main.d78wmee5jqbvq.amplifyapp.com Open in urlscan Pro
13.33.174.32 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://main.d78wmee5jqbvq.amplifyapp.com/index.html
Submission: On April 05 via api (April 5th 2023, 6:21:09 am UTC) from JP — Scanned from JP

Summary HTTP 19 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 19 HTTP transactions. The main IP is 13.33.174.32, located in United States and belongs to AMAZON-02, US. The main domain is main.d78wmee5jqbvq.amplifyapp.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on April 2nd 2023. Valid for: a year.

This is the only time main.d78wmee5jqbvq.amplifyapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address		AS Autonomous System
12	13.33.174.32 13.33.174.32		16509 (AMAZON-02) (AMAZON-02)
6	2a00:86c0:209... 2a00:86c0:2090::1		40027 (NETFLIX-ASN) (NETFLIX-ASN)
19	3

12 13.33.174.32 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-174-32.nrt57.r.cloudfront.net

main.d78wmee5jqbvq.amplifyapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:86c0:2090::1 (United States)

ASN40027 (NETFLIX-ASN, US)

assets.nflxext.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	amplifyapp.com main.d78wmee5jqbvq.amplifyapp.com	138 KB
6	nflxext.com assets.nflxext.com — Cisco Umbrella Rank: 3919	74 KB
0	xostuff.top Failed xostuff.top Failed
19	3

	Domain	Requested by
12	main.d78wmee5jqbvq.amplifyapp.com	main.d78wmee5jqbvq.amplifyapp.com
6	assets.nflxext.com	main.d78wmee5jqbvq.amplifyapp.com
0	xostuff.top Failed	main.d78wmee5jqbvq.amplifyapp.com
19	3

This site contains no links.

Subject Issuer	Validity	Valid
*.d78wmee5jqbvq.amplifyapp.com Amazon RSA 2048 M01	`2023-04-02` - `2024-04-30`	a year	crt.sh
*.1.nflxso.net DigiCert Secure Site ECC CA-1	`2023-03-20` - `2023-04-20`	a month	crt.sh

This page contains 1 frames:

Primary Page: https://main.d78wmee5jqbvq.amplifyapp.com/index.html
Frame ID: 49F61A37214B803387CD6719E7A5A363
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Netflix

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

95 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

212 kB
Transfer

612 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response main.d78wmee5jqbvq.amplifyapp.com/	16 KB 3 KB	289ms 268ms	Document text/html	13.33.174.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://main.d78wmee5jqbvq.amplifyapp.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.174.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-174-32.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash `0555e97a478db1d29ddcd65723e58940b5c606c76732aa8720826407ce33aa6e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers cache-control public, max-age=0, s-maxage=2 content-encoding gzip content-type text/html date Wed, 05 Apr 2023 06:21:05 GMT etag W/"f7cb72382639b261bfd670f67acad67d" last-modified Mon, 03 Apr 2023 22:58:27 GMT server AmazonS3 vary Accept-Encoding via 1.1 62c43884c965f87176688b6ced39f190.cloudfront.net (CloudFront) x-amz-cf-id qVgWtlUOhwPQwJbeh0OoqwkJyaH0QYBqeAhxUw8uGImwe_fP3VHOsA== x-amz-cf-pop NRT57-C2 x-amz-server-side-encryption AES256 x-cache Miss from cloudfront
GET H2	200	bootstrap.min.css main.d78wmee5jqbvq.amplifyapp.com/assets/	147 KB 20 KB	333ms 331ms	Stylesheet text/css	13.33.174.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://main.d78wmee5jqbvq.amplifyapp.com/assets/bootstrap.min.css Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.174.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-174-32.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash `aebf611c1438dc7ec748e9a6364c734066b34bf2a1c7e2fc6511ed784635b50e` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Wed, 05 Apr 2023 06:21:06 GMT content-encoding gzip via 1.1 62c43884c965f87176688b6ced39f190.cloudfront.net (CloudFront) last-modified Mon, 03 Apr 2023 22:58:27 GMT server AmazonS3 x-amz-cf-pop NRT57-C2 x-amz-server-side-encryption AES256 etag W/"7e923ad223e9f33e54d22e50cf2bcce5" vary Accept-Encoding x-cache Miss from cloudfront content-type text/css cache-control public, max-age=0, s-maxage=2 x-amz-cf-id qV3JaR37qbAI3HHJJhe79_SvmTBz6TDn9rhvi0DTTUxpwg9FoLwTXQ==
GET H2	200	font-awesome.min.css main.d78wmee5jqbvq.amplifyapp.com/assets/	30 KB 7 KB	319ms 317ms	Stylesheet text/css	13.33.174.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://main.d78wmee5jqbvq.amplifyapp.com/assets/font-awesome.min.css Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.174.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-174-32.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash `7d3ed5e7e4c4aafe8c1f5d004e7eee33b5887117d2125848352a2cda86dd7ed0` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Wed, 05 Apr 2023 06:21:06 GMT content-encoding gzip via 1.1 62c43884c965f87176688b6ced39f190.cloudfront.net (CloudFront) last-modified Mon, 03 Apr 2023 22:58:27 GMT server AmazonS3 x-amz-cf-pop NRT57-C2 x-amz-server-side-encryption AES256 etag W/"e3ebba79b75f208175ca015ee6d116c1" vary Accept-Encoding x-cache Miss from cloudfront content-type text/css cache-control public, max-age=0, s-maxage=2 x-amz-cf-id 85KGFuGV0yHdBERXU-vTV2Dd_HDE3LQanvVIPJWJmhzTHFfltn8x1g==
GET H2	200	warning.css main.d78wmee5jqbvq.amplifyapp.com/assets/	107 KB 19 KB	313ms 311ms	Stylesheet text/css	13.33.174.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://main.d78wmee5jqbvq.amplifyapp.com/assets/warning.css Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.174.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-174-32.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash `4a88ff658a9d3fd4f4f160a326c1f4af263e92ae06d14cf190aacfbb0158dcc4` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Wed, 05 Apr 2023 06:21:06 GMT content-encoding gzip via 1.1 62c43884c965f87176688b6ced39f190.cloudfront.net (CloudFront) last-modified Mon, 03 Apr 2023 22:58:27 GMT server AmazonS3 x-amz-cf-pop NRT57-C2 x-amz-server-side-encryption AES256 etag W/"c6c19c0a33d7570ec9ac612110b9fe3e" vary Accept-Encoding x-cache Miss from cloudfront content-type text/css cache-control public, max-age=0, s-maxage=2 x-amz-cf-id -3qTAARjfq_RMCEjtIRKoN4vAG9pu9rauuYT3jEwIQp9WzWZSdWeSQ==
GET H2	200	animate.css main.d78wmee5jqbvq.amplifyapp.com/assets/	23 KB 3 KB	326ms 325ms	Stylesheet text/css	13.33.174.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://main.d78wmee5jqbvq.amplifyapp.com/assets/animate.css Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.174.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-174-32.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash `80aa5497ff31b2c001474d9432f0853c11d200a67ea4f9852ab2f7ee2fedd9c2` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Wed, 05 Apr 2023 06:21:06 GMT content-encoding gzip via 1.1 62c43884c965f87176688b6ced39f190.cloudfront.net (CloudFront) last-modified Mon, 03 Apr 2023 22:58:27 GMT server AmazonS3 x-amz-cf-pop NRT57-C2 x-amz-server-side-encryption AES256 etag W/"57db4a2811f951ff841fb4f77220d95b" vary Accept-Encoding x-cache Miss from cloudfront content-type text/css cache-control public, max-age=0, s-maxage=2 x-amz-cf-id z2kYL_rNFmf9w9UMFOVaBN_8HBqZ-GfSnCxDl0w07_rKMlmv-yNUdg==
GET H2	200	set1.css main.d78wmee5jqbvq.amplifyapp.com/assets/	19 KB 3 KB	209ms 208ms	Stylesheet text/css	13.33.174.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://main.d78wmee5jqbvq.amplifyapp.com/assets/set1.css Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.174.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-174-32.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash `7428226116458939688f6ddde1465ee479600dca4066272a28272d2501f35860` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Wed, 05 Apr 2023 06:21:06 GMT content-encoding gzip via 1.1 62c43884c965f87176688b6ced39f190.cloudfront.net (CloudFront) last-modified Mon, 03 Apr 2023 22:58:27 GMT server AmazonS3 x-amz-cf-pop NRT57-C2 x-amz-server-side-encryption AES256 etag W/"4e804a7b27061a7759d8df5fe6b9a591" vary Accept-Encoding x-cache Miss from cloudfront content-type text/css cache-control public, max-age=0, s-maxage=2 x-amz-cf-id vbxUhRJurEcb6fTY5b-pFUCKQ5zkJ1t8Tq5upBeLJ4PLwb4QKrAD_g==
GET H2	200	jquery-3.1.1.slim.min.js Show response main.d78wmee5jqbvq.amplifyapp.com/assets/	95 KB 34 KB	297ms 296ms	Script application/javascript	13.33.174.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://main.d78wmee5jqbvq.amplifyapp.com/assets/jquery-3.1.1.slim.min.js Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.174.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-174-32.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash `be8a08d52cc6572cea38bc7fdd7a07e496f66a4f3dd05e1916d1349abb69ffd6` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Wed, 05 Apr 2023 06:21:06 GMT content-encoding gzip via 1.1 62c43884c965f87176688b6ced39f190.cloudfront.net (CloudFront) last-modified Mon, 03 Apr 2023 22:58:27 GMT server AmazonS3 x-amz-cf-pop NRT57-C2 x-amz-server-side-encryption AES256 etag W/"16dbfdcfe887ad42357b0f2e69d3af62" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript cache-control public, max-age=0, s-maxage=2 x-amz-cf-id 9z8o2YnwacU_5VFeA_vO6BRQioaQncxjHvNK2PovR-i9Z4UUGKBzvA==
GET H2	200	tether.min.js Show response main.d78wmee5jqbvq.amplifyapp.com/assets/	24 KB 8 KB	243ms 242ms	Script application/javascript	13.33.174.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://main.d78wmee5jqbvq.amplifyapp.com/assets/tether.min.js Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.174.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-174-32.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash `80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Wed, 05 Apr 2023 06:21:06 GMT content-encoding gzip via 1.1 62c43884c965f87176688b6ced39f190.cloudfront.net (CloudFront) last-modified Mon, 03 Apr 2023 22:58:27 GMT server AmazonS3 x-amz-cf-pop NRT57-C2 x-amz-server-side-encryption AES256 etag W/"ecdfd3dc464ceda5f483bb5c96a6e3d2" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript cache-control public, max-age=0, s-maxage=2 x-amz-cf-id Gq29HYHsU_v-99TyKYQl2rKZVmkHIwYYprHZ3FieCy0t1vz32jShmQ==
GET H2	200	bootstrap.min.js Show response main.d78wmee5jqbvq.amplifyapp.com/assets/	46 KB 12 KB	284ms 283ms	Script application/javascript	13.33.174.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://main.d78wmee5jqbvq.amplifyapp.com/assets/bootstrap.min.js Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.174.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-174-32.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash `fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Wed, 05 Apr 2023 06:21:06 GMT content-encoding gzip via 1.1 62c43884c965f87176688b6ced39f190.cloudfront.net (CloudFront) last-modified Mon, 03 Apr 2023 22:58:27 GMT server AmazonS3 x-amz-cf-pop NRT57-C2 x-amz-server-side-encryption AES256 etag W/"0827a0bdcd9a917990eee461a77dd33e" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript cache-control public, max-age=0, s-maxage=2 x-amz-cf-id PBtp2Fmr2qp3o2cqo_sObK443LnrQn-qHxZ_E3hsHaldo22it6Wc1Q==
GET H2	200	classie.js Show response main.d78wmee5jqbvq.amplifyapp.com/assets/	2 KB 1 KB	276ms 276ms	Script application/javascript	13.33.174.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://main.d78wmee5jqbvq.amplifyapp.com/assets/classie.js Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.174.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-174-32.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash `c4ea9310d72e37fe799d48ae3fc43dcb53e3db7c4ae13763d4c5b893f6ceb64b` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Wed, 05 Apr 2023 06:21:06 GMT content-encoding gzip via 1.1 62c43884c965f87176688b6ced39f190.cloudfront.net (CloudFront) last-modified Mon, 03 Apr 2023 22:58:27 GMT server AmazonS3 x-amz-cf-pop NRT57-C2 x-amz-server-side-encryption AES256 etag W/"70fc7d9e10c107d1e20326108f5f5e1f" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript cache-control public, max-age=0, s-maxage=2 x-amz-cf-id US9LYNK1g7MKUD9yCzQSoCWpgzUMN7Th8ZBbgyKkblZe3NT2XlkV5g==
GET H2	200	jquery.CardValidator.js Show response main.d78wmee5jqbvq.amplifyapp.com/assets/	6 KB 2 KB	309ms 309ms	Script application/javascript	13.33.174.32 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://main.d78wmee5jqbvq.amplifyapp.com/assets/jquery.CardValidator.js Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.174.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-174-32.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash `8802adf5641c1056fcf4feeeabb83be1b1e3724d9b460cecc791dfdd6422bc3b` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Wed, 05 Apr 2023 06:21:06 GMT content-encoding gzip via 1.1 62c43884c965f87176688b6ced39f190.cloudfront.net (CloudFront) last-modified Mon, 03 Apr 2023 22:58:27 GMT server AmazonS3 x-amz-cf-pop NRT57-C2 x-amz-server-side-encryption AES256 etag W/"27c724fa448269f77118494361b0fc0c" vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript cache-control public, max-age=0, s-maxage=2 x-amz-cf-id I8X2R7exT1PDDjITfYeXA1EilO5ACPcjUSmNJLp3ogVCeqrq0hDq_Q==
GET H/1.1	200 OK	12_11_2014_icon_visa_37x25.png assets.nflxext.com/ffe/siteui/acquisition/payment/	859 B 1 KB	13ms 5ms	Image image/png	2a00:86c0:2090::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/ffe/siteui/acquisition/payment/12_11_2014_icon_visa_37x25.png Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/assets/set1.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `7ed65da4bcdc5f0f68d20f2b489f2f1e4df6d5b1235ece01afd24624126be504` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Wed, 05 Apr 2023 06:21:05 GMT Last-Modified Wed, 10 Jul 2019 23:52:28 GMT Server nginx Content-MD5 InDyhjoqaXrupmtM5xGKHA== Content-Type image/png Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 859 Expires Wed, 12 Apr 2023 06:21:06 GMT
