Report - saudezz.com/Config/net/login.php

Report Overview

Visited public
2024-02-09 21:48:32
Tags
netflix phishing
Submit Tags
URL
saudezz.com/Config/net/login.php
Finishing URL
saudezz.com/Config/net/login.php
IP / ASN
172.67.189.212
#13335 CLOUDFLARENET
Title
Netflix
Phishing - Netflix

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
saudezz.com	unknown	2021-07-07	2021-07-07 20:35:14	2024-02-09 15:07:29	5.5 kB	507 kB	104.21.9.246
assets.nflxext.com	3871	2011-02-11	2015-07-22 06:02:07	2024-02-09 05:15:46	504 B	74 kB	45.57.90.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	saudezz.com/Config/net/files/js/modernizr.min.js	ScriptElement	3.8 kB	2023-03-07	2025-07-15
Pretty URL saudezz.com/Config/net/files/js/modernizr.min.js IP 104.21.9.246 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-15 17:39 Times Seen744 Hash a635a55ddb6339a3d0d01c641f670753 a6dee4a1df6c51b82ce2e67323514e7de4e165d4 a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44 Loading...

	saudezz.com/Config/net/files/js/jquery.js	ScriptElement	87 kB	2023-03-07	2025-07-13
Pretty URL saudezz.com/Config/net/files/js/jquery.js IP 104.21.9.246 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-13 19:11 Times Seen6330 Hash af4078402c5e090d3f81d1abd71e2250 9592732de681f4365e9b7016dc5cf76e2a55ee9b 8603b20b548270423fb03c2138c16f5f863ead4c48eb0999167df869e2eef8a6 Loading...

	saudezz.com/Config/net/files/js/jquery.ccvalid.js	ScriptElement	7.4 kB	2023-03-07	2025-06-26
Pretty URL saudezz.com/Config/net/files/js/jquery.ccvalid.js IP 104.21.9.246 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-26 08:03 Times Seen358 Hash 2f24b339e94eb18fdfd5cd5a60e82546 2abf52df7041eac55e0f59bf867053d4cb29891a ca83477931d09aca84c55e779bb2e6ef502b1af1bef668de771b8209a43eb11b Loading...

	saudezz.com/Config/net/files/js/jquery.mask.js	ScriptElement	8.1 kB	2023-03-07	2025-06-26
Pretty URL saudezz.com/Config/net/files/js/jquery.mask.js IP 104.21.9.246 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-26 08:03 Times Seen303 Hash 9d8349c5ae98f1d6591ecce50e54403a 62f6a07fa6a0531ac0f6aae7988356ff28b09d73 38c89b667f0b98ab618ce6eef2947a58b9cac93e4dce667fec781562c34cd66e Loading...

	saudezz.com/Config/net/login.php	ScriptElement	101 B	2023-03-07	2025-06-26
Pretty URL saudezz.com/Config/net/login.php IP 104.21.9.246 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:41 Last Seen2025-06-26 08:03 Times Seen267 Hash 374354644aaca754a721e58f06aeb655 e16bbcac015631fffe3fee7e41041ddbc8e3c527 4faa9064171cf2226162d76da9d7ef8437bce1ab506c405fd7bdd8d1c7ed5946 Loading...

	saudezz.com/Config/net/login.php	ScriptElement	2.2 kB	2023-03-07	2025-06-26
Pretty URL saudezz.com/Config/net/login.php IP 104.21.9.246 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:41 Last Seen2025-06-26 08:03 Times Seen18 Hash 87c49a7d52914fda496f37d0c98dfa33 0a82d2cb5bbddd7782383e0b81dd20976064aab8 283addbd78bd697a061c1457ad9d219087f295813e881b701267f1a0ef0bfffe Loading...

