Report - domainbuzzle.com/fsanvirginia.com/siezuka.com

Report Overview

Visited public
2023-09-26 20:01:21
Tags
URL
domainbuzzle.com/fsanvirginia.com/siezuka.com
Finishing URL
domainbuzzle.com/fsanvirginia.com/siezuka.com
IP / ASN
154.216.175.208
#139646 HONG KONG Megalayer Technology Co.,Limited
Title
domainbuzzle.com/fsanvirginia.com/siezuka.com

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
domainbuzzle.com	unknown	2019-08-29	2013-12-23 09:09:20	2023-06-15 03:41:14	1.9 kB	74 kB	154.216.175.208
hm.baidu.com	8254	1999-10-11	2012-05-26 10:38:45	2023-09-26 00:47:23	1.1 kB	12 kB	103.235.46.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-26 20:01:11	high	154.216.175.208	Client IP	ET HUNTING Possible Obfuscator io JavaScript Obfuscation

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	unknown	Function	37 B	2023-04-11	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-05-11 13:14 Times Seen263679 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	unknown	Function	37 B	2023-04-11	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:49 Last Seen2025-05-11 13:29 Times Seen34560 Hash 1c5c9160600df2d96d69a4ea16cec7ed 3cf678c9135cc952ba6970ef545035bb757a443f a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808 Loading...

	unknown	Function	272 B	2024-08-21	2024-08-21
Pretty Introduced by Function Embedded in HTML false Observations First Seen2024-08-21 05:42 Last Seen2024-08-21 05:42 Times Seen1 Hash 476cb106c50d53dfa5fc1ac52a21ca95 a6911dd4917ea9f089c45ab0dd34a8dd11997665 b902105451e7f1994203df93a5e68a3fb1a1fb8c33bdc402bf251ad11637d23f Loading...

	domainbuzzle.com/1.js	ScriptElement	34 kB	2024-08-21	2024-08-21
Pretty URL domainbuzzle.com/1.js IP 154.216.175.208 ASN #139646 HONG KONG Megalayer Technology Co.,Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 05:42 Last Seen2024-08-21 05:42 Times Seen1 Hash 68efca05733a8bcdfbe3d80db1795270 25462f22a0041eb626a761237892334ab7338c3f afafe1b8b8313a0197a82d4decf77a8b47bdc075f0f1568e0f7370ce30e22e92 Loading...

	unknown	Function	79 B	2023-04-11	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38 Last Seen2025-05-11 13:14 Times Seen112476 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	domainbuzzle.com/wxcp.js?1695758471210	ScriptElement	112 B	2023-09-26	2023-09-26
Pretty URL domainbuzzle.com/wxcp.js?1695758471210 IP 154.216.175.208 ASN #139646 HONG KONG Megalayer Technology Co.,Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-26 22:01 Last Seen2023-09-26 22:01 Times Seen1 Hash a5a85333739e43b60703ef31940c8d3a f3ecb88e3fe1e52d2c0b55b8c28c2b5b34f136ae 4590d87160e907f97bb66bfc39053024587ba1979a7b23974d0b76908eb05121 Loading...

	hm.baidu.com/hm.js?f6fa4884e627ccee9e7b98f296b82d7f	ScriptElement	30 kB	2023-09-26	2023-09-26
Pretty URL hm.baidu.com/hm.js?f6fa4884e627ccee9e7b98f296b82d7f IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-26 22:01 Last Seen2023-09-26 22:01 Times Seen1 Hash 0db81a50247b19c998c91a10e7199b43 81f07c0659500cb8ca4d18e148210b84b3760d4b 26b8556352480cdba14410b9a54b7fc56f7913d6c64541fcb319f64cf968eacc Loading...

HTTP Transactions (7)

URL IP Response Size

domainbuzzle.com/

154.216.175.208

41 kB

URL
domainbuzzle.com/
IP
154.216.175.208:0
ASN
#139646 HONG KONG Megalayer Technology Co.,Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Non-ISO extended-ASCII text, with very long lines (15294), with CRLF, LF, NEL line terminators
Size
41 kB (40992 bytes)
Hash
f97c02a101c6c401bd537c3dae01b441
935549942c00f177a396c1751100ec24c32b94a1
b45684510c1ce0b1d13f3e70d9767dcced83eece6ee48ced523e3ea4276e29f4

HTTP Headers

GET / HTTP/1.1
Host: domainbuzzle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; Charset=gb2312
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDCSSRBAQB=MHFCMJOAFJIHDBJHHKLEACBD; path=/
Date: Tue, 26 Sep 2023 20:01:08 GMT
Content-Length: 40992

domainbuzzle.com/fsanvirginia.com/siezuka.com

154.216.175.208

200 OK

76 B

URL User Request GET HTTP/1.1
domainbuzzle.com/fsanvirginia.com/siezuka.com
IP
154.216.175.208:80
ASN
#139646 HONG KONG Megalayer Technology Co.,Limited

File type
HTML document, ASCII text, with CRLF line terminators
Size
76 B (76 bytes)
Hash
33baa96f8994d86597479473b9d25fe0
0bde3197267c798ced4e231e256b52abec278807
4176692b2c63314af39605c4aca4bc8f5b363d828b3c1a70aea9cdd47bd1b585

HTTP Headers

GET /fsanvirginia.com/siezuka.com HTTP/1.1
Host: domainbuzzle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; Charset=gb2312
Server: Microsoft-IIS/10.0
Set-Cookie: ASPSESSIONIDCSSRBAQB=EIFCMJOAMCEEEFAJMODFMLCG; path=/
Date: Tue, 26 Sep 2023 20:01:09 GMT
Content-Length: 76

domainbuzzle.com/1.js

154.216.175.208

200 OK

15 kB

URL GET HTTP/1.1
domainbuzzle.com/1.js
IP
154.216.175.208:80
ASN
#139646 HONG KONG Megalayer Technology Co.,Limited

Requested by
http://domainbuzzle.com/fsanvirginia.com/siezuka.com

File type
data
Size
15 kB (14865 bytes)
Hash
a7e588c4c57b0565bab7e77c666893d2
a5c9bd94c040c6c2bb93b69fb4fc7a272bd6ddf7
272f87f4ffed19638b761367bda1197e67a391c86bca2227d4791645431447d9

Detections

NIDS	Severity	Alert
suricata	high	ET HUNTING Possible Obfuscator io JavaScript Obfuscation

HTTP Headers

GET /1.js HTTP/1.1
Host: domainbuzzle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://domainbuzzle.com/fsanvirginia.com/siezuka.com
Cookie: ASPSESSIONIDCSSRBAQB=EIFCMJOAMCEEEFAJMODFMLCG
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 17 Sep 2023 13:29:26 GMT
Accept-Ranges: bytes
ETag: "0bf57fa6ae9d91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Tue, 26 Sep 2023 20:01:09 GMT
Content-Length: 14865

domainbuzzle.com/wxcp.js?1695758471210

154.216.175.208

200 OK

112 B

URL GET HTTP/1.1
domainbuzzle.com/wxcp.js?1695758471210
IP
154.216.175.208:80
ASN
#139646 HONG KONG Megalayer Technology Co.,Limited

Requested by
http://domainbuzzle.com/fsanvirginia.com/siezuka.com

File type
ASCII text, with no line terminators
Size
112 B (112 bytes)
Hash
a5a85333739e43b60703ef31940c8d3a
f3ecb88e3fe1e52d2c0b55b8c28c2b5b34f136ae
4590d87160e907f97bb66bfc39053024587ba1979a7b23974d0b76908eb05121

HTTP Headers

GET /wxcp.js?1695758471210 HTTP/1.1
Host: domainbuzzle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://domainbuzzle.com/fsanvirginia.com/siezuka.com
Cookie: ASPSESSIONIDCSSRBAQB=EIFCMJOAMCEEEFAJMODFMLCG
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript
Last-Modified: Wed, 30 Aug 2023 13:52:30 GMT
Accept-Ranges: bytes
ETag: "61994d3849dbd91:0"
Server: Microsoft-IIS/10.0
Date: Tue, 26 Sep 2023 20:01:10 GMT
Content-Length: 112

domainbuzzle.com/favicon.ico

154.216.175.208

200 OK

17 kB

URL GET HTTP/1.1
domainbuzzle.com/favicon.ico
IP
154.216.175.208:80
ASN
#139646 HONG KONG Megalayer Technology Co.,Limited

Requested by
http://domainbuzzle.com/fsanvirginia.com/siezuka.com

File type
MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel\012- data
Size
17 kB (16958 bytes)
Hash
3fe61a8fa8917afea1591f182325e8bc
6b653158dbf9b94d31a88783904d14f9b123d170
24b736bb72876addbe764e173b1e3e81cb21ae619638c751e4d83bf8f95ecf77

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: domainbuzzle.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://domainbuzzle.com/fsanvirginia.com/siezuka.com
Cookie: ASPSESSIONIDCSSRBAQB=EIFCMJOAMCEEEFAJMODFMLCG
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/x-icon
Last-Modified: Fri, 10 Jul 2020 12:54:51 GMT
Accept-Ranges: bytes
ETag: "155f304db956d61:0"
Server: Microsoft-IIS/10.0
Date: Tue, 26 Sep 2023 20:01:10 GMT
Content-Length: 16958

hm.baidu.com/hm.js?f6fa4884e627ccee9e7b98f296b82d7f

103.235.46.191

200 OK

11 kB

URL GET HTTP/1.1
hm.baidu.com/hm.js?f6fa4884e627ccee9e7b98f296b82d7f
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://domainbuzzle.com/fsanvirginia.com/siezuka.com
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
ASCII text, with very long lines (617)
Size
11 kB (11255 bytes)
Hash
0db81a50247b19c998c91a10e7199b43
81f07c0659500cb8ca4d18e148210b84b3760d4b
26b8556352480cdba14410b9a54b7fc56f7913d6c64541fcb319f64cf968eacc

HTTP Headers

GET /hm.js?f6fa4884e627ccee9e7b98f296b82d7f HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://domainbuzzle.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11255
Content-Type: application/javascript
Date: Tue, 26 Sep 2023 20:01:12 GMT
Etag: 686dfbf6f34ff36d3464dafd31d56570
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=AE54374966960B52; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=452019060&si=f6fa4884e627ccee9e7b98f296b82d7f&v=1.3.0&lv=1&sn=40348&r=0&ww=1280&u=http%3A%2F%2Fdomainbuzzle.com%2Ffsanvirginia.com%2Fsiezuka.com

103.235.46.191

200 OK

43 B

URL GET HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=452019060&si=f6fa4884e627ccee9e7b98f296b82d7f&v=1.3.0&lv=1&sn=40348&r=0&ww=1280&u=http%3A%2F%2Fdomainbuzzle.com%2Ffsanvirginia.com%2Fsiezuka.com
IP
103.235.46.191:443
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

Requested by
http://domainbuzzle.com/fsanvirginia.com/siezuka.com
Certificate
IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=452019060&si=f6fa4884e627ccee9e7b98f296b82d7f&v=1.3.0&lv=1&sn=40348&r=0&ww=1280&u=http%3A%2F%2Fdomainbuzzle.com%2Ffsanvirginia.com%2Fsiezuka.com HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://domainbuzzle.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 26 Sep 2023 20:01:12 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=E4A990067F99B69C; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (7)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size