Report - adscashnqx.buzz/login.php

Report Overview

Submitted URL
adscashnqx.buzz/login.php
IP
172.67.222.93
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-19 17:01:53
Access
public
Website Title
Frequently asked questions.
Final URL
adscashnqx.buzz/login.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
48

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-19	1.3 kB	265 kB	142.250.74.136
adscashnqx.buzz	unknown	unknown	No data	No data	12 kB	1.0 MB	104.21.94.106
log.href.style	unknown	2019-07-04	2024-03-19	2024-03-19	876 B	1.5 kB	34.87.137.87

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed
2024-04-19	medium	adscashnqx.buzz	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=G-QSD3M3XHPZ	304 kB	2024-04-19	2024-04-19
Pretty URL www.googletagmanager.com/gtag/js?id=G-QSD3M3XHPZ IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 19:02:01 Last Seen2024-04-19 19:02:01 Times Seen2 Hash fcf830ed326bc3fa40283ce589d5b83b 46f787ca536e7f90d7d44730e5b1bb9efb9e3cf9 0f476b702fdd6474318289e7841838919ac7bbebc95a326937ae5d29a878f14c Loading...

	unknown	34 B	2023-04-18	2024-04-19
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-04-18 15:11:55 Last Seen2024-04-19 19:02:01 Times Seen2 Hash 2a220b1790f86fbbcbecfa7140eed6bc ccb8f9c1bac2b8ba1502b691b6e4011c9e39241e 582efb337619cac5c83ef3723c7dbbe1f8d960757335864b6d16dd0d2ec0dc11 Loading...

	adscashnqx.buzz/assets/js/popper.min.js	21 kB	2023-03-08	2024-04-19
Pretty URL adscashnqx.buzz/assets/js/popper.min.js IP 104.21.94.106 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:37:54 Last Seen2024-04-19 19:02:01 Times Seen117 Hash b9f305114cd500cf450bedb6ddd8baed 9266f013e7e32bab7fe6b1a355056b35be8a0ba7 5ccae8e986c1c858b2f3df79bfdd0d12a1ae4bb6a89c839d3bfc70a43cf58285 Loading...

	adscashnqx.buzz/assets/js/jquery.toast.js	7.7 kB	2023-03-11	2024-04-19
Pretty URL adscashnqx.buzz/assets/js/jquery.toast.js IP 104.21.94.106 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 08:31:00 Last Seen2024-04-19 19:02:01 Times Seen7 Hash a1d705581b3f642712deb0da64214669 8349f41d20b1a1efbc8591e09545e4d7374eacab 3751f2b6f017634dcdbe60e82705d04f0bf9d8edd9bba3940f6793a57ca1fad2 Loading...

	adscashnqx.buzz/assets/js/jquery.min.js	87 kB	2023-03-07	2024-05-02
Pretty URL adscashnqx.buzz/assets/js/jquery.min.js IP 104.21.94.106 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-02 23:23:38 Times Seen107875 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	adscashnqx.buzz/assets/js/bootstrap.min.js	60 kB	2023-03-08	2024-05-02
Pretty URL adscashnqx.buzz/assets/js/bootstrap.min.js IP 104.21.94.106 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:49:31 Last Seen2024-05-02 08:20:39 Times Seen457 Hash 77cbad27852866cec1e32648eaafd22d 3ee3e67eddf2a6a59a46ef6644f93ba97efeefd1 2ced6f997d7fce10a38ddc75c2f24c9f8945f44e746128f3dcd61d923ea3fdce Loading...

	adscashnqx.buzz/sandbox%20eval%20code	147 B	2023-04-11	2024-05-02
Pretty URL adscashnqx.buzz/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-02 23:25:12 Times Seen344214 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	adscashnqx.buzz/assets/js/app.js?e	4.1 kB	2024-04-19	2024-04-19
Pretty URL adscashnqx.buzz/assets/js/app.js?e IP 104.21.94.106 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 19:02:01 Last Seen2024-04-19 19:02:01 Times Seen2 Hash 98c05edfddacbb8e6a9a95b97af3321d 79d4723c9354b7b68f4698308cc3c26226e3f9ab f36695eed94aa2c88c114b44d91dc118bee86e9e5b8feab826b6a96cc8fb3e61 Loading...

	adscashnqx.buzz/inc/mytongji.html?utm_source=adscashnqx.buzz	0 B	2023-03-07	2024-05-02
Pretty URL adscashnqx.buzz/inc/mytongji.html?utm_source=adscashnqx.buzz IP 104.21.94.106 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-02 23:27:37 Times Seen37286499 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-02
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-02 23:25:13 Times Seen343707 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-0EWK671GB8&l=dataLayer&cx=c	250 kB	2024-04-19	2024-04-19
Pretty URL www.googletagmanager.com/gtag/js?id=G-0EWK671GB8&l=dataLayer&cx=c IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 19:02:01 Last Seen2024-04-19 19:02:01 Times Seen2 Hash f6c366e23c00e080ec747df0118991a9 35ba7112cea547a321a9744888f4c8a685be1d72 552084905ace967b203d07646fe73f201a6374dfb2ad4c7847273d31654e9522 Loading...

	adscashnqx.buzz/login.php	114 B	2024-04-19	2024-04-19
Pretty URL adscashnqx.buzz/login.php IP 104.21.94.106 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 19:02:01 Last Seen2024-04-19 23:18:19 Times Seen2 Hash d1bbb809f80b2e226ff133d64491e666 fb5393292898a41e514686709b82d2b50a5d35f8 bf360dbf8f09057bc15b0a073da8baf7bbd6f6898537bda96e1f44161e981371 Loading...

	adscashnqx.buzz/assets/js/social-proof.js?x2223	2.9 kB	2024-04-19	2024-04-19
Pretty URL adscashnqx.buzz/assets/js/social-proof.js?x2223 IP 104.21.94.106 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 19:02:01 Last Seen2024-04-19 19:02:01 Times Seen2 Hash 66a00bbc178a18dfe35f54e677683c1f b9786881798f3af8835f1b03de60a0fb6cbf58ba 54db90599b7a0ba6f3667c2ac22a7d71e89a7f42b0d21528967f0bb096dad5b8 Loading...

	adscashnqx.buzz/login.php	275 B	2024-04-19	2024-04-19
Pretty URL adscashnqx.buzz/login.php IP 104.21.94.106 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 19:02:01 Last Seen2024-04-19 23:18:20 Times Seen2 Hash 2f8d7d0c422f8479f8f8cf03937d5db0 a642f429c30c71a0bc3574189d724fffecfb1f76 b345c6038216255073fe69f715f772c3a54bbca4b28039d302de1c4b0e37e489 Loading...

	log.href.style/js/script.js	1.3 kB	2023-05-22	2024-05-02
Pretty URL log.href.style/js/script.js IP 34.87.137.87 ASN #396982 GOOGLE-CLOUD-PLATFORM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-22 17:22:24 Last Seen2024-05-02 17:07:56 Times Seen3249 Hash abd4e2373b2e8c4dac2e80159641c5f1 e273656e58ca934d873204e68dd35670fde657ed 021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94 Loading...

	www.googletagmanager.com/gtag/js?id=UA-263154244-3&l=dataLayer&cx=c	202 kB	2024-04-19	2024-04-19
Pretty URL www.googletagmanager.com/gtag/js?id=UA-263154244-3&l=dataLayer&cx=c IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 19:02:01 Last Seen2024-04-19 19:02:01 Times Seen2 Hash aa01960eec9343f6eaa3897ee8bdf527 57145afd0871c9da73dfaf67f32cbd6b7dc6ec41 081de6d09eac0753c85cdf62453589d395ffdadd4e446901d8f1126f6f7e1fde Loading...

HTTP Transactions (29)

URL IP Response Size

www.googletagmanager.com/gtag/js?id=G-QSD3M3XHPZ

142.250.74.136

200 OK

101 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-QSD3M3XHPZ
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
101 kB (101350 bytes)
Hash
fcf830ed326bc3fa40283ce589d5b83b
46f787ca536e7f90d7d44730e5b1bb9efb9e3cf9
0f476b702fdd6474318289e7841838919ac7bbebc95a326937ae5d29a878f14c

HTTP Headers

GET /gtag/js?id=G-QSD3M3XHPZ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 19 Apr 2024 17:01:27 GMT
expires: Fri, 19 Apr 2024 17:01:27 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 101350
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

adscashnqx.buzz/assets/css/jquery.toast.css?d=3

104.21.94.106

200 OK

12 kB

URL GET HTTP/3
adscashnqx.buzz/assets/css/jquery.toast.css?d=3
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
ASCII text, with very long lines (4516), with no line terminators
Size
12 kB (11472 bytes)
Hash
4a143b75a44a8248f68fff3102f055b1
9285847f20e7eee2176e54daef89f6b3b375e31b
1b04a9f5b61b916ac5685883d5f9f461d72c647878a0e59f6d28f3c2ca37d370

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/jquery.toast.css?d=3 HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: text/css
last-modified: Thu, 23 Mar 2023 09:14:34 GMT
vary: Accept-Encoding
etag: W/"641c187a-11a4"
expires: Sat, 20 Apr 2024 05:01:27 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fJwGLxXncqt6UnsVuDfSUDumjzrvWFkGJlww9Z9PkoiUHb8N9ZwQf36fxMl9pLMrBI001lC1JZTTy767TC2PC4eXIzi0VKaFWkkC51tyZK%2FUbETlfXKHayTyUGIqhA%2BIuGA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74e69ad1569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/js/popper.min.js

104.21.94.106

200 OK

15 kB

URL GET HTTP/3
adscashnqx.buzz/assets/js/popper.min.js
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
JavaScript source, ASCII text, with very long lines (21060)
Size
15 kB (15171 bytes)
Hash
b9f305114cd500cf450bedb6ddd8baed
9266f013e7e32bab7fe6b1a355056b35be8a0ba7
5ccae8e986c1c858b2f3df79bfdd0d12a1ae4bb6a89c839d3bfc70a43cf58285

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/popper.min.js HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: application/javascript
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
vary: Accept-Encoding
etag: W/"6412ba18-52ca"
expires: Sat, 20 Apr 2024 05:01:27 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZSZK%2BPwDGkt7d%2FeEopdoKekD4uQtFqHHGHcxObyAxlJD6Ch0yu6%2FFdTZFF1DDU%2FiKvvK8Z%2FhMGLUvLpXC7iK8p6gxvNXIKIR86S3bVLE76%2BbucN3lFSWl%2FJUVSdB9IN1fCo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74e69ad3569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/js/jquery.toast.js

104.21.94.106

200 OK

8.3 kB

URL GET HTTP/3
adscashnqx.buzz/assets/js/jquery.toast.js
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
JavaScript source, ASCII text, with very long lines (2869)
Size
8.3 kB (8297 bytes)
Hash
a1d705581b3f642712deb0da64214669
8349f41d20b1a1efbc8591e09545e4d7374eacab
3751f2b6f017634dcdbe60e82705d04f0bf9d8edd9bba3940f6793a57ca1fad2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/jquery.toast.js HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: application/javascript
last-modified: Thu, 23 Mar 2023 09:14:34 GMT
vary: Accept-Encoding
etag: W/"641c187a-1e0b"
expires: Sat, 20 Apr 2024 05:01:27 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iGbZ%2FfyvIgmjHagdHkrwm7wRbfqBtcZ1QTVvt5npoqOLKDcP8d8uvI6eBMT7%2BCwbHs5acD4R9lrlgVjcu0p111EdcUMz0J8U8SOq3tAEMTD3O%2BaHjOd6EQ8pDcXBPD73Ib0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74e69ad7569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/js/social-proof.js?x2223

104.21.94.106

200 OK

6.5 kB

URL GET HTTP/3
adscashnqx.buzz/assets/js/social-proof.js?x2223
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
JavaScript source, ASCII text
Size
6.5 kB (6490 bytes)
Hash
66a00bbc178a18dfe35f54e677683c1f
b9786881798f3af8835f1b03de60a0fb6cbf58ba
54db90599b7a0ba6f3667c2ac22a7d71e89a7f42b0d21528967f0bb096dad5b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/social-proof.js?x2223 HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: application/javascript
last-modified: Wed, 20 Mar 2024 12:37:15 GMT
vary: Accept-Encoding
etag: W/"65fad87b-b76"
expires: Sat, 20 Apr 2024 05:01:27 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o3w7%2F8MDQVjXUQKVEA%2FXtDUblJPwm31pIN%2Bi6FG6hHEXF4SaBbopeaJttzkK83lOYjuuNgLLYdydBQDhWzKB2QB1NtnXhubrcuy0FiPBbCLh4%2FrhaQZWG3%2FNBOTtjaSEE8k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74e69ad9569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/js/app.js?e

104.21.94.106

200 OK

12 kB

URL GET HTTP/3
adscashnqx.buzz/assets/js/app.js?e
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
12 kB (12546 bytes)
Hash
98c05edfddacbb8e6a9a95b97af3321d
79d4723c9354b7b68f4698308cc3c26226e3f9ab
f36695eed94aa2c88c114b44d91dc118bee86e9e5b8feab826b6a96cc8fb3e61

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/app.js?e HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: application/javascript
last-modified: Mon, 18 Dec 2023 07:51:03 GMT
vary: Accept-Encoding
etag: W/"657ff9e7-1027"
expires: Sat, 20 Apr 2024 05:01:27 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jYP%2FBgaRzbkAWftoznXVPwygoNuefgtWDpe2cGHvxdieXpLwvhZG9l3ADUZ8qKeCtvPaXv4d0yrWAauoU6XK17VoI6xbeVTHHc0CY0FhVXbLgbFZE3mWUumhfMIekRMrKgs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74e69ad6569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/images/FC_Bayern_M%C3%BCnchen.png

104.21.94.106

200 OK

32 kB

URL GET HTTP/3
adscashnqx.buzz/assets/images/FC_Bayern_M%C3%BCnchen.png
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
PNG image data, 220 x 220, 8-bit/color RGBA, non-interlaced
Size
32 kB (31857 bytes)
Hash
d2c2e4ef9750d13c191e520fa504ee2e
8a7bade6776672650dec40337531b29de4c4c63b
1b291a7ae6286e6619caedfb51b9cef57d57f371731817f3c7bf8deed583fb4d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/images/FC_Bayern_M%C3%BCnchen.png HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: image/png
content-length: 31857
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
etag: "6412ba18-7c71"
expires: Sun, 19 May 2024 17:01:27 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5RQScskz4o4uGvIzIGaEZL%2BuXeTZ9YMRHRbc1hVLefOQ9iWXJghDCnMHT3aUN1No4VEOkVm8Cdnea7op2tXNUC%2FFpIE3Ny95tS2q9oRhohx9kWei919XbM0NYgT9vBxuOek%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876e74e68ac1569a-OSL
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/images/feedex.png

104.21.94.106

200 OK

33 kB

URL GET HTTP/3
adscashnqx.buzz/assets/images/feedex.png
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
PNG image data, 3840 x 2160, 8-bit colormap, non-interlaced
Size
33 kB (33017 bytes)
Hash
534a1c6b9de68ba3e076e20d03eb9fcb
c72f506b9ac652463f944313087b0bc4d06e1c19
7349283c4653c217a7b2e698fe73d707ce50a3b9f2743f600d9c29fb71fbcb95

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/images/feedex.png HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: image/png
content-length: 33017
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
etag: "6412ba18-80f9"
expires: Sun, 19 May 2024 17:01:27 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IMVB7V3o9ht%2BzgAJIJ9X9pYfWaKSdKTkbiLy2YoB4e8X78tLNALnoKV%2BRUlFEiZwxznE1E%2B5E4UsFbp9XXtOgeHrXyudWE5ktKjMo0lTQa2fridLB781zJMfcVw9nATolXY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876e74e68ace569a-OSL
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/images/Adidas.png

104.21.94.106

200 OK

28 kB

URL GET HTTP/3
adscashnqx.buzz/assets/images/Adidas.png
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
PNG image data, 300 x 256, 8-bit/color RGBA, non-interlaced
Size
28 kB (28262 bytes)
Hash
369a439dbad9651392eb7b7e85e2bb91
88a801762d76a0b66ed4ce75ed227cd78dd8952d
9d15bd4dccc2b65e6042f13fdce5d2512432fae8402ec1b2325682f0b52534da

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/images/Adidas.png HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: image/png
content-length: 28262
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
etag: "6412ba18-6e66"
expires: Sun, 19 May 2024 17:01:27 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Hro7gD3nJrSM0Le%2FmgMJPL6ajo12rizLg%2B4oKLjbmlcyFdrr%2B44S%2BwEOfQtRnAr4VU3Iyoqcnai8CMmTRhwd5bNgSyXFTVmHa2mjwSXiPMby83jMujAsHtZpUXrgRbf%2Fbc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876e74e68abf569a-OSL
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/images/Mitsubishi_Motors.png

104.21.94.106

200 OK

19 kB

URL GET HTTP/3
adscashnqx.buzz/assets/images/Mitsubishi_Motors.png
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
PNG image data, 393 x 505, 8-bit/color RGBA, non-interlaced
Size
19 kB (18987 bytes)
Hash
472bce1aa6927b8dad83645d4da0bbce
4deaaf76f0df7e450aeac617109021e2c59679ce
5f9a23e54882a242906187a79ca40b33b538b09fc0e59d6c0386db8619b41843

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/images/Mitsubishi_Motors.png HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: image/png
content-length: 18987
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
etag: "6412ba18-4a2b"
expires: Sun, 19 May 2024 17:01:27 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cpX5KVmMuOc6bHmnhxGPeKt24QTDWVaZOmZdF%2BQMhJsYyKCbyrDQwAQ%2BqbHXSskgL0GOxj88JylsiFrhRDPwtjFM%2BkSCJq8D0bsiVH%2FrYxqTbUiXjlvczPUzZwn6L7br148%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876e74e68ac7569a-OSL
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/images/Heiniken.png

104.21.94.106

200 OK

27 kB

URL GET HTTP/3
adscashnqx.buzz/assets/images/Heiniken.png
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced
Size
27 kB (27024 bytes)
Hash
60f91d7351a94a189621b73212da9c0e
930c23e4bfadc914a428c64c0b33e2406a1b95eb
ccdf022e2f10de4d0662fcd5de97ea3270ee254332e6d85e960d0ca1f9c5de17

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/images/Heiniken.png HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: image/png
content-length: 27024
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
etag: "6412ba18-6990"
expires: Sun, 19 May 2024 17:01:27 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nX%2BMoeEsMJHMRuNE70%2FZeaq7CuWZIsS7EPDbmIm0u8Hvg2HobW3yAC5oUCAfeqGc4sAsyFl7XUDQYRypsHGn50zrQAZ0J0N6Zr19eskf42eXDkXzl0Fe6%2Bio5oQe59ZYU2Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876e74e68ac6569a-OSL
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/images/intel.png

104.21.94.106

200 OK

47 kB

URL GET HTTP/3
adscashnqx.buzz/assets/images/intel.png
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
PNG image data, 1200 x 796, 8-bit/color RGBA, non-interlaced
Size
47 kB (46799 bytes)
Hash
d7e86c581a660fd9a97a1ad59e1cb3a0
8845459c503893b214b9684659d9606bb1640fbe
9dff6b83c74d5972b6897d2693a6f4f3f9853f8f86cf9b377a66b9ccdf501ba6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/images/intel.png HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:28 GMT
content-type: image/png
content-length: 46799
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
etag: "6412ba18-b6cf"
expires: Sun, 19 May 2024 17:01:27 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BZ89rZIeyppmUb%2BwTUIoLYwW92KjG46fZ8uFRNsdtSo8jyGGWXQTPdD7V1jUPLAN8fkiLS4d%2BEiaADM38w0PPGg2D%2BezUyu4xHi%2FJgXtGVw3WFSSEunNjuc%2Bedj0CZQK960%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876e74e68acb569a-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=UA-263154244-3&l=dataLayer&cx=c

142.250.74.136

200 OK

73 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=UA-263154244-3&l=dataLayer&cx=c
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
73 kB (73260 bytes)
Hash
aa01960eec9343f6eaa3897ee8bdf527
57145afd0871c9da73dfaf67f32cbd6b7dc6ec41
081de6d09eac0753c85cdf62453589d395ffdadd4e446901d8f1126f6f7e1fde

HTTP Headers

GET /gtag/js?id=UA-263154244-3&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 19 Apr 2024 17:01:28 GMT
expires: Fri, 19 Apr 2024 17:01:28 GMT
cache-control: private, max-age=900
last-modified: Fri, 19 Apr 2024 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73260
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

adscashnqx.buzz/assets/images/sharp.jpg

104.21.94.106

200 OK

102 kB

URL GET HTTP/3
adscashnqx.buzz/assets/images/sharp.jpg
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=12, height=816, bps=158, PhotometricInterpretation=RGB, orientation=upper-left, width=4740], progressive, precision 8, 1440x400, components 3
Size
102 kB (101504 bytes)
Hash
75a74cb0b700ac32189099a128c934a7
e799bdd335dba12de77c1c1a1caa71441f6415ba
b5103684722affa9bd43597be7f1e9b66482ebe66692d77254eaf1a4c9d9c3f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/images/sharp.jpg HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:28 GMT
content-type: image/jpeg
content-length: 101504
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
etag: "6412ba18-18c80"
expires: Sun, 19 May 2024 17:01:27 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YtaxTn0vU%2FBFMGVxmtAJ%2Fmkt8QtHfVEpJIFqeaYZPPfteAlVcR92avQpuB%2FVb5cYMVLX55uBfMB%2F4QQjllpw1Tskl7ex1I1pHYVQyODSI7Tc034xUNKLeBgr4y5Cj69DHq8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876e74e68aca569a-OSL
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/images/subway.png

104.21.94.106

200 OK

116 kB

URL GET HTTP/3
adscashnqx.buzz/assets/images/subway.png
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 920x464, components 3
Size
116 kB (115538 bytes)
Hash
ff98d5d50095b4cf5535d71733fb7c33
ed84904bafa92e890c2a7744bab9fb98ac357d10
2ea9f76eee02e21cc94bdc17d77e6c31562a5ea5f593ccb923dc4de74f32583c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/images/subway.png HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:28 GMT
content-type: image/png
content-length: 115538
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
etag: "6412ba18-1c352"
expires: Sun, 19 May 2024 17:01:27 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UDKISL4WUe9tivX0dk7UFo8IRt3xrM0%2BB0saCNhERM8weKEGLrhPLyZfPf6%2FL%2BrG8Ch%2FncslwaZ6g4BB9HIfWsp%2Fm7JK5%2BZE4jL5bjcM3oiXBVe9et0BGUMqE0AvgEgDpIs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876e74e68acd569a-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-0EWK671GB8&l=dataLayer&cx=c

142.250.74.136

200 OK

88 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-0EWK671GB8&l=dataLayer&cx=c
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
88 kB (88519 bytes)
Hash
f6c366e23c00e080ec747df0118991a9
35ba7112cea547a321a9744888f4c8a685be1d72
552084905ace967b203d07646fe73f201a6374dfb2ad4c7847273d31654e9522

HTTP Headers

GET /gtag/js?id=G-0EWK671GB8&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 19 Apr 2024 17:01:28 GMT
expires: Fri, 19 Apr 2024 17:01:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88519
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

adscashnqx.buzz/assets/fonts/fontawesome-webfont.woff2?v=4.7.0

104.21.94.106

200 OK

77 kB

URL GET HTTP/3
adscashnqx.buzz/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 77160, version 4.459
Size
77 kB (77160 bytes)
Hash
af7ae505a9eed503f8b8e6982036873e
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/assets/css/styles.css?d=3
Cookie: loclang=en
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:28 GMT
content-type: font/woff2
content-length: 77160
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
etag: "6412ba18-12d68"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bDqUDcDblqw86CRy9t7AV9zK0NcekJs61V9nUryaudSKtG4oy4nvW6%2BqQKANv7qwqkuceaw87%2BLlYV2DmbAUTWQQWivNKrMGpo2QK%2BPaYrfq%2FRPxkIusP2ua%2FrC7JvuCfTk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876e74ea5e8e569a-OSL
alt-svc: h3=":443"; ma=86400

log.href.style/js/script.js

34.87.137.87

200 OK

746 B

URL GET HTTP/2
log.href.style/js/script.js
IP
34.87.137.87:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://adscashnqx.buzz/inc/mytongji.html?utm_source=adscashnqx.buzz
Certificate
IssuerZeroSSL
Subjectlog.href.style
FingerprintAD:36:AF:6E:35:8E:2C:B2:98:A4:AB:D6:F6:14:D8:5A:8B:87:A6:9A
ValidityTue, 19 Mar 2024 00:00:00 GMT - Mon, 17 Jun 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1346), with no line terminators
Size
746 B (746 bytes)
Hash
abd4e2373b2e8c4dac2e80159641c5f1
e273656e58ca934d873204e68dd35670fde657ed
021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94

HTTP Headers

GET /js/script.js HTTP/1.1
Host: log.href.style
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
cache-control: public, max-age=86400, must-revalidate
content-encoding: gzip
content-type: application/javascript
cross-origin-resource-policy: cross-origin
date: Fri, 19 Apr 2024 17:01:28 GMT
server: Caddy, Cowboy
vary: Accept-Encoding
x-content-type-options: nosniff
content-length: 746
X-Firefox-Spdy: h2

adscashnqx.buzz/fetch.php?act=fetch

104.21.94.106

200 OK

4.5 kB

URL GET HTTP/3
adscashnqx.buzz/fetch.php?act=fetch
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
JSON text data
Size
4.5 kB (4450 bytes)
Hash
406da83c2d13abd392a3e9948dd2a337
09c47dea97c721aa85096af5bd8b20afa5990510
188adf968a40d4fc83a103224b67efe22953cc467250dea25d2caab871b99f85

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fetch.php?act=fetch HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:28 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8uuaAslsV7Lwdyk0VO2L7B66xnC0O7xLAzruji9bJn%2F%2FL0ywJ43IBo9I9x%2F89I5OF6yDfzkir4XEj30JS5kRy4iWUq9uQBKe9xbucfBNBeR4qkVWO%2BMxksw0z7P77dhcF4g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74eacef9569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

log.href.style/api/event

34.87.137.87

202 Accepted

2 B

URL POST HTTP/2
log.href.style/api/event
IP
34.87.137.87:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Requested by
https://adscashnqx.buzz/inc/mytongji.html?utm_source=adscashnqx.buzz
Certificate
IssuerZeroSSL
Subjectlog.href.style
FingerprintAD:36:AF:6E:35:8E:2C:B2:98:A4:AB:D6:F6:14:D8:5A:8B:87:A6:9A
ValidityTue, 19 Mar 2024 00:00:00 GMT - Mon, 17 Jun 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /api/event HTTP/1.1
Host: log.href.style
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 144
Origin: https://adscashnqx.buzz
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 202 Accepted
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: 
cache-control: max-age=0, private, must-revalidate
content-type: text/plain; charset=utf-8
date: Fri, 19 Apr 2024 17:01:29 GMT
server: Caddy, Cowboy
x-request-id: F8e9FupO__WEdBkaB_hD
content-length: 2
X-Firefox-Spdy: h2

adscashnqx.buzz/inc/mytongji.html?utm_source=adscashnqx.buzz

104.21.94.106

200 OK

12 kB

URL GET HTTP/3
adscashnqx.buzz/inc/mytongji.html?utm_source=adscashnqx.buzz
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
JavaScript source, ASCII text
Size
12 kB (11695 bytes)
Hash
17c8d21941ce9953e8ded9e4c0d92246
7763b6678ab070a9406fd36c4748aec8c53e9ab2
367f83ae24c4238923d054a51d928cf343f9e19dbec3cf2b225be21d397ff672

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /inc/mytongji.html?utm_source=adscashnqx.buzz HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:28 GMT
content-type: text/html
last-modified: Thu, 21 Mar 2024 08:43:55 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FM0syePfhSq3pX%2Blp%2FRE%2FNVrVcaO0ODrNV5iGTlFUJkNRLyP0Jt2IXu8hyub72JRMLEfs9qQapPKBuiUfT1pN%2BsIMZxQiJUsjausjrYmsX4N3G8n%2BbzDLX2taTws2G0MJvk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74ea2e66569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/login.php

104.21.94.106

200 OK

13 kB

URL User Request GET HTTP/2
adscashnqx.buzz/login.php
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type

Size
13 kB (12876 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
set-cookie: loclang=en; expires=Mon, 22-Apr-2024 17:01:27 GMT; Max-Age=259200; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AMPSaHtqF2j%2F%2BVVPhIFrEREg3hULyxj9o5V1Kpl0%2FQqzL8S5znjKua0iWKJxzaw%2BiBPKT2qfYPHdK0iL1J4kCc2cdKLgVVz4M6s51EZ29moqPT9W7CExpplCzxnN6vw4S9s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74e35a0d56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

adscashnqx.buzz/captcha.php?v=?9182294

104.21.94.106

200 OK

2.7 kB

URL GET HTTP/3
adscashnqx.buzz/captcha.php?v=?9182294
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality", baseline, precision 8, 130x40, components 3
Size
2.7 kB (2661 bytes)
Hash
4bfdda59c5bf0622b061e414f4a560be
d9bb1ef67e8af63be0327de81aede7838c267311
95711119f28ecf65772a7dde860ec3159548ded22df72a5e05ad2e2eb78f858b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /captcha.php?v=?9182294 HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: image/jpg;charset=utf-8
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ea4tN6U9MYR2CECELYqet9I2kVdDVuk%2FBFu6qmSNEi74KsT5cWrHB6utdQrGS3owmhB6QzwGj2rVlU%2FYapRREx4BE%2FBJA9%2F8WP60aqbMGXDG9kJc44wQ%2FYWmWLFAg4c9NFg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74e68abe569a-OSL
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/images/favicon-16x16.png?3

104.21.94.106

200 OK

4.1 kB

URL GET HTTP/3
adscashnqx.buzz/assets/images/favicon-16x16.png?3
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Size
4.1 kB (4149 bytes)
Hash
a55c93827b69a530ee51985ab7aa69fc
dffaabf1ce4d9f3d1d08952a99b2f3221d259e56
8fa39aefbdaecaf9e65672155d0e3d4a52bc615959bcf576f9b3b75dab948596

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/images/favicon-16x16.png?3 HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en; _ga_QSD3M3XHPZ=GS1.1.1713546088.1.0.1713546088.0.0.0; _ga=GA1.1.867073290.1713546088; _ga_0EWK671GB8=GS1.1.1713546088.1.0.1713546088.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:28 GMT
content-type: image/png
content-length: 4149
last-modified: Wed, 22 Mar 2023 03:30:52 GMT
etag: "641a766c-1035"
expires: Sun, 19 May 2024 17:01:28 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XyBtQN8%2FqpZw05Wlm7p5ne9QBIw9Ng22wd46yowoDgsONsAJAd8xFLipG8GEGnWRPKAySB%2Brr3t9EZDJThPYmcA51x2yTpNJbwMHXLfpDFwQsl1YchPi0ZY%2FRBssTtMAmbg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876e74ed9a68569a-OSL
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/css/bootstrap.css

104.21.94.106

200 OK

198 kB

URL GET HTTP/3
adscashnqx.buzz/assets/css/bootstrap.css
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
ASCII text, with very long lines (629)
Size
198 kB (198093 bytes)
Hash
011f21d8950347cbc2a5d47173b57f90
25f56d5d6386fd8333c36b0ef0e356a6c71002e3
e6361ffd86519accc718ce4a1e1d46512e00632a985e41b23a2426865bdea0e5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/bootstrap.css HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: text/css
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
vary: Accept-Encoding
etag: W/"6412ba18-305cd"
expires: Sat, 20 Apr 2024 05:01:27 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UlyMMFVvdugAW7EwMz4%2FOInWFMWouQgz7hpLcSoDMpzo4zWRqDSxQqjJRuglgTnxT1%2F74hX2ZBwql5BONGy0JVHvgYq4myGss5n1%2FJ0qoRwYC2qvfmua8nXa34FQuKEUzsc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74e67aae569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/js/jquery.min.js

104.21.94.106

200 OK

87 kB

URL GET HTTP/3
adscashnqx.buzz/assets/js/jquery.min.js
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
87 kB (86927 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/jquery.min.js HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: application/javascript
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
vary: Accept-Encoding
etag: W/"6412ba18-1538f"
expires: Sat, 20 Apr 2024 05:01:27 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hDumDQPFqX%2BKkIcFzKytuyeUzmdTHdWPQZiTgNk4U9VrTmpGVILByB5yx1XePsoDb7nvDcvyPGyHyBbmXbIze3AIFOg0i1hjdJN%2FKpdhwPPs%2ByGoDzpvjIHlrwPN9pNuh0o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74e67ab5569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/css/font.css

104.21.94.106

200 OK

69 kB

URL GET HTTP/3
adscashnqx.buzz/assets/css/font.css
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
ASCII text, with very long lines (388)
Size
69 kB (69314 bytes)
Hash
15fb6d95ca072c47e2ed1d4e94b2c459
f0549800bde80a1c5c486441060a47c2ec302c7d
78575005556fc1b57c54b7a315b7f9ba6d14e77cae364c2d1ed2183efc0b329a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/font.css HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: text/css
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
vary: Accept-Encoding
etag: W/"6412ba18-10ec2"
expires: Sat, 20 Apr 2024 05:01:27 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=egSXX79i4GBPIW4h8ou5WoMc%2FTzXdJkGxVD8McCpAzU9ZfbDiYm%2BwXXEtMLsuaOFvFh1JE%2B9oM8aJ6LzgvqhayPgYo5dZxjPD%2B5TBJMAQM7Bw1Y%2BdCFcUai3%2Bhp%2B82uPOdw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74e67ab1569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/css/styles.css?d=3

104.21.94.106

200 OK

9.3 kB

URL GET HTTP/3
adscashnqx.buzz/assets/css/styles.css?d=3
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
Unicode text, UTF-8 text, with very long lines (9693), with no line terminators
Size
9.3 kB (9257 bytes)
Hash
bd80972be4fe01545cc59699dd8cc439
e628839dc9850e9cc87ed01c224d16cbbca66e3d
5fe85a4c4e06e8d0d183176df55bfa5423bbd467c8efa58a3afdfd3077769410

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/styles.css?d=3 HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: text/css
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
vary: Accept-Encoding
etag: W/"6412ba18-2429"
expires: Sat, 20 Apr 2024 05:01:27 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zz8mSVi2s1LjzLgCT2Xnq6y6UgCF1vFVCViK8aYqTCSrIRAXtkgD8CKi9iPLJdBJaRgZa2ctfnDQ3KTC8lglONpNCPNZzWcVBpBwBEAfLVED1bp6%2FY3RFRKRe0rOLsO%2Bi6U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74e67ab4569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

adscashnqx.buzz/assets/js/bootstrap.min.js

104.21.94.106

200 OK

60 kB

URL GET HTTP/3
adscashnqx.buzz/assets/js/bootstrap.min.js
IP
104.21.94.106:443
ASN
#13335 CLOUDFLARENET

Requested by
https://adscashnqx.buzz/login.php
Certificate
IssuerGoogle Trust Services LLC
Subjectadscashnqx.buzz
FingerprintCB:E3:D0:40:B0:D6:BE:0D:31:0B:3C:C1:35:C4:E2:F1:AA:40:2E:FD
ValidityWed, 06 Mar 2024 08:16:57 GMT - Tue, 04 Jun 2024 08:16:56 GMT

File type
JavaScript source, ASCII text, with very long lines (59765)
Size
60 kB (60003 bytes)
Hash
77cbad27852866cec1e32648eaafd22d
3ee3e67eddf2a6a59a46ef6644f93ba97efeefd1
2ced6f997d7fce10a38ddc75c2f24c9f8945f44e746128f3dcd61d923ea3fdce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/js/bootstrap.min.js HTTP/1.1
Host: adscashnqx.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adscashnqx.buzz/login.php
Cookie: loclang=en
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 19 Apr 2024 17:01:27 GMT
content-type: application/javascript
last-modified: Thu, 16 Mar 2023 06:41:28 GMT
vary: Accept-Encoding
etag: W/"6412ba18-ea63"
expires: Sat, 20 Apr 2024 05:01:27 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1VeVZq%2FyMTsWtgKBuYKhc%2Big%2B4oolE62QWH1qeo%2BTjWmAYvz8RSCo2G85BSdqv6tqAS4gRGmlj8TK0Wt2kSKewR8h0G%2FopDquXsHl9MEw4e9s3KLCu3SjvR26Q5jTdrO84M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876e74e69ad4569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL