0/100

low Risk

cinex.buzz

https://cinex.buzz

176.97.114.67

Location

Kyiv, Ukraine

Domain Age

37 days

HTTP

200 · 49.5s

SSL

Valid· R13, Let's Encrypt, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Streaming — Films, Séries & Animés — Cinex"

Save

Linked Phishing Report

This scan is attached to a vendor submission report

Brand

Cinex (cinex.buzz)

Vendors

29/31

Status

partial

✓ isitphish✓ urlquery✓ urlscan✓ cisa✓ emsisoft✓ openphish✓ sophos✓ chainpatrol✓ avg✓ spamhaus✓ eset✓ bitdefender✓ yandex✓ polyswarm✓ microsoft✓ avast✓ brightcloud✗ norton✗ threatyeti✓ kaspersky✓ netcraft✓ apple✓ phishreport✓ apwg✓ virustotal✓ phishtank✓ urlabuse✓ drweb✓ mcafee✓ google✓ fortiguard

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

Cinex (cinex.buzz)

Unknown

entertainment | technology · 6/3/2026

Summary

The page presents Cinex branding and a streaming-focused UI, but the domain cinex.buzz is recently registered (37 days) with a .buzz TLD and a Let's Encrypt SSL certificate. Visuals and page title align to Cinex, yet the domain is not the official Cinex brand domain, suggesting potential impersonation risk. Network and SPA characteristics indicate credential-sourcing behavior may be present in dynamic JS, and several analytics endpoints are invoked; the combination of brand-aligned visuals on a new, non-official domain warrants abuse caution and further verification.

Evidence Summary

▸Observed 3 capture stage(s); canonical stage is late_render_3s.

▸POST targets observed during capture: https://region1.google-analytics.com/g/collect?v=2&tid=G-1Z9W338EZE&gtm=45je65k1h1v9250045688za200zd9250045688&_p=1779569000284&gcd=13l3l3l2l1l1&npa=1&dma_cps=a&dma=1&are=1&cid=1432396587.1779569002&frm=0&pscdl=noapi&rcb=1&sr=1280x720&uaa=x86&uab=64&uafvl=Not%253AA-Brand%3B99.0.0.0%7CHeadlessChrome%3B145.0.7632.6%7CChromium%3B145.0.7632.6&uam=&uamb=0&uap=Windows&uapv=10.0&uaw=0&ul=en-us&_s=1&tag_exp=0~115938465~115938469~118689382&sid=1779569002&sct=1&seg=0&dl=https%3A%2F%2Fcinex.buzz%2F&dt=Cinex%20%E2%80%94%20Streaming%20Films%2C%20S%C3%A9ries%20%26%20Anim%C3%A9s&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=4239, https://region1.google-analytics.com/g/collect?v=2&tid=G-1Z9W338EZE&gtm=45je65k1h1v9250045688za200zd9250045688&_p=1779569000284&gcd=13l3l3l2l1l1&npa=1&dma_cps=a&dma=1&_eu=AEAAAAQ&ae=a&are=1&cid=1432396587.1779569002&frm=0&pscdl=noapi&rcb=1&sr=1280x720&uaa=x86&uab=64&uafvl=Not%253AA-Brand%3B99.0.0.0%7CHeadlessChrome%3B145.0.7632.6%7CChromium%3B145.0.7632.6&uam=&uamb=0&uap=Windows&uapv=10.0&uaw=0&ul=en-us&_s=2&tag_exp=0~115938465~115938469~118689382&sid=1779569002&sct=1&seg=0&dl=https%3A%2F%2Fcinex.buzz%2F&dt=Cinex%20%E2%80%94%20Streaming%20Films%2C%20S%C3%A9ries%20%26%20Anim%C3%A9s&en=scroll&epn.percent_scrolled=90&_et=6&tfd=9427.

▸Distinctive asset clues: index-DgNgq5hQ.js, js, css2, index-CaN_0qoj.css, cinextransparent-B-rwFzpY.png, qO55CD8tgVL1T4WKn6zYFFiD6lL.jpg.

Capture

Stages: 3

Canonical: Late Render (+3s)

Changed: No

Credential Signals

Forms: 0

Password fields: 0

Late-stage login UI: No

Resource Signals

Resources: 79

Hosts: 6

Domains: 6

Suspicious Endpoints

hxxps://cinex[.]buzz/api/config/announcement

hxxps://cinex[.]buzz/api/tmdb/movie/now_playing

hxxps://cinex[.]buzz/api/tmdb/discover/tv?with_genres=16&sort_by=popularity.desc&with_origin_country=JP

hxxps://cinex[.]buzz/api/featured

hxxps://cinex[.]buzz/api/tmdb/discover/movie?with_genres=28,12&sort_by=popularity.desc

hxxps://cinex[.]buzz/api/tmdb/movie/popular

Attack Techniques (3)

SPA rendering with dynamic credential capture potential (no static login form in HTML but JS bundles render forms)Brand impersonation indicators via page title/branding on a non-official domainThird-party analytics requests (Google Analytics) that may be used for traffic analysis and exfiltration via measurement endpoints

Indicators of Compromise (3)

▸Domain age 37 days; new registration with .buzz TLD (suspicious for impersonation)

▸SPA-style HTML with 0 static forms; credential UI likely rendered by JavaScript

▸SCANNER mentions suspicious endpoints under /api/config/announcement, /api/tmdb/* indicating potential data-rich app surface

Risk AssessmentUsed in abuse reports

The site uses Cinex branding on a newly registered domain cinex.buzz, which is suspicious for impersonation. While there is no static login form in the initial HTML, the SPA likely renders credential-capture UI through JavaScript, and the page loads analytics endpoints which could be used for traffic profiling or data exfiltration. The combination of first-party brand signals on a non-official domain and a short domain age supports heightened risk; monitor and verify ownership of Cinex branding. The presence of a public API surface under /api/* and external analytics activity warrants caution and further investigation by registrars and hosting providers.

Recommended Action

Monitor

Cross-Reference9

URL Intelligence