0/100

critical Risk

dmca-takedown.info

https://dmca-takedown.info/

104.21.31.92 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

1 day ⚠

HTTP

200 · 21.1s

SSL

Valid· E7, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Yоutubе | Copyright strikes"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Google

Vendors

23/30

Status

partial

✗ microsoft✓ yandex✓ eset✓ sophos✓ apple✓ isitphish✓ openphish✓ netcraft✓ apwg✓ emsisoft✓ cisa✓ phishreport✓ urlquery✓ urlscan✓ spamhaus✗ norton✗ brightcloud✗ avast✓ polyswarm✓ virustotal✓ drweb✓ phishtank✗ urlabuse✓ kaspersky✗ bitdefender✗ avg✓ mcafee✓ google✓ threatyeti✓ fortiguard

KB/IOK Matches (1)Apr 13, 2026, 12:22 AM UTC

youtube-alt-DMCA-kit

youtube-alt-dmca-kit

high

Directives: skipAi, skipUnblocker, skipMobileVariant

Google

Unknown

Technology · 4/15/2026

Summary

The page presents YouTube branding in the screenshot (YouTube logo and wording) suggesting impersonation of YouTube. The domain Google is a very new domain (1 day old) and hosts a SPA-like page that appears to clone a YouTube-themed interface for copyright/status checks. There is no direct credential harvesting visible in static HTML, but dynamic JavaScript renders forms; observed POST endpoints to /cdn-cgi/rum and /api/log-visit indicate data collection. The domain does not appear to be the official YouTube domain, signaling potential phishing/brand impersonation based on the visual cues and domain mismatch.

Evidence Summary

▸Observed 2 capture stage(s); canonical stage is settled_render.

▸POST targets observed during capture: https://dmca-takedown.info/cdn-cgi/rum?, https://dmca-takedown.info/api/log-visit.

▸Distinctive asset clues: main.e4511ad0.js, v8c78df7c7c0f484497ecbca7046644da1771523124516, main.46704562.css, css2, bg.png, logo.svg.

Capture

Stages: 2

Canonical: Settled Render

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 16

Hosts: 4

Domains: 4

Suspicious Endpoints

hxxps://dmca-takedown[.]info/api/workers

hxxps://dmca-takedown[.]info/api/log-visit

Attack Techniques (3)

Brand impersonation via visual cloning (YouTube branding) on a non-official domainSPA-driven credential collection risk due to dynamic form rendering in JavaScriptData exfiltration endpoints observed (api/log-visit) suggesting visitor tracking

Indicators of Compromise (1)

▸Static HTML contains zero forms; SPA-rendered credential UI inferred from JS assets

Risk AssessmentUsed in abuse reports

The site Google uses YouTube-inspired branding on a brand-new domain, with SPA-delivered UI that likely renders credential capture elements. The presence of data-logging endpoints (api/log-visit) and a suspicious post to /cdn-cgi/rum? combined with an unfamiliar brand name and recent domain creation strongly suggests an impersonation/credential harvesting setup. While the static HTML shows no visible login form, the SPA architecture and observed network activity warrant treating this as a high-risk phishing impersonation attempt. Recommend block and further investigation with the registrar and hosting provider to determine ownership and takedown if misrepresentation is confirmed.

Recommended Action

Suspend Domain

Cross-Reference9

URL Intelligence