www.cash4files.com Open in urlscan Pro
104.18.32.164 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.cash4files.com/CoCaW?6t78jk743gt54yuh?
Effective URL:
http://www.cash4files.com/notfound/
Submission: On February 08 via automatic, source phishtank (February 8th 2017, 7:15:05 pm UTC)

Summary HTTP 8 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 8 HTTP transactions. The main IP is 104.18.32.164, located in San Francisco, United States and belongs to . The main domain is www.cash4files.com.

This is the only time www.cash4files.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	104.18.32.164 104.18.32.164	() ()
4	104.20.12.25 104.20.12.25	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
1	151.101.112.207 151.101.112.207	54113 (FASTLY) (FASTLY - Fastly)
1	50.31.164.174 50.31.164.174	() ()
8	4

2 104.18.32.164 (San Francisco, United States)

ASN- ()

www.cash4files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.20.12.25 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

www.linkbucks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.207 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.31.164.174 (Chicago, United States)

ASN- ()
PTR: bam-4.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	linkbucks.com www.linkbucks.com	9 KB
2	cash4files.com www.cash4files.com	4 KB
1	nr-data.net bam.nr-data.net	57 B
1	newrelic.com js-agent.newrelic.com	9 KB
8	4

	Domain	Requested by
4	www.linkbucks.com	www.cash4files.com
2	www.cash4files.com
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	www.cash4files.com
8	4

This site contains links to these domains. Also see Links.

Domain
www.linkbucks.com

Subject Issuer	Validity	Valid
*.d.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2016-12-20` - `2017-12-21`	a year	crt.sh
*.nr-data.net GeoTrust SSL CA - G3	`2016-03-17` - `2018-03-17`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://www.cash4files.com/notfound/
Frame ID: 8099.1
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

8
Requests

25 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

22 kB
Transfer

43 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.linkbucks.com/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response www.cash4files.com/notfound/ Redirect Chain http://www.cash4files.com/CoCaW?6t78jk743gt54yuh? http://www.cash4files.com/notfound/	6 KB 3 KB	90ms 89ms	Document text/html	104.18.32.164
General Check archive.org Show headers Download Go to Full URL http://www.cash4files.com/notfound/ Protocol HTTP/1.1 Server 104.18.32.164 San Francisco, United States, ASN (), Reverse DNS Software cloudflare-nginx / ASP.NET Resource Hash `4f19c5ccd19003a303b9e2d0009b4a205b72fc7c23ce6bba43981d380aea80c8` Request headers Cache-Control no-cache Cookie __cfduid=d601d70cbafe1a244ba78d9afa42aec931486581298 Pragma no-cache Accept-Encoding gzip, deflate, sdch Host www.cash4files.com Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Connection keep-alive User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Date Wed, 08 Feb 2017 19:14:58 GMT Content-Encoding gzip X-AspNet-Version 4.0.30319 Transfer-Encoding chunked Set-Cookie ASP.NET_SessionId=f4dhifltz1j0ulcf0kighkui; path=/; HttpOnly Cache-Control private Server cloudflare-nginx X-Powered-By ASP.NET Content-Type text/html; charset=utf-8 Connection keep-alive CF-RAY 32e1685c00322750-FRA Redirect headers Server cloudflare-nginx Connection keep-alive Set-Cookie __cfduid=d601d70cbafe1a244ba78d9afa42aec931486581298; expires=Thu, 08-Feb-18 19:14:58 GMT; path=/; domain=.cash4files.com; HttpOnly Content-Length 4577 Date Wed, 08 Feb 2017 19:14:58 GMT Content-Type text/plain Location /notfound/ CF-RAY 32e1685b47a42750-FRA X-Powered-By ASP.NET
GET H/1.1	200 OK	Cookie set ads.css www.linkbucks.com/tmpl/mint/css/	4 KB 1012 B	18ms 12ms	Stylesheet text/css	104.20.12.25 CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.linkbucks.com/tmpl/mint/css/ads.css Requested by Host: www.cash4files.com URL: http://www.cash4files.com/notfound/ Protocol HTTP/1.1 Server 104.20.12.25 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / ASP.NET Resource Hash `a31e860ba7dc44e345739f1cd5365d23131ada121260a248f64973430293cc0c` Request headers Referer http://www.cash4files.com/notfound/ Connection keep-alive Cache-Control no-cache Pragma no-cache Host www.linkbucks.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept text/css,/;q=0.1 Accept-Encoding gzip, deflate, sdch Accept-Language en-US,en;q=0.8 Referer http://www.cash4files.com/notfound/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Transfer-Encoding chunked Set-Cookie __cfduid=da4dd53806a76f8a9f6c2ad6ecde160cb1486581298; expires=Thu, 08-Feb-18 19:14:58 GMT; path=/; domain=.linkbucks.com; HttpOnly Cache-Control public, max-age=14400 X-Powered-By ASP.NET Last-Modified Thu, 13 Feb 2014 20:08:02 GMT Content-Type text/css Vary Accept-Encoding CF-Cache-Status HIT Expires Wed, 08 Feb 2017 23:14:58 GMT CF-RAY 32e1685cb0982690-FRA Content-Encoding gzip ETag W/"c174d14cf728cf1:0" Server cloudflare-nginx Connection keep-alive Date Wed, 08 Feb 2017 19:14:58 GMT
GET H/1.1	200 OK	Cookie set int_logo.gif www.linkbucks.com/tmpl/mint/img/	2 KB 2 KB	21ms 15ms	Image image/gif	104.20.12.25 CloudFlare
General Check archive.org Show headers Download Go to Show image Full URL http://www.linkbucks.com/tmpl/mint/img/int_logo.gif Requested by Host: www.cash4files.com URL: http://www.cash4files.com/notfound/ Protocol HTTP/1.1 Server 104.20.12.25 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / ASP.NET Resource Hash `31fc504d1b3745b1a3da821d035002c830602894ef08173baad229484e6f1a8d` Request headers Accept-Encoding gzip, deflate, sdch Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Pragma* no-cache Host www.linkbucks.com Referer http://www.cash4files.com/notfound/ Connection keep-alive Cache-Control no-cache Referer http://www.cash4files.com/notfound/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers ETag "9490c2199edbcd1:0" Last-Modified Sun, 16 Dec 2012 15:00:34 GMT Vary Accept-Encoding Cache-Control public, max-age=14400 Connection keep-alive CF-RAY 32e1685cb199639d-FRA Date Wed, 08 Feb 2017 19:14:58 GMT CF-Cache-Status HIT Content-Length 2325 Expires Wed, 08 Feb 2017 23:14:58 GMT Server cloudflare-nginx X-Powered-By ASP.NET Content-Type image/gif Set-Cookie __cfduid=d5961c8910f14a562f667adedfda594ef1486581298; expires=Thu, 08-Feb-18 19:14:58 GMT; path=/; domain=.linkbucks.com; HttpOnly Accept-Ranges bytes
GET H/1.1	200 OK	warning.png www.linkbucks.com/tmpl/mint/img/	4 KB 4 KB	15ms 15ms	Image image/png	104.20.12.25 CloudFlare
General Check archive.org Show headers Download Go to Show image Full URL http://www.linkbucks.com/tmpl/mint/img/warning.png Requested by Host: www.cash4files.com URL: http://www.cash4files.com/notfound/ Protocol HTTP/1.1 Server 104.20.12.25 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / ASP.NET Resource Hash `6af2e63f750a5152eb310903319386fdad345dbbad3545c64d515898dce0c26a` Request headers Accept-Encoding gzip, deflate, sdch Host www.linkbucks.com Accept-Language en-US,en;q=0.8 Connection keep-alive Cache-Control no-cache Pragma no-cache User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://www.cash4files.com/notfound/ Cookie __cfduid=da4dd53806a76f8a9f6c2ad6ecde160cb1486581298 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Referer http://www.cash4files.com/notfound/ Response headers CF-Cache-Status HIT Last-Modified Sun, 16 Dec 2012 15:00:34 GMT X-Powered-By ASP.NET Content-Type image/png Cache-Control public, max-age=14400 Connection keep-alive Accept-Ranges bytes Date Wed, 08 Feb 2017 19:14:58 GMT Content-Length 4567 CF-RAY 32e1685cd0aa2690-FRA Expires Wed, 08 Feb 2017 23:14:58 GMT Server cloudflare-nginx Vary Accept-Encoding ETag "e9ec8199edbcd1:0"
GET H/1.1	200 OK	int_top_bg.gif www.linkbucks.com/tmpl/mint/img/	2 KB 2 KB	9ms 8ms	Image image/gif	104.20.12.25 CloudFlare
General Check archive.org Show headers Download Go to Show image Full URL http://www.linkbucks.com/tmpl/mint/img/int_top_bg.gif Requested by Host: www.cash4files.com URL: http://www.cash4files.com/notfound/ Protocol HTTP/1.1 Server 104.20.12.25 San Francisco, United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / ASP.NET Resource Hash `fece6413b092bd94e198639a3daf7a343284ce42257507339537126f7752dc88` Request headers Pragma no-cache Accept image/webp,image/,/;q=0.8 Referer* http://www.linkbucks.com/tmpl/mint/css/ads.css Cookie __cfduid=da4dd53806a76f8a9f6c2ad6ecde160cb1486581298 Connection keep-alive Accept-Encoding gzip, deflate, sdch Host www.linkbucks.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Cache-Control no-cache Referer http://www.linkbucks.com/tmpl/mint/css/ads.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Accept-Ranges bytes ETag "a5b7c2199edbcd1:0" Cache-Control public, max-age=14400 Vary Accept-Encoding Connection keep-alive CF-RAY 32e1685cd1b2639d-FRA Content-Length 1610 CF-Cache-Status HIT Last-Modified Sun, 16 Dec 2012 15:00:34 GMT Server cloudflare-nginx X-Powered-By ASP.NET Expires Wed, 08 Feb 2017 23:14:58 GMT Date Wed, 08 Feb 2017 19:14:58 GMT Content-Type image/gif
GET H/1.1	200 OK	nr-1016.min.js Show response js-agent.newrelic.com/	22 KB 9 KB	18ms 6ms	Script application/javascript	151.101.112.207 Fastly
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-1016.min.js Requested by Host: www.cash4files.com URL: http://www.cash4files.com/notfound/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.207 San Francisco, United States, ASN54113 (FASTLY - Fastly, US), Reverse DNS Software AmazonS3 / Resource Hash `5766d97e9b0c91a002f275667824760ef20a2ba8a8786719bb88b2efc7a44ede` Request headers Pragma no-cache Host js-agent.newrelic.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Accept / Connection keep-alive Accept-Encoding gzip, deflate, sdch, br Referer http://www.cash4files.com/notfound/ Cache-Control no-cache Referer http://www.cash4files.com/notfound/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers X-Served-By cache-hhn1548-HHN Server AmazonS3 X-Timer S1486581298.719176,VS0,VE0 Via 1.1 varnish Cache-Control public, max-age=3600 Content-Encoding gzip X-Cache HIT Connection keep-alive x-amz-id-2 SqDwoomYzDW9GAbeurmOvKfZOU/Kfr/ijudnYuyzHtHS7i/9J8PH/UHgNjRTIMApwH0+G1Csm54= Last-Modified Thu, 05 Jan 2017 18:12:05 GMT x-amz-request-id 3C561FB5380A15A9 ETag "6111dfa93beb5692edf4d7f3dfecc182" Date Wed, 08 Feb 2017 19:14:58 GMT Vary Accept-Encoding Content-Type application/javascript Accept-Ranges bytes X-Cache-Hits 88116 Content-Length 8830
GET H/1.1	200 OK	favicon.ico www.cash4files.com/	2 KB 1 KB	8ms 7ms	Other image/x-icon	104.18.32.164
General Check archive.org Show headers Download Go to Full URL http://www.cash4files.com/favicon.ico Protocol HTTP/1.1 Server 104.18.32.164 San Francisco, United States, ASN (), Reverse DNS Software cloudflare-nginx / ASP.NET Resource Hash `aa9cc1c075bb17d7072b0ef4f502153eda6ab165f1aeb218ec39bd238ed25b88` Request headers Cookie __cfduid=d601d70cbafe1a244ba78d9afa42aec931486581298; ASP.NET_SessionId=f4dhifltz1j0ulcf0kighkui Cache-Control no-cache Pragma no-cache Accept-Encoding gzip, deflate, sdch Accept image/webp,image/,/;q=0.8 Referer* http://www.cash4files.com/notfound/ Connection keep-alive Host www.cash4files.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Referer http://www.cash4files.com/notfound/ Response headers Connection keep-alive Expires Wed, 15 Feb 2017 19:14:58 GMT Date Wed, 08 Feb 2017 19:14:58 GMT CF-Cache-Status HIT Last-Modified Mon, 26 Oct 2015 11:46:34 GMT X-Powered-By ASP.NET Transfer-Encoding chunked Cache-Control public, max-age=604800 CF-RAY 32e1685ce0b12750-FRA Vary Accept-Encoding Server cloudflare-nginx Content-Encoding gzip ETag W/"5496acf6e3fd11:0" Content-Type image/x-icon
GET H/1.1	200 OK	Cookie set ee706e17f3 Show response bam.nr-data.net/1/	57 B 57 B	443ms 110ms	Script text/javascript	50.31.164.174
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/1/ee706e17f3?a=3357626&v=1016.8b58850&to=ZwQBbRYFCEFWBRZeDl5OImo0SwpbWQ0MWBVWDhZXAEoHQUce&rst=292&ref=http://www.cash4files.com/notfound/&ap=1&be=230&fe=37&dc=1&perf=%7B%22timing%22:%7B%22of%22:1486581298437,%22n%22:0,%22r%22:0,%22re%22:128,%22f%22:128,%22dn%22:128,%22dne%22:128,%22c%22:128,%22ce%22:128,%22rq%22:129,%22rp%22:218,%22rpe%22:219,%22dl%22:219,%22di%22:231,%22ds%22:231,%22de%22:232,%22dc%22:266,%22l%22:266,%22le%22:267%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&jsonp=NREUM.setToken Requested by Host: js-agent.newrelic.com URL: https://js-agent.newrelic.com/nr-1016.min.js Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 50.31.164.174 Chicago, United States, ASN (), Reverse DNS bam-4.nr-data.net Software / Resource Hash `f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23` Request headers Pragma no-cache Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Cache-Control no-cache Accept-Encoding gzip, deflate, sdch, br Host bam.nr-data.net Accept / Referer http://www.cash4files.com/notfound/ Connection keep-alive Referer http://www.cash4files.com/notfound/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 Response headers Expires Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie JSESSIONID=a4c18c28e917cf3a;Path=/;Domain=.nr-data.net;Secure Content-Length 57 Content-Type text/javascript;charset=ISO-8859-1

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.cash4files.com/	1970-01-01 00:00:00	Name: ASP.NET_SessionId Value: f4dhifltz1j0ulcf0kighkui
			.cash4files.com/	2018-02-08 19:14:58	Name: __cfduid Value: d601d70cbafe1a244ba78d9afa42aec931486581298

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam.nr-data.net
js-agent.newrelic.com
www.cash4files.com
www.linkbucks.com
104.18.32.164
104.20.12.25
151.101.112.207
50.31.164.174
31fc504d1b3745b1a3da821d035002c830602894ef08173baad229484e6f1a8d
4f19c5ccd19003a303b9e2d0009b4a205b72fc7c23ce6bba43981d380aea80c8
5766d97e9b0c91a002f275667824760ef20a2ba8a8786719bb88b2efc7a44ede
6af2e63f750a5152eb310903319386fdad345dbbad3545c64d515898dce0c26a
a31e860ba7dc44e345739f1cd5365d23131ada121260a248f64973430293cc0c
aa9cc1c075bb17d7072b0ef4f502153eda6ab165f1aeb218ec39bd238ed25b88
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
fece6413b092bd94e198639a3daf7a343284ce42257507339537126f7752dc88

www.cash4files.com Open in urlscan Pro 104.18.32.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

8 Requests

25 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

1 Countries

22 kBTransfer

43 kBSize

2 Cookies

1 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

2 Cookies

Indicators

www.cash4files.com Open in urlscan Pro
104.18.32.164 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

25 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

22 kB
Transfer

43 kB
Size

2
Cookies

8 HTTP transactions
0 data transactions