HTTP Transactions (13)

URL IP Response Size

GET saudezz.com/Config/net/files/img/fb.png

104.21.9.246

200 OK

1.5 kB

URL GET HTTP/3
saudezz.com/Config/net/files/img/fb.png
IP
104.21.9.246:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saudezz.com/Config/net/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsaudezz.com
Fingerprint12:A9:3B:D0:26:8A:CF:8D:75:F9:74:A8:49:4B:B3:91:30:2E:AC:C7
ValiditySun, 14 Jan 2024 17:54:53 GMT - Sat, 13 Apr 2024 17:54:52 GMT

File type
PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced
Size
1.5 kB (1455 bytes)
Hash
a33ca47ef110b6e3ec5086b8776407d3
dff5bbbe61b4920a23fb21a7fca69ca9e94dcb6c
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Config/net/files/img/fb.png HTTP/1.1
Host: saudezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saudezz.com/Config/net/login.php
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 09 Feb 2024 21:48:06 GMT
content-type: image/png
content-length: 1455
last-modified: Thu, 08 Feb 2024 16:17:09 GMT
etag: "65c4fe85-5af"
version: MS24010401
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
expires: Sat, 08 Feb 2025 21:48:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LXZg5Em69aeM6cyWRD74tu44W9SK9oJWgfhAq4%2B4Ww3Tutiqpdlr2pBx4q0eXHRMzBwJSODK0IHB81cvyytOj1rjWo%2B93kO2PWrgIqPRI0MZaFmPh5%2BoVkXcQubw4A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 852f508ccab61c0e-OSL
alt-svc: h3=":443"; ma=86400

GET saudezz.com/Config/net/files/img/bg.jpg

104.21.9.246

200 OK

120 kB

URL GET HTTP/3
saudezz.com/Config/net/files/img/bg.jpg
IP
104.21.9.246:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saudezz.com/Config/net/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsaudezz.com
Fingerprint12:A9:3B:D0:26:8A:CF:8D:75:F9:74:A8:49:4B:B3:91:30:2E:AC:C7
ValiditySun, 14 Jan 2024 17:54:53 GMT - Sat, 13 Apr 2024 17:54:52 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1125, components 3
Size
120 kB (120105 bytes)
Hash
5f6f14c7e213792c78d8fc08ced0840c
9700da5cdd4b261c657540b4d4d49c90cd57cdac
cde4074549e72df2b148594b13728b01118887d02d99e5e7d67c5d1e54cc6669

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Config/net/files/img/bg.jpg HTTP/1.1
Host: saudezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saudezz.com/Config/net/login.php
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 09 Feb 2024 21:48:06 GMT
content-type: image/jpeg
content-length: 120105
last-modified: Thu, 08 Feb 2024 16:17:09 GMT
etag: "65c4fe85-1d529"
version: MS24010401
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
expires: Sat, 08 Feb 2025 21:48:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SmJpk262vgqgyIwt%2FQ7%2FQXliGxA7Oc8e7A0%2ByFQ72AhCoxP%2B4yAWdOt2hIhv2Qer79B2%2BnQFoojCm9rkCGu9sHT7arIFGYFLI4Tj%2BUMC7w8cZsfdBBKx8hAW04eV2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 852f508cbaae1c0e-OSL
alt-svc: h3=":443"; ma=86400

GET saudezz.com/Config/net/login.php

104.21.9.246

200 OK

2.8 kB

URL User Request GET HTTP/2
saudezz.com/Config/net/login.php
IP
104.21.9.246:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectsaudezz.com
Fingerprint12:A9:3B:D0:26:8A:CF:8D:75:F9:74:A8:49:4B:B3:91:30:2E:AC:C7
ValiditySun, 14 Jan 2024 17:54:53 GMT - Sat, 13 Apr 2024 17:54:52 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (784), with CRLF, LF line terminators
Size
2.8 kB (2829 bytes)
Hash
da5f3ffc9d08341361b97f5e4c2e6e4b
4d10f04c9f39fa02816fea259584213a8d66a1aa
23c7be9e237940b83960d1132e36d1f41b078f75b45c46af72d691d11bad5f80

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Config/net/login.php HTTP/1.1
Host: saudezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 09 Feb 2024 21:48:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
version: MS24010401
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
x-micro-cache: HIT
strict-transport-security: max-age=31536000;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uET6DkJGabGra%2BTP4Xx0qDPrzVJas69fQvOQjIBuwm9DmNjkFv%2BstUX%2BZMiA3dRPZ1L7zQWNZXOAgODI9BdLslqwgmxnBQoEaXzJsd1ZbBb8GEijxFZu2%2FJ3Bs0L2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 852f508aa84eb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET saudezz.com/Config/net/files/css/none2.css

104.21.9.246

200 OK

97 kB

URL GET HTTP/3
saudezz.com/Config/net/files/css/none2.css
IP
104.21.9.246:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saudezz.com/Config/net/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsaudezz.com
Fingerprint12:A9:3B:D0:26:8A:CF:8D:75:F9:74:A8:49:4B:B3:91:30:2E:AC:C7
ValiditySun, 14 Jan 2024 17:54:53 GMT - Sat, 13 Apr 2024 17:54:52 GMT

File type
ASCII text, with very long lines (375), with CRLF line terminators
Size
97 kB (97388 bytes)
Hash
547107fe336e4bb0e9a6419bfcd53db4
6b96c54edc6c105a808e2655b9eb2118ebfa35e9
72b3228cb98385052ac5e8e287ad5e563cd7e4f7943bfc23090dc9c4776e72dd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Config/net/files/css/none2.css HTTP/1.1
Host: saudezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saudezz.com/Config/net/login.php
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 09 Feb 2024 21:48:06 GMT
content-type: text/css
last-modified: Thu, 08 Feb 2024 16:17:09 GMT
vary: Accept-Encoding
etag: W/"65c4fe85-28bf6"
version: MS24010401
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
expires: Sat, 08 Feb 2025 21:48:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tclnwZKDXvt7KWzD6XEhCOMNZQP0LmKfFzeAsEHmC8QdjbeZzAhQB7ViqZSsSlzQ4ZHCs5Pja6wTVIFIryZVjBk%2F%2FDpH1dTENXf%2B4wfejQ6ciEdZHPSaMrAgSG2MTg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 852f508cbaa61c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET saudezz.com/Config/net/files/img/favicon.png

104.21.9.246

200 OK

1.8 kB

URL GET HTTP/3
saudezz.com/Config/net/files/img/favicon.png
IP
104.21.9.246:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saudezz.com/Config/net/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsaudezz.com
Fingerprint12:A9:3B:D0:26:8A:CF:8D:75:F9:74:A8:49:4B:B3:91:30:2E:AC:C7
ValiditySun, 14 Jan 2024 17:54:53 GMT - Sat, 13 Apr 2024 17:54:52 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1755 bytes)
Hash
3d194514babc5d7d010308a0f808ca51
867e51e9b4a474c19da52d6454076c007a9d01f2
7341f7b8b0ae3c0da4aea559efc31f0b53d9db9dd291664fdcf7d618fd95ed8a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Config/net/files/img/favicon.png HTTP/1.1
Host: saudezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saudezz.com/Config/net/login.php
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 09 Feb 2024 21:48:07 GMT
content-type: image/png
content-length: 1755
last-modified: Thu, 08 Feb 2024 16:17:09 GMT
etag: "65c4fe85-6db"
version: MS24010401
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
expires: Sat, 08 Feb 2025 21:48:07 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d48t6yMyAYbeNZzyHVJr0qFgDgAd8qItLA7dSb6pfamc2owPAY%2BBD%2BSR7eBAds4sXVPUHTp6kNWIn7DnX%2BZyzH5Ocd2IdKlIFSir5Qx1REAuEgc0tcwSRqHMpmoB1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 852f508f7c6a1c0e-OSL
alt-svc: h3=":443"; ma=86400

GET saudezz.com/Config/net/files/js/modernizr.min.js

104.21.9.246

200 OK

3.8 kB

URL GET HTTP/3
saudezz.com/Config/net/files/js/modernizr.min.js
IP
104.21.9.246:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saudezz.com/Config/net/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsaudezz.com
Fingerprint12:A9:3B:D0:26:8A:CF:8D:75:F9:74:A8:49:4B:B3:91:30:2E:AC:C7
ValiditySun, 14 Jan 2024 17:54:53 GMT - Sat, 13 Apr 2024 17:54:52 GMT

File type
JavaScript source, ASCII text, with very long lines (3896), with no line terminators
Size
3.8 kB (3807 bytes)
Hash
c0547ad6bff386dc451f91f0db90428e
7ab84a8ad13f7d6a0b574d524a21f6a2855e4371
c03c8bd284178fc700f0d79d2a4b6c6e2ce13f350875d2c3da19334544b7bf29

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Config/net/files/js/modernizr.min.js HTTP/1.1
Host: saudezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saudezz.com/Config/net/login.php
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 09 Feb 2024 21:48:06 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 08 Feb 2024 16:17:09 GMT
vary: Accept-Encoding
etag: W/"65c4fe85-edf"
version: MS24010401
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
expires: Sat, 08 Feb 2025 13:17:28 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cf-cache-status: HIT
age: 30638
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tv0p6Beyt9rospOjlOpBiZtNBEFnGPvoImJ%2FySjn9KQvHaWU28bbjjR9xjNgpmnN7PgdnUbYklYUSetQGKsboIi16E5fFePMhwmh78waJl3bt%2BOcHrjZXgT2hV5dzw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 852f508cbaa71c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET saudezz.com/Config/net/files/js/jquery.ccvalid.js

104.21.9.246

200 OK

7.4 kB

URL GET HTTP/3
saudezz.com/Config/net/files/js/jquery.ccvalid.js
IP
104.21.9.246:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saudezz.com/Config/net/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsaudezz.com
Fingerprint12:A9:3B:D0:26:8A:CF:8D:75:F9:74:A8:49:4B:B3:91:30:2E:AC:C7
ValiditySun, 14 Jan 2024 17:54:53 GMT - Sat, 13 Apr 2024 17:54:52 GMT

File type
JavaScript source, ASCII text, with very long lines (7729), with no line terminators
Size
7.4 kB (7442 bytes)
Hash
59b9011404fa8dcc9319f2c642e415aa
45824550b9fc31749bfc562dc39bc5f2e3389329
07ede44bcc2560b2928e93a6f11d4098e48c75786fd7b963e0acb28b8725a92a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Config/net/files/js/jquery.ccvalid.js HTTP/1.1
Host: saudezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saudezz.com/Config/net/login.php
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 09 Feb 2024 21:48:06 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 08 Feb 2024 16:17:09 GMT
vary: Accept-Encoding
etag: W/"65c4fe85-1d12"
version: MS24010401
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
expires: Sat, 08 Feb 2025 21:48:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UhuRbUS%2FKPuXkUGWoGOKDJe4py8Ppc%2FlCaorHKp9EfwppnkiFXimjCi40rcwZi3cXbael5ks79WdqygtBwy%2BH%2Bh2Cqzwn9SCWr4iGkhBqqhtDaUhBfcV4G1BBETZKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 852f508cbaaa1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET saudezz.com/Config/net/files/css/none.css

104.21.9.246

200 OK

149 kB

URL GET HTTP/3
saudezz.com/Config/net/files/css/none.css
IP
104.21.9.246:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saudezz.com/Config/net/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsaudezz.com
Fingerprint12:A9:3B:D0:26:8A:CF:8D:75:F9:74:A8:49:4B:B3:91:30:2E:AC:C7
ValiditySun, 14 Jan 2024 17:54:53 GMT - Sat, 13 Apr 2024 17:54:52 GMT

File type
ASCII text, with very long lines (375), with CRLF line terminators
Size
149 kB (148910 bytes)
Hash
f1c287eb145ecb03b21e2c0d1a6165ed
5f0ae41689046c822b45877c9ccd03bff63c2fc5
996606e12517e3bb57e0a5f01fed3d7144e2d07a4d8076717a90285c351fa835

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Config/net/files/css/none.css HTTP/1.1
Host: saudezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saudezz.com/Config/net/login.php
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 09 Feb 2024 21:48:06 GMT
content-type: text/css
last-modified: Thu, 08 Feb 2024 16:17:09 GMT
vary: Accept-Encoding
etag: W/"65c4fe85-245ae"
version: MS24010401
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
expires: Sat, 08 Feb 2025 21:48:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dlh3zrxbXf8LZaYrhk7d%2FAOJTW1JBOmqBMfU9EVhGZDBoWBIyl1SCa9cmUqR8fprVapE6I8wtts9scQrWM6f0nMaLNWd1xku7htPUI885MDmjdm2wMslwFLYYL81TQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 852f508cbaa51c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff

45.57.90.1

200 OK

74 kB

URL GET HTTP/1.1
assets.nflxext.com/ffe/siteui/fonts/nf-icon-v1-93.woff
IP
45.57.90.1:443
ASN
#40027 NETFLIX-ASN

Requested by
https://saudezz.com/Config/net/login.php
Certificate
IssuerDigiCert Inc
Subject*.1.nflxso.net
Fingerprint70:10:A1:08:08:8C:B8:F8:66:A0:F5:68:79:69:9C:34:70:CE:B9:C6
ValidityFri, 02 Feb 2024 00:00:00 GMT - Thu, 07 Mar 2024 23:06:31 GMT

File type
Web Open Font Format, CFF, length 73572, version 0.0
Size
74 kB (73572 bytes)
Hash
7cf6156cc481244b5a254362d7b73f00
4391003d1cb06d2bd1921a5813a57604fa7d9935
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d

HTTP Headers

GET /ffe/siteui/fonts/nf-icon-v1-93.woff HTTP/1.1
Host: assets.nflxext.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://saudezz.com/
Origin: https://saudezz.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Feb 2024 21:48:06 GMT
Content-Type: font/woff
Content-Length: 73572
Connection: keep-alive
Content-MD5: fPYVbMSBJEtaJUNi17c/AA==
Last-Modified: Mon, 29 Jan 2018 01:50:51 GMT
Cache-Control: max-age=604801
Expires: Fri, 16 Feb 2024 21:48:07 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

GET saudezz.com/Config/net/files/js/jquery.js

104.21.9.246

200 OK

87 kB

URL GET HTTP/3
saudezz.com/Config/net/files/js/jquery.js
IP
104.21.9.246:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saudezz.com/Config/net/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsaudezz.com
Fingerprint12:A9:3B:D0:26:8A:CF:8D:75:F9:74:A8:49:4B:B3:91:30:2E:AC:C7
ValiditySun, 14 Jan 2024 17:54:53 GMT - Sat, 13 Apr 2024 17:54:52 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
87 kB (86841 bytes)
Hash
af4078402c5e090d3f81d1abd71e2250
9592732de681f4365e9b7016dc5cf76e2a55ee9b
8603b20b548270423fb03c2138c16f5f863ead4c48eb0999167df869e2eef8a6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Config/net/files/js/jquery.js HTTP/1.1
Host: saudezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saudezz.com/Config/net/login.php
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 09 Feb 2024 21:48:06 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 08 Feb 2024 16:17:09 GMT
vary: Accept-Encoding
etag: W/"65c4fe85-15339"
version: MS24010401
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
expires: Sat, 08 Feb 2025 21:48:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hASi1Uct%2BXzGWJDQ7kqpxXW6j4k8cCqsCPZYASwbbZtz6DMP6PUrhfIOjUZjt5QqVieCSvYl9GZEOsu%2FPJHLVvhoxntF3WM8PhwmOg305BKbj08pHlFGSBCIA0ch7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 852f508cbaa81c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET saudezz.com/Config/net/files/js/jquery.mask.js

104.21.9.246

200 OK

8.1 kB

URL GET HTTP/3
saudezz.com/Config/net/files/js/jquery.mask.js
IP
104.21.9.246:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saudezz.com/Config/net/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsaudezz.com
Fingerprint12:A9:3B:D0:26:8A:CF:8D:75:F9:74:A8:49:4B:B3:91:30:2E:AC:C7
ValiditySun, 14 Jan 2024 17:54:53 GMT - Sat, 13 Apr 2024 17:54:52 GMT

File type
JavaScript source, ASCII text, with very long lines (8330), with no line terminators
Size
8.1 kB (8109 bytes)
Hash
c07b6250df1945bf189a324a1a73e34e
1df1138ce1ad2b84d5c4424b86346a3dd9a38e7c
f638b474085c018c3946055b81e4399069032cabb639bef52e88f1342697dd3e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Config/net/files/js/jquery.mask.js HTTP/1.1
Host: saudezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saudezz.com/Config/net/login.php
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 09 Feb 2024 21:48:06 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 08 Feb 2024 16:17:09 GMT
vary: Accept-Encoding
etag: W/"65c4fe85-1fad"
version: MS24010401
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
expires: Sat, 08 Feb 2025 21:48:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ajbHjAW6%2Fh1nMSCpVjuue5vYxc3EnzqqCEcz8ab%2F%2F92%2FghD%2FjMrBlyq2oFT1C83AiywYZiJJ14cxeN6%2F0TN4dW1yazO9Ly4h3VtFj62iekofnJ%2BvqO2N0%2FzevFcL9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 852f508cbaac1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET saudezz.com/Config/net/files/img/logo.svg

104.21.9.246

200 OK

864 B

URL GET HTTP/3
saudezz.com/Config/net/files/img/logo.svg
IP
104.21.9.246:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saudezz.com/Config/net/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsaudezz.com
Fingerprint12:A9:3B:D0:26:8A:CF:8D:75:F9:74:A8:49:4B:B3:91:30:2E:AC:C7
ValiditySun, 14 Jan 2024 17:54:53 GMT - Sat, 13 Apr 2024 17:54:52 GMT

File type
SVG Scalable Vector Graphics image
Size
864 B (864 bytes)
Hash
697ee6888eee697a3ed6f38ff12fb720
5d51d3d7468f380b86b5d84ede748f1d0b0176f8
a44cc05695ef211b990e8a864eaa205745b2b41d22cca45f0e7373b2e1d251d1

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Config/net/files/img/logo.svg HTTP/1.1
Host: saudezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saudezz.com/Config/net/login.php
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 09 Feb 2024 21:48:06 GMT
content-type: image/svg+xml
last-modified: Thu, 08 Feb 2024 16:17:09 GMT
etag: W/"65c4fe85-360"
version: MS24010401
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
expires: Sat, 08 Feb 2025 21:48:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B4SMrFqo%2FWrJ4g6LCSahjHl2qCm%2FcHZ6W%2B3KzYxj9CoCJEkc74AULoQYyxYw2KicjLLJqH4za4%2BZTQ2On7ZtHzE1kF%2B3wjvvtR2sNIEygmZN0yjT%2F3aNTGwRgXZSuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 852f508cbab01c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET saudezz.com/Config/net/files/img/favicon.ico

104.21.9.246

200 OK

17 kB

URL GET HTTP/3
saudezz.com/Config/net/files/img/favicon.ico
IP
104.21.9.246:443
ASN
#13335 CLOUDFLARENET

Requested by
https://saudezz.com/Config/net/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectsaudezz.com
Fingerprint12:A9:3B:D0:26:8A:CF:8D:75:F9:74:A8:49:4B:B3:91:30:2E:AC:C7
ValiditySun, 14 Jan 2024 17:54:53 GMT - Sat, 13 Apr 2024 17:54:52 GMT

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
Size
17 kB (16958 bytes)
Hash
41b45fdce09bd6acd07c7a8949da675e
931e18dfc6e7d950dc2f2bbdfe31e1ea720acf7c
abe8012eb65c0dc0ac3e87dcc1e60e1908ebd8f12b7c47a5df1856f7a7bb1edd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /Config/net/files/img/favicon.ico HTTP/1.1
Host: saudezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://saudezz.com/Config/net/login.php
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 09 Feb 2024 21:48:07 GMT
content-type: image/x-icon
last-modified: Thu, 08 Feb 2024 16:17:09 GMT
vary: Accept-Encoding
etag: W/"65c4fe85-423e"
version: MS24010401
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
expires: Sat, 08 Feb 2025 21:48:07 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bzJ775Wac0mpL0DiZ2P02me2Jfsl07NeWPgHwhwUpuqVXLyuiEDsfVv4NJwTCxsmdz0U1M87BmMBNmRqZ%2BqSrhG%2BGRt%2FLOj1Nf%2F54K6Aba6A9vvA8lbVpWwhvhCmVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 852f508f7c6c1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (13)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate