support.cineflixprime.com
Open in
urlscan Pro
2606:4700:3037::6815:23c6
Malicious Activity!
Public Scan
Submission: On January 17 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 22nd 2023. Valid for: a year.
This is the only time support.cineflixprime.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Fifth Third Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 7 | 2606:4700:303... 2606:4700:3037::6815:23c6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
cineflixprime.com
1 redirects
support.cineflixprime.com |
35 KB |
6 | 1 |
Domain | Requested by | |
---|---|---|
7 | support.cineflixprime.com |
1 redirects
support.cineflixprime.com
|
6 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-22 - 2024-07-20 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://support.cineflixprime.com/fifth53rd/email.html
Frame ID: 29312F028497CC0CFFB8C6C07BB89228
Requests: 4 HTTP requests in this frame
Frame:
https://support.cineflixprime.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
Frame ID: 3C4664ABA43119EBB9F85EE5B5D28959
Requests: 2 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- https://support.cineflixprime.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://support.cineflixprime.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
email.html
support.cineflixprime.com/fifth53rd/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
support.cineflixprime.com/fifth53rd/assets/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
support.cineflixprime.com/fifth53rd/assets/img/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mobilelogo.png
support.cineflixprime.com/fifth53rd/assets/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
support.cineflixprime.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/ Frame 3C46 Redirect Chain
|
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
846adb614ec69000
support.cineflixprime.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 3C46 |
0 620 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Fifth Third Bank (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 01 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.cineflixprime.com/ | Name: cf_clearance Value: 2jDp4NynotDpLZGqcTJDpOkgsTL2a03bd4C8tJq6bl4-1705455279-1-Ad5a1OHRBNDbpBcydFuBYP3rj1bxns/teey3qEGJlOvB/QrDMUXsaUmqsDPSbnKRutdBMoGe5wG75M9HKJIOqeU= |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
support.cineflixprime.com
2606:4700:3037::6815:23c6
5686ab36b08cfb0043d320a71e6bf72bfb4d062569fd564f8e325807aadfd9ca
ba3b6c0867db2f2d177c316312a77af2972f925b6869387a24d65cc5503dc65f
bffd95d1df1d3924338a927f34310afb8da9221c1a87814b85fb0c211bf2c75c
dc54e6232c33890fc119e9f2d7a13c1e00687df49fe7f65cbfba692e4cfc0563
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec09533b5d1ddef33e246378455cb17aa0191ca509ca1392e9b8040bb146187e