support.cineflixprime.com Open in urlscan Pro
2606:4700:3037::6815:23c6  Malicious Activity! Public Scan

URL: https://support.cineflixprime.com/fifth53rd/email.html
Submission: On January 17 via automatic, source openphish — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 2606:4700:3037::6815:23c6, located in United States and belongs to CLOUDFLARENET, US. The main domain is support.cineflixprime.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 22nd 2023. Valid for: a year.
This is the only time support.cineflixprime.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Fifth Third Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 7 2606:4700:303... 13335 (CLOUDFLAR...)
6 1
Apex Domain
Subdomains
Transfer
7 cineflixprime.com
support.cineflixprime.com
35 KB
6 1
Domain Requested by
7 support.cineflixprime.com 1 redirects support.cineflixprime.com
6 1

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-22 -
2024-07-20
a year crt.sh

This page contains 2 frames:

Primary Page: https://support.cineflixprime.com/fifth53rd/email.html
Frame ID: 29312F028497CC0CFFB8C6C07BB89228
Requests: 4 HTTP requests in this frame

Frame: https://support.cineflixprime.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
Frame ID: 3C4664ABA43119EBB9F85EE5B5D28959
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Fifth Third Banking Login

Page Statistics

6
Requests

83 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

34 kB
Transfer

39 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://support.cineflixprime.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://support.cineflixprime.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request email.html
support.cineflixprime.com/fifth53rd/
4 KB
2 KB
Document
General
Full URL
https://support.cineflixprime.com/fifth53rd/email.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:23c6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec09533b5d1ddef33e246378455cb17aa0191ca509ca1392e9b8040bb146187e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
846adb614ec69000-FRA
content-encoding
br
content-type
text/html
date
Wed, 17 Jan 2024 01:34:39 GMT
last-modified
Wed, 10 Jan 2024 17:48:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CRr4ooajKTgwlWGFawe56ntS9CD7tvuwl6nOjifeaP7y2soKOa1Lu%2FvtVrpOUmRGDjsBICR3eWJApkvDv%2Fei004%2F1BASpAfoNKXomy8ZO1Seh7WgYNG1tZHUBOXhzSN73KNOinJ5Wydju7IUZ7YLevvyeTfnJlmX"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
styles.css
support.cineflixprime.com/fifth53rd/assets/css/
2 KB
1 KB
Stylesheet
General
Full URL
https://support.cineflixprime.com/fifth53rd/assets/css/styles.css
Requested by
Host: support.cineflixprime.com
URL: https://support.cineflixprime.com/fifth53rd/email.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:23c6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc54e6232c33890fc119e9f2d7a13c1e00687df49fe7f65cbfba692e4cfc0563

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.cineflixprime.com/fifth53rd/email.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Wed, 17 Jan 2024 01:34:39 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished
origSize=3042
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Wed, 10 Jan 2024 17:47:30 GMT
server
cloudflare
etag
W/"be2-659ed832-18260cb;gz"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SgcdMU1d02Gi7fBzxfSyXMb3dRGhlppKhWeZuKJWVVBaYkInznEmTVH%2BxgaI2ft6N9oll7dXii6KSkiOHTxzzg07PUnxO8je2Hj7IuUWf%2B3hmuia%2FTrTQ0V75liT%2F%2BEVSJsWJ7IRF6Yx3NF3RADBWdbqx3yCETbO"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=604800
cf-ray
846adb6678a39000-FRA
expires
Tue, 23 Jan 2024 12:57:16 GMT
logo.png
support.cineflixprime.com/fifth53rd/assets/img/
16 KB
17 KB
Image
General
Full URL
https://support.cineflixprime.com/fifth53rd/assets/img/logo.png
Requested by
Host: support.cineflixprime.com
URL: https://support.cineflixprime.com/fifth53rd/email.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:23c6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5686ab36b08cfb0043d320a71e6bf72bfb4d062569fd564f8e325807aadfd9ca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.cineflixprime.com/fifth53rd/email.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Wed, 17 Jan 2024 01:34:39 GMT
cf-cache-status
HIT
last-modified
Wed, 10 Jan 2024 10:31:08 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"40e8-659e71ec-2411949;;;"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FdT3uTtbX%2B8ZtPQiIzybSyeeEm3jzrqN9jj%2FEQKkrcSemIgENDBKNevDbkAO9JlnJa6fB48qxzn5Dz%2FAqTinojj50CTFdT6qGFZuhJ5sidef8Jry%2FmpLvDCfWDu8FepA2LUX19D%2FCSvlB6dFWQBgq2r6hLy%2BcqPF"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
846adb6678a49000-FRA
alt-svc
h3=":443"; ma=86400
content-length
16616
expires
Tue, 23 Jan 2024 12:57:16 GMT
mobilelogo.png
support.cineflixprime.com/fifth53rd/assets/img/
10 KB
10 KB
Image
General
Full URL
https://support.cineflixprime.com/fifth53rd/assets/img/mobilelogo.png
Requested by
Host: support.cineflixprime.com
URL: https://support.cineflixprime.com/fifth53rd/email.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:23c6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bffd95d1df1d3924338a927f34310afb8da9221c1a87814b85fb0c211bf2c75c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://support.cineflixprime.com/fifth53rd/email.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Wed, 17 Jan 2024 01:34:39 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
8187
alt-svc
h3=":443"; ma=86400
content-length
10164
last-modified
Wed, 10 Jan 2024 17:27:02 GMT
server
cloudflare
etag
"27b4-659ed366-241194a;;;"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iWKjKi1276rzhoT4VURkUZWAc6Gl37YVfKYlKcs9QTZfUCtQPOm6BjqBd6s%2BTwl%2BcoiCqZQFtCrrPzO3wZG4E79Cq1i5574hErajprIMphbhRQqe3TxFyuHk3NmjM7IoeGN6lw07IQh3p2fq0E2bYEU3MG8OxWcS"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
cf-ray
846adb6678a59000-FRA
expires
Tue, 23 Jan 2024 12:57:16 GMT
main.js
support.cineflixprime.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/ Frame 3C46
Redirect Chain
  • https://support.cineflixprime.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://support.cineflixprime.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
7 KB
4 KB
Script
General
Full URL
https://support.cineflixprime.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
Protocol
H3
Server
2606:4700:3037::6815:23c6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba3b6c0867db2f2d177c316312a77af2972f925b6869387a24d65cc5503dc65f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36

Response headers

date
Wed, 17 Jan 2024 01:34:39 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3fU279ezkCXpZujAxQxG0UNslPUd%2Bu%2BWIn4AumwPy1iFgN4IkEoWCfSa8ex1HzI60kQLoGIxNIFvXQPtQJJY7vk1PzxrwSB4DfNvsOTzxJxqqTfrmkNh16Nl%2FQOeLOKijc29uK%2BxcQYrtCy2KtSjeCbOoYIyLSKy"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
846adb682e376412-LHR
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Wed, 17 Jan 2024 01:34:39 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AIOXvU3z9KVmWJV4TfcNuzbDL4qEO0UkypkWOpww6T2sEE5CV8BYTHNKhG4qfv3gZuJNdJlquxNzmgAr4QQy3R0z7UFrbIDTsZErqgqd57EqGa7OgcjDcLn9eccWp7jGyMMcxLHmSDNMH0R1I3nyGcEuOAFPFeFK"}],"group":"cf-nel","max_age":604800}
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
846adb67ddf26412-LHR
alt-svc
h3=":443"; ma=86400
846adb614ec69000
support.cineflixprime.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 3C46
0
620 B
XHR
General
Full URL
https://support.cineflixprime.com/cdn-cgi/challenge-platform/h/b/jsd/r/846adb614ec69000
Requested by
Host: support.cineflixprime.com
URL: https://support.cineflixprime.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:23c6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.216 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 17 Jan 2024 01:34:39 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x80IXjLrKfCdynzHBB8ZccPcJ%2Bvy%2Bo%2BF%2BMUCtDTyDSi34E%2FYd7a%2BJX5QgmPvCtv%2B16KYH6GX%2B9LqFjaRWbQ1tgnYwC%2Ff5iRk%2FsuWj97PhVkyQuEgV9KtP7P9nsAkt3E%2Bhhv5olqSPwlF51NEiRLH4HSKa%2BFRHQ0k"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
846adb68eebe6412-LHR
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Fifth Third Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

1 Cookies

Domain/Path Name / Value
.cineflixprime.com/ Name: cf_clearance
Value: 2jDp4NynotDpLZGqcTJDpOkgsTL2a03bd4C8tJq6bl4-1705455279-1-Ad5a1OHRBNDbpBcydFuBYP3rj1bxns/teey3qEGJlOvB/QrDMUXsaUmqsDPSbnKRutdBMoGe5wG75M9HKJIOqeU=