netflix-clone-259b9.firebaseapp.com
Open in
urlscan Pro
2620:0:890::100
Malicious Activity!
Public Scan
Submission: On August 11 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1D4 on July 10th 2023. Valid for: 3 months.
This is the only time netflix-clone-259b9.firebaseapp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
1 | 2620:0:862:ed... 2620:0:862:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
1 | 8.241.123.250 8.241.123.250 | 3356 (LEVEL3) (LEVEL3) | |
5 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
firebaseapp.com
netflix-clone-259b9.firebaseapp.com |
200 KB |
1 |
futurecdn.net
cdn.mos.cms.futurecdn.net — Cisco Umbrella Rank: 14725 |
230 KB |
1 |
wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 3397 |
32 KB |
5 | 3 |
Domain | Requested by | |
---|---|---|
3 | netflix-clone-259b9.firebaseapp.com |
netflix-clone-259b9.firebaseapp.com
|
1 | cdn.mos.cms.futurecdn.net |
netflix-clone-259b9.firebaseapp.com
|
1 | upload.wikimedia.org | |
5 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
firebaseapp.com GTS CA 1D4 |
2023-07-10 - 2023-10-08 |
3 months | crt.sh |
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-10-27 - 2023-11-17 |
a year | crt.sh |
*.futurecdn.net DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-06-08 - 2024-07-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://netflix-clone-259b9.firebaseapp.com/
Frame ID: FAFBC0295F5C6F992B31BE13EF0D7E22
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
netflix-clone-259b9.firebaseapp.com/ |
650 B 619 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.81b4e55b.js
netflix-clone-259b9.firebaseapp.com/static/js/ |
902 KB 198 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.bbb5a6ab.css
netflix-clone-259b9.firebaseapp.com/static/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Logonetflix.png
upload.wikimedia.org/wikipedia/commons/7/7a/ |
32 KB 32 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rDJegQJaCyGaYysj2g5XWY.jpg
cdn.mos.cms.futurecdn.net/ |
229 KB 230 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| webpackChunknetflix0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.mos.cms.futurecdn.net
netflix-clone-259b9.firebaseapp.com
upload.wikimedia.org
2620:0:862:ed1a::2:b
2620:0:890::100
8.241.123.250
690c7522c9b245b1bd0d488f644d6c89cc2d558344c9d5f4e7c522c89f743c3c
773faee4762078bf6d870808fad4283ecb489d977b0adedbd409f5226ee74fd6
94e277b7fd0aa31c86e646c079a8e27507efd39375d08eea8bd9d8ae6543ffca
b4c6b1ce68d5aec6ac8ce579f73a4a6f60bf464c8bdc82936b5f3c25d43714c2
beac2be83991d5965efba01e30a5f735620daa35e2f4baa0d8a4c1882a3df4f6