Report - 6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Report Overview

Visitedpublic

2024-10-28 05:31:12

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
6oszwqmr.xyz	unknown	2024-07-30	2024-10-22	2024-10-22	7.0 kB	1.2 MB	104.21.29.123
videothumbs.me	unknown	2024-03-25	2024-03-25	2024-10-27	423 B	21 kB	188.114.96.1
mybiddd.com	unknown	2024-08-06	2024-10-17	2024-10-25	2.8 kB	2.9 kB	94.130.197.239
kts.cvastico.com	unknown	2022-08-10	2022-08-12	2024-10-21	1.4 kB	1.6 kB	62.122.173.28
be2719.rcr22.ams01.cdn112.com	unknown	2023-05-27	2023-05-27	2024-10-22	2.3 kB	1.6 MB	91.211.89.136
uqqmj868.xyz	unknown	2024-09-24	2024-10-14	2024-10-21	497 B	808 B	188.114.96.1
xml-v4.tri.media	unknown	2014-12-02	2023-07-02	2024-10-27	522 B	217 B	174.137.133.17
popdemission.com	unknown	2024-03-20	2024-03-20	2024-10-27	732 B	532 B	62.122.168.42
kaminari.systems	unknown	2022-10-31	2022-10-31	2024-10-23	671 B	50 kB	31.220.27.154
epededonemile.com	unknown	2024-07-08	2024-10-14	2024-10-21	517 B	2.6 kB	108.157.229.107
ieyri61b.xyz	unknown	2024-08-01	2024-10-23	2024-10-23	397 B	72 kB	172.67.207.46
accounts.google.com	81	1997-09-15	2016-03-20	2024-10-23	680 B	767 B	64.233.162.84

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed
2024-10-28	medium	6oszwqmr.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (26)

	URL	From	Size	First Seen	Last Seen
	6oszwqmr.xyz/js/xupload.js	ScriptElement	11 kB	2023-03-07	2025-03-25
URL 6oszwqmr.xyz/js/xupload.js IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-03-25 Times Seen 494 Size 11 kB (10867 bytes) MD5 2609e3a9490dcfe748407d3af317c472 SHA1 af55b2b16e9190e09407f67ffae4ca705ea6f112 SHA256 c3c7c3de97ef15965def93fc9317e82854b979aa1a7980fde49b873a04aab85d Format Code Loading...

	6oszwqmr.xyz/player/jw8/vast.js	ScriptElement	107 kB	2023-09-18	2025-08-07
URL 6oszwqmr.xyz/player/jw8/vast.js IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-09-18 Last Seen 2025-08-07 Times Seen 540 Size 107 kB (107114 bytes) MD5 3cd85ca1814c3fd976764bf6b83b989d SHA1 90e931622205c6adfbc75cfe681563a127580f05 SHA256 2e4fe3d8b3565a3f8b5ec0ecfe0e5f26a756401b6847dd475327793da41897f5 Format Code Loading...

	6oszwqmr.xyz/js/jquery.js	ScriptElement	90 kB	2023-03-07	2025-08-08
URL 6oszwqmr.xyz/js/jquery.js IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-08 Times Seen 268528 Size 90 kB (89501 bytes) MD5 8fb8fee4fcc3cc86ff6c724154c49c42 SHA1 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 SHA256 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Format Code Loading...

	6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh	ScriptElement	140 B	2024-10-28	2024-10-28
URL 6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-10-28 Last Seen 2024-10-28 Times Seen 1 Size 140 B (140 bytes) MD5 db3498662496c15148e54c5507b3656d SHA1 c745063e70418ef97a7e779c91038245e7d5f0f3 SHA256 3801089037879aa21d4396497492efcacbb5908ec4a16ed6c7e846fee817e6b7 Format Code Loading...

	6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh	ScriptElement	514 B	2024-04-13	2025-04-05
URL 6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-04-13 Last Seen 2025-04-05 Times Seen 460 Size 514 B (514 bytes) MD5 9f65a1ea61c99521274aa8cae75cf64c SHA1 8f6c4b1e4d6b97ba85a557d2303f501cf834fe96 SHA256 63d1ba1f37f9df17aa589c2b237b36897935faf9c1263c90b1baf149ea8374c1 Format Code Loading...

	kts.cvastico.com/in/885/?subid=2044015014&domain=nodomain&target_id=0	ScriptElement	0 B	0001-01-01	2025-08-08
URL kts.cvastico.com/in/885/?subid=2044015014&domain=nodomain&target_id=0 IP / ASN 62.122.173.28 #50245 Serverel Inc. Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-08 Times Seen 5720854 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh	ScriptElement	202 B	2024-10-23	2024-10-28
URL 6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-10-23 Last Seen 2024-10-28 Times Seen 91 Size 202 B (202 bytes) MD5 41391453b019db05ca990652b5075bef SHA1 4f559c1c6b1fe6789b8744ea742f9166b701ad05 SHA256 3ca61764edcd256dedea08b377b9205ae61f1186a12bddc526730defd631f5e3 Format Code Loading...

	6oszwqmr.xyz/js/jquery.cookie.js	ScriptElement	4.3 kB	2023-03-07	2025-08-07
URL 6oszwqmr.xyz/js/jquery.cookie.js IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-07 Times Seen 2195 Size 4.3 kB (4331 bytes) MD5 ae0c2c5d8f01f7d35bb698bb618a62f7 SHA1 63556a22ddea1c5f23a5cf7d0b6d35c7aab54e20 SHA256 75aef2e95ea7f3a70999396fba0c2ab866f4ff06313cf1b07780d800a5fc1ebc Format Code Loading...

	6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh	ScriptElement	258 B	2024-10-08	2024-12-31
URL 6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-10-08 Last Seen 2024-12-31 Times Seen 123 Size 258 B (258 bytes) MD5 47e574848430ac650959aadf82894692 SHA1 729fbfb3360326f829f4b8afdf84d025c4f414af SHA256 64cc090a104bd6938abcee688b92a8497ee32190bd9c277d80dcbf9ec74006a3 Format Code Loading...

	6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh	ScriptElement	111 B	2024-10-08	2024-10-28
URL 6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-10-08 Last Seen 2024-10-28 Times Seen 112 Size 111 B (111 bytes) MD5 0e497e8a4bfbd18004add59c513be3ef SHA1 717ba09d7cb507ac12e973cc4bdccb4d905129d5 SHA256 4fd443a904c4cc7f8547d369967b842fc3ab4a3f82a7202537260d2bfea9769a Format Code Loading...

	unknown	EventHandler	8 B	2023-05-12	2025-08-07
URL IP / ASN 0.0.0.0 #0 Introduced by EventHandler Embedded false Resource Info First Seen 2023-05-12 Last Seen 2025-08-07 Times Seen 258 Size 8 B (8 bytes) MD5 110480de368ce37744ce2c4f53ecff08 SHA1 76d0cf501f3c6c4913ee390721bc5bd580dd49c4 SHA256 138c82c0720cf82c9142015b4c81760f4c56a5429dd3a8e15c2d24edf9ab18c8 Format Code Loading...

	6oszwqmr.xyz/js/ls.js	ScriptElement	2.1 kB	2023-03-07	2025-08-07
URL 6oszwqmr.xyz/js/ls.js IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-07 Times Seen 803 Size 2.1 kB (2063 bytes) MD5 f6784d7271569579cbc7e508fddb3fbb SHA1 61be0722316952e865893972791486e26961cdda SHA256 96f2f3c87be4a0582def1b5e1e9e19aa0529adb7fd9277cede56c1eefd906d01 Format Code Loading...

	6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh	ScriptElement	43 B	2023-03-08	2025-08-03
URL 6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-08 Last Seen 2025-08-03 Times Seen 741 Size 43 B (43 bytes) MD5 4f98cf8486a8beb4d2d271b8e9304216 SHA1 112dd81cdd24e37a4554c9a5c5327b30a476acf8 SHA256 77b18c051d8450512853f4643dd7ac0e4c3205b7ec4cd1373ca5ad0dd2f470c3 Format Code Loading...

	ieyri61b.xyz/js/dwarf.js	ScriptElement	71 kB	2024-10-23	2024-10-28
URL ieyri61b.xyz/js/dwarf.js IP / ASN 172.67.207.46 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-10-23 Last Seen 2024-10-28 Times Seen 94 Size 71 kB (70990 bytes) MD5 645c49c2f4d766a0f53aebc6f39c84be SHA1 2cf649c9048d567904389d8032e28f9b82e688f8 SHA256 637717a3de6b2f9043510f3c9df0ea404eee6df9d6c99a528b4603c590858811 Format Code Loading...

	6oszwqmr.xyz/js/bafsd.js	ScriptElement	14 kB	2024-10-04	2025-08-07
URL 6oszwqmr.xyz/js/bafsd.js IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-10-04 Last Seen 2025-08-07 Times Seen 457 Size 14 kB (13706 bytes) MD5 c2432aca90e92e0370d2ded2545eb1fa SHA1 8f1ae40f7dc9c4ccfcb91d04530a1f072e9d06eb SHA256 89c40275bddb7257d519bda010de1c4df70a30b5f84be325f2ae53168f276cb5 Format Code Loading...

	unknown	EventHandler	34 B	2024-10-26	2025-04-18
URL IP / ASN 0.0.0.0 #0 Introduced by EventHandler Embedded false Resource Info First Seen 2024-10-26 Last Seen 2025-04-18 Times Seen 21 Size 34 B (34 bytes) MD5 ec03ac81d4770732a794c99071d8bf16 SHA1 f98b40573f032ea2d4ee003c29b47f6b2a23c287 SHA256 eed6d993035e79bf1a35005c77ab3494ca2be9816b0068c08174daf02caffeca Format Code Loading...

	6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh	ScriptElement	154 B	2023-03-08	2025-08-03
URL 6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-08 Last Seen 2025-08-03 Times Seen 738 Size 154 B (154 bytes) MD5 d882b49167571a8dc4de310e0b2e623d SHA1 426f496e1155dfab34840a7a467866838448c8d0 SHA256 6dc67eafa621e57610ed67c02b1c0c5532e495dfe555dcade99fb81b6744899b Format Code Loading...

	6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh	ScriptElement	1.5 kB	2023-03-08	2025-05-27
URL 6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-08 Last Seen 2025-05-27 Times Seen 485 Size 1.5 kB (1524 bytes) MD5 36e0f7e5e53c5804e2188799d503746b SHA1 6a1df181d1324e3bd50ce865861a990cbe185c7b SHA256 3685002591a539aa34044215aac57a04d32a0f485bdf1719223803c4a5198dcb Format Code Loading...

	6oszwqmr.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3	ScriptElement	38 B	2023-03-07	2025-08-07
URL 6oszwqmr.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3 IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-07 Times Seen 1141 Size 38 B (38 bytes) MD5 99eccae6afa72c589ae54b5c3890282a SHA1 0f102f8f5b556635de65d16cf70fa8269c6761b4 SHA256 b74a58316385de04b054737776e71c160cd60d2d01b5440b32c21651fb0ab8d3 Format Code Loading...

	6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh	ScriptElement	4.4 kB	2024-10-22	2025-01-25
URL 6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-10-22 Last Seen 2025-01-25 Times Seen 115 Size 4.4 kB (4434 bytes) MD5 e9d6cd61779885b139cdf866708495b3 SHA1 77842276411ba2576b8934238e485d87132d6d8e SHA256 68b45420627478f606328cde6fc6a868aac7328cfa5756b971a5d1e3bfd15df8 Format Code Loading...

	6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh	ScriptElement	60 B	2023-03-07	2025-08-03
URL 6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-03 Times Seen 735 Size 60 B (60 bytes) MD5 47a7df3210911e27dfdc28583faa9264 SHA1 fb289b528d31f67e951e5415dd4e0cfca739b654 SHA256 f46f00646225f54664e4d7bb625fb06dbcfc86904826cd3382efa56c4d524ddc Format Code Loading...

	6oszwqmr.xyz/player/jw8_26/jwplayer.js?v=5.0.2	ScriptElement	111 kB	2024-04-13	2025-08-07
URL 6oszwqmr.xyz/player/jw8_26/jwplayer.js?v=5.0.2 IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-04-13 Last Seen 2025-08-07 Times Seen 712 Size 111 kB (111441 bytes) MD5 f91de142eed44442bad231961488c5d0 SHA1 ea6c79968011a5b59e444d792f7ab048a1f7e31d SHA256 b3031ee0f2674c203fe1400df12a96148c4bed344553fc9063c3846ba8466295 Format Code Loading...

	6oszwqmr.xyz/player/jw8_26/jwplayer.core.controls.js?v=2	ScriptElement	327 kB	2024-03-12	2025-08-07
URL 6oszwqmr.xyz/player/jw8_26/jwplayer.core.controls.js?v=2 IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-03-12 Last Seen 2025-08-07 Times Seen 975 Size 327 kB (326903 bytes) MD5 fee77850b6b254569cf03f43a4dfdde4 SHA1 35841d306d3404fbef6825371ffdbcd992ade913 SHA256 50b22ddf7e9cf49716e33660cc9de3c2bbf3cb90f203d8af93810f8f97bdee3f Format Code Loading...

	6oszwqmr.xyz/player/jw8_26/provider.hlsjs.js?v=2	ScriptElement	423 kB	2024-04-13	2025-08-07
URL 6oszwqmr.xyz/player/jw8_26/provider.hlsjs.js?v=2 IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-04-13 Last Seen 2025-08-07 Times Seen 712 Size 423 kB (422959 bytes) MD5 0f95e38aa7bb0943693b51bd6a7deed0 SHA1 26c89f76894108f76ad23af32ecc6b1e708993ba SHA256 1b1263b7061aaca7fe0b69168b16cb2401a7fe2ada08ccfdd373ee06c7d125b1 Format Code Loading...

	6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh	ScriptElement	6.4 kB	2024-10-28	2024-10-28
URL 6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh IP / ASN 104.21.29.123 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-10-28 Last Seen 2024-10-28 Times Seen 1 Size 6.4 kB (6444 bytes) MD5 a64e7f768d0ad9b907d79d8f27752e87 SHA1 b2617219e43c11c4b31c0c6e9d8c56fde7749ac1 SHA256 1ca64b885570255b810d45573fb5d3eb51536047b921166edeebe346f30b3dfe Format Code Loading...

HTTP Transactions (31)

URL IP Response Size

GET 6oszwqmr.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3

104.21.29.123

200 OK

38 B

URL GET HTTPS

6oszwqmr.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeASCII text, with CRLF line terminators

First Seen2023-03-07

Last Seen2025-08-07

Times Seen1141

Size38 B (38 bytes)

MD599eccae6afa72c589ae54b5c3890282a

SHA10f102f8f5b556635de65d16cf70fa8269c6761b4

SHA256b74a58316385de04b054737776e71c160cd60d2d01b5440b32c21651fb0ab8d3

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/dnsads.js?dfp=1&ad_code=2&adsrc=3 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 28 Oct 2024 05:30:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 38
last-modified: Mon, 13 Sep 2021 15:50:14 GMT
etag: "613f7336-26"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 493033
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fKX9gORwmhd%2BqwJ0eqqQTZcwiqQfbbRHyq1Hl2y1Snuc1nbheivWr0Pl4o81h8SJTfQjfDHry97RSvJTzBbW0dHpqVmh569nN5lAUNfSEO67X0ebdAig5PpIlXTvrxg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9888fd9ce256c0-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19797&sent=27&recv=15&lost=0&retrans=0&sent_bytes=16149&recv_bytes=3181&delivery_rate=2450&cwnd=12000&unsent_bytes=0&cid=dc40a57a2fb08041&ts=181&x=1", cfExtPri, cfHdrFlush;dur=44

GET videothumbs.me/72p1shtbayoc.jpg

188.114.96.1

200 OK

20 kB

URL GET HTTPS

videothumbs.me/72p1shtbayoc.jpg

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeJPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.32.100", baseline, precision 8, 720x405, components 3

First Seen2024-10-28

Last Seen2024-10-28

Times Seen1

Size20 kB (20052 bytes)

MD57b4fdb2be99bb03b4e17fb61f9efcadb

SHA1b8870b9b6e2642e8ab1f54f0ba4e0b7b921dc3e4

SHA256aedd2d86853aa7c2c9151e835772cc65f20c646ea8180c61579d5bf5c1f3bf68

Certificate Info

IssuerGoogle Trust Services

Subjectvideothumbs.me

FingerprintC1:4F:45:F9:18:0B:29:97:8B:ED:6F:9D:8C:05:3F:CB:88:3E:D2:BF

ValidityWed, 18 Sep 2024 10:33:09 GMT - Tue, 17 Dec 2024 10:33:08 GMT

HTTP Headers

GET /72p1shtbayoc.jpg HTTP/1.1
Host: videothumbs.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 28 Oct 2024 05:30:40 GMT
content-type: image/jpeg
content-length: 20052
last-modified: Thu, 13 Apr 2023 04:04:04 GMT
etag: "64377f34-4e54"
expires: Mon, 04 Nov 2024 00:51:13 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 71371
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TG3G0MVujRJCYIMYDPAhgkuZ1nUhhrFJ04t47UoZV0Em%2F87FLIylB478Y7P896T578eulyq1XpzvIFwE4vAs9pu5Q8ZqKK4CpmmCKRxDmi0d1yUsWSvJI4oUZ1AjBsRHBg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9889021868b521-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16538&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3208&recv_bytes=1045&delivery_rate=260932&cwnd=252&unsent_bytes=0&cid=495d28f492c5e71a&ts=45&x=0"
X-Firefox-Spdy: h2

GET be2719.rcr22.ams01.cdn112.com/hls2/01/03483/qqsl86ogy3f6_x/master.m3u8?t=fC8bbRW2zcI3kmsu8x9egdUT5gq9v9RbIOK5HwFNM1Y&s=1730093439&e=10800&f=25082241&srv=25&asn=50304&sp=5500&p=

91.211.89.136

200 OK

301 B

URL GET HTTPS

be2719.rcr22.ams01.cdn112.com/hls2/01/03483/qqsl86ogy3f6_x/master.m3u8?t=fC8bbRW2zcI3kmsu8x9egdUT5gq9v9RbIOK5HwFNM1Y&s=1730093439&e=10800&f=25082241&srv=25&asn=50304&sp=5500&p=

IP / ASN

91.211.89.136

#174 COGENT-174

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeM3U playlist, ASCII text

First Seen2024-10-28

Last Seen2024-10-28

Times Seen1

Size301 B (301 bytes)

MD580a87cac068656b19a67a3463da10ae6

SHA1dd14759d278be43395ed3383da6d07aa0f2ef966

SHA25644f6eea579417875c46907d9600261b45e0ad7ae419b6704a258dbaef88e54ad

Certificate Info

IssuerLet's Encrypt

Subjectbe2719.rcr22.ams01.cdn112.com

FingerprintAD:AD:6E:06:29:22:3F:58:96:5F:71:98:66:48:8D:A4:18:E3:98:B8

ValidityTue, 24 Sep 2024 19:53:21 GMT - Mon, 23 Dec 2024 19:53:20 GMT

HTTP Headers

GET /hls2/01/03483/qqsl86ogy3f6_x/master.m3u8?t=fC8bbRW2zcI3kmsu8x9egdUT5gq9v9RbIOK5HwFNM1Y&s=1730093439&e=10800&f=25082241&srv=25&asn=50304&sp=5500&p= HTTP/1.1
Host: be2719.rcr22.ams01.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://6oszwqmr.xyz
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Oct 2024 05:30:40 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Mon, 28 Oct 2024 05:30:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 29 Oct 2024 02:18:46 GMT
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Content-Encoding: gzip

GET be2719.rcr22.ams01.cdn112.com/hls2/01/03483/qqsl86ogy3f6_x/index-v1-a1.m3u8?t=fC8bbRW2zcI3kmsu8x9egdUT5gq9v9RbIOK5HwFNM1Y&s=1730093439&e=10800&f=25082241&srv=25&asn=50304&sp=5500&p=

91.211.89.136

200 OK

1.2 kB

URL GET HTTPS

be2719.rcr22.ams01.cdn112.com/hls2/01/03483/qqsl86ogy3f6_x/index-v1-a1.m3u8?t=fC8bbRW2zcI3kmsu8x9egdUT5gq9v9RbIOK5HwFNM1Y&s=1730093439&e=10800&f=25082241&srv=25&asn=50304&sp=5500&p=

IP / ASN

91.211.89.136

#174 COGENT-174

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeM3U playlist, ASCII text

First Seen2024-10-28

Last Seen2024-10-28

Times Seen1

Size1.2 kB (1235 bytes)

MD5eb70f087cb30ed4e9d74048c5523008d

SHA1488e65e6fc1535a5674605c418a7c3e513a1bddc

SHA25618f5964106c365dbe53ece3d627f1356a03a3fc19c32a5747f5a3631fcd690fb

Certificate Info

IssuerLet's Encrypt

Subjectbe2719.rcr22.ams01.cdn112.com

FingerprintAD:AD:6E:06:29:22:3F:58:96:5F:71:98:66:48:8D:A4:18:E3:98:B8

ValidityTue, 24 Sep 2024 19:53:21 GMT - Mon, 23 Dec 2024 19:53:20 GMT

HTTP Headers

GET /hls2/01/03483/qqsl86ogy3f6_x/index-v1-a1.m3u8?t=fC8bbRW2zcI3kmsu8x9egdUT5gq9v9RbIOK5HwFNM1Y&s=1730093439&e=10800&f=25082241&srv=25&asn=50304&sp=5500&p= HTTP/1.1
Host: be2719.rcr22.ams01.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://6oszwqmr.xyz
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Oct 2024 05:30:40 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Mon, 28 Oct 2024 05:30:40 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 29 Oct 2024 02:18:46 GMT
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Content-Encoding: gzip

GET be2719.rcr22.ams01.cdn112.com/hls2/01/03483/qqsl86ogy3f6_x/encryption.key?t=fC8bbRW2zcI3kmsu8x9egdUT5gq9v9RbIOK5HwFNM1Y&s=1730093439&e=10800&f=25082241&srv=25&asn=50304&sp=5500&p=

91.211.89.136

200 OK

16 B

URL GET HTTPS

be2719.rcr22.ams01.cdn112.com/hls2/01/03483/qqsl86ogy3f6_x/encryption.key?t=fC8bbRW2zcI3kmsu8x9egdUT5gq9v9RbIOK5HwFNM1Y&s=1730093439&e=10800&f=25082241&srv=25&asn=50304&sp=5500&p=

IP / ASN

91.211.89.136

#174 COGENT-174

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typedata

First Seen2024-10-28

Last Seen2024-10-28

Times Seen1

Size16 B (16 bytes)

MD57ed3ac6fa3c20bb70821ff5edecb83c8

SHA1150c18fd11b0ed2e86dfbe7258b6ce91ff397d51

SHA256d8892aa97c36d101ed22ebc31df175fb339e9385ebe9e768d907ae81fc66a474

Certificate Info

IssuerLet's Encrypt

Subjectbe2719.rcr22.ams01.cdn112.com

FingerprintAD:AD:6E:06:29:22:3F:58:96:5F:71:98:66:48:8D:A4:18:E3:98:B8

ValidityTue, 24 Sep 2024 19:53:21 GMT - Mon, 23 Dec 2024 19:53:20 GMT

HTTP Headers

GET /hls2/01/03483/qqsl86ogy3f6_x/encryption.key?t=fC8bbRW2zcI3kmsu8x9egdUT5gq9v9RbIOK5HwFNM1Y&s=1730093439&e=10800&f=25082241&srv=25&asn=50304&sp=5500&p= HTTP/1.1
Host: be2719.rcr22.ams01.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://6oszwqmr.xyz
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Oct 2024 05:30:40 GMT
Content-Type: application/octet-stream
Content-Length: 16
Connection: keep-alive
Last-Modified: Sun, 19 Nov 2000 08:52:00 GMT
Expires: Tue, 29 Oct 2024 01:03:49 GMT
ETag: "5f693e80-10"
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Accept-Ranges: bytes

GET 6oszwqmr.xyz/favicon.ico

104.21.29.123

200 OK

5.0 kB

URL GET HTTPS

6oszwqmr.xyz/favicon.ico

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeMS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

First Seen2023-05-06

Last Seen2025-07-15

Times Seen336

Size5.0 kB (5034 bytes)

MD5f7b404d04734d64575f577b506c22a06

SHA1485d344ea5ace3529dd472f3fadaa621f046eaf5

SHA256c53b6a1e519b835191c058325f17d0f3ea15e1507ca47313c94cc54b68741500

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 28 Oct 2024 05:30:40 GMT
content-type: image/x-icon
last-modified: Mon, 02 Feb 2015 19:26:28 GMT
etag: W/"54cfcf64-47e"
expires: Mon, 04 Nov 2024 00:15:40 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 18900
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tz3D6M0w9PzvSUZ7%2Bm2IMy4TskRWZqjS3o9JPTnr2HB%2F3jfl%2FCiT8XeK7RtBMtDS0i%2BBLJ44MWPnnbNrgpOm%2Bs%2FbXBqe6cj2OzqKRHhr5EoiKSMfQNvkXoUCMGtjIl4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9889005fcd56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20100&sent=333&recv=32&lost=0&retrans=0&sent_bytes=369493&recv_bytes=5189&delivery_rate=3416630&cwnd=187200&unsent_bytes=0&cid=dc40a57a2fb08041&ts=619&x=1", cfExtPri, cfHdrFlush;dur=0

GET 6oszwqmr.xyz/js/bafsd.js

104.21.29.123

200 OK

10 kB

URL GET HTTPS

6oszwqmr.xyz/js/bafsd.js

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeJavaScript source, ASCII text, with CRLF line terminators

First Seen2024-10-04

Last Seen2025-08-07

Times Seen457

Size10 kB (10334 bytes)

MD5c2432aca90e92e0370d2ded2545eb1fa

SHA18f1ae40f7dc9c4ccfcb91d04530a1f072e9d06eb

SHA25689c40275bddb7257d519bda010de1c4df70a30b5f84be325f2ae53168f276cb5

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/bafsd.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 28 Oct 2024 05:30:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 04 Oct 2024 05:52:43 GMT
etag: W/"66ff82ab-358a"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 493033
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DAn76AnHb%2Bc2MHL3iRSIvlv5EQicSDHBfV3H39sEEV80tPIccNxwxoL5YerBs7kEeId80bbty6Bpn6WDFBJYGeqL6fIijZeB8LRJ%2FTL3g94VXAB5GULZRagqHiiMm5g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9888fd9cdd56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19797&sent=27&recv=15&lost=0&retrans=0&sent_bytes=16149&recv_bytes=3181&delivery_rate=2450&cwnd=12000&unsent_bytes=0&cid=dc40a57a2fb08041&ts=177&x=1", cfExtPri, cfHdrFlush;dur=13

GET be2719.rcr22.ams01.cdn112.com/hls2/01/03483/qqsl86ogy3f6_x/seg-1-v1-a1.ts?t=fC8bbRW2zcI3kmsu8x9egdUT5gq9v9RbIOK5HwFNM1Y&s=1730093439&e=10800&f=25082241&srv=25&asn=50304&sp=5500&p=

91.211.89.136

200 OK

1.6 MB

URL GET HTTPS

be2719.rcr22.ams01.cdn112.com/hls2/01/03483/qqsl86ogy3f6_x/seg-1-v1-a1.ts?t=fC8bbRW2zcI3kmsu8x9egdUT5gq9v9RbIOK5HwFNM1Y&s=1730093439&e=10800&f=25082241&srv=25&asn=50304&sp=5500&p=

IP / ASN

91.211.89.136

#174 COGENT-174

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typedata

First Seen2024-10-28

Last Seen2024-10-28

Times Seen1

Size1.6 MB (1582592 bytes)

MD540cae0a517cd58cf409d12e2253d3b69

SHA12eb0583284048da6945e1ac72fb87b58af0cb1fd

SHA256eacc8ce6db769b60d022d45749508762d65b9d618bff953bdd197f123eac0ff6

Certificate Info

IssuerLet's Encrypt

Subjectbe2719.rcr22.ams01.cdn112.com

FingerprintAD:AD:6E:06:29:22:3F:58:96:5F:71:98:66:48:8D:A4:18:E3:98:B8

ValidityTue, 24 Sep 2024 19:53:21 GMT - Mon, 23 Dec 2024 19:53:20 GMT

HTTP Headers

GET /hls2/01/03483/qqsl86ogy3f6_x/seg-1-v1-a1.ts?t=fC8bbRW2zcI3kmsu8x9egdUT5gq9v9RbIOK5HwFNM1Y&s=1730093439&e=10800&f=25082241&srv=25&asn=50304&sp=5500&p= HTTP/1.1
Host: be2719.rcr22.ams01.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://6oszwqmr.xyz
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Oct 2024 05:30:40 GMT
Content-Type: video/MP2T
Content-Length: 1582592
Connection: keep-alive
Last-Modified: Sun, 19 Nov 2000 08:52:00 GMT
Expires: Tue, 29 Oct 2024 01:03:49 GMT
ETag: "5f693e80-182600"
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Accept-Ranges: bytes

GET 6oszwqmr.xyz/adcgi?id=80557588

104.21.29.123

504 Gateway Timeout

6.3 kB

URL GET HTTPS

6oszwqmr.xyz/adcgi?id=80557588

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeHTML document, ASCII text, with very long lines (394)

First Seen2024-10-28

Last Seen2024-10-28

Times Seen1

Size6.3 kB (6323 bytes)

MD565e2eae683515386ddc9a0ba0432befe

SHA161fe15d54776a52110f4d44d27de56cb9b5138ec

SHA25608631330bf3038ba13d1fca0aeac3d31a1792bbcec8d1e200f3c1ee21acdce6b

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /adcgi?id=80557588 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 504 Gateway Timeout
date: Mon, 28 Oct 2024 05:30:41 GMT
content-type: text/html; charset=UTF-8
content-length: 6323
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=imZGmhsL3jXiJaxrl6dJ3q2hEHVfySEVpZu2v4cGMYDuHjTeunbWWGdcigwG1GuaQV5C3FWt8iiF4hU%2F7UE330ReYYklepWdV1wjigU7491JPWfYVVpZrKAmEZ2N0YQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 8d9889054d6356c0-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=22204&sent=335&recv=34&lost=0&retrans=0&sent_bytes=370595&recv_bytes=5507&delivery_rate=22509&cwnd=187200&unsent_bytes=0&cid=dc40a57a2fb08041&ts=1570&x=1", cfExtPri, cfHdrFlush;dur=0

GET uqqmj868.xyz/

188.114.96.1

302 Found

0 B

URL GET HTTPS

uqqmj868.xyz/

IP / ASN

188.114.96.1

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720854

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectuqqmj868.xyz

Fingerprint80:B4:6F:5F:E3:AB:82:94:A6:D1:DE:33:8A:98:26:6B:A3:88:64:8D

ValidityTue, 24 Sep 2024 06:01:54 GMT - Mon, 23 Dec 2024 06:01:53 GMT

HTTP Headers

GET / HTTP/1.1
Host: uqqmj868.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 28 Oct 2024 05:30:49 GMT
content-type: text/html; charset=UTF-8
location: https://epededonemile.com/?fmon=1100125
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0J5CkOnn4NowPBZ1Ea5VBBZekb2TUVfH5SV28dEpnTiyE6blNuZs4b8OObtwxN5pRFqCsMfhJsL4se7iSvyVpnlt9nR1Z2SoqciBIJT2Z6QS55WXzQtVmWZWOIKqchQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d98893a1958b4f9-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16515&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3204&recv_bytes=1133&delivery_rate=261230&cwnd=253&unsent_bytes=0&cid=3bb65696cc57e1b9&ts=68&x=0"
X-Firefox-Spdy: h2

GET xml-v4.tri.media/click?i=1CiyxNEEzHs_0

174.137.133.17

302 Found

0 B

URL GET HTTPS

xml-v4.tri.media/click?i=1CiyxNEEzHs_0

IP / ASN

174.137.133.17

#27257 WEBAIR-INTERNET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720854

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGlobalSign nv-sa

Subject*.tri.media

Fingerprint3B:55:03:D9:CD:36:CE:5A:84:0F:A1:18:02:6B:14:6E:91:4A:CC:1D

ValidityThu, 19 Sep 2024 06:51:24 GMT - Tue, 21 Oct 2025 06:51:23 GMT

HTTP Headers

GET /click?i=1CiyxNEEzHs_0 HTTP/1.1
Host: xml-v4.tri.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6oszwqmr.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Oct 2024 05:30:50 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://mybiddd.com/in/p/?spot_id=2004558&cat=25&sub_id=507232629

GET 6oszwqmr.xyz/assets/css/jw8-theme.css?v=3.0.6

104.21.29.123

200 OK

10 kB

URL GET HTTPS

6oszwqmr.xyz/assets/css/jw8-theme.css?v=3.0.6

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeASCII text, with very long lines (938), with CRLF line terminators

First Seen2024-04-18

Last Seen2025-08-07

Times Seen620

Size10 kB (10335 bytes)

MD5218f1af32c959506efe281f39309d9a5

SHA1948fbcdba4275e13fc3e469a04df2d727aabdf4a

SHA2565425c5e4dfa36e386ee465a9fe20f61290bcd377fe3fd950164c5c6e16301593

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /assets/css/jw8-theme.css?v=3.0.6 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 28 Oct 2024 05:30:39 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 15:50:39 GMT
etag: W/"660d7acf-62a2"
expires: Thu, 31 Oct 2024 00:03:57 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 365202
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kc2e%2BOLdZq8Nyz3io4iYD2PYx8%2FzmNl2dEuwxtNHFEJHRdsL%2BJWSNHtibd1XEr9n1h4qChLdCH%2B9T7E796GABtNOW%2BIFoIBUUjiMxccaVeUhOz0tMIzjqQe88%2FLs9k0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9888ffef6656c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21298&sent=140&recv=27&lost=0&retrans=0&sent_bytes=141662&recv_bytes=4705&delivery_rate=850336&cwnd=93600&unsent_bytes=0&cid=dc40a57a2fb08041&ts=546&x=1", cfExtPri, cfHdrFlush;dur=0

GET mybiddd.com/popunder/in/click/?mid=3988119599313852734&pid=0&site=&sc=NO&usage_type=DCH&subid=507232629&sid=0&cid=0&price=0&is_cpm=1&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=6oszwqmr.xyz&hostname=auc-popunder-hz-2&site_id=0&spot_id=2004558&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.035&placement_type_id=7&skin_test=&verify_hash=b8c407a673f708e814f365357ec07d85&score=515.0593812327122&durl=&ml=&tag_ab=&original_bid=0&user_fp=0&v2=0&pop_type=0&space_id=0&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.035&url=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D507232629%26site_id%3D%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26idzone%3D%26spot_id%3D2004558%26mo%3D%26ve%3D%26ad_tags%3D%26p%3Dhttps%253A%252F%252F6oszwqmr.xyz%252F%26sid%3D0%26katds_labels%3D%26is_iframe%3D1%26btype%3D0%26score%3D515.0593812327122%26bf%3D0.035%26iabcat%3DIAB25%26allowed_labels%3D&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=2&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=&scroll_percent=0&empty_clicks=0&aid=0&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&direct_client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids=&client_payment_model=&auction_time=1730093450&is_in_app=0&delivery_method=js_redirect&user_keywords=&keywords=

94.130.197.239

302 Found

0 B

URL GET HTTPS

mybiddd.com/popunder/in/click/?mid=3988119599313852734&pid=0&site=&sc=NO&usage_type=DCH&subid=507232629&sid=0&cid=0&price=0&is_cpm=1&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=6oszwqmr.xyz&hostname=auc-popunder-hz-2&site_id=0&spot_id=2004558&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.035&placement_type_id=7&skin_test=&verify_hash=b8c407a673f708e814f365357ec07d85&score=515.0593812327122&durl=&ml=&tag_ab=&original_bid=0&user_fp=0&v2=0&pop_type=0&space_id=0&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.035&url=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D507232629%26site_id%3D%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26idzone%3D%26spot_id%3D2004558%26mo%3D%26ve%3D%26ad_tags%3D%26p%3Dhttps%253A%252F%252F6oszwqmr.xyz%252F%26sid%3D0%26katds_labels%3D%26is_iframe%3D1%26btype%3D0%26score%3D515.0593812327122%26bf%3D0.035%26iabcat%3DIAB25%26allowed_labels%3D&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=2&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=&scroll_percent=0&empty_clicks=0&aid=0&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&direct_client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids=&client_payment_model=&auction_time=1730093450&is_in_app=0&delivery_method=js_redirect&user_keywords=&keywords=

IP / ASN

94.130.197.239

#24940 Hetzner Online GmbH

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720854

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectpopunder.infrapu.sh

FingerprintFD:84:64:F6:1B:6A:2F:EA:21:1E:A5:B8:52:65:15:AA:05:00:21:48

ValidityWed, 09 Oct 2024 12:06:27 GMT - Tue, 07 Jan 2025 12:06:26 GMT

HTTP Headers

GET /popunder/in/click/?mid=3988119599313852734&pid=0&site=&sc=NO&usage_type=DCH&subid=507232629&sid=0&cid=0&price=0&is_cpm=1&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=6oszwqmr.xyz&hostname=auc-popunder-hz-2&site_id=0&spot_id=2004558&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=0000-00-00&is_native=0&burl=&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=0&resp_type=&iabcat=IAB25&min_cpm=0.035&placement_type_id=7&skin_test=&verify_hash=b8c407a673f708e814f365357ec07d85&score=515.0593812327122&durl=&ml=&tag_ab=&original_bid=0&user_fp=0&v2=0&pop_type=0&space_id=0&real_bid=&skin_id=&vertical_id=&stratagem=&accel=0&gyr=0&iabcat=IAB25&ip_mismatch=false&ua_mismatch=false&ssp=3758&rc=0&v2_track=0&otype=0&mn=0&priority=0&bb=0.035&url=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D507232629%26site_id%3D%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26idzone%3D%26spot_id%3D2004558%26mo%3D%26ve%3D%26ad_tags%3D%26p%3Dhttps%253A%252F%252F6oszwqmr.xyz%252F%26sid%3D0%26katds_labels%3D%26is_iframe%3D1%26btype%3D0%26score%3D515.0593812327122%26bf%3D0.035%26iabcat%3DIAB25%26allowed_labels%3D&pr=&bid_crid=&bid_cid=&ad_tags=&is_interstitial=0&is_direct=2&label_ids=&site_id64=&sp_cl=0&act_sess=0&sp_scr=0&intes=&izb=&ang=0&act_su=0&interest_vertical_ids=&v_scroll_freq=&time_sess=&ext_campaign_id=&scroll_percent=0&empty_clicks=0&aid=0&high_freq_clicks=0&dev_console_activity=0&topics=&client_price=0&direct_client_price=0&o_d=&is_webview=0&timezone_olson=&timezone_ip=Europe/Oslo&offer_label_ids=&client_payment_model=&auction_time=1730093450&is_in_app=0&delivery_method=js_redirect&user_keywords=&keywords= HTTP/1.1
Host: mybiddd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mybiddd.com/in/p/?spot_id=2004558&cat=25&sub_id=507232629
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx/1.16.0
date: Mon, 28 Oct 2024 05:30:50 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://popdemission.com/in/849/?source=507232629&site_id=&utm1=&utm2=&utm3=&utm4=&idzone=&spot_id=2004558&mo=&ve=&ad_tags=&p=https%3A%2F%2F6oszwqmr.xyz%2F&sid=0&katds_labels=&is_iframe=1&btype=0&score=515.0593812327122&bf=0.035&iabcat=IAB25&allowed_labels=
X-Firefox-Spdy: h2

GET popdemission.com/in/849/?source=507232629&site_id=&utm1=&utm2=&utm3=&utm4=&idzone=&spot_id=2004558&mo=&ve=&ad_tags=&p=https%3A%2F%2F6oszwqmr.xyz%2F&sid=0&katds_labels=&is_iframe=1&btype=0&score=515.0593812327122&bf=0.035&iabcat=IAB25&allowed_labels=

62.122.168.42

302 Found

0 B

URL GET HTTPS

popdemission.com/in/849/?source=507232629&site_id=&utm1=&utm2=&utm3=&utm4=&idzone=&spot_id=2004558&mo=&ve=&ad_tags=&p=https%3A%2F%2F6oszwqmr.xyz%2F&sid=0&katds_labels=&is_iframe=1&btype=0&score=515.0593812327122&bf=0.035&iabcat=IAB25&allowed_labels=

IP / ASN

62.122.168.42

#50245 Serverel Inc.

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720854

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectpopdemission.com

Fingerprint80:2C:31:34:88:87:CF:EE:D8:90:3E:88:52:D7:C6:D2:DB:BB:9F:D1

ValidityMon, 07 Oct 2024 03:17:08 GMT - Sun, 05 Jan 2025 03:17:07 GMT

HTTP Headers

GET /in/849/?source=507232629&site_id=&utm1=&utm2=&utm3=&utm4=&idzone=&spot_id=2004558&mo=&ve=&ad_tags=&p=https%3A%2F%2F6oszwqmr.xyz%2F&sid=0&katds_labels=&is_iframe=1&btype=0&score=515.0593812327122&bf=0.035&iabcat=IAB25&allowed_labels= HTTP/1.1
Host: popdemission.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybiddd.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.20.1
date: Mon, 28 Oct 2024 05:30:51 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://kaminari.systems/v1/click?kmnrKey=891498445&sub1=2004558&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D507232629%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 849.0=1; expires=Tue, 29 Oct 2024 05:30:50 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2

GET kaminari.systems/v1/click?kmnrKey=891498445&sub1=2004558&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D507232629%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F

31.220.27.154

200 OK

50 kB

URL GET HTTPS

kaminari.systems/v1/click?kmnrKey=891498445&sub1=2004558&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D507232629%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F

IP / ASN

31.220.27.154

#39572 DataWeb Global Group B.V.

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720854

Size50 kB (49585 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectkaminari.systems

FingerprintEF:8F:6F:19:DA:58:76:ED:5D:28:D1:C8:BC:2E:E5:DE:3C:D1:B5:5E

ValidityThu, 10 Oct 2024 10:55:28 GMT - Wed, 08 Jan 2025 10:55:27 GMT

HTTP Headers

GET /v1/click?kmnrKey=891498445&sub1=2004558&u=https%3A%2F%2Fpopdemission.com%2Fin%2F849%2F%3Fsource%3D507232629%26spot_id%3D299762%26p%3Dhttps%253A%252F%252Fgloporn.com%252F HTTP/1.1
Host: kaminari.systems
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mybiddd.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 28 Oct 2024 05:30:51 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
accept-ch: Width, Viewport-Width, DPR, Device-Memory, Downlink, RTT, ECT, Save-Data, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
access-control-allow-headers: X-Requested-With, Cache-Control, Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2

GET epededonemile.com/?fmon=1100125

108.157.229.107

302 Found

1.9 kB

URL GET HTTPS

epededonemile.com/?fmon=1100125

IP / ASN

108.157.229.107

#16509 AMAZON-02

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720854

Size1.9 kB (1908 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerAmazon

Subjectepededonemile.com

Fingerprint46:83:A9:71:37:5C:CA:E8:CC:04:0A:4C:B6:4D:C4:FF:85:97:F1:1B

ValidityTue, 08 Oct 2024 00:00:00 GMT - Thu, 06 Nov 2025 23:59:59 GMT

HTTP Headers

GET /?fmon=1100125 HTTP/1.1
Host: epededonemile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6oszwqmr.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://xml-v4.tri.media/click?i=1CiyxNEEzHs_0
date: Mon, 28 Oct 2024 05:30:49 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=62c4e097-a5dd-42f0-82a3-6199e5999a66
x-cache: Miss from cloudfront
via: 1.1 17c1b187a3afe016510e55151109cc30.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: UGG25Ft-xVhjMBXXlKXWkEyVYwpXYAhNRs8YbU3SBJV2g25rwgB-bg==
X-Firefox-Spdy: h2

GET 6oszwqmr.xyz/css/main.css?v=4

104.21.29.123

200 OK

49 kB

URL GET HTTPS

6oszwqmr.xyz/css/main.css?v=4

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720854

Size49 kB (49212 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/main.css?v=4 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 05:30:39 GMT
content-type: text/css
last-modified: Thu, 26 Sep 2024 18:06:54 GMT
etag: W/"66f5a2be-c03c"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 493033
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f0uDA%2FFekphBV7QQjWzr7f4FIv9ARpZonfXIgQKn9aDOvgtIpdcukEI0KzbYn5Bx7F%2FfUp4jWxQLh%2Fn73T%2FyZFvfF7vIbGmq7c22ROMeH8jAj6UePiWnUruiBESxXT0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9888fd8cca56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19797&sent=22&recv=15&lost=0&retrans=0&sent_bytes=10666&recv_bytes=3181&delivery_rate=2450&cwnd=12000&unsent_bytes=0&cid=dc40a57a2fb08041&ts=171&x=1", cfExtPri, cfHdrFlush;dur=0

GET ieyri61b.xyz/js/dwarf.js

172.67.207.46

200 OK

71 kB

URL GET HTTPS

ieyri61b.xyz/js/dwarf.js

IP / ASN

172.67.207.46

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2024-10-23

Last Seen2024-10-28

Times Seen94

Size71 kB (70990 bytes)

MD5645c49c2f4d766a0f53aebc6f39c84be

SHA12cf649c9048d567904389d8032e28f9b82e688f8

SHA256637717a3de6b2f9043510f3c9df0ea404eee6df9d6c99a528b4603c590858811

Certificate Info

IssuerGoogle Trust Services

Subjectieyri61b.xyz

Fingerprint7C:03:59:1C:CB:57:4A:11:C0:F0:35:06:50:5D:94:B0:83:E1:C7:6A

ValiditySun, 29 Sep 2024 09:41:52 GMT - Sat, 28 Dec 2024 09:41:51 GMT

HTTP Headers

GET /js/dwarf.js HTTP/1.1
Host: ieyri61b.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 28 Oct 2024 05:30:39 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 07:44:38 GMT
etag: W/"6704e2e6-1154e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2381
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LwNTprdPpeVeBLSTnUwq0oqh6qSLYkyBeY%2BiJDObxE1PC6Gud3tacU58ujkRauUa7Qm1HjkR7L3DcvydSAdYTMswK02l68fGmSFlPrVKv4J2IyRcyPZLHHz0KVddzxk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9888fe4f7556a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16483&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3279&recv_bytes=1149&delivery_rate=262461&cwnd=252&unsent_bytes=0&cid=b24955fc46842ebb&ts=47&x=0"
X-Firefox-Spdy: h2

GET 6oszwqmr.xyz/player/jw8_26/jwplayer.core.controls.js?v=2

104.21.29.123

200 OK

327 kB

URL GET HTTPS

6oszwqmr.xyz/player/jw8_26/jwplayer.core.controls.js?v=2

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720854

Size327 kB (326903 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /player/jw8_26/jwplayer.core.controls.js?v=2 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 05:30:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 09:09:34 GMT
etag: W/"660d1cce-4fcf7"
expires: Tue, 29 Oct 2024 12:34:09 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 492990
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UrELQwhUxsNDuL5k4iaJ155%2BUUXqs0LSE8Uw5OeeYCocBXPAvGf3pu%2FbVC6KMwd4%2FdBOdm55gV7r1LbPznz2MuMMqygaprlSPf%2BLRtEEz7cPweQtsHjuGVXLnOs4QYM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9888ffdf6356c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21298&sent=146&recv=27&lost=0&retrans=0&sent_bytes=147828&recv_bytes=4705&delivery_rate=850336&cwnd=93600&unsent_bytes=0&cid=dc40a57a2fb08041&ts=554&x=1", cfExtPri, cfHdrFlush;dur=0

GET 6oszwqmr.xyz/player/jw8_26/jwplayer.js?v=5.0.2

104.21.29.123

200 OK

111 kB

URL GET HTTPS

6oszwqmr.xyz/player/jw8_26/jwplayer.js?v=5.0.2

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720854

Size111 kB (111441 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /player/jw8_26/jwplayer.js?v=5.0.2 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 05:30:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 05 Apr 2024 14:58:43 GMT
etag: W/"661011a3-1b351"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 493033
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=il%2FE05x7Hy%2Bqbko1gqgSSO3Pbf5gmoDlf7kW6U47tW1FJCIewATbp2fYUK7ix7qxOB6EKwvhVQxGY2N%2BIIxA8T9UvchgfIb6VQHEWcO3h%2F%2BCO8t9vRWFZPtNIiiaLeA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9888fd9ce056c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19797&sent=27&recv=15&lost=0&retrans=0&sent_bytes=16149&recv_bytes=3181&delivery_rate=2450&cwnd=12000&unsent_bytes=0&cid=dc40a57a2fb08041&ts=181&x=1", cfExtPri, cfHdrFlush;dur=9

GET 6oszwqmr.xyz/player/jw8/vast.js

104.21.29.123

200 OK

107 kB

URL GET HTTPS

6oszwqmr.xyz/player/jw8/vast.js

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2023-09-18

Last Seen2025-08-07

Times Seen540

Size107 kB (107114 bytes)

MD53cd85ca1814c3fd976764bf6b83b989d

SHA190e931622205c6adfbc75cfe681563a127580f05

SHA2562e4fe3d8b3565a3f8b5ec0ecfe0e5f26a756401b6847dd475327793da41897f5

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /player/jw8/vast.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 05:30:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 08 Sep 2022 10:34:42 GMT
etag: W/"6319c542-1a26a"
expires: Thu, 31 Oct 2024 23:54:11 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 279388
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FBGWuht2kZ%2BatXng6FxamWRAOIg0QQSE8nB%2BoQPrir77NIuVj5Khlk%2BfFmVwliV0f7LxE0XoBZH0Pen6Yai7rvNEUGhmbvpKE1YOIj0Q1yQeUg%2Buh%2FbDRoTxGp0pv9M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9888ff7f0156c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20821&sent=108&recv=23&lost=0&retrans=0&sent_bytes=107935&recv_bytes=3767&delivery_rate=1172532&cwnd=93600&unsent_bytes=0&cid=dc40a57a2fb08041&ts=482&x=1", cfExtPri, cfHdrFlush;dur=0

GET 6oszwqmr.xyz/player/jw8_26/provider.hlsjs.js?v=2

104.21.29.123

200 OK

423 kB

URL GET HTTPS

6oszwqmr.xyz/player/jw8_26/provider.hlsjs.js?v=2

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720854

Size423 kB (422959 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /player/jw8_26/provider.hlsjs.js?v=2 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 05:30:40 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 05 Apr 2024 14:57:50 GMT
etag: W/"6610116e-6742f"
expires: Tue, 29 Oct 2024 12:34:09 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 492990
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HEF3lBzoysJHHtZGU%2F5Ry2TmQ1b43S5bXDLJBN%2BF6EDmHU%2FSiBiekyJqR6icL7uzmH1xv%2F1pqiw2MnwCCoOB78YEqYn7uvPGYdkJL0FcKpOyjCGmiKr8E2zw7DwrH50%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9888ffef6c56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21298&sent=219&recv=27&lost=0&retrans=0&sent_bytes=235262&recv_bytes=4705&delivery_rate=850336&cwnd=93600&unsent_bytes=0&cid=dc40a57a2fb08041&ts=558&x=1", cfExtPri, cfHdrFlush;dur=6

GET 6oszwqmr.xyz/js/jquery.js

104.21.29.123

200 OK

90 kB

URL GET HTTPS

6oszwqmr.xyz/js/jquery.js

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65447)

First Seen2023-03-07

Last Seen2025-08-08

Times Seen268528

Size90 kB (89501 bytes)

MD58fb8fee4fcc3cc86ff6c724154c49c42

SHA1b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

SHA256ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 05:30:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
etag: W/"603e8adc-15d9d"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 493033
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2BvcSnEvGrEeiU2GL5CMwN4E%2BzbtLJEelabmKvr64Tj72ie0hr1bvoxrsMa0CGkkwC2CgAOAzoW%2F76QRJiwenJgfprwlcWoD8R2GMvTZHoo%2BlXDFNTMFPKwUbIMY6Ns%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9888fd8ccd56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19797&sent=27&recv=15&lost=0&retrans=0&sent_bytes=16149&recv_bytes=3181&delivery_rate=2450&cwnd=12000&unsent_bytes=0&cid=dc40a57a2fb08041&ts=177&x=1", cfExtPri, cfHdrFlush;dur=11

GET 6oszwqmr.xyz/js/jquery.cookie.js

104.21.29.123

200 OK

4.3 kB

URL GET HTTPS

6oszwqmr.xyz/js/jquery.cookie.js

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeJavaScript source, ASCII text, with very long lines (4427), with no line terminators

First Seen2023-04-15

Last Seen2025-04-05

Times Seen948

Size4.3 kB (4331 bytes)

MD5c8a0b7f16c38377537c6ab251cb5bc72

SHA1528e37de81abf523b92ce0b457cb593983ed347a

SHA256e31179e4a4fffc7faee4f95d4f67ce056d12a57c451dee1dae3e9062b126a00e

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 05:30:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 31 May 2011 12:53:56 GMT
etag: W/"4de4e4e4-10eb"
expires: Sun, 03 Nov 2024 07:11:42 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 80337
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DV2yzFF5a4DkMHaaz2M2xj%2F5FMqeXWu9zfaTgPIVKjjp4HGqkwHPeSrvzeJB17sfhCy1brgfGtqJAv6omjbaGJcITpRGwVXk1x%2FrYk0EcS56JHo%2FfvjhWeBLEGbDRg4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9888fd8cd156c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19797&sent=27&recv=15&lost=0&retrans=0&sent_bytes=16149&recv_bytes=3181&delivery_rate=2450&cwnd=12000&unsent_bytes=0&cid=dc40a57a2fb08041&ts=176&x=1", cfExtPri, cfHdrFlush;dur=14

GET 6oszwqmr.xyz/js/ls.js

104.21.29.123

200 OK

2.1 kB

URL GET HTTPS

6oszwqmr.xyz/js/ls.js

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeJavaScript source, ASCII text, with very long lines (2079), with no line terminators

First Seen2023-04-15

Last Seen2025-04-05

Times Seen376

Size2.1 kB (2063 bytes)

MD566b63b5fefbe179c0fd09e63c11b7e12

SHA1e657b7d46921bec0bcbd746339ccc03ef4690036

SHA25652eb05218aa889bcc3b78062d496c747a04db5126648bd3a57cf8c43e3039bf2

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/ls.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 05:30:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 14 Feb 2023 11:28:54 GMT
etag: W/"63eb7076-80f"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 493033
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W8irpBUmwzMXtWzhupaBTa7U56agydm%2B1MWR1DtJxcF2kPFwaKpkvWJx8d2ULBJyRUbRfGo7Ilogm0g0w07CoCXzcfy0ITgpwIK7w466vllvumx1IbP5ozwyo8VxIds%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9888fd8cd256c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19797&sent=20&recv=15&lost=0&retrans=0&sent_bytes=9030&recv_bytes=3181&delivery_rate=2450&cwnd=12000&unsent_bytes=0&cid=dc40a57a2fb08041&ts=171&x=1", cfExtPri, cfHdrFlush;dur=0

GET mybiddd.com/in/p/?spot_id=2004558&cat=25&sub_id=507232629

94.130.197.239

200 OK

1.9 kB

URL GET HTTPS

mybiddd.com/in/p/?spot_id=2004558&cat=25&sub_id=507232629

IP / ASN

94.130.197.239

#24940 Hetzner Online GmbH

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeHTML document, ASCII text, with very long lines (1916), with no line terminators

First Seen2024-10-28

Last Seen2024-10-28

Times Seen1

Size1.9 kB (1908 bytes)

MD502916fbf0d178377efa266f26d027e87

SHA1dbbebc4248539809d40266e8a96be9866a4dbc8f

SHA2566fd3f126251bd89274594debf63aeee520e490d7b3114b5f6b788d98a6fbd90c

Certificate Info

IssuerLet's Encrypt

Subjectpopunder.infrapu.sh

FingerprintFD:84:64:F6:1B:6A:2F:EA:21:1E:A5:B8:52:65:15:AA:05:00:21:48

ValidityWed, 09 Oct 2024 12:06:27 GMT - Tue, 07 Jan 2025 12:06:26 GMT

HTTP Headers

GET /in/p/?spot_id=2004558&cat=25&sub_id=507232629 HTTP/1.1
Host: mybiddd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6oszwqmr.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.16.0
date: Mon, 28 Oct 2024 05:30:50 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2

GET kts.cvastico.com/in/885/?subid=2044015014&domain=nodomain&target_id=0

62.122.173.28

200 OK

1.2 kB

URL GET HTTPS

kts.cvastico.com/in/885/?subid=2044015014&domain=nodomain&target_id=0

IP / ASN

62.122.173.28

#50245 Serverel Inc.

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeHTML document, ASCII text, with very long lines (1227), with no line terminators

First Seen2024-10-28

Last Seen2024-10-28

Times Seen1

Size1.2 kB (1202 bytes)

MD59d699eebc042fcdc6b1e2cdf612f7b46

SHA13f3bd553e5d614d2641395b303db2064b8cf16c2

SHA2563cd1f2c6c1147d36768fbc8a412347d3d76fd0c4451d39ec74aadb0b8219b97d

Certificate Info

IssuerLet's Encrypt

Subjectkts.cvastico.com

Fingerprint76:43:00:29:CE:A6:FD:0F:74:6C:44:63:DE:72:67:0F:B9:14:94:32

ValidityMon, 07 Oct 2024 03:11:26 GMT - Sun, 05 Jan 2025 03:11:25 GMT

HTTP Headers

GET /in/885/?subid=2044015014&domain=nodomain&target_id=0 HTTP/1.1
Host: kts.cvastico.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kaminari.systems/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Mon, 28 Oct 2024 05:30:51 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
set-cookie: 885.0=1; expires=Tue, 29 Oct 2024 05:30:51 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

GET 6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

104.21.29.123

200 OK

16 kB

URL User Request GET HTTPS

6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeJavaScript source, ASCII text, with very long lines (6495), with CRLF, LF line terminators

First Seen2024-10-28

Last Seen2024-10-28

Times Seen1

Size16 kB (15543 bytes)

MD58ebc2093dce2ff5ada2e271396042368

SHA1ae30f2e962e0bedf1cbc52032ee2e79893c5fd00

SHA256ad15134afdd9a7568ca364eef655e2fb0e3837fad063fc8777cbf047fae8c04e

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cwns/72p1shtbayoc?referer=bflix.sh HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 28 Oct 2024 05:30:39 GMT
content-type: text/html; charset=UTF-8
expires: Sun, 27 Oct 2024 05:30:39 GMT
set-cookie: lang=1; domain=.6oszwqmr.xyz; path=/; HttpOnly
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NC0b3wOkI3lkhxu8giXYbroJ2ObJMxorrl%2Fq%2F3KMuat84zmeRLVKYSRCO%2FBUtyD9CiVGi8NqefjcIlVEc4TMAoEAFnIIXZPK4rILed93syXdpyyEsXN%2FftT336MRG0c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d9888fb2bea7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=21855&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3199&recv_bytes=1141&delivery_rate=262382&cwnd=254&unsent_bytes=0&cid=cb6a4edd3f65af56&ts=234&x=0"
X-Firefox-Spdy: h2

GET 6oszwqmr.xyz/js/xupload.js

104.21.29.123

200 OK

11 kB

URL GET HTTPS

6oszwqmr.xyz/js/xupload.js

IP / ASN

104.21.29.123

#13335 CLOUDFLARENET

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeJavaScript source, ASCII text

First Seen2023-03-07

Last Seen2025-03-25

Times Seen494

Size11 kB (10867 bytes)

MD52609e3a9490dcfe748407d3af317c472

SHA1af55b2b16e9190e09407f67ffae4ca705ea6f112

SHA256c3c7c3de97ef15965def93fc9317e82854b979aa1a7980fde49b873a04aab85d

Certificate Info

IssuerGoogle Trust Services

Subject6oszwqmr.xyz

Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C

ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/xupload.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 28 Oct 2024 05:30:39 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 04 Aug 2021 13:41:52 GMT
etag: W/"610a9920-2a73"
expires: Mon, 04 Nov 2024 01:10:13 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 15626
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y%2BzzZPTAn0GUUdE31mfmTzn%2Fh9C4wgVJYv1LATsVTHwKaGnOP5QynfZh7mxB6Y93G04rg9bYHhQnYXZo4SbdSC4PMCgiSvWTjGGh5JIMlmgVK3KfnHQILewB%2FTqgXJU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d9888fd8cce56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19797&sent=15&recv=15&lost=0&retrans=0&sent_bytes=4149&recv_bytes=3181&delivery_rate=2450&cwnd=12000&unsent_bytes=0&cid=dc40a57a2fb08041&ts=170&x=1", cfExtPri, cfHdrFlush;dur=0

GET accounts.google.com/CheckCookie?continue=https%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png&followup=https%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png&chtml=LoginDoneHtml&checkedDomains=youtube&checkConnection=youtube%3A291%3A1

64.233.162.84

400 Bad Request

0 B

URL GET HTTPS

accounts.google.com/CheckCookie?continue=https%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png&followup=https%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png&chtml=LoginDoneHtml&checkedDomains=youtube&checkConnection=youtube%3A291%3A1

IP / ASN

64.233.162.84

#15169 GOOGLE

Requested byhttps://kts.cvastico.com/in/885/?subid=2044015014&domain=nodomain&target_id=0

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720854

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectaccounts.google.com

Fingerprint55:5D:8B:B6:E4:3E:24:63:E6:9D:7A:AA:44:56:92:9C:22:7E:CD:5A

ValidityMon, 07 Oct 2024 08:26:37 GMT - Mon, 30 Dec 2024 08:26:36 GMT

HTTP Headers

GET /CheckCookie?continue=https%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png&followup=https%3A%2F%2Fwww.google.com%2Fintl%2Fen%2Fimages%2Flogos%2Faccounts_logo.png&chtml=LoginDoneHtml&checkedDomains=youtube&checkConnection=youtube%3A291%3A1 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kts.cvastico.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 400 Bad Request
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000; includeSubDomains
set-cookie: __Host-GAPS=1:S87_ioMZTiZC6kfkZywvyIxtmpX49w:UeEf79C8ZN6226Q_;Path=/;Expires=Wed, 28-Oct-2026 05:30:51 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
content-security-policy: script-src 'nonce-U-nm1lsLnneCETk-65LpRg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cache-control: no-cache, no-store
pragma: no-cache
expires: Mon, 01-Jan-1990 00:00:00 GMT
content-encoding: gzip
date: Mon, 28 Oct 2024 05:30:51 GMT
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET kts.cvastico.com/in/2669/?subid=2044015014&target_id=0&domain=nodomain&tt={{tt}}&sid={{sid}}&cid={{cid}}&soi={{soi}}&ts={{ts}}&ad_tags=&click_id=cca11d88-90b2-4473-af27-725479f8a4c9&sub_utm_1={{sub_utm_1}}&sub_utm_2={{sub_utm_2}}&&goo=0

0.0.0.0

0 B

URL GET HTTPS

kts.cvastico.com/in/2669/?subid=2044015014&target_id=0&domain=nodomain&tt={{tt}}&sid={{sid}}&cid={{cid}}&soi={{soi}}&ts={{ts}}&ad_tags=&click_id=cca11d88-90b2-4473-af27-725479f8a4c9&sub_utm_1={{sub_utm_1}}&sub_utm_2={{sub_utm_2}}&&goo=0

IP / ASN

0.0.0.0

Requested byhttps://6oszwqmr.xyz/cwns/72p1shtbayoc?referer=bflix.sh

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-08

Times Seen5720854

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectkts.cvastico.com

Fingerprint76:43:00:29:CE:A6:FD:0F:74:6C:44:63:DE:72:67:0F:B9:14:94:32

ValidityMon, 07 Oct 2024 03:11:26 GMT - Sun, 05 Jan 2025 03:11:25 GMT

HTTP Headers

GET /in/2669/?subid=2044015014&target_id=0&domain=nodomain&tt={{tt}}&sid={{sid}}&cid={{cid}}&soi={{soi}}&ts={{ts}}&ad_tags=&click_id=cca11d88-90b2-4473-af27-725479f8a4c9&sub_utm_1={{sub_utm_1}}&sub_utm_2={{sub_utm_2}}&&goo=0 HTTP/1.1
Host: kts.cvastico.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kts.cvastico.com/in/885/?subid=2044015014&domain=nodomain&target_id=0
Cookie: 885.0=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache