{"report_id":"792173cd-e410-42b3-b0c6-a6bcce98aa02","version":6,"status":"done","tags":[],"date":"2026-03-07T20:52:21Z","url":{"schema":"http","addr":"poopvid.com/d/9fv0hzswi11a","fqdn":"poopvid.com","domain":"poopvid.com","tld":"com"},"ip":{"addr":"104.21.75.160","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"winvidplay.com/d/9fv0hzswi11a","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"title":"Ome cewe chindo","dom":{"size":8495,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (6059)","md5":"9edbf0191a31790807eed438dfb166a5","sha1":"76012954405ad16e6f5a11b562b5319ecfe0a270","sha256":"e773d402cdbef2b6a00937e1404d83aa6da1cc3d5b05878dd4e9fa1284cae940","sha512":"84cf21c4d5617e7b0e734cc2ec1c79a0b8449c9496f3401d6e906ac587e2befb782dfe8a019d77043870bca858fcf45fae20213d0895a8dc46d605b07452608b","ssdeep":"96:K8jzJGRcf/ly5il08pHL/M7isTFFvDzvGBRd/JEl/yd/r/gj:K8jzJv/lQ8RaFlfGt/mlM/r/gj","tlshash":"5d02b97125701058fdf790a13db259ca3550fb0ba26312d3f6ad6ad2cb86d996c250dc","dom_hash":"domhashc32e55ff9e8bff221a12152e4a7eb4be","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"poopvid.com/d/9fv0hzswi11a","fqdn":"poopvid.com","domain":"poopvid.com","tld":"com"},"ip":{"addr":"104.21.75.160","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-11T20:52:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":6}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-07T20:51:58Z","timestamp":1772916718,"ip_dst":{"addr":"108.157.229.11","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":33494,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed FingerprintJS Domain (openfpcdn .io in TLS SNI)","source":"{\"timestamp\":\"2026-03-07T20:51:58.180288+0000\",\"flow_id\":665408813030104,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.34\",\"src_port\":33494,\"dest_ip\":\"108.157.229.11\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2049251,\"rev\":1,\"signature\":\"ET INFO Observed FingerprintJS Domain (openfpcdn .io in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_11_17\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_11_17\"]}},\"tls\":{\"sni\":\"openfpcdn.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":4622,\"start\":\"2026-03-07T20:51:58.154328+0000\"}}"}],"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"winvidplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"875ba27c4b.12f929026a.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"65a86a933f.2601e2d1ea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"gq.evangelcycasin.com","ip":{"addr":"23.109.253.230","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2026-01-12","domain_rank":0,"first_seen":"2026-01-25T08:49:32.920378Z","last_seen":"2026-03-04T20:00:51.424465Z","alert_count":0,"request_count":1,"received_data":1414,"sent_data":432,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"nereserv.com","ip":{"addr":"116.202.204.105","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2020-12-21","domain_rank":17097,"first_seen":"2020-12-21T11:07:56Z","last_seen":"2026-03-06T02:47:45.090592Z","alert_count":8,"request_count":4,"received_data":1288,"sent_data":2326,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-03-01T22:20:53.525798Z","alert_count":0,"request_count":1,"received_data":458029,"sent_data":435,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"65a86a933f.2601e2d1ea.com","ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2026-02-05","domain_rank":0,"first_seen":"2026-03-07T00:27:22.220267Z","last_seen":"2026-03-07T00:27:22.220267Z","alert_count":5,"request_count":5,"received_data":1130130,"sent_data":2338,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"vidoy.com","ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"domain_registered":"2012-03-14","domain_rank":0,"first_seen":"2025-10-29T10:52:39.448577Z","last_seen":"2026-03-03T03:03:48.747848Z","alert_count":0,"request_count":1,"received_data":1549,"sent_data":446,"comment":"","tags":null,"fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]},{"fqdn":"poopvid.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-05-18","domain_rank":0,"first_seen":"2025-07-01T20:23:15.290202Z","last_seen":"2026-03-07T11:37:47.660651Z","alert_count":0,"request_count":1,"received_data":16442,"sent_data":494,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"enrtx.com","ip":{"addr":"94.130.197.239","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2024-10-07","domain_rank":18023,"first_seen":"2024-11-04T09:19:58Z","last_seen":"2026-03-01T07:37:47.76531Z","alert_count":0,"request_count":1,"received_data":4843,"sent_data":492,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"accounts.google.com","ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":103,"first_seen":"2012-05-23T06:57:57Z","last_seen":"2026-03-02T00:29:11.783321Z","alert_count":0,"request_count":3,"received_data":6911,"sent_data":1784,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"notification.tubecup.net","ip":{"addr":"94.130.197.136","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2008-09-26","domain_rank":250980,"first_seen":"2018-07-09T16:06:19Z","last_seen":"2026-03-01T10:24:41.4022Z","alert_count":0,"request_count":2,"received_data":6615,"sent_data":1077,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.22.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"875ba27c4b.12f929026a.com","ip":{"addr":"116.202.249.56","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2026-02-05","domain_rank":0,"first_seen":"2026-03-07T01:42:51.565761Z","last_seen":"2026-03-07T01:42:51.565761Z","alert_count":8,"request_count":8,"received_data":109460,"sent_data":19039,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"openfpcdn.io","ip":{"addr":"108.157.229.11","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2021-11-10","domain_rank":9255,"first_seen":"2021-11-11T13:02:44Z","last_seen":"2026-03-04T21:24:32.471792Z","alert_count":0,"request_count":1,"received_data":34142,"sent_data":445,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"fp.metricswpsh.com","ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2021-10-29","domain_rank":154722,"first_seen":"2022-04-22T11:20:32Z","last_seen":"2026-03-06T08:33:29.89901Z","alert_count":2,"request_count":2,"received_data":818,"sent_data":1056,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.21.170","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-03-01T22:18:12.522658Z","alert_count":0,"request_count":1,"received_data":4393,"sent_data":489,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-03-01T22:15:00.771016Z","alert_count":0,"request_count":1,"received_data":39963,"sent_data":531,"comment":"","tags":null,"fingerprints":null},{"fqdn":"winvidplay.com","ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-02-26","domain_rank":0,"first_seen":"2026-03-03T03:03:48.186383Z","last_seen":"2026-03-03T03:03:48.186383Z","alert_count":10,"request_count":10,"received_data":156524,"sent_data":6860,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}]},{"fqdn":"cdn.vidoycdn.com","ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"domain_registered":"2025-11-11","domain_rank":0,"first_seen":"2025-11-12T09:30:04.633655Z","last_seen":"2026-03-04T08:07:35.468766Z","alert_count":0,"request_count":3,"received_data":169291,"sent_data":1293,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]},{"fqdn":"28fe4575ab.fb53d9afaf.com","ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2026-02-05","domain_rank":0,"first_seen":"2026-03-07T00:27:22.225103Z","last_seen":"2026-03-07T00:27:22.225103Z","alert_count":0,"request_count":1,"received_data":345,"sent_data":839,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"static.bookmsg.com","ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2020-09-15","domain_rank":169473,"first_seen":"2020-11-24T14:56:32Z","last_seen":"2026-03-06T16:21:15.952205Z","alert_count":0,"request_count":4,"received_data":4502,"sent_data":1894,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pagead2.googlesyndication.com","ip":{"addr":"172.217.19.226","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2003-01-21","domain_rank":610,"first_seen":"2012-05-21T07:15:40Z","last_seen":"2026-03-02T06:20:18.160293Z","alert_count":0,"request_count":1,"received_data":163188,"sent_data":469,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-03-01T22:28:03.022415Z","alert_count":0,"request_count":2,"received_data":180998,"sent_data":946,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"assets.ahmybid.net","ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-12-26","domain_rank":171628,"first_seen":"2024-12-28T14:10:32Z","last_seen":"2026-03-02T22:02:29.942814Z","alert_count":0,"request_count":1,"received_data":130527,"sent_data":433,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"d766901ef73dd715a72f8079883cda3d","sha1":"dfda990dc82badee5b1e30625aeec5e917f399df","sha256":"d43b59bdb46a27074953e68352320cbf839877ad462aa4d7f922050ea5e1a93e","sha512":"1b383db01306524fd50c0514d43d9a89b5fe290f1d9a168c4898cfcbf5361436348e673efc8ac608490965cd47be02b9ff25c8e09691da3d92b2990cc7b35642","ssdeep":"","tlshash":"8fd0237a19758831b29d028620f5d3a4256120647b11d604c1c8cc3b6e21fd304b155c","size":217,"data":"","first_seen":"2026-03-07T20:52:27.683991Z","last_seen":"2026-03-07T20:52:27.683991Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/d/9fv0hzswi11a","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"36e1a6590fb7ebcc66227289973621b1","sha1":"6f5dc34c61862936d2920f2a3694909153e55c9a","sha256":"35581ac1328eeeccf1139b1114b87f23071d6fed2a247e07ecfd7a5ac271a7b9","sha512":"a6f6b015193edf62a2c104cad28977dabdffadc6bbdc614caa9727f5e0e58cc7f19ec00acbc3a93a17a539b60991749ff1ff2f78b90907028f046e67bac17ccc","ssdeep":"","tlshash":"01d097122bbc0131c74225fb088e840c29204100264cb230b18c02c06f4c73c923782f","size":240,"data":"","first_seen":"2026-03-07T20:52:27.685879Z","last_seen":"2026-03-07T20:52:27.685879Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"65a86a933f.2601e2d1ea.com/08f1f8217aca137e1db9b04c6098c93e.js","fqdn":"65a86a933f.2601e2d1ea.com","domain":"2601e2d1ea.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c5589d1fc15ae5f634dfb92ce020a20a","sha1":"150a1372c7d28d061d1377b0c4b713453736ead5","sha256":"a1f20a01c7932e48f9a9ac22488f04147552602dcaf6c7d1edda1940ad04d595","sha512":"7af10fdf9772ac03b943fbb207f9031d9684ce0b12bb6f30ddaf9ab2479c6ab868a31bd75f3f73e240f90b1d7649d08324c39792665a98128e60c731856c9799","ssdeep":"1536:O18MdnC5OPz8iBP9r2RcZAdtK8wBggd341LloXQTtQyodhm161zKK+AKn7K0ketc:ABFSGAdt6RLdhmo1GqKGPetsz","tlshash":"f6e349dcb2d2b07407e75099d43f1206b73a1a16b80c9058f6a6e9c17878ddb9237f7a","size":149844,"data":"","first_seen":"2026-02-24T14:34:24.192439Z","last_seen":"2026-04-04T14:50:51.575446Z","times_seen":962,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89476,"data":"","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-04T15:27:33.816485Z","times_seen":217646,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"65a86a933f.2601e2d1ea.com/9d4fd179d79ab68c1f36aa118baf8531.js","fqdn":"65a86a933f.2601e2d1ea.com","domain":"2601e2d1ea.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e12e141f3c1d3a58eeb156cf154fa84b","sha1":"5abd5a6cc26ecad518fb4747bebc141781daded6","sha256":"17a70ab93a39d655380ac36da94da7cb0ba0dfc8d05446e6cb41576922a09aa9","sha512":"85a5a23b6438723239b0ae629698ed4e286954e44b9e40691f2ea1194aa41ac70880d83df0d289e14c5e1d374e7f1acca0d7b97b9b3ff4abb62b6ecf561bc6dd","ssdeep":"768:W0qmOOA1FJb8zunREimbZLrxL5mVuzYB3bPAgCp+dFAioTIZKOxvuoUjYClRtg2X:zOOVYpE1J0I0ui/d+J8EsE48JJI65v","tlshash":"f6a31aca32a1b4b002e244da943b0216f33d1929740e905cb7adddd6791ad4fa277f7e","size":107221,"data":"","first_seen":"2026-02-25T12:57:29.101042Z","last_seen":"2026-04-04T14:21:57.344779Z","times_seen":310,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"65a86a933f.2601e2d1ea.com/e4c025465f41b7b1658d36c812e991b8.js","fqdn":"65a86a933f.2601e2d1ea.com","domain":"2601e2d1ea.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cab0defd4705983c4a2031d4b7c47561","sha1":"bc3e776bbd099170cc22d63cc7558c8587acdb02","sha256":"6f00ae47630acb027193eea467e3b541a7711fc195d6c2722bf00a9b52a34704","sha512":"5d64f467ae768f8718c6c026dec6b020894a2648eafdd3774842c52290cba8fdb700812a61e275d73652aa87323a70d5b617c356df3f97441212d5744a792dcc","ssdeep":"12288:bO6w3S6RowOCoO68X6xEOjxIgWQfKjb5xoWbmx7bvVTQBUfRLsdGHGchOdEJNpFU:bOxVquCEOj6gWRxxdEcUQ","tlshash":"12d45a3132901139b0bfc8c6aa66278d336cf247e9170f55f96faaa583dbc54f625384","size":608312,"data":"","first_seen":"2026-03-04T21:27:39.279429Z","last_seen":"2026-04-04T14:21:57.391758Z","times_seen":48,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/d/9fv0hzswi11a","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1dff58fc1ac88dc66212114d2d13b01a","sha1":"e1b7f90017b99ce23d4400a32b94b66663d02f47","sha256":"2ef67bd1c4444a3f4f737a6d38106d3f754a74a401b7bcd5415149d5f43142f0","sha512":"6ee907119b2f686a5024a9a952ce107861d3d35df836296f87572f4a219c3998c6d84753c62b33d5e8942f57c32a041d3bd8cd09645be8bb4dd70ddaa53700d9","ssdeep":"","tlshash":"86a022330a388af022ae832e238cee803f3200c3e088f20002083c8823c0c8c20f0a32","size":76,"data":"","first_seen":"2025-05-10T11:06:44.868988Z","last_seen":"2026-03-30T19:55:10.783044Z","times_seen":198,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/d/9fv0hzswi11a","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"eeed368413469275e3ee01f81d506e3b","sha1":"f0b2023738dda3d9f81f01101ffddc539dd5c919","sha256":"4f96b2f1bc98f9dce38413ca59d5fe7c0f994b467965421be18e634d5dfaab9e","sha512":"5d45e1b9ddc293a2a5cf80789d813f91065c721c6e0926fd2ef12c8cb31017cfda2742fc2de0b00aeb16f929963a6325bc764920f77c04b1f8216f343cfcc073","ssdeep":"96:HWJnGHjVvxkh0NhBaJzOHp+G1EbCQiQZAJ1tTBn0yXS+tpTQxA:2oDhxf9H9eWQVAhB08TH","tlshash":"22d1f1f6b9bb334d979371ea2d161141500098a903adbc98fa64f2d5fcb4cfe192b350","size":6404,"data":"","first_seen":"2023-10-24T06:38:45Z","last_seen":"2026-04-04T14:21:57.384141Z","times_seen":789,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/d/9fv0hzswi11a","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a37afe45dd15d641f5624b4b79a4f373","sha1":"29adff63fd8c15b25e0502e8074355c319f4e372","sha256":"7f42db4e53e9c5f27c9708847a023c7bc4320b608d89a6c6af4a6ab869ef20ea","sha512":"3d0e89a8ca9ad983ee163bf435529ac0c57cdc02e0b08a49b7f1cdc682785e61d2e5753f3f7503135677e347a4e058fa17c3eec64fd12f4df2d6f36be6c96981","ssdeep":"","tlshash":"24c022df2c21854c542669ade0835108202920003851e97a88f8a1d010f0df06013fad","size":194,"data":"","first_seen":"2026-03-07T20:52:27.689824Z","last_seen":"2026-03-07T20:52:27.689824Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"644074027ce9641540ac5ce9cee158f2","sha1":"ce4ef50754260f1da73a686cbbc3c36c5419f249","sha256":"27affe05f28f047d82101f555896385cd4455ab1d9a489be0b97c93ff64ec427","sha512":"214e475aa21d8461d1f0cce397a37a2418a448a538aacdda392b8343278ccd7c0dc2cb9bd9dbc895a7a4a92c2bd4bd9a61c3deb54eba521a6236d9a4b5688321","ssdeep":"768:Ne6c6dip6hQOe4Eel1ck9SLf1w8xD+u+WR:NeciUiZ4n1vSLf19D+fWR","tlshash":"31d2a6c635dbb169826af471603773d776baac9470089849f510a8b8fca0714b2bffd4","size":29160,"data":"","first_seen":"2026-03-07T20:52:27.671166Z","last_seen":"2026-03-07T21:30:05.659817Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"21f260cbda26b36e9ebc70e346b7a1d1","sha1":"c0dd7fe60fb474a7d3dac497e23fed10b07547d3","sha256":"ff3a517cc9f1e2cd21bea55c0894e5ee50d933243fe2b41fca65edc6d65df52c","sha512":"6faa0792c23cff545605d1002b8dd6e1de95f893ba94611a6546b50725c6a4656f3fb05e67b436af287156446c50176073cad69bc905f0c899fab5394ada32e5","ssdeep":"","tlshash":"4bd0236919798d317199018f5076d394266130647b11d254c1d8cc2f6e11ed304b195c","size":217,"data":"","first_seen":"2026-03-07T20:52:27.691397Z","last_seen":"2026-03-07T20:52:27.691397Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"02bb4b2b5de14909d9bae1e457312777","sha1":"0595d140079a5d972860726d047d7f9e8b52eeb6","sha256":"796aed1e5e12aac7e046f5dc8eda6f667f993bf6366f03a58d7689d564f8c0dd","sha512":"3971d4c3cea2b3fd7d90b8c351b4303689099bcdfa8e88c7f49c852184d46f459a6db3773fae55d4d60078e626fa1a19aa58d2af5d838a4cc2bb60d1041445e0","ssdeep":"768:vU00R1DvpK3OXkrdB64mTSVQb/h6ngKSmDnU:vU00R1Dvplq+T2Qb/QngKSmDnU","tlshash":"eec295c635e671b5837bb431202773cb7a7efd54300d5889e951a9a9fc6070ca0bee98","size":26052,"data":"","first_seen":"2026-03-07T20:52:27.653704Z","last_seen":"2026-03-07T20:52:27.653704Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","size":89476,"data":"","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-04T15:27:33.816485Z","times_seen":217646,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/d/9fv0hzswi11a","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5e9758296597d9259921e2f5393993d0","sha1":"6e1ceb5f88c8dae07a8fc2aa093f492962b0fed4","sha256":"e00b9c9c260cdbd7ee01a6e86366ec69bfc9b6fb0eec4bffc5a21c34b81dd89d","sha512":"4a0f49f3236f9331eaeb076de6afdd8c5b44c858170edda3b620e5a80ea0080beefb377cf48c11da6881f2cd230f84b2e50391372a0c172875ea6b1c43964bed","ssdeep":"","tlshash":"bef002fff566003104bb0dbe2297e759363001067782ee04716eca180f74da200a25e1","size":595,"data":"","first_seen":"2025-12-21T05:56:55.610081Z","last_seen":"2026-03-30T19:55:10.786433Z","times_seen":46,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/dev.js","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d0912d21f435c4c549166b10a23b2ed3","sha1":"e7fdd985535070d732e5c54645401f47ef1385f4","sha256":"bdfc4abbefdfa0f942c2245ff41e4f92a083e10f638888fa0287ee8a19d103c8","sha512":"453225338c487831778a0020e0a99716622cffbdf2ff0516034534af3fec54cff235035a42920fb99e902354dd489ff8f544e1781c1f844783871bf771a860d7","ssdeep":"192:m+5ekRvDLCpBK+BpP78nPk6O9ShgzsqcSYV0GtI+uwicvsbIUiJE2KmnyKq:mLiPCvRvT8nPk6cSCzsqGVJeZcsb8SN","tlshash":"cc82c4ccb48270715b77a9e9507f454ab23aae96888c8040f13ed8e42c7c56ec267f7d","size":17683,"data":"","first_seen":"2025-10-09T18:27:49.609736Z","last_seen":"2026-04-04T14:21:57.3736Z","times_seen":158,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/d/9fv0hzswi11a","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"feb2b4d7bcc0775b24106439fea55393","sha1":"883297bcdad81a48887b0fa80dded516d4ceffd2","sha256":"6d688c7dc44a164a6c04a179a3ee076b469b9f1cb69acbee4085e00898c6842c","sha512":"5f777380bf1b007a81e5d4193e9a2f5094c05ce2187e667d27ca26d9e02f3b0d36c21540ccb7f1f3e54566869fc1b5cbf1400f31f12f7c009f1de39bb7b4ab58","ssdeep":"","tlshash":"07f0a0ffb9bb25f40a37b134af9e5348b43200072001dd02bd6d49c92fa4e102866ad9","size":480,"data":"","first_seen":"2025-06-14T13:42:55.432929Z","last_seen":"2026-04-04T14:21:57.386489Z","times_seen":583,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gq.evangelcycasin.com/rt8Y9JXc6BJkAOi3/121025","fqdn":"gq.evangelcycasin.com","domain":"evangelcycasin.com","tld":"com"},"ip":{"addr":"23.109.253.230","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"848667c49f5d3aef59cd65ed276cd7ae","sha1":"bd12c0ca2dfaa249586f1b9b8d48b02a1b9e3763","sha256":"cc5a5851251dd8052292557ba0231c51363ff1474f60b7a4af3be144cb1327c8","sha512":"4248ad0e684224ba8503b1e73517aae6ffe4431cd16b7633d2ccbf4b96f845e318dbee175d19cd4676ca37353f53add2231ed167ad6c4aa0d9fe185f7359238c","ssdeep":"","tlshash":"f23000000000000000cc00000000000000000000c000000000000000000000003c0000","size":5,"data":"","first_seen":"2025-04-24T10:17:49.831301Z","last_seen":"2026-04-04T14:56:05.208154Z","times_seen":14800,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/d/9fv0hzswi11a","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"35a1e2d69232c9f0a6d0258b14b67261","sha1":"d33de51db12ecab3472e5cd6c5279b26d977a562","sha256":"e826ac1151ab0276e1309e0f89c0a4e4803ab62eb36edfd6c78406abf91609b9","sha512":"d892fe52888dcccf2f53a309edb8ced98add88c30260bc4003c419377a451680288da475d3791ee47ec7085eea8e6827da817b7871c4c9b7f75fb08bcb3fee83","ssdeep":"","tlshash":"6dc09b9c35475cb555e757414b2fb505f147711094d11c31095a73485a20d57a755854","size":139,"data":"","first_seen":"2025-03-16T16:36:52.544017Z","last_seen":"2026-04-04T14:21:57.388835Z","times_seen":613,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/d/9fv0hzswi11a","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1c4c18c05f796142b1327d61ebeec2cf","sha1":"0a7fe7fc5e48c1cb0672571d6902fb40ef102b53","sha256":"4151a63e23fa815985bb320df60d860eee1d1e9408e0163e420505b25163b28b","sha512":"d5a3172bdae167c6024364383426dd0f7ecddcf6e84f72ebdd94c9d941b0b72d45f88de480095496d4bcb028ab8cf8168a06f551764013a95b1ca89f06b30cff","ssdeep":"","tlshash":"48b09b0f50352d66a57755692f1708025dd96042240084617e6d06064f596258351297","size":126,"data":"","first_seen":"2026-03-07T20:52:27.694961Z","last_seen":"2026-03-07T20:52:27.694961Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-RRBBHD087X","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a82565893815b18b7ca4bc00e1c5d211","sha1":"1ba4ce9f83a5b7f5914ebcc532b249637a4c1599","sha256":"269083f9242de1b19402730974df3944948b5b17b781914d5eb606ed2ab6405a","sha512":"4a955e91394100f7b8ca216b7c7c762062d7012aaf2be92e00dad3a92f3e02f899abc44b297531186d2230f16f3bd719a286e00da8deb770ac2984698e8a5aee","ssdeep":"6144:B9kKfNl3H2vNQBaKI0SfZ8RGw/V0sApXx2ZAJJx:L/FxH2vnDfZ8t6","tlshash":"b1a41ace73c674225396f478503f018ba57b68a2b48cc89af189cce46e7459a8137f7d","size":457425,"data":"","first_seen":"2026-03-07T19:01:11.337438Z","last_seen":"2026-03-07T21:30:03.336228Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openfpcdn.io/fingerprintjs/v3","fqdn":"openfpcdn.io","domain":"openfpcdn.io","tld":"io"},"ip":{"addr":"108.157.229.11","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ef5a1ccf6a53cc40021bfd4647f82b4a","sha1":"86eaf1a45275873266f2b85249408c8297a54f61","sha256":"57281521094dd6fe0d1997e31eab51a203b0f338d39e730d260fdfecce621905","sha512":"16923eaa089ee9d2d5a4e7a02cdbd31da35c8ce7d61e0d7e1bc8a6aa0648c358ad5d5f9ce5aaec4c5247475b8192af167e7fa6941d4fe181c5e01f28ff8537d7","ssdeep":"384:fQQYf1KNHRJijKLE6wXegKHqHTBMmwZCKQLFKA5+pCqNFaiE8E0QIQfJJcChs9RW:fR1HRxf6Hc9NwlJJAbc1GPgJN","tlshash":"9be2f6d8b2c3b02a227368b6497f6007b63bbd54241d4843d57bd4c17ca5e9a813bfb9","size":33442,"data":"","first_seen":"2023-07-07T06:15:03Z","last_seen":"2026-04-04T14:21:57.377816Z","times_seen":4291,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"65a86a933f.2601e2d1ea.com/86a7d33af8cf3dbbcaf4db27258bf705.js","fqdn":"65a86a933f.2601e2d1ea.com","domain":"2601e2d1ea.