![](/screenshots/234815fb-3c9c-465c-8d2e-9dc01dc7c277.png)
main.d78wmee5jqbvq.amplifyapp.com
Open in
urlscan Pro
13.33.174.32
Malicious Activity!
Public Scan
Submission: On April 05 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by Amazon RSA 2048 M01 on April 2nd 2023. Valid for: a year.
This is the only time main.d78wmee5jqbvq.amplifyapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 13.33.174.32 13.33.174.32 | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
19 | 3 |
ASN16509 (AMAZON-02, US)
PTR: server-13-33-174-32.nrt57.r.cloudfront.net
main.d78wmee5jqbvq.amplifyapp.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
amplifyapp.com
main.d78wmee5jqbvq.amplifyapp.com |
138 KB |
6 |
nflxext.com
assets.nflxext.com — Cisco Umbrella Rank: 3919 |
74 KB |
0 |
xostuff.top
Failed
xostuff.top Failed |
|
19 | 3 |
Domain | Requested by | |
---|---|---|
12 | main.d78wmee5jqbvq.amplifyapp.com |
main.d78wmee5jqbvq.amplifyapp.com
|
6 | assets.nflxext.com |
main.d78wmee5jqbvq.amplifyapp.com
|
0 | xostuff.top Failed |
main.d78wmee5jqbvq.amplifyapp.com
|
19 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.d78wmee5jqbvq.amplifyapp.com Amazon RSA 2048 M01 |
2023-04-02 - 2024-04-30 |
a year | crt.sh |
*.1.nflxso.net DigiCert Secure Site ECC CA-1 |
2023-03-20 - 2023-04-20 |
a month | crt.sh |
This page contains 1 frames:
Primary Page:
https://main.d78wmee5jqbvq.amplifyapp.com/index.html
Frame ID: 49F61A37214B803387CD6719E7A5A363
Requests: 19 HTTP requests in this frame
Screenshot
![](/screenshots/234815fb-3c9c-465c-8d2e-9dc01dc7c277.png)
Page Title
NetflixDetected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
animate.css (Web Frameworks) Expand
Detected patterns
- <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
![](/vendor/wappa/icons/React.png)
Detected patterns
- <[^>]+data-react
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
main.d78wmee5jqbvq.amplifyapp.com/ |
16 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
main.d78wmee5jqbvq.amplifyapp.com/assets/ |
147 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
main.d78wmee5jqbvq.amplifyapp.com/assets/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
warning.css
main.d78wmee5jqbvq.amplifyapp.com/assets/ |
107 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animate.css
main.d78wmee5jqbvq.amplifyapp.com/assets/ |
23 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
set1.css
main.d78wmee5jqbvq.amplifyapp.com/assets/ |
19 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.slim.min.js
main.d78wmee5jqbvq.amplifyapp.com/assets/ |
95 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tether.min.js
main.d78wmee5jqbvq.amplifyapp.com/assets/ |
24 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
main.d78wmee5jqbvq.amplifyapp.com/assets/ |
46 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
classie.js
main.d78wmee5jqbvq.amplifyapp.com/assets/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.CardValidator.js
main.d78wmee5jqbvq.amplifyapp.com/assets/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
12_11_2014_icon_visa_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
859 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10_18_2014_icon_master_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
833 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10_18_2014_icon_amex_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
525 B 844 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10_18_2014_icon_discovery_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
886 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_DinersClub_37x25.png
assets.nflxext.com/ffe/siteui/acquisition/payment/ |
843 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprites_cc_logos.png
main.d78wmee5jqbvq.amplifyapp.com/assets/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-88.woff
assets.nflxext.com/ffe/siteui/fonts/ |
69 KB 69 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
n1.png
xostuff.top/i/yts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- xostuff.top
- URL
- https://xostuff.top/i/yts/n1.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery function| Tether object| jQuery112205794484128863779 object| classie0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
main.d78wmee5jqbvq.amplifyapp.com
xostuff.top
xostuff.top
13.33.174.32
2a00:86c0:2090::1
0555e97a478db1d29ddcd65723e58940b5c606c76732aa8720826407ce33aa6e
4958e4d47607004834b13d3c29d91f8c15b2ab2c488a15d9745a039e970f0bf3
4a88ff658a9d3fd4f4f160a326c1f4af263e92ae06d14cf190aacfbb0158dcc4
694668a605f294bff15137923aadc4576ef0fbc158f035e1bcedf521a6cf1fd8
7428226116458939688f6ddde1465ee479600dca4066272a28272d2501f35860
7d3ed5e7e4c4aafe8c1f5d004e7eee33b5887117d2125848352a2cda86dd7ed0
7ed65da4bcdc5f0f68d20f2b489f2f1e4df6d5b1235ece01afd24624126be504
80aa5497ff31b2c001474d9432f0853c11d200a67ea4f9852ab2f7ee2fedd9c2
80bd626eb6d57112072a508ee4e5ce3c2fe5673fe0a5d029810033b24aaa5e9f
813476b0d963b74f5992b3feae7710e3be15826156c10eff208194612a839199
8802adf5641c1056fcf4feeeabb83be1b1e3724d9b460cecc791dfdd6422bc3b
a47f9feda7682c5085fa780e2560144c5bc70caa592a8d1a345a852948efa94a
aebf611c1438dc7ec748e9a6364c734066b34bf2a1c7e2fc6511ed784635b50e
ba892f7903e737d06c952be4ed3266746ed5e1090377fbc5d2ac975626c4533a
be8a08d52cc6572cea38bc7fdd7a07e496f66a4f3dd05e1916d1349abb69ffd6
c4ea9310d72e37fe799d48ae3fc43dcb53e3db7c4ae13763d4c5b893f6ceb64b
cc5859d74f8cde62e1cdeeea341f85f9725d4f4398f58203aa1e5080faf1685a
fa421b6ebbd2fb474d3a3866409ce6c1efd120b47ff256fffb8f8f50d556d3d9