Report - gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second

Report Overview

Submitted URL
gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
IP
50.87.170.37
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2024-05-08 04:52:32
Access
public
Website Title
Netflix
Final URL
gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Tags
netflix phishing
urlquery detections
Phishing - Netflix

Detections

urlquery
10
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gvx.nsm.mybluehost.me	unknown	2016-10-05	2024-04-17	2024-04-18	5.9 kB	438 kB	50.87.170.37
assets.nflxext.com	3871	2011-02-11	2015-07-22	2024-05-07	522 B	74 kB	45.57.90.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	gvx.nsm.mybluehost.me/;)pzq/page_settings/files/js/modernizr.min.js	3.8 kB	2023-03-07	2024-05-19
Pretty URL gvx.nsm.mybluehost.me/;)pzq/page_settings/files/js/modernizr.min.js IP 50.87.170.37 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-05-19 02:03:33 Times Seen1075 Hash a635a55ddb6339a3d0d01c641f670753 a6dee4a1df6c51b82ce2e67323514e7de4e165d4 a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44 Loading...

	gvx.nsm.mybluehost.me/;)pzq/page_settings/files/js/jquery.js	87 kB	2023-03-07	2024-05-19
Pretty URL gvx.nsm.mybluehost.me/;)pzq/page_settings/files/js/jquery.js IP 50.87.170.37 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:26 Last Seen2024-05-19 08:03:20 Times Seen12304 Hash af4078402c5e090d3f81d1abd71e2250 9592732de681f4365e9b7016dc5cf76e2a55ee9b 8603b20b548270423fb03c2138c16f5f863ead4c48eb0999167df869e2eef8a6 Loading...

	gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second	671 B	2023-09-09	2024-05-19
Pretty URL gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second IP 50.87.170.37 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-09 14:01:17 Last Seen2024-05-19 02:03:33 Times Seen105 Hash 4381d2cad60ae091373a65bc2f27ff20 df58f28f35b9a19132b30155d1066e63f8747d7d 9d8660e8da2ac4f0fe56200399f4aaaed44d006f741f2b4fb35058be4d60d6e0 Loading...

	gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second	2.3 kB	2023-09-09	2024-05-19
Pretty URL gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second IP 50.87.170.37 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-09 14:01:18 Last Seen2024-05-19 02:03:33 Times Seen102 Hash 96eaa76d2eaf9c5d0179f3e578dfc765 e0c3fdc67dcfb53e26d913d340a02a7ddfd3185a aa729d5bacb33c92ac473f63195013581b5a26e6892db375d275cc59550e6020 Loading...

HTTP Transactions (10)

URL IP Response Size

gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second

50.87.170.37

200 OK

2.3 kB

URL User Request GET HTTP/2
gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
IP
50.87.170.37:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectautodiscover.gvx.nsm.mybluehost.me
Fingerprint41:A6:A0:39:53:28:5E:41:5E:F7:7D:15:BF:8E:D6:04:87:2A:42:55
ValidityWed, 17 Apr 2024 12:50:16 GMT - Tue, 16 Jul 2024 12:50:15 GMT

File type
HTML document, ASCII text, with very long lines (386)
Size
2.3 kB (2318 bytes)
Hash
e9059cd475b7691148e3280f94ea4db1
148f996b375b8cbdd8e0e22da9b0719308dd7bdf
d6a3c82a135de1e82d59f2547e4c83f31c52a23334c1e09d084f3750655ed48d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second HTTP/1.1
Host: gvx.nsm.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 04:52:07 GMT
server: nginx/1.21.6
content-type: text/html; charset=UTF-8
content-length: 2318
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
x-server-cache: false
set-cookie: PHPSESSID=0f7f2b43b2966978b5ec1df0ad26edfc; path=/
X-Firefox-Spdy: h2

gvx.nsm.mybluehost.me/;)pzq/page_settings/files/img/logo.svg

50.87.170.37

200 OK

864 B

URL GET HTTP/2
gvx.nsm.mybluehost.me/;)pzq/page_settings/files/img/logo.svg
IP
50.87.170.37:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Certificate
IssuerLet's Encrypt
Subjectautodiscover.gvx.nsm.mybluehost.me
Fingerprint41:A6:A0:39:53:28:5E:41:5E:F7:7D:15:BF:8E:D6:04:87:2A:42:55
ValidityWed, 17 Apr 2024 12:50:16 GMT - Tue, 16 Jul 2024 12:50:15 GMT

File type
SVG Scalable Vector Graphics image
Size
864 B (864 bytes)
Hash
c6a2d2f507cb0f90edba00682d0dc854
ce2d00824f3b9edfd660105e670945c960c65c22
8a421d5798accee1c284865ac05cee792ad3f6bcb3c70ce1dcb954d23e86fdad

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /;)pzq/page_settings/files/img/logo.svg HTTP/1.1
Host: gvx.nsm.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Cookie: PHPSESSID=0f7f2b43b2966978b5ec1df0ad26edfc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 03 Jul 2022 00:02:40 GMT
accept-ranges: bytes
content-length: 864
cache-control: max-age=86400
expires: Thu, 09 May 2024 04:52:07 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: image/svg+xml
date: Wed, 08 May 2024 04:52:07 GMT
server: Apache
X-Firefox-Spdy: h2

gvx.nsm.mybluehost.me/;)pzq/page_settings/files/js/modernizr.min.js

50.87.170.37

200 OK

1.9 kB

URL GET HTTP/2
gvx.nsm.mybluehost.me/;)pzq/page_settings/files/js/modernizr.min.js
IP
50.87.170.37:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Certificate
IssuerLet's Encrypt
Subjectautodiscover.gvx.nsm.mybluehost.me
Fingerprint41:A6:A0:39:53:28:5E:41:5E:F7:7D:15:BF:8E:D6:04:87:2A:42:55
ValidityWed, 17 Apr 2024 12:50:16 GMT - Tue, 16 Jul 2024 12:50:15 GMT

File type
JavaScript source, ASCII text, with very long lines (3807), with no line terminators
Size
1.9 kB (1866 bytes)
Hash
a635a55ddb6339a3d0d01c641f670753
a6dee4a1df6c51b82ce2e67323514e7de4e165d4
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /;)pzq/page_settings/files/js/modernizr.min.js HTTP/1.1
Host: gvx.nsm.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Cookie: PHPSESSID=0f7f2b43b2966978b5ec1df0ad26edfc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 03 Jul 2022 00:02:40 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Thu, 09 May 2024 04:52:07 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-length: 1866
content-type: application/javascript
date: Wed, 08 May 2024 04:52:07 GMT
server: Apache
X-Firefox-Spdy: h2

gvx.nsm.mybluehost.me/;)pzq/page_settings/files/img/bg.jpg

50.87.170.37

200 OK

120 kB

URL GET HTTP/2
gvx.nsm.mybluehost.me/;)pzq/page_settings/files/img/bg.jpg
IP
50.87.170.37:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Certificate
IssuerLet's Encrypt
Subjectautodiscover.gvx.nsm.mybluehost.me
Fingerprint41:A6:A0:39:53:28:5E:41:5E:F7:7D:15:BF:8E:D6:04:87:2A:42:55
ValidityWed, 17 Apr 2024 12:50:16 GMT - Tue, 16 Jul 2024 12:50:15 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1125, components 3
Size
120 kB (120105 bytes)
Hash
5f6f14c7e213792c78d8fc08ced0840c
9700da5cdd4b261c657540b4d4d49c90cd57cdac
cde4074549e72df2b148594b13728b01118887d02d99e5e7d67c5d1e54cc6669

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /;)pzq/page_settings/files/img/bg.jpg HTTP/1.1
Host: gvx.nsm.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Cookie: PHPSESSID=0f7f2b43b2966978b5ec1df0ad26edfc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 03 Jul 2022 00:02:40 GMT
accept-ranges: bytes
content-length: 120105
cache-control: max-age=86400
expires: Thu, 09 May 2024 04:52:07 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: image/jpeg
date: Wed, 08 May 2024 04:52:07 GMT
server: Apache
X-Firefox-Spdy: h2

assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff

45.57.90.1

200 OK

74 kB

URL GET HTTP/1.1
assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
IP
45.57.90.1:443
ASN
#40027 NETFLIX-ASN

Requested by
https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Certificate
IssuerDigiCert Inc
Subject*.1.nflxso.net
FingerprintC0:F2:80:93:10:52:80:12:15:30:B6:39:0A:98:0E:F2:0B:F7:DE:B7
ValidityTue, 09 Apr 2024 00:00:00 GMT - Tue, 14 May 2024 23:32:58 GMT

File type
Web Open Font Format, CFF, length 73572, version 0.0
Size
74 kB (73572 bytes)
Hash
7cf6156cc481244b5a254362d7b73f00
4391003d1cb06d2bd1921a5813a57604fa7d9935
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

HTTP Headers

GET /ffe/siteui/fonts/nf-icon-v1-93.woff HTTP/1.1
Host: assets.nflxext.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gvx.nsm.mybluehost.me
DNT: 1
Connection: keep-alive
Referer: https://gvx.nsm.mybluehost.me/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 May 2024 04:52:08 GMT
Content-Type: font/woff
Content-Length: 73572
Connection: keep-alive
Content-MD5: fPYVbMSBJEtaJUNi17c/AA==
Last-Modified: Mon, 29 Jan 2018 01:50:51 GMT
Cache-Control: max-age=604801
Expires: Wed, 15 May 2024 04:52:09 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

gvx.nsm.mybluehost.me/;)pzq/page_settings/files/img/favicon.png

50.87.170.37

200 OK

1.8 kB

URL GET HTTP/2
gvx.nsm.mybluehost.me/;)pzq/page_settings/files/img/favicon.png
IP
50.87.170.37:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Certificate
IssuerLet's Encrypt
Subjectautodiscover.gvx.nsm.mybluehost.me
Fingerprint41:A6:A0:39:53:28:5E:41:5E:F7:7D:15:BF:8E:D6:04:87:2A:42:55
ValidityWed, 17 Apr 2024 12:50:16 GMT - Tue, 16 Jul 2024 12:50:15 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1755 bytes)
Hash
3d194514babc5d7d010308a0f808ca51
867e51e9b4a474c19da52d6454076c007a9d01f2
7341f7b8b0ae3c0da4aea559efc31f0b53d9db9dd291664fdcf7d618fd95ed8a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /;)pzq/page_settings/files/img/favicon.png HTTP/1.1
Host: gvx.nsm.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Cookie: PHPSESSID=0f7f2b43b2966978b5ec1df0ad26edfc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 03 Jul 2022 00:02:40 GMT
accept-ranges: bytes
content-length: 1755
cache-control: max-age=86400
expires: Thu, 09 May 2024 04:52:08 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: image/png
date: Wed, 08 May 2024 04:52:08 GMT
server: Apache
X-Firefox-Spdy: h2

gvx.nsm.mybluehost.me/;)pzq/page_settings/files/img/favicon.ico

50.87.170.37

200 OK

17 kB

URL GET HTTP/2
gvx.nsm.mybluehost.me/;)pzq/page_settings/files/img/favicon.ico
IP
50.87.170.37:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Certificate
IssuerLet's Encrypt
Subjectautodiscover.gvx.nsm.mybluehost.me
Fingerprint41:A6:A0:39:53:28:5E:41:5E:F7:7D:15:BF:8E:D6:04:87:2A:42:55
ValidityWed, 17 Apr 2024 12:50:16 GMT - Tue, 16 Jul 2024 12:50:15 GMT

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
Size
17 kB (16958 bytes)
Hash
41b45fdce09bd6acd07c7a8949da675e
931e18dfc6e7d950dc2f2bbdfe31e1ea720acf7c
abe8012eb65c0dc0ac3e87dcc1e60e1908ebd8f12b7c47a5df1856f7a7bb1edd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /;)pzq/page_settings/files/img/favicon.ico HTTP/1.1
Host: gvx.nsm.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Cookie: PHPSESSID=0f7f2b43b2966978b5ec1df0ad26edfc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 08 May 2024 04:52:08 GMT
server: nginx/1.21.6
content-type: image/x-icon
content-length: 16958
last-modified: Sun, 03 Jul 2022 00:02:40 GMT
accept-ranges: bytes
cache-control: max-age=31536000
expires: Thu, 08 May 2025 04:52:08 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
x-server-cache: false
X-Firefox-Spdy: h2

gvx.nsm.mybluehost.me/;)pzq/page_settings/files/css/none.css

50.87.170.37

200 OK

37 kB

URL GET HTTP/2
gvx.nsm.mybluehost.me/;)pzq/page_settings/files/css/none.css
IP
50.87.170.37:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Certificate
IssuerLet's Encrypt
Subjectautodiscover.gvx.nsm.mybluehost.me
Fingerprint41:A6:A0:39:53:28:5E:41:5E:F7:7D:15:BF:8E:D6:04:87:2A:42:55
ValidityWed, 17 Apr 2024 12:50:16 GMT - Tue, 16 Jul 2024 12:50:15 GMT

File type
gzip compressed data, from Unix
Size
37 kB (37111 bytes)
Hash
4d46546b044f3c812900f77d64d7115b
51895d301640ccd333f81e93fa65a794c01d27f8
95591b384a9858e53fc6e12b48723c8fade6ffa434663cb4aba901e13e61f41b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /;)pzq/page_settings/files/css/none.css HTTP/1.1
Host: gvx.nsm.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Cookie: PHPSESSID=0f7f2b43b2966978b5ec1df0ad26edfc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 03 Jul 2022 00:02:40 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Thu, 09 May 2024 04:52:07 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: text/css
date: Wed, 08 May 2024 04:52:07 GMT
server: Apache
X-Firefox-Spdy: h2

gvx.nsm.mybluehost.me/;)pzq/page_settings/files/js/jquery.js

50.87.170.37

200 OK

87 kB

URL GET HTTP/2
gvx.nsm.mybluehost.me/;)pzq/page_settings/files/js/jquery.js
IP
50.87.170.37:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Certificate
IssuerLet's Encrypt
Subjectautodiscover.gvx.nsm.mybluehost.me
Fingerprint41:A6:A0:39:53:28:5E:41:5E:F7:7D:15:BF:8E:D6:04:87:2A:42:55
ValidityWed, 17 Apr 2024 12:50:16 GMT - Tue, 16 Jul 2024 12:50:15 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
87 kB (86841 bytes)
Hash
af4078402c5e090d3f81d1abd71e2250
9592732de681f4365e9b7016dc5cf76e2a55ee9b
8603b20b548270423fb03c2138c16f5f863ead4c48eb0999167df869e2eef8a6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /;)pzq/page_settings/files/js/jquery.js HTTP/1.1
Host: gvx.nsm.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Cookie: PHPSESSID=0f7f2b43b2966978b5ec1df0ad26edfc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 03 Jul 2022 00:02:40 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Thu, 09 May 2024 04:52:07 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: application/javascript
date: Wed, 08 May 2024 04:52:07 GMT
server: Apache
X-Firefox-Spdy: h2

gvx.nsm.mybluehost.me/;)pzq/page_settings/files/css/none2.css

50.87.170.37

200 OK

166 kB

URL GET HTTP/2
gvx.nsm.mybluehost.me/;)pzq/page_settings/files/css/none2.css
IP
50.87.170.37:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Certificate
IssuerLet's Encrypt
Subjectautodiscover.gvx.nsm.mybluehost.me
Fingerprint41:A6:A0:39:53:28:5E:41:5E:F7:7D:15:BF:8E:D6:04:87:2A:42:55
ValidityWed, 17 Apr 2024 12:50:16 GMT - Tue, 16 Jul 2024 12:50:15 GMT

File type
ASCII text, with very long lines (375), with CRLF line terminators
Size
166 kB (166516 bytes)
Hash
e5f7d5fcb7224cb2327d6cd22742ea18
021fa984988ef9d38d32bb87b04bd6e6caa913c4
00bc064877ab26d7931d8e85ea0f578aa5048f6a443a44043948097d74aa4a31

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /;)pzq/page_settings/files/css/none2.css HTTP/1.1
Host: gvx.nsm.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gvx.nsm.mybluehost.me/;)pzq/page_settings/login.php?home-US-userID987647864812334345484351818468-Email-33626626641848798409874987049909840684980546840078965484/-second
Cookie: PHPSESSID=0f7f2b43b2966978b5ec1df0ad26edfc
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 03 Jul 2022 00:02:40 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Thu, 09 May 2024 04:52:07 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: text/css
date: Wed, 08 May 2024 04:52:07 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type