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"65cd5ff25976719aaeb726b099232c30","sha1":"e1d0c34eb4153f6151b1d5167553334888b81fee","sha256":"937e4747e6dfcd2942f8e5c1d829e16f38ba1c68929f68e7b8eb1ce73c012b7a","sha512":"2c9fbca12ef794b406dbbde6023f5e0261069bff0774dacfe95caa409704dde6d6575d93f57d4a230974e70cc2d0f290d8629725d95d365f5ede7748b02e4d1f","ssdeep":"3072:Hpdz0U3MfV1svrD5/z7rs2YBCwpiBG3dSl5Q7BQS2o06mp4Z+uw:Hvz0UcN+5Q7FmpW+uw","tlshash":"82446cd1368478b005a3c0aee4770201b2382609f529756cfabddee66586dce2377f79","size":259073,"data":"","first_seen":"2026-03-04T21:27:39.266048Z","last_seen":"2026-04-04T14:21:57.378884Z","times_seen":50,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/d/9fv0hzswi11a","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"982ec07058f50c4ef36fb5ced28a00f8","sha1":"cc6789b272a983091ffdf2e9016cad6f99cffbdd","sha256":"efc2d19cba5b31b038bc2764856bb21a8e3c02a329eeb6f2a617ac69b2240829","sha512":"83c6a90cbe46aedd6e469975656de1c8588f399a5a08c8a16e40a4d8520a95a6097b32641ca93564fdc5acdbf1d76b1e01b70016ee0d4ae28d31a10e8aebba40","ssdeep":"","tlshash":"3911c0793b2a5534d6c6418b31bee7a93d3260757e02d144c2accc295d18e8714efcbe","size":902,"data":"","first_seen":"2026-03-07T20:52:27.696645Z","last_seen":"2026-03-07T20:52:27.696645Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"enrtx.com/get/","fqdn":"enrtx.com","domain":"enrtx.com","tld":"com"},"ip":{"addr":"94.130.197.239","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"popunder-base.infrapu.sh","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 05 Mar 2026 01:54:44 GMT","end":"Wed, 03 Jun 2026 01:54:43 GMT"},"fingerprint":{"sha1":"A2:B9:5E:9B:8F:4B:CB:BC:9C:5B:83:BE:89:7A:84:8B:D3:84:50:88","sha256":"5B:EB:8B:03:DC:D1:69:63:BA:BB:98:06:94:12:D2:8C:11:E3:23:5A:50:D0:58:89:B3:21:5F:EC:41:7C:8F:33"}}},"request":{"raw":"POST /get/ HTTP/1.1\r\nHost: enrtx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://winvidplay.com/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1738\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1738,"data":"{\"imp\":[{\"secure\":1,\"ext\":{\"user_keywords\":\"\",\"tag_ab\":\"a\",\"id\":2612,\"spaceid\":2612,\"type\":\"pop\",\"subid\":\"500843478\",\"utm1\":\"\",\"utm2\":\"\",\"utm4\":\"\",\"spot_id\":503362,\"labels\":\"\",\"blocked_verticals\":\"\",\"allowed_labels\":\"\",\"ad_tags\":\"Ome%2Ccewe%2Cchindo\",\"refdomain\":\"\",\"is_iframe\":false,\"gyr\":0,\"features\":\"\",\"accel\":0,\"ssp\":3967,\"rchange\":false,\"otype\":2,\"stratagem\":\"\",\"v2_track\":0,\"cla\":0,\"v2\":1,\"mn\":1,\"timezone_olson\":\"UTC\",\"event_id\":\"a10b3e83-c2fb-4dd3-be6a-db427cf5e7fe\",\"testab\":0,\"approved_mainstream\":0,\"ver\":\"1.172.4\"},\"pext\":{\"ab\":0},\"metrics\":{\"sp_scr\":0,\"intes\":[],\"high_fr_clicks\":false,\"dev_cons_act\":false,\"scroll_percent\":0,\"empty_clicks\":0,\"prev_step_diff\":1086,\"act_su\":1,\"izb\":\"0\"}}],\"site\":{\"id\":\"503362\",\"cat\":[\"IAB25\"],\"page\":\"https%3A//winvidplay.com/d/9fv0hzswi11a\"},\"device\":{\"w\":1280,\"h\":1024},\"user\":{\"id\":\"59af962887f337d7299b142fa6337684\",\"fp\":null,\"fp_str\":\"\",\"ua_data\":null,\"interest_ids\":[],\"is_webview\":false,\"is_inapp\":false,\"social_network\":\"\",\"device_specs\":{\"brand\":\"\",\"gpu_brand\":\"\",\"gpu_version\":\"\",\"os_name\":\"Windows\",\"cpu_cores\":48,\"device_memory\":0,\"width\":1024,\"height\":1280}},\"fp_params\":{\"plugins\":[\"PDF Viewer\",\"Chrome PDF Viewer\",\"Chromium PDF Viewer\",\"Microsoft Edge PDF Viewer\",\"WebKit built-in PDF\"],\"languages\":[\"en-US\",\"en\"],\"fonts\":[\"Bitstream Vera Sans Mono\",\"Century\"],\"fontPreferences\":{\"default\":173.11666870117188,\"apple\":173.11666870117188,\"serif\":173.11666870117188,\"sans\":162.01666259765625,\"mono\":122.68333435058594,\"min\":10.800003051757812,\"system\":162.01666259765625},\"platform\":\"Win32\",\"colorDepth\":24,\"deviceMemory\":0,\"hardwareConcurrency\":48,\"indexedDB\":true,\"sessionStorage\":true,\"localStorage\":true,\"cookiesEnabled\":true,\"colorGamut\":\"srgb\"},\"ext\":{\"dt\":1772916719811}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 07 Mar 2026 20:52:00 GMT\r\ncontent-type: application/json\r\ncontent-length: 1515\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4464,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"11d14ab6f87ad21f9aed1d9cac48a111","sha1":"26f999c4692caba74bab7dceb7a23e3b1ece084c","sha256":"e57d4f8527e96752ff7653a95cd61cfd39bf8387002495376f4274bed3751091","sha512":"a233b6eec7e9884f2e16531b9d8428395aa99082497485feb677186fa8854b3ab66c7eda3ce17e76f9b69a985d588509a4368513ae75a4e4b3551d399ee11a5b","ssdeep":"96:zZxHl/KOOx1J+jpG6SR4hy+1xxHlbOOx1JvG6SR4hy+1T:n9KB7lZRfiZB7eZRfU","tlshash":"3d91fa826867ad2108d9c412a109e13d27d48b368a9b7edff8b2c625d4943ee10ddd1d","first_seen":"2026-03-07T20:52:27.639256Z","last_seen":"2026-03-07T20:52:27.639256Z","times_seen":1,"resource_available":false,"data":null}},"time_used":508,"timings":{"blocked":125,"dns":9,"connect":40,"send":0,"wait":257,"receive":0,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.255Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 13 Jan 2026 22:16:05 GMT","end":"Mon, 13 Apr 2026 23:15:55 GMT"},"fingerprint":{"sha1":"D9:00:47:77:A5:47:66:A1:6F:DA:EB:4B:BB:BF:67:49:BF:2C:A4:75","sha256":"07:A7:3E:4A:B2:9F:0A:07:6C:78:A7:7B:DC:2B:68:A1:84:7A:7F:1B:45:6C:71:8E:5E:79:F3:11:1A:6C:4F:62"}}},"request":{"raw":"GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 27958\r\ncf-ray: 9d8c7b2aef2e4e4c-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb09ed3-15d84\"\r\nlast-modified: Mon, 04 May 2020 23:01:39 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 240689\r\nexpires: Thu, 25 Feb 2027 20:51:57 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=eXkc0MV6%2Ba2043pm1W0okmOL0Cpk6wVn%2F4J6N9CCzdm%2BL7v3Je0Vfe0XL5qQPP8U3uM9cx4VbtpbHm3F4nV4WrkUNsTFElHVAWvIcTFNFv5WSO8ctc4vu%2BcRVsceiY5Iu4Ot4IXb\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":89476,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-04T15:27:33.816485Z","times_seen":217646,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":8,"dns":1,"connect":1,"send":0,"wait":13,"receive":2,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winvidplay.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 09:33:07 GMT","end":"Wed, 27 May 2026 09:33:06 GMT"},"fingerprint":{"sha1":"9D:1B:D5:EB:27:A2:9B:4C:DE:3A:18:C6:59:65:C7:30:DE:13:CF:E2","sha256":"CD:05:1A:2D:1A:F8:16:84:88:50:E3:B8:35:40:7B:07:FA:E7:01:7A:BF:5D:35:60:93:98:6B:5E:23:2D:09:04"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: winvidplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\nlocation: /cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\ncontent-length: 0\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncf-ray: 9d8c7b2d39dba9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29160,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"winvidplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/ip129jk?id=6131316977737a6830766639","date":"2026-03-07T20:51:58.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winvidplay.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 09:33:07 GMT","end":"Wed, 27 May 2026 09:33:06 GMT"},"fingerprint":{"sha1":"9D:1B:D5:EB:27:A2:9B:4C:DE:3A:18:C6:59:65:C7:30:DE:13:CF:E2","sha256":"CD:05:1A:2D:1A:F8:16:84:88:50:E3:B8:35:40:7B:07:FA:E7:01:7A:BF:5D:35:60:93:98:6B:5E:23:2D:09:04"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: winvidplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: vf=9fv0hzswi11a%7C1772916757%7CIiu5KvUQLVEQ8OLp-tmccbyMu1SeTJkZaNhuduYwzKk.YhmwM7pNSsNm4-IsA5LCH0p6xEU4S8yad7RkDiOkwmk; cf_clearance=0Ckz7gKUd.TB55L9slkqTyv5AQh017USSWbdHYYWbc8-1772916717-1.2.1.1-NGXJKUtRry.AFnO_N6OJTr9hnKxE9GddLxQ.iAUbT7JgCgKkZTn4wmQwD3OOVW3RSAWThMvP2dLTIaMJrI0eKCiLDcCNYqgzTZ0k_xP0symIBRYCvctDVQRdmaXwc8HGRLbIqhmfr7rKcGCt1juTCCGJA7ZnnqcUROx2WNhbh6uDcvE_LFjlUALP5QEbvcIiIseBxchzUTeODRy8kPD7AGmVJp52h.h9A9warHQsUz0; _ga_RRBBHD087X=GS2.1.s1772916718$o1$g1$t1772916718$j60$l0$h0; _ga=GA1.1.182876236.1772916718\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\nlocation: /cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\ncontent-length: 0\r\ndate: Sat, 07 Mar 2026 20:51:58 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncf-ray: 9d8c7b30ca42a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26052,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"winvidplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S923811298:1772916719423280\u0026ifkv=ASfE1-rASiyQu0GuiRK6TtS-PbLaY_ONlZaherhV6vlcmRAScUJ2lTa7qlZDKQVNUWOeYo9eYaI5rg","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.446Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:54 GMT","end":"Mon, 27 Apr 2026 08:38:53 GMT"},"fingerprint":{"sha1":"07:1E:D2:0D:5F:A5:AF:E8:26:91:FD:C3:DE:5B:BB:4D:68:90:1F:3A","sha256":"22:A1:18:EB:6B:19:59:23:4F:FF:AF:80:D6:ED:5C:1C:70:98:29:15:03:70:96:71:FF:A9:7A:45:6C:E8:1F:1A"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S923811298:1772916719423280\u0026ifkv=ASfE1-rASiyQu0GuiRK6TtS-PbLaY_ONlZaherhV6vlcmRAScUJ2lTa7qlZDKQVNUWOeYo9eYaI5rg HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:LYNhLsH7z2yoRO6jhhTQqANPvqlfoQ:6E1FLHlTZjT8CjUX;Path=/;Expires=Mon, 06-Mar-2028 20:51:59 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S923811298%3A1772916719423280\u0026hl=en\u0026ifkv=ASfE1-qlhRGiMtK-IQ_IniD8PFKx2WIxJvxJFObqfsaZf3NrMtEJ92oZNR_vUd1qbZ9Wavdsw5kC3g\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: script-src 'nonce-Ct7GXJGwHZUBKnANCrnZfQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 417\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/ip129jk?id=6131316977737a6830766639","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winvidplay.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 09:33:07 GMT","end":"Wed, 27 May 2026 09:33:06 GMT"},"fingerprint":{"sha1":"9D:1B:D5:EB:27:A2:9B:4C:DE:3A:18:C6:59:65:C7:30:DE:13:CF:E2","sha256":"CD:05:1A:2D:1A:F8:16:84:88:50:E3:B8:35:40:7B:07:FA:E7:01:7A:BF:5D:35:60:93:98:6B:5E:23:2D:09:04"}}},"request":{"raw":"GET /ip129jk?id=6131316977737a6830766639 HTTP/1.1\r\nHost: winvidplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/d/9fv0hzswi11a\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hzad1GiWVMc8bRyZPz21r5osC5lOY%2B4PHg5YZo2CuKj2OJeeVHZKTOmJQiBr3y6V68HHoA%2ByMdY46DN30tC3AJqMc%2FycxA%2Bkdufv8wMy\"}]}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\nset-cookie: vf=9fv0hzswi11a%7C1772916757%7CIiu5KvUQLVEQ8OLp-tmccbyMu1SeTJkZaNhuduYwzKk.YhmwM7pNSsNm4-IsA5LCH0p6xEU4S8yad7RkDiOkwmk; Max-Age=120; Path=/; Secure; HttpOnly; SameSite=None\r\ncontent-encoding: br\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d8c7b2d09d9a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6319,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (930)","md5":"7c7fe42737c86a4d155794f3aae25bd8","sha1":"aa1fcfd670a215b5c19ff50fc4089bcec29f75d6","sha256":"185e01d0388a1398c0372ae04ecc2879bab07902763c1e88dc088a49e46c3c73","sha512":"4846a3d4de1a639cf1d9643cb598ca29c858e32cacfa575ba9bab1e78e3a4b7db7ae6389461cae8d713805ef317c3d845d29f8660f14492b5b11e099355ceb94","ssdeep":"96:Su8VRo9x+Ki0TtbZZzfHPK+Stinb0OCFQlHw+JI7uN+a5Ynx/IZ:eVRo9kKBtZzHCt+01HCN+dnx/a","tlshash":"1cd12c7325b2144a491394e55eb361093032c2076e05984877deabb88f1df8e18b7ffd","first_seen":"2026-03-07T20:52:27.644809Z","last_seen":"2026-03-07T20:52:27.644809Z","times_seen":1,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"winvidplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"notification.tubecup.net/tags?tag_id=114039\u0026timezone_olson=UTC\u0026version_name=a\u0026med_script_id=98\u0026page=https%3A//winvidplay.com/d/9fv0hzswi11a","fqdn":"notification.tubecup.net","domain":"tubecup.net","tld":"net"},"ip":{"addr":"94.130.197.136","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:58.726Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"notification.tubecup.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 06:40:03 GMT","end":"Fri, 10 Apr 2026 06:40:02 GMT"},"fingerprint":{"sha1":"C7:51:D1:DF:5F:55:DC:AC:0B:B9:06:76:58:C5:A6:A5:E9:44:79:92","sha256":"D7:5F:06:4C:F7:01:BD:E8:0F:06:86:35:A2:D0:28:46:5D:B2:24:EE:0A:61:8D:C9:61:CA:AA:C4:5A:47:E6:CA"}}},"request":{"raw":"GET /tags?tag_id=114039\u0026timezone_olson=UTC\u0026version_name=a\u0026med_script_id=98\u0026page=https%3A//winvidplay.com/d/9fv0hzswi11a HTTP/1.1\r\nHost: notification.tubecup.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.22.0\r\ndate: Sat, 07 Mar 2026 20:51:58 GMT\r\ncontent-type: application/json\r\ncontent-length: 1252\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5925,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"49e5ce6218cb4a7afb76f5701f4ecd45","sha1":"16b349ab9ab46eb332211a8fe974655268017070","sha256":"dbeb06e36fcf644932e7c7d4d2424f020dc28ee6bde8516a42d61891e482cd71","sha512":"f0fa602044bba79710618c1b1c8525695adf10ffebc8d5785cbc301f77574e7bc85359fd9d0377021b6548a2055b0fe0ebba88dea19b36d0e4a4bb7587bb6f94","ssdeep":"96:LhO3z3KNxsILaHn/zJ5BNjgNdXuhSX3JYHT5BNjgNdXuhSX3JYXBNjgNdXIKSX3b:LhOD6nsI+Hn/zPPjUdxJsPjUdxJwPjUw","tlshash":"57c189e09ab4c8f7c1f00387a4cb3b4a956d11ab60847d4ef47ec9e809eed561f5a11b","first_seen":"2026-03-07T20:52:27.64758Z","last_seen":"2026-03-07T20:52:27.64758Z","times_seen":1,"resource_available":false,"data":null}},"time_used":334,"timings":{"blocked":136,"dns":26,"connect":34,"send":0,"wait":61,"receive":0,"ssl":74},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.vidoycdn.com/style.min.css","fqdn":"cdn.vidoycdn.com","domain":"vidoycdn.com","tld":"com"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.vidoycdn.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 02 Mar 2026 00:04:16 GMT","end":"Sun, 31 May 2026 00:04:15 GMT"},"fingerprint":{"sha1":"DB:53:BB:A2:8D:EC:6B:0E:73:20:99:11:3C:9A:31:33:13:22:BB:4C","sha256":"38:06:59:A5:3A:5C:BD:AE:BA:65:D9:A5:2B:F2:B9:EB:73:E2:2D:32:25:F3:93:60:4A:88:5F:E8:91:2D:61:02"}}},"request":{"raw":"GET /style.min.css HTTP/1.1\r\nHost: cdn.vidoycdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\ncontent-type: text/css\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 4839885\r\ncdn-requestcountrycode: NO\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match\r\naccess-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match\r\ncache-control: max-age=43200\r\ncontent-encoding: br\r\netag: \"6913bd94-77bd\"\r\nexpires: Wed, 12 Nov 2025 10:54:15 GMT\r\nlast-modified: Tue, 11 Nov 2025 22:49:56 GMT\r\nstrict-transport-security: max-age=31536000\r\ncdn-proxyver: 1.39\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 11/11/2025 22:54:16\r\ncdn-edgestorageid: 830\r\ncdn-requestid: 0bebac4384d88f52777d05a27ecc35bd\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":30653,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (30653), with no line terminators","md5":"df08ae02ef1527299902f29d6091779c","sha1":"6b9b67be3a44de2963c6dfa314faf145c29488db","sha256":"b872889b10e74aa60e3010b4e14633ca0eab9d7da5c1260f25bd6e7503496a0a","sha512":"27ce102ced7d03b4c8fb9c600be639deb1dd04398b579775a6b82c16f4f80821e2665397d36addbb79bb3433aea705cf83daca5598fa28312b5e55e17a16faeb","ssdeep":"768:pTCdikL60L2HSZJ212PypKBNXUIsppIxHv7:pTsL2HSZMou5IxHj","tlshash":"4ad2b5189d2d126c61fe81a7b4c14feb3539d231d1160fafe53f7aaccdc845a1aa7608","first_seen":"2025-06-17T20:06:29.134784Z","last_seen":"2026-04-04T07:43:53.429923Z","times_seen":392,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":59,"dns":24,"connect":3,"send":0,"wait":2,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gq.evangelcycasin.com/rt8Y9JXc6BJkAOi3/121025","fqdn":"gq.evangelcycasin.com","domain":"evangelcycasin.com","tld":"com"},"ip":{"addr":"23.109.253.230","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.257Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gq.evangelcycasin.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 12 Jan 2026 10:13:08 GMT","end":"Sun, 12 Apr 2026 10:13:07 GMT"},"fingerprint":{"sha1":"F5:57:C8:39:9D:E2:00:A2:F3:14:FD:96:30:64:EA:BF:0B:8B:5D:FA","sha256":"AD:3F:23:20:2D:3E:F6:A1:DC:20:7E:56:85:D5:FA:3E:CE:FA:BB:70:3A:52:C0:1F:31:70:53:C4:30:70:6B:1E"}}},"request":{"raw":"GET /rt8Y9JXc6BJkAOi3/121025 HTTP/1.1\r\nHost: gq.evangelcycasin.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://winvidplay.com\r\naccess-control-allow-headers: content-type, gyfr29qt4j80vdr0zhsj, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9jc1OhDAcB%2FkGddnkl%2FAA%2BwgtUtKrF1%2FBI2npn7UKdFMqq28v8eBtDjOZKIqSpka8FyekX0rgwrnsZSdaybpRqlZr2feCaSEZb8U0CTzYbQhKzxQyVNuifBjCniHXXq2mRr44Q3ONUnt338g3KbJVLYTy1Xqa3PdhqA%2FnkfLn7mC7HhwzJG5r0nOF8s2u5ijPj0g4O5%2BKCE%2B3WYXJ%2BWWwpoiRX70yhPgF1agCXZ3%2FQWlo%2BwzuBrjZDP%2F%2B3zi9c4bC0G5HQu7CO%2FlfoWNCFg%3D%3D; expires=Sun, 08-Mar-2026 20:51:57 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJxjYGBgEuEXZMosEOSxNNSzNNAzMdIzNDURZEwXZPLzF2RKzhNk88svKk%2BsFGQsEmQyMBZkKsoT5PYvzslXcM4vzSsBiicLsoD4goyZgnxOOZkVCsH5OaUlmfl5xYJMQMzpnJiUk6rvEuwjyFjAxijIVJIPIotTRBgEGcvYJASZchJ5HHw%2Fv9qcvuAnkJPP46BavzE63G61IFNBsSCLoaGZEQCHQinh; expires=Sun, 08-Mar-2026 20:51:57 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"848667c49f5d3aef59cd65ed276cd7ae","sha1":"bd12c0ca2dfaa249586f1b9b8d48b02a1b9e3763","sha256":"cc5a5851251dd8052292557ba0231c51363ff1474f60b7a4af3be144cb1327c8","sha512":"4248ad0e684224ba8503b1e73517aae6ffe4431cd16b7633d2ccbf4b96f845e318dbee175d19cd4676ca37353f53add2231ed167ad6c4aa0d9fe185f7359238c","ssdeep":"","tlshash":"f23000000000000000cc00000000000000000000c000000000000000000000003c0000","first_seen":"2025-04-24T10:17:49.831301Z","last_seen":"2026-04-04T14:56:05.208154Z","times_seen":14800,"resource_available":true,"data":null}},"time_used":261,"timings":{"blocked":115,"dns":79,"connect":18,"send":0,"wait":21,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/cdn-cgi/challenge-platform/h/g/jsd/oneshot/ea2d291c0fdc/0.2911530913238323:1772915154:MRkC8Jar09nF57TmIP8akTPYftwlGYXS4eqkvfgMnh8/9d8c7b294b401382","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winvidplay.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 09:33:07 GMT","end":"Wed, 27 May 2026 09:33:06 GMT"},"fingerprint":{"sha1":"9D:1B:D5:EB:27:A2:9B:4C:DE:3A:18:C6:59:65:C7:30:DE:13:CF:E2","sha256":"CD:05:1A:2D:1A:F8:16:84:88:50:E3:B8:35:40:7B:07:FA:E7:01:7A:BF:5D:35:60:93:98:6B:5E:23:2D:09:04"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/g/jsd/oneshot/ea2d291c0fdc/0.2911530913238323:1772915154:MRkC8Jar09nF57TmIP8akTPYftwlGYXS4eqkvfgMnh8/9d8c7b294b401382 HTTP/1.1\r\nHost: winvidplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12162\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/d/9fv0hzswi11a\r\nCookie: vf=9fv0hzswi11a%7C1772916757%7CIiu5KvUQLVEQ8OLp-tmccbyMu1SeTJkZaNhuduYwzKk.YhmwM7pNSsNm4-IsA5LCH0p6xEU4S8yad7RkDiOkwmk\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12162,"data":"OicL7WGZldmDDl8lZTGDDiGpJGDyUy-wlyc8GNyYLvKWjtitGuy1WOWJyilUAyVW-LmqyAuEG56L9h8q9y9iiv9ylVjJyGWLGIzdd8Ggdh58Lk5jDccG17DrdPgfLLywBz0zL5VG8LBjEiyGpPD3alLJmS37EWzWy$0LCyPWCt8AwjdZ94lZ9Xym7l3mP$x8EyvBJZ9awXEMXwxWQ8y78AyfiytkbUydrO56AL2HTYG6TCVZ+433iiy7ctyGKmlzq7RYqdyhJISKHA8QLylBjP8ccLy7a8TOpLSDcy2w4WEDMZRsciyCpt8fEvlVwOD5wEZdpyvci8JI6jLyml1C8ZjGt6St6PtcyZkAy6a8WcyCABEqujcWlcyrw5Zz55Bfxo1SoTcIWsA-qaTCUgDVlCxHcA-aILC6ZJJGGZawhXMyGlHdfGq9oqEcco1Oo$cV-9V26o6+KJDXucyiWvJyGPZz2JUG0NCttULyDOpjjvwCa43zKx3V5IHm+9w9oqq15qVa6VymCc3wsBCal2g-ZJyGUN1BKw96NNXqJE+8BNJKHq1qp-qiFqwTPouyuiinRPJ+odD1ituYNHALHjPDULyZ2pWsS1n2HEZ180oC2Yx9KkcwQ8IRGI5yp5+vZLiE59NImMcmfkLPtLqQHc2hKRR447jY-TmkVXm$FhTV$CIO8n3IgfgKGB7wfv08nWybyur$TiXoN$p7tG9olQWZpovPwonkxtihkNkoYoTsghGWUay0r3R+LWQ-joTlcktqgiFhL9yCdpymk5hlCW5GWfJGl-94Z5hkpllkD$1GL98a5k9i4icyqoiXv9wLuh84WoIWY4WcpcL1NyHJP7EfGZVZumTO49BHhp9Ll98ZjWGJ5lsfEGyIlC0LIGEZJZyJKEBGJLBL6dEWlccbRFkcQGLO4EWJtss9NRytEEWJc5j2f9BBNy3-0dc8LyQVbzVCW2tTdcSWYNylWBZdn4hyfSBZlJ9BImfwROjJdHS34ul-cczmIdc7HM8f3zlG1ORgyC8u9mLyTgfOp+8qwj9flJHyicWfGfU9ozw-lt1gG1$jPcfxTGG14EBzf6HYVAhfWRW9BAGES5nq4N1FcESB4JKh+ywJ2t1Ot64mxTKlF8OylqHlGUyQ-vmllclmLVytNcaGBV4+SEnmW6cX59W-9mTdRpEzGF7w5mjLJ9GEW88BdNsqmCX-nSyB-HdTiOhyAyJ8lJ54+dPNJqtOxEqwtym8mwv-EWW2-WACf7ZvSYiu-MN9GG6ycZ3lc4bkU9aqyPc-A6gvs0BLCwbdLvA7uMhD8jSwE8GFOA+BLyJBEjVdSLcppfBXMtjSUZpAc4RWB1$zpw5iFl2HjUh8yj+MTMrwELWSNyjEo0MuGSBJnLXiE9BCWY958QYVyoSyVHxJ89Bynpt97vFcGs+ijm8haGldyc2ZlYLCaX6ptgXlY0ZMX+G35nz-GBO6uGyFEwBXNssnH+cv77N3UiFP3HvSP3Cps0cZoAOCHMrEqjYAK1cGAkZHnhF0bIpO0sLP60vv3Tn9BruB2$+TnPy0$6YDmjtA6sCGOs-mLvANyHygpyC0E0aFbPqKwGcOgkiOUlmdCLCM3pcGkmJhiqE-QCy4EnG7f3w8hUgGfLITSQCCkfDyGrzGBmdjd7TqJ7jvlNuE7JtLgyPCPCpjIOqwHp4PyC71fPMtNKo+M5JkBWshllN4lJORuyTFR99P9HcGyjlE6$c8tJbD-lG-o5kGXfL0lZCrpsUS54YXMCDV4mZEBzhyPSoi14BAk8UhcR364DpywuzBl8VEKjK5KNZdFhyT98RjqEOCu9jctK97BqJurYA1Ko6S7TUJ5yDto9yyA+99GRQtOXvETT3jP9qSg5l29ZJlQwNCCDdyjsM2H7W9thyjT9jAmrBJy9d9S2VgWcCU9sREyZlGp-6SAR8QKl9cK2vqtlGSmXR8ZpHONllhTtKNkqIQ78Nq98fpbZxou-WPHlr3JsGKC-tpwVXRkG6fubt1VTVk8IN$RyGCa8tjAGjhThbEL0WaAroALyTDcqJZAlwSWRwffoV-y5QRdC+-SLH2wfEkV88KFT+LjmclcmUHZlQqCOGWsBIlSlPQS7M-o3dCiPlVP-HPAS-ycPY3lxrJB2ptlqB6UoY-DWyDXCRqAKvyGUPSSaZTr5dEowLBzmJQDl1DtvQt36apfJ9Ut0P46qkgJf$Y1UdRqqbXPZAv-iA8oR3wMS78pwXOJyL24DRxqizAaw71Ir1+T6X$oFDgmXl-ksIVJrvlO+ozClHJdZryDHwlux4TGi5dG7X4i82EwGdwLZpKwBp4LoS5S4OQvEmkgCbvwCWSp27qEvbbPEBVmvf6aU3vuGwHAglNNTiK4puPaUMtAHJByUdkVjvRIdHk5XAK-PWLHBk2dyPzPSrqrntpQqBdDRalGmOkBUmCy64S5k5yCc0V-GTFZS-zAXMELPzKf8MV-oylfU27mbbNUZ9wNyp3JWRKwLqcUCa2uXkHyB2EuuxKcCfSrBw-hBS3IybRVtuC6dlLtgr+8G+zVdyT8MVxuCCxQy9X8APlDlJNv-ShCCl+zSIW8G-LYz9PNQB0mnlyI+ZjwNwA9AMvXx4ouaOcuyDrJyjRBIDTMcGoCEBiVhyfv9IPnroQHxCL7$56qAmlWxEFEACfKxBTT$8WPiZqBizP$hBLMNyKwcvadwp9liqKHPxg7bYhZm+yj1ZXQKLlLJdcUFyHrr9yV6XVRu1EtFx4Sr0FnyNzt8Ed-QhDmEDjRBWvLLNfwgp$i0inZLUIQqPCAYwHQGvqKa0x8daqWQGK5NSPFbPCjx4zLcNLBHo9pNOEaVcAgdLCMVAVLGJ+wVVv3H-1+C+LTV0ZST$KY4H16vCAoLkQDaZRMQcAiLS4GSh80iO7culPX8Esg7bxZlKdN7Wq9ITdEu7CCdEz-fDyjWm$y8bargzyrCtnVpoxJ5Ls9jdsQrS7HQ0I-0VPHZpC-ZACOgNEjLvOJExndfO8yL8ryWcEhyIY7wqjkbgz7HGFwGVHzKuhMQtt17r-5ahDPHlngBDc9bvBGQ$+dnPZ9hhTAdFWGjuEx+Z32p85Thyj-GP1DDd4L52TStR3ghvNCh1ozuSC$IIwL7BP5OVHTikNYrb3CCyCFrvqPO$kgbdk1KSvhC3$0-8JPArAv19oNDjaw9fyTHVGtobhSPacXUKGL8w7I0t8BOTgYPvwXlpd$1YcPSdPNRipqPKddDs3KB6Ro0Rmxy5PYXiJWkJmV2tloDR7JK13llPcS5$LgGidrRPFP54-OKKN1kB-RP+Mcoa187SfIXmlhFXZXP82y12H38Ztw00EjlVLYZYwV-08xZpc4HJuGhA1T5JotQ97z0Qzqca2+uGA$+Ijt5iJlPCbdC1pccNhTOANlOuyGyEp4TjCs+ZoCyJPSzPk$TUaRqsAWR$1xDcWuaXDPwLIsFRpdAvfygCAxAD1XJkaR9LgC7Xgy-DHr0va8HUlPZ$hN6vExfRNiAPdu9yldDLVyiciPLAWXWNVU3JHU4ZgEaEuNkNKGVRmUQciNJGMtcu6UETKvwvdAiEETVZQWQJXD9UCsENQJ2Em$MAgTGW8ltGL$DcgL-yhq8brxavvcTrDr7lKybv8Wgk-takWEGyHDCJ6LicCx+dKxqrlvZL3yFdLAhG8XDPkNPGnGTDiGaxOGZGsPRWcuC$qB7JXStEqAMUxBhTVXNxrUKdRchxdW8tTqDRyAfDAx$8KbQCopAxTcLShySAYPH$HdO$Pq8X+bqt9RsqDrFXjWadlcAkZsExwRt$5khBKupxRGLvKBoGRsGysBDclPGRZ8tjsxpxOjFuZ4Vr5CbJHdhyxyE4NSljNPGNa8hBzBFb3BcyalTpWWANCrHcwjEkHBztNiaEINdA+lzr2Evu843suk5DgDQy7$Qxtbh$xS2vRTgWCvtEA$KPd$9Atc5ydUHdPUcxDRZpMv148X3JWLYqUGUUOybUFx-CSXYkv47JGUi9PNJbKZ0lwLY$PtsZvkJUtcMDEuYPWEjLDRLvWG8$PALxa93ShlCchUYPdX$Jly642$$Ln4TuMA9yhByAJAEuExd$ad4EmyZLkdFuExqrhCMAKdj4qrmSdcj4GR9xrsn9RuBRNsCLcGzC8GTD6qwAyoEoGyVyVs240qtcjj8LCpLvFl3UyLFlQlzd7UioYAxjvLnEcDLUfPJpbZhymy2EaRmlLvnvuiqtBGz89biPANN$hyU$-CcuCrC9z9DRCpyJyGdcLx+lqiuAxyiqjLJTLLalVEluLV9y3jjxfy2Pyc6ZKdKxGRFl5EfykPg4cT-of9AuiVp4nSvVsoAN+JhyOykVHu+vcBn9XXHZ9NnEtAGuaE4uLcCxadJdno8yxZSLIsaVbXYBCST$998tiK-tAxSrhySxgv3JbldcbuCVXSTJwqM$tthVlbS9s9$JhEqAtAMKtv0NuBrPZjPSMUxqQxvV2x1NLWgS+EcurvcLaV8oyfXGdcE4pGsc2U$LN9flnExyz$dbKJRGMGxNnKrjUxEGyfHc7yXigC-jnKm$-$HftA6jFDVSKVpqHVNsOVAqsKop4d$LVXCrBTfL5CopUPhl9BHjwDITATrKCfOxAfu4qSXPIs5rgqk43JDw1y+yGL$orSY9ZsEqiT5dp9pBqDgT8$hA8t3jSwZEHZ8B0ACB$DHZAKBvcyCpwy6d7wLGur-y-$DwLqVRT4OyDKX9VRj$7kNdASK$MZlsMwRG3jvVPWZcXZLPj4fUnAbVtSfGrSsVYPENlc1tzymtUxwAlq+J5ERE9LwxgPGvar5$nLAB+VdqFtBw5TLvZUhb2qlswX7HaPHWzt0$3w$SxJINqyDxdlbwDcnxA9SW9L$4+BtcKsqAdbKBPRYP6wXbOo8b$8jc0LhymNSLvGbbTDcuy1QbCpREbZqNdAy4DR$JKyvfEqlKJbxD8JCs5rMDTVEkbUy94kuyUH9AUXj9Ms6E$JARRAxyhjPbcuPJIJ5yFfRA-H$vcAgUZJ+fp97J1$rotHrSAwW4nKGRaVJNbHF96f1dSCCJW9MwHZE$-DXHMODjST0UaOXDxS9b9v3jRTny0UJHaK41icXDE4ci$$GLTOCrCEhPDHqR5UToEAzjVRZpjJvr5fClpZVRjOcw-9zt5HGNvdgSnbcApOntuJzt8LZA-u7b-kGy4$NdQwhkv1Cj5IhBuVxIKl0EpS3xpKyof1HZCruvXDafjfCriHX4KkAxGuZL$LRKfOL48$yGAP1ycLCEZEa1$JfCN1z1op4P5XopV9wZCsGo8fYP$JbjYf1jvdgyA4rSjKqSYPcEENpNGyJBVVk$pVp4wLC45k5r-Z2Et1+lmC+DVKs1KP-rqv59OG3jcu0RzZnPqj$JXbJNwXKBROTkUOCoq9ZfUU5UCJTHOy7NjEqkCVADqf4oaXiWEs89-I7I2ESHpbQZDr3$xLDrmI2R9H5CBdLjKlRTRoKxwxbsykXVJxZHHJ5TXkGtCu3IZJFpQph9Z9pvvcZGHytbOZ7T$LIsTjrPnxRjGB7oyG+djIQEGjaofbR9jfyo2UZc5orudbYYHkAP5UMx$vq1pVLvOMrdWE6Z01411mQCZpsM9fAxC9SLwlLAzwCpXZPS0EkAYZwX6EsSPAa$Cs94wXMjaZ+x+jU9Kd2IAB9LUvC5GDHyWB-H5UdKOyTOnv9ALrUDv9UAZqnKrxA9E9CsQJQJ6ERPXDKxYMxdUltdvLn5lkIkyftcK9AcYPqrF1ZLCv7TaRj4ENjcdRT8N5BYcyEMmCQxd58LbZad0SOBZJ4EdNBuhBm55EvcJrHIJ9QWCsaVa40JLKpmuOXIKlGRxM1OcVIOGOmO-ORS9MBJGLjLlPKwQqpVE5DlHGVHc1Qug$hbmXXxFbQbkVfV8qLwtqbZisculqRqjWoUqrLOmXj4xVHK9ApgBL4L$wkoQquAmyD9YfGRHcx1nKVASsfyKT8E2BCYvdXDKBdlnSKBkMd5GV$JnN$kvXFVUjadKxFMwXvBFC$BILoZ-VMGKy5GycUb$lWLiDysyHNA0Pg5iVhoBMwPqizC-gOPQLJqnKyBacoYntQyBBnOnS-MDR3$1fjfsHOBNdyARAtAv5ypl4cwEU+dX4vUxmt5wgSL1gigpKNOLLiMwL3wDfFOGOJIvTbTDf2wwXQM+MKdS7cu6j$vYflqT8y7MU9LZmVyRYlZBoIo9o5fHHh7IMAN+7Yf5rfm9I0wvXRZAZ--vXiWYx6AGLcu5r4MONc$PaVSuacIjNvwfMnuMwwrQJcubrZSlSELEgRH5CXASXOVI-Ux+d6U4rCGxogO$xOGRT7E2E7GE5KJ+C5oNkjovMDR9-7JJHfkaw6MiV9jBMA5VM7O9oOK7J9N9AvozN-XgjJggbRbPgywCqIVHcskGS5ViVAwLmxOI2zGYxO4gYVxjUpsKdaYBrHTEL45wLhIlGoOEL8JPkYPWoHygx3wrktc2bwq6A-yXk+CHmhC-EhHuNnE4IPYlcb5q22EQSpMI94MI7RIV--y-L+V12YSyECJztsccO0b3LWIp2$vaBt-5wM$xLOgPmumFDkmIsEP2vzUlVAkfLlEwL01Kxam$vkMmmqFBr0-SPhOl2bTpIDhoMfZcK5ICrJILLlVwqqtyvWbWW0tq4pu0MnO+wOygS92WBCpsk0tu9jrMSwYlaIgyf9VEB3wo$5bk2lFlP2bVLKxrvGyiW7ZsEB50Gmv9oYo04jN2vE5XSkQiZ6KlVa8qNFJAUwoscj457I5gl$FHFUhPsjHVRtgQ47DHIQ55-NH$wcr8rr-r5sSoGTh95KPlMOoAIuqPSlP6OZ25Yff2uwlLcc$ZLqYQ-ZJ5vQrrduJwK1u9AxwWPc7TgE1FpN-wJfLgz19Klqo5TGKg$Wfpuci3aDfGqjqcauY5hvfZoHK6vU1TSDSIbq2EgHcTVRLq$9QpHRAAxtgLv07ovAAuwdb4djE+dC7ffbM+EWRBMnIJriHuPlwnKnwWQy76uLX0bx-vG6E$ZZJ0SBtcwA58wVXaV9L0mHDRq0tNToaEjuiIHDroGy7YffI8Jy5cA+59PcLLx1Fv2kjuJOFIYZv-Dqr3aLu5SSfV-1BO+PW7EoFx6MREVNBHRBM2P8LHmrOArf7Pc7h+hQZ96VQK6IFE7vcHa2E-lOMvLcwlc5tNtC3fxPMi+ZJM1vLxBQPFoEfH5k$ci4MW+Bq9KnPRvC-$bUBdclPGxQCsNUTiancNTLRscnMZx2fa8ly-QwHk7o1bJcu3VdDWosLvoaqZkIsZp0LvLMd0tqY-hj2NQzuUQJAwHlW$QBSuX73fyhBJX+AZ5l5qAR5LcBFlH2E6ULKKFLWXXfK-V7VvX-aKxaVxP9AdvoA2-t-UXi-E2pS7-CsySJSvXPfJ6wA1GCo3jjOF060M3cyrOyESaQQF$+QzRVf8XTzoBZphBCn8b3orGR4$J6R06m7lYhOjOvVnNl3AvD+wROQbgvLmjcB4HDRlIFt1Gdo8JS0+EGbKjYhxgm0TCSW9Yvl-REhy1jBhfyL3JMxLjSlWw87W$WZyQfhLhBIYy+Jj-oFm4XkdiR2oqCQ-tDJNE-y$2A791TCjPG7rzlZNoCgli48kPrSqLAjRP-pd7L-HHwtRPMoHY9$Exh8lsmclEwvpqExHhjWrJYE4s9+h8qwm1X0J-yqEyPykTVbZdNsuyh8ldmnjLG7WwLRohcquyWy6pPIfNfGQtfUMp8gHNcDp7WBRmDLEShRONztl2t5DkLtxCptDmWcMcIthydJgfrrmILfDZiflRJcQZJJXA6occyXLAHYyCOdtvCd--BlKytJWNIWfXy4ljxEkxcbLWl5jl9EDJizG1fBBtL28txxglllvCFItBBJTCP9l8hiAGTjfApHA6XBDoSsmJT5vYGbm1mJJ5JIyVNtEhk4DGANCCv-y6cImILvLvpNyfNfwljDaJwX63EQGwlITC4UCrHwPhzw9LELUbI6RmGwmtNJCHG3j-UhlGIqCbjTopjuNOl-BztdiUzBRCKlTBaRxcMtvmmPj0voJrtPRN8L5KhCuE7iAFN$G3mILmCJJfmTo4tBqtuAJrqYNlh2Gl8uSvC0pAlCRlSJZcoaPYhT71Arx-tfCz95jCMmYlCkhC0yJjC0jxLA+GYlHl9hE5TjhTmhmscRLXEjyQfR8NRGNGd97k9JTC67CvhBJJvlZqvllyVfppotypF89TWM5wpyLbOHtjTy0Ed49jdky2GqhffD8gL9P9hkl6CfsZPx7SCCMgfyCFmUdqxqS9-yu5jD9ErcgvvURujAWrskyFPCUJlEBmDLHpDgPRNGhiY5B8LdOPRyAhJ46jwLsC8PwOCIGgjJ87vcs9mfB5Qj+R-2QZwRNhtvyREHQ7ccUfuJol8yfdRNvPho5acqq2dVC1vNKWx84MyDJ34GGipME6TlZ9ElaCE59LYL1JQLhGmvGxcwJIp2WWIShlkB2JKc-z4EGfME4f5MftNhR5LYZdpEiCjTj2f2ojjVLRwcxR1pDWb4hyqDMqcBl$WqTdVMWduc+C-B9L-AhZRu79maL2lLS6rcA7YBwKl4uEOqd$-Bl5mMPp-hymP7ZBDJbBxXzS9yTvfC8NTpp4JGJN8l6JVNmt61WlyywyRqyCOhvPsNsJ-LTiyQR8xuBLtnlHyWmJOtiC+NhWotNCrkllmrLKHdiN4mwvPlGm6LjyqyzLl8N2NpswqBtU-PC9dlViTDSdlxOtBLSdJJLwLfh6Kw8tQJt8gr2RqkACGs-Dyqt0Ev99yyhfDrBWdoO9d1iYEqx93bucdQByDfRPYfOwNr192RWVya6H+l8GxmxtZyBnysa-hgi1ywu1VhVQfN8tSiBDE6AEvnW$mvGVAIdduaW4smXVmdydfghVCYh8fvGvG8ChBzc-dRiRMLIv6WECmwyb99LyyfvYyuJFy$E97u3RNoxy1pPIGc5IpEfKNcL6BdI+TrTEFtGZqJMthDJu90GqiAQhKdqRXmatZcfy2pq5v3IK4mAPLoWE89SiqCHL+8hk+abiDMLoJNoLlltlXlOcP$9J7WHsfEBo$Ka8EMDCggdy$oICSuBqhlQM5BBWbhmtNCkaBM0kQJSLdxzMfuASJgddcvvOBlH4A4J8HrU$+nfPyHoVcCwvv6Zgkjjj5E8UPIC6KtBX8xy2PvvOaC-c+oxrVQtE5xwUHXUQJLChllqp15KTP3CChKG1CHRzojNAAUlyBGIW9Emtc4cB+zCEWNy0t6oc-dvNF5wyDiwX8Kl-iASSJ4d4Ch-O-mjB1cH9CFadllW8M+yVL-pl5L5SA50GqGdLvu9Li-EJJ3yHbCclHfGLjLlpW8NAhMNuybPfpvL6ZNxGwcEAzTpXvpf-lOAjcH8rkhVCxlmRuLZ9cu2fuK5SH6DYfZu8OdIQ8MS8Ky6PZHmd5WlHPuyqSlVyQBujYcBtHuRIlUl--LPcy-uAk7Zldy8raDkPGhvH9jSPyYLkJC8msl3I5qMtci9PW5Ph8a8bZ5ijFcs-LpktFCrqHAf3BoSp8XZ+Ffh76oKgwyYycqMQc$LmozVa8tvOU9mPOgUK3ONkJqtRW6fkKbJqqOFcFQXGMqyVMkbuOTL1gkcbUlk8KcWjkJZU9+l9vnWzQujnt36HuU8C5wKSgyGDUEvFcP4SyrG3wqSc074JrmuKBs4XvFO1p+g5k9AmxzQO1pwJydcVluh09Al5SiLMtOpf$U6Pkg0KcLxCc2d8lyvDpMNRrmnq1XhWyfu3VUq+7yUmg8fzKb$zQq85cAyDMtUJ9hfMPSy3SkluqzQc-tzKuKQtxOf2wMPlmVKtl4LdzunPT7L8OlI8GOmgQdvOZrsTQaIQvBZ4mDZLfivM5OPKYBylmHuAyaEcoHuKfCQYvEaj7A7jffDJyBEoz4q4jfwqqDbFOBQlGhpNBNBAGTp4ELKfblTH7$HCUil3KoWXTbgCdzISMcJsdYfLaHhr4pKmdzG8iDDmnSWf2W5ul+yZzQyatZZH4zik-QTvk8JRoGVirlzyvBKpRtg7+9pH91KtzWX4NQW0P$jCwJRK9Zvggt5y9VApL8O8rLzIGZwAD58Aih25$Si4QCH+9LoFWHvYyrsoLOMLtEvfGf5R4ZpZLIB5StuMXRGDianKKSrqBSRG3ApTUfHU8hDC$xoBXzt4gfbl+yPg-rHISFcJD3ykXWbHujnBggvmdD3PHa7uwDSYkRDrMWmvSlSs1xV8hvHKSRy4JRE9KNsBKgvi4SmI7zhpU6vHA8vU$zQqGfiylwBqUx98glln7DrbINBZlolLz7RDMtlLOChBQISFcDvaGRfN2C7YCHwTLNMJOcHHGMqKEkS9dymgtEoZhqmBJK9pHLolHdcHDZch4AugpRBq8FrFOh548C$MtlmfIyVH6sJibZUSmTGSLlSYoGt2B-sO4HuHGs7Tb4Rlfmw67+o8t7if4hqCRrxiOSp4hB+ZLJWKH6EaWm4hBy0YAJ8EwBRs6DWRSTbirF8mFvOAmycH8DT1jhvsz7R-H3Wu90yTIHtBT4j-2rzIBOAdgFP$rfTxJvmG$GZdLvlDHirjKGaIL4RINPNIwPRgKVxLdOzVhcmkSmHzDw1U37Yt-LC1HyJqHQO-H379LUsXkJbk5t9gA14boAtQqpyxGR1QjcHV4GgAVrX13tUIMSowzq4CsobtkbU37t1rk1krpuzz6aANrUK2YcMJqBNAOaB1AR1OZqaWz-rGTiRTMUtyqAvr9K7ZfMM6695ur7yls5Bml7qHsrfH9vj$Jbp7HYrR85$Ujhko8lcp6fGrD$jJp2HzS111rgKJbk0tBEGk2X$$Zpf0QhrfHkIVMMbayU+rfH8lrMJuayUgrcOTlL9MGrn7E7JOZlEZ8BoJz6awwNl1OML3wzUrsf9ry1RUp2zCv9flrDBZ6li8Orrf6bW52cg6zMJVlmbIBbPa8z5rmHQl4a5Er+7s7MSLEX1Ucp6UsbsLiWtMJrrtz2ANODWr5b4pAAArPOSWDY21LAVISfHPWFjRqcHHXv8DUX1Wq9PcTl2ajLNLgo8a-PR2wOsbZRaUoWHq7rwPNa4RGoE1x7Af$Na4-yDc1xvCOYPD9ZBpsTPVEO-Pp9HGpOA977OwL-9ZkvnH$jLI+rztUfDJ1f7gHoRaM-t3W1wGQHmbIo-6qD1o2fwHXY7x-CuUFRfHkU1PyVrPHm7O1PUL1RZkNHv2aHHUsPGdI-H12WIQRDYAZauHo8UOlrIaAHpuAI7k4qSDLvDoXTM7NcaU+VA1aqUoaAI7EwWo8ynNXaVy3CR8-xdUTXVqjxv0BV-wsgTyRfcclEfTPuTsKBOuEMZcsmoftBU14BlyvPhvm+GWwDb+SQx9uS-GdvqE9X7EC6i+DIj0vib0QmEv+ZLBkLkSOk4xQ9bi1+uPCMNply6btjdP$l2u4KHDaAEQLxVccCLyyGXMh8Tt0SuyCKpcmb6ZCIw3D7JocVsCLwABb9FLPWORvPCzjPyYDYEqQ0pQiWoLovUbLyyj7yGEry6CyLQkyFG0c8LUZBbGlFqCNpMCd8bkvjl6GpBrtlrM8w+yRFb4DkFyNPNumrGuMyyltll6Lyyw6gDwTZGUWaHHdm8C8GpJmMYLDylRBfTMy4MXqIzjaD11PXrGLLMQ2WhVTQB1Myy2QV1PXCC3ko8yh3VTbE8ywpVTqaI1+DXnTrdlLq5pJmry-EWx46xgktR-GYcREMhMyhm+rXmMzKyLc6CWRoL8YgydW-pmx1$ymdu1HdhpyylTHcfcj7p8yNyyHkiN38EhauYGdyft930spkLUBC1OyqLd+I8mnBILGGlZ6I6pNbmVJfpHfm0LYXPc4YItOs0KmYRoBfJT8U32jyE5oSbWXDyTbAcQr4GgoCZkZBi5rB14AEabYhViGblN4wY+QfCqyJIm8XzLSL6hR3oIlzAYLVLlT9ZC0uyRqCfpMJ9bhj+rG8ysxERvLhVT9Fcyb8by6y0aG5XNVqNqryKCoNoLEAYqDbxxdof5FJR4KJtbjqWm0XBp$LjLNL22+8y59zyd0mbfp6kaSp4GFymbhNNraIprdILbPyymCA$ayP6Iq+hDb8Sq32P5D413FZMRo0hRThj+vGTMRyzLCshAGiGuLLLjoc$hfT8jt8cL24fZyyl$$Bpyy"}},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\ncf-chl-out-s: ZJ/g+o/lbAfbDqUc2KDQcA==$0uZEPpPatM2c8JJe5CZ+nQ==\r\nset-cookie: cf_clearance=0Ckz7gKUd.TB55L9slkqTyv5AQh017USSWbdHYYWbc8-1772916717-1.2.1.1-NGXJKUtRry.AFnO_N6OJTr9hnKxE9GddLxQ.iAUbT7JgCgKkZTn4wmQwD3OOVW3RSAWThMvP2dLTIaMJrI0eKCiLDcCNYqgzTZ0k_xP0symIBRYCvctDVQRdmaXwc8HGRLbIqhmfr7rKcGCt1juTCCGJA7ZnnqcUROx2WNhbh6uDcvE_LFjlUALP5QEbvcIiIseBxchzUTeODRy8kPD7AGmVJp52h.h9A9warHQsUz0; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=winvidplay.com; Expires=Sun, 07 Mar 2027 20:51:57 GMT\r\ntiming-allow-origin: https://winvidplay.com\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\ncontent-length: 0\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9d8c7b2e9a00a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"winvidplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"28fe4575ab.fb53d9afaf.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTY2ODY5NzQzNzQ2MjAzMDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIyLjQ0LjEiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjoxLjAxLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjF9","fqdn":"28fe4575ab.fb53d9afaf.com","domain":"fb53d9afaf.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:58.976Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"28fe4575ab.fb53d9afaf.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 02:48:01 GMT","end":"Tue, 02 Jun 2026 02:48:00 GMT"},"fingerprint":{"sha1":"6C:10:DD:3D:F9:4E:AF:E2:C9:0E:0B:2F:28:5C:81:AD:05:E6:51:9E","sha256":"44:2E:97:64:1D:EC:BC:8E:92:E6:71:E3:F6:60:59:04:D9:0E:36:67:BF:1B:9A:86:4B:E8:43:97:8D:A6:5B:29"}}},"request":{"raw":"GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTY2ODY5NzQzNzQ2MjAzMDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIyLjQ0LjEiLCJ0YWdfaWQiOjExNDAzOSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjoxLjAxLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjF9 HTTP/1.1\r\nHost: 28fe4575ab.fb53d9afaf.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\ncontent-length: 0\r\nserver: nginx/1.18.0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nx-cdn-host-id: AH1747\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":148,"timings":{"blocked":58,"dns":7,"connect":21,"send":0,"wait":31,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"875ba27c4b.12f929026a.com/in/multy","fqdn":"875ba27c4b.12f929026a.com","domain":"12f929026a.com","tld":"com"},"ip":{"addr":"116.202.249.56","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.116Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"12f929026a.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 14:04:09 GMT","end":"Mon, 01 Jun 2026 14:04:08 GMT"},"fingerprint":{"sha1":"0C:97:70:8F:06:55:03:E7:98:11:BF:3C:B8:79:AD:2C:06:37:AF:33","sha256":"08:D6:EC:30:75:7C:F0:E5:C2:00:73:05:C0:D9:6E:DE:EE:5A:FB:A3:C3:00:EE:D8:E2:1A:1F:FA:39:A1:4F:DB"}}},"request":{"raw":"OPTIONS /in/multy HTTP/1.1\r\nHost: 875ba27c4b.12f929026a.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://winvidplay.com/\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.24.0\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":293,"timings":{"blocked":128,"dns":47,"connect":32,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"875ba27c4b.12f929026a.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"875ba27c4b.12f929026a.com/in/show/?tag_ab=a\u0026site_id=31418774\u0026adblock=0\u0026testab=2\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=mq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=1\u0026conditions=all,dch_ip,tz_offset\u0026ssp=3964\u0026page=https%3A%2F%2Fwinvidplay.com%2Fd%2F9fv0hzswi11a\u0026refdom=winvidplay.com\u0026auction_time=1772916720\u0026subid=357529620\u0026sid=2756714033\u0026tcid=0\u0026ver=6.21.0-50\u0026ver_c=\u0026spot_id=418774\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2026-03-07\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=80.49688912176745\u0026kubik_score=80.509\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwinvidplay.com%252Fd%252F9fv0hzswi11a%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=\u0026crtid=b0681ff5c1739e7f8bdbb8527f77d810\u0026url=https%3A%2F%2Frcdn-web.com%2Ft%2Fr.html%3Ft%3Dhttps%253A%252F%252F1osb.com%252Fsmart.php%253Flink%253D10472854%2526var%253Dremoby3_10299927_600415%2526ymid%253DG0ssfEegEUvVOMGzvrXV00e8NW5ek7lBd7jTCEScebWAhwRGMQ5UJzeTyJIouQoA%2526var_3%253Dclad%253A2756714033%2526fa%253D1\u0026icons=ic0nqlYClbq1BRb5ntPLkenwOillghnaaJHmYh6JK25gZ-QP2GO373KhHBBW-jRC7L2DndDSLhKD2Ut-hkaB-RPI_fUAulNpxbi1VIDyMCMARfrqwu99uhSXkgF4jEl8Y0yZG2iKPNBvKxKDX1wwHGf4__Y1W-UUwx6kec4UQe1sVAoODQ\u0026ext_cid=0\u0026px_id=121457703\u0026min_cpm=0.12268043116258225\u0026out_id=0\u0026campaign_type=lq-pop\u0026aid=4217\u0026cid=22320\u0026uniq=\u0026mid=6660634737651273297\u0026skin_id=82\u0026vertical_id=0\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.008584333797202632\u0026cpm=0.008584333797202632\u0026verify_hash=44dab01a883c16ce3b7ba4a59311359e\u0026verify_hash_v2=6074a5788d4f8c5b661b9cbadfec60c14c8d1a20bb3993cf9f990a93a9f3a64a\u0026is_native=2\u0026real_bid=0.00025\u0026original_bid_usd=0.00025\u0026original_bid=0.00025\u0026show_type=0\u0026exp=0\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%252F5.0%2520%2528Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A134.0%2529%2520Gecko%252F20100101%2520Firefox%252F134.0\u0026ip_mismatch=91.90.42.154\u0026geo_mismatch=NO\u0026isp_mismatch=LQ==\u0026label_ids=0,89,4,27,150,20,108\u0026need_redirect_show=0\u0026applied_features=coef_095,main-skins-settings\u0026show_count=2\u0026expiration_timestamp=0\u0026image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp\u0026site=native-push-adult\u0026price=0.00025\u0026hostname=auc-inpage-hz-15-a\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026mismatch_filters=ttl_mismatch,geo_mismatch,ip_mismatch,ua_mismatch\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=\u0026pop_cpc=0.00025\u0026ext_campaign_id_str=\u0026is_webview=0\u0026client_price=0\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=antiadblock\u0026tma_wallet_balance=0\u0026processed_keywords=\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.034337335188810526\u0026social_network=\u0026publisher_id=42825\u0026advanced_pub_id=11042872\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpm\u0026final_source_id=0\u0026discrep=1\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=multiOS-view-t_r-body\u0026mlf=1\u0026cpa=35a1cfdf-380c-4452-982f-945baca67781\u0026prev_step_diff=616\u0026st=0.05","fqdn":"875ba27c4b.12f929026a.com","domain":"12f929026a.com","tld":"com"},"ip":{"addr":"116.202.249.56","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:52:00.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"12f929026a.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 14:04:09 GMT","end":"Mon, 01 Jun 2026 14:04:08 GMT"},"fingerprint":{"sha1":"0C:97:70:8F:06:55:03:E7:98:11:BF:3C:B8:79:AD:2C:06:37:AF:33","sha256":"08:D6:EC:30:75:7C:F0:E5:C2:00:73:05:C0:D9:6E:DE:EE:5A:FB:A3:C3:00:EE:D8:E2:1A:1F:FA:39:A1:4F:DB"}}},"request":{"raw":"GET /in/show/?tag_ab=a\u0026site_id=31418774\u0026adblock=0\u0026testab=2\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=mq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=1\u0026conditions=all,dch_ip,tz_offset\u0026ssp=3964\u0026page=https%3A%2F%2Fwinvidplay.com%2Fd%2F9fv0hzswi11a\u0026refdom=winvidplay.com\u0026auction_time=1772916720\u0026subid=357529620\u0026sid=2756714033\u0026tcid=0\u0026ver=6.21.0-50\u0026ver_c=\u0026spot_id=418774\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2026-03-07\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=80.49688912176745\u0026kubik_score=80.509\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwinvidplay.com%252Fd%252F9fv0hzswi11a%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=\u0026crtid=b0681ff5c1739e7f8bdbb8527f77d810\u0026url=https%3A%2F%2Frcdn-web.com%2Ft%2Fr.html%3Ft%3Dhttps%253A%252F%252F1osb.com%252Fsmart.php%253Flink%253D10472854%2526var%253Dremoby3_10299927_600415%2526ymid%253DG0ssfEegEUvVOMGzvrXV00e8NW5ek7lBd7jTCEScebWAhwRGMQ5UJzeTyJIouQoA%2526var_3%253Dclad%253A2756714033%2526fa%253D1\u0026icons=ic0nqlYClbq1BRb5ntPLkenwOillghnaaJHmYh6JK25gZ-QP2GO373KhHBBW-jRC7L2DndDSLhKD2Ut-hkaB-RPI_fUAulNpxbi1VIDyMCMARfrqwu99uhSXkgF4jEl8Y0yZG2iKPNBvKxKDX1wwHGf4__Y1W-UUwx6kec4UQe1sVAoODQ\u0026ext_cid=0\u0026px_id=121457703\u0026min_cpm=0.12268043116258225\u0026out_id=0\u0026campaign_type=lq-pop\u0026aid=4217\u0026cid=22320\u0026uniq=\u0026mid=6660634737651273297\u0026skin_id=82\u0026vertical_id=0\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.008584333797202632\u0026cpm=0.008584333797202632\u0026verify_hash=44dab01a883c16ce3b7ba4a59311359e\u0026verify_hash_v2=6074a5788d4f8c5b661b9cbadfec60c14c8d1a20bb3993cf9f990a93a9f3a64a\u0026is_native=2\u0026real_bid=0.00025\u0026original_bid_usd=0.00025\u0026original_bid=0.00025\u0026show_type=0\u0026exp=0\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%252F5.0%2520%2528Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A134.0%2529%2520Gecko%252F20100101%2520Firefox%252F134.0\u0026ip_mismatch=91.90.42.154\u0026geo_mismatch=NO\u0026isp_mismatch=LQ==\u0026label_ids=0,89,4,27,150,20,108\u0026need_redirect_show=0\u0026applied_features=coef_095,main-skins-settings\u0026show_count=2\u0026expiration_timestamp=0\u0026image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp\u0026site=native-push-adult\u0026price=0.00025\u0026hostname=auc-inpage-hz-15-a\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026mismatch_filters=ttl_mismatch,geo_mismatch,ip_mismatch,ua_mismatch\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=\u0026pop_cpc=0.00025\u0026ext_campaign_id_str=\u0026is_webview=0\u0026client_price=0\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=antiadblock\u0026tma_wallet_balance=0\u0026processed_keywords=\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.034337335188810526\u0026social_network=\u0026publisher_id=42825\u0026advanced_pub_id=11042872\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpm\u0026final_source_id=0\u0026discrep=1\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=multiOS-view-t_r-body\u0026mlf=1\u0026cpa=35a1cfdf-380c-4452-982f-945baca67781\u0026prev_step_diff=616\u0026st=0.05 HTTP/1.1\r\nHost: 875ba27c4b.12f929026a.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Sat, 07 Mar 2026 20:52:00 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"875ba27c4b.12f929026a.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js?","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/ip129jk?id=6131316977737a6830766639","date":"2026-03-07T20:51:58.294Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winvidplay.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 09:33:07 GMT","end":"Wed, 27 May 2026 09:33:06 GMT"},"fingerprint":{"sha1":"9D:1B:D5:EB:27:A2:9B:4C:DE:3A:18:C6:59:65:C7:30:DE:13:CF:E2","sha256":"CD:05:1A:2D:1A:F8:16:84:88:50:E3:B8:35:40:7B:07:FA:E7:01:7A:BF:5D:35:60:93:98:6B:5E:23:2D:09:04"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js? HTTP/1.1\r\nHost: winvidplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: vf=9fv0hzswi11a%7C1772916757%7CIiu5KvUQLVEQ8OLp-tmccbyMu1SeTJkZaNhuduYwzKk.YhmwM7pNSsNm4-IsA5LCH0p6xEU4S8yad7RkDiOkwmk; cf_clearance=0Ckz7gKUd.TB55L9slkqTyv5AQh017USSWbdHYYWbc8-1772916717-1.2.1.1-NGXJKUtRry.AFnO_N6OJTr9hnKxE9GddLxQ.iAUbT7JgCgKkZTn4wmQwD3OOVW3RSAWThMvP2dLTIaMJrI0eKCiLDcCNYqgzTZ0k_xP0symIBRYCvctDVQRdmaXwc8HGRLbIqhmfr7rKcGCt1juTCCGJA7ZnnqcUROx2WNhbh6uDcvE_LFjlUALP5QEbvcIiIseBxchzUTeODRy8kPD7AGmVJp52h.h9A9warHQsUz0; _ga_RRBBHD087X=GS2.1.s1772916718$o1$g1$t1772916718$j60$l0$h0; _ga=GA1.1.182876236.1772916718\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\ndate: Sat, 07 Mar 2026 20:51:58 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncf-ray: 9d8c7b315a5ba9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26052,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (26052), with no line terminators","md5":"02bb4b2b5de14909d9bae1e457312777","sha1":"0595d140079a5d972860726d047d7f9e8b52eeb6","sha256":"796aed1e5e12aac7e046f5dc8eda6f667f993bf6366f03a58d7689d564f8c0dd","sha512":"3971d4c3cea2b3fd7d90b8c351b4303689099bcdfa8e88c7f49c852184d46f459a6db3773fae55d4d60078e626fa1a19aa58d2af5d838a4cc2bb60d1041445e0","ssdeep":"768:vU00R1DvpK3OXkrdB64mTSVQb/h6ngKSmDnU:vU00R1Dvplq+T2Qb/QngKSmDnU","tlshash":"eec295c635e671b5837bb431202773cb7a7efd54300d5889e951a9a9fc6070ca0bee98","first_seen":"2026-03-07T20:52:27.653704Z","last_seen":"2026-03-07T20:52:27.653704Z","times_seen":1,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":13,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"winvidplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"875ba27c4b.12f929026a.com/in/multy","fqdn":"875ba27c4b.12f929026a.com","domain":"12f929026a.com","tld":"com"},"ip":{"addr":"116.202.249.56","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:52:00.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"12f929026a.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 14:04:09 GMT","end":"Mon, 01 Jun 2026 14:04:08 GMT"},"fingerprint":{"sha1":"0C:97:70:8F:06:55:03:E7:98:11:BF:3C:B8:79:AD:2C:06:37:AF:33","sha256":"08:D6:EC:30:75:7C:F0:E5:C2:00:73:05:C0:D9:6E:DE:EE:5A:FB:A3:C3:00:EE:D8:E2:1A:1F:FA:39:A1:4F:DB"}}},"request":{"raw":"POST /in/multy HTTP/1.1\r\nHost: 875ba27c4b.12f929026a.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nContent-Length: 2220\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2220,"data":"{\"imp\":[{\"ext\":{\"utm1\":\"\",\"utm2\":\"\",\"utm4\":\"\",\"refdomain\":\"\",\"labels\":\"\",\"tcid\":0,\"site\":\"native-push\",\"screen_resolution\":\"1280x1024\",\"ve\":\"\",\"mo\":\"\",\"format\":\"default-view-b_r-body\",\"idzone\":0,\"testab\":2,\"timezone_olson\":\"UTC\",\"blocked_verticals\":\"\",\"after_video\":0,\"tu\":1,\"mm\":0,\"skins\":null,\"st\":0.04,\"spot_id\":418774,\"timezone\":0,\"subid\":\"357529620\",\"wl\":1,\"event_id\":\"a2a86afb-6eaf-4f64-80be-0cce93158e9c\",\"sid\":2756714033,\"created_at\":\"2026-03-07\",\"ver\":\"6.21.0-50\",\"is_native\":1,\"device_theme\":\"light\",\"ad_tags\":\"Ome%2Ccewe%2Cchindo\",\"user_keywords\":\"\",\"v2_track\":0,\"default_keywords\":\"\",\"tag_ab\":\"a\",\"suggestive\":0,\"v2\":1,\"features\":\"\",\"yfriendly_always\":false,\"is_iframe\":false,\"approved_mainstream\":0,\"default\":1},\"pext\":{\"ab\":0},\"metrics\":{\"topics\":[],\"prev_step_diff\":2140}}],\"site\":{\"id\":\"418774\",\"cat\":[\"IAB25-3\"],\"page\":\"https%3A//winvidplay.com/d/9fv0hzswi11a\",\"is_publisher\":true,\"ct\":0,\"ctid\":1,\"script_type\":\"antiadblock\",\"auc_domain_type\":\"hash\"},\"ext\":{\"dt\":1772916720099},\"user\":{\"fp\":0,\"fp_str\":\"\",\"ua_data\":null,\"events\":[{\"event_type\":\"show\",\"creative_id\":\"345d0c52156fadc365374672fd36424b\",\"campaign_id\":17910,\"multi_position\":0},{\"event_type\":\"show\",\"creative_id\":\"b0681ff5c1739e7f8bdbb8527f77d810\",\"campaign_id\":21764,\"multi_position\":1}],\"interest_ids\":[],\"click_status\":\"unknown\",\"keywords_history\":{\"keywords\":[],\"pages_count\":0},\"is_webview\":false,\"is_inapp\":false,\"telegram\":{\"user_id\":0,\"username\":\"\",\"is_premium\":false,\"color_scheme\":\"\",\"wallet_address\":\"\",\"wallet_balance\":\"\"},\"social_network\":\"\",\"audiences_ids\":[]},\"device\":{\"w\":1280,\"h\":1024},\"fp_params\":{\"plugins\":[\"PDF Viewer\",\"Chrome PDF Viewer\",\"Chromium PDF Viewer\",\"Microsoft Edge PDF Viewer\",\"WebKit built-in PDF\"],\"languages\":[\"en-US\",\"en\"],\"fonts\":[\"Bitstream Vera Sans Mono\",\"Century\"],\"fontPreferences\":{\"default\":173.11666870117188,\"apple\":173.11666870117188,\"serif\":173.11666870117188,\"sans\":162.01666259765625,\"mono\":122.68333435058594,\"min\":10.800003051757812,\"system\":162.01666259765625},\"platform\":\"Win32\",\"colorDepth\":24,\"deviceMemory\":0,\"hardwareConcurrency\":48,\"indexedDB\":true,\"sessionStorage\":true,\"localStorage\":true,\"cookiesEnabled\":true,\"colorGamut\":\"srgb\"},\"cached_mislead_offer\":{\"track_click_url\":\"\"}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Sat, 07 Mar 2026 20:52:00 GMT\r\ncontent-type: application/json\r\ncontent-length: 3924\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45062,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"a02cd6a7565e5099246c4cced52cb938","sha1":"83d18c82ceeb26c429ae5ae81f74e8e4bb3f1297","sha256":"65900a74bbccca89739c7a6e42bdd3f57a446a08f0ad28097f5187564defec3f","sha512":"00bf03e2500440150680c38328e712db67db7c07d8163d9ecc4417646db0ba9e3c386a7d166a1b783b938be7786864f75122c77e7811bf8f20c53d5c405505f3","ssdeep":"384:S/X/sEnimzWP4We4WaEGimET4WC4Wf/X/ODNimOWTNWaNWWDoim4tNWoNWQ:SfEEE+6EzTi/fGDD5pDNtNb","tlshash":"8b134be11cfa9e521dc78212356d686d71d0ab0b56cd1ee9f276c218c8a537b23cec9c","first_seen":"2026-03-07T20:52:27.656074Z","last_seen":"2026-03-07T20:52:27.656074Z","times_seen":1,"resource_available":false,"data":null}},"time_used":548,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":548,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"875ba27c4b.12f929026a.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:54 GMT","end":"Mon, 27 Apr 2026 08:38:53 GMT"},"fingerprint":{"sha1":"07:1E:D2:0D:5F:A5:AF:E8:26:91:FD:C3:DE:5B:BB:4D:68:90:1F:3A","sha256":"22:A1:18:EB:6B:19:59:23:4F:FF:AF:80:D6:ED:5C:1C:70:98:29:15:03:70:96:71:FF:A9:7A:45:6C:E8:1F:1A"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:6PMx6zZuBPdefOsp2I9aUK_HYLua2Q:xpCacre7z0ZtfQMw; Expires=Mon, 06-Mar-2028 20:51:59 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S923811298:1772916719423280\u0026ifkv=ASfE1-rASiyQu0GuiRK6TtS-PbLaY_ONlZaherhV6vlcmRAScUJ2lTa7qlZDKQVNUWOeYo9eYaI5rg\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncross-origin-opener-policy: unsafe-none\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-yHSbJ6dpazYSf116pXpRpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncross-origin-resource-policy: cross-origin\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":161,"timings":{"blocked":68,"dns":0,"connect":15,"send":0,"wait":26,"receive":0,"ssl":50},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp","fqdn":"static.bookmsg.com","domain":"bookmsg.com","tld":"com"},"ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:52:00.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bookmsg.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 Jan 2026 02:32:07 GMT","end":"Sat, 25 Apr 2026 02:32:06 GMT"},"fingerprint":{"sha1":"B8:B1:28:04:7F:22:D4:AE:CC:82:0A:B2:C4:38:F6:84:34:0D:E6:E5","sha256":"5A:1E:C9:41:9F:09:0F:F3:88:30:28:82:ED:20:15:8E:C4:73:32:97:AD:2B:3E:F1:1E:C1:68:6D:2F:46:26:C7"}}},"request":{"raw":"GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp HTTP/1.1\r\nHost: static.bookmsg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:52:00 GMT\r\ncontent-type: image/webp\r\ncontent-length: 486\r\nserver: nginx/1.24.0\r\nlast-modified: Fri, 31 May 2024 10:56:43 GMT\r\netag: \"6659aceb-1e6\"\r\nexpires: Sun, 07 Mar 2027 20:52:00 GMT\r\ncache-control: max-age=31536000\r\nx-cdn-host-id: DS5058\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":486,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ceeb4e8840c24621c0e0352b42b38a5b","sha1":"03cbceb0134a39267014595938705e2916580644","sha256":"50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3","sha512":"80d4128488580567597ba5eb65dbff2dd4a8efc625c64cac6a027a1bb5c229545206669f04a50a252b54f471bee4fdc892e6bfe8347a50dd216bba67bd671a03","ssdeep":"","tlshash":"9bf00544191cd36c2a3c607afd74eb74a4074aa459226017cce447b08956811e856c1c","first_seen":"2024-02-20T18:30:33Z","last_seen":"2026-04-04T14:21:57.346Z","times_seen":10787,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openfpcdn.io/fingerprintjs/v3","fqdn":"openfpcdn.io","domain":"openfpcdn.io","tld":"io"},"ip":{"addr":"108.157.229.11","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/ip129jk?id=6131316977737a6830766639","date":"2026-03-07T20:51:58.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openfpcdn.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Wed, 29 Oct 2025 00:00:00 GMT","end":"Fri, 27 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:88:9B:B1:7C:CB:A7:14:49:10:D6:FC:A3:64:23:03:9F:CC:6A:B0","sha256":"6A:98:96:56:64:4A:39:7A:9F:12:CE:F5:99:D3:C8:24:ED:17:AF:92:3F:E3:AC:C7:7D:1F:2D:74:46:2F:95:D9"}}},"request":{"raw":"GET /fingerprintjs/v3 HTTP/1.1\r\nHost: openfpcdn.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\nserver: CloudFront\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\ncontent-encoding: gzip\r\ndate: Sat, 07 Mar 2026 19:45:26 GMT\r\ncache-control: public, max-age=593090, s-maxage=10786\r\netag: W/\"hurxpFJ1hzJm8rhSSUCMgpelT2E\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 fdac35835bcf0937b6f910eeac10720e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: Ihv5bVRlPs8QJsUNQga095-D4ezvfK4CgObu4fYc510v1tIAMCCfkg==\r\nage: 3992\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":33442,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (33109)","md5":"ef5a1ccf6a53cc40021bfd4647f82b4a","sha1":"86eaf1a45275873266f2b85249408c8297a54f61","sha256":"57281521094dd6fe0d1997e31eab51a203b0f338d39e730d260fdfecce621905","sha512":"16923eaa089ee9d2d5a4e7a02cdbd31da35c8ce7d61e0d7e1bc8a6aa0648c358ad5d5f9ce5aaec4c5247475b8192af167e7fa6941d4fe181c5e01f28ff8537d7","ssdeep":"384:fQQYf1KNHRJijKLE6wXegKHqHTBMmwZCKQLFKA5+pCqNFaiE8E0QIQfJJcChs9RW:fR1HRxf6Hc9NwlJJAbc1GPgJN","tlshash":"9be2f6d8b2c3b02a227368b6497f6007b63bbd54241d4843d57bd4c17ca5e9a813bfb9","first_seen":"2023-07-07T06:15:03Z","last_seen":"2026-04-04T14:21:57.377816Z","times_seen":4291,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":34,"dns":16,"connect":13,"send":0,"wait":9,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"notification.tubecup.net/med/info?tag_id=114039\u0026rule_ids=969146\u0026session_id=5m6osetbjm4","fqdn":"notification.tubecup.net","domain":"tubecup.net","tld":"net"},"ip":{"addr":"94.130.197.136","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:58.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"notification.tubecup.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 06:40:03 GMT","end":"Fri, 10 Apr 2026 06:40:02 GMT"},"fingerprint":{"sha1":"C7:51:D1:DF:5F:55:DC:AC:0B:B9:06:76:58:C5:A6:A5:E9:44:79:92","sha256":"D7:5F:06:4C:F7:01:BD:E8:0F:06:86:35:A2:D0:28:46:5D:B2:24:EE:0A:61:8D:C9:61:CA:AA:C4:5A:47:E6:CA"}}},"request":{"raw":"GET /med/info?tag_id=114039\u0026rule_ids=969146\u0026session_id=5m6osetbjm4 HTTP/1.1\r\nHost: notification.tubecup.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.22.0\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.22.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nereserv.com/in/dip?event_id=a10b3e83-c2fb-4dd3-be6a-db427cf5e7fe\u0026subid=500843478\u0026spot_id=503362\u0026created_at=2026-03-07\u0026timezone=0\u0026ver=1.172.4","fqdn":"nereserv.com","domain":"nereserv.com","tld":"com"},"ip":{"addr":"116.202.204.105","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 02:01:43 GMT","end":"Sun, 24 May 2026 02:01:42 GMT"},"fingerprint":{"sha1":"5A:69:12:00:47:60:61:04:6A:B6:3A:EA:C9:F3:9A:C9:67:83:61:91","sha256":"DD:DF:84:09:0C:5F:8C:36:B4:6D:81:49:72:9E:9C:CF:95:7F:D2:13:5D:58:B8:1B:58:5D:15:AA:4A:6B:6A:EE"}}},"request":{"raw":"GET /in/dip?event_id=a10b3e83-c2fb-4dd3-be6a-db427cf5e7fe\u0026subid=500843478\u0026spot_id=503362\u0026created_at=2026-03-07\u0026timezone=0\u0026ver=1.172.4 HTTP/1.1\r\nHost: nereserv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":47,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/d/9fv0hzswi11a","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T20:51:56.963Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winvidplay.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 09:33:07 GMT","end":"Wed, 27 May 2026 09:33:06 GMT"},"fingerprint":{"sha1":"9D:1B:D5:EB:27:A2:9B:4C:DE:3A:18:C6:59:65:C7:30:DE:13:CF:E2","sha256":"CD:05:1A:2D:1A:F8:16:84:88:50:E3:B8:35:40:7B:07:FA:E7:01:7A:BF:5D:35:60:93:98:6B:5E:23:2D:09:04"}}},"request":{"raw":"GET /d/9fv0hzswi11a HTTP/1.1\r\nHost: winvidplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\ncontent-type: text/html;charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\ncache-control: public, max-age=14400, s-maxage=3600, must-revalidate\r\nx-content-type-options: nosniff\r\nx-frame-options: ALLOW-FROM https://simemek.com https://simemek.com https://montok.live\r\ncontent-security-policy: frame-ancestors 'self' https://simemek.com https://simemek.com https://montok.live;\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ay34Y6g%2FkrssD8vUEJdpWqUG6%2B91uY3Fpht%2BST1RvO86iuBuDsTzn0RVajmYXz6BK3OMPlLX1haOf1xD%2B78QmJXGqBKnLHdGtzqZ4mGU\"}]}\r\nage: 16\r\nlast-modified: Sat, 07 Mar 2026 20:51:40 GMT\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: 9d8c7b294b401382-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"jQuery:3.5.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}],"data":{"size":15948,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (6442)","md5":"8ee908f28dfdb08ca8cf290a32c2a9ad","sha1":"092e86047d597e5b964c18749a1c137851d757ca","sha256":"3342c46184ec70469a1e1360caa6927e1e01868723eb98b105f5b24ab38d2b56","sha512":"3b05a8f4129c3291b17d27705e72b198a540497af17c39c0656484996f834538f99da55849efb4fc3bc693fe34647458430a9c4267ff9ec250d81479f33a124b","ssdeep":"192:XaKhUaxqDrrg913w4X83bLpkphVl5cYY4Mns6qXoDhxf9H9eWQVAhB08TJt27UR1:XaKh0rgQlyLOs6qOtt27MtTAnx/a","tlshash":"f762e7f2bd7b265c4293a1d87d27620411249002125dbc68f5ddb6e4bf78eee8837b94","first_seen":"2026-03-07T20:52:27.661416Z","last_seen":"2026-03-07T20:52:27.661416Z","times_seen":1,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":38,"dns":9,"connect":8,"send":0,"wait":17,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"winvidplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-RRBBHD087X","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.143.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:36:37 GMT","end":"Mon, 27 Apr 2026 08:36:36 GMT"},"fingerprint":{"sha1":"8B:BA:E2:19:5D:6C:81:59:ED:D8:AA:3B:2D:5F:A3:A2:C8:A1:E3:DF","sha256":"B0:8C:FC:C1:98:34:EB:0E:FF:AB:13:B4:9E:AA:B1:7E:02:11:9A:93:31:F2:A1:0F:23:9E:2B:C3:6F:EC:26:F8"}}},"request":{"raw":"GET /gtag/js?id=G-RRBBHD087X HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\nexpires: Sat, 07 Mar 2026 20:51:57 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 151235\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":457425,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6033)","md5":"a82565893815b18b7ca4bc00e1c5d211","sha1":"1ba4ce9f83a5b7f5914ebcc532b249637a4c1599","sha256":"269083f9242de1b19402730974df3944948b5b17b781914d5eb606ed2ab6405a","sha512":"4a955e91394100f7b8ca216b7c7c762062d7012aaf2be92e00dad3a92f3e02f899abc44b297531186d2230f16f3bd719a286e00da8deb770ac2984698e8a5aee","ssdeep":"6144:B9kKfNl3H2vNQBaKI0SfZ8RGw/V0sApXx2ZAJJx:L/FxH2vnDfZ8t6","tlshash":"b1a41ace73c674225396f478503f018ba57b68a2b48cc89af189cce46e7459a8137f7d","first_seen":"2026-03-07T19:01:11.337438Z","last_seen":"2026-03-07T21:30:03.336228Z","times_seen":4,"resource_available":true,"data":null}},"time_used":282,"timings":{"blocked":114,"dns":1,"connect":8,"send":0,"wait":20,"receive":25,"ssl":110},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"65a86a933f.2601e2d1ea.com/f3cd8c8926faac2723858ecb6f803775/114039?version_name=a\u0026domain=winvidplay.com","fqdn":"65a86a933f.2601e2d1ea.com","domain":"2601e2d1ea.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"65a86a933f.2601e2d1ea.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 02:15:09 GMT","end":"Tue, 02 Jun 2026 02:15:08 GMT"},"fingerprint":{"sha1":"C7:07:BD:71:69:8A:18:E1:AE:0C:4B:2B:3D:06:C7:26:FC:0D:19:B9","sha256":"73:3C:0A:61:98:DC:81:FB:43:1F:25:58:DB:6E:BA:92:9C:FB:B8:64:80:70:3C:C3:04:64:F3:8C:00:57:8F:E1"}}},"request":{"raw":"GET /f3cd8c8926faac2723858ecb6f803775/114039?version_name=a\u0026domain=winvidplay.com HTTP/1.1\r\nHost: 65a86a933f.2601e2d1ea.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\ncontent-type: application/json\r\nserver: nginx/1.18.0\r\ncache-control: max-age=300\r\nexpires: Sat, 07 Mar 2026 20:56:57 GMT\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3857,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"529cac0cd717a9ab06243d814c22c377","sha1":"a5d10c11466387d76a24b86b8bcfd90039d0b623","sha256":"79554802665b1dad8af6469af2090b2cb0abfd912f67117643e96c40823bffdc","sha512":"af64cca12a418aaff39a627b9191aab14ddc47017dd4e08c193c961c133a8caca95ba34df30b5ebfc01abb3b606b109e00a91b31dfcdfb63a8060de6d63f0f8a","ssdeep":"","tlshash":"f681a8e09ab0c8b6c1f0038b98cb3f4555ad216b60c4798af4bdc8e805de9561f5e11b","first_seen":"2026-03-07T20:52:27.664725Z","last_seen":"2026-03-07T20:52:27.664725Z","times_seen":1,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"65a86a933f.2601e2d1ea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"65a86a933f.2601e2d1ea.com/86a7d33af8cf3dbbcaf4db27258bf705.js","fqdn":"65a86a933f.2601e2d1ea.com","domain":"2601e2d1ea.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:58.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"65a86a933f.2601e2d1ea.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 02:15:09 GMT","end":"Tue, 02 Jun 2026 02:15:08 GMT"},"fingerprint":{"sha1":"C7:07:BD:71:69:8A:18:E1:AE:0C:4B:2B:3D:06:C7:26:FC:0D:19:B9","sha256":"73:3C:0A:61:98:DC:81:FB:43:1F:25:58:DB:6E:BA:92:9C:FB:B8:64:80:70:3C:C3:04:64:F3:8C:00:57:8F:E1"}}},"request":{"raw":"GET /86a7d33af8cf3dbbcaf4db27258bf705.js HTTP/1.1\r\nHost: 65a86a933f.2601e2d1ea.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Wed, 04 Mar 2026 11:24:58 GMT\r\netag: W/\"69a8168a-3f401\"\r\ncontent-encoding: gzip\r\nexpires: Sat, 07 Mar 2026 20:56:59 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":259073,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"65cd5ff25976719aaeb726b099232c30","sha1":"e1d0c34eb4153f6151b1d5167553334888b81fee","sha256":"937e4747e6dfcd2942f8e5c1d829e16f38ba1c68929f68e7b8eb1ce73c012b7a","sha512":"2c9fbca12ef794b406dbbde6023f5e0261069bff0774dacfe95caa409704dde6d6575d93f57d4a230974e70cc2d0f290d8629725d95d365f5ede7748b02e4d1f","ssdeep":"3072:Hpdz0U3MfV1svrD5/z7rs2YBCwpiBG3dSl5Q7BQS2o06mp4Z+uw:Hvz0UcN+5Q7FmpW+uw","tlshash":"82446cd1368478b005a3c0aee4770201b2382609f529756cfabddee66586dce2377f79","first_seen":"2026-03-04T21:27:39.266048Z","last_seen":"2026-04-04T14:21:57.378884Z","times_seen":50,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"65a86a933f.2601e2d1ea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fp.metricswpsh.com/fp?tag_id=114039","fqdn":"fp.metricswpsh.com","domain":"metricswpsh.com","tld":"com"},"ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:58.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"notification.tubecup.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 06:40:03 GMT","end":"Fri, 10 Apr 2026 06:40:02 GMT"},"fingerprint":{"sha1":"C7:51:D1:DF:5F:55:DC:AC:0B:B9:06:76:58:C5:A6:A5:E9:44:79:92","sha256":"D7:5F:06:4C:F7:01:BD:E8:0F:06:86:35:A2:D0:28:46:5D:B2:24:EE:0A:61:8D:C9:61:CA:AA:C4:5A:47:E6:CA"}}},"request":{"raw":"OPTIONS /fp?tag_id=114039 HTTP/1.1\r\nHost: fp.metricswpsh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://winvidplay.com/\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx/1.20.1\r\nDate: Sat, 07 Mar 2026 20:51:59 GMT\r\nConnection: keep-alive\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: content-type\r\nAccess-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\nAccess-Control-Allow-Origin: https://winvidplay.com\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":265,"timings":{"blocked":115,"dns":9,"connect":34,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fp.metricswpsh.com/fp?tag_id=114039","fqdn":"fp.metricswpsh.com","domain":"metricswpsh.com","tld":"com"},"ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"notification.tubecup.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 10 Jan 2026 06:40:03 GMT","end":"Fri, 10 Apr 2026 06:40:02 GMT"},"fingerprint":{"sha1":"C7:51:D1:DF:5F:55:DC:AC:0B:B9:06:76:58:C5:A6:A5:E9:44:79:92","sha256":"D7:5F:06:4C:F7:01:BD:E8:0F:06:86:35:A2:D0:28:46:5D:B2:24:EE:0A:61:8D:C9:61:CA:AA:C4:5A:47:E6:CA"}}},"request":{"raw":"POST /fp?tag_id=114039 HTTP/1.1\r\nHost: fp.metricswpsh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nContent-Length: 1971\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1971,"data":"{\"timezoneOlson\":\"UTC\",\"incognito\":true,\"fonts\":{\"value\":[\"Bitstream Vera Sans Mono\",\"Century\"],\"duration\":132},\"fontPreferences\":{\"value\":{\"default\":173.11666870117188,\"apple\":173.11666870117188,\"serif\":173.11666870117188,\"sans\":162.01666259765625,\"mono\":122.68333435058594,\"min\":10.800003051757812,\"system\":162.01666259765625},\"duration\":160},\"languages\":{\"value\":[[\"en-US\"],[\"en-US\",\"en\"]],\"duration\":0},\"colorDepth\":{\"value\":24,\"duration\":1},\"deviceMemory\":{\"duration\":0},\"screenResolution\":{\"value\":[1280,1024],\"duration\":0},\"hardwareConcurrency\":{\"value\":48,\"duration\":0},\"timezone\":{\"value\":\"UTC\",\"duration\":1},\"sessionStorage\":{\"value\":true,\"duration\":0},\"localStorage\":{\"value\":true,\"duration\":0},\"indexedDB\":{\"value\":true,\"duration\":0},\"platform\":{\"value\":\"Win32\",\"duration\":0},\"plugins\":{\"value\":[{\"name\":\"PDF Viewer\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]},{\"name\":\"Chrome PDF Viewer\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]},{\"name\":\"Chromium PDF Viewer\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]},{\"name\":\"Microsoft Edge PDF Viewer\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]},{\"name\":\"WebKit built-in PDF\",\"description\":\"Portable Document Format\",\"mimeTypes\":[{\"type\":\"application/pdf\",\"suffixes\":\"pdf\"},{\"type\":\"text/pdf\",\"suffixes\":\"pdf\"}]}],\"duration\":0},\"vendor\":{\"value\":\"\",\"duration\":0},\"cookiesEnabled\":{\"value\":true,\"duration\":0},\"colorGamut\":{\"value\":\"srgb\",\"duration\":1},\"rendererUnmasked\":{\"value\":\"\",\"duration\":36},\"brand\":\"\",\"device\":\"\",\"os_type\":\"desktop\",\"os_family\":\"Windows\",\"front_browser_family\":\"Firefox\",\"front_browser_name\":\"Firefox 134\",\"pixel_ratio\":1}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Sat, 07 Mar 2026 20:51:59 GMT\r\nContent-Type: application/json; charset=UTF-8\r\nContent-Length: 58\r\nConnection: keep-alive\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Origin: https://winvidplay.com\r\nSet-Cookie: id=4312462084289764408; Expires=Sun, 07 Mar 2027 20:51:59 GMT; Secure; SameSite=None\r\nVary: Origin\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"c4efc1d6d16235d9433cd2565d887460","sha1":"22d069a5f536640e46122475c79db933e82d7f2e","sha256":"f0a6b8c736b7d8c5d3304a9ccd10d2114a0f25f2ba946cce62204df3384a131f","sha512":"af1cfe529f3173efdc7f4aff67355529095e775d8edb38d8a7c9565e09807aff470a465ffdf89ef6555f06cc88efa675823becc942896c63fa64a3140858f539","ssdeep":"","tlshash":"5ba00294c5c00e3c80200c3a73cf901628e4d304120217880ca66b5108822abe333c91","first_seen":"2025-07-26T17:44:43.174102Z","last_seen":"2026-04-04T14:21:57.37063Z","times_seen":5984,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":-1,"dns":12,"connect":39,"send":0,"wait":37,"receive":0,"ssl":78},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"875ba27c4b.12f929026a.com/in/multy","fqdn":"875ba27c4b.12f929026a.com","domain":"12f929026a.com","tld":"com"},"ip":{"addr":"116.202.249.56","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.298Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"12f929026a.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 14:04:09 GMT","end":"Mon, 01 Jun 2026 14:04:08 GMT"},"fingerprint":{"sha1":"0C:97:70:8F:06:55:03:E7:98:11:BF:3C:B8:79:AD:2C:06:37:AF:33","sha256":"08:D6:EC:30:75:7C:F0:E5:C2:00:73:05:C0:D9:6E:DE:EE:5A:FB:A3:C3:00:EE:D8:E2:1A:1F:FA:39:A1:4F:DB"}}},"request":{"raw":"POST /in/multy HTTP/1.1\r\nHost: 875ba27c4b.12f929026a.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nContent-Length: 2001\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2001,"data":"{\"imp\":[{\"ext\":{\"utm1\":\"\",\"utm2\":\"\",\"utm4\":\"\",\"refdomain\":\"\",\"labels\":\"\",\"tcid\":0,\"site\":\"native-push\",\"screen_resolution\":\"1280x1024\",\"ve\":\"\",\"mo\":\"\",\"format\":\"default-view-b_r-body\",\"idzone\":0,\"testab\":2,\"timezone_olson\":\"UTC\",\"blocked_verticals\":\"\",\"after_video\":0,\"tu\":1,\"mm\":0,\"skins\":null,\"st\":0.02,\"spot_id\":418776,\"timezone\":0,\"subid\":\"388464194\",\"wl\":1,\"event_id\":\"3dc8c0b3-2187-4e0a-9d12-29be5ad301de\",\"sid\":2588764282,\"created_at\":\"2026-03-07\",\"ver\":\"6.21.0-50\",\"is_native\":1,\"device_theme\":\"light\",\"ad_tags\":\"Ome%2Ccewe%2Cchindo\",\"user_keywords\":\"\",\"v2_track\":0,\"default_keywords\":\"\",\"tag_ab\":\"a\",\"suggestive\":0,\"v2\":1,\"features\":\"\",\"yfriendly_always\":false,\"is_iframe\":false,\"approved_mainstream\":0,\"default\":1},\"pext\":{\"ab\":0},\"metrics\":{\"topics\":[],\"prev_step_diff\":1145}}],\"site\":{\"id\":\"418776\",\"cat\":[\"IAB25-3\"],\"page\":\"https%3A//winvidplay.com/d/9fv0hzswi11a\",\"is_publisher\":true,\"ct\":0,\"ctid\":1,\"script_type\":\"antiadblock\",\"auc_domain_type\":\"hash\"},\"ext\":{\"dt\":1772916719104},\"user\":{\"fp\":0,\"fp_str\":\"\",\"ua_data\":null,\"events\":[],\"interest_ids\":[],\"click_status\":\"unknown\",\"keywords_history\":{\"keywords\":[],\"pages_count\":0},\"is_webview\":false,\"is_inapp\":false,\"telegram\":{\"user_id\":0,\"username\":\"\",\"is_premium\":false,\"color_scheme\":\"\",\"wallet_address\":\"\",\"wallet_balance\":\"\"},\"social_network\":\"\",\"audiences_ids\":[]},\"device\":{\"w\":1280,\"h\":1024},\"fp_params\":{\"plugins\":[\"PDF Viewer\",\"Chrome PDF Viewer\",\"Chromium PDF Viewer\",\"Microsoft Edge PDF Viewer\",\"WebKit built-in PDF\"],\"languages\":[\"en-US\",\"en\"],\"fonts\":[\"Bitstream Vera Sans Mono\",\"Century\"],\"fontPreferences\":{\"default\":173.11666870117188,\"apple\":173.11666870117188,\"serif\":173.11666870117188,\"sans\":162.01666259765625,\"mono\":122.68333435058594,\"min\":10.800003051757812,\"system\":162.01666259765625},\"platform\":\"Win32\",\"colorDepth\":24,\"deviceMemory\":0,\"hardwareConcurrency\":48,\"indexedDB\":true,\"sessionStorage\":true,\"localStorage\":true,\"cookiesEnabled\":true,\"colorGamut\":\"srgb\"},\"cached_mislead_offer\":{\"track_click_url\":\"\"}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\ncontent-type: application/json\r\ncontent-length: 6635\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":61726,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"75943bab09febdf381c6bb890d1bdb35","sha1":"b45ebfa076e41934ed71884a69d6d3abe68037d3","sha256":"83a9ef4366902a45410df53de52bab94d4c38a334f365e5f4df6553676de90b2","sha512":"77329004240faa776971403012b8952909e5a1f082a2749df1b3e7e9174eda30a4bce4edc49c4ad10e3a5d2ee020b6e7a4e8b6e8372419021e1aa37b278373a0","ssdeep":"1536:Z4QHY4Qh4Qk4Qw4QHLM4Qp4QOpeIryNaqI/b7T:Z+jKG9MbO7","tlshash":"71536ea22cee4d3a6cc1c316710aad2875d46b1abcc649f8d4f2c129c9763bf219f51d","first_seen":"2026-03-07T20:52:27.668625Z","last_seen":"2026-03-07T20:52:27.668625Z","times_seen":1,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":177,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"875ba27c4b.12f929026a.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"875ba27c4b.12f929026a.com/in/show/?tag_ab=a\u0026site_id=31418776\u0026adblock=0\u0026testab=2\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=hq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=1\u0026conditions=all,dch_ip,tz_offset\u0026ssp=3964\u0026page=https%3A%2F%2Fwinvidplay.com%2Fd%2F9fv0hzswi11a\u0026refdom=winvidplay.com\u0026auction_time=1772916719\u0026subid=388464194\u0026sid=2588764282\u0026tcid=0\u0026ver=6.21.0-50\u0026ver_c=\u0026spot_id=418776\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2026-03-07\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=77.79266918366731\u0026kubik_score=77.815\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwinvidplay.com%252Fd%252F9fv0hzswi11a%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=274901\u0026crtid=345d0c52156fadc365374672fd36424b\u0026url=https%3A%2F%2Fpointcontinentrtb.com%2Fv1%2Ftrack%2Fclick%3Fdata%3DeyJhbGciOiJIUzI1NiJ9.eyJhbCI6ImVuLVVTIiwiYXQiOjE3NzI5MTY3MTkzMDksImJ2IjoiMTM0LjAuMCIsImNjIjowLCJjciI6MCwiY3JzIjowLCJjcnNlZyI6InVua25vd24iLCJjcyI6Ilczc2liQ0k2TkN3aWRDSTZJbU5zYVdOcklpd2laQ0k2T0RZME1EQXdNREF3TURBd01EQjlYUT09IiwiY3RwIjpmYWxzZSwiY3UiOiJpcCt1YSIsImRwIjoiZGlyZWN0IiwiZHQiOjE3NzMwMDMxMTkzMDksImVjcGEiOjAsImVyIjoiODk5NTU5NjI2OTAxMTYyNzMyMyIsImVzIjoiMTc5MTAiLCJpIjoiNzM0MTg3NzY6MTg2OjY0Mzk2NDk0Nzc5MTUxMjU0NTg6MTA0ODkwOjI3NDkwMTo5ODM3OTI4NTU5MDQxNzIxNTc6MTU5NDE6OiIsImljcyI6MCwiaXAiOiI5MS45MC40Mi4xNTQiLCJpcHY2IjoiOjoiLCJqdGkiOiI2YzgxNGYzYy1hNjhjLTQ4OGEtODhmZC05NjY0MmVjNDQyZTYiLCJwIjowLjAwMDAyLCJwciI6dHJ1ZSwicnAiOjAuMDAwMDIsInMiOnRydWUsInNkIjotMSwic3AiOiJ7fSIsInNyYyI6Mzg4NDY0MTk0LCJ0IjoiaW5wYWdlX2FkdWx0X2hxX3YyOmNwYyIsInRwIjowLjAwMjg5ODkxMTUyMjkxMTQyMTMsInRyaWQiOiJ0Y2ItZHNwLWh6LTEyIiwidSI6Imh0dHBzOi8veW91dHUuYmUvbXp3QlE5Wm5UU2MiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEzNC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEzNC4wIiwidWgiOiIxNTUwODk1NTQzMmIyYTZlMzRlMDgzNTYyYjQ5NjNmMCIsInVpIjoiN2I2ZGFhNTYtNDFmNC01NjIwLWJlM2MtNzg2ZTg0ZGIwMjk5IiwidXIiOiIxODY6aW5wYWdlX2FkdWx0X2hxX3YyOjczNDE4Nzc2OnRydWU6IiwidiI6IiIsInZmIjoiIn0.2H3fjSnCbs5fgJP5-BZ1gx0P-jM1xW7AWD635LOiEv8%26sp%3D2e-05%26skin_id%3D71\u0026icons=bG0vZLpBjKPhx7eP7qK6KV7DHpJTZ5zhgKjIF1JJxG9imU1DUmqJBcUu6YdnsWS4Ra9muLTRD-XCUFuc9-2MYZmSwzI7Y2EmpcGHpvg3YHsSqZZEhxNgKhuaudWTQRUyMw6te4Y1TyixG1rCHhNZIq7R_er7vNTy5Lo703Y0Tcsf-oqdJy6wKkgiL0Eu9NLHDHTY7glJ4vLuhPS9YmrODyaxW67QVJxhSF-PStwhY4crxmP4MGJ5AshqPAAHs-5EveOHAxIHbgKeBGnuU4Yq_t1rJiQEEUMTkt3qEz_ekmKdNiUG3Zb3eVnLZRzILbBB8ibQ0-q2nZ_3LGgC2JbjSeOUPNPtRKuKPcG8kh1liPw8Ws74GvFzG9EqJ-kMW-XYeJxGrNt3GJ2pCHfn-cLDDf8mJay6lm4PIawMTX9BR2MVkwI4FPfFTPF74zUhdoXoAsPXOQCUcQf6UScg5ZaaSMWtX_QRwubAUJvktDEPt0_85OLtNfimAyPYvxMefZMufPiG0upugYtbJR9MyCykSHOk8esqgXvMJP_gkz_5frcRyx-6QYqrBIge8BP2r5kOZhHFkvB1whXfm4mekMLB-sN9ZToDoB1vMNtV_rz_5wvydm_qhKw3oVMxwvx6Rsd3beFIyui7i4rKxYbvoK8HVtTyEmFOJQqqzqYxDFOMueofqVIB_aP-bDBNb9PsZLAN_QAC6hnIhWvCg2YLaRa-vonQilCUri5OCd-A_WMg4E7dRlqesBbJh6CQs2XwxthF82jeeOMiiK4i8ZyByOr3Mr8XkMLuHWeBpT72VxrJD9G1uRW31t8DdJVtd_cQGKQQUoyvi9eLaykt3AKVjm-PSKQHmP4Ug4iKn1McGaF_EfcdpvFDhVBaW0RxpRMHgiCHxdLN7rxpUxO9D_aegcD1w5ArAnARdlBifMKh3TPyf_bvtaC7Byyo3-XMjKgmHrVFtVWIA9WFDZ_V9q1779OrJlHy2zzw__Lr94q3BgEbFcox_q9oFcrgJOwiZzxFz35RnTwRfaPaqNSanAunOX9ELuy4oYIl642UG-nFHJ3CT8a4xwTeOjlf7vpzXC96372t_QzS6n9bdKGH0ap6R09GXV3jkQZWTEaG3OhReTwhusND3ARQq7YwHWPpC4DxdVndumYk27-L9ltTRn9kz9hdz_nbIZ-N3F9lHfImo6ylFE_-Tc6QcBEWwH8O1v_8i1_SqLThHn26T9S_C6xul_XqLU8Uul58p6F5N3alp6rVkDjO25UiLALRf_Wy7RaiI-vpuZooQd1XQJbLf0Lmo9pNeaupm3-xRktBsDEsDcuYvxynRkJUj41EzlqvVEyzkeee6jpU9GfTcLuBGBMGLoXW-2y6Rp5CJZNvf2LOZvMigKdqriAN0kEEzR6sfwPcaRw3vpveSBqVVk2K8ZSDM9OBnklV6-Is4JI0oLZb9KjuT4SIXveiPtoXQCXPOjlmRW438ceUqs0kAD5XHYFUaAb0WjtEURB2447dnN0VT4w_3AakGHV3oCt9On80flihClX80sSVw3bdrhRrjLnFGeTA_kjTtwUQ3AyQBb2btQTsz7bJ5pLjpJTRM2JPoltcqFrAnEXAEUCQ0Yua7FUYvz3IWMvkd_JyfWJZyJh4YjB-t3Cenaggbp_J1sHZQ09S-lJDJlACRhKJh8kfh4dxyxH1WNSwkQQadyzvnEYloTP1D1cQP1eRwlnCsaZiM1m0Qd81fr6WIfHRd8L7NkpLQd4TwW_4fUncu1dCLF-xT0ueaZLxbTHMNmQEHSsxbpDcb14GsWIT0xS-u4g\u0026ext_cid=104890\u0026px_id=73418776\u0026min_cpm=0.008090995964187966\u0026out_id=0\u0026campaign_type=hq\u0026aid=3296\u0026cid=17910\u0026uniq=973c1c0f6c10d47f2d37ee44d284f1ba7aadd543a389a88e8eb80eebc110f598\u0026mid=8995596269011627323\u0026skin_id=71\u0026vertical_id=145\u0026skin_test=0\u0026from_cache=0\u0026ecpm=4.295510937698884e-05\u0026cpm=0.000045292185200335685\u0026verify_hash=d0c1efeac9e2b4dc5fe938305bde60b4\u0026verify_hash_v2=36847d9944f948b88274dcd549207b798cc6868490c47c8b900f48e48c4eb038\u0026is_native=1\u0026real_bid=1.8968000411987402e-05\u0026original_bid_usd=0.00002\u0026original_bid=2e-05\u0026show_type=0\u0026exp=60\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%252F5.0%2520%2528Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A134.0%2529%2520Gecko%252F20100101%2520Firefox%252F134.0\u0026ip_mismatch=91.90.42.154\u0026geo_mismatch=NO\u0026isp_mismatch=LQ==\u0026label_ids=129,4,90,98,145\u0026need_redirect_show=0\u0026applied_features=main-skins-settings,coef_095\u0026show_count=1\u0026expiration_timestamp=1773003119\u0026image_url=https%3A%2F%2Fassets.ahmybid.net%2F1be686bf-1d8b-401b-9fc9-9376967280c0.png\u0026site=native-push-adult\u0026price=0.00002\u0026hostname=auc-inpage-hz-2-c\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026mismatch_filters=ttl_mismatch\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=\u0026pop_cpc=0.00002\u0026ext_campaign_id_str=104890\u0026is_webview=0\u0026client_price=0.000018968000411987402\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=cpc\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=antiadblock\u0026tma_wallet_balance=0\u0026processed_keywords=\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.002264609260016784\u0026social_network=\u0026publisher_id=42825\u0026advanced_pub_id=7342825\u0026user_click_counter=1\u0026lv_id=23\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpc\u0026final_source_id=0\u0026discrep=0.94840002059937\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=gamblingBlueMessage-view-b_r-body\u0026cpa=05d17412-496d-40ba-a158-ea12a96ce8fd\u0026prev_step_diff=371\u0026st=0.03","fqdn":"875ba27c4b.12f929026a.com","domain":"12f929026a.com","tld":"com"},"ip":{"addr":"116.202.249.56","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"12f929026a.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 14:04:09 GMT","end":"Mon, 01 Jun 2026 14:04:08 GMT"},"fingerprint":{"sha1":"0C:97:70:8F:06:55:03:E7:98:11:BF:3C:B8:79:AD:2C:06:37:AF:33","sha256":"08:D6:EC:30:75:7C:F0:E5:C2:00:73:05:C0:D9:6E:DE:EE:5A:FB:A3:C3:00:EE:D8:E2:1A:1F:FA:39:A1:4F:DB"}}},"request":{"raw":"GET /in/show/?tag_ab=a\u0026site_id=31418776\u0026adblock=0\u0026testab=2\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=hq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=1\u0026conditions=all,dch_ip,tz_offset\u0026ssp=3964\u0026page=https%3A%2F%2Fwinvidplay.com%2Fd%2F9fv0hzswi11a\u0026refdom=winvidplay.com\u0026auction_time=1772916719\u0026subid=388464194\u0026sid=2588764282\u0026tcid=0\u0026ver=6.21.0-50\u0026ver_c=\u0026spot_id=418776\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2026-03-07\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=77.79266918366731\u0026kubik_score=77.815\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwinvidplay.com%252Fd%252F9fv0hzswi11a%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=274901\u0026crtid=345d0c52156fadc365374672fd36424b\u0026url=https%3A%2F%2Fpointcontinentrtb.com%2Fv1%2Ftrack%2Fclick%3Fdata%3DeyJhbGciOiJIUzI1NiJ9.eyJhbCI6ImVuLVVTIiwiYXQiOjE3NzI5MTY3MTkzMDksImJ2IjoiMTM0LjAuMCIsImNjIjowLCJjciI6MCwiY3JzIjowLCJjcnNlZyI6InVua25vd24iLCJjcyI6Ilczc2liQ0k2TkN3aWRDSTZJbU5zYVdOcklpd2laQ0k2T0RZME1EQXdNREF3TURBd01EQjlYUT09IiwiY3RwIjpmYWxzZSwiY3UiOiJpcCt1YSIsImRwIjoiZGlyZWN0IiwiZHQiOjE3NzMwMDMxMTkzMDksImVjcGEiOjAsImVyIjoiODk5NTU5NjI2OTAxMTYyNzMyMyIsImVzIjoiMTc5MTAiLCJpIjoiNzM0MTg3NzY6MTg2OjY0Mzk2NDk0Nzc5MTUxMjU0NTg6MTA0ODkwOjI3NDkwMTo5ODM3OTI4NTU5MDQxNzIxNTc6MTU5NDE6OiIsImljcyI6MCwiaXAiOiI5MS45MC40Mi4xNTQiLCJpcHY2IjoiOjoiLCJqdGkiOiI2YzgxNGYzYy1hNjhjLTQ4OGEtODhmZC05NjY0MmVjNDQyZTYiLCJwIjowLjAwMDAyLCJwciI6dHJ1ZSwicnAiOjAuMDAwMDIsInMiOnRydWUsInNkIjotMSwic3AiOiJ7fSIsInNyYyI6Mzg4NDY0MTk0LCJ0IjoiaW5wYWdlX2FkdWx0X2hxX3YyOmNwYyIsInRwIjowLjAwMjg5ODkxMTUyMjkxMTQyMTMsInRyaWQiOiJ0Y2ItZHNwLWh6LTEyIiwidSI6Imh0dHBzOi8veW91dHUuYmUvbXp3QlE5Wm5UU2MiLCJ1YSI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEzNC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEzNC4wIiwidWgiOiIxNTUwODk1NTQzMmIyYTZlMzRlMDgzNTYyYjQ5NjNmMCIsInVpIjoiN2I2ZGFhNTYtNDFmNC01NjIwLWJlM2MtNzg2ZTg0ZGIwMjk5IiwidXIiOiIxODY6aW5wYWdlX2FkdWx0X2hxX3YyOjczNDE4Nzc2OnRydWU6IiwidiI6IiIsInZmIjoiIn0.2H3fjSnCbs5fgJP5-BZ1gx0P-jM1xW7AWD635LOiEv8%26sp%3D2e-05%26skin_id%3D71\u0026icons=bG0vZLpBjKPhx7eP7qK6KV7DHpJTZ5zhgKjIF1JJxG9imU1DUmqJBcUu6YdnsWS4Ra9muLTRD-XCUFuc9-2MYZmSwzI7Y2EmpcGHpvg3YHsSqZZEhxNgKhuaudWTQRUyMw6te4Y1TyixG1rCHhNZIq7R_er7vNTy5Lo703Y0Tcsf-oqdJy6wKkgiL0Eu9NLHDHTY7glJ4vLuhPS9YmrODyaxW67QVJxhSF-PStwhY4crxmP4MGJ5AshqPAAHs-5EveOHAxIHbgKeBGnuU4Yq_t1rJiQEEUMTkt3qEz_ekmKdNiUG3Zb3eVnLZRzILbBB8ibQ0-q2nZ_3LGgC2JbjSeOUPNPtRKuKPcG8kh1liPw8Ws74GvFzG9EqJ-kMW-XYeJxGrNt3GJ2pCHfn-cLDDf8mJay6lm4PIawMTX9BR2MVkwI4FPfFTPF74zUhdoXoAsPXOQCUcQf6UScg5ZaaSMWtX_QRwubAUJvktDEPt0_85OLtNfimAyPYvxMefZMufPiG0upugYtbJR9MyCykSHOk8esqgXvMJP_gkz_5frcRyx-6QYqrBIge8BP2r5kOZhHFkvB1whXfm4mekMLB-sN9ZToDoB1vMNtV_rz_5wvydm_qhKw3oVMxwvx6Rsd3beFIyui7i4rKxYbvoK8HVtTyEmFOJQqqzqYxDFOMueofqVIB_aP-bDBNb9PsZLAN_QAC6hnIhWvCg2YLaRa-vonQilCUri5OCd-A_WMg4E7dRlqesBbJh6CQs2XwxthF82jeeOMiiK4i8ZyByOr3Mr8XkMLuHWeBpT72VxrJD9G1uRW31t8DdJVtd_cQGKQQUoyvi9eLaykt3AKVjm-PSKQHmP4Ug4iKn1McGaF_EfcdpvFDhVBaW0RxpRMHgiCHxdLN7rxpUxO9D_aegcD1w5ArAnARdlBifMKh3TPyf_bvtaC7Byyo3-XMjKgmHrVFtVWIA9WFDZ_V9q1779OrJlHy2zzw__Lr94q3BgEbFcox_q9oFcrgJOwiZzxFz35RnTwRfaPaqNSanAunOX9ELuy4oYIl642UG-nFHJ3CT8a4xwTeOjlf7vpzXC96372t_QzS6n9bdKGH0ap6R09GXV3jkQZWTEaG3OhReTwhusND3ARQq7YwHWPpC4DxdVndumYk27-L9ltTRn9kz9hdz_nbIZ-N3F9lHfImo6ylFE_-Tc6QcBEWwH8O1v_8i1_SqLThHn26T9S_C6xul_XqLU8Uul58p6F5N3alp6rVkDjO25UiLALRf_Wy7RaiI-vpuZooQd1XQJbLf0Lmo9pNeaupm3-xRktBsDEsDcuYvxynRkJUj41EzlqvVEyzkeee6jpU9GfTcLuBGBMGLoXW-2y6Rp5CJZNvf2LOZvMigKdqriAN0kEEzR6sfwPcaRw3vpveSBqVVk2K8ZSDM9OBnklV6-Is4JI0oLZb9KjuT4SIXveiPtoXQCXPOjlmRW438ceUqs0kAD5XHYFUaAb0WjtEURB2447dnN0VT4w_3AakGHV3oCt9On80flihClX80sSVw3bdrhRrjLnFGeTA_kjTtwUQ3AyQBb2btQTsz7bJ5pLjpJTRM2JPoltcqFrAnEXAEUCQ0Yua7FUYvz3IWMvkd_JyfWJZyJh4YjB-t3Cenaggbp_J1sHZQ09S-lJDJlACRhKJh8kfh4dxyxH1WNSwkQQadyzvnEYloTP1D1cQP1eRwlnCsaZiM1m0Qd81fr6WIfHRd8L7NkpLQd4TwW_4fUncu1dCLF-xT0ueaZLxbTHMNmQEHSsxbpDcb14GsWIT0xS-u4g\u0026ext_cid=104890\u0026px_id=73418776\u0026min_cpm=0.008090995964187966\u0026out_id=0\u0026campaign_type=hq\u0026aid=3296\u0026cid=17910\u0026uniq=973c1c0f6c10d47f2d37ee44d284f1ba7aadd543a389a88e8eb80eebc110f598\u0026mid=8995596269011627323\u0026skin_id=71\u0026vertical_id=145\u0026skin_test=0\u0026from_cache=0\u0026ecpm=4.295510937698884e-05\u0026cpm=0.000045292185200335685\u0026verify_hash=d0c1efeac9e2b4dc5fe938305bde60b4\u0026verify_hash_v2=36847d9944f948b88274dcd549207b798cc6868490c47c8b900f48e48c4eb038\u0026is_native=1\u0026real_bid=1.8968000411987402e-05\u0026original_bid_usd=0.00002\u0026original_bid=2e-05\u0026show_type=0\u0026exp=60\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%252F5.0%2520%2528Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A134.0%2529%2520Gecko%252F20100101%2520Firefox%252F134.0\u0026ip_mismatch=91.90.42.154\u0026geo_mismatch=NO\u0026isp_mismatch=LQ==\u0026label_ids=129,4,90,98,145\u0026need_redirect_show=0\u0026applied_features=main-skins-settings,coef_095\u0026show_count=1\u0026expiration_timestamp=1773003119\u0026image_url=https%3A%2F%2Fassets.ahmybid.net%2F1be686bf-1d8b-401b-9fc9-9376967280c0.png\u0026site=native-push-adult\u0026price=0.00002\u0026hostname=auc-inpage-hz-2-c\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026mismatch_filters=ttl_mismatch\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=\u0026pop_cpc=0.00002\u0026ext_campaign_id_str=104890\u0026is_webview=0\u0026client_price=0.000018968000411987402\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=cpc\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=antiadblock\u0026tma_wallet_balance=0\u0026processed_keywords=\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.002264609260016784\u0026social_network=\u0026publisher_id=42825\u0026advanced_pub_id=7342825\u0026user_click_counter=1\u0026lv_id=23\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpc\u0026final_source_id=0\u0026discrep=0.94840002059937\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=gamblingBlueMessage-view-b_r-body\u0026cpa=05d17412-496d-40ba-a158-ea12a96ce8fd\u0026prev_step_diff=371\u0026st=0.03 HTTP/1.1\r\nHost: 875ba27c4b.12f929026a.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"875ba27c4b.12f929026a.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Nunito:ital,wght@0,200..1000;1,200..1000\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.21.170","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.380Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:01 GMT","end":"Mon, 27 Apr 2026 08:38:00 GMT"},"fingerprint":{"sha1":"AD:23:3E:9B:CF:2B:A1:EC:31:14:63:D1:58:73:BB:E7:C5:32:16:8C","sha256":"B1:5F:45:BF:00:8C:68:35:D3:42:B2:67:66:47:9D:BB:42:41:07:56:3A:C4:1C:D6:10:7B:B7:53:C2:71:81:33"}}},"request":{"raw":"GET /css2?family=Nunito:ital,wght@0,200..1000;1,200..1000\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.vidoycdn.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 07 Mar 2026 20:51:57 GMT\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3707,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"f694f62bd417d30718eb8cb17a4c35ff","sha1":"798240e40c85b73afea129b1634d10ab81ff4da2","sha256":"da38e9809c4d7f004a9a8a11bb06f39d56c9ae7e06d8f7b68a6c7cdb3018eb47","sha512":"e084ed28ab8fb45cff0cab59ba50060a21c87398364a618e8f6e06a4b17896ee90f9de3a20acd13468935ce4a982024e463e86569fd1500811bbdbd5d522eaf8","ssdeep":"","tlshash":"5571acd1045bd100aa472dc267cf7e36ed4e61517424c97aebfd98a8ecabc236224b0d","first_seen":"2025-09-17T15:53:14.372232Z","last_seen":"2026-04-04T07:43:53.433589Z","times_seen":1983,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":110,"dns":1,"connect":8,"send":0,"wait":18,"receive":0,"ssl":99},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js?","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winvidplay.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 09:33:07 GMT","end":"Wed, 27 May 2026 09:33:06 GMT"},"fingerprint":{"sha1":"9D:1B:D5:EB:27:A2:9B:4C:DE:3A:18:C6:59:65:C7:30:DE:13:CF:E2","sha256":"CD:05:1A:2D:1A:F8:16:84:88:50:E3:B8:35:40:7B:07:FA:E7:01:7A:BF:5D:35:60:93:98:6B:5E:23:2D:09:04"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js? HTTP/1.1\r\nHost: winvidplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\ncf-ray: 9d8c7b2d49e0a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29160,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (29160), with no line terminators","md5":"644074027ce9641540ac5ce9cee158f2","sha1":"ce4ef50754260f1da73a686cbbc3c36c5419f249","sha256":"27affe05f28f047d82101f555896385cd4455ab1d9a489be0b97c93ff64ec427","sha512":"214e475aa21d8461d1f0cce397a37a2418a448a538aacdda392b8343278ccd7c0dc2cb9bd9dbc895a7a4a92c2bd4bd9a61c3deb54eba521a6236d9a4b5688321","ssdeep":"768:Ne6c6dip6hQOe4Eel1ck9SLf1w8xD+u+WR:NeciUiZ4n1vSLf19D+fWR","tlshash":"31d2a6c635dbb169826af471603773d776baac9470089849f510a8b8fca0714b2bffd4","first_seen":"2026-03-07T20:52:27.671166Z","last_seen":"2026-03-07T21:30:05.659817Z","times_seen":6,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"winvidplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"assets.ahmybid.net/1be686bf-1d8b-401b-9fc9-9376967280c0.png","fqdn":"assets.ahmybid.net","domain":"ahmybid.net","tld":"net"},"ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"assets.ahmybid.net","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 19 Feb 2026 02:34:57 GMT","end":"Wed, 20 May 2026 02:34:56 GMT"},"fingerprint":{"sha1":"25:30:24:7C:3C:60:C0:AF:88:B9:0B:3D:65:83:39:71:68:1E:B2:99","sha256":"AB:65:EE:CB:D9:3D:FD:9B:D6:0B:6D:81:7E:B6:70:C9:BC:7D:BB:64:30:B0:EC:99:FA:42:F9:C1:12:F1:AC:43"}}},"request":{"raw":"GET /1be686bf-1d8b-401b-9fc9-9376967280c0.png HTTP/1.1\r\nHost: assets.ahmybid.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 130166\r\nserver: nginx/1.24.0\r\nlast-modified: Tue, 04 Mar 2025 13:48:09 GMT\r\netag: \"67c70499-1fc76\"\r\ncache-control: public, max-age=315360000\r\nx-cdn-host-id: ah1742,DS5058\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":130166,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 360 x 240, 8-bit/color RGBA, non-interlaced","md5":"3397c12082eaf11f6f3d21139f68e4ba","sha1":"7fd444386296e0ab2218931f6fc2683953cf2a70","sha256":"517b9e5d35aa4315afe7692e424e980aac6898dc825cc0fdce66eee33fdddb69","sha512":"b289bb2a709733e6ef7482688d7e81d4e27807620288ce86d8799356db008df7675c66721eebfbd912dd997b927a29cfadb7f9b897a2db478fb00bf9aa6760de","ssdeep":"3072:64HZt3B7fj0j8NAsA5D6tvdwb9akKmGBNL5Tj9y3K3fYG1rJ:6SZt39b8sescoLhRvX1rJ","tlshash":"6dd312d4a899493ae95675305f03715cb07b0f390fe99a10c2a547fd96a33723ea7d03","first_seen":"2025-05-12T04:29:26.926714Z","last_seen":"2026-03-15T19:02:10.04388Z","times_seen":116,"resource_available":false,"data":null}},"time_used":562,"timings":{"blocked":236,"dns":190,"connect":19,"send":0,"wait":21,"receive":68,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pagead2.googlesyndication.com/pagead/js/adsbygoogle.js","fqdn":"pagead2.googlesyndication.com","domain":"googlesyndication.com","tld":"com"},"ip":{"addr":"172.217.19.226","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://winvidplay.com/ip129jk?id=6131316977737a6830766639","date":"2026-03-07T20:51:58.232Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.g.doubleclick.net","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:36:37 GMT","end":"Mon, 27 Apr 2026 08:36:36 GMT"},"fingerprint":{"sha1":"70:27:EA:DF:2A:3A:5A:35:72:C4:71:9B:4C:E8:EC:20:92:E2:43:CC","sha256":"B0:50:8B:ED:3C:8B:D6:63:89:33:BF:36:1C:CF:65:5F:F4:F2:A6:3D:01:05:40:BB:18:F2:25:F1:3E:93:3F:BA"}}},"request":{"raw":"GET /pagead/js/adsbygoogle.js HTTP/1.1\r\nHost: pagead2.googlesyndication.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://winvidplay.com/\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nlink: \u003chttps://googleads.g.doubleclick.net\u003e; rel=\"preconnect\"; crossorigin\r\nvary: Accept-Encoding\r\ndate: Sat, 07 Mar 2026 20:51:58 GMT\r\nexpires: Sat, 07 Mar 2026 20:51:58 GMT\r\ncache-control: private, max-age=3600, stale-while-revalidate=3600\r\ncontent-type: text/javascript; charset=UTF-8\r\netag: 1479512183104935100\r\naccess-control-allow-origin: *\r\nx-content-type-options: nosniff\r\ncontent-disposition: attachment; filename=\"f.txt\"\r\ncontent-encoding: br\r\nserver: cafe\r\ncontent-length: 55725\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":162398,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (4830)","md5":"291be3f6ed5ffade3b792d237edd2d38","sha1":"da4f673025486c4dfd9ebe7296d823ec0498d343","sha256":"31f90f3e0202e1f7dc0960a4799ffb7708e50e8f6b5256c319be2deac1417f1d","sha512":"e3d7458594b3ef68cdf11f40993e3076d13f7c82b5acccb66deeed60017f6e94c6fc7895ed7eaa8dd1d244b57664fb820d6cc21fc0061208e165f11115d46348","ssdeep":"3072:9C4n18wBARcSZql37U20/JTqbL+LHrrXIFjBYx/hP6JgsEfSh31+zt7rkOpOUm1C:9C4n1/BC9ql37U20/cbL+LHrrXIjBy/p","tlshash":"7df31ad971a2bcb7876389e5006f4107b02da863f40cc8b0f2d8ded97a249655277fad","first_seen":"2026-03-07T20:52:27.673671Z","last_seen":"2026-03-07T20:52:27.673671Z","times_seen":1,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":83,"dns":27,"connect":20,"send":0,"wait":38,"receive":32,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/dev.js","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winvidplay.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 09:33:07 GMT","end":"Wed, 27 May 2026 09:33:06 GMT"},"fingerprint":{"sha1":"9D:1B:D5:EB:27:A2:9B:4C:DE:3A:18:C6:59:65:C7:30:DE:13:CF:E2","sha256":"CD:05:1A:2D:1A:F8:16:84:88:50:E3:B8:35:40:7B:07:FA:E7:01:7A:BF:5D:35:60:93:98:6B:5E:23:2D:09:04"}}},"request":{"raw":"GET /dev.js HTTP/1.1\r\nHost: winvidplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/d/9fv0hzswi11a\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 05 Mar 2026 17:15:48 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: \"69a9ba44-4513\"\r\nexpires: Sun, 08 Mar 2026 05:19:09 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\nage: 12768\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hu2ScLExXJUugbKTy%2F5XRAEQEi80BWhi1noaj3Tt82kqexmiKGS9QWPnaM7qdi2pC8znWlbSM73QPY0NaS%2FuNiC9dnX9tmPDZIkH%2Bjc4\"}]}\r\ncf-ray: 9d8c7b2ad974a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17683,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17663), with no line terminators","md5":"d0912d21f435c4c549166b10a23b2ed3","sha1":"e7fdd985535070d732e5c54645401f47ef1385f4","sha256":"bdfc4abbefdfa0f942c2245ff41e4f92a083e10f638888fa0287ee8a19d103c8","sha512":"453225338c487831778a0020e0a99716622cffbdf2ff0516034534af3fec54cff235035a42920fb99e902354dd489ff8f544e1781c1f844783871bf771a860d7","ssdeep":"192:m+5ekRvDLCpBK+BpP78nPk6O9ShgzsqcSYV0GtI+uwicvsbIUiJE2KmnyKq:mLiPCvRvT8nPk6cSCzsqGVJeZcsb8SN","tlshash":"cc82c4ccb48270715b77a9e9507f454ab23aae96888c8040f13ed8e42c7c56ec267f7d","first_seen":"2025-10-09T18:27:49.609736Z","last_seen":"2026-04-04T14:21:57.3736Z","times_seen":158,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"winvidplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/token911","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winvidplay.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 09:33:07 GMT","end":"Wed, 27 May 2026 09:33:06 GMT"},"fingerprint":{"sha1":"9D:1B:D5:EB:27:A2:9B:4C:DE:3A:18:C6:59:65:C7:30:DE:13:CF:E2","sha256":"CD:05:1A:2D:1A:F8:16:84:88:50:E3:B8:35:40:7B:07:FA:E7:01:7A:BF:5D:35:60:93:98:6B:5E:23:2D:09:04"}}},"request":{"raw":"POST /token911 HTTP/1.1\r\nHost: winvidplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 15\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/d/9fv0hzswi11a\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":15,"data":"id=9fv0hzswi11a"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ecu%2FpiVr%2Fx0TPevSTArkEjnMaaFoXuYcc6livQ%2Figznv8F0S0afQPwawKmry%2BU3nTDrnvttv2OTe9DE0bRAhCY1sg0KikcCKEfmNS5k1\"}]}\r\ncf-ray: 9d8c7b2ce9d5a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"727767238d5406724cc05d038d953e5a","sha1":"1e80188e72a9a7787ea73dc876c6e414682b5bec","sha256":"c067be39e45bd7535ca419fbe9d66c5f0bc27b937fb3a64721346e05696b06d5","sha512":"7ad4d4e656495ea417c97fab5d8aa3c719f03342391608b5f0e116fc3e6eda003c95e8842d1748f74752c9d17ac97f4f8308aab5c83444a4e81c76ce8d69d213","ssdeep":"","tlshash":"7a8000cc32ac00b300880c2e0000802aa8080c000038080008c28088382283a3e2a223","first_seen":"2026-03-07T20:52:27.676181Z","last_seen":"2026-03-07T20:52:27.676181Z","times_seen":1,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"winvidplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vidoy.com/assets/img/favicon-32x32.png","fqdn":"vidoy.com","domain":"vidoy.com","tld":"com"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vidoy.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Mar 2026 19:06:51 GMT","end":"Sat, 30 May 2026 19:06:50 GMT"},"fingerprint":{"sha1":"D8:F6:86:82:E7:30:2F:7A:2C:C2:1E:AC:CF:48:80:C9:5E:5A:BE:59","sha256":"CC:AE:4F:8C:02:72:D3:8C:A6:4D:7D:C5:10:DE:68:C6:B3:85:D2:9F:E9:E4:4D:E8:F1:FD:BA:01:2A:CC:F1:17"}}},"request":{"raw":"GET /assets/img/favicon-32x32.png HTTP/1.1\r\nHost: vidoy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:58 GMT\r\ncontent-type: image/webp\r\ncontent-length: 550\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 4839192\r\ncdn-requestcountrycode: NO\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match\r\naccess-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match\r\ncache-control: public, max-age=1200\r\nlast-modified: Sat, 07 Mar 2026 20:51:57 GMT\r\nx-bo-server: DE-268\r\nx-downloadsize: 1170\r\nx-bo-origindownloadtime: 156\r\nx-bo-compressionratio: 52.99%\r\nx-bo-processingtime: 2\r\nx-bo-version: 1.0.26\r\ncdn-proxyver: 1.43\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 03/07/2026 20:51:58\r\ncdn-edgestorageid: 830\r\ncdn-requestid: 17b20f4e46f40e9ceec24979952b1f37\r\ncdn-cache: EXPIRED\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":550,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8042e463d4563ebb24a690f726e8e852","sha1":"af21e55538b7791362f169af78756af8867f6c94","sha256":"e020bac2337336d53765bfa7dc736e340a9d92fec2a262aaa32c08c0140b4cdb","sha512":"ae728afaaf9d27ec5d149e8f2c47fcd24c6e4e291fa2804321c49c655fd1821c6fc8c8d548727e1a05e12349831ef7365bd1a2ad023544ab9a639eb2d8fe9a3c","ssdeep":"","tlshash":"eef020c844cb70f449aca86ec7e609a1d129729438105b84a2e2e7c9849d27dbd3cb9b","first_seen":"2025-12-21T05:56:55.605914Z","last_seen":"2026-03-23T14:45:20.321213Z","times_seen":78,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":-1,"dns":24,"connect":2,"send":0,"wait":190,"receive":1,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"65a86a933f.2601e2d1ea.com/9d4fd179d79ab68c1f36aa118baf8531.js","fqdn":"65a86a933f.2601e2d1ea.com","domain":"2601e2d1ea.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:58.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"65a86a933f.2601e2d1ea.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 02:15:09 GMT","end":"Tue, 02 Jun 2026 02:15:08 GMT"},"fingerprint":{"sha1":"C7:07:BD:71:69:8A:18:E1:AE:0C:4B:2B:3D:06:C7:26:FC:0D:19:B9","sha256":"73:3C:0A:61:98:DC:81:FB:43:1F:25:58:DB:6E:BA:92:9C:FB:B8:64:80:70:3C:C3:04:64:F3:8C:00:57:8F:E1"}}},"request":{"raw":"GET /9d4fd179d79ab68c1f36aa118baf8531.js HTTP/1.1\r\nHost: 65a86a933f.2601e2d1ea.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Wed, 25 Feb 2026 09:36:56 GMT\r\netag: W/\"699ec2b8-1a2d5\"\r\ncontent-encoding: gzip\r\nexpires: Sat, 07 Mar 2026 20:56:59 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":107221,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e12e141f3c1d3a58eeb156cf154fa84b","sha1":"5abd5a6cc26ecad518fb4747bebc141781daded6","sha256":"17a70ab93a39d655380ac36da94da7cb0ba0dfc8d05446e6cb41576922a09aa9","sha512":"85a5a23b6438723239b0ae629698ed4e286954e44b9e40691f2ea1194aa41ac70880d83df0d289e14c5e1d374e7f1acca0d7b97b9b3ff4abb62b6ecf561bc6dd","ssdeep":"768:W0qmOOA1FJb8zunREimbZLrxL5mVuzYB3bPAgCp+dFAioTIZKOxvuoUjYClRtg2X:zOOVYpE1J0I0ui/d+J8EsE48JJI65v","tlshash":"f6a31aca32a1b4b002e244da943b0216f33d1929740e905cb7adddd6791ad4fa277f7e","first_seen":"2026-02-25T12:57:29.101042Z","last_seen":"2026-04-04T14:21:57.344779Z","times_seen":310,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"65a86a933f.2601e2d1ea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"875ba27c4b.12f929026a.com/in/multy","fqdn":"875ba27c4b.12f929026a.com","domain":"12f929026a.com","tld":"com"},"ip":{"addr":"116.202.249.56","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:52:00.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"12f929026a.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 14:04:09 GMT","end":"Mon, 01 Jun 2026 14:04:08 GMT"},"fingerprint":{"sha1":"0C:97:70:8F:06:55:03:E7:98:11:BF:3C:B8:79:AD:2C:06:37:AF:33","sha256":"08:D6:EC:30:75:7C:F0:E5:C2:00:73:05:C0:D9:6E:DE:EE:5A:FB:A3:C3:00:EE:D8:E2:1A:1F:FA:39:A1:4F:DB"}}},"request":{"raw":"OPTIONS /in/multy HTTP/1.1\r\nHost: 875ba27c4b.12f929026a.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://winvidplay.com/\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.24.0\r\ndate: Sat, 07 Mar 2026 20:52:00 GMT\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":32,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"875ba27c4b.12f929026a.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"poopvid.com/d/9fv0hzswi11a","fqdn":"poopvid.com","domain":"poopvid.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T20:51:56.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"poopvid.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Feb 2026 09:35:59 GMT","end":"Thu, 28 May 2026 10:34:40 GMT"},"fingerprint":{"sha1":"61:6E:54:39:AB:94:F4:3B:B6:A5:68:5B:72:79:A4:55:37:F5:95:0E","sha256":"06:BB:14:D5:5D:CF:59:61:D2:15:B4:EC:9F:BB:E1:23:78:D1:0B:A0:FE:F0:26:06:60:12:78:BA:41:AE:3A:E7"}}},"request":{"raw":"GET /d/9fv0hzswi11a HTTP/1.1\r\nHost: poopvid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Sat, 07 Mar 2026 20:51:56 GMT\r\ncontent-length: 0\r\nlocation: https://winvidplay.com/d/9fv0hzswi11a\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Vt0tHzjsrlyXqexyXlbAfORNuL4cT9PI%2FwtumwlHBApcN3QqsVHLeIxzFtZ1ozwGPiRJ4gJHB9Is2IYcFVz9r%2FLyEAY6RlsNNvaY\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9d8c7b28ff2bdd16-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15948,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":79,"timings":{"blocked":35,"dns":2,"connect":8,"send":0,"wait":9,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S923811298%3A1772916719423280\u0026hl=en\u0026ifkv=ASfE1-qlhRGiMtK-IQ_IniD8PFKx2WIxJvxJFObqfsaZf3NrMtEJ92oZNR_vUd1qbZ9Wavdsw5kC3g\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:36:42 GMT","end":"Mon, 27 Apr 2026 08:36:41 GMT"},"fingerprint":{"sha1":"F8:87:8B:2D:BD:F4:2F:EE:BB:C6:15:82:A2:65:BF:88:BA:75:EE:FB","sha256":"37:0D:FC:5C:8F:A5:2D:FC:55:69:BB:50:87:EC:B3:5F:62:0E:E5:90:5D:6D:23:E5:27:2D:EC:1D:D2:1C:7A:F0"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S923811298%3A1772916719423280\u0026hl=en\u0026ifkv=ASfE1-qlhRGiMtK-IQ_IniD8PFKx2WIxJvxJFObqfsaZf3NrMtEJ92oZNR_vUd1qbZ9Wavdsw5kC3g\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: script-src 'nonce-o58JQAA34w42zqHv_R5-fQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.130yI-HTbg8.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nereserv.com/in/dip?site=native-push\u0026wl=1\u0026event_id=a2a86afb-6eaf-4f64-80be-0cce93158e9c\u0026subid=357529620\u0026sid=2756714033\u0026spot_id=418774\u0026created_at=2026-03-07\u0026timezone=0\u0026ver=6.21.0-50\u0026is_native=1","fqdn":"nereserv.com","domain":"nereserv.com","tld":"com"},"ip":{"addr":"116.202.204.105","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:52:00.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 02:01:43 GMT","end":"Sun, 24 May 2026 02:01:42 GMT"},"fingerprint":{"sha1":"5A:69:12:00:47:60:61:04:6A:B6:3A:EA:C9:F3:9A:C9:67:83:61:91","sha256":"DD:DF:84:09:0C:5F:8C:36:B4:6D:81:49:72:9E:9C:CF:95:7F:D2:13:5D:58:B8:1B:58:5D:15:AA:4A:6B:6A:EE"}}},"request":{"raw":"GET /in/dip?site=native-push\u0026wl=1\u0026event_id=a2a86afb-6eaf-4f64-80be-0cce93158e9c\u0026subid=357529620\u0026sid=2756714033\u0026spot_id=418774\u0026created_at=2026-03-07\u0026timezone=0\u0026ver=6.21.0-50\u0026is_native=1 HTTP/1.1\r\nHost: nereserv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Sat, 07 Mar 2026 20:52:00 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp","fqdn":"static.bookmsg.com","domain":"bookmsg.com","tld":"com"},"ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:52:00.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bookmsg.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 Jan 2026 02:32:07 GMT","end":"Sat, 25 Apr 2026 02:32:06 GMT"},"fingerprint":{"sha1":"B8:B1:28:04:7F:22:D4:AE:CC:82:0A:B2:C4:38:F6:84:34:0D:E6:E5","sha256":"5A:1E:C9:41:9F:09:0F:F3:88:30:28:82:ED:20:15:8E:C4:73:32:97:AD:2B:3E:F1:1E:C1:68:6D:2F:46:26:C7"}}},"request":{"raw":"GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1\r\nHost: static.bookmsg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:52:00 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1066\r\nserver: nginx/1.24.0\r\nlast-modified: Fri, 31 May 2024 10:56:43 GMT\r\netag: \"6659aceb-42a\"\r\nexpires: Sun, 07 Mar 2027 20:52:00 GMT\r\ncache-control: max-age=31536000\r\nx-cdn-host-id: DS5058\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1066,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2a11e13b2bd67bb9a6cb347d7c73df13","sha1":"b85460a33f9b229f42c08a6a94ae433a4d5c32ab","sha256":"1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56","sha512":"059dd018bbf13a669d73f07442288f165bc6b305afb0df955773a0efb7454b8204095196231179fab4cb625e189c7c735fe41dc5b67fb8666d584214277186e6","ssdeep":"","tlshash":"7511b56be46c4dfede41f0408dd80256f8324a5c8aaeaf39058bc7da4f584143a6f01a","first_seen":"2024-02-20T18:30:33Z","last_seen":"2026-04-04T14:21:57.374677Z","times_seen":10776,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winvidplay.com/cdn-cgi/challenge-platform/h/g/jsd/oneshot/ea2d291c0fdc/0.2911530913238323:1772915154:MRkC8Jar09nF57TmIP8akTPYftwlGYXS4eqkvfgMnh8/9d8c7b2d09d9a9d3","fqdn":"winvidplay.com","domain":"winvidplay.com","tld":"com"},"ip":{"addr":"172.67.189.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/ip129jk?id=6131316977737a6830766639","date":"2026-03-07T20:51:58.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winvidplay.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 26 Feb 2026 09:33:07 GMT","end":"Wed, 27 May 2026 09:33:06 GMT"},"fingerprint":{"sha1":"9D:1B:D5:EB:27:A2:9B:4C:DE:3A:18:C6:59:65:C7:30:DE:13:CF:E2","sha256":"CD:05:1A:2D:1A:F8:16:84:88:50:E3:B8:35:40:7B:07:FA:E7:01:7A:BF:5D:35:60:93:98:6B:5E:23:2D:09:04"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/g/jsd/oneshot/ea2d291c0fdc/0.2911530913238323:1772915154:MRkC8Jar09nF57TmIP8akTPYftwlGYXS4eqkvfgMnh8/9d8c7b2d09d9a9d3 HTTP/1.1\r\nHost: winvidplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12195\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/ip129jk?id=6131316977737a6830766639\r\nCookie: vf=9fv0hzswi11a%7C1772916757%7CIiu5KvUQLVEQ8OLp-tmccbyMu1SeTJkZaNhuduYwzKk.YhmwM7pNSsNm4-IsA5LCH0p6xEU4S8yad7RkDiOkwmk; cf_clearance=0Ckz7gKUd.TB55L9slkqTyv5AQh017USSWbdHYYWbc8-1772916717-1.2.1.1-NGXJKUtRry.AFnO_N6OJTr9hnKxE9GddLxQ.iAUbT7JgCgKkZTn4wmQwD3OOVW3RSAWThMvP2dLTIaMJrI0eKCiLDcCNYqgzTZ0k_xP0symIBRYCvctDVQRdmaXwc8HGRLbIqhmfr7rKcGCt1juTCCGJA7ZnnqcUROx2WNhbh6uDcvE_LFjlUALP5QEbvcIiIseBxchzUTeODRy8kPD7AGmVJp52h.h9A9warHQsUz0; _ga_RRBBHD087X=GS2.1.s1772916718$o1$g1$t1772916718$j60$l0$h0; _ga=GA1.1.182876236.1772916718\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12195,"data":"OicL7WGZldmDDl8lZTGDDiGpJGDyUy-wlyc8GNyYLvKWjtitGuy1WOWJyilUAyVW-LmqyAuEG56L9h8q9y9iiv9ylVjJyGWLGIzdd8Ggdh58Lk5jDccG17DrdPgfLLywBz0zL5VG8LBjEiyGpPD3alLJmS37EWzWy$0LCyPWCt8AwjdZ94lZ9Xym7l3mP$x8EyvBJZ9awXEMXwxWQ8y78AyfiytkbUydrO56AL2HTYG6TCVZ+433iiy7ctyGKmlzq7RYqdyhJISKHA8QLylBjP8ccLy7a8TOpLSDcy2w4WEDMZRsciyCpt8fEvlVwOD5wEZdpyvci8JI6jLyml1C8ZjGt6St6PtcyZkAy6a8WcyCABEqujcWlcyrw5Zz55Bfxo1SoTcIWsA-qaTCUgDVlCxHcA-aILC6ZJJGGZawhXMyGlHdfGq9oqEcco1Oo$cV-9V26o6+KJDXucyiWvJyGPZz2JUG0NCttULyDOpjjvwCa43zKx3V5IHm+9w9oqq15qVa6VymCc3wsBCal2g-ZJyGUN1BKw96NNXqJE+8BNJKHq1qp-qiFqwTPouyuiinRPJ+odD1ituYNHALHjPDULyZ2pWsS1n2HEZ180oC2Yx9KkcwQ8IRGI5yp5+vZLiE59NImMcmfkLPtLqQHc2hKRR447jY-TmkVXm$FhTV$CIO8n3IgfgKGB7wfv08nWybyur$TiXoN$p7tG9olQWZpovPwonkxtihkNkoYoTsghGWUay0r3R+LWQ-joTlcktqgiFhL9yCdpymk5hlCW5GWfJGl-94Z5hkpllkD$1GL98a5k9i4icyqoiXv9wLuh84WoIWY4WcpcL1NyHJP7EfGZVZumTO49BHhp9Ll98ZjWGJ5lsfEGyIlC0LIGEZJZyJKEBGJLBL6dEWlccbRFkcQGLO4EWJtss9NRytEEWJc5j2f9BBNy3-0dc8LyQVbzVCW2tTdcSWYNylWBZdn4hyfSBZlJ9BImfwROjJdHS34ul-cczmIdc7HM8f3zlG1ORgyC8u9mLyTgfOp+8qwj9flJHyicWfGfU9ozw-lt1gG1$jPcfxTGG14EBzf6HYVAhfWRW9BAGES5nq4N1FcESB4JKh+ywJ2t1Ot64mxTKlF8OylqHlGUyQ-vmllclmLVytNcaGBV4+SEnmW6cX59W-9mTdRpEzGF7w5mjLJ9GEW88BdNsqmCX-nSyB-HdTiOhyAyJ8lJ54+dPNJqtOxEqwtym8mwv-EWW2-WACf7ZvSYiu-MN9GG6ycZ3lc4bkU9aqyPc-A6gvs0BLCwbdLvA7uMhD8jSwE8GFOA+BLyJBEjVdSLcppfBXMtjSUZpAc4RWB1$zpw5iFl2HjUh8yj+MTMrwELWSNyjEo0MuGSBJnLXiE9BCWY958QYVyoSyVHxJ89Bynpt97vFcGs+ijm8haGldyc2ZlYLCaX6ptgXlY0ZMX+G35nz-GBO6uGyFEwBXNssnH+cv77N3UiFP3HvSP3Cps0cZoAOCHMrEqjYAK1cGAkZHnhF0bIpO0sLP60vv3Tn9BruB2$+TnPy0$6YDmjtA6sCGOs-mLvANyHygpyC0E0aFbPqKwGcOgkiOUlmdCLCM3pcGkmJhiqE-QCy4EnG7f3w8hUgGfLITSQCCkfDyGrzGBmdjd7TqJ7jvlNuE7JtLgyPCPCpjIOqwHp4PyC71fPMtNKo+M5JkBWshllN4lJORuyTFR99P9HcGyjlE6$c8tJbD-lG-o5kGXfL0lZCrpsUS54YXMCDV4mZEBzhyPSoi14BAk8UhcR364DpywuzBl8VEKjK5KNZdFhyT98RjqEOCu9jctK97BqJurYA1Ko6S7TUJ5yDto9yyA+99GRQtOXvETT3jP9qSg5l29ZJlQwNCCDdyjsM2H7W9thyjT9jAmrBJy9d9S2VgWcCU9sREyZlGp-6SAR8QKl9cK2vqtlGSmXR8ZpHONllhTtKNkqIQ78Nq98fpbZxou-WPHlr3JsGKC-tpwVXRkG6fubt1VTVk8IN$RyGCa8tjAGjhThbEL0WaAroALyTDcqJZAlwSWRwffoV-y5QRdC+-SLH2wfEkV88KFT+LjmclcmUHZlQqCOGWsBIlSlPQS7M-o3dCiPlVP-HPAS-ycPY3lxrJB2ptlqB6UoY-DWyDXCRqAKvyGUPSSaZTr5dEowLBzmJQDl1DtvQt36apfJ9Ut0P46qkgJf$Y1UdRqqbXPZAv-iA8oR3wMS78pwXOJyL24DRxqizAaw71Ir1+T6X$oFDgmXl-ksIVJrvlO+ozClHJdZryDHwlux4TGi5dG7X4i82EwGdwLZpKwBp4LoS5S4OQvEmkgCbvwCWSp27qEvbbPEBVmvf6aU3vuGwHAglNNTiK4puPaUMtAHJByUdkVjvRIdHk5XAK-PWLHBk2dyPzPSrqrntpQqBdDRalGmOkBUmCy64S5k5yCc0V-GTFZS-zAXMELPzKf8MV-oylfU27mbbNUZ9wNyp3JWRKwLqcUCa2uXkHyB2EuuxKcCfSrBw-hBS3IybRVtuC6dlLtgr+8G+zVdyT8MVxuCCxQy9X8APlDlJNv-ShCCl+zSIW8G-LYz9PNQB0mnlyI+ZjwNwA9AMvXx4ouaOcuyDrJyjRBIDTMcGoCEBiVhyfv9IPnroQHxCL7$56qAmlWxEFEACfKxBTT$8WPiZqBizP$hBLMNyKwcvadwp9liqKHPxg7bYhZm+yj1ZXQKLlLJdcUFyHrr9yV6XVRu1EtFx4Sr0FnyNzt8Ed-QhDmEDjRBWvLLNfwgp$i0inZLUIQqPCAYwHQGvqKa0x8daqWQGK5NSPFbPCjx4zLcNLBHo9pNOEaVcAgdLCMVAVLGJ+wVVv3H-1+C+LTV0ZST$KY4H16vCAoLkQDaZRMQcAiLS4GSh80iO7culPX8Esg7bxZlKdN7Wq9ITdEu7CCdEz-fDyjWm$y8bargzyrCtnVpoxJ5Ls9jdsQrS7HQ0I-0VPHZpC-ZACOgNEjLvOJExndfO8yL8ryWcEhyIY7wqjkbgz7HGFwGVHzKuhMQtt17r-5ahDPHlngBDc9bvBGQ$+dnPZ9hhTAdFWGjuEx+Z32p85Thyj-GP1DDd4L52TStR3ghvNCh1ozuSC$IIwL7BP5OVHTikNYrb3CCyCFrvqPO$kgbdk1KSvhC3$0-8JPArAv19oNDjaw9fyTHVGtobhSPacXUKGL8w7I0t8BOTgYPvwXlpd$1YcPSdPNRipqPKddDs3KB6Ro0Rmxy5PYXiJWkJmV2tloDR7JK13llPcS5$LgGidrRPFP54-OKKN1kB-RP+Mcoa187SfIXmlhFXZXP82y12H38Ztw00EjlVLYZYwV-08xZpc4HJuGhA1T5JotQ97z0Qzqca2+uGA$+Ijt5iJlPCbdC1pccNhTOANlOuyGyEp4TjCs+ZoCyJPSzPk$TUaRqsAWR$1xDcWuaXDPwLIsFRpdAvfygCAxAD1XJkaR9LgC7Xgy-DHr0va8HUlPZ$hN6vExfRNiAPdu9yldDLVyiciPLAWXWNVU3JHU4ZgEaEuNkNKGVRmUQciNJGMtcu6UETKvwvdAiEETVZQWQJXD9UCsENQJ2Em$MAgTGW8ltGL$DcgL-yhq8brxavvcTrDr7lKybv8Wgk-takWEGyHDCJ6LicCx+dKxqrlvZL3yFdLAhG8XDPkNPGnGTDiGaxOGZGsPRWcuC$qB7JXStEqAMUxBhTVXNxrUKdRchxdW8tTqDRyAfDAx$8KbQCopAxTcLShySAYPH$HdO$Pq8X+bqt9RsqDrFXjWadlcAkZsExwRt$5khBKupxRGLvKBoGRsGysBDclPGRZ8tjsxpxOjFuZ4Vr5CbJHdhyxyE4NSljNPGNa8hBzBFb3BcyalTpWWANCrHcwjEkHBztNiaEINdA+lzr2Evu843suk5DgDQy7$Qxtbh$xS2vRTgWCvtEA$KPd$9Atc5ydUHdPUcxDRZpMv148X3JWLYqUGUUOybUFx-CSXYkv47JGUi9PNJbKZ0lwLY$PtsZvkJUtcMDEuYPWEjLDRLvWG8$PALxa93ShlCchUYPdX$Jly642$$Ln4TuMA9yhByAJAEuExd$ad4EmyZLkdFuExqrhCMAKdj4qrmSdcj4GR9xrsn9RuBRNsCLcGzC8GTD6qwAyoEoGyVyVs240qtcjj8LCpLvFl3UyLFlQlzd7UioYAxjvLnEcDLUfPJpbZhymy2EaRmlLvnvuiqtBGz89biPANN$hyU$-CcuCrC9z9DRCpyJyGdcLx+lqiuAxyiqjLJTLLalVEluLV9y3jjxfy2Pyc6ZKdKxGRFl5EfykPg4cT-of9AuiVp4nSvVsoAN+JhyOykVHu+vcBn9XXHZ9NnEtAGuaE4uLcCxadJdno8yxZSLIsaVbXYBCST$998tiK-tAxSrhySxgv3JbldcbuCVXSTJwqM$tthVlbS9s9$JhEqAtAMKtv0NuBrPZjPSMUxqQxvV2x1NLWgS+EcurvcLaV8oyfXGdcE4pGsc2U$LN9flnExyz$dbKJRGMGxNnKrjUxEGyfHc7yXigC-jnKm$-$HftA6jFDVSKVpqHVNsOVAqsKop4d$LVXCrBTfL5CopUPhl9BHjwDITATrKCfOxAfu4qSXPIs5rgqk43JDw1y+yGL$orSY9ZsEqiT5dp9pBqDgT8$hA8t3jSwZEHZ8B0ACB$DHZAKBvcyCpwy6d7wLGur-y-$DwLqVRT4OyDKX9VRj$7kNdASK$MZlsMwRG3jvVPWZcXZLPj4fUnAbVtSfGrSsVYPENlc1tzymtUxwAlq+J5ERE9LwxgPGvar5$nLAB+VdqFtBw5TLvZUhb2qlswX7HaPHWzt0$3w$SxJINqyDxdlbwDcnxA9SW9L$4+BtcKsqAdbKBPRYP6wXbOo8b$8jc0LhymNSLvGbbTDcuy1QbCpREbZqNdAy4DR$JKyvfEqlKJbxD8JCs5rMDTVEkbUy94kuyUH9AUXj9Ms6E$JARRAxyhjPbcuPJIJ5yFfRA-H$vcAgUZJ+fp97J1$rotHrSAwW4nKGRaVJNbHF96f1dSCCJW9MwHZE$-DXHMODjST0UaOXDxS9b9v3jRTny0UJHaK41icXDE4ci$$GLTOCrCEhPDHqR5UToEAzjVRZpjJvr5fClpZVRjOcw-9zt5HGNvdgSnbcApOntuJzt8LZA-u7b-kGy4$NdQwhkv1Cj5IhBuVxIKl0EpS3xpKyof1HZCruvXDafjfCriHX4KkAxGuZL$LRKfOL48$yGAP1ycLCEZEa1$JfCN1z1op4P5XopV9wZCsGo8fYP$JbjYf1jvdgyA4rSjKqSYPcEENpNGyJBVVk$pVp4wLC45k5r-Z2Et1+lmC+DVKs1KP-rqv59OG3jcu0RzZnPqj$JXbJNwXKBROTkUOCoq9ZfUU5UCJTHOy7NjEqkCVADqf4oaXiWEs89-I7I2ESHpbQZDr3$xLDrmI2R9H5CBdLjKlRTRoKxwxbsykXVJxZHHJ5TXkGtCu3IZJFpQph9Z9pvvcZGHytbOZ7T$LIsTjrPnxRjGB7oyG+djIQEGjaofbR9jfyo2UZc5orudbYYHkAP5UMx$vq1pVLvOMrdWE6Z01411mQCZpsM9fAxC9SLwlLAzwCpXZPS0EkAYZwX6EsSPAa$Cs94wXMjaZ+x+jU9Kd2IAB9LUvC5GDHyWB-H5UdKOyTOnv9ALrUDv9UAZqnKrxA9E9CsQJQJ6ERPXDKxYMxdUltdvLn5lkIkyftcK9AcYPqrF1ZLCv7TaRj4ENjcdRT8N5BYcyEMmCQxd58LbZad0SOBZJ4EdNBuhBm55EvcJrHIJ9QWCsaVa40JLKpmuOXIKlGRxM1OcVIOGOmO-ORS9MBJGLjLlPKwQqpVE5DlHGVHc1Qug$hbmXXxFbQbkVfV8qLwtqbZisculqRqjWoUqrLOmXj4xVHK9ApgBL4L$wkoQquAmyD9YfGRHcx1nKVASsfyKT8E2BCYvdXDKBdlnSKBkMd5GV$JnN$kvXFVUjadKxFMwXvBFC$BILoZ-VMGKy5GycUb$lWLiDysyHNA0Pg5iVhoBMwPqizC-gOPQLJqnKyBacoYntQyBBnOnS-MDR3$1fjfsHOBNdyARAtAv5ypl4cwEU+dX4vUxmt5wgSL1gigpKNOLLiMwL3wDfFOGOJIvTbTDf2wwXQM+MKdS7cu6j$vYflqT8y7MU9LZmVyRYlZBoIo9o5fHHh7IMAN+7Yf5rfm9I0wvXRZAZ--vXiWYx6AGLcu5r4MONc$PaVSuacIjNvwfMnuMwwrQJcubrZSlSELEgRH5CXASXOVI-Ux+d6U4rCGxogO$xOGRT7E2E7GE5KJ+C5oNkjovMDR9-7JJHfkaw6MiV9jBMA5VM7O9oOK7J9N9AvozN-XgjJggbRbPgywCqIVHcskGS5ViVAwLmxOI2zGYxO4gYVxjUpsKdaYBrHTEL45wLhIlGoOEL8JPkYPWoHygx3wrktc2bwq6A-yXk+CHmhC-EhHuNnE4IPYlcb5q22EQSpMI94MI7RIV--y-L+V12YSyECJztsccO0b3LWIp2$vaBt-5wM$xLOgPmumFDkmIsEP2vzUlVAkfLlEwL01Kxam$vkMmmqFBr0-SPhOl2bTpIDhoMfZcK5ICrJILLlVwqqtyvWbWW0tq4pu0MnO+wOygS92WBCpsk0tu9jrMSwYlaIgyf9VEB3wo$5bk2lFlP2bVLKxrvGyiW7ZsEB50Gmv9oYo04jN2vE5XSkQiZ6KlVa8qNFJAUwoscj457I5gl$FHFUhPsjHVRtgQ47DHIQ55-NH$wcr8rr-r5sSoGTh95KPlMOoAIuqPSlP6OZ25Yff2uwlLcc$ZLqYQ-ZJ5vQrrduJwK1u9AxwWPc7TgE1FpN-wJfLgz19Klqo5TGKg$Wfpuci3aDfGqjqcauY5hvfZoHK6vU1TSDSIbq2EgHcTVRLq$9QpHRAAxtgLv07ovAAuwdb4djE+dC7ffbM+EWRBMnIJriHuPlwnKnwWQy76uLX0bx-vG6E$ZZJ0SBtcwA58wVXaV9L0mHDRq0tNToaEjuiIHDroGy7YffI8Jy5cA+59PcLLx1Fv2kjuJOFIYZv-Dqr3aLu5SSfV-1BO+PW7EoFx6MREVNBHRBM2P8LHmrOArf7Pc7h+hQZ96VQK6IFE7vcHa2E-lOMvLcwlc5tNtC3fxPMi+ZJM1vLxBQPFoEfH5k$ci4MW+Bq9KnPRvC-$bUBdclPGxQCsNUTiancNTLRscnMZx2fa8ly-QwHk7o1bJcu3VdDWosLvoaqZkIsZp0LvLMd0tqY-hj2NQzuUQJAwHlW$QBSuX73fyhBJX+AZ5l5qAR5LcBFlH2E6ULKKFLWXXfK-V7VvX-aKxaVxP9AdvoA2-t-UXi-E2pS7-CsySJSvXPfJ6wA1GCo3jjOF060M3cyrOyESaQQF$+QzRVf8XTzoBZphBCn8b3orGR4$J6R06m7lYhOjOvVnNl3AvD+wROQbgvLmjcB4HDRlIFt1Gdo8JS0+EGbKjYhxgm0TCSW9Yvl-REhy1jBhfyL3JMxLjSlWw87W$WZyQfhLhBIYy+Jj-oFm4XkdiR2oqCQ-tDJNE-y$2A791TCjPG7rzlZNoCgli48kPrSqLAjRP-pd7L-HHwtRPMoHY9$Exh8lsmclEwvpqExHhjWrJYE4s9+h8qwm1X0J-yqEyPykTVbZdNsuyh8ldmnjLG7WwLRohcquyWy6pPIfNfGQtfUMp8gHNcDp7WBRmDLEShRONztl2t5DkLtxCptDmWcMcIthydJgfrrmILfDZiflRJcQZJJXA6occyXLAHYyCOdtvCd--BlKytJWNIWfXy4ljxEkxcbLWl5jl9EDJizG1fBBtL28txxglllvCFItBBJTCP9l8hiAGTjfApHA6XBDoSsmJT5vYGbm1mJJ5JIyVNtEhk4DGANCCv-y6cImILvLvpNyfNfwljDaJwX63EQGwlITC4UCrHwPhzw9LELUbI6RmGwmtNJCHG3j-UhlGIqCbjTopjuNOl-BztdiUzBRCKlTBaRxcMtvmmPj0voJrtPRN8L5KhCuE7iAFN$G3mILmCJJfmTo4tBqtuAJrqYNlh2Gl8uSvC0pAlCRlSJZcoaPYhT71Arx-tfCz95jCMmYlCkhC0yJjC0jxLA+GYlHl9hE5TjhTmhmscRLXEjyQfR8NRGNGd97k9JTC67CvhBJJvlZqvllyVfppotypF89TWM5wpyLbOHtjTy0Ed49jdky2GqhffD8gL9P9hkl6CfsZPx7SCCMgfyCFmUdqxqS9-yu5jD9ErcgvvURujAWrskyFPCUJlEBmDLHpDgPRNGhiY5B8LdOPRyAhJ46jwLsC8PwOCIGgjJ87vcs9mfB5Qj+R-2QZwRNhtvyREHQ7ccUfuJol8yfdRNvPho5acqq2dVC1vNKWx84MyDJ34GGipME6TlZ9ElaCE59LYL1JQLhGmvGxcwJIp2WWIShlkB2JKc-z4EGfME4f5MftNhR5LYZdpEiCjTj2f2ojjVLRwcxR1pDWb4hyqDMqcBl$WqTdVMWduc+C-B9L-AhZRu79maL2lLS6rcA7YBwKl4uEOqd$-Bl5mMPp-hymP7ZBDJbBxXzS9yTvfC8NTpp4JGJN8l6JVNmt61WlyywyRqyCOhvPsNsJ-LTiyQR8xuBLtnlHyWmJOtiC+NhWotNCrkllmrLKHdiN4mwvPlGm6LjyqyzLl8N2NpswqBtU-PC9dlViTDSdlxOtBLSdJJLwLfh6Kw8tQJt8gr2RqkACGs-Dyqt0Ev99yyhfDrBWdoO9d1iYEqx93bucdQByDfRPYfOwNr192RWVya6H+l8GxmxtZyBnysa-hgi1ywu1VhVQfN8tSiBDE6AEvnW$mvGVAIdduaW4smXVmdydfghVCYh8fvGvG8ChBzc-dRiRMLIv6WECmwyb99LyyfvYyuJFy$E97u3RNoxy1pPIGc5IpEfKNcL6BdI+TrTEFtGZqJMthDJu90GqiAQhKdqRXmatZcfy2pq5v3IK4mAPLoWE89SiqCHL+8hk+abiDMLoJNoLlltlXlOcP$9J7WHsfEBo$Ka8EMDCggdy$oICSuBqhlQM5BBWbhmtNCkaBM0kQJSLdxzMfuASJgddcvvOBlH4A4J8HrU$+nfPyHoVcCwvv6Zgkjjj5E8UPIC6KtBX8xy2PvvOaC-c+oxrVQtE5xwUHXUQJLChllqp15KTP3CChKG1CHRzojNAAUlyBGIW9Emtc4cB+zCEWNy0t6oc-dvNF5wyDiwX8Kl-iASSJ4d4Ch-O-mjB1cH9CFadllW8M+yVL-pl5L5SA50GqGdLvu9Li-EJJ3yHbCclHfGLjLlpW8NAhMNuybPfpvL6ZNxGwcEAzTpXvpf-lOAjcH8rkhVCxlmRuLZ9cu2fuK5SH6DYfZu8OdIQ8MS8Ky6PZHmd5WlHPuyqSlVyQBujYcBtHuRIlUl--LPcy-uAk7Zldy8raDkPGhvH9jSPyYLkJC8msl3I5qMtci9PW5Ph8a8bZ5ijFcs-LpktFCrqHAf3BoSp8XZ+Ffh76oKgwyYycqMQc$LmozVa8tvOU9mPOgUK3ONkJqtRW6fkKbJqqOFcFQXGMqyVMkbuOTL1gkcbUlk8KcWjkJZU9+l9vnWzQujnt36HuU8C5wKSgyGDUEvFcP4SyrG3wqSc074JrmuKBs4XvFO1p+g5k9AmxzQO1pwJydcVluh09Al5SiLMtOpf$U6Pkg0KcLxCc2d8lyvDpMNRrmnq1XhWyfu3VUq+7yUmg8fzKb$zQq85cAyDMtUJ9hfMPSy3SkluqzQc-tzKuKQtxOf2wMPlmVKtl4LdzunPT7L8OlI8GOmgQdvOZrsTQaIQvBZ4mDZLfivM5OPKYBylmHuAyaEcoHuKfCQYvEaj7A7jffDJyBEoz4q4jfwqqDbFOBQlGhpNBNBAGTp4ELKfblTH7$HCUil3KoWXTbgCdzISMcJsdYfLaHhr4pKmdzG8iDDmnSWf2W5ul+yZzQyatZZH4zik-QTvk8JRoGVirlzyvBKpRtg7+9pH91KtzWX4NQW0P$jCwJRK9Zvggt5y9VApL8O8rLzIGZwAD58Aih25$Si4QCH+9LoFWHvYyrsoLOMLtEvfGf5R4ZpZLIB5StuMXRGDianKKSrqBSRG3ApTUfHU8hDC$xoBXzt4gfbl+yPg-rHISFcJD3ykXWbHujnBggvmdD3PHa7uwDSYkRDrMWmvSlSs1xV8hvHKSRy4JRE9KNsBKgvi4SmI7zhpU6vHA8vU$zQqGfiylwBqUx98glln7DrbINBZlolLz7RDMtlLOChBQISFcDvaGRfN2C7YCHwTLNMJOcHHGMqKEkS9dymgtEoZhqmBJK9pHLolHdcHDZch4AugpRBq8FrFOh548C$MtlmfIyVH6sJibZUSmTGSLlSYoGt2B-sO4HuHGs7Tb4Rlfmw67+o8t7if4hqCRrxiOSp4hB+ZLJWKH6EaWm4hBy0YAJ8EwBRs6DWRSTbirF8mFvOAmycH8DT1jhvsz7R-H3Wu90yTIHtBT4j-2rzIBOAdgFP$rfTxJvmG$GZdLvlDHirjKGaIL4RINPNIwPRgKVxLdOzVhcmkSmHzDw1U37Yt-LC1HyJqHQO-H379LUsXkJbk5t9gA14boAtQqpyxGR1QjcHV4GgAVrX13tUIMSowzq4CsobtkbU37t1rk1krpuzz6aANrUK2YcMJqBNAOaB1AR1OZqaWz-rGTiRTMUtyqAvr9K7ZfMM6695ur7yls5Bml7qHsrfH9vj$Jbp7HYrR85$Ujhko8lcp6fGrD$jJp2HzS111rgKJbk0tBEGk2X$$Zpf0QhrfHkIVMMbayU+rfH8lrMJuayUgrcOTlL9MGrn7E7JOZlEZ8BoJz6awwNl1OML3wzUrsf9ry1RUp2zCv9flrDBZ6li8Orrf6bW52cg6zMJVlmbIBbPa8z5rmHQl4a5Er+7s7MSLEX1Ucp6UsbsLiWtMJrrtz2ANODWr5b4pAAArPOSWDY21LAVISfHPWFjRqcHHXv8DUX1Wq9PcTl2ajLNLgo8a-PR2wOsbZRaUoWHq7rwPNa4RGoE1x7Af$Na4-yDc1xvCOYPD9ZBpsTPVEO-Pp9HGpOA977OwL-9ZkvnH$jLI+rztUfDJ1f7gHoRaM-t3W1wGQHmbIo-6qD1o2fwHXY7x-CuUFRfHkU1PyVrPHm7O1PUL1RZkNHv2aHHUsPGdI-H12WIQRDYAZauHo8UOlrIaAHpuAI7k4qSDLvDoXTM7NcaU+VA1aqUoaAI7EwWo8ynNXaVy3CR8-xdUTXVqjxv0BV-wsgTyRfcclEfTPuTsKBOuEMZcsmoftBU14BlyvPhvm+GWwDb+SQx9uS-GdvqE9X7EC6i+DIj0vib0QmEv+ZLBkLkSOk4xQ9bi1+uPCMNply6btjdP$l2u4KHDaAEQLxVccCLyyGXMh8Tt0SuyCKpcmb6ZCIw3D7JocVsCLwABb9FLPWORvPCzjPyYDYEqQ0pQiWoLovUbLyyj7yGEry6CyLQkyFG0c8LUZBbGlFqCNpMCd8bkvjl6GpBrtlrM8w+yRFb4DkFyNPNumrGuMyyltll6Lyyw6gDwTZGUWaHHdm8C8GpJmMYLDylRBfTMy4MXqIzjaD11PXrGLLMQ2WhVTQB1Myy2QV1PXCC3ko8yh3VTbE8ywpVTqaI1+DXnTrdlLq5pJmry-EWx46xgktR-GYcREMhMyhm+rXmMzKyLc6CWRoL8YgydW-pmx1$ymdu1HdhpyylTHcfcj7p8yNyyHkiN38EhauYGdyft930spkLUBC1OyqLd+I8mnBILGGlZ6I6pNbmVJfpHfm0LYXPc4YItOs0KmYRoBfJT8U32jyE5oSbWXDyTbAcQr4GgoCZkZBi5rB14AEabYhViGblN4wY+QfCqyJIm8XzLSL6hR3oIlzAYLVLlT9ZC0uyRqCfpMJ9bhj+rG8ysxERvLhVT9Fcyb8by6yV+1GLNVqNqryKCoNoLEAYqDbxxdof5FJR4KJtbjqWm0XBp$LjLNL22+8y59zyd0mbfp6kaSp4GFymbhNNraIprdILbPyymCA$ayP6Iq+hDb8Sq32P5D413FZMRo0hRThjTxVpySyxHdEyymsILyy7SpGDYUB1yCLhLlEG7JDyCLvLyhlULcmryZEKbfzG5Ft8cL24fZyyl$YBpyy"}},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/plain; charset=UTF-8\r\ncf-chl-out-s: mvWhK9NNUgo3BazrwhPkfQ==$zlFkhL7pXkDuwp3gV2JOnA==\r\nset-cookie: cf_clearance=nq3O8hgTiR4B3J8llQRjZYNlwhCKAX9MFDitY4V2ekQ-1772916718-1.2.1.1-1bJEMDTB9KdsAjKQY8fOVQuUKGaZM2trblaUwLEti7h.1lEMnNr28.aDPumBArIC6Q6O_y030yQTFLOPyS17PX41WEZf_trej036A6gjlYwNmK2QEq7aDA5HDjFHW3aA70AKSDSPwx5MHcBOu7XD34oYQYN_utPoBej83rKf8bDwGraZ_AlD3xnSudEyfzb6WvAj54osdamJFIN1_iIIdwMyytiDGxDqf93usMd5iD4; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=winvidplay.com; Expires=Sun, 07 Mar 2027 20:51:58 GMT\r\ntiming-allow-origin: https://winvidplay.com\r\ndate: Sat, 07 Mar 2026 20:51:58 GMT\r\ncontent-length: 0\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9d8c7b324a90a9d3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"winvidplay.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nereserv.com/in/dip?event_id=a10b3e83-c2fb-4dd3-be6a-db427cf5e7fe\u0026subid=500843478\u0026spot_id=503362\u0026created_at=2026-03-07\u0026timezone=0\u0026ver=1.172.4","fqdn":"nereserv.com","domain":"nereserv.com","tld":"com"},"ip":{"addr":"116.202.204.105","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 02:01:43 GMT","end":"Sun, 24 May 2026 02:01:42 GMT"},"fingerprint":{"sha1":"5A:69:12:00:47:60:61:04:6A:B6:3A:EA:C9:F3:9A:C9:67:83:61:91","sha256":"DD:DF:84:09:0C:5F:8C:36:B4:6D:81:49:72:9E:9C:CF:95:7F:D2:13:5D:58:B8:1B:58:5D:15:AA:4A:6B:6A:EE"}}},"request":{"raw":"GET /in/dip?event_id=a10b3e83-c2fb-4dd3-be6a-db427cf5e7fe\u0026subid=500843478\u0026spot_id=503362\u0026created_at=2026-03-07\u0026timezone=0\u0026ver=1.172.4 HTTP/1.1\r\nHost: nereserv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":242,"timings":{"blocked":103,"dns":27,"connect":32,"send":0,"wait":35,"receive":1,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"65a86a933f.2601e2d1ea.com/e4c025465f41b7b1658d36c812e991b8.js","fqdn":"65a86a933f.2601e2d1ea.com","domain":"2601e2d1ea.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"65a86a933f.2601e2d1ea.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 02:15:09 GMT","end":"Tue, 02 Jun 2026 02:15:08 GMT"},"fingerprint":{"sha1":"C7:07:BD:71:69:8A:18:E1:AE:0C:4B:2B:3D:06:C7:26:FC:0D:19:B9","sha256":"73:3C:0A:61:98:DC:81:FB:43:1F:25:58:DB:6E:BA:92:9C:FB:B8:64:80:70:3C:C3:04:64:F3:8C:00:57:8F:E1"}}},"request":{"raw":"GET /e4c025465f41b7b1658d36c812e991b8.js HTTP/1.1\r\nHost: 65a86a933f.2601e2d1ea.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Wed, 04 Mar 2026 11:24:55 GMT\r\netag: W/\"69a81687-94838\"\r\ncontent-encoding: gzip\r\nexpires: Sat, 07 Mar 2026 20:56:59 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":608312,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"59ecfb3e83a661a22ea8474232819a6d","sha1":"31b783330c4f0f1e450de8346b878a0c4c965f1d","sha256":"db9204f027859a4d8887647e9bd9351ec7c35676e9d769cc0bd66fd1dc1a8b0a","sha512":"9ab6bdf9080cf29c4787a0f08d3632cf764217b435d308fa05642555f696aea72567baa73c1cf4009c3dbc0914fa59b085e60b90d6460973eedb7f9bbd94e846","ssdeep":"12288:bO6w3S6RowOCoO68X6xEOjxIgWQfKjb5xoWbmx7bvVTQBUfRLsdGHGchOdEJNpFu:bOxVquCEOj6gWRxxdEcUS","tlshash":"17d45a3132911139b0bfc8c6aa66278d336cf247e9170f15f96faaa583dbc54f625384","first_seen":"2026-03-05T11:45:13.803888Z","last_seen":"2026-04-04T14:21:57.371315Z","times_seen":10,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"65a86a933f.2601e2d1ea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"nereserv.com/in/dip?site=native-push\u0026wl=1\u0026event_id=3dc8c0b3-2187-4e0a-9d12-29be5ad301de\u0026subid=388464194\u0026sid=2588764282\u0026spot_id=418776\u0026created_at=2026-03-07\u0026timezone=0\u0026ver=6.21.0-50\u0026is_native=1","fqdn":"nereserv.com","domain":"nereserv.com","tld":"com"},"ip":{"addr":"116.202.204.105","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 02:01:43 GMT","end":"Sun, 24 May 2026 02:01:42 GMT"},"fingerprint":{"sha1":"5A:69:12:00:47:60:61:04:6A:B6:3A:EA:C9:F3:9A:C9:67:83:61:91","sha256":"DD:DF:84:09:0C:5F:8C:36:B4:6D:81:49:72:9E:9C:CF:95:7F:D2:13:5D:58:B8:1B:58:5D:15:AA:4A:6B:6A:EE"}}},"request":{"raw":"GET /in/dip?site=native-push\u0026wl=1\u0026event_id=3dc8c0b3-2187-4e0a-9d12-29be5ad301de\u0026subid=388464194\u0026sid=2588764282\u0026spot_id=418776\u0026created_at=2026-03-07\u0026timezone=0\u0026ver=6.21.0-50\u0026is_native=1 HTTP/1.1\r\nHost: nereserv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":217,"timings":{"blocked":90,"dns":1,"connect":34,"send":0,"wait":36,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"875ba27c4b.12f929026a.com/in/show/?tag_ab=a\u0026site_id=31418776\u0026adblock=0\u0026testab=2\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=hq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=1\u0026conditions=all,dch_ip,tz_offset\u0026ssp=3964\u0026page=https%3A%2F%2Fwinvidplay.com%2Fd%2F9fv0hzswi11a\u0026refdom=winvidplay.com\u0026auction_time=1772916719\u0026subid=388464194\u0026sid=2588764282\u0026tcid=0\u0026ver=6.21.0-50\u0026ver_c=\u0026spot_id=418776\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2026-03-07\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=77.79266918366731\u0026kubik_score=77.815\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwinvidplay.com%252Fd%252F9fv0hzswi11a%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=\u0026crtid=b0681ff5c1739e7f8bdbb8527f77d810\u0026url=https%3A%2F%2Fad.twinrdengine.com%2Fadraw%3Fzone%3D01K3R8RBM8WCV45TJMNQZ9M78G%26subid%3D388464194%26kw%3Dome%2Ccewe%2Cchindo\u0026icons=iAtaopsacyZKq5Em1DCYGJ3UvTHQ9omRJhf5BccFG_zCUSalTS5FEGQR9p-7Y0GN0KFh7TJVjBHvyFDTSeXItLegp5ZcE8BklvlN_YABUTSMjcBeHhgReSo_56AIXa10TO7IN45grRinK31OKqDaMiQzK5VUOt3hVErzs7Ma5jGLCPes0g\u0026ext_cid=0\u0026pop_price=0.00016\u0026pop_ecpm=0.005349462521033671\u0026px_id=418776\u0026min_cpm=0.11945349809468188\u0026out_id=1\u0026campaign_type=lq-pop-ext\u0026aid=4167\u0026cid=21764\u0026uniq=\u0026mid=8995596269011627323\u0026skin_id=71\u0026vertical_id=11\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.16\u0026cpm=0.16\u0026verify_hash=2ccae409b34cbd9ab351879aee947711\u0026verify_hash_v2=48153f0806eac56f95a563be4656f2b96719095fd14cdd37984886db0b33cd88\u0026is_native=3\u0026real_bid=0.00016\u0026pop_real_cpm=0\u0026pop_real_bid=0.00016\u0026original_bid_usd=0.16\u0026original_bid=0\u0026show_type=0\u0026exp=0\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%252F5.0%2520%2528Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A134.0%2529%2520Gecko%252F20100101%2520Firefox%252F134.0\u0026ip_mismatch=91.90.42.154\u0026geo_mismatch=NO\u0026isp_mismatch=LQ==\u0026label_ids=4,20,27,150,11\u0026need_redirect_show=0\u0026applied_features=coef_095,main-skins-settings\u0026show_count=1\u0026expiration_timestamp=0\u0026image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp\u0026site=native-push-adult\u0026price=0\u0026hostname=auc-inpage-hz-2-c\u0026auc_type=1\u0026pop_type=1\u0026is_pop_cpc=0\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026mismatch_filters=ttl_mismatch,iframe_mismatch\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=\u0026pop_cpc=0\u0026ext_campaign_id_str=101785\u0026is_webview=0\u0026client_price=0\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=antiadblock\u0026tma_wallet_balance=0\u0026processed_keywords=\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.020775516497070615\u0026social_network=\u0026publisher_id=42825\u0026advanced_pub_id=0\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=1461443\u0026mediation_ecpm=0.16\u0026mediation_type=default\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpm\u0026final_source_id=0\u0026discrep=1\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=gamblingBlueMessage-view-b_r-body\u0026mlf=1\u0026mlc=1\u0026cpa=d51b2ddf-9509-462c-bd87-354ed5e4c3aa\u0026prev_step_diff=370\u0026st=0.03","fqdn":"875ba27c4b.12f929026a.com","domain":"12f929026a.com","tld":"com"},"ip":{"addr":"116.202.249.56","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"12f929026a.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 14:04:09 GMT","end":"Mon, 01 Jun 2026 14:04:08 GMT"},"fingerprint":{"sha1":"0C:97:70:8F:06:55:03:E7:98:11:BF:3C:B8:79:AD:2C:06:37:AF:33","sha256":"08:D6:EC:30:75:7C:F0:E5:C2:00:73:05:C0:D9:6E:DE:EE:5A:FB:A3:C3:00:EE:D8:E2:1A:1F:FA:39:A1:4F:DB"}}},"request":{"raw":"GET /in/show/?tag_ab=a\u0026site_id=31418776\u0026adblock=0\u0026testab=2\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=hq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=1\u0026conditions=all,dch_ip,tz_offset\u0026ssp=3964\u0026page=https%3A%2F%2Fwinvidplay.com%2Fd%2F9fv0hzswi11a\u0026refdom=winvidplay.com\u0026auction_time=1772916719\u0026subid=388464194\u0026sid=2588764282\u0026tcid=0\u0026ver=6.21.0-50\u0026ver_c=\u0026spot_id=418776\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2026-03-07\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=77.79266918366731\u0026kubik_score=77.815\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D388464194%26spot_id%3D418776%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwinvidplay.com%252Fd%252F9fv0hzswi11a%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=\u0026crtid=b0681ff5c1739e7f8bdbb8527f77d810\u0026url=https%3A%2F%2Fad.twinrdengine.com%2Fadraw%3Fzone%3D01K3R8RBM8WCV45TJMNQZ9M78G%26subid%3D388464194%26kw%3Dome%2Ccewe%2Cchindo\u0026icons=iAtaopsacyZKq5Em1DCYGJ3UvTHQ9omRJhf5BccFG_zCUSalTS5FEGQR9p-7Y0GN0KFh7TJVjBHvyFDTSeXItLegp5ZcE8BklvlN_YABUTSMjcBeHhgReSo_56AIXa10TO7IN45grRinK31OKqDaMiQzK5VUOt3hVErzs7Ma5jGLCPes0g\u0026ext_cid=0\u0026pop_price=0.00016\u0026pop_ecpm=0.005349462521033671\u0026px_id=418776\u0026min_cpm=0.11945349809468188\u0026out_id=1\u0026campaign_type=lq-pop-ext\u0026aid=4167\u0026cid=21764\u0026uniq=\u0026mid=8995596269011627323\u0026skin_id=71\u0026vertical_id=11\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.16\u0026cpm=0.16\u0026verify_hash=2ccae409b34cbd9ab351879aee947711\u0026verify_hash_v2=48153f0806eac56f95a563be4656f2b96719095fd14cdd37984886db0b33cd88\u0026is_native=3\u0026real_bid=0.00016\u0026pop_real_cpm=0\u0026pop_real_bid=0.00016\u0026original_bid_usd=0.16\u0026original_bid=0\u0026show_type=0\u0026exp=0\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%252F5.0%2520%2528Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A134.0%2529%2520Gecko%252F20100101%2520Firefox%252F134.0\u0026ip_mismatch=91.90.42.154\u0026geo_mismatch=NO\u0026isp_mismatch=LQ==\u0026label_ids=4,20,27,150,11\u0026need_redirect_show=0\u0026applied_features=coef_095,main-skins-settings\u0026show_count=1\u0026expiration_timestamp=0\u0026image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp\u0026site=native-push-adult\u0026price=0\u0026hostname=auc-inpage-hz-2-c\u0026auc_type=1\u0026pop_type=1\u0026is_pop_cpc=0\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026mismatch_filters=ttl_mismatch,iframe_mismatch\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=\u0026pop_cpc=0\u0026ext_campaign_id_str=101785\u0026is_webview=0\u0026client_price=0\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=antiadblock\u0026tma_wallet_balance=0\u0026processed_keywords=\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.020775516497070615\u0026social_network=\u0026publisher_id=42825\u0026advanced_pub_id=0\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=1461443\u0026mediation_ecpm=0.16\u0026mediation_type=default\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpm\u0026final_source_id=0\u0026discrep=1\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=gamblingBlueMessage-view-b_r-body\u0026mlf=1\u0026mlc=1\u0026cpa=d51b2ddf-9509-462c-bd87-354ed5e4c3aa\u0026prev_step_diff=370\u0026st=0.03 HTTP/1.1\r\nHost: 875ba27c4b.12f929026a.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"875ba27c4b.12f929026a.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"875ba27c4b.12f929026a.com/in/show/?tag_ab=a\u0026site_id=31418774\u0026adblock=0\u0026testab=2\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=mq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=1\u0026conditions=all,dch_ip,tz_offset\u0026ssp=3964\u0026page=https%3A%2F%2Fwinvidplay.com%2Fd%2F9fv0hzswi11a\u0026refdom=winvidplay.com\u0026auction_time=1772916720\u0026subid=357529620\u0026sid=2756714033\u0026tcid=0\u0026ver=6.21.0-50\u0026ver_c=\u0026spot_id=418774\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2026-03-07\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=80.49688912176745\u0026kubik_score=80.509\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwinvidplay.com%252Fd%252F9fv0hzswi11a%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=\u0026crtid=b0681ff5c1739e7f8bdbb8527f77d810\u0026url=https%3A%2F%2Frcdn-web.com%2Ft%2Fr.html%3Ft%3Dhttps%253A%252F%252F1osb.com%252Fsmart.php%253Flink%253D10472854%2526var%253Dremoby3_10299927_600415%2526ymid%253DG0ssfEegEUvVOMGzvrXV00e8NW5ek7lBd7jTCEScebWAhwRGMQ5UJzeTyJIouQoA%2526var_3%253Dclad%253A2756714033%2526fa%253D1\u0026icons=SNfUMtbVuGwSXcwVUhGJPshmIOTmsLHtd1zo1EtXI1LJtoOo6fV2j9PbiYM5JhZol1BNiIssTF6-QpxOxOl4jJ0hXrwYyZfh7VJho5J2ltevocLf5g-ck98FU-PCMG1PtCNiV-3ZgM3Ok9tp-_2qALR3GUxwCIR3xDajDWzcjvtLM9KCTg\u0026ext_cid=0\u0026px_id=121457703\u0026min_cpm=0.09048159524850061\u0026out_id=1\u0026campaign_type=lq-pop\u0026aid=4217\u0026cid=22320\u0026uniq=\u0026mid=6660634737651273297\u0026skin_id=82\u0026vertical_id=0\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.006331280455700054\u0026cpm=0.0032680159855614285\u0026verify_hash=e9dc297b68e61c7842baac3d0f27a337\u0026verify_hash_v2=d1fbb03350e6c56f119d26b6eac299ee9daa090772c9ce794f32a13fa977464e\u0026is_native=2\u0026real_bid=0.00025\u0026original_bid_usd=0.00025\u0026original_bid=0.00025\u0026show_type=0\u0026exp=0\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%252F5.0%2520%2528Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A134.0%2529%2520Gecko%252F20100101%2520Firefox%252F134.0\u0026ip_mismatch=91.90.42.154\u0026geo_mismatch=NO\u0026isp_mismatch=LQ==\u0026label_ids=20,27,150,108,0,4,89\u0026need_redirect_show=0\u0026applied_features=coef_095,main-skins-settings\u0026show_count=2\u0026expiration_timestamp=0\u0026image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp\u0026site=native-push-adult\u0026price=0.00025\u0026hostname=auc-inpage-hz-15-a\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026mismatch_filters=ttl_mismatch,geo_mismatch,ip_mismatch,ua_mismatch\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=\u0026pop_cpc=0.00025\u0026ext_campaign_id_str=\u0026is_webview=0\u0026client_price=0\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=antiadblock\u0026tma_wallet_balance=0\u0026processed_keywords=\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.013072063942245714\u0026social_network=\u0026publisher_id=42825\u0026advanced_pub_id=11042872\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpm\u0026final_source_id=0\u0026discrep=1\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=multiOS-view-t_r-body\u0026mlf=1\u0026mlc=1\u0026cpa=d6adc726-6874-47b7-b38f-a2ba1193ae4c\u0026prev_step_diff=615\u0026st=0.05","fqdn":"875ba27c4b.12f929026a.com","domain":"12f929026a.com","tld":"com"},"ip":{"addr":"116.202.249.56","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:52:00.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"12f929026a.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 14:04:09 GMT","end":"Mon, 01 Jun 2026 14:04:08 GMT"},"fingerprint":{"sha1":"0C:97:70:8F:06:55:03:E7:98:11:BF:3C:B8:79:AD:2C:06:37:AF:33","sha256":"08:D6:EC:30:75:7C:F0:E5:C2:00:73:05:C0:D9:6E:DE:EE:5A:FB:A3:C3:00:EE:D8:E2:1A:1F:FA:39:A1:4F:DB"}}},"request":{"raw":"GET /in/show/?tag_ab=a\u0026site_id=31418774\u0026adblock=0\u0026testab=2\u0026auction_host=apply\u0026mm=0\u0026yc=0\u0026render_type=mq\u0026pr=\u0026user_keywords=\u0026device_theme=light\u0026v2_track=0\u0026v2=1\u0026conditions=all,dch_ip,tz_offset\u0026ssp=3964\u0026page=https%3A%2F%2Fwinvidplay.com%2Fd%2F9fv0hzswi11a\u0026refdom=winvidplay.com\u0026auction_time=1772916720\u0026subid=357529620\u0026sid=2756714033\u0026tcid=0\u0026ver=6.21.0-50\u0026ver_c=\u0026spot_id=418774\u0026utm_source=\u0026utm_medium=\u0026utm_campaign=\u0026utm_content=\u0026created_at=2026-03-07\u0026iabcat=IAB25-3\u0026user_fp=3062215412326782139\u0026score=80.49688912176745\u0026kubik_score=80.509\u0026kaminari_bot_ip=1\u0026durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D357529620%26spot_id%3D418774%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fwinvidplay.com%252Fd%252F9fv0hzswi11a%26idzone%3D0%26sid%3D1886\u0026is_cpm=0\u0026resp_type=\u0026crid=\u0026crtid=b0681ff5c1739e7f8bdbb8527f77d810\u0026url=https%3A%2F%2Frcdn-web.com%2Ft%2Fr.html%3Ft%3Dhttps%253A%252F%252F1osb.com%252Fsmart.php%253Flink%253D10472854%2526var%253Dremoby3_10299927_600415%2526ymid%253DG0ssfEegEUvVOMGzvrXV00e8NW5ek7lBd7jTCEScebWAhwRGMQ5UJzeTyJIouQoA%2526var_3%253Dclad%253A2756714033%2526fa%253D1\u0026icons=SNfUMtbVuGwSXcwVUhGJPshmIOTmsLHtd1zo1EtXI1LJtoOo6fV2j9PbiYM5JhZol1BNiIssTF6-QpxOxOl4jJ0hXrwYyZfh7VJho5J2ltevocLf5g-ck98FU-PCMG1PtCNiV-3ZgM3Ok9tp-_2qALR3GUxwCIR3xDajDWzcjvtLM9KCTg\u0026ext_cid=0\u0026px_id=121457703\u0026min_cpm=0.09048159524850061\u0026out_id=1\u0026campaign_type=lq-pop\u0026aid=4217\u0026cid=22320\u0026uniq=\u0026mid=6660634737651273297\u0026skin_id=82\u0026vertical_id=0\u0026skin_test=0\u0026from_cache=0\u0026ecpm=0.006331280455700054\u0026cpm=0.0032680159855614285\u0026verify_hash=e9dc297b68e61c7842baac3d0f27a337\u0026verify_hash_v2=d1fbb03350e6c56f119d26b6eac299ee9daa090772c9ce794f32a13fa977464e\u0026is_native=2\u0026real_bid=0.00025\u0026original_bid_usd=0.00025\u0026original_bid=0.00025\u0026show_type=0\u0026exp=0\u0026placement_type_id=0\u0026ua_mismatch=Mozilla%252F5.0%2520%2528Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%253B%2520rv%253A134.0%2529%2520Gecko%252F20100101%2520Firefox%252F134.0\u0026ip_mismatch=91.90.42.154\u0026geo_mismatch=NO\u0026isp_mismatch=LQ==\u0026label_ids=20,27,150,108,0,4,89\u0026need_redirect_show=0\u0026applied_features=coef_095,main-skins-settings\u0026show_count=2\u0026expiration_timestamp=0\u0026image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FSG%2FSG_083be47dfc3e28c9a68305b76181a5033bc45790.webp\u0026site=native-push-adult\u0026price=0.00025\u0026hostname=auc-inpage-hz-15-a\u0026auc_type=1\u0026pop_type=1\u0026site_id64=\u0026interest_vertical_ids=\u0026mo=\u0026ve=\u0026mismatch_filters=ttl_mismatch,geo_mismatch,ip_mismatch,ua_mismatch\u0026timezone_olson=UTC\u0026topics=\u0026historical_keywords=\u0026pop_cpc=0.00025\u0026ext_campaign_id_str=\u0026is_webview=0\u0026client_price=0\u0026direct_client_price=0\u0026priority=0\u0026client_payment_model=\u0026is_in_app=0\u0026auc_domain_type=hash\u0026script_type=antiadblock\u0026tma_wallet_balance=0\u0026processed_keywords=\u0026is_iframe=0\u0026traffic_category=adult\u0026iframe_click=0\u0026estimated_ctr=0.013072063942245714\u0026social_network=\u0026publisher_id=42825\u0026advanced_pub_id=11042872\u0026user_click_counter=1\u0026lv_id=0\u0026service_spot_id=0\u0026mediation_ecpm=0\u0026mediation_type=no_mediation\u0026entry_source=direct\u0026is_second_price=0\u0026payment_model=cpm\u0026final_source_id=0\u0026discrep=1\u0026pattern1=0\u0026pattern2=0\u0026pattern3=0\u0026pattern4=0\u0026pattern5=0\u0026format=multiOS-view-t_r-body\u0026mlf=1\u0026mlc=1\u0026cpa=d6adc726-6874-47b7-b38f-a2ba1193ae4c\u0026prev_step_diff=615\u0026st=0.05 HTTP/1.1\r\nHost: 875ba27c4b.12f929026a.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.24.0\r\ndate: Sat, 07 Mar 2026 20:52:00 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T15:49:33.06692Z","times_seen":13337345,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"875ba27c4b.12f929026a.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.vidoycdn.com/bootstrap.min.css","fqdn":"cdn.vidoycdn.com","domain":"vidoycdn.com","tld":"com"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.vidoycdn.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 02 Mar 2026 00:04:16 GMT","end":"Sun, 31 May 2026 00:04:15 GMT"},"fingerprint":{"sha1":"DB:53:BB:A2:8D:EC:6B:0E:73:20:99:11:3C:9A:31:33:13:22:BB:4C","sha256":"38:06:59:A5:3A:5C:BD:AE:BA:65:D9:A5:2B:F2:B9:EB:73:E2:2D:32:25:F3:93:60:4A:88:5F:E8:91:2D:61:02"}}},"request":{"raw":"GET /bootstrap.min.css HTTP/1.1\r\nHost: cdn.vidoycdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\ncontent-type: text/css\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 4839885\r\ncdn-requestcountrycode: NO\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match\r\naccess-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match\r\ncache-control: max-age=43200\r\ncontent-encoding: br\r\netag: \"6913bd94-2095b\"\r\nexpires: Wed, 12 Nov 2025 10:54:15 GMT\r\nlast-modified: Tue, 11 Nov 2025 22:49:56 GMT\r\nstrict-transport-security: max-age=31536000\r\ncdn-proxyver: 1.39\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 11/11/2025 22:54:16\r\ncdn-edgestorageid: 830\r\ncdn-requestid: 93890d6ecffa3d16be1f32d5256ad156\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":133467,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"90a5d23b522931f395c29781a8e9340d","sha1":"1d4f487027cc96b25900c5f48ad14bd646ec5584","sha256":"038e3cb6a8bdde488fa440cf253446d672db75b94763eb5e23b997cfd6d9955e","sha512":"331b3b71b01346a775543c2ba6c45200c9fa2a8221d4ee79c23dbe8833e87aae01c0b0c6e9b5ac3553de3cf4dd3777369a9df16d29e7629c0bc21dd4d2b2f650","ssdeep":"1536:l61ZIJUUAX8aqEBsENWcuQWZfcrK/gxgLw7UM7asa+FB+LGHUtZI:lOGVqWZffuglM7asa+FB+LGHUta","tlshash":"c7d3b7a6f5a0312de5a7c65da4d0bafa052f8255d7220ffbf427276447891cb0a73e0c","first_seen":"2025-06-17T20:06:29.12338Z","last_seen":"2026-04-04T07:43:53.431035Z","times_seen":392,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":56,"dns":25,"connect":1,"send":0,"wait":2,"receive":0,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"65a86a933f.2601e2d1ea.com/08f1f8217aca137e1db9b04c6098c93e.js","fqdn":"65a86a933f.2601e2d1ea.com","domain":"2601e2d1ea.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"65a86a933f.2601e2d1ea.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 02:15:09 GMT","end":"Tue, 02 Jun 2026 02:15:08 GMT"},"fingerprint":{"sha1":"C7:07:BD:71:69:8A:18:E1:AE:0C:4B:2B:3D:06:C7:26:FC:0D:19:B9","sha256":"73:3C:0A:61:98:DC:81:FB:43:1F:25:58:DB:6E:BA:92:9C:FB:B8:64:80:70:3C:C3:04:64:F3:8C:00:57:8F:E1"}}},"request":{"raw":"GET /08f1f8217aca137e1db9b04c6098c93e.js HTTP/1.1\r\nHost: 65a86a933f.2601e2d1ea.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Tue, 24 Feb 2026 13:37:29 GMT\r\netag: W/\"699da999-24954\"\r\ncontent-encoding: gzip\r\nexpires: Sat, 07 Mar 2026 20:56:57 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1742\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":149844,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c5589d1fc15ae5f634dfb92ce020a20a","sha1":"150a1372c7d28d061d1377b0c4b713453736ead5","sha256":"a1f20a01c7932e48f9a9ac22488f04147552602dcaf6c7d1edda1940ad04d595","sha512":"7af10fdf9772ac03b943fbb207f9031d9684ce0b12bb6f30ddaf9ab2479c6ab868a31bd75f3f73e240f90b1d7649d08324c39792665a98128e60c731856c9799","ssdeep":"1536:O18MdnC5OPz8iBP9r2RcZAdtK8wBggd341LloXQTtQyodhm161zKK+AKn7K0ketc:ABFSGAdt6RLdhmo1GqKGPetsz","tlshash":"f6e349dcb2d2b07407e75099d43f1206b73a1a16b80c9058f6a6e9c17878ddb9237f7a","first_seen":"2026-02-24T14:34:24.192439Z","last_seen":"2026-04-04T14:50:51.575446Z","times_seen":962,"resource_available":true,"data":null}},"time_used":284,"timings":{"blocked":121,"dns":72,"connect":21,"send":0,"wait":42,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-07","alert":"Sinkholed","trigger":"65a86a933f.2601e2d1ea.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winvidplay.com/ip129jk?id=6131316977737a6830766639","date":"2026-03-07T20:51:57.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 13 Jan 2026 22:16:05 GMT","end":"Mon, 13 Apr 2026 23:15:55 GMT"},"fingerprint":{"sha1":"D9:00:47:77:A5:47:66:A1:6F:DA:EB:4B:BB:BF:67:49:BF:2C:A4:75","sha256":"07:A7:3E:4A:B2:9F:0A:07:6C:78:A7:7B:DC:2B:68:A1:84:7A:7F:1B:45:6C:71:8E:5E:79:F3:11:1A:6C:4F:62"}}},"request":{"raw":"GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:58 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 27958\r\ncf-ray: 9d8c7b2f68744e4c-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb09ed3-15d84\"\r\nlast-modified: Mon, 04 May 2020 23:01:39 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 240690\r\nexpires: Thu, 25 Feb 2027 20:51:58 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=iBPHNTAuaZGHiNi9HI%2FlMB4lMXx%2FauxlhAOkY1PiPA3caImz3WAX01BeTdV33SEEn2YHKUfyIFRgn7mIQdB%2Fu7TSUF3UMBp3HFMzL%2FKEk%2BJ2%2Fg5KrZH3dzXldSN%2B76YMLYOzNvIs\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":89476,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"dc5e7f18c8d36ac1d3d4753a87c98d0a","sha1":"c8e1c8b386dc5b7a9184c763c88d19a346eb3342","sha256":"f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d","sha512":"6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516","ssdeep":"1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1","tlshash":"a993f9ddb2c6702257a720ba007f510bf236199d6c4d8450f265d8e9bcb8a4e827bf7d","first_seen":"2023-03-07T01:02:01Z","last_seen":"2026-04-04T15:27:33.816485Z","times_seen":217646,"resource_available":true,"data":null}},"time_used":55,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":51,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp","fqdn":"static.bookmsg.com","domain":"bookmsg.com","tld":"com"},"ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.489Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bookmsg.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 Jan 2026 02:32:07 GMT","end":"Sat, 25 Apr 2026 02:32:06 GMT"},"fingerprint":{"sha1":"B8:B1:28:04:7F:22:D4:AE:CC:82:0A:B2:C4:38:F6:84:34:0D:E6:E5","sha256":"5A:1E:C9:41:9F:09:0F:F3:88:30:28:82:ED:20:15:8E:C4:73:32:97:AD:2B:3E:F1:1E:C1:68:6D:2F:46:26:C7"}}},"request":{"raw":"GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790_icon.webp HTTP/1.1\r\nHost: static.bookmsg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 486\r\nserver: nginx/1.24.0\r\nlast-modified: Fri, 31 May 2024 10:56:43 GMT\r\netag: \"6659aceb-1e6\"\r\nexpires: Sun, 07 Mar 2027 20:51:59 GMT\r\ncache-control: max-age=31536000\r\nx-cdn-host-id: DS5058\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":486,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ceeb4e8840c24621c0e0352b42b38a5b","sha1":"03cbceb0134a39267014595938705e2916580644","sha256":"50cb77ae9715629235f102dd53a68559df1b64416f71179dbb4aa942725790b3","sha512":"80d4128488580567597ba5eb65dbff2dd4a8efc625c64cac6a027a1bb5c229545206669f04a50a252b54f471bee4fdc892e6bfe8347a50dd216bba67bd671a03","ssdeep":"","tlshash":"9bf00544191cd36c2a3c607afd74eb74a4074aa459226017cce447b08956811e856c1c","first_seen":"2024-02-20T18:30:33Z","last_seen":"2026-04-04T14:21:57.346Z","times_seen":10787,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":76,"dns":28,"connect":20,"send":0,"wait":20,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.vidoycdn.com/embed.css","fqdn":"cdn.vidoycdn.com","domain":"vidoycdn.com","tld":"com"},"ip":{"addr":"194.242.11.186","port":443,"asn":34989,"as":"ServeTheWorld AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.vidoycdn.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 02 Mar 2026 00:04:16 GMT","end":"Sun, 31 May 2026 00:04:15 GMT"},"fingerprint":{"sha1":"DB:53:BB:A2:8D:EC:6B:0E:73:20:99:11:3C:9A:31:33:13:22:BB:4C","sha256":"38:06:59:A5:3A:5C:BD:AE:BA:65:D9:A5:2B:F2:B9:EB:73:E2:2D:32:25:F3:93:60:4A:88:5F:E8:91:2D:61:02"}}},"request":{"raw":"GET /embed.css HTTP/1.1\r\nHost: cdn.vidoycdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:57 GMT\r\ncontent-type: text/css\r\nserver: BunnyCDN-NO1-830\r\ncdn-pullzone: 4839885\r\ncdn-requestcountrycode: NO\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match\r\naccess-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match\r\ncache-control: max-age=43200\r\ncontent-encoding: br\r\netag: \"6913bd94-8db\"\r\nexpires: Wed, 12 Nov 2025 10:54:16 GMT\r\nlast-modified: Tue, 11 Nov 2025 22:49:56 GMT\r\nstrict-transport-security: max-age=31536000\r\ncdn-proxyver: 1.39\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 11/11/2025 22:54:16\r\ncdn-edgestorageid: 830\r\ncdn-requestid: 579035e16afc9dd009bc9bfce67d2b3a\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":2267,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2267), with no line terminators","md5":"504eba00908d13eb47133d1f92f8048a","sha1":"e0bd11d81b09ebd41f5e26548534bedacb34cee5","sha256":"4ca2d870794ea0d5902ed97a4c515f4462b63555a5d4e8a2ccca6e1011dfe4db","sha512":"f511eb4d109d2525574a220da3b22a3985b0d7eac3bd4850111abb0bce964cfd03d15f50630c7d95bd96862a5d5c075bdd3bee7b38b75a745cad32fdf6883580","ssdeep":"","tlshash":"ef414542bf481079b03be6956661a36d423c8089e3530f6d3079b3b087c78e6217774a","first_seen":"2023-12-31T17:45:35Z","last_seen":"2026-03-30T19:55:10.773157Z","times_seen":256,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":52,"dns":23,"connect":3,"send":0,"wait":2,"receive":0,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/nunito/v32/XRXV3I6Li01BKofINeaB.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:57.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/nunito/v32/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://winvidplay.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 39128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 04 Mar 2026 10:54:30 GMT\r\nexpires: Thu, 04 Mar 2027 10:54:30 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 15 Sep 2025 17:03:34 GMT\r\ncontent-type: font/woff2\r\nage: 295047\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":39128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 39128, version 1.0","md5":"166202cc391c71a57730bed12cbcb159","sha1":"76388dbfe374be06fdc6f9ba38d3f4e479025eeb","sha256":"ba344451eab25b217a165363b1982048a5e5830a0daf36577973955a04cac793","sha512":"9f4d1c14aa729e837b964898a1dd27e99ff674256c43326aa982cc0c17fa8b0d71a0b7df627f03cb4ac6ec7f22f0a19d65302743ff09187ce81414dde74c43e2","ssdeep":"768:lxbc6Qon+A9wOfdj2rELqjOmaLqLqKeI+00t0xIj:layndm0j2cqjOmGq+tbUIj","tlshash":"d9030284fd6a02d8c7fc1f6ef25a9f28272c2078440b6a9c44a79a6bd5975f84dd3330","first_seen":"2025-09-17T01:48:11.920934Z","last_seen":"2026-04-04T14:47:09.157536Z","times_seen":16118,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":81,"dns":0,"connect":21,"send":0,"wait":22,"receive":25,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.bookmsg.com/creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp","fqdn":"static.bookmsg.com","domain":"bookmsg.com","tld":"com"},"ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winvidplay.com/d/9fv0hzswi11a","date":"2026-03-07T20:51:59.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.bookmsg.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 25 Jan 2026 02:32:07 GMT","end":"Sat, 25 Apr 2026 02:32:06 GMT"},"fingerprint":{"sha1":"B8:B1:28:04:7F:22:D4:AE:CC:82:0A:B2:C4:38:F6:84:34:0D:E6:E5","sha256":"5A:1E:C9:41:9F:09:0F:F3:88:30:28:82:ED:20:15:8E:C4:73:32:97:AD:2B:3E:F1:1E:C1:68:6D:2F:46:26:C7"}}},"request":{"raw":"GET /creatives/SG/SG_083be47dfc3e28c9a68305b76181a5033bc45790.webp HTTP/1.1\r\nHost: static.bookmsg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://winvidplay.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 20:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1066\r\nserver: nginx/1.24.0\r\nlast-modified: Fri, 31 May 2024 10:56:43 GMT\r\netag: \"6659aceb-42a\"\r\nexpires: Sun, 07 Mar 2027 20:51:59 GMT\r\ncache-control: max-age=31536000\r\nx-cdn-host-id: DS5058\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1066,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x240, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2a11e13b2bd67bb9a6cb347d7c73df13","sha1":"b85460a33f9b229f42c08a6a94ae433a4d5c32ab","sha256":"1d0d6b5176d6a48b3042a107f929bbfcefd4a057273ac488bbb7f7affd909b56","sha512":"059dd018bbf13a669d73f07442288f165bc6b305afb0df955773a0efb7454b8204095196231179fab4cb625e189c7c735fe41dc5b67fb8666d584214277186e6","ssdeep":"","tlshash":"7511b56be46c4dfede41f0408dd80256f8324a5c8aaeaf39058bc7da4f584143a6f01a","first_seen":"2024-02-20T18:30:33Z","last_seen":"2026-04-04T14:21:57.374677Z","times_seen":10776,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":79,"dns":24,"connect":19,"send":0,"wait":19,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}