Report - hvo.moneybestsurvey.top/

Report Overview

Submitted URL
hvo.moneybestsurvey.top/
IP
172.67.149.52
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 07:34:23
Access
public
Website Title
Confirm Page
Final URL
hvo.moneybestsurvey.top/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
hvo.moneybestsurvey.top	unknown	unknown	No data	No data	3.8 kB	70 kB	104.21.47.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	moneybestsurvey.top	Sinkholed
2024-04-26	medium	moneybestsurvey.top	Sinkholed
2024-04-26	medium	moneybestsurvey.top	Sinkholed
2024-04-26	medium	moneybestsurvey.top	Sinkholed
2024-04-26	medium	moneybestsurvey.top	Sinkholed
2024-04-26	medium	moneybestsurvey.top	Sinkholed
2024-04-26	medium	moneybestsurvey.top	Sinkholed
2024-04-26	medium	moneybestsurvey.top	Sinkholed
2024-04-26	medium	moneybestsurvey.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	hvo.moneybestsurvey.top/js/v-index.js.da9f7529.js	41 kB	2024-04-09	2024-05-05
Pretty URL hvo.moneybestsurvey.top/js/v-index.js.da9f7529.js IP 104.21.47.163 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-09 03:12:48 Last Seen2024-05-05 20:09:49 Times Seen138 Hash f0c16b073e12930f7cbd321dd6f8f9b9 af74daaab1c8cb17152c3352d40ab89afea0b29d 9058ace69791e8a1eb5f9849c20a6dcd6e0f9018696ed0e563c3da7082aec861 Loading...

	hvo.moneybestsurvey.top/js/sweeps-promo.7c564426.js	5.4 kB	2024-04-26	2024-04-26
Pretty URL hvo.moneybestsurvey.top/js/sweeps-promo.7c564426.js IP 104.21.47.163 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 09:34:30 Last Seen2024-04-26 09:34:30 Times Seen1 Hash 736e808dd5a1302b9241790dd6548137 531c2b1d948df10255b69e63e78cede7fb2936f5 e5e3f2979a14a191e5070e64f2cbb394b5333159bb22398988ab693a05d95765 Loading...

	hvo.moneybestsurvey.top/	96 B	2023-10-08	2024-05-05
Pretty URL hvo.moneybestsurvey.top/ IP 104.21.47.163 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-08 13:44:02 Last Seen2024-05-05 20:09:49 Times Seen9259 Hash 1c21f8c6a7c78b7e67c5272c65c97f91 1a2eb15ee36a8f8b7160358a304ccf575b571074 0af800d9d96b01d9183737d36c4e01792913fdcd393bc56727f1e9be39730fc2 Loading...

HTTP Transactions (9)

URL IP Response Size

hvo.moneybestsurvey.top/img/sweep/decathlon.webp

104.21.47.163

200 OK

2.9 kB

URL GET HTTP/3
hvo.moneybestsurvey.top/img/sweep/decathlon.webp
IP
104.21.47.163:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hvo.moneybestsurvey.top/
Certificate
IssuerCloudflare, Inc.
Subjectmoneybestsurvey.top
Fingerprint3F:79:D0:B5:3A:94:6B:02:98:2E:C9:04:BE:99:84:FF:ED:57:9C:FC
ValidityWed, 27 Dec 2023 00:00:00 GMT - Thu, 26 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.9 kB (2880 bytes)
Hash
06d34c9d3a42cd79b158a0de89f813b1
860cc208b2f73c54e4ffe90e1041b6496e64a8d2
6ddc9d9b562c9f1f205500ba77eaa037aefdec093d11e56c7b62ce77cd4c7104

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sweep/decathlon.webp HTTP/1.1
Host: hvo.moneybestsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:33:58 GMT
content-type: image/webp
content-length: 2880
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-b40"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CtWOLDAixarrnV3Dm2fsi6wAHMnHB1OOZvtNaDP3z6Xe2ViYTpdTLDNSsFyTFgDzaW9Wx%2Fnuv2OP1oVC6F38Y0WKqZTK%2BK8C92ql0A1UZFjcTPCLb2l%2BV91mNKFt7xN%2F7zZATxVR8k2Iww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e3402fe7b515-OSL
alt-svc: h3=":443"; ma=86400

hvo.moneybestsurvey.top/img/sweep/amazon-es.webp

104.21.47.163

200 OK

3.8 kB

URL GET HTTP/3
hvo.moneybestsurvey.top/img/sweep/amazon-es.webp
IP
104.21.47.163:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hvo.moneybestsurvey.top/
Certificate
IssuerCloudflare, Inc.
Subjectmoneybestsurvey.top
Fingerprint3F:79:D0:B5:3A:94:6B:02:98:2E:C9:04:BE:99:84:FF:ED:57:9C:FC
ValidityWed, 27 Dec 2023 00:00:00 GMT - Thu, 26 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
3.8 kB (3780 bytes)
Hash
3ffca36f30b4bb5fdf34858d6d461db6
771035f93608678020f0874cd13a51ac9a42122f
5aad6409cc504e10e0a6f0b9de55e5e0da4ed0cc3bfd5e568e8f4c355a83b865

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sweep/amazon-es.webp HTTP/1.1
Host: hvo.moneybestsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:33:58 GMT
content-type: image/webp
content-length: 3780
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-ec4"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=22f5Eg4D%2BudSsYEpOtPkSrH21C4uVeKfwlwggDxIsHqeYI4Njlhn17y3ALoS6%2F19i5CrUbXeJhWax6zYBs31hpwamkF0mmgnxTSlcCoDum8JJRsC3hTINAfLxPLlHz7NcEha2kFcJyMxEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e3402fe3b515-OSL
alt-svc: h3=":443"; ma=86400

hvo.moneybestsurvey.top/img/sweep/ikea.webp

104.21.47.163

200 OK

3.5 kB

URL GET HTTP/3
hvo.moneybestsurvey.top/img/sweep/ikea.webp
IP
104.21.47.163:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hvo.moneybestsurvey.top/
Certificate
IssuerCloudflare, Inc.
Subjectmoneybestsurvey.top
Fingerprint3F:79:D0:B5:3A:94:6B:02:98:2E:C9:04:BE:99:84:FF:ED:57:9C:FC
ValidityWed, 27 Dec 2023 00:00:00 GMT - Thu, 26 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
3.5 kB (3508 bytes)
Hash
525ff265039f87eef88186527722fd2a
c575c6ec368eddffd97079155a94cc1d2a1eb333
7dafb352d6694d3435ab4dc2f25f966205a76a154a451bc11ac16374e88b617f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sweep/ikea.webp HTTP/1.1
Host: hvo.moneybestsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:33:58 GMT
content-type: image/webp
content-length: 3508
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-db4"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0SxOomuOl34nRizKUr01UsHRH0U2Fb4bPT5tBak6U9zr%2Ftj7L8ZMUG%2FS93Yc9%2B26W7uNKZ%2Bp5SKGnwRzPjLG4%2FXkWJOHngZsMI7eaadMblXr0ADU5H%2BOz9mISGun9nsRUz61BbDgYXNWiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e3402fe9b515-OSL
alt-svc: h3=":443"; ma=86400

hvo.moneybestsurvey.top/img/sweep/huawei.webp

104.21.47.163

200 OK

1.8 kB

URL GET HTTP/3
hvo.moneybestsurvey.top/img/sweep/huawei.webp
IP
104.21.47.163:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hvo.moneybestsurvey.top/
Certificate
IssuerCloudflare, Inc.
Subjectmoneybestsurvey.top
Fingerprint3F:79:D0:B5:3A:94:6B:02:98:2E:C9:04:BE:99:84:FF:ED:57:9C:FC
ValidityWed, 27 Dec 2023 00:00:00 GMT - Thu, 26 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.8 kB (1834 bytes)
Hash
8847126fbf9d94962e00b78ab520dcf5
0d18882410728e49bd711e5957d5a4458ecf586a
28023f98ce12fac223c31b7d279e70bef02e88394fde278a62026821ae481674

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/sweep/huawei.webp HTTP/1.1
Host: hvo.moneybestsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:33:58 GMT
content-type: image/webp
content-length: 1834
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: "661f9116-72a"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ya123dgiGSibqJf3D91nlBRu4x86O7QboPf5YFZMO6gmzYEcAQRfgebj553trQXvvmMnV51k%2FADe7%2F%2FWx%2Bb%2BTHiEV%2FLo5dKnA5msGuUVjiJXX%2F3THNNxkqeQcUY0d14f12O%2BGS6yhBvmog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e3402fe5b515-OSL
alt-svc: h3=":443"; ma=86400

hvo.moneybestsurvey.top/js/v-index.js.da9f7529.js

104.21.47.163

200 OK

41 kB

URL GET HTTP/3
hvo.moneybestsurvey.top/js/v-index.js.da9f7529.js
IP
104.21.47.163:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hvo.moneybestsurvey.top/
Certificate
IssuerCloudflare, Inc.
Subjectmoneybestsurvey.top
Fingerprint3F:79:D0:B5:3A:94:6B:02:98:2E:C9:04:BE:99:84:FF:ED:57:9C:FC
ValidityWed, 27 Dec 2023 00:00:00 GMT - Thu, 26 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (40911)
Size
41 kB (40988 bytes)
Hash
f0c16b073e12930f7cbd321dd6f8f9b9
af74daaab1c8cb17152c3352d40ab89afea0b29d
9058ace69791e8a1eb5f9849c20a6dcd6e0f9018696ed0e563c3da7082aec861

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/v-index.js.da9f7529.js HTTP/1.1
Host: hvo.moneybestsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:33:58 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-a01c"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GAPU%2B2Ur3fm7gmZ7BWezhkzL%2FXOIOI9JnOt6CtlSHZUHLdy7SvWske%2BCmI%2B8Aawz8NilWKvyjYllG9tTUbsIFXCOfbKbrUslsWIU9rHpTbzAk%2BoapSC93NXTRVwqR%2Fy3X%2F2pRGMxCOzEsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e3401fdcb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hvo.moneybestsurvey.top/css/sweeps-promo.1a4c9de0.css

104.21.47.163

200 OK

1.2 kB

URL GET HTTP/3
hvo.moneybestsurvey.top/css/sweeps-promo.1a4c9de0.css
IP
104.21.47.163:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hvo.moneybestsurvey.top/
Certificate
IssuerCloudflare, Inc.
Subjectmoneybestsurvey.top
Fingerprint3F:79:D0:B5:3A:94:6B:02:98:2E:C9:04:BE:99:84:FF:ED:57:9C:FC
ValidityWed, 27 Dec 2023 00:00:00 GMT - Thu, 26 Dec 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1185), with no line terminators
Size
1.2 kB (1184 bytes)
Hash
a3fa30ad9b215f58bcebed8235fee220
c6e40a8645e83bc520e984ba4a4c1a1e80d5d264
c475f9d86323fa52318201d7403f5e3265c58ae3f05be9a153a312d49e168099

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/sweeps-promo.1a4c9de0.css HTTP/1.1
Host: hvo.moneybestsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:33:58 GMT
content-type: text/css
last-modified: Wed, 17 Apr 2024 09:06:30 GMT
vary: Accept-Encoding
etag: W/"661f9116-4a0"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UmiQNlzaE96j3fTG%2B4zuoXGX2nriqhhA6J3Ny3JGTZW0lfHUT4sf7YwpENZIUhIiu%2Bqf41geOraKmKwhoFzLhavfrDp%2B0mflIAPZRmSlqZIHDBIH1MZLbyN4cWgryV76pHLkDzrcvH%2F7aA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e3402fe2b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hvo.moneybestsurvey.top/

104.21.47.163

200 OK

2.1 kB

URL User Request GET HTTP/2
hvo.moneybestsurvey.top/
IP
104.21.47.163:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectmoneybestsurvey.top
Fingerprint3F:79:D0:B5:3A:94:6B:02:98:2E:C9:04:BE:99:84:FF:ED:57:9C:FC
ValidityWed, 27 Dec 2023 00:00:00 GMT - Thu, 26 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (2199), with no line terminators
Size
2.1 kB (2095 bytes)
Hash
b0df97e01ef30e912a9c530c2ae40334
e2690d076b3186dab17fe95cf6601958cb8f79a0
03229ce64ccde70650b747061551ed0b7da6aef13353c5ba12df2a0c0524881c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: hvo.moneybestsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 07:33:58 GMT
content-type: text/html
last-modified: Wed, 17 Apr 2024 09:06:32 GMT
vary: Accept-Encoding
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PKP78r2fxU5s03qBZYKlpR7TwgEQU81bi5ArR1tFB3IrxpcD%2BGTtp%2BC7ON4HVtHh9Rg%2FEdwLOm%2F5ytAIbpQewarBoMkU%2F7BB6OreTT5Su2EiC4QfkP%2FUnAgVjkpMXQW3Tbl0SoIZQA6KSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e33e1ea77129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

hvo.moneybestsurvey.top/js/sweeps-promo.7c564426.js

104.21.47.163

200 OK

5.4 kB

URL GET HTTP/3
hvo.moneybestsurvey.top/js/sweeps-promo.7c564426.js
IP
104.21.47.163:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hvo.moneybestsurvey.top/
Certificate
IssuerCloudflare, Inc.
Subjectmoneybestsurvey.top
Fingerprint3F:79:D0:B5:3A:94:6B:02:98:2E:C9:04:BE:99:84:FF:ED:57:9C:FC
ValidityWed, 27 Dec 2023 00:00:00 GMT - Thu, 26 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (5520), with no line terminators
Size
5.4 kB (5378 bytes)
Hash
8c103db6ea0d028bbe5947f4346b02ed
9f6640d488968b7f53bc7c0aa8cbcb63f3497d0b
b328e6c027f632f33eb1a1ce6e3287d8221d489e44f169741dbb37a7a09e2e94

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/sweeps-promo.7c564426.js HTTP/1.1
Host: hvo.moneybestsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:33:58 GMT
content-type: application/javascript
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-1502"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JoGgijKjpcgntO%2FiyK7Of1o1H1sVpZjAPWOvgk%2FLSzAQWyfCpM1RCgf6dDyx9x2kJrljs0RUJLQEWQyeSJdr16QsC69J0bjCPMZ5SknRoHYJD2ORwg511zQWDe0L6Ry4B5xoIfKRQ9htUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e3401fddb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

hvo.moneybestsurvey.top/favicon.ico

104.21.47.163

200 OK

1.2 kB

URL GET HTTP/3
hvo.moneybestsurvey.top/favicon.ico
IP
104.21.47.163:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hvo.moneybestsurvey.top/
Certificate
IssuerCloudflare, Inc.
Subjectmoneybestsurvey.top
Fingerprint3F:79:D0:B5:3A:94:6B:02:98:2E:C9:04:BE:99:84:FF:ED:57:9C:FC
ValidityWed, 27 Dec 2023 00:00:00 GMT - Thu, 26 Dec 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
668ba1a9fa1890ba16cb8adc28d3dad8
5e35223b2541265114eaf61b9da2556c812fea17
7746cf1b553433822522f2dc432f55fe64eee1f1cf823ef6adfde02e58e1d7e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: hvo.moneybestsurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 07:33:58 GMT
content-type: image/x-icon
last-modified: Wed, 17 Apr 2024 09:06:31 GMT
vary: Accept-Encoding
etag: W/"661f9117-47e"
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PAu7jGFj8hAjypyo2V2u5PixJsS3auGK0Gaam733nZfaU8EBPZcUEqdle1%2Ber9aqpu7m5W6ETx9F1gp7xcD9BV60KkKvKt8uvTqh001ZmQJByOVGC9tvfn8%2Fxfa1GAzSdGg9UOK64yAkCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a4e3410899b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (9)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP