Report - dodostar.formstack.com/forms/str

Report Overview

Submitted URL
dodostar.formstack.com/forms/str
IP
54.230.111.51
ASN
#16509 AMAZON-02
Submitted
2024-04-27 04:22:17
Access
public
Website Title
Netflix
Final URL
lxw.uxb.mybluehost.me/Tashy/net/login.php
Tags
netflix phishing
urlquery detections
Phishing - Netflix

Detections

urlquery
26
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
js.stripe.com	1149	1995-09-12	2012-09-30	2024-04-25	1.5 kB	174 kB	151.101.192.176
static.formstack.com	29549	2010-03-03	2017-01-30	2024-04-25	487 B	900 B	54.230.111.58
m.stripe.network	1204	2017-03-16	2017-05-17	2024-04-26	956 B	18 kB	151.101.192.176
lxw.uxb.mybluehost.me	unknown	unknown	No data	No data	8.1 kB	429 kB	162.241.230.224
m.stripe.com	1092	1995-09-12	2017-01-30	2024-04-26	482 B	909 B	44.229.0.33
assets.nflxext.com	3871	2011-02-11	2015-07-22	2024-04-26	522 B	74 kB	45.57.91.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	lxw.uxb.mybluehost.me/Tashy/net/files/js/jquery.mask.js	8.1 kB	2023-03-07	2024-05-02
Pretty URL lxw.uxb.mybluehost.me/Tashy/net/files/js/jquery.mask.js IP 162.241.230.224 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-05-02 23:11:07 Times Seen457 Hash 9d8349c5ae98f1d6591ecce50e54403a 62f6a07fa6a0531ac0f6aae7988356ff28b09d73 38c89b667f0b98ab618ce6eef2947a58b9cac93e4dce667fec781562c34cd66e Loading...

	lxw.uxb.mybluehost.me/Tashy/net/login.php	683 B	2023-04-05	2024-05-02
Pretty URL lxw.uxb.mybluehost.me/Tashy/net/login.php IP 162.241.230.224 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 07:45:07 Last Seen2024-05-02 23:11:07 Times Seen204 Hash 01c7b00d99508afe32b8d7d090ae679e 45f91afac7e58a75e721cc45eabc4574f8ff499d 406cb0784ad9815171faf16bfc2a3e9d051815a81b026d3f80ab40ebefb46074 Loading...

	lxw.uxb.mybluehost.me/Tashy/net/login.php	105 B	2023-03-07	2024-04-27
Pretty URL lxw.uxb.mybluehost.me/Tashy/net/login.php IP 162.241.230.224 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03:30 Last Seen2024-04-27 06:22:23 Times Seen11 Hash 6c8998dc37f7679e1c54556d372b2f45 b331e607470a722d079f5a03bf09a7ddf72802c9 024d7ca5c7b3f0e1c275bc4a0dc60e4416371dc7dc9c7c9c2f09691c284df471 Loading...

	lxw.uxb.mybluehost.me/Tashy/net/files/js/jquery.ccvalid.js	7.4 kB	2023-03-07	2024-05-02
Pretty URL lxw.uxb.mybluehost.me/Tashy/net/files/js/jquery.ccvalid.js IP 162.241.230.224 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-05-02 23:11:07 Times Seen569 Hash 2f24b339e94eb18fdfd5cd5a60e82546 2abf52df7041eac55e0f59bf867053d4cb29891a ca83477931d09aca84c55e779bb2e6ef502b1af1bef668de771b8209a43eb11b Loading...

	lxw.uxb.mybluehost.me/Tashy/net/login.php	2.4 kB	2023-04-05	2024-05-02
Pretty URL lxw.uxb.mybluehost.me/Tashy/net/login.php IP 162.241.230.224 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-05 07:45:07 Last Seen2024-05-02 23:11:07 Times Seen201 Hash d948710b4330186bc7bbfa122e97f516 e1ca6f1ea4ea4951c39dfa0b81d94a4927c708de 795d84d74bf90574974f634824b918df9a72c1e7b813a420acdbbbeac16e4527 Loading...

	lxw.uxb.mybluehost.me/Tashy/net/files/js/jquery.js	87 kB	2023-03-07	2024-05-08
Pretty URL lxw.uxb.mybluehost.me/Tashy/net/files/js/jquery.js IP 162.241.230.224 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:26 Last Seen2024-05-08 06:52:32 Times Seen12277 Hash af4078402c5e090d3f81d1abd71e2250 9592732de681f4365e9b7016dc5cf76e2a55ee9b 8603b20b548270423fb03c2138c16f5f863ead4c48eb0999167df869e2eef8a6 Loading...

	lxw.uxb.mybluehost.me/Tashy/net/files/js/modernizr.min.js	3.8 kB	2023-03-07	2024-05-08
Pretty URL lxw.uxb.mybluehost.me/Tashy/net/files/js/modernizr.min.js IP 162.241.230.224 ASN #46606 UNIFIEDLAYER-AS-1 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:30 Last Seen2024-05-08 06:52:32 Times Seen1043 Hash a635a55ddb6339a3d0d01c641f670753 a6dee4a1df6c51b82ce2e67323514e7de4e165d4 a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44 Loading...

HTTP Transactions (23)

URL IP Response Size

js.stripe.com/v3

151.101.192.176

170 kB

URL
js.stripe.com/v3
IP
151.101.192.176:0
ASN
#54113 FASTLY

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65530), with no line terminators
Size
170 kB (170422 bytes)
Hash
206d0cb0f8a398cba3f6c5c045508c70
491d13ee41c9ceb1fce38df272950e138a119d0d
c48024e8c131ee717ceb86e61514a65d2fab951b90b6d99d1708f26c7f77ac1c

HTTP Headers

GET /v3 HTTP/1.1
Host: js.stripe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dodostar.formstack.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Fri, 26 Apr 2024 18:01:23 GMT
etag: "206d0cb0f8a398cba3f6c5c045508c70"
cache-control: max-age=60
content-type: text/javascript; charset=utf-8
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: Fastly
content-encoding: br
accept-ranges: bytes
date: Sat, 27 Apr 2024 04:21:51 GMT
via: 1.1 varnish
age: 41
x-request-id: 6def3331-1c18-4254-84bd-ed5e40f5427a
x-served-by: cache-hel1410026-HEL
x-cache: HIT
x-cache-hits: 37
vary: Accept-Encoding
timing-allow-origin: *
content-length: 170422
X-Firefox-Spdy: h2

static.formstack.com/forms/forms-renderer/static/image/referralBadge.png

54.230.111.58

319 B

URL
static.formstack.com/forms/forms-renderer/static/image/referralBadge.png
IP
54.230.111.58:0
ASN
#16509 AMAZON-02

File type
PNG image data, 24 x 22, 8-bit colormap, non-interlaced
Size
319 B (319 bytes)
Hash
5d25115614e14c1f1c32a6e38a718b39
7f56007a48cfac5fea722c516b69090a2bad0374
b440890d9a4023c9b2a1aa8a3232ad9ee870ad88101303b029c4b2008e7244a7

HTTP Headers

GET /forms/forms-renderer/static/image/referralBadge.png HTTP/1.1
Host: static.formstack.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dodostar.formstack.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: CloudFront
content-type: image/png
content-length: 319
date: Fri, 26 Apr 2024 22:00:13 GMT
last-modified: Thu, 25 Apr 2024 19:42:41 GMT
etag: "662ab231-13f"
cache-control: public, s-maxage=86400
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UrH6Z8zINT7kIliYQYdI2H3y_JA24nax1o8-sZl9b_PGWpN4RWpzyQ==
age: 22898
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
X-Firefox-Spdy: h2

js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

151.101.192.176

154 B

URL
js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
IP
151.101.192.176:0
ASN
#54113 FASTLY

File type
HTML document, ASCII text, with no line terminators
Size
154 B (154 bytes)
Hash
3437aaddcdf6922d623e172c2d6f9278
f69066cf20141ac93418102d3eee7c0225b8a623
35dcc382eb69d00369d708708cdc545f3968b68fa5bbe3e728d11fedd04f93bb

HTTP Headers

GET /v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html HTTP/1.1
Host: js.stripe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dodostar.formstack.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 11 Nov 2022 20:25:37 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
cache-control: max-age=31536000
content-type: text/html; charset=utf-8
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: Fastly
content-encoding: br
accept-ranges: bytes
date: Sat, 27 Apr 2024 04:21:51 GMT
via: 1.1 varnish
age: 11720526
x-request-id: a3c14edc-932e-49a1-9a3a-720da660c449
x-served-by: cache-hel1410026-HEL
x-cache: HIT
x-cache-hits: 935796
vary: Accept-Encoding
timing-allow-origin: *
content-length: 154
X-Firefox-Spdy: h2

js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js

151.101.192.176

315 B

URL
js.stripe.com/v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js
IP
151.101.192.176:0
ASN
#54113 FASTLY

File type
JavaScript source, ASCII text, with very long lines (526), with no line terminators
Size
315 B (315 bytes)
Hash
d96c709017743c0759cf3853d1806ba5
72e21587610c49c8305a55e71f73fa88ed618205
ba2338aa6670580269c762f51c4291daef913201aa8f4d4fd166c1a878262652

HTTP Headers

GET /v3/fingerprinted/js/m-outer-15a2b40a058ddff1cffdb63779fe3de1.js HTTP/1.1
Host: js.stripe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Fri, 11 Nov 2022 20:25:36 GMT
etag: "d96c709017743c0759cf3853d1806ba5"
cache-control: max-age=31536000
content-type: text/javascript; charset=utf-8
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: Fastly
content-encoding: br
accept-ranges: bytes
date: Sat, 27 Apr 2024 04:21:51 GMT
via: 1.1 varnish
age: 11095868
x-request-id: 5d9420de-142c-4935-8868-b3db776e93f0
x-served-by: cache-hel1410026-HEL
x-cache: HIT
x-cache-hits: 897257
vary: Accept-Encoding
timing-allow-origin: *
content-length: 315
X-Firefox-Spdy: h2

m.stripe.network/inner.html

151.101.192.176

540 B

URL
m.stripe.network/inner.html
IP
151.101.192.176:0
ASN
#54113 FASTLY

File type
HTML document, ASCII text, with very long lines (930), with no line terminators
Size
540 B (540 bytes)
Hash
06bfcd88af438673a8bf9b845a11aa6e
d024a745032cbe115526abe648d9fa0f0a10a681
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

HTTP Headers

GET /inner.html HTTP/1.1
Host: m.stripe.network
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: max-age=300, public
content-type: text/html; charset=utf-8
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
server: Fastly
content-encoding: br
accept-ranges: bytes
date: Sat, 27 Apr 2024 04:21:51 GMT
via: 1.1 varnish
age: 19
x-request-id: 167e0ac7-3780-454e-aa28-2febdccb5c04
x-served-by: cache-hel1410026-HEL
x-cache: HIT
x-cache-hits: 26
x-timer: S1714191712.674747,VS0,VE0
vary: Accept-Encoding, Origin
content-length: 540
X-Firefox-Spdy: h2

m.stripe.network/out-4.5.43.js

151.101.192.176

16 kB

URL
m.stripe.network/out-4.5.43.js
IP
151.101.192.176:0
ASN
#54113 FASTLY

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
16 kB (15509 bytes)
Hash
69cb7809b5011312e716f29b3d19dce6
833dabfb546d57065aeba7190b5ee5a2428dfa47
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

HTTP Headers

GET /out-4.5.43.js HTTP/1.1
Host: m.stripe.network
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.stripe.network/inner.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: max-age=300, public
content-type: text/javascript; charset=utf-8
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
server: Fastly
content-encoding: br
accept-ranges: bytes
date: Sat, 27 Apr 2024 04:21:51 GMT
via: 1.1 varnish
age: 53
x-request-id: 7486dc8e-51e7-415f-8ffb-888cca8f36e5
x-served-by: cache-hel1410026-HEL
x-cache: HIT
x-cache-hits: 59
x-timer: S1714191712.788495,VS0,VE0
vary: Accept-Encoding, Origin
content-length: 15509
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy

162.241.230.224

301 Moved Permanently

244 B

URL User Request GET HTTP/2
lxw.uxb.mybluehost.me/Tashy
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type
HTML document, ASCII text
Size
244 B (244 bytes)
Hash
719de419a20f0062fceee6542098863b
9a8a3d85605390989b4793a2b2c0984a2378eff6
a756e99aae21cdd264a36e3978a51834953e0e83544a8ee36f33cf4196deab09

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dodostar.formstack.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
location: https://lxw.uxb.mybluehost.me/Tashy/
cache-control: max-age=7200
expires: Sat, 27 Apr 2024 06:21:51 GMT
content-length: 244
content-type: text/html; charset=iso-8859-1
date: Sat, 27 Apr 2024 04:21:51 GMT
server: Apache
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy/

162.241.230.224

302 Found

0 B

URL User Request GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/ HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dodostar.formstack.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd; path=/
location: net/
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 27 Apr 2024 04:21:52 GMT
server: Apache
X-Firefox-Spdy: h2

m.stripe.com/6

44.229.0.33

156 B

URL
m.stripe.com/6
IP
44.229.0.33:0
ASN
#16509 AMAZON-02

File type
JSON text data
Size
156 B (156 bytes)
Hash
5d1a0cbd49f3cb1a8be12202eae29727
a21618595f32dab7eee1acb8ec67b9113d023760
da0f51f3aaf0c58e5f3a5f4a3bf95112ca51da8ae50801aedf18f7d50d3b249a

HTTP Headers

POST /6 HTTP/1.1
Host: m.stripe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3184
Origin: https://m.stripe.network
DNT: 1
Connection: keep-alive
Referer: https://m.stripe.network/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 27 Apr 2024 04:21:52 GMT
content-length: 156
set-cookie: m=8409fb89-f280-4b6d-8e93-3534533aee15066479;Expires=Mon, 27-Apr-2026 04:21:52 GMT;Secure;HttpOnly; SameSite=None
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1714191712602137
x-stripe-server-envoy-upstream-service-time-ms: 2
x-envoy-attempt-count: 1
x-stripe-bg-intended-route-color: blue
x-stripe-client-envoy-start-time-us: 1714191712601950
access-control-allow-origin: https://m.stripe.network
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-type: application/json;charset=utf-8
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy/net/

162.241.230.224

302 Found

0 B

URL User Request GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/net/
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/net/ HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dodostar.formstack.com/
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: login.php
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 27 Apr 2024 04:21:52 GMT
server: Apache
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy/net/login.php

162.241.230.224

200 OK

2.5 kB

URL User Request GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/net/login.php
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
2.5 kB (2456 bytes)
Hash
f93f3b52746ad85ff14c26644d137c03
d9e836626d726c773c582cb04eb48da011186dec
100814dc5c52364fc6383b92760f5061575299c3e5ab52a8faf71160e9d7aca4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/net/login.php HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dodostar.formstack.com/
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-length: 2456
content-type: text/html; charset=UTF-8
date: Sat, 27 Apr 2024 04:21:54 GMT
server: Apache
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy/net/files/js/jquery.mask.js

162.241.230.224

200 OK

3.7 kB

URL GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/net/files/js/jquery.mask.js
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type
JavaScript source, ASCII text, with very long lines (537)
Size
3.7 kB (3699 bytes)
Hash
9d8349c5ae98f1d6591ecce50e54403a
62f6a07fa6a0531ac0f6aae7988356ff28b09d73
38c89b667f0b98ab618ce6eef2947a58b9cac93e4dce667fec781562c34cd66e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/net/files/js/jquery.mask.js HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 06 May 2018 08:07:42 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Sun, 28 Apr 2024 04:21:55 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-length: 3699
content-type: application/javascript
date: Sat, 27 Apr 2024 04:21:55 GMT
server: Apache
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy/net/files/js/modernizr.min.js

162.241.230.224

200 OK

1.9 kB

URL GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/net/files/js/modernizr.min.js
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type
JavaScript source, ASCII text, with very long lines (3807), with no line terminators
Size
1.9 kB (1866 bytes)
Hash
a635a55ddb6339a3d0d01c641f670753
a6dee4a1df6c51b82ce2e67323514e7de4e165d4
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/net/files/js/modernizr.min.js HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 22 Dec 2020 11:10:10 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Sun, 28 Apr 2024 04:21:55 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-length: 1866
content-type: application/javascript
date: Sat, 27 Apr 2024 04:21:55 GMT
server: Apache
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy/net/files/img/bg.jpg

162.241.230.224

200 OK

120 kB

URL GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/net/files/img/bg.jpg
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1125, components 3
Size
120 kB (120105 bytes)
Hash
5f6f14c7e213792c78d8fc08ced0840c
9700da5cdd4b261c657540b4d4d49c90cd57cdac
cde4074549e72df2b148594b13728b01118887d02d99e5e7d67c5d1e54cc6669

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/net/files/img/bg.jpg HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 16 Sep 2018 05:57:46 GMT
accept-ranges: bytes
content-length: 120105
cache-control: max-age=86400
expires: Sun, 28 Apr 2024 04:21:55 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: image/jpeg
date: Sat, 27 Apr 2024 04:21:55 GMT
server: Apache
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy/net/files/img/fb.png

162.241.230.224

200 OK

1.5 kB

URL GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/net/files/img/fb.png
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type
PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced
Size
1.5 kB (1455 bytes)
Hash
a33ca47ef110b6e3ec5086b8776407d3
dff5bbbe61b4920a23fb21a7fca69ca9e94dcb6c
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/net/files/img/fb.png HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 16 Sep 2018 05:57:46 GMT
accept-ranges: bytes
content-length: 1455
cache-control: max-age=86400
expires: Sun, 28 Apr 2024 04:21:55 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: image/png
date: Sat, 27 Apr 2024 04:21:55 GMT
server: Apache
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy/net/files/js/jquery.ccvalid.js

162.241.230.224

200 OK

2.1 kB

URL GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/net/files/js/jquery.ccvalid.js
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type
JavaScript source, ASCII text
Size
2.1 kB (2137 bytes)
Hash
2f24b339e94eb18fdfd5cd5a60e82546
2abf52df7041eac55e0f59bf867053d4cb29891a
ca83477931d09aca84c55e779bb2e6ef502b1af1bef668de771b8209a43eb11b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/net/files/js/jquery.ccvalid.js HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 06 May 2018 08:05:54 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Sun, 28 Apr 2024 04:21:55 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-length: 2137
content-type: application/javascript
date: Sat, 27 Apr 2024 04:21:55 GMT
server: Apache
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy/net/files/img/logo.svg

162.241.230.224

200 OK

864 B

URL GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/net/files/img/logo.svg
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type
SVG Scalable Vector Graphics image
Size
864 B (864 bytes)
Hash
c6a2d2f507cb0f90edba00682d0dc854
ce2d00824f3b9edfd660105e670945c960c65c22
8a421d5798accee1c284865ac05cee792ad3f6bcb3c70ce1dcb954d23e86fdad

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/net/files/img/logo.svg HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 16 Sep 2018 06:52:30 GMT
accept-ranges: bytes
content-length: 864
cache-control: max-age=86400
expires: Sun, 28 Apr 2024 04:21:55 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: image/svg+xml
date: Sat, 27 Apr 2024 04:21:55 GMT
server: Apache
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy/net/files/css/none2.css

162.241.230.224

200 OK

36 kB

URL GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/net/files/css/none2.css
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type
gzip compressed data, from Unix
Size
36 kB (36148 bytes)
Hash
8b642bf979b82c334278e7192e29c45a
b0caf8d755f04b9edb8c16b0722fb0e0d325b67f
a8d9b0fb1890ef0168fce7ae85721fb31062305cec49ec69840d6326a6297166

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/net/files/css/none2.css HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 16 Nov 2020 04:42:38 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Sun, 28 Apr 2024 04:21:55 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: text/css
date: Sat, 27 Apr 2024 04:21:55 GMT
server: Apache
X-Firefox-Spdy: h2

assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff

45.57.91.1

200 OK

74 kB

URL GET HTTP/1.1
assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
IP
45.57.91.1:443
ASN
#40027 NETFLIX-ASN

Requested by
https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Certificate
IssuerDigiCert Inc
Subject*.1.nflxso.net
FingerprintE7:2C:DE:D0:C0:DF:6E:0A:BD:8A:CD:25:5A:8A:F7:AD:1D:42:31:15
ValiditySat, 20 Apr 2024 00:00:00 GMT - Wed, 22 May 2024 22:57:14 GMT

File type
Web Open Font Format, CFF, length 73572, version 0.0
Size
74 kB (73572 bytes)
Hash
7cf6156cc481244b5a254362d7b73f00
4391003d1cb06d2bd1921a5813a57604fa7d9935
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

HTTP Headers

GET /ffe/siteui/fonts/nf-icon-v1-93.woff HTTP/1.1
Host: assets.nflxext.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://lxw.uxb.mybluehost.me
DNT: 1
Connection: keep-alive
Referer: https://lxw.uxb.mybluehost.me/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 27 Apr 2024 04:21:56 GMT
Content-Type: font/woff
Content-Length: 73572
Connection: keep-alive
Content-MD5: fPYVbMSBJEtaJUNi17c/AA==
Last-Modified: Mon, 29 Jan 2018 01:50:51 GMT
Cache-Control: max-age=604801
Expires: Sat, 04 May 2024 04:21:57 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

lxw.uxb.mybluehost.me/Tashy/net/files/img/favicon.ico

162.241.230.224

200 OK

17 kB

URL GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/net/files/img/favicon.ico
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
Size
17 kB (16958 bytes)
Hash
41b45fdce09bd6acd07c7a8949da675e
931e18dfc6e7d950dc2f2bbdfe31e1ea720acf7c
abe8012eb65c0dc0ac3e87dcc1e60e1908ebd8f12b7c47a5df1856f7a7bb1edd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/net/files/img/favicon.ico HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Sep 2018 05:48:56 GMT
accept-ranges: bytes
content-length: 16958
cache-control: max-age=31536000
expires: Sun, 27 Apr 2025 04:21:56 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: image/x-icon
date: Sat, 27 Apr 2024 04:21:56 GMT
server: Apache
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy/net/files/img/favicon.png

162.241.230.224

200 OK

1.8 kB

URL GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/net/files/img/favicon.png
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1755 bytes)
Hash
3d194514babc5d7d010308a0f808ca51
867e51e9b4a474c19da52d6454076c007a9d01f2
7341f7b8b0ae3c0da4aea559efc31f0b53d9db9dd291664fdcf7d618fd95ed8a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/net/files/img/favicon.png HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 18 Sep 2018 05:48:30 GMT
accept-ranges: bytes
content-length: 1755
cache-control: max-age=86400
expires: Sun, 28 Apr 2024 04:21:56 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: image/png
date: Sat, 27 Apr 2024 04:21:56 GMT
server: Apache
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy/net/files/css/none.css

162.241.230.224

200 OK

149 kB

URL GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/net/files/css/none.css
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type
ASCII text, with very long lines (375), with CRLF line terminators
Size
149 kB (148910 bytes)
Hash
f1c287eb145ecb03b21e2c0d1a6165ed
5f0ae41689046c822b45877c9ccd03bff63c2fc5
996606e12517e3bb57e0a5f01fed3d7144e2d07a4d8076717a90285c351fa835

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/net/files/css/none.css HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Tue, 22 Dec 2020 11:11:34 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Sun, 28 Apr 2024 04:21:55 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: text/css
date: Sat, 27 Apr 2024 04:21:55 GMT
server: Apache
X-Firefox-Spdy: h2

lxw.uxb.mybluehost.me/Tashy/net/files/js/jquery.js

162.241.230.224

200 OK

87 kB

URL GET HTTP/2
lxw.uxb.mybluehost.me/Tashy/net/files/js/jquery.js
IP
162.241.230.224:443
ASN
#46606 UNIFIEDLAYER-AS-1

Requested by
https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Certificate
IssuerLet's Encrypt
Subjectwebdisk.lxw.uxb.mybluehost.me
Fingerprint98:C1:40:49:B4:E0:AD:73:79:78:56:A4:55:98:1D:C1:5A:1A:9F:6C
ValidityWed, 24 Apr 2024 09:16:28 GMT - Tue, 23 Jul 2024 09:16:27 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
87 kB (86841 bytes)
Hash
af4078402c5e090d3f81d1abd71e2250
9592732de681f4365e9b7016dc5cf76e2a55ee9b
8603b20b548270423fb03c2138c16f5f863ead4c48eb0999167df869e2eef8a6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Tashy/net/files/js/jquery.js HTTP/1.1
Host: lxw.uxb.mybluehost.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://lxw.uxb.mybluehost.me/Tashy/net/login.php
Cookie: PHPSESSID=ce409696951f339bb2150b3d28c647cd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 06 May 2018 08:07:04 GMT
accept-ranges: bytes
cache-control: max-age=86400
expires: Sun, 28 Apr 2024 04:21:55 GMT
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-newfold-cache-level: 2
content-type: application/javascript
date: Sat, 27 Apr 2024 04:21:55 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (23)

URL

IP

ASN

File type