Report - netflix-online-acc.v6.army/netflix/?id=142583359

Report Overview

Submitted URL
netflix-online-acc.v6.army/netflix/?id=142583359
IP
68.178.164.237
ASN
#26496 AS-26496-GO-DADDY-COM-LLC
Submitted
2022-11-08 01:47:39
Access
Website Title
Final URL
Tags
None
urlquery detections
DynDNS domain detected

Detections

urlquery
23
Network Intrusion Detection
0
Threat Detection Systems
64

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
i.imgur.com	5110	2012-05-21T10:09:36Z	2023-03-10T12:17:21Z	390 B	17 kB	151.101.84.193
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-10T05:09:10Z	2.4 kB	6.2 kB	23.36.76.226
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-10T05:10:00Z	333 B	229 B	34.117.237.239
netflix-online-acc.v6.army	unknown	2022-11-07T22:22:46Z	2022-11-08T12:24:56Z	13 kB	700 kB	68.178.164.237
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-10T05:10:04Z	3.8 kB	59 kB	34.120.237.76
assets.nflxext.com	3871	2015-07-22T06:02:07Z	2023-03-10T05:12:08Z	545 B	208 kB	45.57.90.1
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-10T13:49:44Z	1.4 kB	3.2 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-10T05:10:00Z	364 B	1.5 kB	34.102.187.140
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-10T05:12:35Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-10T05:10:02Z	606 B	127 B	35.162.217.251

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-08	medium	netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/?id=142583359	Phishing
2022-11-08	medium	netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359	Phishing
2022-11-08	medium	netflix-online-acc.v6.army/netflix/bower_components/jquery/dist/jquery.min.js	Phishing
2022-11-08	medium	netflix-online-acc.v6.army/netflix/core/token/core_token.js	Phishing
2022-11-08	medium	netflix-online-acc.v6.army/netflix/core/form/core_form.js	Phishing
2022-11-08	medium	netflix-online-acc.v6.army/netflix/login/token/token.js?v=6369b5334045e	Phishing
2022-11-08	medium	netflix-online-acc.v6.army/netflix/login/nficon2016.ico	Phishing
2022-11-08	medium	netflix-online-acc.v6.army/netflix/login/nf-icon-v1-93.woff	Phishing
2022-11-08	medium	netflix-online-acc.v6.army/netflix/bower_components/angular/angular.min.js	Phishing
2022-11-08	medium	netflix-online-acc.v6.army/netflix/login/ng/ng.js?v=6369b5334045d	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed
2022-11-08	medium	v6.army	Sinkholed

JavaScript (11)

	URL	Size	First Seen	Last Seen
	netflix-online-acc.v6.army/netflix/core/token/core_token.js	10 kB	2023-03-11	2023-07-24
Pretty URL netflix-online-acc.v6.army/netflix/core/token/core_token.js IP 68.178.164.237 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:46:22 Last Seen2023-07-24 22:54:27 Times Seen7 Hash 5a584dfd18b62326822117ed4b7d0626 2eb31b3e5f9d87806dd5a468e2004dda53d190e8 3d4cc532df22cb341793cdef5ad34434b12561497dc7d61febcfceea77636bae Loading...

	unknown	0 B	2023-03-07	2024-05-11
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-11 03:34:09 Times Seen37534280 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	netflix-online-acc.v6.army/netflix/login/form/form.js?v=6369b53340459	2.6 kB	2023-03-07	2024-05-02
Pretty URL netflix-online-acc.v6.army/netflix/login/form/form.js?v=6369b53340459 IP 68.178.164.237 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:50 Last Seen2024-05-02 18:09:58 Times Seen394 Hash eee4f38d51f96bf15259382b48b33d50 247040dcf67aa7f48d5bbcd3e91610f7ae534787 01c12b5cd06120dfb1f8f9ee454d423b3c6648580d55926d5394c0ee6cdc2b47 Loading...

	netflix-online-acc.v6.army/netflix/login/token/token.js?v=6369b5334045e	1.2 kB	2023-03-07	2024-03-03
Pretty URL netflix-online-acc.v6.army/netflix/login/token/token.js?v=6369b5334045e IP 68.178.164.237 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:50 Last Seen2024-03-03 07:38:52 Times Seen47 Hash 41d806890e033a1499f539384b89acb7 b59a09636e144fbbafb72ab9aca8ac5cc2de99cb f281184bb9d9bce514bbde9ea13b61f01fe9665e36ace1587dfa8d85de3c7631 Loading...

	netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359	56 B	2023-03-11	2023-03-11
Pretty URL netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359 IP 68.178.164.237 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:46:22 Last Seen2023-03-11 08:46:22 Times Seen1 Hash 57e151a41758740908e9059923947818 7369a249e532756921e203265a6b2df918bd413b 258dc425de4efe265fe8815bfe986bb59669dab5e3187926603a16e873da2ba0 Loading...

	netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359	56 B	2023-03-11	2023-03-11
Pretty URL netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359 IP 68.178.164.237 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:46:22 Last Seen2023-03-11 08:46:22 Times Seen1 Hash 6265918422c8cb5e3839ab25d6ea593b 027f89d39c09482a5b5b88048bf0ef63f767707a a13ad6f643e95ec20ddfd432888e1442561c2a0ed4d11c29c80f80714a18be5f Loading...

	netflix-online-acc.v6.army/netflix/?id=142583359	121 B	2023-03-11	2023-03-11
Pretty URL netflix-online-acc.v6.army/netflix/?id=142583359 IP 68.178.164.237 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:46:22 Last Seen2023-03-11 08:46:22 Times Seen1 Hash 57ede0eec2799f6a9b6caf3852c9aa0f d4a9efc0dbf858eb4101d488fb86f4bebf558fcc d28ff27f440d120c6a2a85933714ee057134fbc09af330e6b8655330e2945ac8 Loading...

	netflix-online-acc.v6.army/netflix/bower_components/jquery/dist/jquery.min.js	87 kB	2023-03-07	2024-05-11
Pretty URL netflix-online-acc.v6.army/netflix/bower_components/jquery/dist/jquery.min.js IP 68.178.164.237 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-05-11 01:50:00 Times Seen65853 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359	3.3 kB	2023-03-11	2023-03-11
Pretty URL netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359 IP 68.178.164.237 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:46:22 Last Seen2023-03-11 08:46:22 Times Seen1 Hash bc676b6302409264fccf29c5ca15fa81 c9758da7d831db0e1517ec33ae0829dc0a54a1cd d3cdfff9fe164c87accf0595b9510edd915e610f2108041a6d43110d37715c3f Loading...

	netflix-online-acc.v6.army/netflix/core/form/core_form.js	16 kB	2023-03-11	2023-07-24
Pretty URL netflix-online-acc.v6.army/netflix/core/form/core_form.js IP 68.178.164.237 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:46:22 Last Seen2023-07-24 22:54:27 Times Seen7 Hash f8b868bc3269111e014f08ca08fcae5a 5e958f6171cb2129ce9262e2b14e12394f56c73e 29d5a55ce39cb1e4c4f3b5b494f5b524f82bf09fdd09d3132f0dd89a342fc3f0 Loading...

	netflix-online-acc.v6.army/netflix/login/ng/ng.js?v=6369b5334045d	5.3 kB	2023-03-11	2023-07-24
Pretty URL netflix-online-acc.v6.army/netflix/login/ng/ng.js?v=6369b5334045d IP 68.178.164.237 ASN #26496 AS-26496-GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:46:22 Last Seen2023-07-24 22:54:27 Times Seen6 Hash 5d8c938e33ca4a9ab88e514e6f2d10da 8326161efe515f0ea2f55df1cc5b130fb8648484 9c57b8477eb6d89ea900f9eb4ee2d55fbbff47cc41964ee5642d0f9a7fe8cecc Loading...

HTTP Transactions (46)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c7a8ba48383a0e56baca8c8c41b81a04
b04c1f1e730a71f17ff639c9db697c532d4e5421
7860552382285e6eddddc5226c6f6400caa3f6fc3cb4b8a2d550c6fc653f78bb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7860552382285E6EDDDDC5226C6F6400CAA3F6FC3CB4B8A2D550C6FC653F78BB"
Last-Modified: Sun, 06 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8876
Expires: Tue, 08 Nov 2022 04:15:23 GMT
Date: Tue, 08 Nov 2022 01:47:27 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9fd081ea88e8b8563986b3e558496d21
60700393dce5eb42c0db0d5feef340f4832e3c65
d92555957857423ed02f0d0435739bcd40a996591c73f40315564b372f6e2395

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3353
Cache-Control: max-age=121183
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 01:47:27 GMT
Etag: "6368de76-1d7"
Expires: Wed, 09 Nov 2022 11:27:10 GMT
Last-Modified: Mon, 07 Nov 2022 10:31:18 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9fd081ea88e8b8563986b3e558496d21
60700393dce5eb42c0db0d5feef340f4832e3c65
d92555957857423ed02f0d0435739bcd40a996591c73f40315564b372f6e2395

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3353
Cache-Control: max-age=121183
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 01:47:27 GMT
Etag: "6368de76-1d7"
Expires: Wed, 09 Nov 2022 11:27:10 GMT
Last-Modified: Mon, 07 Nov 2022 10:31:18 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d8c32b2fb818533a5b3fe5c69157bde9
93594fd3fc50d9d444c28660eabba1edbe4f0588
df8b8ce7a83d11fbe075c8780103c509654f288b5d757d64b696d861a11f3c7f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF8B8CE7A83D11FBE075C8780103C509654F288B5D757D64B696D861A11F3C7F"
Last-Modified: Sun, 06 Nov 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3705
Expires: Tue, 08 Nov 2022 02:49:12 GMT
Date: Tue, 08 Nov 2022 01:47:27 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
Alt-Used: 0

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 08 Nov 2022 01:43:31 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 236
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: bKSN+bt/R4TOLdb2zV7drY2rSUhb51WQRi6u1SIKuulCm3euCJc3+RTpNSzJhUwHGDN22GA/vOU=
x-amz-request-id: 3CP5HS98A39N918K
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 08 Nov 2022 00:48:17 GMT
age: 3550
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 08 Nov 2022 01:47:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c4cf436a98600d6e42a719169d746717
a91ee7d3d88e5fca556b9154e16dc4aa2d543d7a
4ea6658517ffd859f8278a2e3c8c364c1c617cd328b0100cc341a2f95854eba5

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4EA6658517FFD859F8278A2E3C8C364C1C617CD328B0100CC341A2F95854EBA5"
Last-Modified: Mon, 07 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5766
Expires: Tue, 08 Nov 2022 03:23:34 GMT
Date: Tue, 08 Nov 2022 01:47:28 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e6f4643306be10417c47176a6e67306f
940a13818904add9e1cacd12610f37ba1efd7bc5
67e51095b5da59b3eeda8a28c81789e69064a0a19a93347c2fcb05fd4b21e6d0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 275
Cache-Control: max-age=113033
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 01:47:28 GMT
Etag: "6368caa6-1d7"
Expires: Wed, 09 Nov 2022 09:11:21 GMT
Last-Modified: Mon, 07 Nov 2022 09:06:46 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

netflix-online-acc.v6.army/netflix/?id=142583359

68.178.164.237

200 OK

463 B

URL HTTP/2
netflix-online-acc.v6.army/netflix/?id=142583359
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
463 B (463 bytes)
Hash
b6e004df39a39bce3298c00fe0f19431
e8173e8a7c94fcf50f4fde85faebfd61d9a45573
d758e15fc5c617dc38777448f0a40a9a9342e7c2b9ef0f6663b23efff13624e7

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
quad9	Sinkholed

HTTP Headers

GET /netflix/?id=142583359 HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
set-cookie: real=OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 463
content-type: text/html; charset=UTF-8
date: Tue, 08 Nov 2022 01:47:28 GMT
server: Apache
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.162.217.251

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.217.251:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: m8/lcTWho0tTlSjOUi6ORA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Rxq6WMmfxGYD208IEaLgQh9F3c0=

netflix-online-acc.v6.army/favicon.ico

68.178.164.237

404 Not Found

273 B

URL HTTP/2
netflix-online-acc.v6.army/favicon.ico
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
273 B (273 bytes)
Hash
eee94005993461414410628e39323524
cc960edcbbe4c3ed08065f14037506343376a5d9
f6f14a831b7a0b737eef5f11a6ab0b6f585494d9e6eefaadd4057180bab43753

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/?id=142583359
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
content-length: 273
content-type: text/html; charset=iso-8859-1
date: Tue, 08 Nov 2022 01:47:28 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d?id=142583359

68.178.164.237

301 Moved Permanently

381 B

URL HTTP/2
netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d?id=142583359
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
381 B (381 bytes)
Hash
17f7a727181352aabd20984fa87d0698
f82a46336d953d3e356255bcf1764e24256f902e
94a2ee19763ba5ed8a352f705a03d98219b7e7f2f3292912d523ec9114814121

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
quad9	Sinkholed

HTTP Headers

GET /netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d?id=142583359 HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/?id=142583359
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 301 Moved Permanently
location: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/?id=142583359
content-length: 381
content-type: text/html; charset=iso-8859-1
date: Tue, 08 Nov 2022 01:47:29 GMT
server: Apache
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12772
Expires: Tue, 08 Nov 2022 05:20:22 GMT
Date: Tue, 08 Nov 2022 01:47:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12772
Expires: Tue, 08 Nov 2022 05:20:22 GMT
Date: Tue, 08 Nov 2022 01:47:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12772
Expires: Tue, 08 Nov 2022 05:20:22 GMT
Date: Tue, 08 Nov 2022 01:47:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12772
Expires: Tue, 08 Nov 2022 05:20:22 GMT
Date: Tue, 08 Nov 2022 01:47:30 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10462 bytes)
Hash
4e2853cc6ec6223160471401e6871f4b
f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c
bf4b9145ea043d87a30fd3aeeae21a1a0aa27004cd2467e7aa843bc894ae1f60

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 6dc7dc5c-88e9-4550-abf0-f16965ab7cd3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bF_38GKXoAMFwSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636579cc-28ea4125437c31cc34683fb7;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 20:45:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q0yZmbExDP4tH0n1n2qj_NR2Mv_y_dsO0LJ1RKZoS6Me-NLbhpUWqw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 09:11:38 GMT
age: 59752
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4737 bytes)
Hash
39446652ee66d20bd73df20f1a29589c
349ea78f3ad0f2f7376ba22e417226b2e06806d7
655a00944a319ba167e99b43055044cb18bc48d53605ff0d1b6c8b1ba8ee8237

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8786d2a2-d21a-4bb6-916d-7fce27ea08f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4737
x-amzn-requestid: ad230e08-9f4e-46cf-9a86-f8e013a1c498
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQBFkEhLIAMFq_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697bbd-7e8b686a23a84c5d473c9ef5;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:42:21 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: FoOPmZEjC6nhw801dgqENVL-9-aC0pyFAF-fMS57XzQyfxck2GGUvA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:55:45 GMT
age: 13905
etag: "349ea78f3ad0f2f7376ba22e417226b2e06806d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F587b13b8-778f-4c2f-afe5-87ac6c7cc3cc.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10574 bytes)
Hash
43bbf037a1c11b983c19f31acaebc246
0d1275a2163b7fa43d5d96024a169f4020da2114
679c3438ef89dcf35ec907611369529b2b6306ac85fb1bbf9e3e376c6a7bb7cb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F587b13b8-778f-4c2f-afe5-87ac6c7cc3cc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10574
x-amzn-requestid: 60664e42-4753-4ad3-8c40-301d6c38a2c7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQALqEtjoAMF3VQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697a4a-3437c3705b65514d35095250;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:36:10 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: LNWO4z0SO2JXfrd9f2VyUjpZUsyhIr7GNPnTtsIkqec-tgpSlwo7_Q==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:57:00 GMT
age: 13830
etag: "0d1275a2163b7fa43d5d96024a169f4020da2114"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab24cc00-346e-4042-b6ef-9a39845fbcea.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.4 kB (3444 bytes)
Hash
09863849007068c6a030b2d9e3919e8b
128d8eba8785f2439fc8afef97fe7833370c959d
d7b66cdf98c9e18e8b0c268511067f78a5e7a3c063e13bf1741c7ecc7726e0ce

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fab24cc00-346e-4042-b6ef-9a39845fbcea.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3444
x-amzn-requestid: a4433da7-1f5d-4868-884c-781b97d7bdda
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bKLHxE3GIAMFw6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63672564-3cc306b55213f93a7aee02f6;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 03:09:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: oz_r-Q8aVYq4Doiet8VW9MMEL4rhGR44kfkErSSBsghfukPzKxmK0w==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 04:12:55 GMT
age: 77675
etag: "128d8eba8785f2439fc8afef97fe7833370c959d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff802202-24f1-4a0e-a772-7eb845e5afd6.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.9 kB (3914 bytes)
Hash
889ad23c83914b0c4ece74ac23c5089a
cb3e3135ab5744389231c9d2601765803f560017
257685b33ec5195f3ab99466dfb45adfa612872711f7d92e8441f7d2d06a7e1b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff802202-24f1-4a0e-a772-7eb845e5afd6.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3914
x-amzn-requestid: 6c3e2774-e55a-453a-bd01-fc4aeb3679e2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bKLHKE_ToAMFfOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63672560-3a205de84cb3382f15ee30bc;Sampled=0
x-amzn-remapped-date: Sun, 06 Nov 2022 03:09:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VUYqV4-vkDsV1Wea0cJmIZZGTXtFN3W4F_JSKeKodaEZjYEiCXUMMA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 04:12:55 GMT
age: 77675
etag: "cb3e3135ab5744389231c9d2601765803f560017"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc57b3745-ae4a-4265-b3dd-286aed8be329.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.0 kB (5978 bytes)
Hash
d22d633d497f2e25eab580a648c05434
8e549621e4182a257895a03db93e786bd86072a5
2263e6c2417c5a40885359d93939febbb9e94cef1c598b7ef95069d50275bf28

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc57b3745-ae4a-4265-b3dd-286aed8be329.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5978
x-amzn-requestid: e4cff3d7-86a7-44a8-8858-7c893c19e76c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAVFHdWIAMFQZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697a86-60d1a8250e0017a3574a6642;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:37:10 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: qSguV2gfEtxsoWSMifxQEbIAAqhUDgVom0IWauJEIrFoMA5f17J-GA==
via: 1.1 599f04a365a179d553682d476509c388.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 21:56:55 GMT
age: 13835
etag: "8e549621e4182a257895a03db93e786bd86072a5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/?id=142583359

68.178.164.237

302 Found

0 B

URL HTTP/2
netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/?id=142583359
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/?id=142583359 HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netflix-online-acc.v6.army/netflix/?id=142583359
Connection: keep-alive
Cookie: real=OK
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 302 Found
set-cookie: bid=06cf4a21a07af4ca81f7d7884bef023d; expires=Thu, 08-Dec-2022 01:47:30 GMT; Max-Age=2592000; path=/
location: login/?id=142583359
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 08 Nov 2022 01:47:30 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359

68.178.164.237

200 OK

4.0 kB

URL HTTP/2
netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3250)
Size
4.0 kB (3987 bytes)
Hash
547e1b08f6340446204e1650e2f74b06
674f074e47fe6773aa68925619c384b8df2d4702
3de048f479c0ea57d8f308f1299ae59ad0f0c5c98828c45594227511641307f7

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359 HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://netflix-online-acc.v6.army/netflix/?id=142583359
Connection: keep-alive
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 3987
content-type: text/html; charset=UTF-8
date: Tue, 08 Nov 2022 01:47:30 GMT
server: Apache
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3a781be677ee9018848f84fec84e13a3
669df36ee57e469dffe1a0b4f0233986da296537
31769c18a04d9ebbd5208525af13d043b9840f29b2f8e9bf5e0bbb56f1910db1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 825
Cache-Control: max-age=131248
Content-Type: application/ocsp-response
Date: Tue, 08 Nov 2022 01:47:31 GMT
Etag: "63690faa-1d7"
Expires: Wed, 09 Nov 2022 14:14:59 GMT
Last-Modified: Mon, 07 Nov 2022 14:01:14 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

i.imgur.com/oB8B5f2.png

151.101.84.193

200 OK

17 kB

URL HTTP/2
i.imgur.com/oB8B5f2.png
IP
151.101.84.193:0
ASN
#54113 FASTLY

File type
PNG image data, 400 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (16809 bytes)
Hash
08e64b2e73b4210f4b66450f3503dfac
c99805d8c07a7d3f7c2def45f7dbb8ac400e25a0
bb1e399c0710c0fac2b531ba875504a4d5c0f7fd221d54992d94275beb5b0479

HTTP Headers

GET /oB8B5f2.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Sat, 28 Sep 2019 07:56:58 GMT
etag: "08e64b2e73b4210f4b66450f3503dfac"
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 08 Nov 2022 01:47:31 GMT
age: 1104761
x-served-by: cache-iad-kjyo7100166-IAD, cache-bma1627-BMA
x-cache: HIT, MISS
x-cache-hits: 32, 0
x-timer: S1667872052.556026,VS0,VE91
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 16809
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/bower_components/jquery/dist/jquery.min.js

68.178.164.237

200 OK

30 kB

URL HTTP/2
netflix-online-acc.v6.army/netflix/bower_components/jquery/dist/jquery.min.js
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (32058)
Size
30 kB (30138 bytes)
Hash
3430607b4301113ad9394c9260eef3f0
8c4db68b161b17e31be300e968a30ab0116b3193
31e4d11375322cd6f94dba7338570426f2412d6c5fa670427966d45c3648098c

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /netflix/bower_components/jquery/dist/jquery.min.js HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "15283-5abe8e1f140c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 30138
content-type: application/javascript
date: Tue, 08 Nov 2022 01:47:31 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/core/form/core_form.css

68.178.164.237

200 OK

688 B

URL HTTP/2
netflix-online-acc.v6.army/netflix/core/form/core_form.css
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text
Size
688 B (688 bytes)
Hash
e0d4c303affa0280db57bfb743699530
32ce559fe4e1fc4f95f625ae52c1c53fbd6717df
a7288c13df84d5381300341ca30af8991357548c975c17dcf707302f6c061ecd

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
quad9	Sinkholed

HTTP Headers

GET /netflix/core/form/core_form.css HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "af6-5abe8e1f140c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 688
content-type: text/css
date: Tue, 08 Nov 2022 01:47:31 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/core/token/core_token.js

68.178.164.237

200 OK

1.5 kB

URL HTTP/2
netflix-online-acc.v6.army/netflix/core/token/core_token.js
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text
Size
1.5 kB (1457 bytes)
Hash
d47ae634cc0f909dd4d96c52fe4b3421
fa4abf2d7aef5c0d9a6b939d46bdd602d1022f9d
07378e014594d8522632b4d4414029c3f64870a1a658a4b89d28056230d71b07

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /netflix/core/token/core_token.js HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "277a-5abe8e1f140c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1457
content-type: application/javascript
date: Tue, 08 Nov 2022 01:47:31 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/core/form/core_form.js

68.178.164.237

200 OK

4.0 kB

URL HTTP/2
netflix-online-acc.v6.army/netflix/core/form/core_form.js
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text
Size
4.0 kB (3952 bytes)
Hash
15eea95f959722861090ee2d398b9def
f4ccbfec6eacf4690a886990eef6980ccf9edec8
3d91e7b7b4c94168dd8636d03b8eb6e9b2f51076cd6317bb2c464a1b2ef330eb

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /netflix/core/form/core_form.js HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "3f9c-5abe8e1f140c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3952
content-type: application/javascript
date: Tue, 08 Nov 2022 01:47:31 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/bower_components/font-awesome/css/font-awesome.min.css

68.178.164.237

200 OK

7.1 kB

URL HTTP/2
netflix-online-acc.v6.army/netflix/bower_components/font-awesome/css/font-awesome.min.css
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with very long lines (30837)
Size
7.1 kB (7053 bytes)
Hash
52f1a8a2ce85fa8432308b33bc1a2e79
fd80917af5371c8ecad0198592a1e7cce4b77b0e
07bd6a9ea0213e20f362485aadc17a88c486ecfb394004b41b8b38db6e6a35f6

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
quad9	Sinkholed

HTTP Headers

GET /netflix/bower_components/font-awesome/css/font-awesome.min.css HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "7918-5abe8e1f140c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7053
content-type: text/css
date: Tue, 08 Nov 2022 01:47:31 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/core/token/core_token.css

68.178.164.237

200 OK

315 B

URL HTTP/2
netflix-online-acc.v6.army/netflix/core/token/core_token.css
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text
Size
315 B (315 bytes)
Hash
68aa8d862cade39031bdf2e123c43e56
bcfa1dc72b51a9c43de0ab77ca1f685dda3af92b
1ca3755f88514044426f6eee07a6ff7f14e846ddc2a4953051b5a992b92f135b

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
quad9	Sinkholed

HTTP Headers

GET /netflix/core/token/core_token.css HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "277-5abe8e1f140c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 315
content-type: text/css
date: Tue, 08 Nov 2022 01:47:31 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/login/index.css

68.178.164.237

200 OK

12 kB

URL HTTP/2
netflix-online-acc.v6.army/netflix/login/index.css
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
Unicode text, UTF-8 text, with very long lines (469)
Size
12 kB (11673 bytes)
Hash
4c9f24e06d4c667e0b174a9a53154164
589efc017c871ecf725cafdb551a737d96756c98
cdcfac1c3fe313cd98e2b6cf154ca043d60689eb16a5002aa463b67ec2d80ed5

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
quad9	Sinkholed

HTTP Headers

GET /netflix/login/index.css HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "11f5d-5abe8e1f140c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 11673
content-type: text/css
date: Tue, 08 Nov 2022 01:47:31 GMT
server: Apache
X-Firefox-Spdy: h2

assets.nflxext.com/ffe/siteui/vlv3/1dc71685-b450-4422-ac2f-1ed8ece89919/90a9eee9-65ba-402a-9fd8-b05d5d7440d9/NL-en-20190218-popsignuptwoweeks-perspective_alpha_website_medium.jpg

45.57.90.1

200 OK

208 kB

URL HTTP/1.1
assets.nflxext.com/ffe/siteui/vlv3/1dc71685-b450-4422-ac2f-1ed8ece89919/90a9eee9-65ba-402a-9fd8-b05d5d7440d9/NL-en-20190218-popsignuptwoweeks-perspective_alpha_website_medium.jpg
IP
45.57.90.1:0
ASN
#40027 NETFLIX-ASN

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1125, components 3\012- data
Size
208 kB (207989 bytes)
Hash
91b4d85887a5ba1a71dce240d54b1cea
d14f677a8ab225c5a8d0b08ca667ea07c1a13965
69136091238231f1fc8adcf7898f1f8e0320a3bd8fa5abeea9ec177d4a01f202

HTTP Headers

GET /ffe/siteui/vlv3/1dc71685-b450-4422-ac2f-1ed8ece89919/90a9eee9-65ba-402a-9fd8-b05d5d7440d9/NL-en-20190218-popsignuptwoweeks-perspective_alpha_website_medium.jpg HTTP/1.1
Host: assets.nflxext.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 08 Nov 2022 01:47:32 GMT
Content-Type: image/jpeg
Content-Length: 207989
Connection: keep-alive
Accept-Ranges: bytes
Content-MD5: kbTYWIeluhpx3OJA1Usc6g==
Last-Modified: Wed, 20 Feb 2019 13:57:52 GMT
Cache-Control: max-age=604801
Expires: Tue, 15 Nov 2022 01:47:33 GMT

netflix-online-acc.v6.army/netflix/login/form/css.css

68.178.164.237

200 OK

200 B

URL HTTP/2
netflix-online-acc.v6.army/netflix/login/form/css.css
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text
Size
200 B (200 bytes)
Hash
4b8d38fa36a47c14e26399816c451227
d9921e63616ca5f89db83f495be6f63acf95e048
9c59fddbfdb522c523c60eaf575be7317c77c9cc3fd383e54aea5ad6ba585868

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
quad9	Sinkholed

HTTP Headers

GET /netflix/login/form/css.css HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "164-5abe8e1f140c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 200
content-type: text/css
date: Tue, 08 Nov 2022 01:47:31 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/login/form/form.js?v=6369b53340459

68.178.164.237

200 OK

626 B

URL HTTP/2
netflix-online-acc.v6.army/netflix/login/form/form.js?v=6369b53340459
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text
Size
626 B (626 bytes)
Hash
c0328e89fb60d267fbbb17f437914c3b
8cfdbf9752314ade4ffc65f933f8a04917aaa958
ddd5d1ad5bfe667d81b83760d5f0fe6cc80e8d2546698f97a70fc577e41479c4

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
quad9	Sinkholed

HTTP Headers

GET /netflix/login/form/form.js?v=6369b53340459 HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "a49-5abe8e1f140c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 626
content-type: application/javascript
date: Tue, 08 Nov 2022 01:47:32 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/login/token/token.js?v=6369b5334045e

68.178.164.237

200 OK

516 B

URL HTTP/2
netflix-online-acc.v6.army/netflix/login/token/token.js?v=6369b5334045e
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text
Size
516 B (516 bytes)
Hash
618403e922584d493d90e88a9a151cda
f44949bed024bdb5d49eda5d16f8252eeb09f691
d2c7111a465a323d5a08768fe787b09c8858c764de8ee7c8c95570b08012e8ce

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /netflix/login/token/token.js?v=6369b5334045e HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "4be-5abe8e1f140c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 516
content-type: application/javascript
date: Tue, 08 Nov 2022 01:47:32 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/login/form/newloader.gif

68.178.164.237

200 OK

557 kB

URL HTTP/2
netflix-online-acc.v6.army/netflix/login/form/newloader.gif
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
GIF image data, version 89a, 480 x 480\012- data
Size
557 kB (557122 bytes)
Hash
ef8d4e6b20b0cf0d68713fb2f6069042
d62bb4b1a169c88879de3bd2f5c4292b6259a952
32bfc673211421c1a5a33acc98291840183582f11d15490954b42a81d79d4630

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
quad9	Sinkholed

HTTP Headers

GET /netflix/login/form/newloader.gif HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "88042-5abe8e1f140c0"
accept-ranges: bytes
content-length: 557122
content-type: image/gif
date: Tue, 08 Nov 2022 01:47:31 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/login/nficon2016.ico

68.178.164.237

200 OK

1.6 kB

URL HTTP/2
netflix-online-acc.v6.army/netflix/login/nficon2016.ico
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel\012- data
Size
1.6 kB (1559 bytes)
Hash
d414c82fd379c321317bc5f13e829446
7dde4dcb3beefaaf5ed212aa9f8e316cff2d73d0
352a19f0af90678298a77bad9e938cfdffa050952aee98fd1fee640f9f130a8a

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /netflix/login/nficon2016.ico HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "423e-5abe8e1f140c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1559
content-type: image/x-icon
date: Tue, 08 Nov 2022 01:47:33 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/login/nf-icon-v1-93.woff

68.178.164.237

200 OK

74 kB

URL HTTP/2
netflix-online-acc.v6.army/netflix/login/nf-icon-v1-93.woff
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
Web Open Font Format, CFF, length 73572, version 0.0\012- data
Size
74 kB (73572 bytes)
Hash
7cf6156cc481244b5a254362d7b73f00
4391003d1cb06d2bd1921a5813a57604fa7d9935
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /netflix/login/nf-icon-v1-93.woff HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/login/index.css
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d; lng=de
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "11f64-5abe8e1f140c0"
accept-ranges: bytes
content-length: 73572
vary: Accept-Encoding
content-type: font/woff
date: Tue, 08 Nov 2022 01:47:33 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/home.php?pl=token&link=security&bid=06cf4a21a07af4ca81f7d7884bef023d&callback=jQuery3210692842641007478_1667872049484&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1667872049485

68.178.164.237

200 OK

76 B

URL HTTP/2
netflix-online-acc.v6.army/netflix/home.php?pl=token&link=security&bid=06cf4a21a07af4ca81f7d7884bef023d&callback=jQuery3210692842641007478_1667872049484&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1667872049485
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with no line terminators
Size
76 B (76 bytes)
Hash
ad6f35d032357405e4be3b2b320e1b3c
645fb5cfb6c074089cca271ac10f66dd56b7ae50
3facd882a3dff5e80cb3f1a14db7b9f9b4b84d0bb86d29e7623abccf5171aa97

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
quad9	Sinkholed

HTTP Headers

GET /netflix/home.php?pl=token&link=security&bid=06cf4a21a07af4ca81f7d7884bef023d&callback=jQuery3210692842641007478_1667872049484&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1667872049485 HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d; lng=de
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 76
content-type: application/json
date: Tue, 08 Nov 2022 01:47:33 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/home.php?pl=token&link=security&bid=06cf4a21a07af4ca81f7d7884bef023d&callback=jQuery3210692842641007478_1667872049486&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1667872049487

68.178.164.237

200 OK

76 B

URL HTTP/2
netflix-online-acc.v6.army/netflix/home.php?pl=token&link=security&bid=06cf4a21a07af4ca81f7d7884bef023d&callback=jQuery3210692842641007478_1667872049486&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1667872049487
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type
ASCII text, with no line terminators
Size
76 B (76 bytes)
Hash
4aac8c9e6bd3821e55de3e8dd37443b2
e160beca73ea796409eca3f0f046a8d5296976d5
a0cec24895381f13d502e87acf335354d7dc932ff4a7682ef384f5dc0575c8e6

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
quad9	Sinkholed

HTTP Headers

GET /netflix/home.php?pl=token&link=security&bid=06cf4a21a07af4ca81f7d7884bef023d&callback=jQuery3210692842641007478_1667872049486&data=%7B%22mes%22%3A%22User%20on%20login%20page%22%7D&_=1667872049487 HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d; lng=de
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 76
content-type: application/json
date: Tue, 08 Nov 2022 01:47:33 GMT
server: Apache
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd21b731d-5fcc-42b8-ba5c-4292558c1d65.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12165 bytes)
Hash
37802736d42529da1237e5d89e253928
6f246d25b36dc880489f3af2ae8767a0f5f2542b
b21622ee7e858a4508096480ec3ffba824e96d469b0fcfa0f6daaabad296fd40

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd21b731d-5fcc-42b8-ba5c-4292558c1d65.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 12165
x-amzn-requestid: 7baae03c-2e22-477c-9c14-d21a26469b47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQAvEFHdIAMF_XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63697b2d-2edb1d9722872b1166a5b085;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 21:39:57 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1QlljbC_YBobvvYSxTH2jH4a4kZAK8Am-k6CNxJrLIm1TY1gbfP1gg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 07 Nov 2022 22:12:03 GMT
age: 12933
etag: "6f246d25b36dc880489f3af2ae8767a0f5f2542b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/bower_components/angular/angular.min.js

68.178.164.237

200 OK

0 B

URL HTTP/2
netflix-online-acc.v6.army/netflix/bower_components/angular/angular.min.js
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /netflix/bower_components/angular/angular.min.js HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "2937c-5abe8e1f140c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Tue, 08 Nov 2022 01:47:31 GMT
server: Apache
X-Firefox-Spdy: h2

netflix-online-acc.v6.army/netflix/login/ng/ng.js?v=6369b5334045d

68.178.164.237

200 OK

0 B

URL HTTP/2
netflix-online-acc.v6.army/netflix/login/ng/ng.js?v=6369b5334045d
IP
68.178.164.237:0
ASN
#26496 AS-26496-GO-DADDY-COM-LLC

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
urlquery		DynDNS domain detected
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /netflix/login/ng/ng.js?v=6369b5334045d HTTP/1.1
Host: netflix-online-acc.v6.army
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://netflix-online-acc.v6.army/netflix/a1b2c3/06cf4a21a07af4ca81f7d7884bef023d/login/?id=142583359
Cookie: real=OK; bid=06cf4a21a07af4ca81f7d7884bef023d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 02 Aug 2020 18:06:35 GMT
etag: "1497-5abe8e1f140c0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1374
content-type: application/javascript
date: Tue, 08 Nov 2022 01:47:32 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP