=1601312907.73-172980605-55447-&zone_id=ts5603-sms-vod-us&category_id=&keyword=&campaign_id= HTTP 307
https://amazingconsumerdeals.xyz/vod/7/?clickid=1601312907&h=1043087159417024504&f=880619659117986880&ffn=1042338815568354109&r=Bayern&b=Hetzner%20online%20ag&d=1.ondemandvideo.monster Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://sw8x.info/czAeG15ttW HTTP 302
- https://jtuzd.rdtk.io/5f70d955a490370001785f87?thru=thru
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
5f70d955a490370001785f87
jtuzd.rdtk.io/ Redirect Chain
|
229 B 826 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
amazingconsumerdeals.xyz/vod/7/ Redirect Chain
|
17 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
amazingconsumerdeals.xyz/vod/7/extras/ |
5 KB 665 B |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
amazingconsumerdeals.xyz/vod/7/extras/ |
33 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translateelement.css
amazingconsumerdeals.xyz/vod/7/extras/ |
18 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translateelement(1).css
amazingconsumerdeals.xyz/vod/7/extras/ |
18 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mov.png
amazingconsumerdeals.xyz/vod/7/extras/ |
445 B 547 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
film.png
amazingconsumerdeals.xyz/vod/7/extras/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img-product.png
amazingconsumerdeals.xyz/vod/7/extras/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
amazingconsumerdeals.xyz/vod/7/extras/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
svg4everybody.min.js
amazingconsumerdeals.xyz/vod/7/extras/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
init.js
amazingconsumerdeals.xyz/vod/7/extras/ |
3 KB 711 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate_24dp.png
amazingconsumerdeals.xyz/vod/7/extras/ |
825 B 946 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate_24dp(1).png
amazingconsumerdeals.xyz/vod/7/extras/ |
825 B 963 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.svg
amazingconsumerdeals.xyz/vod/7/icons/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg.jpg
amazingconsumerdeals.xyz/vod/7/extras/ |
259 KB 259 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate_24dp.png
www.gstatic.com/images/branding/product/2x/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| $ function| jQuery function| svg4everybody1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.amazingconsumerdeals.xyz/ | Name: __cfduid Value: d498490e1bc342e0eac39b3f4e81c33e11601312908 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1.ondemandvideo.monster
amazingconsumerdeals.xyz
go.dejeconia.com
jtuzd.rdtk.io
sw8x.info
www.gstatic.com
212.7.204.100
216.189.51.65
2606:4700:3030::ac43:8419
2606:4700:3033::681f:4e85
2a00:1450:4001:800::2003
47.242.139.4
0a010f06947df03de3f279725360db238bd1ba602755372619555595b8133e35
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
3be2c8f23f4c5677593d5c88b76a3cddbcab7366dd48653dfa938f8dec11ea90
5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30
6149f95c1ebdde5391898e22a79821a810336f6bd74318291b4f49f23fbf0fa8
7458cc5c8e6464162d23320632e69d0b17de0b4631105cbe5698d56b028c040b
7f3b5813af08639f509729cbb27b1a04d96943fd26f9310cd253d046f3334702
9137b33ceb0e8b966c5942abeff0ff11670e36afe176b73480fc24e7f214632d
926a20f4394efdadb76a3cffeb3f3b715e7031f900b96a39d2e2237710619085
99b27633e72d0a0efc23402c62b01cc0ec5ff40821cd1a84c89a1ef31773612d
b41875aa6c964e770eb0047c1f976c6f944c636a46720d95c482d6c6500ca22d
cdbb8bd903dd6fe325ab434193200da2111679906e51c2fcfc3175dde5c65708
f93fd6abb99840aa0cfaac88c244026841f87817c0950d92e854770f1038f1bb
fa2a1e02deae00f97df4390c1da0883a4ce4907a1255a5473715322d36e4654d