GET H/1.1	200 OK	10_18_2014_icon_master_37x25.png assets.nflxext.com/ffe/siteui/acquisition/payment/	833 B 1 KB	317ms 309ms	Image image/png	2a00:86c0:2090::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/ffe/siteui/acquisition/payment/10_18_2014_icon_master_37x25.png Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/assets/set1.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `4958e4d47607004834b13d3c29d91f8c15b2ab2c488a15d9745a039e970f0bf3` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Wed, 05 Apr 2023 06:21:05 GMT Last-Modified Wed, 10 Jul 2019 23:52:28 GMT Server nginx Content-MD5 xwSU1ALetVNBhYpdQPEPWw== Content-Type image/png Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 833 Expires Wed, 12 Apr 2023 06:21:06 GMT
GET H/1.1	200 OK	10_18_2014_icon_amex_37x25.png assets.nflxext.com/ffe/siteui/acquisition/payment/	525 B 844 B	9ms 2ms	Image image/png	2a00:86c0:2090::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/ffe/siteui/acquisition/payment/10_18_2014_icon_amex_37x25.png Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/assets/set1.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `cc5859d74f8cde62e1cdeeea341f85f9725d4f4398f58203aa1e5080faf1685a` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Wed, 05 Apr 2023 06:21:05 GMT Last-Modified Wed, 10 Jul 2019 23:52:28 GMT Server nginx Content-MD5 XUIHbO4+/oKKw/K3EvF4SA== Content-Type image/png Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 525 Expires Wed, 12 Apr 2023 06:21:06 GMT
GET H/1.1	200 OK	10_18_2014_icon_discovery_37x25.png assets.nflxext.com/ffe/siteui/acquisition/payment/	886 B 1 KB	408ms 400ms	Image image/png	2a00:86c0:2090::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/ffe/siteui/acquisition/payment/10_18_2014_icon_discovery_37x25.png Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/assets/set1.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `694668a605f294bff15137923aadc4576ef0fbc158f035e1bcedf521a6cf1fd8` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Wed, 05 Apr 2023 06:21:05 GMT Last-Modified Wed, 10 Jul 2019 23:52:28 GMT Server nginx Content-MD5 ZQtXvGUVzsBCsNsR/RE3lA== Content-Type image/png Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 886 Expires Wed, 12 Apr 2023 06:21:06 GMT
GET H/1.1	200 OK	icon_DinersClub_37x25.png assets.nflxext.com/ffe/siteui/acquisition/payment/	843 B 1 KB	95ms 88ms	Image image/png	2a00:86c0:2090::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://assets.nflxext.com/ffe/siteui/acquisition/payment/icon_DinersClub_37x25.png Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/assets/set1.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `813476b0d963b74f5992b3feae7710e3be15826156c10eff208194612a839199` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Wed, 05 Apr 2023 06:21:05 GMT Last-Modified Wed, 10 Jul 2019 23:52:28 GMT Server nginx Content-MD5 8EO5c748GLMeTdeKaWvukA== Content-Type image/png Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 843 Expires Wed, 12 Apr 2023 06:21:06 GMT
GET H2	200	sprites_cc_logos.png main.d78wmee5jqbvq.amplifyapp.com/assets/	24 KB 24 KB	228ms 227ms	Image image/png	13.33.174.32 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://main.d78wmee5jqbvq.amplifyapp.com/assets/sprites_cc_logos.png Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.174.32 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-174-32.nrt57.r.cloudfront.net Software AmazonS3 / Resource Hash `a47f9feda7682c5085fa780e2560144c5bc70caa592a8d1a345a852948efa94a` Request headers accept-language jp-JP,jp;q=0.9 Referer https://main.d78wmee5jqbvq.amplifyapp.com/index.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers date Wed, 05 Apr 2023 06:21:06 GMT via 1.1 62c43884c965f87176688b6ced39f190.cloudfront.net (CloudFront) last-modified Mon, 03 Apr 2023 22:58:27 GMT server AmazonS3 x-amz-cf-pop NRT57-C2 etag "0cc5525016888556c3fb82f2cdab246a" x-amz-server-side-encryption AES256 x-cache Miss from cloudfront content-type image/png cache-control public, max-age=0, s-maxage=2 accept-ranges bytes content-length 24180 x-amz-cf-id HUA3Vx4gKbYfVegULylBD6KAIjPG-WrgmbnDl4IEcpXJ3izvQ-TbFA==
GET H/1.1	200 OK	nf-icon-v1-88.woff assets.nflxext.com/ffe/siteui/fonts/	69 KB 69 KB	96ms 90ms	Font font/woff	2a00:86c0:2090::1 NETFLIX-ASN
General Check archive.org Show headers Download Go to Full URL https://assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-88.woff Requested by Host: main.d78wmee5jqbvq.amplifyapp.com URL: https://main.d78wmee5jqbvq.amplifyapp.com/assets/warning.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2a00:86c0:2090::1 , United States, ASN40027 (NETFLIX-ASN, US), Reverse DNS Software nginx / Resource Hash `ba892f7903e737d06c952be4ed3266746ed5e1090377fbc5d2ac975626c4533a` Request headers Referer https://main.d78wmee5jqbvq.amplifyapp.com/ Origin https://main.d78wmee5jqbvq.amplifyapp.com accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36 Response headers Date Wed, 05 Apr 2023 06:21:05 GMT Last-Modified Fri, 27 Jan 2017 22:53:52 GMT Server nginx Content-MD5 ezBCotj2o1GiKPEVK1YDAg== Content-Type font/woff Access-Control-Allow-Origin * Cache-Control max-age=604801 Connection keep-alive Accept-Ranges bytes Content-Length 70204 Expires Wed, 12 Apr 2023 06:21:06 GMT
GET		n1.png xostuff.top/i/yts/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: xostuff.top
URL: https://xostuff.top/i/yts/n1.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery function| Tether object| jQuery112205794484128863779 object| classie

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://main.d78wmee5jqbvq.amplifyapp.com/index.html Message: Mixed Content: The page at 'https://main.d78wmee5jqbvq.amplifyapp.com/index.html' was loaded over HTTPS, but requested an insecure element 'http://xostuff.top/i/yts/n1.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
network	error	URL: https://xostuff.top/i/yts/n1.png Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nflxext.com
main.d78wmee5jqbvq.amplifyapp.com
xostuff.top
xostuff.top
13.33.174.32
2a00:86c0:2090::1
0555e97a478db1d29ddcd65723e58940b5c606c76732aa8720826407ce33aa6e
4958e4d47607004834b13d3c29d91f8c15b2ab2c488a15d9745a039e970f0bf3
4a88ff658a9d3fd4f4f160a326c1f4af263e92ae06d14cf190aacfbb0158dcc4
694668a605f294bff15137923aadc4576ef0fbc158f035e1bcedf521a6cf1fd8
7428226116458939688f6ddde1465ee479600dca4066272a28272d2501f35860
7d3ed5e7e4c4aafe8c1f5d004e7eee33b5887117d2125848352a2cda86dd7ed0
7ed65da4bcdc5f0f68d20f2b489f2f1e4df6d5b1235ece01afd24624126be504
80aa5497ff31b2c001474d9432f0853c11d200a67ea4f9852ab2f7ee2fedd9c2
80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f
813476b0d963b74f5992b3feae7710e3be15826156c10eff208194612a839199
8802adf5641c1056fcf4feeeabb83be1b1e3724d9b460cecc791dfdd6422bc3b
a47f9feda7682c5085fa780e2560144c5bc70caa592a8d1a345a852948efa94a
aebf611c1438dc7ec748e9a6364c734066b34bf2a1c7e2fc6511ed784635b50e
ba892f7903e737d06c952be4ed3266746ed5e1090377fbc5d2ac975626c4533a
be8a08d52cc6572cea38bc7fdd7a07e496f66a4f3dd05e1916d1349abb69ffd6
c4ea9310d72e37fe799d48ae3fc43dcb53e3db7c4ae13763d4c5b893f6ceb64b
cc5859d74f8cde62e1cdeeea341f85f9725d4f4398f58203aa1e5080faf1685a
fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9