Report - srv211963.hoster-test.ru/login.php

Report Overview

Submitted URL
srv211963.hoster-test.ru/login.php
IP
31.28.24.131
ASN
#12616 Citytelecom LLC
Submitted
2024-04-24 11:41:24
Access
public
Website Title
Netflix
Final URL
srv211963.hoster-test.ru/login.php
Tags
netflix phishing
urlquery detections
Phishing - Netflix

Detections

urlquery
15
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
srv211963.hoster-test.ru	unknown	unknown	No data	No data	3.0 kB	2.2 MB	31.28.24.131
assets.nflxext.com	3871	2011-02-11	2015-07-22	2024-04-23	526 B	74 kB	45.57.91.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (9)

URL IP Response Size

srv211963.hoster-test.ru/login.php

31.28.24.131

12 kB

URL User Request GET
srv211963.hoster-test.ru/login.php
IP
31.28.24.131:0
ASN
#12616 Citytelecom LLC

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2418), with CRLF line terminators
Size
12 kB (12385 bytes)
Hash
2bb54398e7f7fcc3e34a6d65fc2433fb
2f806ef9981d1b98dd861b45392f64b585d988fb
83cb5db169173a7ee35ebab1097e5701045564bc09588f052991c5e70ef67ec6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /login.php HTTP/1.1
Host: srv211963.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 11:40:58 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/7.3.32
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: MISS from t0.hoster.ru:6666
Transfer-Encoding: chunked
Connection: keep-alive

srv211963.hoster-test.ru/css/login2.css

31.28.24.131

200 OK

14 kB

URL GET HTTP/1.1
srv211963.hoster-test.ru/css/login2.css
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv211963.hoster-test.ru/login.php

File type
ASCII text
Size
14 kB (13813 bytes)
Hash
55e71ede3187fe3cd1db2b1582c03376
f8843a8949ea487a6e332f3d6c4ecbbb2995a20d
d622e7c909d7ddd5d9b3a50f894114345c5b15898a430c5a2fe6928035852c37

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /css/login2.css HTTP/1.1
Host: srv211963.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv211963.hoster-test.ru/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 11:40:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Fri, 19 Apr 2024 13:20:15 GMT
ETag: "32c16dd-35f5-61672f2c35d4d"
Accept-Ranges: bytes
Content-Length: 13813
Content-Type: text/css
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

srv211963.hoster-test.ru/css/style.css

31.28.24.131

200 OK

110 kB

URL GET HTTP/1.1
srv211963.hoster-test.ru/css/style.css
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv211963.hoster-test.ru/login.php

File type
ASCII text, with very long lines (1500), with CRLF line terminators
Size
110 kB (109897 bytes)
Hash
0cdae2e22a1f71f2b2eb121971895430
387f18b8e5fe8f72dd1b47e654d00bd01103ceda
1c22371c656a4b87d3d6e46c4fa03573efc382782fbf74d67af2e7d00a402d1c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /css/style.css HTTP/1.1
Host: srv211963.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv211963.hoster-test.ru/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 11:40:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Fri, 19 Apr 2024 13:20:15 GMT
ETag: "32c16e1-1ad49-61672f2c370d5"
Accept-Ranges: bytes
Content-Length: 109897
Content-Type: text/css
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

srv211963.hoster-test.ru/css/login.css

31.28.24.131

200 OK

161 kB

URL GET HTTP/1.1
srv211963.hoster-test.ru/css/login.css
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv211963.hoster-test.ru/login.php

File type
ASCII text
Size
161 kB (160819 bytes)
Hash
3bdcdfb525022b8894c001913f15944f
99ab84d72a77b41f643012c1240943233e9f0ed7
dc6c504c324eb03c23b34b2c47e3152bffbf77f4f6a9ae5aa37d0b4dc67046ee

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /css/login.css HTTP/1.1
Host: srv211963.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv211963.hoster-test.ru/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 11:40:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Fri, 19 Apr 2024 13:20:15 GMT
ETag: "32c16dc-27433-61672f2c35965"
Accept-Ranges: bytes
Content-Length: 160819
Content-Type: text/css
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

srv211963.hoster-test.ru/js/login.js

31.28.24.131

200 OK

1.7 MB

URL GET HTTP/1.1
srv211963.hoster-test.ru/js/login.js
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv211963.hoster-test.ru/login.php

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
1.7 MB (1667779 bytes)
Hash
7476a4908eb08527bc6732c22743c288
70988035a666b98a38349554d0c51d36f5018ed4
76b22adfdb4470bf90d43617d7c1bbf7466313745e8ee2882f721faf43f9dbb8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /js/login.js HTTP/1.1
Host: srv211963.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv211963.hoster-test.ru/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 11:40:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Fri, 19 Apr 2024 13:20:16 GMT
ETag: "32c2c40-1972c3-61672f2d2d248"
Accept-Ranges: bytes
Content-Length: 1667779
Content-Type: text/javascript
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

srv211963.hoster-test.ru/img/FR-fr-20211220-popsignuptwoweeks-perspective_alpha_website_large.jpg

31.28.24.131

200 OK

181 kB

URL GET HTTP/1.1
srv211963.hoster-test.ru/img/FR-fr-20211220-popsignuptwoweeks-perspective_alpha_website_large.jpg
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv211963.hoster-test.ru/login.php

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1125, components 3
Size
181 kB (181051 bytes)
Hash
ac9adf05b83b7065f72ba30e88dda8f0
a24f6e9568be7afc702402e9418a030ed0e074d1
c169d548f0b168b555605cf05d1db506e68edbde0ccfa9897cf4d2069b785e34

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /img/FR-fr-20211220-popsignuptwoweeks-perspective_alpha_website_large.jpg HTTP/1.1
Host: srv211963.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv211963.hoster-test.ru/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 11:40:58 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Fri, 19 Apr 2024 13:20:15 GMT
ETag: "32c1811-2c33b-61672f2c608e3"
Accept-Ranges: bytes
Content-Length: 181051
Cache-Control: max-age=86400
Expires: Thu, 25 Apr 2024 11:40:58 GMT
Content-Type: image/jpeg
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff

45.57.91.1

200 OK

74 kB

URL GET HTTP/1.1
assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
IP
45.57.91.1:443
ASN
#40027 NETFLIX-ASN

Requested by
http://srv211963.hoster-test.ru/login.php
Certificate
IssuerDigiCert Inc
Subject*.1.nflxso.net
Fingerprint05:4C:AA:5B:B8:8B:F8:FD:1B:CF:C4:DF:A3:87:9F:0F:DA:8A:56:2C
ValiditySun, 14 Apr 2024 00:00:00 GMT - Fri, 17 May 2024 23:47:24 GMT

File type
Web Open Font Format, CFF, length 73572, version 0.0
Size
74 kB (73572 bytes)
Hash
7cf6156cc481244b5a254362d7b73f00
4391003d1cb06d2bd1921a5813a57604fa7d9935
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

HTTP Headers

GET /ffe/siteui/fonts/nf-icon-v1-93.woff HTTP/1.1
Host: assets.nflxext.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://srv211963.hoster-test.ru
DNT: 1
Connection: keep-alive
Referer: http://srv211963.hoster-test.ru/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 11:40:59 GMT
Content-Type: font/woff
Content-Length: 73572
Connection: keep-alive
Content-MD5: fPYVbMSBJEtaJUNi17c/AA==
Last-Modified: Mon, 29 Jan 2018 01:50:51 GMT
Cache-Control: max-age=604801
Expires: Wed, 01 May 2024 11:41:00 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

srv211963.hoster-test.ru/img/nficon2016.png

31.28.24.131

200 OK

1.8 kB

URL GET HTTP/1.1
srv211963.hoster-test.ru/img/nficon2016.png
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv211963.hoster-test.ru/login.php

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1755 bytes)
Hash
3d194514babc5d7d010308a0f808ca51
867e51e9b4a474c19da52d6454076c007a9d01f2
7341f7b8b0ae3c0da4aea559efc31f0b53d9db9dd291664fdcf7d618fd95ed8a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /img/nficon2016.png HTTP/1.1
Host: srv211963.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv211963.hoster-test.ru/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 11:40:59 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Fri, 19 Apr 2024 13:20:15 GMT
ETag: "32c181d-6db-61672f2c6b0da"
Accept-Ranges: bytes
Content-Length: 1755
Cache-Control: max-age=86400
Expires: Thu, 25 Apr 2024 11:40:59 GMT
Content-Type: image/png
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

srv211963.hoster-test.ru/img/nficon2016.ico

31.28.24.131

200 OK

17 kB

URL GET HTTP/1.1
srv211963.hoster-test.ru/img/nficon2016.ico
IP
31.28.24.131:80
ASN
#12616 Citytelecom LLC

Requested by
http://srv211963.hoster-test.ru/login.php

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
Size
17 kB (16958 bytes)
Hash
41b45fdce09bd6acd07c7a8949da675e
931e18dfc6e7d950dc2f2bbdfe31e1ea720acf7c
abe8012eb65c0dc0ac3e87dcc1e60e1908ebd8f12b7c47a5df1856f7a7bb1edd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /img/nficon2016.ico HTTP/1.1
Host: srv211963.hoster-test.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://srv211963.hoster-test.ru/login.php
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 11:40:59 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Fri, 19 Apr 2024 13:20:15 GMT
ETag: "32c181c-423e-61672f2c6b0da"
Accept-Ranges: bytes
Content-Length: 16958
Content-Type: image/vnd.microsoft.icon
X-Cache: MISS from t0.hoster.ru
X-Cache-Lookup: HIT from t0.hoster.ru:6666
Connection: keep-alive

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (9)

URL User Request GET

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers