Report - 1naturecrafted.com/offer/sweep/netflix

Report Overview

Submitted URL
1naturecrafted.com/offer/sweep/netflix_ro
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-24 03:40:42
Access
public
Website Title
Netflix
Final URL
1naturecrafted.com/offer/sweep/netflix_ro/
Tags
netflix phishing
urlquery detections
Phishing - Netflix

Detections

urlquery
14
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
1naturecrafted.com	unknown	unknown	No data	No data	5.8 kB	1.1 MB	188.114.96.1
assets.nflxext.com	3871	2011-02-11	2015-07-22	2024-04-23	2.1 kB	219 kB	45.57.90.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	1naturecrafted.com/cms/js/intlphoneutils.js	246 kB	2023-03-07	2024-04-24
Pretty URL 1naturecrafted.com/cms/js/intlphoneutils.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:27:29 Last Seen2024-04-24 05:40:49 Times Seen200 Hash bc170b654adadd1c81870c1ed67d347d b704fad68445a92c3327c5ee6a63c5058ce83f15 94a0b218d743989ec49026c615c82874fd9e64d5e48779c9452ffc9d259a6370 Loading...

	1naturecrafted.com/offer/sweep/netflix_ro/	1.2 kB	2024-04-24	2024-04-24
Pretty URL 1naturecrafted.com/offer/sweep/netflix_ro/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 05:40:49 Last Seen2024-04-24 05:40:49 Times Seen1 Hash b4f92d139469de3ef0ad521581b6453b 9d99ddc8ffe8b30b8c579738399fe63f5b52ef57 9500f04742a3d10348df06598795324adedfef332e6f3e74e498d451fea34e74 Loading...

	1naturecrafted.com/offer/sweep/netflix_ro/	839 B	2024-04-24	2024-04-24
Pretty URL 1naturecrafted.com/offer/sweep/netflix_ro/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-24 05:40:49 Last Seen2024-04-24 05:40:49 Times Seen1 Hash e286a67a148cd691a0db0336a0eef028 0b0f0abd07e593e59af11c234196d5b2ea0d320f b44fcea2e02eeb90e9be23f13768ab7403e9931fb11b665b9c9f7c7438f58085 Loading...

	1naturecrafted.com/cms/js/intlphone.js	29 kB	2023-05-17	2024-04-24
Pretty URL 1naturecrafted.com/cms/js/intlphone.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-17 13:39:55 Last Seen2024-04-24 05:40:49 Times Seen28 Hash bd5ef80a00414a37ccda5d76564cd971 adb0d4bd291d9938c5201c69fb118b6ac99b5e93 5e4e9f3f960d1454d35281c461373e7e9e983f26a262e16b08f80506c2425d63 Loading...

	1naturecrafted.com/offer/sweep/netflix_ro/	1.4 kB	2023-03-10	2024-04-24
Pretty URL 1naturecrafted.com/offer/sweep/netflix_ro/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 14:31:27 Last Seen2024-04-24 05:40:49 Times Seen2 Hash 69d5f9ed213283821c6a03997e4485e8 6b6bdcff426817f80e3647e6ce5dceef0216e217 bd6eb71a42727237a3ca977d17213de78f5aa57899cfeb73e5e4391f1b0640cf Loading...

HTTP Transactions (17)

URL IP Response Size

1naturecrafted.com/offer/sweep/netflix_ro/

188.114.96.1

200 OK

37 kB

URL User Request GET HTTP/1.1
1naturecrafted.com/offer/sweep/netflix_ro/
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (458)
Size
37 kB (37032 bytes)
Hash
34c4eb95144af640203aab240112d762
ee66d79dde095b2c62c61e692818823274692134
7ace9d34a9ce0cf0e4f5446c6655514fba4037b0e12a2d504be6ce4e4feabb43

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /offer/sweep/netflix_ro/ HTTP/1.1
Host: 1naturecrafted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 03:40:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: f2d90005c6cbeabf030b89390a7689a6174aa019=eNqLjgUAARUAuQ__; expires=Fri, 24-May-2024 03:40:15 GMT; Max-Age=2592000; path=/
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LlL33dUjD%2FEIbd2C4RJaKpWUu%2BhcvC05Gpmfb53tfkSE6VrBzARQvqG%2F4BkxMVxWOCWNCjEljMGJm%2FT7wppeaxpFpdpUA1KfkzQU37zKtJlzDhe4U5wJoPFvtd4AATtUtBrwJrA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8793122338b056cb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

1naturecrafted.com/cms/css/intlphone.css

188.114.97.1

200 OK

2.9 kB

URL GET HTTP/1.1
1naturecrafted.com/cms/css/intlphone.css
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/

File type
ASCII text, with very long lines (19173), with no line terminators
Size
2.9 kB (2906 bytes)
Hash
c9c63f984d54601c2b17a234bba09435
b03acf8b30ddf0330f5cc19ec5ccb5ffa47630c2
a78c0708cd73d1ac451649f7623b3852e02aa1216575ea588863fc0d4e1127f8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /cms/css/intlphone.css HTTP/1.1
Host: 1naturecrafted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/offer/sweep/netflix_ro/
Cookie: f2d90005c6cbeabf030b89390a7689a6174aa019=eNqLjgUAARUAuQ__
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 03:40:15 GMT
Content-Type: text/css
Content-Length: 2906
Connection: keep-alive
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Tue, 23 Apr 2024 09:30:31 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zFtHBmBOMrrW0oCtqryGT9jEma0cndDRPy5BE0jd5BOKF4fKtv895RBd4HuOdA5rzs76BF%2BQeKpOJx7RwIZYTKzyPzSri9qYnXRigk3rnhO94JpQ8koT3fLcAFenvxYhcD6iVeE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87931225efe156b9-OSL
alt-svc: h2=":443"; ma=60

1naturecrafted.com/offer/sweep/netflix_ro/css/1.css

188.114.96.1

1.4 kB

URL
1naturecrafted.com/offer/sweep/netflix_ro/css/1.css
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.4 kB (1404 bytes)
Hash
21e6f63152b7aa9a84b1b27a0b7c9f5f
7924f1ef0278ce5aecd55dc569473c4aa722a8be
122db6d87a8008f54e981830358ba4c0bfb8da210fc55c23c167fbcb3d6a3b78

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /offer/sweep/netflix_ro/css/1.css HTTP/1.1
Host: 1naturecrafted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/offer/sweep/netflix_ro/
Cookie: f2d90005c6cbeabf030b89390a7689a6174aa019=eNqLjgUAARUAuQ__
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 03:40:15 GMT
Content-Type: text/css
Content-Length: 1404
Connection: keep-alive
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Wed, 24 Apr 2024 03:40:15 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9M3VhH0RNuiesy6PBBjhQzI3LJMDXEd4vbZTmln0LQ2qZX4iTbZeG6gAMvDOIfdtfVg0ulcx34yWSk9ojgIPlxOTFpbqCDdqbY1s8rFFMS0Z%2F3sN5CYCBYX2%2BNIwFfyqAPyLpis%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87931225e96956cb-OSL
alt-svc: h2=":443"; ma=60

1naturecrafted.com/offer/sweep/netflix_ro/css/2.css

188.114.97.1

200 OK

241 B

URL GET HTTP/1.1
1naturecrafted.com/offer/sweep/netflix_ro/css/2.css
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/

File type
ASCII text
Size
241 B (241 bytes)
Hash
c4a76bb96c0fdb2914772798eeb95696
13c02c44b21110588f36a821242a7df95a34fd08
b128bed5dcb7d81e0c2858eb62745e28de5e60beedf1d9cb0110ff10063104ef

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /offer/sweep/netflix_ro/css/2.css HTTP/1.1
Host: 1naturecrafted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/offer/sweep/netflix_ro/
Cookie: f2d90005c6cbeabf030b89390a7689a6174aa019=eNqLjgUAARUAuQ__
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 03:40:15 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Etag: W/"658063d0-24f"
Last-Modified: Mon, 18 Dec 2023 15:22:56 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1MNgP%2BIxhfY6FWDUpLuQh3yuzS0SMrJtss%2FfLyR8ayaqPnOEj4sYqAim3gx2eISFpOkabb0SRox6A5481JqrhKH02bdnwuESyX25JXzSie%2F%2FD8xE%2BtInBgJ4U6hS6%2F6sIehRSaA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87931225e96c56cb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

1naturecrafted.com/cms/js/intlphone.js

188.114.97.1

200 OK

11 kB

URL GET HTTP/1.1
1naturecrafted.com/cms/js/intlphone.js
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (26970)
Size
11 kB (10817 bytes)
Hash
7b9734a641e01f9d4e72810a78867fdb
d5c955e7beb9afd26038ad95266548eaf6a5288c
deef52b75a8c1f5a9c4e14bdcbee549988c88a27e8142d8339ee5f256bd26981

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /cms/js/intlphone.js HTTP/1.1
Host: 1naturecrafted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/offer/sweep/netflix_ro/
Cookie: f2d90005c6cbeabf030b89390a7689a6174aa019=eNqLjgUAARUAuQ__
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 03:40:15 GMT
Content-Type: application/javascript
Content-Length: 10817
Connection: keep-alive
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Tue, 23 Apr 2024 09:30:33 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MOOnLzTbIVRdFub4xk%2Fk8zLnf%2Bh7rzW%2F%2Fb5L3JXFSmSv%2F1Z3hku7wo0pYGVVfqZGEySNSHPvKawqCLXOpKHmI%2BFRiWwZU%2FZd5Y90WC3DKzdEkqXr1vzwimRHvrY7z5lEHXTi8Pk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87931225ffdd5695-OSL
alt-svc: h2=":443"; ma=60

1naturecrafted.com/offer/sweep/netflix_ro/img/powered_by_logo.svg

188.114.97.1

200 OK

2.0 kB

URL GET HTTP/1.1
1naturecrafted.com/offer/sweep/netflix_ro/img/powered_by_logo.svg
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/

File type
SVG Scalable Vector Graphics image
Size
2.0 kB (2038 bytes)
Hash
63e737d3544164d2b7f4fbca416ac807
030370aa38715e4c41589633f69d0bfe8255d46c
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /offer/sweep/netflix_ro/img/powered_by_logo.svg HTTP/1.1
Host: 1naturecrafted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/offer/sweep/netflix_ro/
Cookie: f2d90005c6cbeabf030b89390a7689a6174aa019=eNqLjgUAARUAuQ__
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 03:40:15 GMT
Content-Type: image/svg+xml
Content-Length: 2038
Connection: keep-alive
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Tue, 23 Apr 2024 09:30:32 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6sq7PAri3UKsefLlGv9ZDVBuNgJzKPevvvjRG%2Bxu47WXpgv8BzxIl61l%2FCSKbYo0V9k82ahxnQp%2BG6uIYHdIUZU4%2BTxe9jTCHSASx2yZKtA1CJCBNqfKnu5S2uy52A5MfClm7nE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8793122668a55691-OSL
alt-svc: h2=":443"; ma=60

1naturecrafted.com/offer/sweep/netflix_ro/img/2.png

188.114.96.1

200 OK

115 kB

URL GET HTTP/1.1
1naturecrafted.com/offer/sweep/netflix_ro/img/2.png
IP
188.114.96.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1080, Scaling: [none]x[none], YUV color, decoders should clamp
Size
115 kB (115372 bytes)
Hash
5351a89b2ea1fe7e0797611d88bf581b
0de8bca022db0cff7ebb633b210166d6330d0cf3
ee97b846abc69da4ac80c53a75653999da4c2f66762b3bd0229a678e5b8f5915

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /offer/sweep/netflix_ro/img/2.png HTTP/1.1
Host: 1naturecrafted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/offer/sweep/netflix_ro/
Cookie: f2d90005c6cbeabf030b89390a7689a6174aa019=eNqLjgUAARUAuQ__
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 03:40:15 GMT
Content-Type: image/webp
Content-Length: 115372
Connection: keep-alive
Etag: "658063d1-1e0e82"
Last-Modified: Mon, 18 Dec 2023 15:22:57 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CHE4apIH53axF30F2ElRFBy%2F0tVP4oODItnWJOfn3TexauAVMtvwIDFd%2BuyuktOpF8aD6XrFTqcG6A7e3k625KiYtfceecjYAZAKLatB1LaS7Zf1dkji5%2FSbffPJVjNH%2B5KLhdk%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87931226698456cb-OSL
alt-svc: h2=":443"; ma=60

1naturecrafted.com/offer/sweep/netflix_ro/img/bg.jpeg

188.114.97.1

669 kB

URL
1naturecrafted.com/offer/sweep/netflix_ro/img/bg.jpeg
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 3840x2480, Scaling: [none]x[none], YUV color, decoders should clamp
Size
669 kB (669196 bytes)
Hash
26a96d9219360bc39ecad3ebb9fd0b24
7e3b4ac6a0b97ebb8cc1d5af7199dd74f7e92b57
1744548a7a19986e46a933a13cf0ad51696561190458c049d46e9b3ab5fd387a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /offer/sweep/netflix_ro/img/bg.jpeg HTTP/1.1
Host: 1naturecrafted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/offer/sweep/netflix_ro/
Cookie: f2d90005c6cbeabf030b89390a7689a6174aa019=eNqLjgUAARUAuQ__
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 03:40:15 GMT
Content-Type: image/webp
Content-Length: 669196
Connection: keep-alive
Etag: "658063d2-2606e7"
Last-Modified: Mon, 18 Dec 2023 15:22:58 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NqagrAk41mfKV73CWyDvoFhcvSDcZ%2BG0PbzQOLNrUIrkB0oZkGpghlpLhGzZWlfPFPeMAovQ%2BitGXHPhYbObXkERzprI1Y86oWrxp7uBgecQI0xgXLSNwlBE%2F6BnjJMFpkGMA%2BU%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87931226698556cb-OSL
alt-svc: h2=":443"; ma=60

1naturecrafted.com/offer/sweep/netflix_ro/img/logo.png

188.114.97.1

200 OK

15 kB

URL GET HTTP/1.1
1naturecrafted.com/offer/sweep/netflix_ro/img/logo.png
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/

File type
RIFF (little-endian) data, Web/P image
Size
15 kB (14656 bytes)
Hash
10fb5af1b5a0c79a135338b81eec6545
33448a0d4a72de123c3a2e2e940cf6289758cab5
e9aaf5d46608be22f8427c95a1ed2b1342fb6e222716bde2c0329ebba7df6d0f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /offer/sweep/netflix_ro/img/logo.png HTTP/1.1
Host: 1naturecrafted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/offer/sweep/netflix_ro/
Cookie: f2d90005c6cbeabf030b89390a7689a6174aa019=eNqLjgUAARUAuQ__
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 03:40:15 GMT
Content-Type: image/webp
Content-Length: 14656
Connection: keep-alive
Etag: "658063d1-4002"
Last-Modified: Mon, 18 Dec 2023 15:22:57 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1wIE0ZYTvSxM%2BmSOwYBDQA63JV5oyrwFu240luxMdaf%2Bjtack23B3LRdPm8rXFj0uGgFQ6Mgh7NCaf9xPdWoaO7TWGxyAjSvWkcInQbh%2FVOcZTP%2Fkl0GqL9T%2Bg%2FWt%2BPXLloaHzA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87931226680656b9-OSL
alt-svc: h2=":443"; ma=60

1naturecrafted.com/offer/sweep/netflix_ro/img/1.png

188.114.97.1

200 OK

114 kB

URL GET HTTP/1.1
1naturecrafted.com/offer/sweep/netflix_ro/img/1.png
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/

File type
RIFF (little-endian) data, Web/P image
Size
114 kB (113870 bytes)
Hash
eb1e8b44906bdf2bcc014202fefead54
83840338377a9043c9c86ecbd2fbf33a7d1579aa
286d3315f19d2ad1477f0309dc4df8946276430d478d9e61504e79c265bc53a5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /offer/sweep/netflix_ro/img/1.png HTTP/1.1
Host: 1naturecrafted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/offer/sweep/netflix_ro/
Cookie: f2d90005c6cbeabf030b89390a7689a6174aa019=eNqLjgUAARUAuQ__
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 03:40:15 GMT
Content-Type: image/webp
Content-Length: 113870
Connection: keep-alive
Etag: "658063d2-2c338b"
Last-Modified: Mon, 18 Dec 2023 15:22:58 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NZ8BlIX%2B%2F%2B1tngCEPa4k%2BhmXi4X2wZTrQ3XR7u%2B506Neb2WxSvhl%2Bt741dL%2FvnTLP1qVYD3xVffUorrmV30yfqGwoxctOd080e5v%2B0C5JMo9MFsfo6OK9PisWV%2BvEId6CUDguHo%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879312266ffbb4eb-OSL
alt-svc: h2=":443"; ma=60

assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Rg.woff2

45.57.90.1

200 OK

53 kB

URL GET HTTP/1.1
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Rg.woff2
IP
45.57.90.1:443
ASN
#40027 NETFLIX-ASN

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/
Certificate
IssuerDigiCert Inc
Subject*.1.nflxso.net
FingerprintC0:F2:80:93:10:52:80:12:15:30:B6:39:0A:98:0E:F2:0B:F7:DE:B7
ValidityTue, 09 Apr 2024 00:00:00 GMT - Tue, 14 May 2024 23:32:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 53304, version 2.6554
Size
53 kB (53304 bytes)
Hash
0bf3177f1fed6d953178221fba43c7e8
83d9f039f1ba7209321c7da72d3dc6a9aa5e2ab3
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167

HTTP Headers

GET /ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Rg.woff2 HTTP/1.1
Host: assets.nflxext.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://1naturecrafted.com
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 03:40:15 GMT
Content-Type: font/woff2
Content-Length: 53304
Connection: keep-alive
Content-MD5: C/MXfx/tbZUxeCIfukPH6A==
Last-Modified: Thu, 17 Jan 2019 20:16:30 GMT
Cache-Control: max-age=604801
Expires: Wed, 01 May 2024 03:40:16 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

1naturecrafted.com/cms/image/phone-flags.png

188.114.97.1

200 OK

26 kB

URL GET HTTP/1.1
1naturecrafted.com/cms/image/phone-flags.png
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/

File type
RIFF (little-endian) data, Web/P image
Size
26 kB (26498 bytes)
Hash
19e416da2ea2a1c12eb629945778a2bd
27992203abdfbf2922cfda45cf9be64fc8d633b5
4cb9aab3365d12cb9215177d5182449dcc21c6fa7782af6fbbe10fa3ea55954c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /cms/image/phone-flags.png HTTP/1.1
Host: 1naturecrafted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/cms/css/intlphone.css
Cookie: f2d90005c6cbeabf030b89390a7689a6174aa019=eNqLjgUAARUAuQ__
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 03:40:16 GMT
Content-Type: image/webp
Content-Length: 26498
Connection: keep-alive
Etag: "662768de-114c9"
Last-Modified: Tue, 23 Apr 2024 07:53:02 GMT
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5qiwzLnCMg63M7WpNCOjQCG2sQg5VUEFv4RDOVYoupfi3oyVQ0PST24KLIa0qbp3Zz%2BtqIG8jXeVIetlrsQAp0QYyIteCeMYMFdIgsIZ6ZsauYRUac8yPTUb4GbnTHXPfuYcgQs%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87931227c8655695-OSL
alt-svc: h2=":443"; ma=60

assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Md.woff2

45.57.90.1

200 OK

54 kB

URL GET HTTP/1.1
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Md.woff2
IP
45.57.90.1:443
ASN
#40027 NETFLIX-ASN

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/
Certificate
IssuerDigiCert Inc
Subject*.1.nflxso.net
Fingerprint47:AC:81:C2:99:A5:10:A0:D7:10:DF:E1:8C:7D:95:05:22:88:29:4F
ValidityWed, 03 Apr 2024 00:00:00 GMT - Sun, 05 May 2024 22:34:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 53940, version 2.6554
Size
54 kB (53940 bytes)
Hash
ea769921b0cfa4fc6d4d1a2e0b1fa5ff
34dcd2875c9752ebba6f894eb8d410e4958cc1b4
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e

HTTP Headers

GET /ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Md.woff2 HTTP/1.1
Host: assets.nflxext.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://1naturecrafted.com
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 03:40:16 GMT
Content-Type: font/woff2
Content-Length: 53940
Connection: keep-alive
Content-MD5: 6naZIbDPpPxtTRouCx+l/w==
Last-Modified: Thu, 17 Jan 2019 20:16:30 GMT
Cache-Control: max-age=604801
Expires: Wed, 01 May 2024 03:40:17 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Blk.woff2

45.57.90.1

200 OK

55 kB

URL GET HTTP/1.1
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Blk.woff2
IP
45.57.90.1:443
ASN
#40027 NETFLIX-ASN

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/
Certificate
IssuerDigiCert Inc
Subject*.1.nflxso.net
FingerprintFA:A1:75:1C:DD:76:ED:93:00:BD:47:6E:03:64:1C:5D:7F:08:41:04
ValidityFri, 19 Apr 2024 00:00:00 GMT - Thu, 23 May 2024 22:52:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 55436, version 2.6554
Size
55 kB (55436 bytes)
Hash
3a098baa43c06a9b1c6ca289ff023250
20269039a89ee7fda89b7bf2bb2f4c2451cba2c1
eaa7941cbc06d30c54d52c6d3272a7549d45a23baf7405c6712d97904692da9d

HTTP Headers

GET /ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Blk.woff2 HTTP/1.1
Host: assets.nflxext.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://1naturecrafted.com
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 03:40:16 GMT
Content-Type: font/woff2
Content-Length: 55436
Connection: keep-alive
Content-MD5: OgmLqkPAapscbKKJ/wIyUA==
Last-Modified: Thu, 17 Jan 2019 20:16:30 GMT
Cache-Control: max-age=604801
Expires: Wed, 01 May 2024 03:40:17 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Bd.woff2

