{"report_id":"9c25c6ec-9c02-4472-af09-9407e2d0bf5e","version":0,"status":"done","tags":["netflix","phishing"],"date":"2026-07-01T00:37:11Z","url":{"schema":"http","addr":"watch-online-account.com","fqdn":"watch-online-account.com","domain":"watch-online-account.com","tld":"com"},"ip":{"addr":"104.21.28.19","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"watch-online-account.com/not-found","fqdn":"watch-online-account.com","domain":"watch-online-account.com","tld":"com"},"title":"Netflix","dom":{"size":15802,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (14899)","md5":"ad9aff8a0bfc49099be2bd05b99f72ef","sha1":"a694a0d8406221767b9051b281e474d03bdd6141","sha256":"3407d31dff888d8f5187b6854323fe1107cd3b00ad627176d6c36bfb3aad56fd","sha512":"f161057bb2ccec55fa21bbdae30642956a992c9dd64e995f84d2c77dd5afca2d1a0a0451fa11286c811bf25a6c70cf85da31152594561b2e9dbaf43733ad2fd0","ssdeep":"192:ZXzUgpOxWp35nTtXC2s1Bpu0qN4QOigg/JpcXTTruLxksc64JyhOq7vmb:dzOx05nrGPKJgg8T4xksc64Jysq7vM","tlshash":"e7622584b81c12745d3fab01dec8973cd125b8426f524866b10e088ee9d6ff639e5f9a","dom_hash":"domhashbafed62a4b0b14974cad75c5d7271ccd","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"watch-online-account.com","fqdn":"watch-online-account.com","domain":"watch-online-account.com","tld":"com"},"ip":{"addr":"104.21.28.19","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-05T00:37:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]},"summary":[{"fqdn":"watch-online-account.com","ip":{"addr":"172.67.170.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-06-05","domain_rank":0,"first_seen":"2026-07-01T00:24:58.942571Z","last_seen":"2026-07-01T00:24:58.942571Z","alert_count":35,"request_count":7,"received_data":1478209,"sent_data":3464,"comment":"","tags":null,"fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Phusion Passenger:6.0.27","description":"Phusion Passenger is a free web server and application server with support for Ruby, Python and Node.js.","website":"https://phusionpassenger.com","common_platform_enumeration":"cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*","icon":"Phusion Passenger.png","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-06-28T22:22:13.875484Z","alert_count":0,"request_count":1,"received_data":22013,"sent_data":576,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.cdnfonts.com","ip":{"addr":"172.67.184.158","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-10-03","domain_rank":50661,"first_seen":"2020-06-10T09:02:17Z","last_seen":"2026-06-25T13:15:25.067661Z","alert_count":0,"request_count":1,"received_data":12084,"sent_data":508,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"watch-online-account.com/assets/index-DfqLmgj8.js","fqdn":"watch-online-account.com","domain":"watch-online-account.com","tld":"com"},"ip":{"addr":"172.67.170.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"208cafc43bd38e596faeb95d82efac0c","sha1":"398821e4b49d662f7191657e6867f914a2f2b060","sha256":"71154dad7caf81424d9201fd0aa89d65eceae67a50d6791e39eb1053d9d0f33c","sha512":"6d7d0319633f0fa5cfd6a9890decc63311e0f00f7573db7e029e58de2b06738d181f2386fcb1239b06119fd94c3ddd790c23ab7be53dad395be58b5b0b6a38ca","ssdeep":"24576:ubp/LhtwLrXbX1AHxXu9nIBpoDsjHBoU3+knALD2ze8jSXkRbdeoQ2YACpBdefE8:uN/LhtwLrXbX1AHxXu9nIBpoDsjh33+I","tlshash":"50458cc87195b56d9be741d0507f1005b13a2a64f40d8490f17ce8ea2af498ab27bffd","size":1216122,"data":"","first_seen":"2026-05-20T12:58:40.53765Z","last_seen":"2026-07-01T02:13:11.828525Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"watch-online-account.com/","fqdn":"watch-online-account.com","domain":"watch-online-account.com","tld":"com"},"ip":{"addr":"172.67.170.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-01T00:36:47.260Z","timestamp":1782866207260,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"watch-online-account.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Jun 2026 19:03:32 GMT","end":"Thu, 03 Sep 2026 20:01:59 GMT"},"fingerprint":{"sha1":"C9:5B:98:B7:3C:57:C6:CE:95:63:A2:B0:1E:16:B2:04:FF:78:90:C0","sha256":"26:4A:59:3B:E7:0B:73:08:81:C0:95:78:FE:7D:D8:1E:A3:29:66:F7:00:29:BF:A5:6E:3C:FF:5B:26:91:FB:6C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: watch-online-account.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 01 Jul 2026 00:36:47 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-encoding: zstd\r\ncache-control: public, max-age=0\r\nvary: Origin,Accept-Encoding\r\nx-powered-by: Express, Phusion Passenger(R) 6.0.27, PleskLin\r\naccess-control-allow-credentials: true\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YasW0W9AxzxJ2yznqupmvpM%2FYBekXM6aEEjSN%2FiialvzBGMTe7kyieZ19EA0buZQ10awdTxWWsk7dLZ%2BxSPPUqs16vR%2FSGtrOPsibCnH4AhRvx8nftSHzRsZNCepFdAVo24SMX2eUxfSoag%3D\"}]}\r\nlast-modified: Tue, 19 May 2026 18:00:40 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstatus: 200 OK\r\npriority: u=0,i\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a14156a38ff575ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Phusion Passenger:6.0.27","description":"Phusion Passenger is a free web server and application server with support for Ruby, Python and Node.js.","website":"https://phusionpassenger.com","common_platform_enumeration":"cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*","icon":"Phusion Passenger.png","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":905,"size_decoded":1298,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"657c53eddcaa10ccbe7cb288dcb060b4","sha1":"020290b92f2f6714881acd97c2dcd000f1f5b022","sha256":"dcfdc01e9532b5626fe9a82a00a5e1e5989f929eda6335eafc1cc460daef9849","sha512":"db9fec6de3ed5f15f37b6d70bebccf1c8901b1e0306bd6874978fca2f09c2e0e93de2dbf1333c41bfc80575d87007e589174fe5a7a4136e7add2cc26886ef903","ssdeep":"","tlshash":"2011eb9749e4c81a030042a569c0b51acd47a28f4f48ea48b6bf50bd9f986c5cedbe9c","first_seen":"2026-05-20T12:58:40.529575Z","last_seen":"2026-07-01T02:13:11.824398Z","times_seen":13,"resource_available":true,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":5,"connect":18,"send":0,"wait":106,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Google+Sans:ital,opsz,wght@0,17..18,400..700;1,17..18,400..700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://watch-online-account.com/","date":"2026-07-01T00:36:47.854Z","timestamp":1782866207854,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Jun 2026 08:38:10 GMT","end":"Mon, 31 Aug 2026 08:38:09 GMT"},"fingerprint":{"sha1":"8A:2F:DC:6F:C0:09:07:D3:E5:9C:B7:EE:C2:C4:63:DC:59:36:B5:1B","sha256":"64:7C:E4:55:AB:5C:58:7E:89:F1:19:3B:95:DB:7B:4B:E6:75:42:2C:0C:51:2E:66:85:F5:BB:51:58:08:39:19"}}},"request":{"raw":"GET /css2?family=Google+Sans:ital,opsz,wght@0,17..18,400..700;1,17..18,400..700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://watch-online-account.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 01 Jul 2026 00:36:47 GMT\r\ndate: Wed, 01 Jul 2026 00:36:47 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21329,"size_decoded":2846,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"ae893f070d18e258bef3e6e2fb735476","sha1":"3027707e3b4a4f2f81c1c0e5d8df31a8be14a877","sha256":"20108873d63146ab3fa480eee1474f34fc000ad815ff1dca821a9e3eb08462bd","sha512":"69854025381f1c0ac20795bad484696628fd8746850f6fbc9d6142031567f8823fecbdef38c69f072bb4632c06265eded70264d0fb4d24b3282bfbe1cc3261af","ssdeep":"384:j8ySWnyfwjfnLOaXHjk45VqPqYDsK6ATyI4LtqY+N:vVMgLVQ","tlshash":"b4a2e1814007a015ae57bcc737cf7d25ae0d12b87500d5b99bfe4ac9dc86ca582b4fae","first_seen":"2026-05-21T22:42:29.520933Z","last_seen":"2026-07-02T03:28:31.350458Z","times_seen":121,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":1,"connect":17,"send":0,"wait":34,"receive":0,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"watch-online-account.com/assets/index-BGrKAQhJ.css","fqdn":"watch-online-account.com","domain":"watch-online-account.com","tld":"com"},"ip":{"addr":"172.67.170.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://watch-online-account.com/","date":"2026-07-01T00:36:47.857Z","timestamp":1782866207857,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"watch-online-account.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Jun 2026 19:03:32 GMT","end":"Thu, 03 Sep 2026 20:01:59 GMT"},"fingerprint":{"sha1":"C9:5B:98:B7:3C:57:C6:CE:95:63:A2:B0:1E:16:B2:04:FF:78:90:C0","sha256":"26:4A:59:3B:E7:0B:73:08:81:C0:95:78:FE:7D:D8:1E:A3:29:66:F7:00:29:BF:A5:6E:3C:FF:5B:26:91:FB:6C"}}},"request":{"raw":"GET /assets/index-BGrKAQhJ.css HTTP/1.1\r\nHost: watch-online-account.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://watch-online-account.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 01 Jul 2026 00:36:47 GMT\r\ncontent-type: text/css; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NXhHVejBkBJzu2z6hXuDA6jfyoTpvqYzm3v1XCg%2Fg%2BDpRZ4C0V5y68qbO0e879LhMQDD2QOJOjLrdY%2BQODv9JkqWK4GOxB9kXPeOmOjor63FxQ%2FtINAlbxukGFG5Gvgt%2BFH28Smg9ZsEIFM%3D\"}]}\r\ncache-control: public, max-age=14400\r\nvary: Origin,Accept-Encoding\r\nx-powered-by: Express, Phusion Passenger(R) 6.0.27, PleskLin\r\naccess-control-allow-credentials: true\r\naccept-ranges: bytes\r\nlast-modified: Tue, 19 May 2026 18:00:40 GMT\r\netag: W/\"34c01-19e4165a140-gzip\"\r\nstatus: 200 OK\r\ncontent-encoding: gzip\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncontent-length: 29926\r\ncf-ray: a14156a7280275ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Phusion Passenger:6.0.27","description":"Phusion Passenger is a free web server and application server with support for Ruby, Python and Node.js.","website":"https://phusionpassenger.com","common_platform_enumeration":"cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*","icon":"Phusion Passenger.png","categories":["Web servers"]}],"data":{"size":216065,"size_decoded":30842,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"b099cfd3732c6d9fa6f24c5c37cf554f","sha1":"d4a4d8d8e295458ca0f80c1d3e20bd50572a7bfd","sha256":"b3797cd1aa50d4963d591cc0dfbe9232942756b73a8006a953d20f5a41fb79ae","sha512":"ea671ab849bbcfdd559eea3a7a1b6b0c5da62485c2827d7affc3ba500eff163b26abc9d35cb1e16c242115322577900c03fc350925b36e6a5b365bc5bac65d75","ssdeep":"6144:5OgWHFZRaXaXIhjGD2Ys/xy5p5zAOB+FSMv30NDE6:m","tlshash":"f62483b0b069f53bbc13b1f9d3cca88ca909b0d5dd6947edf954521523e3bf2686a900","first_seen":"2026-05-20T12:58:40.533376Z","last_seen":"2026-07-01T02:13:11.816284Z","times_seen":14,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"watch-online-account.com/api/clients/l-UgzsEB16J4b","fqdn":"watch-online-account.com","domain":"watch-online-account.com","tld":"com"},"ip":{"addr":"172.67.170.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://watch-online-account.com/","date":"2026-07-01T00:36:48.338Z","timestamp":1782866208338,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"watch-online-account.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Jun 2026 19:03:32 GMT","end":"Thu, 03 Sep 2026 20:01:59 GMT"},"fingerprint":{"sha1":"C9:5B:98:B7:3C:57:C6:CE:95:63:A2:B0:1E:16:B2:04:FF:78:90:C0","sha256":"26:4A:59:3B:E7:0B:73:08:81:C0:95:78:FE:7D:D8:1E:A3:29:66:F7:00:29:BF:A5:6E:3C:FF:5B:26:91:FB:6C"}}},"request":{"raw":"GET /api/clients/l-UgzsEB16J4b HTTP/1.1\r\nHost: watch-online-account.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://watch-online-account.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 01 Jul 2026 00:36:48 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Origin, accept-encoding\r\nx-powered-by: Express, Phusion Passenger(R) 6.0.27, PleskLin\r\naccess-control-allow-credentials: true\r\netag: W/\"37a-Ox5Q45A3ODWqyp6R3b4KGwx1djo\"\r\nstatus: 200 OK\r\ncontent-encoding: br\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9VK9EiopPHHKhDFNjbIVLOh2AClFTwNBODDSAa6zTxQIqqtnVbYuJigtv5%2FteslexRJXMu67%2Fon3zvA3B89UQ1zL7tSbNcGaGi3FNPzbEEx0OInr4E%2Fp5bTUUGUKBQYEOWdfg1GoBKA2Irc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a14156aa280f75ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Phusion Passenger:6.0.27","description":"Phusion Passenger is a free web server and application server with support for Ruby, Python and Node.js.","website":"https://phusionpassenger.com","common_platform_enumeration":"cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*","icon":"Phusion Passenger.png","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":890,"size_decoded":1276,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"636c8a6cb8893eace71797226e81c811","sha1":"3b1e50e390373835aaca9e91ddbe0a1b0c75763a","sha256":"3d2111415fbdb1fedd8e84f65b84aadcd6f67cdc7139924ea63857f0838b2342","sha512":"be32462bfbdd03060a098e9652ebdb5848ec9e95bdd3fdbaff15fe0172457a81382d05426ab100dce2d634e4412e6e50314813987bb8a03f2643df3680697482","ssdeep":"","tlshash":"c111c45d00786dbcde2b43440005fd56a7fd1213d1824c54dedd9f0c9ae81efb0125ea","first_seen":"2026-07-01T00:37:13.52051Z","last_seen":"2026-07-01T00:37:13.52051Z","times_seen":1,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"watch-online-account.com/api/languages/public","fqdn":"watch-online-account.com","domain":"watch-online-account.com","tld":"com"},"ip":{"addr":"172.67.170.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://watch-online-account.com/","date":"2026-07-01T00:36:48.347Z","timestamp":1782866208347,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"watch-online-account.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Jun 2026 19:03:32 GMT","end":"Thu, 03 Sep 2026 20:01:59 GMT"},"fingerprint":{"sha1":"C9:5B:98:B7:3C:57:C6:CE:95:63:A2:B0:1E:16:B2:04:FF:78:90:C0","sha256":"26:4A:59:3B:E7:0B:73:08:81:C0:95:78:FE:7D:D8:1E:A3:29:66:F7:00:29:BF:A5:6E:3C:FF:5B:26:91:FB:6C"}}},"request":{"raw":"GET /api/languages/public HTTP/1.1\r\nHost: watch-online-account.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://watch-online-account.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 01 Jul 2026 00:36:48 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Origin, accept-encoding\r\nx-powered-by: Express, Phusion Passenger(R) 6.0.27, PleskLin\r\naccess-control-allow-credentials: true\r\netag: W/\"1f-fCet4LyQthT/tJmUdudM0Ic/z/c\"\r\nstatus: 200 OK\r\ncontent-encoding: br\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Im8%2FPktCMbRH8OzOTFzbXgjtIZai9i3AujYiqioM1YbBKwdHuLGIeDsivDPg6JMSIUTy91Ov7qvj%2FeUCTxM5C2nbHpJG4dnw9n9QMhklNPAZurcYNiSzkOVO4JOrPU573uWPAW%2Bj0vFMXbU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a14156aa281075ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Phusion Passenger:6.0.27","description":"Phusion Passenger is a free web server and application server with support for Ruby, Python and Node.js.","website":"https://phusionpassenger.com","common_platform_enumeration":"cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*","icon":"Phusion Passenger.png","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":31,"size_decoded":828,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"9b76efeaafe592ae4b18cf49fb1d2983","sha1":"7c27ade0bc90b614ffb4999476e74cd0873fcff7","sha256":"54346d61a71a28655ff25ae12de87df5d5be3d546b77cdbfbb6c91f6041b724f","sha512":"75cd80ca72bba6af5e9f4fcfa32a2854cc872f04abc8ecbbbf6a689504cf765fbb5215e29ee74764f3ce729983ae6f2b9eeb1ce11a626d9fb21c745716c3a040","ssdeep":"","tlshash":"5d800002000008ebe200220020b8bf02a8a8002382002c0aa38c22ccaaa220220c308b","first_seen":"2026-05-17T13:40:56.631577Z","last_seen":"2026-07-01T02:13:11.821564Z","times_seen":22,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"watch-online-account.com/favicon.ico","fqdn":"watch-online-account.com","domain":"watch-online-account.com","tld":"com"},"ip":{"addr":"172.67.170.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://watch-online-account.com/","date":"2026-07-01T00:36:48.777Z","timestamp":1782866208777,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"watch-online-account.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Jun 2026 19:03:32 GMT","end":"Thu, 03 Sep 2026 20:01:59 GMT"},"fingerprint":{"sha1":"C9:5B:98:B7:3C:57:C6:CE:95:63:A2:B0:1E:16:B2:04:FF:78:90:C0","sha256":"26:4A:59:3B:E7:0B:73:08:81:C0:95:78:FE:7D:D8:1E:A3:29:66:F7:00:29:BF:A5:6E:3C:FF:5B:26:91:FB:6C"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: watch-online-account.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://watch-online-account.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 01 Jul 2026 00:36:48 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GHKo79AdBYBBMoWwFFsxUnZ1WvkXfW3Px8qLWQFFoy4PWMhblBRsBU6sF%2BlMAIf7tak1rjgOweR8vuSh66ukfQILQMSWoBFBEHuIRrIpmMpxr87wpRYh%2F9xSFosCbSKPsCtIkzh5ib2rEXQ%3D\"}]}\r\ncache-control: public, max-age=14400\r\nvary: Origin\r\nx-powered-by: Express, Phusion Passenger(R) 6.0.27, PleskLin\r\naccess-control-allow-credentials: true\r\npriority: u=6,i=?0\r\nlast-modified: Tue, 19 May 2026 18:00:40 GMT\r\netag: W/\"267e-19e4165a140\"\r\nstatus: 200 OK\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: zstd\r\ncf-ray: a14156ace81675ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Phusion Passenger:6.0.27","description":"Phusion Passenger is a free web server and application server with support for Ruby, Python and Node.js.","website":"https://phusionpassenger.com","common_platform_enumeration":"cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*","icon":"Phusion Passenger.png","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9854,"size_decoded":2711,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel","md5":"58f54d9ea15176671802bebeee4da4cb","sha1":"4ba1cb97814772435962f3ac25af0def81851735","sha256":"9c5f7722c5df8eb24dda20ecc01c9f73e3103e10052fd980da4e7d9f753a97d3","sha512":"32e6c1ac6220b03bafb9215e4db4cf91352573c34a82accc893b4c7d4d3194d495e241c2f814372930a988688492926fe1d9a5576d2e46378c9f6d1e927c71db","ssdeep":"48:5uZhmwr2VEbaA+8H3J7HZqH0S/DHDHp8HfH5gAaqHwMqHBVqH/6BqHAtvqHAAcqK:shm0AN6YHEOFtwVPmyqPmorAtAco","tlshash":"8a12a02710c35d6cfe016eb8d297ec3a517d40ddeefe82e79a81bd390612146a5cb8e4","first_seen":"2023-09-08T13:51:14Z","last_seen":"2026-07-01T02:13:11.822488Z","times_seen":2156,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"watch-online-account.com/assets/geist-latin-wght-normal-Dm3htQBi.woff2","fqdn":"watch-online-account.com","domain":"watch-online-account.com","tld":"com"},"ip":{"addr":"172.67.170.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://watch-online-account.com/","date":"2026-07-01T00:36:48.792Z","timestamp":1782866208792,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"watch-online-account.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Jun 2026 19:03:32 GMT","end":"Thu, 03 Sep 2026 20:01:59 GMT"},"fingerprint":{"sha1":"C9:5B:98:B7:3C:57:C6:CE:95:63:A2:B0:1E:16:B2:04:FF:78:90:C0","sha256":"26:4A:59:3B:E7:0B:73:08:81:C0:95:78:FE:7D:D8:1E:A3:29:66:F7:00:29:BF:A5:6E:3C:FF:5B:26:91:FB:6C"}}},"request":{"raw":"GET /assets/geist-latin-wght-normal-Dm3htQBi.woff2 HTTP/1.1\r\nHost: watch-online-account.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://watch-online-account.com/assets/index-BGrKAQhJ.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 01 Jul 2026 00:36:48 GMT\r\ncontent-type: font/woff2\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5B4WugX%2FPMnmefwgNEGytWx1y5QipNqT0dgZhVCf1jyXV6joW7j4H3qvBOXU6Bv7TUYtxikHzG8dtlO6ntsfkrbE5%2BgKsXzRgkmbhMjunhi%2BwEta82OUOvQ7KmDtwjExJ1W8CGLjAoywHNY%3D\"}]}\r\ncache-control: public, max-age=14400\r\nvary: Origin\r\nx-powered-by: Express, Phusion Passenger(R) 6.0.27, PleskLin\r\naccess-control-allow-credentials: true\r\naccept-ranges: bytes\r\nlast-modified: Tue, 19 May 2026 18:00:40 GMT\r\netag: W/\"6ef0-19e4165a140\"\r\nstatus: 200 OK\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncontent-length: 28400\r\ncf-ray: a14156acf81775ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Phusion Passenger:6.0.27","description":"Phusion Passenger is a free web server and application server with support for Ruby, Python and Node.js.","website":"https://phusionpassenger.com","common_platform_enumeration":"cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*","icon":"Phusion Passenger.png","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28400,"size_decoded":29253,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28400, version 1.0","md5":"284d2af3ed9db2bceefa23a14638db62","sha1":"a59aabd24d95f76b7e97143fa20c6a4c83a00c63","sha256":"0cbbe6286a00f356e98980783cc950a9b693751e04aedfb97d9526ff6dc2b316","sha512":"5381a032969cedc993f4d513a33e24f84cdbd245336902854e7c68440bd6c5d51d8de940656dba9396209dab9680276cffb948270c742c8768b0cfdf2eb6620f","ssdeep":"768:4lKwpkYgBu5H3M5tj/xk6fmzoybLiZDc8IHmSR78YpJgWcF:tEgw5HGtnf0oyb+Crl1pJkF","tlshash":"bbd2e173e2d2355bf3a8ecb902cf3e53ae8b256d82fcd5e5046a085a754970133147d1","first_seen":"2025-09-13T13:12:37.463474Z","last_seen":"2026-07-02T17:02:09.528911Z","times_seen":1013,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.cdnfonts.com/css/helvetica-neue-55","fqdn":"fonts.cdnfonts.com","domain":"cdnfonts.com","tld":"com"},"ip":{"addr":"172.67.184.158","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://watch-online-account.com/","date":"2026-07-01T00:36:47.851Z","timestamp":1782866207851,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnfonts.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 03 May 2026 13:10:42 GMT","end":"Sat, 01 Aug 2026 14:08:22 GMT"},"fingerprint":{"sha1":"EF:14:45:48:B1:9A:C9:A7:28:6B:C0:1D:0E:B0:E6:38:74:C4:7E:91","sha256":"01:F2:AE:FC:05:A5:B3:D3:60:65:B9:ED:2B:F8:58:97:9E:78:7E:12:13:FD:FD:28:67:E7:56:8A:AC:9D:07:A1"}}},"request":{"raw":"GET /css/helvetica-neue-55 HTTP/1.1\r\nHost: fonts.cdnfonts.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://watch-online-account.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 01 Jul 2026 00:36:47 GMT\r\ncontent-type: text/css;charset=UTF-8\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncontent-encoding: br\r\nage: 365089\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i1xcg4dQ5HOzd0%2FVKJ3icL8cLi4NZhmjJ%2BWBaVuNDUDJpcjXoZxpPX6P8MdpLNU5%2FciMkz4JdlIz%2BgWijilnb9h3Ov98D3r2ql6ij4MtV0wP5RsolS%2BNv1h5MtU05TF11RjTGh0%3D\"}]}\r\nlast-modified: Fri, 26 Jun 2026 19:11:57 GMT\r\ncache-control: max-age=31536000\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: a14156a72b4d120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11347,"size_decoded":1267,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"6c80265e10d70c8dd202cbdfe2960a07","sha1":"f6a17108e533c7c0aab6df332f4b98e6a563b211","sha256":"8acbd1ee1f7793a48b476ec03d1073be5ef7defffd60d28d1bce52127d88183d","sha512":"a7a4c4ec8fe31541a6d39dfce4acd386d4a0243150c06ddf08b5eeabae40a67a6cdd34d85230c8aa2f06af42bc015424cf790c4755ddeb48b3b28312c6bd4947","ssdeep":"192:mDfgBD7UD7zD7gVaDjD2DS9DdD+DeDdDwDvDxDZDTDQHD7cDrDIDiDODeDx:mDfgBD7UD7zD7jDjD2DSDdD+DeDdDwDb","tlshash":"70322465249ba704a1331c8a3b9bb9d84e0b149b205acd293bfdbf099ff78751240f5c","first_seen":"2024-12-11T11:18:20.740527Z","last_seen":"2026-07-01T02:13:11.825321Z","times_seen":173,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":4,"connect":11,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"watch-online-account.com/assets/index-DfqLmgj8.js","fqdn":"watch-online-account.com","domain":"watch-online-account.com","tld":"com"},"ip":{"addr":"172.67.170.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://watch-online-account.com/","date":"2026-07-01T00:36:47.856Z","timestamp":1782866207856,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"watch-online-account.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Jun 2026 19:03:32 GMT","end":"Thu, 03 Sep 2026 20:01:59 GMT"},"fingerprint":{"sha1":"C9:5B:98:B7:3C:57:C6:CE:95:63:A2:B0:1E:16:B2:04:FF:78:90:C0","sha256":"26:4A:59:3B:E7:0B:73:08:81:C0:95:78:FE:7D:D8:1E:A3:29:66:F7:00:29:BF:A5:6E:3C:FF:5B:26:91:FB:6C"}}},"request":{"raw":"GET /assets/index-DfqLmgj8.js HTTP/1.1\r\nHost: watch-online-account.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://watch-online-account.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Wed, 01 Jul 2026 00:36:47 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncache-control: public, max-age=14400\r\nvary: Origin,Accept-Encoding\r\nx-powered-by: Express, Phusion Passenger(R) 6.0.27, PleskLin\r\naccess-control-allow-credentials: true\r\naccept-ranges: bytes\r\nlast-modified: Tue, 19 May 2026 18:00:40 GMT\r\netag: W/\"128e7a-19e4165a140-gzip\"\r\nstatus: 200 OK\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oAzlkp1uX13JTgYMOXgg7%2FYEC8t81ZF4lvUIYO7Wpknb%2BTzjPuQSLBBCAK%2F5MCF%2FcXYADXhZodpqpC7GPBmRPTwQtPY%2FX1i%2F8DBCROMHKLKhp5IPszI8Mz91ro19Md2KqJH2yXSPXP5EmMs%3D\"}]}\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a14156a7280175ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Phusion Passenger:6.0.27","description":"Phusion Passenger is a free web server and application server with support for Ruby, Python and Node.js.","website":"https://phusionpassenger.com","common_platform_enumeration":"cpe:2.3:a:phusionpassenger:phusion_passenger:*:*:*:*:*:*:*:*","icon":"Phusion Passenger.png","categories":["Web servers"]}],"data":{"size":1216122,"size_decoded":368833,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (49133)","md5":"cff928e6981115892b8f18675ec6a010","sha1":"cb9866c70a5ad04e40446cd13d304024578b26ee","sha256":"de51f06165086a9b5e2a098b3d5a5b22cd1136da6725d2f8744cbb80b0bae053","sha512":"bd38b5509a346aeb8193b5aaea229726f2d86f4fbf4d88f4ecb3171699e828a5bd1d31dd8c931f6cb59f8d560d0191b51cba27e6c44ed3cf6c13c57fef27d0ce","ssdeep":"24576:ubp/LhtwLrXbX1AHxXu9nIBpoDsjHBoU3+knALD2ze8jSXkRbdeoQ2YACpBdefE1:uN/LhtwLrXbX1AHxXu9nIBpoDsjh33+h","tlshash":"80258cc8719575699be741e1507f0005b23a2a25b40d8454f17cecee3eb888ab27bfbd","first_seen":"2026-05-20T12:58:40.535453Z","last_seen":"2026-07-01T02:13:11.827489Z","times_seen":14,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":88,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-01","alert":"Sinkholed","trigger":"watch-online-account.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Netflix","verdict":"phishing","severity":"medium","comment":"Associated with Netflix phishing","tags":["netflix","phishing"],"meta":null}]}}]}
