netflix-clone-259b9.firebaseapp.com

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 5 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is netflix-clone-259b9.firebaseapp.com.
TLS certificate: Issued by GTS CA 1D4 on July 10th 2023. Valid for: 3 months.

This is the only time netflix-clone-259b9.firebaseapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	2620:0:890::100 2620:0:890::100	54113 (FASTLY) (FASTLY)
1	2620:0:862:ed... 2620:0:862:ed1a::2:b	14907 (WIKIMEDIA) (WIKIMEDIA)
1	8.241.123.250 8.241.123.250	3356 (LEVEL3) (LEVEL3)
5	3

3 2620:0:890::100 (United States)

ASN54113 (FASTLY, US)

netflix-clone-259b9.firebaseapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:0:862:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.241.123.250 (United States)

ASN3356 (LEVEL3, US)

cdn.mos.cms.futurecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	firebaseapp.com netflix-clone-259b9.firebaseapp.com	200 KB
1	futurecdn.net cdn.mos.cms.futurecdn.net — Cisco Umbrella Rank: 14725	230 KB
1	wikimedia.org upload.wikimedia.org — Cisco Umbrella Rank: 3397	32 KB
5	3

	Domain	Requested by
3	netflix-clone-259b9.firebaseapp.com	netflix-clone-259b9.firebaseapp.com
1	cdn.mos.cms.futurecdn.net	netflix-clone-259b9.firebaseapp.com
1	upload.wikimedia.org
5	3

This site contains no links.

Subject Issuer	Validity	Valid
firebaseapp.com GTS CA 1D4	`2023-07-10` - `2023-10-08`	3 months	crt.sh
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-10-27` - `2023-11-17`	a year	crt.sh
*.futurecdn.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-08` - `2024-07-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://netflix-clone-259b9.firebaseapp.com/
Frame ID: FAFBC0295F5C6F992B31BE13EF0D7E22
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

React Redux App

Page Statistics

5
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

462 kB
Transfer

1168 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
netflix-clone-259b9.firebaseapp.com/ 650 B
619 B 42ms
9ms Document
text/html 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://netflix-clone-259b9.firebaseapp.com/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

/

Resource Hash

beac2be83991d5965efba01e30a5f735620daa35e2f4baa0d8a4c1882a3df4f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=3600
content-encoding: br
content-length: 251
content-type: text/html; charset=utf-8
date: Fri, 11 Aug 2023 05:15:54 GMT
etag: "caa7e06319f936ed103ec40987fcc6d41851d3abeef5a6952907827cd3c1e1ff-br"
last-modified: Tue, 08 Aug 2023 09:35:54 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
x-cache-hits: 1
x-served-by: cache-fra-eddf8230060-FRA
x-timer: S1691730955.793995,VS0,VE1

GET
H2 200 main.81b4e55b.js Show response
netflix-clone-259b9.firebaseapp.com/static/js/ 902 KB
198 KB 11ms
10ms Script
text/javascript 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://netflix-clone-259b9.firebaseapp.com/static/js/main.81b4e55b.js

Requested by

Host: netflix-clone-259b9.firebaseapp.com
URL: https://netflix-clone-259b9.firebaseapp.com/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

/

Resource Hash

690c7522c9b245b1bd0d488f644d6c89cc2d558344c9d5f4e7c522c89f743c3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://netflix-clone-259b9.firebaseapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-served-by: cache-fra-eddf8230060-FRA
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Fri, 11 Aug 2023 05:15:54 GMT
last-modified: Tue, 08 Aug 2023 09:35:54 GMT
x-timer: S1691730955.808919,VS0,VE2
etag: "26686d2aef6efb2e6ea31b2d1a0ac1c7a616d02d8b2041b7e80d2983b9e81a41-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 202518
x-cache-hits: 1

GET
H2 200 main.bbb5a6ab.css
netflix-clone-259b9.firebaseapp.com/static/css/ 4 KB
1 KB 9ms
9ms Stylesheet
text/css 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://netflix-clone-259b9.firebaseapp.com/static/css/main.bbb5a6ab.css

Requested by

Host: netflix-clone-259b9.firebaseapp.com
URL: https://netflix-clone-259b9.firebaseapp.com/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

/

Resource Hash

773faee4762078bf6d870808fad4283ecb489d977b0adedbd409f5226ee74fd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://netflix-clone-259b9.firebaseapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-served-by: cache-fra-eddf8230060-FRA
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
date: Fri, 11 Aug 2023 05:15:54 GMT
last-modified: Tue, 08 Aug 2023 09:35:54 GMT
x-timer: S1691730955.808797,VS0,VE1
etag: "d472667e67fbd64d8bc5111498a2e8d5ea7a80b49ca71932ae7c123a470f2878-br"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/css; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1261
x-cache-hits: 1

GET
H2 200 Logonetflix.png
upload.wikimedia.org/wikipedia/commons/7/7a/ 32 KB
32 KB 87ms
27ms Image
image/png 2620:0:862:ed1a::2:b
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/7/7a/Logonetflix.png

Protocol

H2

Security

TLS 1.3, , AES_256_GCM

Server

2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

ATS/9.1.4 /

Resource Hash

94e277b7fd0aa31c86e646c079a8e27507efd39375d08eea8bd9d8ae6543ffca

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://netflix-clone-259b9.firebaseapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 23:15:22 GMT
strict-transport-security: max-age=106384710; includeSubDomains; preload
x-content-type-options: nosniff
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
age: 21632
x-cache-status: hit-front
x-cache: cp3057 hit, cp3051 hit/14
server-timing: cache;desc="hit-front", host;desc="cp3051"
content-length: 32265
x-client-ip: 2a00:c98:2030:a004:1::14
x-object-meta-sha1base36: 8g6okgznwg3viydtjompaoyat22gyzy
last-modified: Mon, 04 Sep 2017 09:34:27 GMT
server: ATS/9.1.4
etag: 31da8f75207be28aab51bb84b0d7848c
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 rDJegQJaCyGaYysj2g5XWY.jpg
cdn.mos.cms.futurecdn.net/ 229 KB
230 KB 223ms
11ms Image
image/jpeg 8.241.123.250
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mos.cms.futurecdn.net/rDJegQJaCyGaYysj2g5XWY.jpg
Requested by: Host: netflix-clone-259b9.firebaseapp.com
URL: https://netflix-clone-259b9.firebaseapp.com/static/css/main.bbb5a6ab.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 8.241.123.250 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: b4c6b1ce68d5aec6ac8ce579f73a4a6f60bf464c8bdc82936b5f3c25d43714c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://netflix-clone-259b9.firebaseapp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 05:15:55 GMT
x-backend: default
x-svc-env: prod
age: 3175085
xkey: /proof/rDJegQJaCyGaYysj2g5XWY.jpg
x-ftr-dc: uk-lon1
x-ftr-realm: pip
x-ftr-backend: mos_kodiak
x-ftr-cache-status: MISS
content-length: 234326
x-svc-build-time: Fri Jun 30 11:55:09 UTC 2023
x-ftr-balancer: bulk-proxy-1
x-served-by: kodiak-varnish-75df8db46-vjfjl
x-ftr-request-id: 00000000:91FF_00000000:0050_64A5515D_17E6F9:9E51
x-svc-go-version: 1.19
server: Footprint Distributor V6.1.1162
etag: 14ccb793d49a2199986514f537f2dc97
x-svc-name: kodiak-mos-adapter-svc
vary: Origin
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
x-ftr-backend-server: kube
cache-control: max-age=5184000
access-control-allow-credentials: true
access-control-max-age: 1728000
x-svc-version: latest
accept-ranges: bytes
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
expires: Sun, 01 Oct 2023 17:48:08 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunknetflix

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.mos.cms.futurecdn.net
netflix-clone-259b9.firebaseapp.com
upload.wikimedia.org
2620:0:862:ed1a::2:b
2620:0:890::100
8.241.123.250
690c7522c9b245b1bd0d488f644d6c89cc2d558344c9d5f4e7c522c89f743c3c
773faee4762078bf6d870808fad4283ecb489d977b0adedbd409f5226ee74fd6
94e277b7fd0aa31c86e646c079a8e27507efd39375d08eea8bd9d8ae6543ffca
b4c6b1ce68d5aec6ac8ce579f73a4a6f60bf464c8bdc82936b5f3c25d43714c2
beac2be83991d5965efba01e30a5f735620daa35e2f4baa0d8a4c1882a3df4f6

netflix-clone-259b9.firebaseapp.com Open in urlscan Pro 2620:0:890::100 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

1 Countries

462 kBTransfer

1168 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

netflix-clone-259b9.firebaseapp.com Open in urlscan Pro
2620:0:890::100 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

462 kB
Transfer

1168 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!