45.57.90.1

200 OK

55 kB

URL GET HTTP/1.1
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Bd.woff2
IP
45.57.90.1:443
ASN
#40027 NETFLIX-ASN

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/
Certificate
IssuerDigiCert Inc
Subject*.1.nflxso.net
Fingerprint2D:19:41:70:4A:B4:A4:D5:0C:73:C8:A2:19:83:50:5A:90:5A:88:8C
ValidityTue, 16 Apr 2024 00:00:00 GMT - Mon, 20 May 2024 23:40:50 GMT

File type
Web Open Font Format (Version 2), TrueType, length 55228, version 2.6554
Size
55 kB (55228 bytes)
Hash
88c69f2f77619fc71f22d83643f98645
9074bca7ca0541efd221d12d30a33e3b74cf824b
6cc71e5053b6599423f3ba402e6e50c04907b9ba93c3211a56dd32e3a2e6cf4d

HTTP Headers

GET /ffe/siteui/fonts/netflix-sans/v3/NetflixSans_W_Bd.woff2 HTTP/1.1
Host: assets.nflxext.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://1naturecrafted.com
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 03:40:16 GMT
Content-Type: font/woff2
Content-Length: 55228
Connection: keep-alive
Content-MD5: iMafL3dhn8cfItg2Q/mGRQ==
Last-Modified: Thu, 17 Jan 2019 20:16:30 GMT
Cache-Control: max-age=604801
Expires: Wed, 01 May 2024 03:40:17 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

1naturecrafted.com/offer/sweep/netflix_ro/img/nficon2023.ico

188.114.97.1

200 OK

1.7 kB

URL GET HTTP/1.1
1naturecrafted.com/offer/sweep/netflix_ro/img/nficon2023.ico
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/

File type
MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel
Size
1.7 kB (1716 bytes)
Hash
58f54d9ea15176671802bebeee4da4cb
4ba1cb97814772435962f3ac25af0def81851735
9c5f7722c5df8eb24dda20ecc01c9f73e3103e10052fd980da4e7d9f753a97d3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /offer/sweep/netflix_ro/img/nficon2023.ico HTTP/1.1
Host: 1naturecrafted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/offer/sweep/netflix_ro/
Cookie: f2d90005c6cbeabf030b89390a7689a6174aa019=eNqLjgUAARUAuQ__
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 03:40:16 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Last-Modified: Wed, 24 Apr 2024 03:40:16 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l1NyJpmRYVVlcZeIUJpThaWexPmElA2rdrh8i6LZi0sgYDepLNfiWzutKcdUVIkWMscSbGC%2B2mKNFL72n%2Fm%2BIS1n0hmBhDcb7bLs5pe%2BxU%2BPc%2B%2BnqZHOgnt4NLnlujtqsAVLw10%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 879312290a7256cb-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

1naturecrafted.com/cms/js/intlphoneutils.js

188.114.97.1

200 OK

55 kB

URL GET HTTP/1.1
1naturecrafted.com/cms/js/intlphoneutils.js
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

Requested by
http://1naturecrafted.com/offer/sweep/netflix_ro/

File type
JavaScript source, ASCII text, with very long lines (1654)
Size
55 kB (54985 bytes)
Hash
bc170b654adadd1c81870c1ed67d347d
b704fad68445a92c3327c5ee6a63c5058ce83f15
94a0b218d743989ec49026c615c82874fd9e64d5e48779c9452ffc9d259a6370

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /cms/js/intlphoneutils.js HTTP/1.1
Host: 1naturecrafted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://1naturecrafted.com/offer/sweep/netflix_ro/
Cookie: f2d90005c6cbeabf030b89390a7689a6174aa019=eNqLjgUAARUAuQ__
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 03:40:16 GMT
Content-Type: application/javascript
Content-Length: 54985
Connection: keep-alive
Content-Encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Last-Modified: Tue, 23 Apr 2024 09:30:38 GMT
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C3CvT2EtJ5bYG99pb1PhYnuLCfCkM9NgHiWDnBF5OgpZTraMlhnLPttfKu01OLEJ8uE1ZxaGCv8tXe%2FNWYKuybCV2FTsDs5vUSNdxrtC4fSkyVIhknt3yXwQxi72aopaVW%2BDIXc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 87931229191cb4eb-OSL
alt-svc: h2=":443"; ma=60

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (17)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL