xflix-69c66.web.app
Open in
urlscan Pro
199.36.158.100
Malicious Activity!
Public Scan
Effective URL: https://xflix-69c66.web.app/
Submission: On April 02 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1D4 on March 6th 2023. Valid for: 3 months.
This is the only time xflix-69c66.web.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 199.36.158.100 199.36.158.100 | 54113 (FASTLY) (FASTLY) | |
2 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 13.35.93.22 13.35.93.22 | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 45.57.91.1 45.57.91.1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
1 | 45.57.62.152 45.57.62.152 | 2906 (AS-SSI) (AS-SSI) | |
3 | 54.187.119.242 54.187.119.242 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 18.160.10.111 18.160.10.111 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 44.235.178.34 44.235.178.34 | 16509 (AMAZON-02) (AMAZON-02) | |
23 | 8 |
ASN16509 (AMAZON-02, US)
PTR: server-13-35-93-22.jfk50.r.cloudfront.net
js.stripe.com |
ASN2906 (AS-SSI, US)
PTR: ipv4-c023-was001-ix.1.oca.nflxvideo.net
occ-0-2430-2433.1.nflxso.net |
ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com
q.stripe.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-160-10-111.iad12.r.cloudfront.net
m.stripe.network |
ASN16509 (AMAZON-02, US)
PTR: ec2-44-235-178-34.us-west-2.compute.amazonaws.com
m.stripe.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
stripe.com
js.stripe.com — Cisco Umbrella Rank: 1244 q.stripe.com — Cisco Umbrella Rank: 7928 m.stripe.com — Cisco Umbrella Rank: 1249 |
114 KB |
6 |
nflxext.com
assets.nflxext.com — Cisco Umbrella Rank: 3919 |
1 MB |
5 |
web.app
xflix-69c66.web.app |
286 KB |
2 |
stripe.network
m.stripe.network — Cisco Umbrella Rank: 1316 |
16 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220 |
88 KB |
1 |
nflxso.net
occ-0-2430-2433.1.nflxso.net — Cisco Umbrella Rank: 67997 |
258 KB |
23 | 6 |
Domain | Requested by | |
---|---|---|
6 | assets.nflxext.com |
xflix-69c66.web.app
|
5 | xflix-69c66.web.app |
xflix-69c66.web.app
|
3 | q.stripe.com |
xflix-69c66.web.app
|
3 | js.stripe.com |
xflix-69c66.web.app
js.stripe.com |
2 | m.stripe.network |
js.stripe.com
m.stripe.network |
2 | cdnjs.cloudflare.com |
xflix-69c66.web.app
cdnjs.cloudflare.com |
1 | m.stripe.com |
m.stripe.network
|
1 | occ-0-2430-2433.1.nflxso.net |
xflix-69c66.web.app
|
23 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.app GTS CA 1D4 |
2023-03-06 - 2023-06-04 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA |
2023-02-06 - 2023-05-13 |
3 months | crt.sh |
*.1.nflxso.net DigiCert Secure Site ECC CA-1 |
2023-03-15 - 2023-04-19 |
a month | crt.sh |
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-02-14 - 2023-06-13 |
4 months | crt.sh |
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-03-28 - 2023-07-26 |
4 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://xflix-69c66.web.app/
Frame ID: 452C57CD7E09092EF0241D11DFC51CDA
Requests: 15 HTTP requests in this frame
Frame:
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Frame ID: 474B375BA05E7B23FF074DBC5A390B07
Requests: 4 HTTP requests in this frame
Frame:
https://m.stripe.network/inner.html
Frame ID: 81D36CE2634F56BF12CABC48BB55C88E
Requests: 4 HTTP requests in this frame
Screenshot
Page Title
XFlix - Watch TV Shows Online, Watch Movies OnlinePage URL History Show full URLs
-
http://xflix-69c66.web.app/
HTTP 307
https://xflix-69c66.web.app/ Page URL
Detected technologies
Stripe (Payment Processors) ExpandDetected patterns
- js\.stripe\.com
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://xflix-69c66.web.app/
HTTP 307
https://xflix-69c66.web.app/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
xflix-69c66.web.app/ Redirect Chain
|
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/ |
58 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.5eba8bbb.chunk.css
xflix-69c66.web.app/static/css/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.0f20da51.chunk.js
xflix-69c66.web.app/static/js/ |
1 MB 276 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.993c988d.chunk.js
xflix-69c66.web.app/static/js/ |
23 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v3
js.stripe.com/ |
455 KB 110 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xflix_2.svg
xflix-69c66.web.app/images/ |
2 KB 756 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
US-en-20210607-popsignuptwoweeks-perspective_alpha_website_large.jpg
assets.nflxext.com/ffe/siteui/vlv3/c0a32732-b033-43b3-be2a-8fee037a6146/4b723240-7bae-4ffe-96d0-91fba08c69ee/ |
318 KB 318 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tv.png
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-0819.jpg
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ |
48 KB 49 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
device-pile.png
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ |
134 KB 134 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AAAABdFTpLmANuJpYneLq8L5m7CunMCi8e8Nl4y7xaPVWzG3IeoDoq17egTQAthApKg_4sdRWdwuR8KadWu1frjL3JQImpwq.png
occ-0-2430-2433.1.nflxso.net/dnm/api/v6/19OhWN2dO19C9txTON9tvTFtefw/ |
257 KB 258 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/webfonts/ |
76 KB 77 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video-tv-0819.m4v
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ |
264 KB 264 KB |
Media
video/x-m4v |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
video-devices.m4v
assets.nflxext.com/ffe/siteui/acquisition/ourStory/fuji/desktop/ |
260 KB 260 KB |
Media
video/x-m4v |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m-outer-93afeeb17bc37e711759584dbfc50d47.html
js.stripe.com/v3/ Frame 474B |
200 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
csp-report
q.stripe.com/ Frame 474B |
0 640 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
csp-report
q.stripe.com/ Frame 474B |
0 641 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m-outer-8cb24ab2d649fd36a488d04d8c457933.js
js.stripe.com/v3/fingerprinted/js/ Frame 474B |
631 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inner.html
m.stripe.network/ Frame 81D3 |
930 B 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
csp-report
q.stripe.com/ Frame 81D3 |
0 414 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
out-4.5.42.js
m.stripe.network/ Frame 81D3 |
86 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
6
m.stripe.com/ Frame 81D3 |
156 B 668 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| webpackJsonpxflix object| regeneratorRuntime object| webpackChunkStripeJSouter function| noop function| Stripe3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
m.stripe.com/ | Name: m Value: c3058fbc-69a5-4aa6-90dc-4f697e806270f64b52 |
|
.xflix-69c66.web.app/ | Name: __stripe_mid Value: f6a6f6c0-85bb-4238-ba2b-fbe2a69cdecfa9a9fe |
|
.xflix-69c66.web.app/ | Name: __stripe_sid Value: 04a0f1a4-c2de-4c7e-9a86-65c1e518eabd86dbb2 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
cdnjs.cloudflare.com
js.stripe.com
m.stripe.com
m.stripe.network
occ-0-2430-2433.1.nflxso.net
q.stripe.com
xflix-69c66.web.app
104.17.25.14
13.35.93.22
18.160.10.111
199.36.158.100
44.235.178.34
45.57.62.152
45.57.91.1
54.187.119.242
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
2699316cb83af2502422d101e81564b0492785cab2fdfbdc256f90e1c4ad5606
3eec290a7f7da9abb00b49ca84f5f16e6d45ca33d40fd8ede4380835d6161d71
492fdebd363e40cbba153a244bcfe2a7f5f7cf20aff0805fe45d5c7e2180b875
4c7a552d219146985961bf78d9083b7e2c1a82c4ada5d959f48b3e53754c9049
5490a053ec522ddcfa287cc67cdb5e97c38d1abefeb04245a70065df9a6da661
6cad0a595dc73b74a172fdf83c134930fd739bde1e82da40ea4f37bb3b1635d0
81cf64888a7b3f6848b09695b034026d9ad685665b91d54597ecbb6197c6acbb
8cb2249f74823bcbcb559c7a169b09c751e49dd434fbbbed4149a2afd9a10ea7
8f19099b258b4e90c2062bfc50d4af898d2e6d94e96a7d16c7b9a46650ce07cd
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
b5deb7e9d22f2609422e1cba96066a0cd91984ce16f8aca584c9872c49900470
b68ea2c7bea397aa11fadb189ce7d83862baebaf03ece643eb5aa9fb5f755056
be90990d24168236147fb72e1af247dba68d954ca2cc03b97ceb7762a60a89db
c8c6c3a00438cd031e897b3ec0149023c40b91ba6d232b8ed1fb60731d357413
d2b9c9dac35048e76af71083e6f400f5bd6c623f31b7bfb3016cf7942f71c203
d87ddf917b7a1449ab45e2b8e3c98354629bdd65b6659c37e6023bbea1ce1386
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
f2b2d0a6cfc1be5d4cff0b1052f6770b7ccf26770c2da8d93ed64acb4b54670f
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083