{"report_id":"b1d5e299-59bd-4374-8039-a5f6655364d8","version":6,"status":"done","tags":[],"date":"2026-01-24T18:42:11Z","url":{"schema":"http","addr":"cineby.bz/movie/639988","fqdn":"cineby.bz","domain":"cineby.bz","tld":"bz"},"ip":{"addr":"172.67.178.58","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"cineby.bz/movie/639988","fqdn":"cineby.bz","domain":"cineby.bz","tld":"bz"},"title":"No Other Choice (2025) | Cineby","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"cineby.bz/movie/639988","fqdn":"cineby.bz","domain":"cineby.bz","tld":"bz"},"ip":{"addr":"172.67.178.58","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-28T18:42:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":18}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"fluentdifferenceselfemployed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"cineby.bz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"soycdn.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2026-01-21T22:18:52.236505Z","alert_count":6,"request_count":2,"received_data":171912,"sent_data":814,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"image.tmdb.org","ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"domain_registered":"2009-09-15","domain_rank":53077,"first_seen":"2021-01-09T06:43:03Z","last_seen":"2026-01-21T17:14:47.562086Z","alert_count":0,"request_count":15,"received_data":433559,"sent_data":6871,"comment":"","tags":null,"fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]},{"fqdn":"fluentdifferenceselfemployed.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-12-30","domain_rank":0,"first_seen":"2025-12-30T23:31:42.710444Z","last_seen":"2026-01-22T23:12:35.569856Z","alert_count":6,"request_count":6,"received_data":207660,"sent_data":5560,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"creative-sb1.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2026-01-21T11:51:50.959581Z","alert_count":12,"request_count":6,"received_data":349008,"sent_data":2894,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"protrafficinspector.com","ip":{"addr":"18.192.16.5","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2026-01-21T11:51:50.493017Z","alert_count":0,"request_count":2,"received_data":836,"sent_data":868,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cineby.bz","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":3,"request_count":3,"received_data":73107,"sent_data":1555,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-01-18T22:14:28.232245Z","alert_count":0,"request_count":2,"received_data":81926,"sent_data":1088,"comment":"","tags":null,"fingerprints":null},{"fqdn":"kettledroopingcontinuation.com","ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":196057,"first_seen":"2025-07-30T15:18:19.355595Z","last_seen":"2026-01-21T11:51:50.651809Z","alert_count":16,"request_count":4,"received_data":2116,"sent_data":2332,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2026-01-21T22:18:51.784474Z","alert_count":6,"request_count":2,"received_data":1060,"sent_data":1522,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2026-01-22T09:25:54.576288Z","alert_count":3,"request_count":1,"received_data":377,"sent_data":412,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"soycdn.lol","ip":{"addr":"104.21.41.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-26","domain_rank":0,"first_seen":"2025-09-28T04:50:37.418447Z","last_seen":"2026-01-22T23:12:35.561968Z","alert_count":1,"request_count":1,"received_data":1783,"sent_data":404,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}]},{"fqdn":"cdn.show-creative1.com","ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":392451,"first_seen":"2024-08-27T12:23:01Z","last_seen":"2026-01-21T11:56:11.960791Z","alert_count":0,"request_count":1,"received_data":2475,"sent_data":486,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-01-18T22:17:29.309663Z","alert_count":0,"request_count":1,"received_data":17441,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"03765143970944a9d2de3313715f9616","sha1":"1c49e5fcf4eebb950ad95bf7902d423149d6901e","sha256":"bd6ac3c186671b44d3bf3055d2ace92da3d8f3403a9326dc15cbe68404e7975c","sha512":"0fa8cbb79931cd950fa23483c4a175b2b66d73eb09d84d2aab37e6a7f00f3355c4b5b3f3d70df47586ed086e2bf0b15c5346acf1d49153c7bc88e181cb1878ab","ssdeep":"384:C7PWDxpe3wNNB+VLicsyFWMtRC3CnTvZdWge6sYlv86GtG5psQeIEAj6mukp6XYH:hq56AurXYCGc9E90cgbi0rBw/InI","tlshash":"5892844418799c54c14a607c11fb9a1237611d139daabbd53f9e88002fcd8bb39bb5bf","size":20516,"data":"","first_seen":"2026-01-17T17:58:20.540805Z","last_seen":"2026-05-09T06:59:32.400174Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cineby.bz/movie/639988","fqdn":"cineby.bz","domain":"cineby.bz","tld":"bz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"39e082e5c95d2c4c13a68664440b5043","sha1":"45ab58a2adc8f938176cea6930856b22922e22d5","sha256":"9408e82d24610c06f7f88b8bf926b0aa044e8bcfecd6d58d232b4f51615d8e82","sha512":"3b9b6a48127a7f59785e0a65f54aab8fe913659f78bb377ff52dd1d7bb20152c8a6f27ddcd6f38b4a9dc151cf0fe6b995bb88e80d79b75a59530da556d529be4","ssdeep":"","tlshash":"93e0ab2998e706384cf63a441039ca3934f838a0aaa3d027525cc82ccd39fc54c00aec","size":424,"data":"","first_seen":"2023-05-21T10:06:22Z","last_seen":"2026-05-20T17:55:02.465961Z","times_seen":477,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"soycdn.lol/share1-1.js","fqdn":"soycdn.lol","domain":"soycdn.lol","tld":"lol"},"ip":{"addr":"104.21.41.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a4c8a7e333fd1eebd66b6c4c7eb635e7","sha1":"5dd56d797d27718133b046f6a3e23996f89fc0b4","sha256":"cc5f6972e64fc35fbcad50bb16a6b48bff2f0b0d1ea895f7536baea3496ca97c","sha512":"7243281c449fd17af6b85d58882e4afe2ac22d9336ca6f867badf7e94f4c7073ebb713adfcf2ddc16b1374c37cad40efc6fb97ca0804276dae0fafdeddc9e4ff","ssdeep":"","tlshash":"f811ef5858d37078192e2022002fe10a71a64a473a19ee813418f2c9ab08ff54e9bdfd","size":1043,"data":"","first_seen":"2026-01-08T14:45:35.809743Z","last_seen":"2026-02-06T12:03:38.869451Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cineby.bz/movie/639988","fqdn":"cineby.bz","domain":"cineby.bz","tld":"bz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6c234a7bd6aff4f4782a616f64b7de08","sha1":"bd22b981d9fba0ff14980dc0cda9ba0cedb9b2bd","sha256":"ca223256a655a8fc201ce89e959331df22401499324cc9ed146867b7d7474517","sha512":"e83ed127374778bf9178b8dcafbecde6310566dd4fa04d1cb63c3505aa3cd6e45c9443f767bf8bffec3f017f8fafbfe838b2cde3ef6704939fbbf8be89dc31d4","ssdeep":"192:tbU3TzC8nRkxYKOCsWyFfBNEcCZaCvgQxUEO:xkP5QcpWyfNEcCZaCvgku","tlshash":"ae02a4f5b8442c370df708fbb099176d793bc100f947918465adc8944767f90b937aaa","size":8685,"data":"","first_seen":"2026-01-24T18:42:16.952564Z","last_seen":"2026-02-22T18:25:47.19291Z","times_seen":19,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fluentdifferenceselfemployed.com/huq/xRIi6nAUrwy6ab/_7YCYsE5DqdS/YzDI18t9/U5r/i2LiHZ/-3l6Vtf4/ni5kUisrWQ8lcfUJW/bBqonNRzVyIQus66DDJ/oiwpbKCpR1idNVL8M17/yzINsObcrHSYV/hL8?v=2025-12-30","fqdn":"fluentdifferenceselfemployed.com","domain":"fluentdifferenceselfemployed.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"de10217fcc32575b87e661b932cf5bf2","sha1":"aad8c9e4a2734480e83dea2178fd50e5d4525e3e","sha256":"ce5fa3b8f6683a1e6751898263087cd0eaede4c6ae3ee425ba66c3be4765d189","sha512":"40cff42596e1ff459042a746263477614b44c76412f46f62cb75a9e54c074056a00cc4d7d4e00f05582cf5100a7f0d04e37b78ce4e119dfce9e4a97b0957ae87","ssdeep":"3072:AiziWVrVzs8WJ6Hy1/YiwZpNRl9NqPIih0902rHDyC0:fJuQi6DVu7","tlshash":"28b3d6883f41f37c02166077133f942ff01f4e425899d648d85af9e9ae6878ed63aa35","size":117779,"data":"","first_seen":"2026-01-24T18:42:16.91781Z","last_seen":"2026-01-24T18:42:16.91781Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-05-21T09:54:42.834421Z","times_seen":16623,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-05-21T09:54:42.834421Z","times_seen":16623,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fluentdifferenceselfemployed.com/f2/d8/f7/f2d8f77afbc58792853a7736c0084b21.js?v=2025-12-30","fqdn":"fluentdifferenceselfemployed.com","domain":"fluentdifferenceselfemployed.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"05b4a53d7df59256ed917fe2339b050d","sha1":"7c3c9406856a862c3364c86d3f2f044bed7fbd2e","sha256":"0f6c929b565ebc770334245fb20b14d8f99ed9da765326d0aefbd1a7bc2464f3","sha512":"2b3fd83a2ffe6b55fe1d8a84ce3ff53a4fff99c243d67d189dede699c33bc4d927bddfb33f1fabc836280f570f6f38217eee8e35a2eef8403cb76128ae38c5bc","ssdeep":"1536:C9yUBg8XFOUGvAVTQsz3WArOwlNyBv77NzxpQ2jFFzi0jIv:C3B91cwpUhxpJzzIv","tlshash":"f47309487f82b15b5352a073627fd047f0256f1261ecd498d123e6a86f6c33af636b98","size":78995,"data":"","first_seen":"2026-01-02T19:03:06.948285Z","last_seen":"2026-01-29T12:40:48.000998Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:48.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:36:36 GMT","end":"Sat, 28 Mar 2026 23:36:35 GMT"},"fingerprint":{"sha1":"0E:EE:1D:ED:80:5A:CA:0C:1E:93:89:94:78:B7:34:91:38:D4:89:51","sha256":"CF:77:1B:FB:04:67:32:02:DF:D9:38:24:27:3D:A5:98:54:0C:4D:BA:C5:1B:62:FD:C1:E1:17:57:6F:63:B3:BF"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:48 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: acda95c88c8dcd7114da5087e478f45d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-05-21T09:54:42.834421Z","times_seen":16623,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w185/j7SUd9Qi8iOxgrQGb3nQyEYcXur.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.239Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w185/j7SUd9Qi8iOxgrQGb3nQyEYcXur.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 4606\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\nlast-modified: Tue, 21 Oct 2025 14:08:03 GMT\r\ncdn-cachedat: 10/21/2025 14:58:14\r\nx-bo-server: LA-290\r\nx-downloadsize: 8697\r\nx-bo-origindownloadtime: 145\r\nx-bo-compressionratio: 47.04%\r\nx-bo-processingtime: 18\r\nx-bo-version: 1.0.26\r\ncdn-proxyver: 1.39\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 860\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 8aa90ede28e6f680bbe8752bb811d66a\r\ncdn-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":4606,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 185x278, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1d0cd614f0af18811dbb36fa1e5f6e2b","sha1":"a10b0dde3e8d5d11759900f155c71fa5c4f57029","sha256":"ced3092967abfd1a3c2fbb9ff0841ac50fbc8c28801758de87634e92edc4176c","sha512":"d01bfa8fc466995882aa8c6b15aa01fb59f843676c71666f01ece8fbafde5f2f68e84d5094501e0a70c58e7de7cdb7b70caaf663ad67eeaff89a9e3af458baf0","ssdeep":"96:XydKghkdab1miKqDGB3ce/BvL7YRbGo/WSvOP18X0PeINGRG8cLAF:SZkdomTB37IRheaOu8eINGREY","tlshash":"3f917d888635ee4a8e1d12b3ca8b5188a1e7674df93e0cae744382f5c08f909f5f4a01","first_seen":"2026-01-24T18:42:16.899899Z","last_seen":"2026-01-25T13:17:07.944317Z","times_seen":2,"resource_available":false,"data":null}},"time_used":330,"timings":{"blocked":109,"dns":50,"connect":23,"send":0,"wait":102,"receive":2,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w185/qnYVMDQW9XBBBAdkUhQtOdrcOm1.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w185/qnYVMDQW9XBBBAdkUhQtOdrcOm1.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 6294\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\netag: \"6806d8aa-1896\"\r\nlast-modified: Mon, 21 Apr 2025 23:45:46 GMT\r\ncdn-cachedat: 09/18/2025 17:55:31\r\ncdn-storageserver: NY-346\r\ncdn-requestpullcode: 200\r\ncdn-fileserver: 915\r\nperma-cache: HIT\r\ncdn-proxyver: 1.34\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 865\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 02222cac9b52f59e2865193fe6c36171\r\ncdn-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":6294,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 185x278, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"70c5d5f5b2734d1e28ef1b9e81dae7bf","sha1":"71f691e3b912f80d966ddf8feff1a11f86c13b3e","sha256":"eda34814ca95478fa072a880a0e9b92240d5a2a949253610db6dc9bcdf766b58","sha512":"886c2fdbf09823ca39f62f12da343c4b57a96aaaa9fa957f741db8b22a9926a38168b9abff0c3cc2e2c0b0708d71f9a03cd0df73a51aada534f0827674bd9bce","ssdeep":"192:bWS2LgDCnrDhKuZJzUxv7GNJFciQuUHih:bWS2kCvozU+7u2ih","tlshash":"f2d19095d17ea359c2e4fcae9dab940343341bf0527c54d0c1d086f4d8899dee7cc085","first_seen":"2026-01-24T18:42:16.904479Z","last_seen":"2026-01-24T18:42:16.904479Z","times_seen":1,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":95,"dns":0,"connect":0,"send":0,"wait":43,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=754af6b4-bbe4-420e-aa78-f8a4b9549807\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=f2d8f77afbc58792853a7736c0084b21\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=18","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:48.592Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 22:13:33 GMT","end":"Sat, 28 Mar 2026 22:13:32 GMT"},"fingerprint":{"sha1":"A3:08:82:4A:9A:ED:6E:4C:29:FC:10:0D:1D:8F:8B:68:0E:D0:49:72","sha256":"B4:01:36:5D:F9:70:75:BF:F6:56:67:76:BB:CC:A2:D3:BA:69:61:33:56:FC:C7:21:69:6E:04:BE:95:D7:B2:F5"}}},"request":{"raw":"GET /pxf.gif?uuid=754af6b4-bbe4-420e-aa78-f8a4b9549807\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=f2d8f77afbc58792853a7736c0084b21\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=18 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:48 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c8ba1b8337ed75ecd6344f04413f2776\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":700,"timings":{"blocked":300,"dns":1,"connect":91,"send":0,"wait":96,"receive":1,"ssl":206},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w185/uGZ9CT9gBg2o6SbkkgqjnsETvuZ.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w185/uGZ9CT9gBg2o6SbkkgqjnsETvuZ.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 4846\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\nlast-modified: Fri, 29 Aug 2025 20:01:15 GMT\r\ncdn-cachedat: 09/18/2025 17:55:31\r\nx-bo-server: LA-295\r\nx-downloadsize: 8874\r\nx-bo-origindownloadtime: 150\r\nx-bo-compressionratio: 45.39%\r\nx-bo-processingtime: 3\r\nx-bo-version: 1.0.26\r\ncdn-proxyver: 1.34\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1333\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: e80b23b4e122459a830cf0570a38d2c0\r\ncdn-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":4846,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 185x277, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d194da8449e9b42602e83c56dbec0a9b","sha1":"9966bafc85ef397634e9c82bf94d5ceff2b8a1b7","sha256":"00200c9a82016ef321e7c700914f102f7c9645a44d8181753ea70be170d2755f","sha512":"067a7aaa806e2cc482e1cb890eba43b83a2e050c3262a7110ed2216a0f956e6194a846d0208e0fb3583dfb03f6d1fdd180c0da738d34befcb3cf74a676221cc0","ssdeep":"96:ErLhEODpJWdiZ2A318G29ipjIR93RhWo8jGonhNZjJMw201eac1gAYus:kLhEg/Mu859Kjw97WoGPhVH20easgAYh","tlshash":"4da16c6e48b5922c9e622a1cda8eab0c6fef0be35c5b79dc10195188a53cc64503b96d","first_seen":"2026-01-24T18:42:16.908483Z","last_seen":"2026-01-24T18:42:16.908483Z","times_seen":1,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":96,"dns":0,"connect":0,"send":0,"wait":103,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w342/7vQUAw3CX60dhzgzC7BQZFN7Y31.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.377Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w342/7vQUAw3CX60dhzgzC7BQZFN7Y31.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 18224\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\nlast-modified: Wed, 05 Nov 2025 05:48:53 GMT\r\ncdn-cachedat: 11/05/2025 07:19:33\r\nx-bo-server: LA-290\r\nx-downloadsize: 32719\r\nx-bo-origindownloadtime: 147\r\nx-bo-compressionratio: 44.3%\r\nx-bo-processingtime: 10\r\nx-bo-version: 1.0.26\r\ncdn-proxyver: 1.39\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1081\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: ad4cf05f412a175f075ca73fa4d2bdd9\r\ncdn-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":18224,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 342x513, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9e4f6d2297b52ee3cd15fff5e7e90ca3","sha1":"925c938100a3e4393e9b6fa93f6ab4aa66c7d67b","sha256":"1018357d0eb5c3ff502f62122448254b55a7a3443f69f6fb12285fe4b939a64c","sha512":"c58472df88b61451348ac4efd67be054872135e0c1a1dfd2ebf2f8d5b2c81f1074455acfc36eec1f8d7e993489df5ab2b34e1c615fb7710203ab691b4f075b9d","ssdeep":"384:KETkovHYpCfmsCajkW1F7Fq426HUB7rayqQbheAXQY/:KEQ2HVesz1F7FK60WQoS9","tlshash":"7982d1222cf3ba08c902775a5dc24a65aac118dfc19d7a6931817d5ec9b23dbf469148","first_seen":"2026-01-24T18:42:16.91069Z","last_seen":"2026-01-24T18:42:16.91069Z","times_seen":1,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":83,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fluentdifferenceselfemployed.com/f2/d8/f7/f2d8f77afbc58792853a7736c0084b21.js?v=2025-12-30","fqdn":"fluentdifferenceselfemployed.com","domain":"fluentdifferenceselfemployed.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fluentdifferenceselfemployed.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 08:48:01 GMT","end":"Mon, 30 Mar 2026 08:48:00 GMT"},"fingerprint":{"sha1":"51:45:C8:DD:BF:62:39:21:9B:7F:44:F8:74:E3:D1:4C:4A:76:9B:49","sha256":"60:C9:BE:32:53:EE:19:A0:03:6E:A3:31:0D:B3:64:EC:75:43:DE:4E:ED:0B:28:5A:EA:81:FE:09:34:0A:B1:E9"}}},"request":{"raw":"GET /f2/d8/f7/f2d8f77afbc58792853a7736c0084b21.js?v=2025-12-30 HTTP/1.1\r\nHost: fluentdifferenceselfemployed.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:47 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 30315\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: fluentdifferenceselfemployed.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c1077e1e08d2b56717e0b933af16ccce\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":78995,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"05b4a53d7df59256ed917fe2339b050d","sha1":"7c3c9406856a862c3364c86d3f2f044bed7fbd2e","sha256":"0f6c929b565ebc770334245fb20b14d8f99ed9da765326d0aefbd1a7bc2464f3","sha512":"2b3fd83a2ffe6b55fe1d8a84ce3ff53a4fff99c243d67d189dede699c33bc4d927bddfb33f1fabc836280f570f6f38217eee8e35a2eef8403cb76128ae38c5bc","ssdeep":"1536:C9yUBg8XFOUGvAVTQsz3WArOwlNyBv77NzxpQ2jFFzi0jIv:C3B91cwpUhxpJzzIv","tlshash":"f47309487f82b15b5352a073627fd047f0256f1261ecd498d123e6a86f6c33af636b98","first_seen":"2026-01-02T19:03:06.948285Z","last_seen":"2026-01-29T12:40:48.000998Z","times_seen":10,"resource_available":true,"data":null}},"time_used":749,"timings":{"blocked":261,"dns":9,"connect":96,"send":0,"wait":99,"receive":93,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"fluentdifferenceselfemployed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/gambling/default/android-btn/8/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.085Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/notifications/gambling/default/android-btn/8/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nOrigin: https://cineby.bz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:49 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 26 Jun 2025 14:09:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o2xWjd7InskVhZYv1wPg2pdFcQSNyYRWgM7JZq%2Bp93n8M5o32XGB245Wm4jg5Tgj%2BIYCq2Ta%2BWFrxfB%2BuYeUw7nSdsueeFHUwvCDD49g\"}]}\r\nage: 13468\r\ncf-cache-status: HIT\r\netag: W/\"685d5496-4bd2\"\r\ncontent-encoding: br\r\ncf-ray: 9c31aaca28fe0afe-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19410,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"2e293e46d5ce0c8ad573bd849c338ebb","sha1":"113c864e5bd86b908d160e30b5f243a58bb995b5","sha256":"8de9dbfaee4ef6c2d9dc5c100e5cc97021bd03f9c882a9d7e65763eb01838d28","sha512":"0dcd3373a45a3efe0865b99857258dfd4c20b5e632c5b9889714617a9c58da1881a404d5e5da26979874c1f3545b6454f0be9cfa1dfcd312c9ae66e6f2ec51fc","ssdeep":"384:Sn5icsyO3uzl55psQeIEAj6mukp6XYCTqd2HdE90cgbhkcgC9i+AQqT/IoGH:n856AurXYCGc9E90cgbi0rBw/InH","tlshash":"1492604458ba9ca4c14a403c21ff6a2237200853ad69bfe53f9e81506f9d87f39b657f","first_seen":"2025-11-15T08:51:44.723004Z","last_seen":"2026-05-20T16:47:58.061878Z","times_seen":529,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":58,"dns":21,"connect":3,"send":0,"wait":18,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fluentdifferenceselfemployed.com/huq/xRIi6nAUrwy6ab/_7YCYsE5DqdS/YzDI18t9/U5r/i2LiHZ/-3l6Vtf4/ni5kUisrWQ8lcfUJW/bBqonNRzVyIQus66DDJ/oiwpbKCpR1idNVL8M17/yzINsObcrHSYV/hL8?v=2025-12-30","fqdn":"fluentdifferenceselfemployed.com","domain":"fluentdifferenceselfemployed.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fluentdifferenceselfemployed.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 08:48:01 GMT","end":"Mon, 30 Mar 2026 08:48:00 GMT"},"fingerprint":{"sha1":"51:45:C8:DD:BF:62:39:21:9B:7F:44:F8:74:E3:D1:4C:4A:76:9B:49","sha256":"60:C9:BE:32:53:EE:19:A0:03:6E:A3:31:0D:B3:64:EC:75:43:DE:4E:ED:0B:28:5A:EA:81:FE:09:34:0A:B1:E9"}}},"request":{"raw":"GET /huq/xRIi6nAUrwy6ab/_7YCYsE5DqdS/YzDI18t9/U5r/i2LiHZ/-3l6Vtf4/ni5kUisrWQ8lcfUJW/bBqonNRzVyIQus66DDJ/oiwpbKCpR1idNVL8M17/yzINsObcrHSYV/hL8?v=2025-12-30 HTTP/1.1\r\nHost: fluentdifferenceselfemployed.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:47 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 44038\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 14\r\nHost: fluentdifferenceselfemployed.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8352bd4527a84b4e5ab85bdef220e6a6\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":117779,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"de10217fcc32575b87e661b932cf5bf2","sha1":"aad8c9e4a2734480e83dea2178fd50e5d4525e3e","sha256":"ce5fa3b8f6683a1e6751898263087cd0eaede4c6ae3ee425ba66c3be4765d189","sha512":"40cff42596e1ff459042a746263477614b44c76412f46f62cb75a9e54c074056a00cc4d7d4e00f05582cf5100a7f0d04e37b78ce4e119dfce9e4a97b0957ae87","ssdeep":"3072:AiziWVrVzs8WJ6Hy1/YiwZpNRl9NqPIih0902rHDyC0:fJuQi6DVu7","tlshash":"28b3d6883f41f37c02166077133f942ff01f4e425899d648d85af9e9ae6878ed63aa35","first_seen":"2026-01-24T18:42:16.91781Z","last_seen":"2026-01-24T18:42:16.91781Z","times_seen":1,"resource_available":true,"data":null}},"time_used":830,"timings":{"blocked":228,"dns":11,"connect":92,"send":0,"wait":121,"receive":188,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"fluentdifferenceselfemployed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"18.192.16.5","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:48.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nOrigin: https://cineby.bz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:48 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://cineby.bz\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=754af6b4-bbe4-420e-aa78-f8a4b9549807:2:1; expires=Tue, 22 Jan 2036 18:41:48 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"2283165519f495ed3c09e92e5286b254","sha1":"fa9c508ebb196a80c05fdab99485a3b1559a1540","sha256":"d2ebdf8e72deddb8b98dfd4a30af7b5d70894cd0006fe79eb8de366c85442c00","sha512":"fa41031f0fba580c7ceb82bbf3d7907beab63cd63b3fdcf388b1eef59815d8b3688447cb4ee970ec6c3d2ed0220dac61e1c66a41a737529feda46cf3a11f1228","ssdeep":"","tlshash":"239004015400541500dc500f143740c77c414c55400c7570fc50577441331015457341","first_seen":"2026-01-24T18:42:16.919639Z","last_seen":"2026-01-24T18:42:16.919639Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cineby.bz/img/favicon.svg","fqdn":"cineby.bz","domain":"cineby.bz","tld":"bz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:48.174Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cineby.bz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 24 Jan 2026 11:59:40 GMT","end":"Fri, 24 Apr 2026 12:58:13 GMT"},"fingerprint":{"sha1":"34:CF:82:20:7B:C1:99:6D:70:23:66:61:2F:46:79:D8:56:92:C0:A6","sha256":"E0:8B:D2:30:BA:C1:AA:64:F5:4D:AC:2E:EF:DA:64:CE:56:56:3E:1A:6F:D5:86:F2:CA:F8:F3:CD:C9:8C:0E:76"}}},"request":{"raw":"GET /img/favicon.svg HTTP/1.1\r\nHost: cineby.bz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/movie/639988\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=754af6b4-bbe4-420e-aa78-f8a4b9549807%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:48 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 452\r\ncache-control: public, max-age=31536000, immutable\r\nexpires: Sun, 24 Jan 2027 15:21:19 GMT\r\nlast-modified: Sat, 24 Jan 2026 10:15:36 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 12028\r\ncf-cache-status: HIT\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Qn2CxIdrH7wpXYnnR3Ibx0bpQ45EkylROo4uLBY58Ir0VUEuxTvsWMQmaEO%2BWZi57QFB5CnSkjm0hG3SbnY4LJNU5S4qezE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9c31aac41abc0b65-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":915,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ae8a6d72dd4fcc9d01be8c32a36dc943","sha1":"f37d7eb5f22163e9cbbcad411202211931485597","sha256":"bfb83ff0273213d8480bda3ad5d46f8fb09ba37a07725d32d7425dc4b348d336","sha512":"928428f26635ed221445d53feccdd0ac373ece2bb8edc6b28033e6fac911c41cf6296aa40d55c3028f7ffc693a4df429adf89d51d814360f479d4bad778f8435","ssdeep":"","tlshash":"8111dcd0774ee078869e4715c67199085b0eb5b322803609956d9efb2a335d8cff9988","first_seen":"2026-01-24T18:42:16.921143Z","last_seen":"2026-03-07T18:42:51.595017Z","times_seen":21,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"cineby.bz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fluentdifferenceselfemployed.com/ren.gif?sid=H4sIAAAAAAAC_1RSPWwcRRidtd1RIEJEB1okCpDi8-zP7d4mRaSIQAM2kKAUNMzs7F6Gm9tZdnb3LkfjYIGgMx3l3js7biIDnSuEzojGElIOUVwRN0g0KZFSozufZPiK70dvNPree9_X4-qcXEPF5h-8r0dSKbbVblH7zXsyE3pg7O27tkNb9IZ9T2aBf8MeLlJRX3c8v0Xfst9N4p7ecqlDqUMd-x1ZJKkebi1RyPxx5LQi2vLdltP2MSz-P5vKgmEWRH1OrkCK2Yt_pZ9AxlNk_R_fTkyv1Pm12_1KsVIXqMXRx1kv04MM_cs2LSyk2dHqNbSZEfL9GnR2tGIAXR8sGIDLGVl75Sl4drRaE7w-vNiUKyQZuHgBg3qKRE0h2RSx3oMUTwgQC2zvIOs_2tbFgD24QNkCnZGN5_9ADmZk4-lVZP3jW0oO7TtaVaXUmcEwbSCHU8juFHl1inJkQQ5OEZdfQorfydbz95D1D3aM0pBi_gZzWCii0N30fdfd9ClNN7nnuJudQHghdcMwoHQpkUynYGYNlbFQSQtVaqHKLfTF3PZpx48d5gVpJOKQ-sz3RcJp1HEpZVEcooofQop9xMUu8mIXPbkPc7-BERZMSVCL5lAo45rmkVCm4s6quqvqNRNddsfsUJfdJCNgxT4K0RzI_HOzh7hcn4xSIyZ6kRgvmwnjohnn5-SlhWSWd7KFXjK3U1d00jBkKY_bnTByO22PhaEXxJR2fO46MLKBNGtgxsJIzsjr3z5DLp8Uv4GzUxh1ilhaYNWrYIMG7H6DUfa41IXSca-lZJ1A6AZ5uYHygTVW5-TlyUd3b_2y9O3T2z8gic9uHp98-Oyr104QFw3yosFn8leCrnr4005eyr4csYWRd0pWJutgckas6z8jljNy9Yu_lzcVHP-JON-FyS__MpqA5xaUJFDJGVkFGG9g_jPzy35svkG3sMDKPWT9BnXRoFYNmNqHqdYnZV6c3fzDWwa4siZcFdYBV4X67oKLkXO77XIv6HSCJA1E6gnP9UTUpknksyjwI7-N0sxkdUX9GwAA___S1IAj9gMAAA==","fqdn":"fluentdifferenceselfemployed.com","domain":"fluentdifferenceselfemployed.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:48.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fluentdifferenceselfemployed.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 08:48:01 GMT","end":"Mon, 30 Mar 2026 08:48:00 GMT"},"fingerprint":{"sha1":"51:45:C8:DD:BF:62:39:21:9B:7F:44:F8:74:E3:D1:4C:4A:76:9B:49","sha256":"60:C9:BE:32:53:EE:19:A0:03:6E:A3:31:0D:B3:64:EC:75:43:DE:4E:ED:0B:28:5A:EA:81:FE:09:34:0A:B1:E9"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSPWwcRRidtd1RIEJEB1okCpDi8-zP7d4mRaSIQAM2kKAUNMzs7F6Gm9tZdnb3LkfjYIGgMx3l3js7biIDnSuEzojGElIOUVwRN0g0KZFSozufZPiK70dvNPree9_X4-qcXEPF5h-8r0dSKbbVblH7zXsyE3pg7O27tkNb9IZ9T2aBf8MeLlJRX3c8v0Xfst9N4p7ecqlDqUMd-x1ZJKkebi1RyPxx5LQi2vLdltP2MSz-P5vKgmEWRH1OrkCK2Yt_pZ9AxlNk_R_fTkyv1Pm12_1KsVIXqMXRx1kv04MM_cs2LSyk2dHqNbSZEfL9GnR2tGIAXR8sGIDLGVl75Sl4drRaE7w-vNiUKyQZuHgBg3qKRE0h2RSx3oMUTwgQC2zvIOs_2tbFgD24QNkCnZGN5_9ADmZk4-lVZP3jW0oO7TtaVaXUmcEwbSCHU8juFHl1inJkQQ5OEZdfQorfydbz95D1D3aM0pBi_gZzWCii0N30fdfd9ClNN7nnuJudQHghdcMwoHQpkUynYGYNlbFQSQtVaqHKLfTF3PZpx48d5gVpJOKQ-sz3RcJp1HEpZVEcooofQop9xMUu8mIXPbkPc7-BERZMSVCL5lAo45rmkVCm4s6quqvqNRNddsfsUJfdJCNgxT4K0RzI_HOzh7hcn4xSIyZ6kRgvmwnjohnn5-SlhWSWd7KFXjK3U1d00jBkKY_bnTByO22PhaEXxJR2fO46MLKBNGtgxsJIzsjr3z5DLp8Uv4GzUxh1ilhaYNWrYIMG7H6DUfa41IXSca-lZJ1A6AZ5uYHygTVW5-TlyUd3b_2y9O3T2z8gic9uHp98-Oyr104QFw3yosFn8leCrnr4005eyr4csYWRd0pWJutgckas6z8jljNy9Yu_lzcVHP-JON-FyS__MpqA5xaUJFDJGVkFGG9g_jPzy35svkG3sMDKPWT9BnXRoFYNmNqHqdYnZV6c3fzDWwa4siZcFdYBV4X67oKLkXO77XIv6HSCJA1E6gnP9UTUpknksyjwI7-N0sxkdUX9GwAA___S1IAj9gMAAA== HTTP/1.1\r\nHost: fluentdifferenceselfemployed.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uid_id2=a1a7d972-4422-400f-b312-86d370277600:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl20166703=1; slecf2d8f77afbc58792853a7736c0084b21=[6309295]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:48 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: fluentdifferenceselfemployed.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3ac620c4264537783212f8ef659e9ff5\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"fluentdifferenceselfemployed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w1280/wPkU44Zirk9RizHGyK54vpd13MT.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w1280/wPkU44Zirk9RizHGyK54vpd13MT.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 265026\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\nlast-modified: Sun, 11 Jan 2026 20:13:16 GMT\r\nx-bo-server: LA-294\r\nx-downloadsize: 518444\r\nx-bo-origindownloadtime: 184\r\nx-bo-compressionratio: 48.88%\r\nx-bo-processingtime: 114\r\nx-bo-version: 1.0.26\r\ncdn-proxyver: 1.43\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 864\r\ncdn-cachedat: 01/11/2026 20:13:16\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 855b2b3fb66c65171fc0ccd70fca1e05\r\ncdn-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":265026,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x720, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"454a6f34daf7edb0434aa35c4a09274a","sha1":"ce516fe83cb11a65e31084a3e0a3faa845f4487a","sha256":"22c3894e33f7e505255d00029fcef301ecbbfc2edaab781211b0befee0a403df","sha512":"304b47c24b1ca5ebe88d1ec79320d79de9c0e9ab48fc5e6b3bc4663252c86706bc865c0294bb54dbec49f16692823259796aa09fe432d6597b6e7323d1713dfc","ssdeep":"6144:8iRSH6uMfPD+605Fu6LGtzMs/nLrh34aLwxJEMvC5+ffBPVGG:8iRSHmq605Fu6LszM6ZnExJEcffBPUG","tlshash":"8e44231541da4e580b044ca741bd7eb6a4026d9fecb01afe8b15c12eeff2ee6022c5dc","first_seen":"2026-01-24T18:42:16.922503Z","last_seen":"2026-01-24T18:42:16.922503Z","times_seen":1,"resource_available":false,"data":null}},"time_used":360,"timings":{"blocked":111,"dns":48,"connect":22,"send":0,"wait":52,"receive":83,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w185/s2SSzvlsSfCPP5EXhCoWUr8970F.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w185/s2SSzvlsSfCPP5EXhCoWUr8970F.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 4840\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\netag: \"67fe335d-12e8\"\r\nlast-modified: Tue, 15 Apr 2025 10:22:21 GMT\r\ncdn-storageserver: NY-346\r\ncdn-requestpullsuccess: True\r\ncdn-fileserver: 266\r\nperma-cache: HIT\r\ncdn-proxyver: 1.23\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 04/15/2025 16:51:46\r\ncdn-edgestorageid: 1053\r\ncdn-requestid: a19089dba20602374c75ddac51639612\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":4840,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 185x278, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a8b95c12df16e396e26a0890a4b35aff","sha1":"ec55d16bc98f8431e976b710be74be931828ebe3","sha256":"b08fdeb3c0b681a66a5a77c541f5f1069a05d77c96c324aee806dfdc8da2f697","sha512":"00b0bf9a4ab7149f567852080bd144e5fe189bba8c5ade156d7b0a5cb1b0959ccb161b06de3cc9c26f08a288c5559d38de190f3b8364e143200680371f0bd82f","ssdeep":"96:lX5CscyfC+Kfrgn9O+oFzVtWreuiwjPuvETA7DEocDSgrc+Nj9qbHxvQrQxhE9U:U+KCAdFJtEeuiuG/MhD1pNcrxv/EK","tlshash":"dea19d11290592a22cad28a7a4cf8a907ff946821cd54ac9c477bcfdb4219d613cbd4b","first_seen":"2026-01-24T18:42:16.924489Z","last_seen":"2026-01-24T18:42:16.924489Z","times_seen":1,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":121,"dns":51,"connect":23,"send":0,"wait":88,"receive":2,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w185/xZxVHnbDdNxF6J8UhwBTkJGNKWx.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.247Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w185/xZxVHnbDdNxF6J8UhwBTkJGNKWx.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 4020\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\netag: \"67ee7db4-fb4\"\r\nlast-modified: Thu, 03 Apr 2025 12:23:16 GMT\r\ncdn-storageserver: NY-703\r\ncdn-requestpullsuccess: True\r\ncdn-fileserver: 912\r\nperma-cache: HIT\r\ncdn-proxyver: 1.23\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 04/26/2025 10:28:47\r\ncdn-edgestorageid: 1053\r\ncdn-requestid: d9756043329312a710aa24dc458cf014\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":4020,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 185x278, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"cf7ec6596a7902e719ac537b9a2c6911","sha1":"db461f1337abc90507a4223ec877f907b1866d79","sha256":"10a652cdb55874a02d16fbebbc2c4775ad7420930b221906211f88db3a382415","sha512":"4bb33cc051255ba1d41930786cbf59b032493692a0953c625a83bce75f03bedfd5d572388056218759b6f82881586bd6f5fe9844c1d38d3ef52a83bd96b5d9d1","ssdeep":"","tlshash":"0b819f97aeb25e4e4e1002e894bbc18e0f6f51ac4c5491dab091e6d10e7cf4224d41fd","first_seen":"2026-01-24T18:42:16.925902Z","last_seen":"2026-01-24T18:42:16.925902Z","times_seen":1,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":-1,"dns":47,"connect":22,"send":0,"wait":105,"receive":21,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w185/zT9SINDaQylXoRTWMb9OdBjLjLt.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w185/zT9SINDaQylXoRTWMb9OdBjLjLt.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 6710\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\netag: \"6803139b-1a36\"\r\nlast-modified: Sat, 19 Apr 2025 03:08:11 GMT\r\ncdn-storageserver: NY-753\r\ncdn-requestpullsuccess: True\r\ncdn-fileserver: 859\r\nperma-cache: HIT\r\ncdn-proxyver: 1.33\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 08/10/2025 08:50:23\r\ncdn-edgestorageid: 1333\r\ncdn-requestid: ebdf54fb0b431bbf75b4eafded31b14b\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":6710,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 185x278, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"4113ad65c9967095c811a110402c22f8","sha1":"992d45f895393e20b9807fa8bb58c48a593bf460","sha256":"beaf9c900a515385315ccc2540741e4440c0a527af431626bbc8c91b68e5c0db","sha512":"3a568c4a0e68bd2d859b339a15beb4020b785622a0b4cf2a9bcc1467b75045c94663df559ba022438ca639b2491996146ca6b0d70043c9ff13b10daeec5cac89","ssdeep":"192:gksaonsRckcv/Fww29QtQkU7lLGFyjldmY7d5EcysfUrcl:gksa7ckMwwok4cFyjlD7deJsfUQl","tlshash":"b7d18da6700627265bcd84ace8b44d60e04c611d201adefef4e3bb465aabe4398e08d5","first_seen":"2026-01-24T18:42:16.927491Z","last_seen":"2026-01-24T18:42:16.927491Z","times_seen":1,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":97,"dns":0,"connect":0,"send":0,"wait":35,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:48.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:51:40 GMT","end":"Sun, 29 Mar 2026 00:51:39 GMT"},"fingerprint":{"sha1":"F3:CE:FF:C9:F8:70:23:18:40:13:70:96:1A:D1:FD:34:D3:CD:66:FC","sha256":"07:8C:A3:3F:1D:F1:E0:75:3D:26:20:F5:D5:75:64:CE:F7:40:6E:B7:BB:B9:EC:79:33:27:5F:51:2E:B0:12:E7"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 76391013a3f5ef14895a5741a8232e35\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":61,"dns":1,"connect":18,"send":0,"wait":21,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/gambling/default/android-btn/8/img/bonus-stars-6593305-5446274.mp4","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.292Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/notifications/gambling/default/android-btn/8/img/bonus-stars-6593305-5446274.mp4 HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\ndate: Sat, 24 Jan 2026 18:41:49 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 34238\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 13:33:32 GMT\r\npriority: u=4,i=?0\r\netag: \"67e15f2c-85be\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nage: 905966\r\ncontent-range: bytes 0-34237/34238\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HuljlNFCH1rbXVz%2FK0IIXmZZYqsffTahzXWwtgX0LJIH4JgYEgG%2B3mky8rUXsg6oNn81zjkF92YEX%2FWZataHYR6lnAipDoODiL%2BjW1%2BX\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c31aacb0a5f56c3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":34238,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"69e52ff16a779d8ab66a1156cc50ab23","sha1":"27f8897a2acc3bcfd319c267d137aaa4650fb3c5","sha256":"2048e8325f6d17e0fefb2226c4191a9e300c562f2bc46543ac616d49ff971d61","sha512":"48354c49b4c46ff3814bcefdfcc3cfee5f9857744d691da7c2b7606214ea78141b871a7b03e457a1209e98d69d02c76d009fa790b21940fb5fa97c128242153a","ssdeep":"768:XOt8wYGdX7X96m1fk55VIkpiLa1zdxttBoLdiQdApOM:+tHd55fk5skpiLa1zd7joLwQ4OM","tlshash":"bff2f181c388041adf34e271e4c26382af66ee37918753bbf96c1e2c9d459d60ca66dd","first_seen":"2024-05-02T15:55:45Z","last_seen":"2026-05-20T16:47:58.062918Z","times_seen":1064,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:29 GMT","end":"Mon, 23 Mar 2026 19:52:28 GMT"},"fingerprint":{"sha1":"D2:3B:6C:71:A7:BD:CB:B5:56:D1:90:EE:91:17:19:0F:24:02:E5:93","sha256":"DE:C3:87:EA:0D:EF:DF:B6:5C:9C:CE:F8:48:EB:2C:CE:06:FC:22:FD:3A:57:71:FF:23:81:1F:16:8F:67:66:B6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://cineby.bz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 20 Jan 2026 23:52:35 GMT\r\nexpires: Wed, 20 Jan 2027 23:52:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 326954\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-05-21T17:23:14.965877Z","times_seen":841154,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":83,"dns":3,"connect":15,"send":0,"wait":17,"receive":19,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w342/7uTymGOa8kHPf0tJkJY2o0HUrIU.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w342/7uTymGOa8kHPf0tJkJY2o0HUrIU.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 6654\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\netag: \"67f0e20c-19fe\"\r\nlast-modified: Sat, 05 Apr 2025 07:55:56 GMT\r\ncdn-storageserver: NY-346\r\ncdn-requestpullcode: 200\r\ncdn-fileserver: 859\r\nperma-cache: HIT\r\ncdn-proxyver: 1.40\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1075\r\ncdn-cachedat: 11/14/2025 08:02:56\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: f86b5ffaa35d3d7ae815f6573316da1c\r\ncdn-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":6654,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 342x513, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"85af0b5869564fa117eecef125e96c82","sha1":"8b09d7616c9d86658614d14d96942458a21b409c","sha256":"242c07f39f7d68ea9ed141b7f223581d72e9a1594abd529b159ffc5f98dc71a3","sha512":"5e39883e7e31640b5031fc79d062ceca14cd1490d3a7ab0f86ec845db8421dfcd406f4a3b401b9bdb39a2762e89e028d9815147c854749e529b0424f051b22fc","ssdeep":"192:SeVaFJIf6/Pcr3a5Bn9BsXAOUfMt/T2FTYytNpNCB:3ckrG9BsXUUtPytNP2","tlshash":"7ad18d658e76112e870b7fa8fb584ad00261ad0d43f242b66857189bf5f43da0aac09c","first_seen":"2026-01-24T18:42:16.930853Z","last_seen":"2026-01-24T18:42:16.930853Z","times_seen":1,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cineby.bz/img/apple-touch-icon.png","fqdn":"cineby.bz","domain":"cineby.bz","tld":"bz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:48.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cineby.bz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 24 Jan 2026 11:59:40 GMT","end":"Fri, 24 Apr 2026 12:58:13 GMT"},"fingerprint":{"sha1":"34:CF:82:20:7B:C1:99:6D:70:23:66:61:2F:46:79:D8:56:92:C0:A6","sha256":"E0:8B:D2:30:BA:C1:AA:64:F5:4D:AC:2E:EF:DA:64:CE:56:56:3E:1A:6F:D5:86:F2:CA:F8:F3:CD:C9:8C:0E:76"}}},"request":{"raw":"GET /img/apple-touch-icon.png HTTP/1.1\r\nHost: cineby.bz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/movie/639988\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=754af6b4-bbe4-420e-aa78-f8a4b9549807%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 8932\r\ncache-control: public, max-age=31536000, immutable\r\nexpires: Sun, 24 Jan 2027 15:21:19 GMT\r\nlast-modified: Sat, 24 Jan 2026 10:15:12 GMT\r\naccept-ranges: bytes\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\nvary: User-Agent, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\nage: 12028\r\ncf-cache-status: HIT\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CYL%2B562Av1QcbqKNeWpgAvztsJ3WGLZx5j9QYSDeYqsjctCJxIWnOVVCXhgZRsMKHg%2B%2F6bvaliwWwTfbH7RcMTe%2BS5iq2kU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9c31aac41abb0b65-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":8932,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"82c8fb8c20792edbc4e29375bccf5699","sha1":"67cd663b84c449d5e640ee1c20f4a73d731d4eb8","sha256":"4a41039c71db94c5e0f5282806fa0ca422713f59e6ed97c6f16a715121589546","sha512":"ddce2ebd43e17c2e51a44bc8bbef747ca10d2004411a86deb19c45a4f81f727ee3e342f38faf1857d603116ca766a0bebdea3b2e78836b5019b095e161efeef6","ssdeep":"96:SS+hZwbHqTh8pJDmFoMPV7aQpsFtme7tfRf2Sh47clC8LH67dB4doazloGI9npX7:S7PSH+SpJmVOMWBZXnCGzCn595XIOAc","tlshash":"dd02bf1fd36c02f3d5b8c921018392e8aedc7b58591625e38006acd9c957dae39debc7","first_seen":"2026-01-24T18:42:16.931999Z","last_seen":"2026-03-07T18:42:51.596356Z","times_seen":21,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"cineby.bz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cineby.bz/movie/639988","fqdn":"cineby.bz","domain":"cineby.bz","tld":"bz"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-24T18:41:46.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cineby.bz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 24 Jan 2026 11:59:40 GMT","end":"Fri, 24 Apr 2026 12:58:13 GMT"},"fingerprint":{"sha1":"34:CF:82:20:7B:C1:99:6D:70:23:66:61:2F:46:79:D8:56:92:C0:A6","sha256":"E0:8B:D2:30:BA:C1:AA:64:F5:4D:AC:2E:EF:DA:64:CE:56:56:3E:1A:6F:D5:86:F2:CA:F8:F3:CD:C9:8C:0E:76"}}},"request":{"raw":"GET /movie/639988 HTTP/1.1\r\nHost: cineby.bz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:46 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\nvary: Accept-Encoding,User-Agent\r\nlink: \u003chttps://image.tmdb.org\u003e; rel=preconnect; crossorigin, \u003chttps://fonts.googleapis.com\u003e; rel=preconnect, \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\ncache-control: public, max-age=300, stale-while-revalidate=86400\r\nexpires: Sat, 24 Jan 2026 18:41:48 GMT\r\nlast-modified: Sat, 24 Jan 2026 18:41:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-cache: HIT\r\nx-cache-age: 298\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gWYfTkRzENF0v7ZnYTC0dW%2BS4AUfeOEOggaL7BOVTpV9Sqrea8ZnhtGdIZHn0%2Bm0YF65vWXGD75TG%2BmAdoQMQflC%2FECMmGA%3D\"}]}\r\npermissions-policy: geolocation=(), microphone=(), camera=()\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9c31aabbdf4b56a9-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":60124,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5659)","md5":"8f8915dca280be63831816488bd6c4e4","sha1":"bb188a5371f3493cfbd6e48f82ae5bd8c6787ce5","sha256":"65f17d01eea13c148b3badcb4a5c42d653ee567a26e8e9f159adce57957be382","sha512":"3b07c14117b98750142e03c02173ca063ceb8fee7ed1cc53b09b3cbb30b1f9da9263f304e71e37a2790c60a0b5ec64f3265ce1397ed94a402d619da8195f1451","ssdeep":"768:sGsYp4cKKgL2oyzvU47tcQ+r6j+uBjnD0A3sp+RC94tdq+w3oag4P4RlEyfNSRe:QiM47txhD0A3sh9Gq+w3oag4Qlj/","tlshash":"7a430ab2a600103e64b7c1e6f56477ad703aa01afa0b054cf5df52a19bc7fd7983269c","first_seen":"2026-01-24T18:42:16.933082Z","last_seen":"2026-01-24T18:42:16.933082Z","times_seen":1,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":27,"dns":4,"connect":1,"send":0,"wait":74,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"cineby.bz","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"soycdn.lol/share1-1.js","fqdn":"soycdn.lol","domain":"soycdn.lol","tld":"lol"},"ip":{"addr":"104.21.41.56","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.235Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"soycdn.lol","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 22 Jan 2026 07:27:27 GMT","end":"Wed, 22 Apr 2026 08:26:09 GMT"},"fingerprint":{"sha1":"A7:BF:36:27:B2:A9:7C:F0:64:CE:1F:24:5E:18:8C:DC:37:B6:C6:3A","sha256":"BB:24:9C:00:14:2E:10:16:6C:2C:45:46:40:DE:8F:4B:30:2E:CE:7B:49:76:E7:F6:9A:FA:9E:F8:66:CA:25:9B"}}},"request":{"raw":"GET /share1-1.js HTTP/1.1\r\nHost: soycdn.lol\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 498\r\nlast-modified: Tue, 30 Dec 2025 18:32:07 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-turbo-charged-by: LiteSpeed\r\netag: \r\nage: 3486\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HzlPHWC6WLCbxYpXy1uxzArChlODr3si8a%2FPAdqRz9Q387SmPKrK8poLxH%2FBCrZ%2F2R3TJE0mY4UHe%2F2hcs8vb80WdPZuzhqq\"}]}\r\ncf-ray: 9c31aabe78be56a2-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":1043,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"a4c8a7e333fd1eebd66b6c4c7eb635e7","sha1":"5dd56d797d27718133b046f6a3e23996f89fc0b4","sha256":"cc5f6972e64fc35fbcad50bb16a6b48bff2f0b0d1ea895f7536baea3496ca97c","sha512":"7243281c449fd17af6b85d58882e4afe2ac22d9336ca6f867badf7e94f4c7073ebb713adfcf2ddc16b1374c37cad40efc6fb97ca0804276dae0fafdeddc9e4ff","ssdeep":"","tlshash":"f811ef5858d37078192e2022002fe10a71a64a473a19ee813418f2c9ab08ff54e9bdfd","first_seen":"2026-01-08T14:45:35.809743Z","last_seen":"2026-02-06T12:03:38.869451Z","times_seen":15,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":34,"dns":20,"connect":1,"send":0,"wait":9,"receive":1,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"soycdn.lol","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w185/njczzJJnugd9y7p5CF3XW7dcyYK.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.240Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w185/njczzJJnugd9y7p5CF3XW7dcyYK.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 6838\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\netag: \"67f6820b-1ab6\"\r\nlast-modified: Wed, 09 Apr 2025 14:19:55 GMT\r\ncdn-storageserver: NY-703\r\ncdn-requestpullsuccess: True\r\ncdn-fileserver: 914\r\nperma-cache: HIT\r\ncdn-proxyver: 1.27\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 05/18/2025 20:48:26\r\ncdn-edgestorageid: 1047\r\ncdn-requestid: d5e064835a33a80b1b1851222fc59f61\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":6838,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 185x278, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"21ff0d1a51f252a4f2b5427b26a7a268","sha1":"39bb747dae83c6c42ebba0163516cc8cc3451dfc","sha256":"64bda3c412baeec2a7db9631f67b473ea492ad5365ad50853286709897138a8b","sha512":"d018518b7d9c3257782cc8f7776a49a7caf7486f7a49b118aeafb7d7361a48f650350cbb77ea6e42582455a06b03b49beb5378511047453f1b90451aaffb0b76","ssdeep":"96:QuOMCckf/TPXPGrjALOP3cK+atsqSjo8HR1FLkisWmXgDX4E0KfW3Y5vNsQ0L4wb:zHcTPXcj0a3ztio8oPI+AvNsHPf0PDw","tlshash":"09e19ecbae4edb71d35c2865ec46256b8044f3e67b08d8295352e7e01c30b3b09934ab","first_seen":"2026-01-24T18:42:16.934568Z","last_seen":"2026-01-24T18:42:16.934568Z","times_seen":1,"resource_available":false,"data":null}},"time_used":335,"timings":{"blocked":113,"dns":50,"connect":23,"send":0,"wait":98,"receive":2,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w185/25NytLwnf40D5Yd8MAYnvhar405.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w185/25NytLwnf40D5Yd8MAYnvhar405.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 7588\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\netag: \"67fb883f-1da4\"\r\nlast-modified: Sun, 13 Apr 2025 09:47:43 GMT\r\ncdn-fileserver: 354, 991\r\ncdn-storagebalancer: NY-703\r\ncdn-storageserver: DE-51\r\ncdn-requestpullsuccess: True\r\nperma-cache: HIT\r\ncdn-proxyver: 1.33\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 08/01/2025 16:17:51\r\ncdn-edgestorageid: 1079\r\ncdn-requestid: 186262096c778003635541136a6ab420\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":7588,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 185x278, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"6f6ba995eb63b0b1e8705e18d9fbb9b8","sha1":"1391fd5387a89c86af8e222a976c14c5d30fdaf7","sha256":"6226e6bd78fc2b67b55e0b46b1258c0d7bd7dd0419e1a5ff35f559042c2ff431","sha512":"419c11b34674c1b2d290e70bddf40f62806ac5550c73a1ba195f1ea6a2de6de9ae411519e62baa252f0af085cffa948a1d84c02ab35ed2193ee9ce992d3f3351","ssdeep":"96:pdoSNglDX8SA4Gll8f2GCu2+2JFI7W0vgENwOPqhKJ5lgona1gm0EG6YSb4smcT0:4YAk8f28iI7W8wBIlnCg3EzwAmjNd","tlshash":"77f19ff18d56a0185d0d7af1acd5836e284adf9c8b1a5c594c810c4d23ea6cf925b136","first_seen":"2025-12-15T18:37:12.550967Z","last_seen":"2026-01-24T18:42:16.936325Z","times_seen":2,"resource_available":false,"data":null}},"time_used":378,"timings":{"blocked":151,"dns":52,"connect":25,"send":0,"wait":55,"receive":1,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w342/yTSLzDuCiyBmdaS6834gtQ1BcB2.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w342/yTSLzDuCiyBmdaS6834gtQ1BcB2.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 25358\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\netag: \"67f23c05-630e\"\r\nlast-modified: Sun, 06 Apr 2025 08:32:05 GMT\r\ncdn-storageserver: NY-703\r\ncdn-requestpullsuccess: True\r\ncdn-fileserver: 839\r\nperma-cache: HIT\r\ncdn-proxyver: 1.30\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 06/18/2025 22:16:51\r\ncdn-edgestorageid: 1049\r\ncdn-requestid: 66d2ee337e4c7f8adfbbc8b7d53a149c\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":25358,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 342x513, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"90da6e1f22b61bc6b6c483ede3b2f334","sha1":"d862636590ffa89b64e4acef5dc44690b4c2b739","sha256":"c862483447452cd427841cbd27b9514d7675712f09ecd03607a95650511c17c2","sha512":"f9b079b8bb2d3a76982355600e3bccd2ff9e89e37af74d3f40b1a72a4cfe728f77179c87d3459b88561598e15200de0e19d1ec378d7ee8b0561f050c5a4cdb01","ssdeep":"384:nxy9zQB/K2XPG1PwvTT6K/mK/KG+9xxT3svbFDyQdnjWa8GnkledW6XQyDxfWR0w:MhEpXPGNa/gxR3sv5+QxP9HgyDdQ01G","tlshash":"fab2e16e3a998acc1cf35bab900ecd75551156382288017d7ecf728ab3fa67b60084b5","first_seen":"2026-01-24T18:42:16.937763Z","last_seen":"2026-01-24T18:42:16.937763Z","times_seen":1,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":71,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w342/g4JtvGlQO7DByTI6frUobqvSL3R.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.379Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w342/g4JtvGlQO7DByTI6frUobqvSL3R.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 29678\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\nlast-modified: Fri, 07 Nov 2025 08:55:15 GMT\r\nx-bo-server: LA-294\r\nx-downloadsize: 41630\r\nx-bo-origindownloadtime: 152\r\nx-bo-compressionratio: 28.71%\r\nx-bo-processingtime: 11\r\nx-bo-version: 1.0.26\r\ncdn-proxyver: 1.40\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1081\r\ncdn-cachedat: 11/08/2025 11:47:13\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: a8eeca782cb5ec6922e843d5f0ddc5d9\r\ncdn-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":29678,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 342x513, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"31074c451db2fdf5288b438e29c2b22b","sha1":"2ea05a954c1df2904fd2ffdfddd2b3aeb9d81104","sha256":"b6c388b22686396f10507fd6df182c49a6e120784243095a2afab4f10f23db54","sha512":"fa8c815b5c79ec256bda3e3ce609d54e7d4b96216f0870b61481d9b89040999f942c71a40d0cd51b435aeb7355c58aee7b71f4e0c3da63edf3fd847c0a24b5c4","ssdeep":"768:3iaHO39TUncB6qbdBtIvyDxo4zfG2Qr3sBMczvXXiHr:3Fut4ncBVbdQy1es+gXXUr","tlshash":"88d2f1fe5680e955bc0ebf75cb92f84540a7202812bb747c0b8de97a7d2c177e82e081","first_seen":"2025-11-14T12:08:38.168964Z","last_seen":"2026-03-16T12:25:18.915751Z","times_seen":19,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:36:36 GMT","end":"Sat, 28 Mar 2026 23:36:35 GMT"},"fingerprint":{"sha1":"0E:EE:1D:ED:80:5A:CA:0C:1E:93:89:94:78:B7:34:91:38:D4:89:51","sha256":"CF:77:1B:FB:04:67:32:02:DF:D9:38:24:27:3D:A5:98:54:0C:4D:BA:C5:1B:62:FD:C1:E1:17:57:6F:63:B3:BF"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:48 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9bf06c6c2d39f792edade0bb467b5403\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-05-21T09:54:42.834421Z","times_seen":16623,"resource_available":true,"data":null}},"time_used":182,"timings":{"blocked":72,"dns":2,"connect":22,"send":0,"wait":19,"receive":18,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-creative1.com/sb/notifications/gambling/default/android-btn/8/index.html","fqdn":"cdn.show-creative1.com","domain":"show-creative1.com","tld":"com"},"ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:48.807Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-creative1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Dec 2025 21:44:28 GMT","end":"Thu, 05 Mar 2026 22:42:58 GMT"},"fingerprint":{"sha1":"32:E8:D3:D8:57:3D:77:06:14:B5:AE:66:6B:E6:23:35:25:11:2C:25","sha256":"65:65:A6:2D:1D:7A:E9:EF:3F:02:AB:E8:2B:83:22:39:7B:1B:99:BB:3D:AE:E4:D2:5F:AB:C5:32:3B:21:23:C3"}}},"request":{"raw":"GET /sb/notifications/gambling/default/android-btn/8/index.html HTTP/1.1\r\nHost: cdn.show-creative1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nOrigin: https://cineby.bz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:48 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 26 Jun 2025 14:09:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xpHrtcaTWaXwQMGF%2B3wdE0zh3OwQ5C9OVv6x4rO2t%2BDDlJ4LTg115Rc2JtoXom0Odo1quy7reBEDc0YHBSVx2eDtK257yWmGDBVKjzwB6tr8F8nKtDA%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9c31aac85c6335a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1723,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"8d71fb05b1a4bc935b51de5b7c5280e8","sha1":"87282a87c2d197c67228796f831b6ff5e9426f75","sha256":"8c86df4bae7b3084b29c80e50cafa681ffbcd2f4858fc1e22ef45b215e90e01c","sha512":"b9db0f67ec80cd704dc22e9e384f963b61ee82c8f2ed79f4bb85b043317560445e1c3a172f69467777dcd8b2f9be251feab87ac1aa2287d857b90b7cfa6ffd51","ssdeep":"","tlshash":"e931c0a62dec807311ca52d5ba71bf5aac93e90b482f740177fdc4988be5d85cb53103","first_seen":"2025-11-15T08:51:44.790932Z","last_seen":"2026-05-20T16:47:58.103586Z","times_seen":555,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":40,"dns":20,"connect":1,"send":0,"wait":122,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Findex.html\u0026l=1723\u0026fd=173","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 21:42:11 GMT","end":"Wed, 25 Mar 2026 21:42:10 GMT"},"fingerprint":{"sha1":"DD:BF:7F:13:B7:AA:5E:41:65:09:9E:F1:FE:42:C4:9A:00:0B:F4:E6","sha256":"FE:3B:B4:EE:8B:60:30:E2:9F:CB:E9:E2:06:C0:A4:2E:FF:35:D3:22:85:14:1C:B8:13:CD:72:FB:EA:5C:E9:98"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Findex.html\u0026l=1723\u0026fd=173 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:49 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":711,"timings":{"blocked":296,"dns":14,"connect":93,"send":0,"wait":116,"receive":1,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/gambling/default/android-btn/8/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/notifications/gambling/default/android-btn/8/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nOrigin: https://cineby.bz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:49 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 26 Jun 2025 14:09:25 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"685d5495-1335d\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 13468\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RUYBAFev8zhA8naMvfW0Yo3WcWIpd1b1LB%2BILNq2gdXXlAD0dxGyHYJxT9UqVmDJvitWpCDBuFMtk5d88xdhL4UfdRF%2BnXlhRyaHNIo%2B\"}]}\r\ncf-ray: 9c31aaca39070afe-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78685,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"c0115123a320eb6a15bb4b1b20a6e456","sha1":"114a5de895f5d2c32c182161555a67618f2e99e2","sha256":"410d28edc20455477140c86791ba76812f7a57006c65d0e560940fe0478f8c73","sha512":"e1014c584c47e5563edc3c6f1de1e0a1aecaa71b61d630fc2094feb735e963080efcf3ffc271af554550f23ce0d28fdff034002ec4f7adcf9c1653033fb47c07","ssdeep":"384:+881dghu3uFlZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:+T1dghu3uhu7uNKwZiMUL6Vpaj7F","tlshash":"2c731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2025-11-15T08:51:44.79774Z","last_seen":"2026-05-20T16:47:58.030373Z","times_seen":529,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":65,"dns":22,"connect":1,"send":0,"wait":11,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:30 GMT","end":"Mon, 23 Mar 2026 19:52:29 GMT"},"fingerprint":{"sha1":"86:D6:34:52:EB:68:D5:4F:25:44:58:CF:88:1B:C8:55:D6:9A:23:A7","sha256":"4D:67:BD:08:81:96:64:4A:7A:02:51:95:46:0E:60:D7:FA:5D:84:3F:53:29:E5:C8:84:87:AC:12:B6:97:C2:8E"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 24 Jan 2026 18:41:49 GMT\r\ndate: Sat, 24 Jan 2026 18:41:49 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"1f04e9e49d52374a409de4887e47180d","sha1":"8fee2f920567a574448d1aa6565c95951b68f9b5","sha256":"10cf0680b9dc5b310d265479bcebc5b380474bf2e8da9361cf8be458d183994e","sha512":"5fde8f721343e9c6254229e791ed64d6b47f28fad7690f7c83fa8c29e3112d0974f65ae0c63f09acd3e026dcb56c4de3fe0ffe37c464eb326b0495aa6c03b31c","ssdeep":"384:pKf5KgKPKrKyUK/qY4+K4KYKpKfMK1KWK6KyhK/qY4XKNKtK4KfdKkKDK3KyQK/9:pCJmwBUiRDfMTcfFBhiEymdmtC0BQiVb","tlshash":"df7210a1041750009b834ce223cebf35fe1f52117152d0b5abfdab6b9dcbc66526939d","first_seen":"2025-11-19T00:20:32.486705Z","last_seen":"2026-04-15T20:27:38.048842Z","times_seen":6026,"resource_available":false,"data":null}},"time_used":463,"timings":{"blocked":214,"dns":0,"connect":14,"send":0,"wait":35,"receive":0,"ssl":195},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/gambling/default/android-btn/8/img/close.svg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/notifications/gambling/default/android-btn/8/img/close.svg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:49 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 13:33:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vLJf1TiKbtpko8tWWeZ9F3jhr0IRz%2FLbdOOpD6DiJuDYA6qWmxzA57h3NJ%2Bu4hpmCbOKPvw%2Frs%2BKFZi6jO4h02wnkBQuy%2Be4wCzs4uMx\"}]}\r\nage: 490591\r\ncf-cache-status: HIT\r\netag: W/\"67e15f2d-4ff\"\r\ncontent-encoding: br\r\ncf-ray: 9c31aaca39080afe-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1279,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b3011bde2653e373d1150594a8bbd06d","sha1":"e47948cdb4d6ecf6257106805e690e3bf0211317","sha256":"6499ec40e3f2ac55bf1b5c9a2dbbc212adb74114645bccac0373074f98ef8a01","sha512":"068957d81c2ca296e44c3bbfb20bc6572d79b4e4e848cb98c84bb119cb7350633a9c32d250999216e75ce05c99bac9050aa4fc1c77a359cd40f5d8d6ab25dd25","ssdeep":"","tlshash":"ee21dbcc858f223ef324ff618973166067a423f6bb19c5bcb199a8157e1cb910c48e14","first_seen":"2024-05-03T00:07:48Z","last_seen":"2026-05-20T18:02:49.277696Z","times_seen":1674,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fjs%2Fscript.js\u0026l=16469\u0026fd=128","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.298Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 21:42:11 GMT","end":"Wed, 25 Mar 2026 21:42:10 GMT"},"fingerprint":{"sha1":"DD:BF:7F:13:B7:AA:5E:41:65:09:9E:F1:FE:42:C4:9A:00:0B:F4:E6","sha256":"FE:3B:B4:EE:8B:60:30:E2:9F:CB:E9:E2:06:C0:A4:2E:FF:35:D3:22:85:14:1C:B8:13:CD:72:FB:EA:5C:E9:98"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fjs%2Fscript.js\u0026l=16469\u0026fd=128 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:49 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":717,"timings":{"blocked":299,"dns":3,"connect":97,"send":0,"wait":112,"receive":0,"ssl":197},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w342/fnHC1OJ1EbdOX97nmXVYrXFgiQT.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.382Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w342/fnHC1OJ1EbdOX97nmXVYrXFgiQT.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 16448\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\nlast-modified: Wed, 02 Apr 2025 09:58:05 GMT\r\nperma-cache: MISS\r\nx-bo-server: LA-295\r\nx-downloadsize: 25931\r\nx-bo-origindownloadtime: 293\r\nx-bo-compressionratio: 36.57%\r\nx-bo-processingtime: 9\r\nx-bo-version: 1.0.26\r\ncdn-proxyver: 1.22\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 04/02/2025 09:58:06\r\ncdn-edgestorageid: 1054\r\ncdn-requestid: 03b7d742ce5934259330194c4ac134a6\r\ncdn-cache: HIT\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":16448,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 342x513, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"275e4f3c081df280c7155b5f2b026e38","sha1":"809f77514abe98a95c94f5dacb77d87b93a4df7a","sha256":"4cf2975be369cfd4aa92b677714895cadf267fb23f309e7f608b3eac347af5c9","sha512":"db18c31e3919421d742c6e756b086ecee05cb46b5c1a03ff306709a61dd0cc7c875462ab1c083df996ed7791e2202cdfa6b4df42afd6e7d6aaf64f61c7f1fe41","ssdeep":"384:0i3o/v+YgIrSTKgHsLUEUrvOOLiNh9UwARN9:05+Oh1UEUlLCh9UwAr9","tlshash":"9172d132edff195a003f3c627c0f7353c895a162a56e60a666562863cc9041bd727e7c","first_seen":"2026-01-24T18:42:16.942332Z","last_seen":"2026-01-24T18:42:16.942332Z","times_seen":1,"resource_available":false,"data":null}},"time_used":83,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":63,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"image.tmdb.org/t/p/w342/iutKnkc5dPHVxwrCB5ri26r86PF.jpg","fqdn":"image.tmdb.org","domain":"tmdb.org","tld":"org"},"ip":{"addr":"138.199.36.9","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.400Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"image.tmdb.org","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 22 Jan 2026 23:03:28 GMT","end":"Wed, 22 Apr 2026 23:03:27 GMT"},"fingerprint":{"sha1":"D2:92:4B:DD:3C:05:7F:EB:BE:66:36:C8:16:85:79:1D:3A:DC:E2:DF","sha256":"B5:D4:E7:D7:31:9B:B5:6A:30:78:60:8C:B5:67:C2:A2:74:B6:2C:8D:25:3D:62:AF:34:5F:EA:2E:DA:BA:8C:8F"}}},"request":{"raw":"GET /t/p/w342/iutKnkc5dPHVxwrCB5ri26r86PF.jpg HTTP/1.1\r\nHost: image.tmdb.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 16566\r\nserver: BunnyCDN-DE1-1049\r\ncdn-pullzone: 775336\r\ncdn-requestcountrycode: NO\r\ncache-control: public, max-age=31919000\r\nlast-modified: Mon, 06 Oct 2025 17:50:28 GMT\r\nx-bo-server: LA-296\r\nx-downloadsize: 31032\r\nx-bo-origindownloadtime: 229\r\nx-bo-compressionratio: 46.62%\r\nx-bo-processingtime: 10\r\nx-bo-version: 1.0.26\r\ncdn-proxyver: 1.40\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 863\r\ncdn-cachedat: 11/14/2025 16:03:27\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 79561462cbd69577e483ab5d473c4b55\r\ncdn-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":16566,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 342x513, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"622e94248f868a42ac09dd4de4934642","sha1":"0aea2caf80b9e76d362f717e2fbf2bf550bb7aa4","sha256":"11eb9c1bb3b92d21363b73ca6f342fb4d091bb05d71ef06bff05f4ab249287ea","sha512":"f6f446589f6b7fac3ae3b415a5283363ee08d6ea792ba553dc9c24ff0fe31d3733b4793cb8e2a54781699132a07055c9dc58c13340b03d53a8adb3edfc308b7a","ssdeep":"384:ySWzMw3cUB1PofcfFWOLw1HWIJs7VphH2Dy2EBC4VRCW2:yUYc+qcfFWP1LeVphHOsFRC1","tlshash":"e672d07a52185f389c61d0c8853bcbcd08e9c35dd9392541f1bca959e2ade34488bd9f","first_seen":"2026-01-24T18:42:16.943847Z","last_seen":"2026-01-24T18:42:16.943847Z","times_seen":1,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=754af6b4-bbe4-420e-aa78-f8a4b9549807\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=8fe5e554a2e8370f987ba11cc1255c6c\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=18","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:48.594Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 22:13:33 GMT","end":"Sat, 28 Mar 2026 22:13:32 GMT"},"fingerprint":{"sha1":"A3:08:82:4A:9A:ED:6E:4C:29:FC:10:0D:1D:8F:8B:68:0E:D0:49:72","sha256":"B4:01:36:5D:F9:70:75:BF:F6:56:67:76:BB:CC:A2:D3:BA:69:61:33:56:FC:C7:21:69:6E:04:BE:95:D7:B2:F5"}}},"request":{"raw":"GET /pxf.gif?uuid=754af6b4-bbe4-420e-aa78-f8a4b9549807\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=8fe5e554a2e8370f987ba11cc1255c6c\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=18 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:48 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 3\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 36ea09f4237e446c2156a12e31f3a2ef\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":692,"timings":{"blocked":294,"dns":1,"connect":94,"send":0,"wait":101,"receive":0,"ssl":198},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/gambling/default/android-btn/8/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.084Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/notifications/gambling/default/android-btn/8/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nOrigin: https://cineby.bz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:49 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 26 Jun 2025 14:09:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"685d5496-10f4\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\nage: 13468\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9NwCTx3tLsMw4yaaIoCD2BqnQ30lmP23djR3yShTSvUEzw4C2gf7oc%2B8NNEtYQMA7pzYuTw3%2Bj%2FUXUPOOZwmuOEEZX1g59tuAFoEdAbX\"}]}\r\ncf-ray: 9c31aaca29020afe-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4340,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bcebe474f8ba37dda2feb5b453f6a70b","sha1":"a82d597da03baaac1e9ce41d431a8d105326819c","sha256":"fd4ecb7b5016f3e09bd016dd51104a4e01acfe22d72bb9e974f710bcbfb00403","sha512":"5d03955349efe27f0cadc8b9804b22eef41a3f706c7a313c9125d69d031cf8c686ab9b6cc017637b93e306a0acc4a0406d1d2fb8e3e26fe10545a38e23b2af2b","ssdeep":"96:iW02lZkCiFviIYhemnM0plim8UVgaL0I/GCPUBwytt7EeO/h7HFGeXTCthi:HiFoznMMga5xHaTi","tlshash":"5e91ed966b750644751ae1bb79126f572b284043af0fdd749fd1200cdec92a982a37cb","first_seen":"2025-11-15T08:51:44.755602Z","last_seen":"2026-05-20T16:47:58.104102Z","times_seen":529,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":62,"dns":21,"connect":3,"send":0,"wait":14,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fluentdifferenceselfemployed.com/impr.gif?sid=H4sIAAAAAAAC_1RSPWwcRRidtd1RIEJEB1okCpDi8-zP3d4lRaSIQAM2kKAUNMzO7F6Gm9tZdmb3LkfjYIGgMx3l3js7biIDnSuEzojGElIOUVwRN0g0KZFSozufZPiK70dvNPree9_X4_KcXEPJ5h-8r0dSKbbVbFD3zXsyE3pg3O27rkcb9IZ7T2at8IY7XKSiuu4FYYO-5b6b8J7e8qlHqUc99x1ZJKkebi1RyPxxx2t0aCP0G14zxLD4_2xKB4Y5ENU5uQIpZi_-lX4CyafI-j--nZie1fm12_1SMasLVOLo46yX6UGG_mWbFg7S7Gj1GtrMCPl-DTo7WjGArg4WDBDLGVl75Sni7Gi1JuLq8GLTWCHJEIsXMKimSNQUkk3B9R6keEIALrC9g6z_aFsXA_bgAmULdEY2nv8DOZiRjadXkfWPbyk5dO9oVVqpM4NhWkMOp5DdKfLyFHbkQA5Owe2XkOJ3svX8PWT9gx2jNKSYv8E8FolO5G-Goe9vhpSmm3Hg-Zvtlggi6kdRi9KlRDKdgpk1lMZBKR2UqYMyd9AXczek7ZB7LGilHcEjGrIwFElMO22fUtbhEUr-EFLsgxe7yItd9OQ-zP0aRjgwlqAS9aFQxjf1I6FMGXur6q9qUE-07Y7ZobbdJCNgxT4KUR_I_HOzB27XJ6PUiIleJBbbesJiUY_zc_LSQjInONlCL5m7qS_aaRSxNObNdtTx282ARVHQ4pS2w9j3YGQNadbAjIORnJHXv32GXD4pfkPMTmHUKbh0wMpXwQY12P0ao-yx1YXSvNdQskogdI3cbsA-cMbqnLw8-ejurV-Wvn16-wck_Ozm8cmHz7567QS8qJEXNT6TvxJ01cOfdnIr-3LEFkbescwm62ByRpzrP4PLGbn6xd_Lm2od_wme78Lkl38ZTRDnDpQkUMkZWQVYXMP8Z44v-7H5Bt3CAbN7yPo1qqJGpWowtQ9Trk9sXpzd_CNYBmLlTGJVOAexKtR3F1yMnLtpkPgL8aKWF7TTxAtCwdNmO-yIFqNBkMCamSyvqH8DAAD__y68EP32AwAA","fqdn":"fluentdifferenceselfemployed.com","domain":"fluentdifferenceselfemployed.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.547Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fluentdifferenceselfemployed.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 08:48:01 GMT","end":"Mon, 30 Mar 2026 08:48:00 GMT"},"fingerprint":{"sha1":"51:45:C8:DD:BF:62:39:21:9B:7F:44:F8:74:E3:D1:4C:4A:76:9B:49","sha256":"60:C9:BE:32:53:EE:19:A0:03:6E:A3:31:0D:B3:64:EC:75:43:DE:4E:ED:0B:28:5A:EA:81:FE:09:34:0A:B1:E9"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSPWwcRRidtd1RIEJEB1okCpDi8-zP3d4lRaSIQAM2kKAUNMzO7F6Gm9tZdmb3LkfjYIGgMx3l3js7biIDnSuEzojGElIOUVwRN0g0KZFSozufZPiK70dvNPree9_X4_KcXEPJ5h-8r0dSKbbVbFD3zXsyE3pg3O27rkcb9IZ7T2at8IY7XKSiuu4FYYO-5b6b8J7e8qlHqUc99x1ZJKkebi1RyPxxx2t0aCP0G14zxLD4_2xKB4Y5ENU5uQIpZi_-lX4CyafI-j--nZie1fm12_1SMasLVOLo46yX6UGG_mWbFg7S7Gj1GtrMCPl-DTo7WjGArg4WDBDLGVl75Sni7Gi1JuLq8GLTWCHJEIsXMKimSNQUkk3B9R6keEIALrC9g6z_aFsXA_bgAmULdEY2nv8DOZiRjadXkfWPbyk5dO9oVVqpM4NhWkMOp5DdKfLyFHbkQA5Owe2XkOJ3svX8PWT9gx2jNKSYv8E8FolO5G-Goe9vhpSmm3Hg-Zvtlggi6kdRi9KlRDKdgpk1lMZBKR2UqYMyd9AXczek7ZB7LGilHcEjGrIwFElMO22fUtbhEUr-EFLsgxe7yItd9OQ-zP0aRjgwlqAS9aFQxjf1I6FMGXur6q9qUE-07Y7ZobbdJCNgxT4KUR_I_HOzB27XJ6PUiIleJBbbesJiUY_zc_LSQjInONlCL5m7qS_aaRSxNObNdtTx282ARVHQ4pS2w9j3YGQNadbAjIORnJHXv32GXD4pfkPMTmHUKbh0wMpXwQY12P0ao-yx1YXSvNdQskogdI3cbsA-cMbqnLw8-ejurV-Wvn16-wck_Ozm8cmHz7567QS8qJEXNT6TvxJ01cOfdnIr-3LEFkbescwm62ByRpzrP4PLGbn6xd_Lm2od_wme78Lkl38ZTRDnDpQkUMkZWQVYXMP8Z44v-7H5Bt3CAbN7yPo1qqJGpWowtQ9Trk9sXpzd_CNYBmLlTGJVOAexKtR3F1yMnLtpkPgL8aKWF7TTxAtCwdNmO-yIFqNBkMCamSyvqH8DAAD__y68EP32AwAA HTTP/1.1\r\nHost: fluentdifferenceselfemployed.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uid_id2=a1a7d972-4422-400f-b312-86d370277600:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl20166703=1; slecf2d8f77afbc58792853a7736c0084b21=[6309295]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+0f125ff7e881baf564759d2d7f930c80=6309295; expires=Sun, 25 Jan 2026 18:41:49 GMT; path=/; secure; SameSite=None\niprc_l:6309295=1; expires=Sun, 25 Jan 2026 18:41:49 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 3\r\nHost: fluentdifferenceselfemployed.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 331a9a6712ca116b82043e7ff6816a8a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"fluentdifferenceselfemployed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"18.192.16.5","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:47.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nOrigin: https://cineby.bz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:48 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://cineby.bz\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=a1a7d972-4422-400f-b312-86d370277600:2:1; expires=Tue, 22 Jan 2036 18:41:48 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"8f0ab658b870bcc020e66863f101f98e","sha1":"6d3885949f83a8f00054f63841ffaca0f7edc4a4","sha256":"d3d936de0ea86c2e66e3855e217947e74efdbfaa49d1f6b04f506fd965bddf9e","sha512":"efbb3c294285be644c4fd3723235606788aa23e3903eeccbb87f3c70d7dfe4c7935ca9230b34d48d307ecf4bb5d720224f9b9e8ee65b5102b2623a70562b88a8","ssdeep":"","tlshash":"4790043f033c1014f404730411004f700f4d41c74cc501dc5df1d1004d15313d51c054","first_seen":"2026-01-24T18:42:16.948292Z","last_seen":"2026-01-24T18:42:16.948292Z","times_seen":1,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":118,"dns":4,"connect":25,"send":0,"wait":22,"receive":0,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fluentdifferenceselfemployed.com/sbar.json?key=f2d8f77afbc58792853a7736c0084b21\u0026uuid=a1a7d972-4422-400f-b312-86d370277600%3A2%3A1","fqdn":"fluentdifferenceselfemployed.com","domain":"fluentdifferenceselfemployed.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:48.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fluentdifferenceselfemployed.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 08:48:01 GMT","end":"Mon, 30 Mar 2026 08:48:00 GMT"},"fingerprint":{"sha1":"51:45:C8:DD:BF:62:39:21:9B:7F:44:F8:74:E3:D1:4C:4A:76:9B:49","sha256":"60:C9:BE:32:53:EE:19:A0:03:6E:A3:31:0D:B3:64:EC:75:43:DE:4E:ED:0B:28:5A:EA:81:FE:09:34:0A:B1:E9"}}},"request":{"raw":"GET /sbar.json?key=f2d8f77afbc58792853a7736c0084b21\u0026uuid=a1a7d972-4422-400f-b312-86d370277600%3A2%3A1 HTTP/1.1\r\nHost: fluentdifferenceselfemployed.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nOrigin: https://cineby.bz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:48 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 3701\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://cineby.bz\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=a1a7d972-4422-400f-b312-86d370277600:2:1; expires=Sat, 31 Jan 2026 18:41:48 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Sun, 25 Jan 2026 18:41:48 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Sun, 25 Jan 2026 18:41:48 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Sun, 25 Jan 2026 18:41:48 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Sun, 25 Jan 2026 18:41:48 GMT; path=/; secure; SameSite=None\nu_pl20166703=1; expires=Sun, 25 Jan 2026 18:41:48 GMT; path=/; secure; SameSite=None\nslecf2d8f77afbc58792853a7736c0084b21=[6309295]; expires=Sat, 24 Jan 2026 18:41:53 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 200\r\nHost: fluentdifferenceselfemployed.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8141347960f5257611c103978b8784ba\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":5081,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"fc76668aa5771ddd7fc9354bfc6ec50c","sha1":"24b0682817c7fba62eea0f2ced74b8854299fdc6","sha256":"c95d985514489008806335587e33e71b02e43ee4fc25ea491ff72948ab689459","sha512":"e00befaf6e61c8a51ccc809df81ecea51c4e01d250e4416eee339ab547db97534fad7da96aba901908caf82226e3c149a5b2f81acd54819952dc3068668e5b33","ssdeep":"96:9hCHdOGziRHvqHxUVpYMe2syzAEMz9YEt+dGz3MKd7VdFu40UFox3a:9hyOfvRpYMeJUAE5WmGz3MKRrFx0UFv","tlshash":"17a15deaca62716e13a25c4e5473eee50ec297077db00d052db573cebb2b0a4c795874","first_seen":"2026-01-24T18:42:16.949437Z","last_seen":"2026-01-24T18:42:16.949437Z","times_seen":1,"resource_available":false,"data":null}},"time_used":308,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":307,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"fluentdifferenceselfemployed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/notifications/gambling/default/android-btn/8/img/confetti.gif","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/notifications/gambling/default/android-btn/8/img/confetti.gif HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 18:41:49 GMT\r\ncontent-type: image/gif\r\ncontent-length: 206291\r\nserver: cloudflare\r\nlast-modified: Mon, 24 Mar 2025 13:33:33 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67e15f2d-325d3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 5495787\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CVq9wvXjHycrAXaV2hzV1l8EwID8dpuq4xsnty48YuYSz3S4jZtsG7I7LBpEVwDwHY9nnBQAlKOGU7n2Pw%2Ff9Lec65j%2FlKqujh8nBCVN\"}]}\r\ncf-ray: 9c31aaca390b0afe-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":206291,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 360","md5":"0b33face774f2203446507ce5f075538","sha1":"1dd3522529bce7739df0687f47f5bc84356698a0","sha256":"ac345899461d5634d25c47281b10e3c1886abb33019e2ce8140573a79e9f52f2","sha512":"58aa96c101e4a4cd0b2df5065639f0795b4ebb970f3a1e6c33a3a4566c3e8ae22038457f7eee59d70baaa03c63c369e9c8c88fc4dd7206c26fc6bfd602424f9d","ssdeep":"3072:uX7nWRsxeentKfdlIIn6vXDwyH005Z5JVaCFfXiceSPVUAV9FY7u:W7nWyee4fLII6vDFU8bfaivimlFYu","tlshash":"6c14e167d568498bca0931f02006167b6e79ecf57c78f87fb581b9825ebb42e35e1c02","first_seen":"2024-05-02T15:55:45Z","last_seen":"2026-05-20T18:02:49.263392Z","times_seen":1945,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fanimate.css\u0026l=78685\u0026fd=145","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.295Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 21:42:11 GMT","end":"Wed, 25 Mar 2026 21:42:10 GMT"},"fingerprint":{"sha1":"DD:BF:7F:13:B7:AA:5E:41:65:09:9E:F1:FE:42:C4:9A:00:0B:F4:E6","sha256":"FE:3B:B4:EE:8B:60:30:E2:9F:CB:E9:E2:06:C0:A4:2E:FF:35:D3:22:85:14:1C:B8:13:CD:72:FB:EA:5C:E9:98"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fanimate.css\u0026l=78685\u0026fd=145 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:49 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":694,"timings":{"blocked":296,"dns":4,"connect":91,"send":0,"wait":96,"receive":1,"ssl":201},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fstyle.css\u0026l=4340\u0026fd=143","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.296Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 21:42:11 GMT","end":"Wed, 25 Mar 2026 21:42:10 GMT"},"fingerprint":{"sha1":"DD:BF:7F:13:B7:AA:5E:41:65:09:9E:F1:FE:42:C4:9A:00:0B:F4:E6","sha256":"FE:3B:B4:EE:8B:60:30:E2:9F:CB:E9:E2:06:C0:A4:2E:FF:35:D3:22:85:14:1C:B8:13:CD:72:FB:EA:5C:E9:98"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fnotifications%2Fgambling%2Fdefault%2Fandroid-btn%2F8%2Fcss%2Fstyle.css\u0026l=4340\u0026fd=143 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:49 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":692,"timings":{"blocked":295,"dns":2,"connect":96,"send":0,"wait":98,"receive":0,"ssl":196},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fluentdifferenceselfemployed.com/pixel/sbs?c=1","fqdn":"fluentdifferenceselfemployed.com","domain":"fluentdifferenceselfemployed.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.549Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fluentdifferenceselfemployed.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 08:48:01 GMT","end":"Mon, 30 Mar 2026 08:48:00 GMT"},"fingerprint":{"sha1":"51:45:C8:DD:BF:62:39:21:9B:7F:44:F8:74:E3:D1:4C:4A:76:9B:49","sha256":"60:C9:BE:32:53:EE:19:A0:03:6E:A3:31:0D:B3:64:EC:75:43:DE:4E:ED:0B:28:5A:EA:81:FE:09:34:0A:B1:E9"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: fluentdifferenceselfemployed.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cineby.bz/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: uid_id2=a1a7d972-4422-400f-b312-86d370277600:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl20166703=1; slecf2d8f77afbc58792853a7736c0084b21=[6309295]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 24 Jan 2026 18:41:49 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: fluentdifferenceselfemployed.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"fluentdifferenceselfemployed.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cineby.bz/movie/639988","date":"2026-01-24T18:41:49.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:29 GMT","end":"Mon, 23 Mar 2026 19:52:28 GMT"},"fingerprint":{"sha1":"D2:3B:6C:71:A7:BD:CB:B5:56:D1:90:EE:91:17:19:0F:24:02:E5:93","sha256":"DE:C3:87:EA:0D:EF:DF:B6:5C:9C:CE:F8:48:EB:2C:CE:06:FC:22:FD:3A:57:71:FF:23:81:1F:16:8F:67:66:B6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://cineby.bz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 20 Jan 2026 23:52:35 GMT\r\nexpires: Wed, 20 Jan 2027 23:52:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 326954\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-05-21T17:23:14.965877Z","times_seen":841154,"resource_available":false,"data":null}},"time_used":300,"timings":{"blocked":136,"dns":2,"connect":26,"send":0,"wait":15,"receive":9,"ssl":108},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}