Report - op.buuda.xyz/

Report Overview

Submitted URL
op.buuda.xyz/
IP
172.245.112.197
ASN
#36352 AS-COLOCROSSING
Submitted
2024-05-07 07:01:25
Access
public
Website Title
Projekt Budda
Final URL
op.buuda.xyz/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
20

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	482 B	1.9 kB	142.250.74.74
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-07	3.7 kB	359 kB	216.58.207.227
op.buuda.xyz	unknown	unknown	No data	No data	3.4 kB	561 kB	172.245.112.197
getyourapi.site	unknown	2021-03-05	2021-03-05	2024-02-06	471 B	702 B	3.122.218.248
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-06	2.3 kB	157 kB	104.17.24.14

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	getyourapi.site	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-07	medium	buuda.xyz	Sinkholed
2024-05-07	medium	buuda.xyz	Sinkholed
2024-05-07	medium	buuda.xyz	Sinkholed
2024-05-07	medium	getyourapi.site	Sinkholed
2024-05-07	medium	buuda.xyz	Sinkholed
2024-05-07	medium	buuda.xyz	Sinkholed
2024-05-07	medium	buuda.xyz	Sinkholed
2024-05-07	medium	buuda.xyz	Sinkholed
2024-05-07	medium	buuda.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	op.buuda.xyz/js/modal.js	1.6 kB	2024-02-16	2024-05-09
Pretty URL op.buuda.xyz/js/modal.js IP 172.245.112.197 ASN #36352 AS-COLOCROSSING Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-16 12:44:51 Last Seen2024-05-09 11:03:44 Times Seen7 Hash 6934d51ec28a6ffb018a376539a3da18 5ba036e3a24b1dfd7d2bccc945196d21433c1c84 ad2552cebfdc45c6e916cfd3ff71d635f764416e9fd77198df09e4772b527a8b Loading...

	cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/utils.min.js	249 kB	2024-03-04	2024-05-16
Pretty URL cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/utils.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-04 04:06:08 Last Seen2024-05-16 19:00:42 Times Seen63 Hash b34007e0189bdb6d937004b2d35dc0d8 4836255d80bf984e066263a2bffaa1467cfc4cb5 b35c83e4dc3713230edfbda43508fb2fb92d8e07c4189f19d201ba199ef810a2 Loading...

	op.buuda.xyz/	569 B	2024-05-07	2024-05-07
Pretty URL op.buuda.xyz/ IP 172.245.112.197 ASN #36352 AS-COLOCROSSING Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 09:01:33 Last Seen2024-05-07 09:01:33 Times Seen1 Hash 6cb1e0cd5ff52a748c68031dc46fb53f fa59d91598bdfd62e00847cedeca0d4b197f0397 daafcdd219bc2d0f8afd9afbdc811261e426fea04c7c479520c9e9b84e064156 Loading...

	cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-05-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-05-19 16:37:29 Times Seen275109 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	op.buuda.xyz/js/main.js	3.4 kB	2024-02-16	2024-05-07
Pretty URL op.buuda.xyz/js/main.js IP 172.245.112.197 ASN #36352 AS-COLOCROSSING Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-16 12:44:51 Last Seen2024-05-07 09:01:33 Times Seen5 Hash c06c7e64e8ae169e378f6b408ea8ff43 7793dc193e3a45f541346d3852aa4b60a7f93038 b25b6e41163036e90088dda08d6cc098e52cdbf6c4c1fa906735eb52568fec40 Loading...

	cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/intlTelInput.min.js	31 kB	2024-03-04	2024-05-16
Pretty URL cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/intlTelInput.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-04 04:06:08 Last Seen2024-05-16 19:00:41 Times Seen70 Hash ddc9d20a5dc24ff745358bba80eea1f3 c569c6d9f50923de1753da1f2c090132fa455f55 54bc983ea406933001939caacb25ec98a9f633b8f2d54aa5ca3180948d6fe389 Loading...

	op.buuda.xyz/	24 kB	2024-04-18	2024-05-07
Pretty URL op.buuda.xyz/ IP 172.245.112.197 ASN #36352 AS-COLOCROSSING Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 11:58:29 Last Seen2024-05-07 09:01:33 Times Seen4 Hash 59a5e240e6dc8a6ae395cd85acd6a421 bd3ece79ebeafe378d84fdcb542e1c5d54979acd 74c9c5b72bc7bf47944ca9a0c0252473f2bda2eed40e69e03f7ec39401800dc7 Loading...

HTTP Transactions (22)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

104.17.24.14

200 OK

28 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://op.buuda.xyz/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
28 kB (27938 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://op.buuda.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 07:01:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 562960
expires: Sun, 27 Apr 2025 07:01:00 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i9FcCFJRiX8TIsSoxwyJIG1ISssgZEzHioLyOQe3Yi5YIVlI2kioLVdZGCYLhR8IS4ymRQHzgMDiT2bc765Ca6IvfOVyT5JEu2Mnl3ChsXHEmonBtIfE%2BanamZfRhyHQLcEdCaLF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87ff56158c950afa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/css/intlTelInput.css

104.17.24.14

200 OK

2.1 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/css/intlTelInput.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://op.buuda.xyz/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text
Size
2.1 kB (2139 bytes)
Hash
582a1f76889553869a19d492c7728242
7d0ac85f92401984088d1c79d2a8d91b00e16a8a
c9ae063d7bf400c91d4056a69889903b54205f2efd6cb224d6041eca58b92cca

HTTP Headers

GET /ajax/libs/intl-tel-input/18.5.0/css/intlTelInput.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://op.buuda.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 07:01:00 GMT
content-type: text/css; charset=utf-8
content-length: 2139
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "65a3eb4d-85b"
last-modified: Sun, 14 Jan 2024 14:10:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 466093
expires: Sun, 27 Apr 2025 07:01:00 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tGvHKkohFHL6%2FjHPx3uKCw9pOz7FJXXjb9RGPcwzNISHbmqQYR1LhxzZ5Y%2B2Gdwcap9dy7cokwI39Eg%2FibO1ov6ismDfJUPbORv6uYuiJyGiPqqDhiBJRNSuCPkjg80Q2fZN%2FBcC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87ff56158ca30afa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/intlTelInput.min.js

104.17.24.14

200 OK

8.8 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/intlTelInput.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://op.buuda.xyz/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (27324)
Size
8.8 kB (8765 bytes)
Hash
ddc9d20a5dc24ff745358bba80eea1f3
c569c6d9f50923de1753da1f2c090132fa455f55
54bc983ea406933001939caacb25ec98a9f633b8f2d54aa5ca3180948d6fe389

HTTP Headers

GET /ajax/libs/intl-tel-input/18.5.0/js/intlTelInput.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://op.buuda.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 07:01:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 8765
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "65a3eb4d-223d"
last-modified: Sun, 14 Jan 2024 14:10:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 566696
expires: Sun, 27 Apr 2025 07:01:00 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V2WypCaKLM5ITyT8DOaRH5KXTmbr7ZSZ%2B%2BR%2FkqAj8qKvbEU7rckcEOFumtNZVTNQa9zToMPI8tTx0FRz42ku%2Bwgcvx2HYqOCAFSJ5h6GxpyEoYQIi4jRHt%2FZK26PK9L0166j265h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87ff56158ca60afa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Inter:wght@400;500;700;800&family=Jost:wght@500;900&display=swap

142.250.74.74

200 OK

1.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Inter:wght@400;500;700;800&family=Jost:wght@500;900&display=swap
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://op.buuda.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.3 kB (1267 bytes)
Hash
c16eb2681cef54c115db548f6b2a1ce1
9f4b89ebeba947a4a450cf1844d0f1df461fb5ad
49141dbc7e4bbb90489d278f1fa57e44782d73b8cf1bee01bee11a2d9efbc238

HTTP Headers

GET /css2?family=Inter:wght@400;500;700;800&family=Jost:wght@500;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://op.buuda.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 07 May 2024 07:01:00 GMT
date: Tue, 07 May 2024 07:01:00 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/jost/v15/92zatBhPNqw73oTd4g.woff2

216.58.207.227

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/jost/v15/92zatBhPNqw73oTd4g.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://op.buuda.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26620, version 1.0
Size
27 kB (26620 bytes)
Hash
8851189b303b4d03a80b8243a4fac433
2a04886958dd3f8fc11562db9b3281699475aad3
1e3ceb99e33b0f3d149b7d617b24a487d07fe7595aa24d04a7f45a0312b0654c

HTTP Headers

GET /s/jost/v15/92zatBhPNqw73oTd4g.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://op.buuda.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 18:17:38 GMT
expires: Fri, 02 May 2025 18:17:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:39:33 GMT
content-type: font/woff2
age: 391402
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

216.58.207.227

200 OK

47 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://op.buuda.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Size
47 kB (46704 bytes)
Hash
30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://op.buuda.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 10:54:17 GMT
expires: Tue, 06 May 2025 10:54:17 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 72403
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

op.buuda.xyz/js/main.js

172.245.112.197

200 OK

81 kB

URL GET HTTP/2
op.buuda.xyz/js/main.js
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Requested by
https://op.buuda.xyz/
Certificate
IssuerLet's Encrypt
Subjectop.buuda.xyz
Fingerprint00:7E:F3:74:C1:DA:7F:FA:63:B5:0A:B6:81:B6:2F:CA:09:2E:49:D4
ValiditySat, 23 Mar 2024 16:33:14 GMT - Fri, 21 Jun 2024 16:33:13 GMT

File type
gzip compressed data, from Unix
Size
81 kB (81013 bytes)
Hash
3fa1bb76a45c7765be09bc251524de6d
5b7beb3496baac84eb476df09354a5d353835399
91e44e084e91616f3b7b86c6e307316052089c6b45011caa5d2dc999c07bfb0a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/main.js HTTP/1.1
Host: op.buuda.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://op.buuda.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Tue, 07 May 2024 07:01:00 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

216.58.207.227

200 OK

47 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://op.buuda.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Size
47 kB (46704 bytes)
Hash
30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://op.buuda.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 10:54:17 GMT
expires: Tue, 06 May 2025 10:54:17 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 72403
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

op.buuda.xyz/css/style.css

172.245.112.197

200 OK

82 kB

URL GET HTTP/2
op.buuda.xyz/css/style.css
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Requested by
https://op.buuda.xyz/
Certificate
IssuerLet's Encrypt
Subjectop.buuda.xyz
Fingerprint00:7E:F3:74:C1:DA:7F:FA:63:B5:0A:B6:81:B6:2F:CA:09:2E:49:D4
ValiditySat, 23 Mar 2024 16:33:14 GMT - Fri, 21 Jun 2024 16:33:13 GMT

File type
gzip compressed data, from Unix
Size
82 kB (81848 bytes)
Hash
f291f9178e2b8b82615ff591aaad3764
0f3b99d6eb87debcd00fe563108cfc946b6fa98d
d6b661a439edb1df2a5292221601dea5f9251f319a701af9319ef8e002de15d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style.css HTTP/1.1
Host: op.buuda.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://op.buuda.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Tue, 07 May 2024 07:01:00 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2

216.58.207.227

200 OK

80 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://op.buuda.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 79940, version 1.0
Size
80 kB (79940 bytes)
Hash
26859342514946edd3e8dceb17f55c92
34ee9d842c0d0e46325ae608fcd75929e7b27269
a2bfd9fe607d28fd07b05046e622818b8b5b94a358d53853a0d3f03e597cdc71

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://op.buuda.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 79940
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 22:08:44 GMT
expires: Fri, 02 May 2025 22:08:44 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:22:52 GMT
content-type: font/woff2
age: 377536
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

op.buuda.xyz/js/modal.js

172.245.112.197

200 OK

48 kB

URL GET HTTP/2
op.buuda.xyz/js/modal.js
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Requested by
https://op.buuda.xyz/
Certificate
IssuerLet's Encrypt
Subjectop.buuda.xyz
Fingerprint00:7E:F3:74:C1:DA:7F:FA:63:B5:0A:B6:81:B6:2F:CA:09:2E:49:D4
ValiditySat, 23 Mar 2024 16:33:14 GMT - Fri, 21 Jun 2024 16:33:13 GMT

File type
gzip compressed data, from Unix
Size
48 kB (47468 bytes)
Hash
7e22dadfd699b94ff60dc849d4925f94
17a3436d24a5f32f344e0b49322ae63e2d390e13
7151ee2cb5109fa36ea3e765918e2bf3bdfea9d5fdd28be4f2781f754178779f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/modal.js HTTP/1.1
Host: op.buuda.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://op.buuda.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Tue, 07 May 2024 07:01:00 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2

216.58.207.227

200 OK

80 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://op.buuda.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 79940, version 1.0
Size
80 kB (79940 bytes)
Hash
26859342514946edd3e8dceb17f55c92
34ee9d842c0d0e46325ae608fcd75929e7b27269
a2bfd9fe607d28fd07b05046e622818b8b5b94a358d53853a0d3f03e597cdc71

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7SUc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://op.buuda.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 79940
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 22:08:44 GMT
expires: Fri, 02 May 2025 22:08:44 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:22:52 GMT
content-type: font/woff2
age: 377536
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

216.58.207.227

200 OK

47 kB

URL GET HTTP/2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://op.buuda.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Size
47 kB (46704 bytes)
Hash
30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

HTTP Headers

GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://op.buuda.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 May 2024 10:54:17 GMT
expires: Tue, 06 May 2025 10:54:17 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
age: 72404
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/jost/v15/92zatBhPNqw73oTd4g.woff2

216.58.207.227

200 OK

27 kB

URL GET HTTP/2
fonts.gstatic.com/s/jost/v15/92zatBhPNqw73oTd4g.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://op.buuda.xyz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26620, version 1.0
Size
27 kB (26620 bytes)
Hash
8851189b303b4d03a80b8243a4fac433
2a04886958dd3f8fc11562db9b3281699475aad3
1e3ceb99e33b0f3d149b7d617b24a487d07fe7595aa24d04a7f45a0312b0654c

HTTP Headers

GET /s/jost/v15/92zatBhPNqw73oTd4g.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://op.buuda.xyz
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 26620
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 18:17:38 GMT
expires: Fri, 02 May 2025 18:17:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:39:33 GMT
content-type: font/woff2
age: 391403
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

getyourapi.site/api/geolocation

3.122.218.248

200 OK

107 B

URL GET HTTP/2
getyourapi.site/api/geolocation
IP
3.122.218.248:443
ASN
#16509 AMAZON-02

Requested by
https://op.buuda.xyz/
Certificate
IssuerLet's Encrypt
Subjectgetyourapi.site
Fingerprint5E:24:43:8B:8E:E3:57:4A:19:01:E0:C3:8C:45:B8:23:F5:E0:AD:F6
ValidityFri, 08 Mar 2024 09:11:52 GMT - Thu, 06 Jun 2024 09:11:51 GMT

File type
JSON text data
Size
107 B (107 bytes)
Hash
196ae9d75b3b48187796b56466008bdb
b76f0883cd023711c45f6f54b8e2eeeb19179718
6f0b827bf18c093069d5b91458b89408c601c22a6c75139e3dc5fcf030ad2163

Detections

Analyzer	Verdict	Alert
mnemonic secure dns	malicious	Sinkholed
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/geolocation HTTP/1.1
Host: getyourapi.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://op.buuda.xyz
DNT: 1
Connection: keep-alive
Referer: https://op.buuda.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 07 May 2024 07:01:01 GMT
content-type: application/json; charset=utf-8
content-length: 107
x-powered-by: Express
access-control-allow-origin: https://op.buuda.xyz
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization
access-control-expose-headers: content-type, authorization, x-request-id
x-request-id: 917b20cb-aed1-4770-af3a-616ed06124a5
etag: W/"6b-t28Ig80CNxHEX29UuOLu6xkXlxg"
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/img/flags.png?1

104.17.24.14

67 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/img/flags.png?1
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

Requested by
https://op.buuda.xyz/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
PNG image data, 5762 x 15, 8-bit/color RGBA, non-interlaced
Size
67 kB (67119 bytes)
Hash
8ec9f8e2915d6bf684abf7629a1b3df0
00e80b4f1321a71de50ade6eaea01eb1713c5ce3
3af394920236bdcab19b5514b8f67e06b194e29017368d6a9d83d598947f203b

HTTP Headers

GET /ajax/libs/intl-tel-input/18.5.0/img/flags.png?1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/css/intlTelInput.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 07:01:01 GMT
content-type: image/png; charset=utf-8
content-length: 67119
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "65a3eb4d-1062f"
last-modified: Sun, 14 Jan 2024 14:10:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 567796
expires: Sun, 27 Apr 2025 07:01:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MAzDTjKPv%2BURRtHY5bd4pKQO0pmwx8swiMlQYtvOkT7qt66MBuEzlbdZqPPXl4hvFF9B2GP7JSUNnBSrSUP711UgUMTsPlqJGETf7mzVxN3NrJYROITQeoy4cRhEJdoxjvXVelKG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87ff561b3ff45691-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/utils.min.js

104.17.24.14

200 OK

46 kB

URL GET HTTP/3
cdnjs.cloudflare.com/ajax/libs/intl-tel-input/18.5.0/js/utils.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://op.buuda.xyz/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
46 kB (46045 bytes)
Hash
b34007e0189bdb6d937004b2d35dc0d8
4836255d80bf984e066263a2bffaa1467cfc4cb5
b35c83e4dc3713230edfbda43508fb2fb92d8e07c4189f19d201ba199ef810a2

HTTP Headers

GET /ajax/libs/intl-tel-input/18.5.0/js/utils.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://op.buuda.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 07 May 2024 07:01:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 46045
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "65a3eb4d-b3dd"
last-modified: Sun, 14 Jan 2024 14:10:21 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 559226
expires: Sun, 27 Apr 2025 07:01:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BN2art33Q%2BTDhrreGDVwvFUySHHc9o73igdilpvbKlGy%2FqMdRRT7fbWTLZ9V3Tx%2F7JnPlNCS50xdm8Kya1PABqdbReY4HK9HN4UDk953rcS19P2vsPi84o%2Fqug1PTzZAT9GD71VQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 87ff561b3ffc5691-OSL
alt-svc: h3=":443"; ma=86400

op.buuda.xyz/favicon.ico

172.245.112.197

200 OK

9.8 kB

URL GET HTTP/2
op.buuda.xyz/favicon.ico
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Requested by
https://op.buuda.xyz/
Certificate
IssuerLet's Encrypt
Subjectop.buuda.xyz
Fingerprint00:7E:F3:74:C1:DA:7F:FA:63:B5:0A:B6:81:B6:2F:CA:09:2E:49:D4
ValiditySat, 23 Mar 2024 16:33:14 GMT - Fri, 21 Jun 2024 16:33:13 GMT

File type
gzip compressed data, from Unix
Size
9.8 kB (9812 bytes)
Hash
080d72fc2c38907fae47955a5ddb05b2
e7264b3c671d57ecfb7460ab168ee186e357b9cb
e123676185101a8574a2a37acc0c9d924731392893bec542f6059ca92cd12be1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: op.buuda.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://op.buuda.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: openresty
date: Tue, 07 May 2024 07:01:01 GMT
content-type: image/x-icon
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

op.buuda.xyz/img/1.jpg

172.245.112.197

200 OK

121 kB

URL GET HTTP/2
op.buuda.xyz/img/1.jpg
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Requested by
https://op.buuda.xyz/
Certificate
IssuerLet's Encrypt
Subjectop.buuda.xyz
Fingerprint00:7E:F3:74:C1:DA:7F:FA:63:B5:0A:B6:81:B6:2F:CA:09:2E:49:D4
ValiditySat, 23 Mar 2024 16:33:14 GMT - Fri, 21 Jun 2024 16:33:13 GMT

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 960x250, components 3
Size
121 kB (120652 bytes)
Hash
95999167f875f5b1fca7ea5caf5f15a4
7b1f26bb1e3761605dc22b0fd938a6e5ace58934
4140c1621aa8d82f5c6d1eb3266b72adc7db86f2e14401d9844211b41f4f2e7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/1.jpg HTTP/1.1
Host: op.buuda.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://op.buuda.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 07 May 2024 07:01:00 GMT
content-type: image/jpeg
vary: Accept-Encoding
X-Firefox-Spdy: h2

op.buuda.xyz/

172.245.112.197

200 OK

107 kB

URL User Request GET HTTP/2
op.buuda.xyz/
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Certificate
IssuerLet's Encrypt
Subjectop.buuda.xyz
Fingerprint00:7E:F3:74:C1:DA:7F:FA:63:B5:0A:B6:81:B6:2F:CA:09:2E:49:D4
ValiditySat, 23 Mar 2024 16:33:14 GMT - Fri, 21 Jun 2024 16:33:13 GMT

File type

Size
107 kB (106641 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: op.buuda.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 07 May 2024 07:00:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

op.buuda.xyz/css/form.css

172.245.112.197

200 OK

5.4 kB

URL GET HTTP/2
op.buuda.xyz/css/form.css
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Requested by
https://op.buuda.xyz/
Certificate
IssuerLet's Encrypt
Subjectop.buuda.xyz
Fingerprint00:7E:F3:74:C1:DA:7F:FA:63:B5:0A:B6:81:B6:2F:CA:09:2E:49:D4
ValiditySat, 23 Mar 2024 16:33:14 GMT - Fri, 21 Jun 2024 16:33:13 GMT

File type
ASCII text, with very long lines (5948), with no line terminators
Size
5.4 kB (5406 bytes)
Hash
69ac8cd7806e92d5ca6503371f399f87
7868f777ca2315ab78b7358e985a4cd579f4c3a4
53a087927c793748a3eb251c040e69c4b81870bb37e3aee80d5d12b9f3ceae61

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/form.css HTTP/1.1
Host: op.buuda.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://op.buuda.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 07 May 2024 07:01:00 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

op.buuda.xyz/img/2.jpg

172.245.112.197

200 OK

107 kB

URL GET HTTP/2
op.buuda.xyz/img/2.jpg
IP
172.245.112.197:443
ASN
#36352 AS-COLOCROSSING

Requested by
https://op.buuda.xyz/
Certificate
IssuerLet's Encrypt
Subjectop.buuda.xyz
Fingerprint00:7E:F3:74:C1:DA:7F:FA:63:B5:0A:B6:81:B6:2F:CA:09:2E:49:D4
ValiditySat, 23 Mar 2024 16:33:14 GMT - Fri, 21 Jun 2024 16:33:13 GMT

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 360x388, components 3
Size
107 kB (106929 bytes)
Hash
a36d3a52481762ac525994b55c2b07c9
73af687a72a73c1252b9739bbb83280419f90419
8e84417e03cc433cee17fb9f174cb60a066afd80ace76dfd4d3226edd4ed51b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/2.jpg HTTP/1.1
Host: op.buuda.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://op.buuda.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: openresty
date: Tue, 07 May 2024 07:01:00 GMT
content-type: image/jpeg
vary: Accept-Encoding
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (22)

URL GET HTTP/2

IP

ASN

Requested by