Report - benneyqt.162-240-234-251.cprapid.com/?login

Report Overview

Visitedpublic

2024-08-18 11:04:31

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Sent	Received	IP
r10.o.lencr.org	unknown	981 B	2.7 kB	23.36.77.32
benneyqt.162-240-234-251.cprapid.com	unknown	5.0 kB	559 kB	162.240.234.251
r11.o.lencr.org	unknown	1.6 kB	4.4 kB	23.36.76.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-08-17	medium	benneyqt.162-240-234-251.cprapid.com/?login	Netflix Inc.

PhishTank

Scan Date	Severity	Indicator	Alert
2024-08-17	medium	benneyqt.162-240-234-251.cprapid.com/?login	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (15)

URL IP Response Size

r11.o.lencr.org/

23.36.76.226

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-17

Last Seen2024-08-21

Times Seen36548

Size504 B (504 bytes)

MD5219f59137337a0ee601729cab5ec83f6

SHA185f2e3496820405559fd526b44b9a915e0009a4f

SHA256f9701bf0083b06f4a573774d1a4dd491236216bc08f1006a94ce79144df70a21

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F9701BF0083B06F4A573774D1A4DD491236216BC08F1006A94CE79144DF70A21"
Last-Modified: Sat, 17 Aug 2024 00:55:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19818
Expires: Sun, 18 Aug 2024 16:34:22 GMT
Date: Sun, 18 Aug 2024 11:04:04 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-16

Last Seen2024-08-19

Times Seen13158

Size504 B (504 bytes)

MD52df91286f49e58e16a376311a3bd4a11

SHA1f91a1585d976cf80ae4702b607130dc84e095e81

SHA256b6aa8b353b34cd929b75a9baf0f9953435f07d0118004f1e0bf72e5e15498fe4

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "B6AA8B353B34CD929B75A9BAF0F9953435F07D0118004F1E0BF72E5E15498FE4"
Last-Modified: Fri, 16 Aug 2024 06:58:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4226
Expires: Sun, 18 Aug 2024 12:14:31 GMT
Date: Sun, 18 Aug 2024 11:04:05 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-17

Last Seen2024-08-21

Times Seen37163

Size504 B (504 bytes)

MD569a9603269726ce602d708bf57058c4c

SHA18689e9ea81ea9636e7b08c3ed42650553a0c4e3b

SHA2561a2339d740b715f3df1900d80114c8376ead57205961a6f896edf37b3ee3a897

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "1A2339D740B715F3DF1900D80114C8376EAD57205961A6F896EDF37B3EE3A897"
Last-Modified: Sat, 17 Aug 2024 09:59:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6961
Expires: Sun, 18 Aug 2024 13:00:06 GMT
Date: Sun, 18 Aug 2024 11:04:05 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.77.32

504 B

URL

r10.o.lencr.org/

IP / ASN

23.36.77.32

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-16

Last Seen2024-08-19

Times Seen26129

Size504 B (504 bytes)

MD575f615f839dbf8cd2f4a3d58e44455f2

SHA1362b7a7d5cbe41d8a42cecec4ee755af0e07ddaf

SHA2562c4833330979b96ed12b3480367f00be397e9f9ccb35a088e7c79e92eb26cae4

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2C4833330979B96ED12B3480367F00BE397E9F9CCB35A088E7C79E92EB26CAE4"
Last-Modified: Fri, 16 Aug 2024 06:27:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3682
Expires: Sun, 18 Aug 2024 12:05:27 GMT
Date: Sun, 18 Aug 2024 11:04:05 GMT
Connection: keep-alive

GET benneyqt.162-240-234-251.cprapid.com/?login

162.240.234.251

302 Found

0 B

URL

benneyqt.162-240-234-251.cprapid.com/?login

IP / ASN

162.240.234.251

#46606 UNIFIEDLAYER-AS-1

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608746

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectmail.benneyqt.162-240-234-251.cprapid.com

FingerprintC1:EC:8F:CD:8A:6B:26:1A:94:06:81:AC:00:2A:86:D1:00:C8:C7:22

ValidityTue, 06 Aug 2024 14:54:05 GMT - Mon, 04 Nov 2024 14:54:04 GMT

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Netflix Inc.
PhishTank	phishing	Other
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /?login HTTP/1.1
Host: benneyqt.162-240-234-251.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=e838201ebe92f1d8594ef710a41ab8e1; path=/
location: login?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2C%2A%2F%2A%3Bq%3D0.8&c_ds_no=r9yyXPokqt4Xc94lQ4eUZH8A1OY12Cl1aeKyfcv77n
content-length: 0
content-type: text/html; charset=UTF-8
date: Sun, 18 Aug 2024 11:03:55 GMT
server: Apache
X-Firefox-Spdy: h2

GET benneyqt.162-240-234-251.cprapid.com/assets/css/base.29784261571369c943e5.css

162.240.234.251

200 OK

2.2 kB

URL

benneyqt.162-240-234-251.cprapid.com/assets/css/base.29784261571369c943e5.css

IP / ASN

162.240.234.251

#46606 UNIFIEDLAYER-AS-1

Requested byhttps://benneyqt.162-240-234-251.cprapid.com/login?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2C%2A%2F%2A%3Bq%3D0.8&c_ds_no=r9yyXPokqt4Xc94lQ4eUZH8A1OY12Cl1aeKyfcv77n

Resource Info

File typeASCII text, with very long lines (2207), with no line terminators

First Seen2024-06-05

Last Seen2025-06-18

Times Seen48

Size2.2 kB (2207 bytes)

MD5707ab3cffb821aea1deee751298a2029

SHA196136c23849b5282abfeaa478bb1458ea3f986ef

SHA256e38946e8eda9c1dd0e4be22ed460cc51b44cba42ffaf3899f8ef84e7333908b5

Certificate Info

IssuerLet's Encrypt

Subjectmail.benneyqt.162-240-234-251.cprapid.com

FingerprintC1:EC:8F:CD:8A:6B:26:1A:94:06:81:AC:00:2A:86:D1:00:C8:C7:22

ValidityTue, 06 Aug 2024 14:54:05 GMT - Mon, 04 Nov 2024 14:54:04 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /assets/css/base.29784261571369c943e5.css HTTP/1.1
Host: benneyqt.162-240-234-251.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://benneyqt.162-240-234-251.cprapid.com/login?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2C%2A%2F%2A%3Bq%3D0.8&c_ds_no=r9yyXPokqt4Xc94lQ4eUZH8A1OY12Cl1aeKyfcv77n
Cookie: PHPSESSID=e838201ebe92f1d8594ef710a41ab8e1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 08 Jun 2024 16:34:46 GMT
accept-ranges: bytes
content-length: 2207
content-type: text/css
date: Sun, 18 Aug 2024 11:03:56 GMT
server: Apache
X-Firefox-Spdy: h2

GET benneyqt.162-240-234-251.cprapid.com/assets/images/US-en-20240603-popsignuptwoweeks-perspective_alpha_website_medium.jpg

162.240.234.251

200 OK

197 kB

URL

benneyqt.162-240-234-251.cprapid.com/assets/images/US-en-20240603-popsignuptwoweeks-perspective_alpha_website_medium.jpg

IP / ASN

162.240.234.251

#46606 UNIFIEDLAYER-AS-1

Resource Info

File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1125, components 3

First Seen2024-06-22

Last Seen2024-09-19

Times Seen18

Size197 kB (197415 bytes)

MD523e2b27a0094c34a3e24b1d8991b83da

SHA1fa06dfe9b663ca0d0cbd078002e74f30cbe1d25d

SHA2567e274d6c0aada6e91cdf393a9dfcc7bafddb6478a2336f622ffb11f9d55ce5bc

Certificate Info

IssuerLet's Encrypt

Subjectmail.benneyqt.162-240-234-251.cprapid.com

FingerprintC1:EC:8F:CD:8A:6B:26:1A:94:06:81:AC:00:2A:86:D1:00:C8:C7:22

ValidityTue, 06 Aug 2024 14:54:05 GMT - Mon, 04 Nov 2024 14:54:04 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /assets/images/US-en-20240603-popsignuptwoweeks-perspective_alpha_website_medium.jpg HTTP/1.1
Host: benneyqt.162-240-234-251.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://benneyqt.162-240-234-251.cprapid.com/login?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2C%2A%2F%2A%3Bq%3D0.8&c_ds_no=r9yyXPokqt4Xc94lQ4eUZH8A1OY12Cl1aeKyfcv77n
Cookie: PHPSESSID=e838201ebe92f1d8594ef710a41ab8e1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sat, 08 Jun 2024 17:06:10 GMT
accept-ranges: bytes
content-length: 197415
content-type: image/jpeg
date: Sun, 18 Aug 2024 11:03:56 GMT
server: Apache
X-Firefox-Spdy: h2

GET benneyqt.162-240-234-251.cprapid.com/login_files/Netflix_Logo_PMS.png

162.240.234.251

404 Not Found

315 B

URL

benneyqt.162-240-234-251.cprapid.com/login_files/Netflix_Logo_PMS.png

IP / ASN

162.240.234.251

#46606 UNIFIEDLAYER-AS-1

Resource Info

File typeHTML document, ASCII text

First Seen2023-03-07

Last Seen2025-08-02

Times Seen95602

Size315 B (315 bytes)

MD5a34ac19f4afae63adc5d2f7bc970c07f

SHA1a82190fc530c265aa40a045c21770d967f4767b8

SHA256d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Certificate Info

IssuerLet's Encrypt

Subjectmail.benneyqt.162-240-234-251.cprapid.com

FingerprintC1:EC:8F:CD:8A:6B:26:1A:94:06:81:AC:00:2A:86:D1:00:C8:C7:22

ValidityTue, 06 Aug 2024 14:54:05 GMT - Mon, 04 Nov 2024 14:54:04 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /login_files/Netflix_Logo_PMS.png HTTP/1.1
Host: benneyqt.162-240-234-251.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://benneyqt.162-240-234-251.cprapid.com/login?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2C%2A%2F%2A%3Bq%3D0.8&c_ds_no=r9yyXPokqt4Xc94lQ4eUZH8A1OY12Cl1aeKyfcv77n
Cookie: PHPSESSID=e838201ebe92f1d8594ef710a41ab8e1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Sun, 18 Aug 2024 11:03:56 GMT
server: Apache
X-Firefox-Spdy: h2

GET benneyqt.162-240-234-251.cprapid.com/login_files/powered_by_logo.svg

162.240.234.251

404 Not Found

315 B

URL

benneyqt.162-240-234-251.cprapid.com/login_files/powered_by_logo.svg

IP / ASN

162.240.234.251

#46606 UNIFIEDLAYER-AS-1

Resource Info

File typeHTML document, ASCII text

First Seen2023-03-07

Last Seen2025-08-02

Times Seen95602

Size315 B (315 bytes)

MD5a34ac19f4afae63adc5d2f7bc970c07f

SHA1a82190fc530c265aa40a045c21770d967f4767b8

SHA256d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Certificate Info

IssuerLet's Encrypt

Subjectmail.benneyqt.162-240-234-251.cprapid.com

FingerprintC1:EC:8F:CD:8A:6B:26:1A:94:06:81:AC:00:2A:86:D1:00:C8:C7:22

ValidityTue, 06 Aug 2024 14:54:05 GMT - Mon, 04 Nov 2024 14:54:04 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /login_files/powered_by_logo.svg HTTP/1.1
Host: benneyqt.162-240-234-251.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://benneyqt.162-240-234-251.cprapid.com/login?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2C%2A%2F%2A%3Bq%3D0.8&c_ds_no=r9yyXPokqt4Xc94lQ4eUZH8A1OY12Cl1aeKyfcv77n
Cookie: PHPSESSID=e838201ebe92f1d8594ef710a41ab8e1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
content-length: 315
content-type: text/html; charset=iso-8859-1
date: Sun, 18 Aug 2024 11:03:56 GMT
server: Apache
X-Firefox-Spdy: h2

GET benneyqt.162-240-234-251.cprapid.com/assets/images/nficon2023.ico

162.240.234.251

200 OK

9.9 kB

URL

benneyqt.162-240-234-251.cprapid.com/assets/images/nficon2023.ico

IP / ASN

162.240.234.251

#46606 UNIFIEDLAYER-AS-1

Resource Info

File typeMS Windows icon resource - 1 icon, 48x48, 32 bits/pixel

First Seen2023-09-08

Last Seen2025-08-01

Times Seen1224

Size9.9 kB (9854 bytes)

MD558f54d9ea15176671802bebeee4da4cb

SHA14ba1cb97814772435962f3ac25af0def81851735

SHA2569c5f7722c5df8eb24dda20ecc01c9f73e3103e10052fd980da4e7d9f753a97d3

Certificate Info

IssuerLet's Encrypt

Subjectmail.benneyqt.162-240-234-251.cprapid.com

FingerprintC1:EC:8F:CD:8A:6B:26:1A:94:06:81:AC:00:2A:86:D1:00:C8:C7:22

ValidityTue, 06 Aug 2024 14:54:05 GMT - Mon, 04 Nov 2024 14:54:04 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /assets/images/nficon2023.ico HTTP/1.1
Host: benneyqt.162-240-234-251.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://benneyqt.162-240-234-251.cprapid.com/login?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2C%2A%2F%2A%3Bq%3D0.8&c_ds_no=r9yyXPokqt4Xc94lQ4eUZH8A1OY12Cl1aeKyfcv77n
Cookie: PHPSESSID=e838201ebe92f1d8594ef710a41ab8e1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 09 Jun 2024 06:21:32 GMT
accept-ranges: bytes
content-length: 9854
content-type: image/x-icon
date: Sun, 18 Aug 2024 11:03:56 GMT
server: Apache
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.76.226

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-18

Last Seen2024-08-21

Times Seen37247

Size504 B (504 bytes)

MD57944981bcac427aa8d0aa016ec63764d

SHA148bf925b10dc02afa8f597af8d26f5bf5efc0b7e

SHA25626bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A"
Last-Modified: Sat, 17 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2675
Expires: Sun, 18 Aug 2024 11:48:42 GMT
Date: Sun, 18 Aug 2024 11:04:07 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-18

Last Seen2024-08-21

Times Seen37247

Size504 B (504 bytes)

MD57944981bcac427aa8d0aa016ec63764d

SHA148bf925b10dc02afa8f597af8d26f5bf5efc0b7e

SHA25626bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A"
Last-Modified: Sat, 17 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2675
Expires: Sun, 18 Aug 2024 11:48:42 GMT
Date: Sun, 18 Aug 2024 11:04:07 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-18

Last Seen2024-08-21

Times Seen37247

Size504 B (504 bytes)

MD57944981bcac427aa8d0aa016ec63764d

SHA148bf925b10dc02afa8f597af8d26f5bf5efc0b7e

SHA25626bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A"
Last-Modified: Sat, 17 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2675
Expires: Sun, 18 Aug 2024 11:48:42 GMT
Date: Sun, 18 Aug 2024 11:04:07 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.76.226

504 B

URL

r11.o.lencr.org/

IP / ASN

23.36.76.226

#20940 Akamai International B.V.

Requested byN/A

Resource Info

File typedata

First Seen2024-08-18

Last Seen2024-08-21

Times Seen37247

Size504 B (504 bytes)

MD57944981bcac427aa8d0aa016ec63764d

SHA148bf925b10dc02afa8f597af8d26f5bf5efc0b7e

SHA25626bde594c33cd3386f4e65e3eaf0fc048fca46ed4a185f5c2aa70e8deeaffb0a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "26BDE594C33CD3386F4E65E3EAF0FC048FCA46ED4A185F5C2AA70E8DEEAFFB0A"
Last-Modified: Sat, 17 Aug 2024 21:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2675
Expires: Sun, 18 Aug 2024 11:48:42 GMT
Date: Sun, 18 Aug 2024 11:04:07 GMT
Connection: keep-alive

GET benneyqt.162-240-234-251.cprapid.com/login?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2C%2A%2F%2A%3Bq%3D0.8&c_ds_no=r9yyXPokqt4Xc94lQ4eUZH8A1OY12Cl1aeKyfcv77n

162.240.234.251

200 OK

347 kB

URL

IP / ASN

162.240.234.251

#46606 UNIFIEDLAYER-AS-1

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5608746

Size347 kB (346855 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectmail.benneyqt.162-240-234-251.cprapid.com

FingerprintC1:EC:8F:CD:8A:6B:26:1A:94:06:81:AC:00:2A:86:D1:00:C8:C7:22

ValidityTue, 06 Aug 2024 14:54:05 GMT - Mon, 04 Nov 2024 14:54:04 GMT

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Netflix

HTTP Headers

GET /login?c_ds_na=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2C%2A%2F%2A%3Bq%3D0.8&c_ds_no=r9yyXPokqt4Xc94lQ4eUZH8A1OY12Cl1aeKyfcv77n HTTP/1.1
Host: benneyqt.162-240-234-251.cprapid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=e838201ebe92f1d8594ef710a41ab8e1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
date: Sun, 18 Aug 2024 11:03:55 GMT
server: Apache
X-Firefox-Spdy: h2