{"report_id":"729bd543-95e7-478f-88c5-c03e3df441d5","version":6,"status":"done","tags":["netflix","phishing"],"date":"2026-06-01T01:34:38Z","url":{"schema":"http","addr":"netpayment.eu","fqdn":"netpayment.eu","domain":"netpayment.eu","tld":"eu"},"ip":{"addr":"185.193.127.68","port":0,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"final":{"url":{"schema":"https","addr":"netpayment.eu/","fqdn":"netpayment.eu","domain":"netpayment.eu","tld":"eu"},"title":"Netflix","dom":{"size":288335,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (23533)","md5":"8ea2f8bc081884ab7f37e888d41335fb","sha1":"1e3eaa9dfc9bce627e0cb34c55b2dee42f8f059d","sha256":"1444a68d01ff4681da1559c2abbf550c045483e1411190719c39d898361b77aa","sha512":"3fd1644d5eb36ac7ec975b1d510de6b831866f36e41f8f3a94543fdcfddfcd253f13af0acad1c8e0a9d0efc308ba12d73d95448d158fbd3e9058299143ce2dfd","ssdeep":"6144:0bqJgtI2mDoiThX2XVXtc2BgXw3QPpuzxTCHD9+gAuG/5hOXwn4zLiTl:Cj","tlshash":"b4546150998e86bdb5935e7da5d4600aa611fc3cda7070d4e7c2067ca3dffb6a21238c","dom_hash":"domhash925f689cdfa1cd219fec48f42ece298a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"netpayment.eu","fqdn":"netpayment.eu","domain":"netpayment.eu","tld":"eu"},"ip":{"addr":"185.193.127.68","port":0,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-06T01:34:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"netpayment.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"netpayment.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"netpayment.eu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"netpayment.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]},"summary":[{"fqdn":"occ-0-2267-360.1.nflxso.net","ip":{"addr":"212.113.160.226","port":443,"asn":2860,"as":"Nos Comunicacoes, S.A.","country":"Portugal","country_code":"PT"},"domain_registered":"2016-03-25","domain_rank":0,"first_seen":"2026-06-01T00:47:26.148952Z","last_seen":"2026-06-01T00:47:26.148952Z","alert_count":0,"request_count":1,"received_data":198711,"sent_data":530,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"assets.nflxext.com","ip":{"addr":"45.57.91.1","port":443,"asn":40027,"as":"NETFLIX-ASN","country":"United States","country_code":"US"},"domain_registered":"2011-02-11","domain_rank":22756,"first_seen":"2015-07-22T04:02:07Z","last_seen":"2026-05-25T12:38:57.523042Z","alert_count":0,"request_count":7,"received_data":4668980,"sent_data":3588,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"netpayment.eu","ip":{"addr":"185.193.127.68","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-01T00:47:26.150309Z","last_seen":"2026-06-01T00:47:26.150309Z","alert_count":15,"request_count":3,"received_data":291386,"sent_data":1329,"comment":"","tags":null,"fingerprints":[{"name":"Debian","description":"Debian is a Linux software which is a free open-source software.","website":"https://debian.org","common_platform_enumeration":"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*","icon":"Debian.png","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.67","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"occ.a.nflxso.net","ip":{"addr":"45.57.91.1","port":443,"asn":40027,"as":"NETFLIX-ASN","country":"United States","country_code":"US"},"domain_registered":"2016-03-25","domain_rank":32385,"first_seen":"2019-05-18T18:09:06Z","last_seen":"2026-05-30T07:42:15.789236Z","alert_count":0,"request_count":1,"received_data":451113,"sent_data":554,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"netpayment.eu/assets/completed-guard.js","fqdn":"netpayment.eu","domain":"netpayment.eu","tld":"eu"},"ip":{"addr":"185.193.127.68","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"introduction_type":"scriptElement","is_inline":false,"md5":"8139e564accf24a9e02314a2d4bfdc4e","sha1":"3c2f56e99ae4b14e93e9cb57097aa40d1295bdcb","sha256":"d5cee5f115c48c2b82120fb7cb9b87a28b3d29caeb00869bbad9a5ef132cd075","sha512":"11fd928f19179c8c6b7dcfb36a58c5df4d930e91dbc219c8afbd606d436344c11b720e692e6e756f6b4c86ff79f89b4083b72f4f3772d02339498b1c2225e591","ssdeep":"","tlshash":"fee0a3dd38d4085261072925054f806d347355873519d942ba4c5a706f3067f4e979cd","size":424,"data":"","first_seen":"2026-06-01T00:47:31.140367Z","last_seen":"2026-06-01T04:45:40.095276Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"netpayment.eu/offline-local-fix.js","fqdn":"netpayment.eu","domain":"netpayment.eu","tld":"eu"},"ip":{"addr":"185.193.127.68","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"introduction_type":"scriptElement","is_inline":false,"md5":"9d0d47299c2652a2fe31cc72afefd57e","sha1":"c7a200e634a7aed0a6e8935d8e8167e4da3f33a6","sha256":"1713bb5b6243f6945e796ecefe05c6b7488fc1a01122f1bc27063646b0797195","sha512":"c35edae1cf8f684db2f4af2984073850114313819b29bcf2f3a9eb690e78efd1a7341f51e53ee0e79166274612339f63f8518793afa2b81a16ffe55eb35f5d54","ssdeep":"","tlshash":"fd41312561f712701223517d63dfb3a83e3490032208dd143eac6fa81fdaf67a171a9e","size":2345,"data":"","first_seen":"2026-06-01T00:47:31.139237Z","last_seen":"2026-06-01T04:45:40.09671Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"occ-0-2267-360.1.nflxso.net/dnm/api/v6/iMyKkw5SVrkCXbCfSBEb_Pjar5Y/AAAAQBTxE26zgLJoqZnmxUCfZtVJ2HbJUsVonZ_9Uo-pn68zarPK.png","fqdn":"occ-0-2267-360.1.nflxso.net","domain":"nflxso.net","tld":"net"},"ip":{"addr":"212.113.160.226","port":443,"asn":2860,"as":"Nos Comunicacoes, S.A.","country":"Portugal","country_code":"PT"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://netpayment.eu/","date":"2026-06-01T01:34:17.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.1.nflxso.net","organization":"Netflix"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Sat, 30 May 2026 00:00:00 GMT","end":"Sat, 04 Jul 2026 01:54:17 GMT"},"fingerprint":{"sha1":"3A:38:17:3E:6A:28:06:57:8E:E9:02:C0:9E:B2:22:C0:6C:6A:4A:0A","sha256":"D4:9D:1D:9C:33:68:85:B1:44:5A:FA:44:B2:62:5B:D9:C3:A9:64:2E:3F:7C:40:FA:FA:F1:F5:70:42:A1:4A:23"}}},"request":{"raw":"GET /dnm/api/v6/iMyKkw5SVrkCXbCfSBEb_Pjar5Y/AAAAQBTxE26zgLJoqZnmxUCfZtVJ2HbJUsVonZ_9Uo-pn68zarPK.png HTTP/1.1\r\nHost: occ-0-2267-360.1.nflxso.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://netpayment.eu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: freenginx\r\nDate: Mon, 01 Jun 2026 01:34:17 GMT\r\nContent-Type: image/png\r\nContent-Length: 198254\r\nConnection: keep-alive\r\nlast-modified: Tue, 02 Sep 2025 15:19:44 GMT\r\netag: \"18f4ac7ff79e4be92ae7aed378b5eaaf\"\r\naccept-ch: Device-Memory, Downlink, DPR, ECT, RTT, Save-Data, Viewport-Width, Width\r\ncache-control: max-age=31104000, public, s-maxage=604800\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":198254,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1280 x 800, 8-bit/color RGBA, non-interlaced","md5":"18f4ac7ff79e4be92ae7aed378b5eaaf","sha1":"6e558bccc6d209a4a10bb3295668da0fa0807e51","sha256":"6621f4544a0ebcfd965571df19e0e1d8c85df8a7d6acfb9dc2b44c77884aaa72","sha512":"37b42fb06541c7858c6f1b8b215f3215f297408d900dca7b598c2fcde7b4f698a1adfb13d783bdd38c62afd91d076a5996ce7624d8b6317877585cb3625fd96b","ssdeep":"3072:Qd4bITot6GlDeilLGYHclEsEvqttC5TatmITZ+rwqC9k624BbO1W1arZzcmQPFvt:QycTo6GBrlDSEy7XpT0dGzBCQzht","tlshash":"ed142384019ee27a77c5977d69d67988f89a2c3eed3b67b720c387601a97c3c6e01006","first_seen":"2025-10-24T02:29:45.994298Z","last_seen":"2026-06-11T07:37:52.703458Z","times_seen":44,"resource_available":false,"data":null}},"time_used":2316,"timings":{"blocked":528,"dns":35,"connect":93,"send":0,"wait":95,"receive":1156,"ssl":405},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Rg.woff2","fqdn":"assets.nflxext.com","domain":"nflxext.com","tld":"com"},"ip":{"addr":"45.57.91.1","port":443,"asn":40027,"as":"NETFLIX-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://netpayment.eu/","date":"2026-06-01T01:34:17.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.1.nflxso.net","organization":"Netflix"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 06 May 2026 00:00:00 GMT","end":"Fri, 12 Jun 2026 00:11:28 GMT"},"fingerprint":{"sha1":"25:6A:EB:CD:0B:A3:73:F0:80:95:F7:80:CF:CB:CE:72:DC:3C:E6:B8","sha256":"93:DF:F0:46:C0:55:3A:34:06:1F:6E:E5:D6:13:AF:09:C2:04:A7:A8:7D:52:DE:3C:E4:3B:6E:F4:EB:3D:8F:F8"}}},"request":{"raw":"GET /ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Rg.woff2 HTTP/1.1\r\nHost: assets.nflxext.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://netpayment.eu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://assets.nflxext.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: freenginx\r\nDate: Mon, 01 Jun 2026 01:34:17 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 53304\r\nConnection: keep-alive\r\nContent-MD5: C/MXfx/tbZUxeCIfukPH6A==\r\nLast-Modified: Thu, 17 Jan 2019 20:16:30 GMT\r\nCache-Control: max-age=604801\r\nExpires: Mon, 08 Jun 2026 01:34:18 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53304,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 53304, version 2.6554","md5":"0bf3177f1fed6d953178221fba43c7e8","sha1":"83d9f039f1ba7209321c7da72d3dc6a9aa5e2ab3","sha256":"c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167","sha512":"76ebfc377313354b469aca9695cdc28bb76e8ff015156d0f2ddbb45c763d4822808014e8e742ba3dfa447981bbdd2b7603e852c77b78aa52ff8de452094ecf0c","ssdeep":"1536:t21aKxDJpWmqPuw/L5muh28j0JPVMib83e50+kPmb:t20uonjYm20MVM28uDIQ","tlshash":"d83301020c97d667910cca53e475a6bfbcc0c7c09a68d0d91a3ddb779b4b0ca8c9ea06","first_seen":"2023-05-02T12:35:36Z","last_seen":"2026-06-20T07:25:28.865938Z","times_seen":2503,"resource_available":false,"data":null}},"time_used":279,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":228,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Bd.woff2","fqdn":"assets.nflxext.com","domain":"nflxext.com","tld":"com"},"ip":{"addr":"45.57.91.1","port":443,"asn":40027,"as":"NETFLIX-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://netpayment.eu/","date":"2026-06-01T01:34:17.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.1.nflxso.net","organization":"Netflix"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 28 May 2026 00:00:00 GMT","end":"Sat, 04 Jul 2026 00:10:16 GMT"},"fingerprint":{"sha1":"02:CE:36:11:62:7D:2D:75:47:54:2F:C0:44:3A:86:50:16:AF:3F:A3","sha256":"7A:F8:FC:33:56:45:63:2C:6F:7B:31:AA:AF:89:87:F6:AE:EE:BA:C1:A8:5A:34:C9:C6:C0:A8:1F:07:42:48:F4"}}},"request":{"raw":"GET /ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Bd.woff2 HTTP/1.1\r\nHost: assets.nflxext.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://netpayment.eu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://assets.nflxext.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: freenginx\r\nDate: Mon, 01 Jun 2026 01:34:17 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 55228\r\nConnection: keep-alive\r\nContent-MD5: iMafL3dhn8cfItg2Q/mGRQ==\r\nLast-Modified: Thu, 17 Jan 2019 20:16:30 GMT\r\nCache-Control: max-age=604801\r\nExpires: Mon, 08 Jun 2026 01:34:18 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55228,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 55228, version 2.6554","md5":"88c69f2f77619fc71f22d83643f98645","sha1":"9074bca7ca0541efd221d12d30a33e3b74cf824b","sha256":"6cc71e5053b6599423f3ba402e6e50c04907b9ba93c3211a56dd32e3a2e6cf4d","sha512":"de6df301e13db3cfb0bac64a2dd79fa2cb629bf3b47be2bd5548d4bf967460b5ef104c1b4d6f862ee053390482e1275503f517e4f57ce5ca0a184e158817468f","ssdeep":"1536:3adOtIySeasYqT9Xa/AwOrmGTKnhl0z3iM:3zIFsvxa/1DG+nRM","tlshash":"1b43026229a3519c001fac3b4c935b5445d50ac9a2ba085617cc2cfe9efe73cb664ecd","first_seen":"2023-05-08T17:27:26Z","last_seen":"2026-06-14T13:37:20.04932Z","times_seen":748,"resource_available":false,"data":null}},"time_used":1020,"timings":{"blocked":402,"dns":1,"connect":50,"send":0,"wait":51,"receive":159,"ssl":353},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.nflxext.com/us/ffe/siteui/common/icons/nficon2016.png","fqdn":"assets.nflxext.com","domain":"nflxext.com","tld":"com"},"ip":{"addr":"45.57.91.1","port":443,"asn":40027,"as":"NETFLIX-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://netpayment.eu/","date":"2026-06-01T01:34:18.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.1.nflxso.net","organization":"Netflix"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 03 May 2026 00:00:00 GMT","end":"Tue, 09 Jun 2026 00:12:42 GMT"},"fingerprint":{"sha1":"ED:BC:79:7E:E1:23:4D:9D:01:F9:62:62:9C:AE:BA:C8:38:FE:1E:94","sha256":"B7:D7:6F:63:F8:C5:8A:0A:26:9C:3D:95:AE:EE:F8:0B:09:82:DB:96:1F:8A:59:B4:8C:CD:12:22:BB:AA:AC:66"}}},"request":{"raw":"GET /us/ffe/siteui/common/icons/nficon2016.png HTTP/1.1\r\nHost: assets.nflxext.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://netpayment.eu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: freenginx\r\nDate: Mon, 01 Jun 2026 01:34:18 GMT\r\nContent-Type: image/png\r\nContent-Length: 1755\r\nConnection: keep-alive\r\nContent-MD5: PRlFFLq8XX0BAwig+AjKUQ==\r\nLast-Modified: Tue, 21 Jun 2016 22:29:33 GMT\r\nCache-Control: max-age=604801\r\nExpires: Mon, 08 Jun 2026 01:34:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1755,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"3d194514babc5d7d010308a0f808ca51","sha1":"867e51e9b4a474c19da52d6454076c007a9d01f2","sha256":"7341f7b8b0ae3c0da4aea559efc31f0b53d9db9dd291664fdcf7d618fd95ed8a","sha512":"0f74161fa4324dab47e9152d8f771357506935ff028790c08d99bcb84d56ffe148995334e7da079a641994395d19b94615473846b932e44152a21c6ea6b7fc17","ssdeep":"","tlshash":"e731e9e05118afda2ce916cc091244bcdd5b6616c815dad1ecc9b4f82800f0ff5d5d9e","first_seen":"2023-04-21T18:59:15Z","last_seen":"2026-06-16T01:05:11.502687Z","times_seen":3003,"resource_available":false,"data":null}},"time_used":462,"timings":{"blocked":-1,"dns":4,"connect":51,"send":0,"wait":59,"receive":0,"ssl":344},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.nflxext.com/us/ffe/siteui/common/icons/nficon2023.ico","fqdn":"assets.nflxext.com","domain":"nflxext.com","tld":"com"},"ip":{"addr":"45.57.91.1","port":443,"asn":40027,"as":"NETFLIX-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://netpayment.eu/","date":"2026-06-01T01:34:18.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.1.nflxso.net","organization":"Netflix"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 04 May 2026 00:00:00 GMT","end":"Wed, 10 Jun 2026 00:49:05 GMT"},"fingerprint":{"sha1":"C4:8C:B2:A4:1F:AB:B9:51:30:CE:5C:54:B0:C9:AA:4B:A2:ED:B0:55","sha256":"49:29:17:BB:00:76:6B:76:98:31:C4:E8:D2:F0:3C:25:9B:7B:AD:90:59:BD:0D:5D:71:F3:44:07:CF:AF:47:9C"}}},"request":{"raw":"GET /us/ffe/siteui/common/icons/nficon2023.ico HTTP/1.1\r\nHost: assets.nflxext.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://netpayment.eu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: freenginx\r\nDate: Mon, 01 Jun 2026 01:34:18 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 9854\r\nConnection: keep-alive\r\nContent-MD5: WPVNnqFRdmcYAr6+7k2kyw==\r\nLast-Modified: Thu, 31 Aug 2023 18:57:29 GMT\r\nCache-Control: max-age=604801\r\nExpires: Mon, 08 Jun 2026 01:34:19 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9854,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel","md5":"58f54d9ea15176671802bebeee4da4cb","sha1":"4ba1cb97814772435962f3ac25af0def81851735","sha256":"9c5f7722c5df8eb24dda20ecc01c9f73e3103e10052fd980da4e7d9f753a97d3","sha512":"32e6c1ac6220b03bafb9215e4db4cf91352573c34a82accc893b4c7d4d3194d495e241c2f814372930a988688492926fe1d9a5576d2e46378c9f6d1e927c71db","ssdeep":"48:5uZhmwr2VEbaA+8H3J7HZqH0S/DHDHp8HfH5gAaqHwMqHBVqH/6BqHAtvqHAAcqK:shm0AN6YHEOFtwVPmyqPmorAtAco","tlshash":"8a12a02710c35d6cfe016eb8d297ec3a517d40ddeefe82e79a81bd390612146a5cb8e4","first_seen":"2023-09-08T13:51:14Z","last_seen":"2026-06-20T13:37:45.066955Z","times_seen":2142,"resource_available":false,"data":null}},"time_used":461,"timings":{"blocked":-1,"dns":3,"connect":51,"send":0,"wait":50,"receive":41,"ssl":317},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"netpayment.eu/","fqdn":"netpayment.eu","domain":"netpayment.eu","tld":"eu"},"ip":{"addr":"185.193.127.68","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-01T01:34:15.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"netpayment.eu","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 14:07:42 GMT","end":"Sat, 29 Aug 2026 14:07:41 GMT"},"fingerprint":{"sha1":"E2:85:BE:B3:04:EC:CA:F9:08:CD:92:80:B0:D2:0B:83:70:A1:E5:F7","sha256":"6A:9B:45:62:B1:64:2A:8E:AB:5B:04:95:41:F5:33:E0:E8:A4:30:EE:3F:C4:13:8A:E0:14:34:08:66:DC:4F:00"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: netpayment.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 01 Jun 2026 01:34:16 GMT\r\nServer: Apache/2.4.67 (Debian)\r\nLast-Modified: Sun, 31 May 2026 09:43:02 GMT\r\nETag: \"46368-65319e770c2f7-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 23282\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Debian","description":"Debian is a Linux software which is a free open-source software.","website":"https://debian.org","common_platform_enumeration":"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*","icon":"Debian.png","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.67","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":287592,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (23533), with CRLF line terminators","md5":"bcf069e7363ba10fc5c4b493271ff089","sha1":"d347329d692e4c10e67f548acb7aa174c8fa5c70","sha256":"a2650ef26cc9b8fea08b373e02d26af97f6264e5839fe23727a4ce8ed684405b","sha512":"3ac4a139a38dafef4af12225a98c48ef88c12c45898ede1d58cb1fe62d3b4af587a50dce4768002ead16f5c150f189f84e1aa8560cdf1a80df64ed4fb68a3c3f","ssdeep":"6144:VSuDDZC2mDoiThX2XVXtc2BgXw3QPpuzxTCHD9+gAuG/5hOXwn4zLiT2:pq","tlshash":"6c545150998e86bdb5935e7da5d46006a611fc3cda7070d4e7c2067ca3effb6a21238c","first_seen":"2026-06-01T00:47:31.136102Z","last_seen":"2026-06-01T04:45:40.099206Z","times_seen":3,"resource_available":true,"data":null}},"time_used":409,"timings":{"blocked":139,"dns":1,"connect":60,"send":0,"wait":70,"receive":60,"ssl":76},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"netpayment.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"netpayment.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"netpayment.eu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"netpayment.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"netpayment.eu/assets/completed-guard.js","fqdn":"netpayment.eu","domain":"netpayment.eu","tld":"eu"},"ip":{"addr":"185.193.127.68","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://netpayment.eu/","date":"2026-06-01T01:34:16.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"netpayment.eu","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 14:07:42 GMT","end":"Sat, 29 Aug 2026 14:07:41 GMT"},"fingerprint":{"sha1":"E2:85:BE:B3:04:EC:CA:F9:08:CD:92:80:B0:D2:0B:83:70:A1:E5:F7","sha256":"6A:9B:45:62:B1:64:2A:8E:AB:5B:04:95:41:F5:33:E0:E8:A4:30:EE:3F:C4:13:8A:E0:14:34:08:66:DC:4F:00"}}},"request":{"raw":"GET /assets/completed-guard.js HTTP/1.1\r\nHost: netpayment.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://netpayment.eu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 01 Jun 2026 01:34:16 GMT\r\nServer: Apache/2.4.67 (Debian)\r\nLast-Modified: Sun, 31 May 2026 09:42:47 GMT\r\nETag: \"1a8-65319e687f81f-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 288\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/javascript\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Debian","description":"Debian is a Linux software which is a free open-source software.","website":"https://debian.org","common_platform_enumeration":"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*","icon":"Debian.png","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.67","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":424,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"8139e564accf24a9e02314a2d4bfdc4e","sha1":"3c2f56e99ae4b14e93e9cb57097aa40d1295bdcb","sha256":"d5cee5f115c48c2b82120fb7cb9b87a28b3d29caeb00869bbad9a5ef132cd075","sha512":"11fd928f19179c8c6b7dcfb36a58c5df4d930e91dbc219c8afbd606d436344c11b720e692e6e756f6b4c86ff79f89b4083b72f4f3772d02339498b1c2225e591","ssdeep":"","tlshash":"fee0a3dd38d4085261072925054f806d347355873519d942ba4c5a706f3067f4e979cd","first_seen":"2026-06-01T00:47:31.140367Z","last_seen":"2026-06-01T04:45:40.095276Z","times_seen":3,"resource_available":true,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":61,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"netpayment.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"netpayment.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"netpayment.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"netpayment.eu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"assets.nflxext.com/web/ffe/wp/@nf-web-ui/ui-shared/dist/less/pages/clcs/shared.fd4b86a52de5dc09baaa.css","fqdn":"assets.nflxext.com","domain":"nflxext.com","tld":"com"},"ip":{"addr":"45.57.91.1","port":443,"asn":40027,"as":"NETFLIX-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://netpayment.eu/","date":"2026-06-01T01:34:16.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.1.nflxso.net","organization":"Netflix"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Wed, 06 May 2026 00:00:00 GMT","end":"Fri, 12 Jun 2026 00:11:28 GMT"},"fingerprint":{"sha1":"25:6A:EB:CD:0B:A3:73:F0:80:95:F7:80:CF:CB:CE:72:DC:3C:E6:B8","sha256":"93:DF:F0:46:C0:55:3A:34:06:1F:6E:E5:D6:13:AF:09:C2:04:A7:A8:7D:52:DE:3C:E4:3B:6E:F4:EB:3D:8F:F8"}}},"request":{"raw":"GET /web/ffe/wp/@nf-web-ui/ui-shared/dist/less/pages/clcs/shared.fd4b86a52de5dc09baaa.css HTTP/1.1\r\nHost: assets.nflxext.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://netpayment.eu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://netpayment.eu/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: freenginx\r\nDate: Mon, 01 Jun 2026 01:34:16 GMT\r\nContent-Type: text/css\r\nContent-Length: 2441\r\nConnection: keep-alive\r\nLast-Modified: Thu, 31 Jul 2025 13:16:36 GMT\r\nContent-Encoding: gzip\r\nCache-Control: max-age=604801\r\nExpires: Mon, 08 Jun 2026 01:34:17 GMT\r\nTiming-Allow-Origin: *\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8972,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5726)","md5":"4dfba00c15c528adde7d21cd44b1a814","sha1":"fb2fb1e259165a1db46b56e9f2c4e941a8502810","sha256":"672c6c0836773fbf62f08657298653fce32bdfe75f8685dc1c40c65acd1fa6f6","sha512":"9fa69499c58c34968e04411c7cce6a968794ca0e00b61964269f4ba0a3aaf33fb01bfbf4adce4fdb88d208434bd0335965a112b5bf078e2c7ed0e9fc6ce0c7c0","ssdeep":"96:Mp4mNMxoC5jex+bew4Gyahl3n7M2RKfhryMZLICvYn+/nZjTQx51uH8Gz:MpFGTewsfpyeL3z/VH8C","tlshash":"ea02c7179386263cf5274da771c3b64a7e2702a1e456cabae428c664ecd793312f0f1d","first_seen":"2025-08-07T09:40:11.795903Z","last_seen":"2026-06-01T04:45:40.100708Z","times_seen":57,"resource_available":false,"data":null}},"time_used":1413,"timings":{"blocked":678,"dns":46,"connect":53,"send":0,"wait":49,"receive":2,"ssl":582},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Md.woff2","fqdn":"assets.nflxext.com","domain":"nflxext.com","tld":"com"},"ip":{"addr":"45.57.91.1","port":443,"asn":40027,"as":"NETFLIX-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://netpayment.eu/","date":"2026-06-01T01:34:17.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.1.nflxso.net","organization":"Netflix"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Sat, 30 May 2026 00:00:00 GMT","end":"Thu, 02 Jul 2026 00:36:25 GMT"},"fingerprint":{"sha1":"63:68:8E:BF:E2:4E:8D:37:B4:C5:F6:9A:E7:A8:2C:61:6A:2F:69:54","sha256":"6D:B2:B1:BA:4A:CE:FA:8D:A4:9F:9C:B4:64:F4:7F:45:0E:47:4D:37:2F:59:2D:B9:29:70:1D:50:EA:12:52:54"}}},"request":{"raw":"GET /ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Md.woff2 HTTP/1.1\r\nHost: assets.nflxext.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://netpayment.eu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://assets.nflxext.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: freenginx\r\nDate: Mon, 01 Jun 2026 01:34:17 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 53940\r\nConnection: keep-alive\r\nContent-MD5: 6naZIbDPpPxtTRouCx+l/w==\r\nLast-Modified: Thu, 17 Jan 2019 20:16:30 GMT\r\nCache-Control: max-age=604801\r\nExpires: Mon, 08 Jun 2026 01:34:18 GMT\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53940,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 53940, version 2.6554","md5":"ea769921b0cfa4fc6d4d1a2e0b1fa5ff","sha1":"34dcd2875c9752ebba6f894eb8d410e4958cc1b4","sha256":"9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e","sha512":"f0ee2f0c81a8253783306602b3d430be4ff2a33e075ab77cce6834d5a6452f2c64e7d395aa98b92d694d53ffc8da2bf5226528faf62de3a687911dfc279c39cb","ssdeep":"1536:cQYyppexSSgX9x6olOQ26mZJ/F6EIHhFsgHFkW/:cjw9X9/Yplg5HhrlkW/","tlshash":"7633f1039fcf714a08b7be7facca496b6059cdb7986a025fde3f498490117025a41e37","first_seen":"2023-05-02T12:35:36Z","last_seen":"2026-06-20T07:25:28.878631Z","times_seen":2384,"resource_available":false,"data":null}},"time_used":1160,"timings":{"blocked":372,"dns":3,"connect":52,"send":0,"wait":105,"receive":305,"ssl":320},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.nflxext.com/web/ffe/wp/ui/clcs/login/client.069e4aa4eb5bcf1642d3.js","fqdn":"assets.nflxext.com","domain":"nflxext.com","tld":"com"},"ip":{"addr":"45.57.91.1","port":443,"asn":40027,"as":"NETFLIX-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://netpayment.eu/","date":"2026-06-01T01:34:16.302Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.1.nflxso.net","organization":"Netflix"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 03 May 2026 00:00:00 GMT","end":"Sun, 07 Jun 2026 23:41:47 GMT"},"fingerprint":{"sha1":"D2:EB:21:53:ED:7C:E1:9D:C5:3C:50:5B:2A:D4:92:C2:27:24:02:D3","sha256":"22:A7:71:9A:B1:F8:02:C3:88:DA:87:AD:25:25:04:7B:5D:F2:38:58:52:F8:2C:99:5B:42:DC:FE:24:7F:56:5E"}}},"request":{"raw":"GET /web/ffe/wp/ui/clcs/login/client.069e4aa4eb5bcf1642d3.js HTTP/1.1\r\nHost: assets.nflxext.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://netpayment.eu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://netpayment.eu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: freenginx\r\nDate: Mon, 01 Jun 2026 01:34:16 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 991304\r\nConnection: keep-alive\r\nLast-Modified: Thu, 14 May 2026 13:11:21 GMT\r\nContent-Encoding: gzip\r\nCache-Control: max-age=604801\r\nExpires: Mon, 08 Jun 2026 01:34:17 GMT\r\nTiming-Allow-Origin: *\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4483458,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"d16830dcbd6e1976bf36182a224a1daa","sha1":"c282ce86ec7600b3e2f83bc0f1ab9292e39868d1","sha256":"4ea2cc667a4a59c81e4ab0bad6f7859c8213a97c5ced92745bcd2fc59b928cc9","sha512":"39333f94e15fb7467ba016def360cc8271b2eaaabc2e1e04e5e8119e498efc67c2b764d1652cf58953e2c5b0cd59fa8f0d88960f8e0e90791dc86b7292690aa8","ssdeep":"24576:ODJlmhT5zJ1RLjnYa3sPaBHket4bajrCKtLQ5lFNxPi0WKjf4eH4L862EVJ11Sx+:ODJlmhT5zJ1RLjnYa3sPaBHket4bajrL","tlshash":"f5251aa83111b86556c380d5443b140ff5be06289139b9a1f35be9e96ee4ccf21b3f6b","first_seen":"2026-06-01T00:47:31.137338Z","last_seen":"2026-06-01T04:45:40.099981Z","times_seen":3,"resource_available":false,"data":null}},"time_used":3122,"timings":{"blocked":621,"dns":47,"connect":50,"send":0,"wait":54,"receive":1821,"ssl":526},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"occ.a.nflxso.net/genc/hawkins/5.18.0/font/netflix-sans-core-variable-full.woff2","fqdn":"occ.a.nflxso.net","domain":"nflxso.net","tld":"net"},"ip":{"addr":"45.57.91.1","port":443,"asn":40027,"as":"NETFLIX-ASN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://netpayment.eu/","date":"2026-06-01T01:34:16.308Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.1.nflxso.net","organization":"Netflix"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 31 May 2026 00:00:00 GMT","end":"Mon, 06 Jul 2026 23:10:56 GMT"},"fingerprint":{"sha1":"61:0E:A2:CC:66:FA:19:25:B9:04:EA:64:45:24:E1:3A:72:75:0A:0F","sha256":"F7:42:D1:0A:D8:99:3D:71:6C:A1:2C:0A:F6:4D:34:D7:79:3D:3F:8F:14:10:54:12:22:F8:BD:EF:56:3B:60:51"}}},"request":{"raw":"GET /genc/hawkins/5.18.0/font/netflix-sans-core-variable-full.woff2 HTTP/1.1\r\nHost: occ.a.nflxso.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://netpayment.eu/\r\nOrigin: https://netpayment.eu\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: freenginx\r\nDate: Mon, 01 Jun 2026 01:34:16 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 450752\r\nConnection: keep-alive\r\nLast-Modified: Tue, 14 Apr 2026 14:57:06 GMT\r\nETag: \"f87907a566c9e45f24f86ab972edf3e2\"\r\nExpires: Mon, 01 Jun 2026 05:34:17 GMT\r\nCache-Control: max-age=14401\r\nAccess-Control-Allow-Origin: *\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":450752,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 450752, version 3.131","md5":"f87907a566c9e45f24f86ab972edf3e2","sha1":"78514440978dab922e7455622c8b448c296bcae9","sha256":"d70848e27e547e201743d3905f6acdfa8bd40c32537833f8202a43013ef3a55d","sha512":"82ffc9d3401d23845452fcddf6432215e559d2700236908625f24c713b730c8d4ded7b4f7824b4447d5c3f8538dfd965c4fe4da7a944001394a9d9099cca049c","ssdeep":"12288:lJ+YK0VDZ6taZgkQgxjRGrQm9rBA7+HRpbOqTGHv:SuDua2kQg5RGV+70pjTGP","tlshash":"7ba4231be8f8c4b52128acb9149dfe2e9e95c54c50f4ddf3304268431daaacf7727499","first_seen":"2025-07-04T09:51:22.041391Z","last_seen":"2026-06-20T20:18:41.426595Z","times_seen":477,"resource_available":false,"data":null}},"time_used":2471,"timings":{"blocked":640,"dns":59,"connect":51,"send":0,"wait":50,"receive":1133,"ssl":536},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"netpayment.eu/offline-local-fix.js","fqdn":"netpayment.eu","domain":"netpayment.eu","tld":"eu"},"ip":{"addr":"185.193.127.68","port":443,"asn":39287,"as":"ab stract ltd","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://netpayment.eu/","date":"2026-06-01T01:34:16.310Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"netpayment.eu","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 14:07:42 GMT","end":"Sat, 29 Aug 2026 14:07:41 GMT"},"fingerprint":{"sha1":"E2:85:BE:B3:04:EC:CA:F9:08:CD:92:80:B0:D2:0B:83:70:A1:E5:F7","sha256":"6A:9B:45:62:B1:64:2A:8E:AB:5B:04:95:41:F5:33:E0:E8:A4:30:EE:3F:C4:13:8A:E0:14:34:08:66:DC:4F:00"}}},"request":{"raw":"GET /offline-local-fix.js HTTP/1.1\r\nHost: netpayment.eu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://netpayment.eu/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 01 Jun 2026 01:34:16 GMT\r\nServer: Apache/2.4.67 (Debian)\r\nLast-Modified: Sun, 31 May 2026 09:43:04 GMT\r\nETag: \"929-65319e78b9e18-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 861\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: text/javascript\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Debian","description":"Debian is a Linux software which is a free open-source software.","website":"https://debian.org","common_platform_enumeration":"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*","icon":"Debian.png","categories":["Operating systems"]},{"name":"Apache HTTP Server:2.4.67","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":2345,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text","md5":"9d0d47299c2652a2fe31cc72afefd57e","sha1":"c7a200e634a7aed0a6e8935d8e8167e4da3f33a6","sha256":"1713bb5b6243f6945e796ecefe05c6b7488fc1a01122f1bc27063646b0797195","sha512":"c35edae1cf8f684db2f4af2984073850114313819b29bcf2f3a9eb690e78efd1a7341f51e53ee0e79166274612339f63f8518793afa2b81a16ffe55eb35f5d54","ssdeep":"","tlshash":"fd41312561f712701223517d63dfb3a83e3490032208dd143eac6fa81fdaf67a171a9e","first_seen":"2026-06-01T00:47:31.139237Z","last_seen":"2026-06-01T04:45:40.09671Z","times_seen":3,"resource_available":true,"data":null}},"time_used":111,"timings":{"blocked":50,"dns":0,"connect":0,"send":0,"wait":61,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"netpayment.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"netpayment.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-01","alert":"Phishing Block","trigger":"netpayment.eu","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"netpayment.eu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}}]}