Click to jump to signature section
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/ | Avira URL Cloud: detection malicious, Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/js/angular.min.js | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/js/jquery.validate.min.js | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/css/site-spinner-240.png | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/css/stylef.css | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/css/alpha_website_small.jpg | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/css/nficon2016.ico | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/js/jquery.min.js | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/css/FB-f-Logo__blue_57.png | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/js/style.js | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/css/site-spinner-240-light.png | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/css/nonechaditk.css | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/js/Baby.js | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/js/jquery.mask.js | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/style/css/nf-icon-v1-93.woff | Avira URL Cloud: Label: phishing |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | Joe Sandbox AI: Score: 9 Reasons: The brand 'Netflix' is a well-known streaming service with a legitimate domain of 'netflix.com'., The URL 'kfz.ear.mybluehost.me' does not match the legitimate domain of Netflix., The domain 'mybluehost.me' suggests a hosting service, which is not typically associated with Netflix's official domains., The presence of subdomains and unrelated domain names is a common tactic in phishing attempts., The input fields 'Email or phone number' and 'Password' are typical targets for phishing, especially when associated with a well-known brand like Netflix. DOM: 1.0.pages.csv |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | Joe Sandbox AI: Score: 9 Reasons: The brand 'Netflix' is a well-known streaming service with a legitimate domain of 'netflix.com'., The URL 'kfz.ear.mybluehost.me' does not match the legitimate domain of Netflix., The domain 'mybluehost.me' suggests a hosting service, which is often used for phishing attempts., The presence of input fields for 'Email or phone number' and 'Password' is typical for phishing sites attempting to capture login credentials., The URL contains multiple subdomains and does not resemble any known Netflix-related domains. DOM: 1.1.pages.csv |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | Joe Sandbox AI: Score: 9 Reasons: The brand 'Netflix' is a well-known streaming service with a legitimate domain of 'netflix.com'., The URL 'kfz.ear.mybluehost.me' does not match the legitimate domain of Netflix., The domain 'mybluehost.me' suggests a hosting service, which is not typically associated with Netflix's official domains., The presence of subdomains and unrelated domain names is a common tactic in phishing attempts., The input fields 'Email or phone number' and 'Password' are typical for phishing sites attempting to capture login credentials. DOM: 1.2.pages.csv |
| Source: Yara match | File source: 1.2.pages.csv, type: HTML |
| Source: Yara match | File source: 1.1.pages.csv, type: HTML |
| Source: Yara match | File source: 1.0.pages.csv, type: HTML |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Number of links: 0 |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: <input type="password" .../> found but no <form action="... |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Title: Netflix does not match URL |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Invalid link: Need help? |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Invalid link: Gift Card Terms |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Invalid link: Terms of Use |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Invalid link: Privacy Statement |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Invalid link: Need help? |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Invalid link: Gift Card Terms |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Invalid link: Terms of Use |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Invalid link: Privacy Statement |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Invalid link: Need help? |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Invalid link: Gift Card Terms |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Invalid link: Terms of Use |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Invalid link: Privacy Statement |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: Has password / email / username input fields |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: <input type="password" .../> found |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: No <meta name="author".. found |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: No <meta name="author".. found |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: No <meta name="author".. found |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: No <meta name="copyright".. found |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: No <meta name="copyright".. found |
| Source: http://kfz.ear.mybluehost.me/Account/netflix/login/login | HTTP Parser: No <meta name="copyright".. found |
| Source: unknown | HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49716 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49719 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49771 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49784 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49871 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49895 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49980 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50017 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50021 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:50022 version: TLS 1.2 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.222.162.64 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 40.113.103.199 |
| Source: global traffic | HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 13 Jan 2025 23:34:25 GMTServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: PHPSESSID=a41e637e0cc20d7458dc1d86d3284206; path=/Vary: Accept-EncodingContent-Encoding: gziphost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Newfold-Cache-Level: 2Content-Length: 3618Keep-Alive: timeout=5, max=74Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 52 6b 73 db b8 92 fd ee 2a ff 07 14 52 5b 93 a9 0d a8 87 25 59 b6 25 cd 4e b2 c9 c6 b7 9c 5c ef 24 99 dd 6f 2e 90 6c 92 88 41 80 03 80 7a e4 d6 fd ef db 00 49 99 f2 23 e3 99 9d 0f 5b 2b 27 12 d9 8f d3 a7 4f 9f e3 a3 45 e1 4a b9 5a 14 c0 d3 d5 f1 d1 f1 d1 a2 04 c7 49 e1 5c c5 e0 b7 5a ac 97 f4 8d 56 0e 94 63 9f 77 15 50 92 34 6f 4b ea 60 eb 06 be f9 82 24 05 37 16 dc f2 cb e7 77 6c 4e 57 0d 44 17 a4 b5 cb 7c f4 31 e8 ff 66 5f 7e 66 6f 74 59 71 27 62 d9 47 bf 7c bb 84 34 87 c7 db b4 11 b9 50 cc 19 c1 25 25 29 77 9c 65 c0 5d 6d 60 49 df 7e 78 4b de 6e 11 c4 0a ad 08 23 d7 5a 8a 64 47 de 14 90 dc f6 f0 69 b3 ac 13 4e c2 ea 23 b8 4c 8a ed 62 d0 bc fa 0c e6 a4 50 b7 c4 e1 d2 ed ae 89 b5 94 18 90 4b 6a dd 4e 82 2d 00 1c 25 85 81 6c 49 a3 41 88 f9 9a e6 29 8b 7c f9 a0 c5 ba ff b7 b0 89 11 95 23 d6 24 77 bd 5f ed 80 ab bc 96 dc 44 a5 50 d1 57 8b 4a 0e 9a c2 d5 d3 2d 5f 7f ab c1 ec fe 44 c7 9a 4b 81 d2 c1 9f 19 c6 ed ed 73 5b c2 c3 73 8b 5f f3 78 e7 6b c9 8a f4 aa f7 aa fd d9 8b 28 ad 00 ed 98 0a 77 7b ef 2c ad 55 f7 ae 20 8a 97 88 9e 42 33 1c 2d 74 e7 c0 26 b5 16 b0 a9 b4 71 3d 2f 6d 44 ea 8a 65 0a 6b 91 00 0b 2f af 84 12 0e cd c9 6c c2 25 2c 47 d1 f0 15 aa 2c ca ba ec 47 f8 f6 30 42 57 87 9b 36 9b 15 38 2c a9 1d 11 38 ef d1 e5 32 9f 19 0f 47 b3 08 1f 02 dd bb 6e 5e 55 12 98 d3 75 52 b0 67 00 54 2a a7 7d c1 c3 de 95 d1 15 18 b7 5b 52 9d 9f f7 95 e9 e9 b6 7a 58 cc e5 b9 d0 f6 bc 36 f2 79 85 48 f5 c6 3a 6d e0 46 a4 cf ef f0 47 e9 55 7f 04 97 49 b1 7d a2 89 ab d4 68 91 3e 8f 53 57 5c f1 e4 96 e7 f0 3b 55 cf e1 d2 18 c8 6d 84 73 60 ce 13 6e fa 7b 56 92 ef c0 3c 55 6c 85 eb 43 ff 9b ba c3 0e 87 1a 14 c0 53 df 1b eb 74 d7 05 53 b1 26 22 45 0b 55 35 28 e4 49 49 38 3a da 5b 58 3f ee 5c 69 05 17 31 ee 97 1b 5d ab 94 25 5a 6a 73 fe 62 18 3e 17 95 c6 a9 78 e7 73 92 89 2d a4 17 4e 57 e7 64 78 41 8c c8 0b 17 9e 62 ed 9c 2e fd a3 84 ac 09 7d 63 42 a5 b0 3d 27 a3 e1 64 78 a1 51 3c e1 76 98 89 4e 2f 32 21 fd 2a 84 cb aa e0 2f db d4 72 3a fc f1 82 12 4f dd 56 5c |
Edit tour
chrome.exe (PID: 6688 cmdline: 
