Report - jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh

Report Overview

Visited public
2024-10-06 02:23:57
Tags
URL
jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh
Finishing URL
jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh
IP / ASN
104.21.96.55
#13335 CLOUDFLARENET
Title
jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
vwpttkoh.xyz	unknown	2024-08-01	2024-08-20 19:43:43	2024-09-24 05:35:08	497 B	645 B	172.67.143.219
r.linksprf.com	unknown	2023-09-05	2023-09-14 17:12:25	2024-10-05 17:10:26	1.7 kB	1.3 kB	18.202.86.139
be4235.rcr32.ams02.cdn112.com	unknown	2023-05-27	2023-05-27 23:21:35	2024-09-26 01:37:03	2.3 kB	1.0 MB	194.31.157.55
lernodydenknow.info	unknown	2023-12-31	2024-01-24 13:30:53	2024-09-28 18:34:30	524 B	2.1 kB	108.157.229.51
jmzkzesy.xyz	unknown	unknown	No data	No data	2.4 kB	229 kB	104.21.96.55
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-10-04 18:12:12	1.3 kB	3.5 kB	2.23.172.203
xml-v4.bidderads.com	unknown	2021-04-29	2023-02-09 05:18:24	2024-09-25 00:49:52	526 B	200 B	174.137.133.17
s.optnx.com	20469	2020-01-27	2020-03-25 01:41:59	2024-10-05 22:38:03	5.3 kB	3.0 kB	95.211.229.247
mnymkr.net	unknown	2023-05-23	2023-05-24 13:54:06	2024-09-29 23:53:41	1.1 kB	1.4 kB	104.21.87.72
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-04 18:12:02	1.3 kB	3.5 kB	2.23.172.203
videothumbs.me	unknown	2024-03-25	2024-03-25 12:39:58	2024-10-01 11:07:56	864 B	909 kB	188.114.97.1
theinfluhub.com	unknown	2023-03-16	2023-03-16 22:15:23	2024-09-29 18:08:20	767 B	11 kB	104.26.9.242
www.awin1.com	14049	2000-05-19	2012-07-02 21:46:12	2024-10-04 19:57:52	736 B	846 B	23.49.29.238

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-05	medium	jmzkzesy.xyz	Sinkholed
2024-10-05	medium	jmzkzesy.xyz	Sinkholed
2024-10-05	medium	jmzkzesy.xyz	Sinkholed
2024-10-05	medium	jmzkzesy.xyz	Sinkholed
2024-10-05	medium	jmzkzesy.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (23)

	URL	From	Size	First Seen	Last Seen
	jmzkzesy.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3	ScriptElement	38 B	2023-03-07	2025-06-12
Pretty URL jmzkzesy.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3 IP 104.21.96.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59 Last Seen2025-06-12 08:38 Times Seen809 Hash 99eccae6afa72c589ae54b5c3890282a 0f102f8f5b556635de65d16cf70fa8269c6761b4 b74a58316385de04b054737776e71c160cd60d2d01b5440b32c21651fb0ab8d3 Loading...

	jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh	ScriptElement	142 B	2024-10-06	2024-10-06
Pretty URL jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-06 09:14 Last Seen2024-10-06 09:14 Times Seen1 Hash b9689083ba13bce394c00f45c1360c79 019fc4f06eb7e777238ae4279f9d117b0054a8da d25ce2a9724b22871f8842616a56f4041be237a97e01f19e27e7157801c0520f Loading...

	jmzkzesy.xyz/js/jquery.js	ScriptElement	90 kB	2023-03-07	2025-06-12
Pretty URL jmzkzesy.xyz/js/jquery.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-12 11:11 Times Seen213036 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	jmzkzesy.xyz/player/jw8/vast.js	ScriptElement	107 kB	2023-09-18	2025-06-07
Pretty URL jmzkzesy.xyz/player/jw8/vast.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-18 06:50 Last Seen2025-06-07 12:50 Times Seen341 Hash 3cd85ca1814c3fd976764bf6b83b989d 90e931622205c6adfbc75cfe681563a127580f05 2e4fe3d8b3565a3f8b5ec0ecfe0e5f26a756401b6847dd475327793da41897f5 Loading...

	jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh	ScriptElement	514 B	2024-04-13	2025-04-05
Pretty URL jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-13 15:29 Last Seen2025-04-05 17:24 Times Seen460 Hash 9f65a1ea61c99521274aa8cae75cf64c 8f6c4b1e4d6b97ba85a557d2303f501cf834fe96 63d1ba1f37f9df17aa589c2b237b36897935faf9c1263c90b1baf149ea8374c1 Loading...

	jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh	ScriptElement	202 B	2024-09-28	2024-10-22
Pretty URL jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-28 15:48 Last Seen2024-10-22 14:18 Times Seen55 Hash 08ec990324e6295f26a70e74d5254348 79839bda6830f2e6d6d56ce96930d23396790f06 3623365e514ff5aa0f5ed7a7e40bbec8762b4615e703dda72114fb2443ccc3e2 Loading...

	jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh	ScriptElement	264 B	2024-09-24	2024-10-11
Pretty URL jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-24 11:08 Last Seen2024-10-11 09:19 Times Seen40 Hash 7eaf8752a85870f43dc57d95a7780a8c 53d70e723d73772f0ee701e5b9e6e9c3f3d1a8eb 7b79ea222df3ca1c41316cbebaae43dbef31f45411e3d64083c10a4e2866201a Loading...

	jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh	ScriptElement	113 B	2024-10-03	2024-10-11
Pretty URL jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-03 22:11 Last Seen2024-10-11 09:19 Times Seen29 Hash 90feecd2a324e59fedb341958da4e191 49c6b639c748d456ed696774276e5df780e5dfbb 52a88373560319263d9812c9017e8e1ad7ab6d61d5c285a87cd8dcccbf743bb9 Loading...

	jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh	ScriptElement	5.6 kB	2024-08-22	2024-10-13
Pretty URL jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-22 05:50 Last Seen2024-10-13 13:40 Times Seen122 Hash 65039ee5472be1c68bbf0b6e6ce8a8ca f795414acf5346cd79b496ba68c250cfc7038522 8a2807381f802134e241f15e77df42177bb4c3aa5ed1fce4f8aefec643ada269 Loading...

	jmzkzesy.xyz/player/jw8_26/jwplayer.js?v=5.0.2	ScriptElement	111 kB	2024-04-13	2025-06-07
Pretty URL jmzkzesy.xyz/player/jw8_26/jwplayer.js?v=5.0.2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 15:29 Last Seen2025-06-07 12:50 Times Seen513 Hash f91de142eed44442bad231961488c5d0 ea6c79968011a5b59e444d792f7ab048a1f7e31d b3031ee0f2674c203fe1400df12a96148c4bed344553fc9063c3846ba8466295 Loading...

	jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh	ScriptElement	43 B	2023-03-08	2025-06-07
Pretty URL jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 08:46 Last Seen2025-06-07 12:50 Times Seen541 Hash 4f98cf8486a8beb4d2d271b8e9304216 112dd81cdd24e37a4554c9a5c5327b30a476acf8 77b18c051d8450512853f4643dd7ac0e4c3205b7ec4cd1373ca5ad0dd2f470c3 Loading...

	jmzkzesy.xyz/js/jquery.cookie.js	ScriptElement	4.3 kB	2023-03-07	2025-06-12
Pretty URL jmzkzesy.xyz/js/jquery.cookie.js IP 104.21.96.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-12 08:38 Times Seen1650 Hash ae0c2c5d8f01f7d35bb698bb618a62f7 63556a22ddea1c5f23a5cf7d0b6d35c7aab54e20 75aef2e95ea7f3a70999396fba0c2ab866f4ff06313cf1b07780d800a5fc1ebc Loading...

	jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh	ScriptElement	154 B	2023-03-08	2025-06-07
Pretty URL jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 08:46 Last Seen2025-06-07 12:50 Times Seen538 Hash d882b49167571a8dc4de310e0b2e623d 426f496e1155dfab34840a7a467866838448c8d0 6dc67eafa621e57610ed67c02b1c0c5532e495dfe555dcade99fb81b6744899b Loading...

	jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh	ScriptElement	1.5 kB	2023-03-08	2025-05-27
Pretty URL jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 08:46 Last Seen2025-05-27 09:08 Times Seen485 Hash 36e0f7e5e53c5804e2188799d503746b 6a1df181d1324e3bd50ce865861a990cbe185c7b 3685002591a539aa34044215aac57a04d32a0f485bdf1719223803c4a5198dcb Loading...

	jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh	ScriptElement	60 B	2023-03-07	2025-06-07
Pretty URL jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:59 Last Seen2025-06-07 12:50 Times Seen538 Hash 47a7df3210911e27dfdc28583faa9264 fb289b528d31f67e951e5415dd4e0cfca739b654 f46f00646225f54664e4d7bb625fb06dbcfc86904826cd3382efa56c4d524ddc Loading...

	jmzkzesy.xyz/player/jw8_26/jwplayer.core.controls.js?v=2	ScriptElement	327 kB	2024-03-12	2025-06-07
Pretty URL jmzkzesy.xyz/player/jw8_26/jwplayer.core.controls.js?v=2 IP 104.21.96.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-12 19:48 Last Seen2025-06-07 12:50 Times Seen776 Hash fee77850b6b254569cf03f43a4dfdde4 35841d306d3404fbef6825371ffdbcd992ade913 50b22ddf7e9cf49716e33660cc9de3c2bbf3cb90f203d8af93810f8f97bdee3f Loading...

	jmzkzesy.xyz/player/jw8_26/provider.hlsjs.js?v=2	ScriptElement	423 kB	2024-04-13	2025-06-07
Pretty URL jmzkzesy.xyz/player/jw8_26/provider.hlsjs.js?v=2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-13 15:29 Last Seen2025-06-07 12:50 Times Seen513 Hash 0f95e38aa7bb0943693b51bd6a7deed0 26c89f76894108f76ad23af32ecc6b1e708993ba 1b1263b7061aaca7fe0b69168b16cb2401a7fe2ada08ccfdd373ee06c7d125b1 Loading...

	jmzkzesy.xyz/js/xupload.js	ScriptElement	11 kB	2023-03-07	2025-03-25
Pretty URL jmzkzesy.xyz/js/xupload.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24 Last Seen2025-03-25 20:59 Times Seen494 Hash 2609e3a9490dcfe748407d3af317c472 af55b2b16e9190e09407f67ffae4ca705ea6f112 c3c7c3de97ef15965def93fc9317e82854b979aa1a7980fde49b873a04aab85d Loading...

	csy8cjm7.xyz/js/captcha.controls.js	ScriptElement	71 kB	2024-10-03	2024-10-11
Pretty URL csy8cjm7.xyz/js/captcha.controls.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-03 22:11 Last Seen2024-10-11 09:19 Times Seen36 Hash 1836e68a74dcdbaa49b0bca0067b13db 33b38e48569cf1b3cce04fc930aa8a370b1f9ad7 49eec199b70112acae877edf5e3b8dff89de037156eb0c345b2452a2961dc117 Loading...

	jmzkzesy.xyz/js/bafsd.js	ScriptElement	14 kB	2024-10-04	2025-06-07
Pretty URL jmzkzesy.xyz/js/bafsd.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-04 15:55 Last Seen2025-06-07 12:50 Times Seen256 Hash c2432aca90e92e0370d2ded2545eb1fa 8f1ae40f7dc9c4ccfcb91d04530a1f072e9d06eb 89c40275bddb7257d519bda010de1c4df70a30b5f84be325f2ae53168f276cb5 Loading...

	jmzkzesy.xyz/js/ls.js	ScriptElement	2.1 kB	2023-03-07	2025-06-07
Pretty URL jmzkzesy.xyz/js/ls.js IP 104.21.96.55 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:42 Last Seen2025-06-07 12:50 Times Seen604 Hash f6784d7271569579cbc7e508fddb3fbb 61be0722316952e865893972791486e26961cdda 96f2f3c87be4a0582def1b5e1e9e19aa0529adb7fd9277cede56c1eefd906d01 Loading...

	jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh	ScriptElement	5.5 kB	2024-10-06	2024-10-06
Pretty URL jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-06 09:14 Last Seen2024-10-06 09:14 Times Seen1 Hash abe24d169ecc8a06369b460637e881df 2e425e41cdeff4515e9750fd63553a31bc32d099 9781d22a702e2f066cc1cf1598b304bbeef2a1ee53a0f1964a6e4459b890176c Loading...

		Size	First Seen	Last Seen
	#1 Eval - ff5e1985b5848e983711348b1dda20a9	6.4 kB	2024-10-06 09:14	2024-10-06 09:14
Pretty Observations First Seen2024-10-06 09:14 Last Seen2024-10-06 09:14 Times Seen1 Hash ff5e1985b5848e983711348b1dda20a9 54babb87fdce8e32361762a75b4b89af323488ab ba12e05a08d4132e86cc671b773cbd644a6141962c8ac64f26959d699a793000 Loading...

HTTP Transactions (29)

URL IP Response Size

r10.o.lencr.org/

2.23.172.203

504 B

URL
r10.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
961f4f0ab9b7bf5f05b339f676b49762
cd111640dbe14096627ae7a7692aa12de2009820
0842041bacd5f9c317b8b951addea5b11b18c882478a57e582e172bf84c9404e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0842041BACD5F9C317B8B951ADDEA5B11B18C882478A57E582E172BF84C9404E"
Last-Modified: Sat, 05 Oct 2024 18:18:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6813
Expires: Sun, 06 Oct 2024 04:17:03 GMT
Date: Sun, 06 Oct 2024 02:23:30 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.203

504 B

URL
r10.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
829fecd15de4dd0ed31ce195b5be2fa1
ccaf4828926928cad1657086011d59746696104e
623eea1df276a002f0a6e60c06087fa2cbd34842581b6375ca1fdb1209d664a4

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "623EEA1DF276A002F0A6E60C06087FA2CBD34842581B6375CA1FDB1209D664A4"
Last-Modified: Fri, 04 Oct 2024 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3656
Expires: Sun, 06 Oct 2024 03:24:26 GMT
Date: Sun, 06 Oct 2024 02:23:30 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.203

504 B

URL
r10.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
92cd7893843bf7005d9d4281f7ddeb25
1d1762ecf80a622168eb8734901fc27382da2b2a
7e1c229fca475d3a4760d7950e2ccd0b8bb27f4c4bc5fd43e96260bfa32388b7

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "7E1C229FCA475D3A4760D7950E2CCD0B8BB27F4C4BC5FD43E96260BFA32388B7"
Last-Modified: Sat, 05 Oct 2024 16:15:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3713
Expires: Sun, 06 Oct 2024 03:25:23 GMT
Date: Sun, 06 Oct 2024 02:23:30 GMT
Connection: keep-alive

r10.o.lencr.org/

2.23.172.203

504 B

URL
r10.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
7c54d4aa836f3e2ecea530bf3a6c5d8f
c889bcbb0a5124d8a616c4f84f7cb83db152bd1e
d95b713b61b3708f2595b684f5319d245658f6ed0ceac333f8da65839766f933

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D95B713B61B3708F2595B684F5319D245658F6ED0CEAC333F8DA65839766F933"
Last-Modified: Sat, 05 Oct 2024 16:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3307
Expires: Sun, 06 Oct 2024 03:18:38 GMT
Date: Sun, 06 Oct 2024 02:23:31 GMT
Connection: keep-alive

jmzkzesy.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3

104.21.96.55

38 B

URL
jmzkzesy.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3
IP
104.21.96.55:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
38 B (38 bytes)
Hash
99eccae6afa72c589ae54b5c3890282a
0f102f8f5b556635de65d16cf70fa8269c6761b4
b74a58316385de04b054737776e71c160cd60d2d01b5440b32c21651fb0ab8d3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/dnsads.js?dfp=1&ad_code=2&adsrc=3 HTTP/1.1
Host: jmzkzesy.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Oct 2024 02:23:31 GMT
content-type: application/javascript; charset=utf-8
content-length: 38
last-modified: Mon, 13 Sep 2021 15:50:14 GMT
etag: "613f7336-26"
expires: Tue, 08 Oct 2024 10:49:49 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 401622
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MFkMy%2FCgscY9B2utqJlJo3O0GUkzMXaNRyUMhEKOuDv%2F2na71M%2B4lsD1ioo8VM%2FFLfQbknsY1O3%2F1SND7CKjG6%2F9ShUZg55gQ1ob5YcU2p2Zki0HTxBGZpFIcEL5bog%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ce2309dfbe892a6-CPH
X-Firefox-Spdy: h2

videothumbs.me/03wxu5r4c5db.jpg

188.114.97.1

18 kB

URL
videothumbs.me/03wxu5r4c5db.jpg
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.32.100", baseline, precision 8, 640x266, components 3
Size
18 kB (17603 bytes)
Hash
f0969acc0a460670d3daaffb3e4802fa
9ed5efa4481f598bd0808ba464d2665702f95a75
81b45f19db298f90197c2959ee0a5e78d22e7a2ca077e0985c2e18b6cd25ec59

HTTP Headers

GET /03wxu5r4c5db.jpg HTTP/1.1
Host: videothumbs.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmzkzesy.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 06 Oct 2024 02:23:32 GMT
content-type: image/jpeg
content-length: 17603
last-modified: Mon, 22 May 2023 23:47:58 GMT
etag: "646bff2e-44c3"
expires: Tue, 08 Oct 2024 05:01:58 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 581586
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hM1OkzcrMVGQGnrqlK1ROgyet1vPOczWdnk9mLpMpfxbgXZ1eUlsmLWkB7Vq6Cvnhy%2B%2BLycZ6O8v8gXF8L59SYk%2FmQ%2B%2BKCCHczrr5hBOYdym7Ivx4VQ70W%2F59yipP7kvww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ce230a2c90a930f-CPH
X-Firefox-Spdy: h2

r11.o.lencr.org/

2.23.172.203

504 B

URL
r11.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
77d6473cf61408d0b02d866355c59b42
923d57038868a291a6a4ea4e4ae18d39453f3760
c06202b10dec8cddc1a562c0ad84ee237468aa3b414782eb669a6681999d12c7

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C06202B10DEC8CDDC1A562C0AD84EE237468AA3B414782EB669A6681999D12C7"
Last-Modified: Fri, 04 Oct 2024 14:14:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8657
Expires: Sun, 06 Oct 2024 04:47:49 GMT
Date: Sun, 06 Oct 2024 02:23:32 GMT
Connection: keep-alive

be4235.rcr32.ams02.cdn112.com/hls2/02/03864/52cv7tmjl547_x/master.m3u8?t=G5aTupwQG1GyL3YELWgRCKnMy2Dvq-TqiwMYxxCsWZ0&s=1728181411&e=10800&f=29972861&srv=27&asn=50304&sp=5500

194.31.157.55

297 B

URL
be4235.rcr32.ams02.cdn112.com/hls2/02/03864/52cv7tmjl547_x/master.m3u8?t=G5aTupwQG1GyL3YELWgRCKnMy2Dvq-TqiwMYxxCsWZ0&s=1728181411&e=10800&f=29972861&srv=27&asn=50304&sp=5500
IP
194.31.157.55:0
ASN
#174 COGENT-174

File type
M3U playlist, ASCII text
Size
297 B (297 bytes)
Hash
1d5a54cb238b2a4a89e57311044f7739
9eca901eecb053662d610a489d04e2ba8c5eda7b
6e80713639a8923a9ef1ef3635921e0278f264c3e16de4bce7ce87d31a98dda3

HTTP Headers

GET /hls2/02/03864/52cv7tmjl547_x/master.m3u8?t=G5aTupwQG1GyL3YELWgRCKnMy2Dvq-TqiwMYxxCsWZ0&s=1728181411&e=10800&f=29972861&srv=27&asn=50304&sp=5500 HTTP/1.1
Host: be4235.rcr32.ams02.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jmzkzesy.xyz
DNT: 1
Connection: keep-alive
Referer: https://jmzkzesy.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 06 Oct 2024 02:23:32 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sun, 06 Oct 2024 02:23:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 08 Oct 2024 01:22:04 GMT
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Content-Encoding: gzip

be4235.rcr32.ams02.cdn112.com/hls2/02/03864/52cv7tmjl547_x/index-v1-a1.m3u8?t=G5aTupwQG1GyL3YELWgRCKnMy2Dvq-TqiwMYxxCsWZ0&s=1728181411&e=10800&f=29972861&srv=27&asn=50304&sp=5500

194.31.157.55

4.6 kB

URL
be4235.rcr32.ams02.cdn112.com/hls2/02/03864/52cv7tmjl547_x/index-v1-a1.m3u8?t=G5aTupwQG1GyL3YELWgRCKnMy2Dvq-TqiwMYxxCsWZ0&s=1728181411&e=10800&f=29972861&srv=27&asn=50304&sp=5500
IP
194.31.157.55:0
ASN
#174 COGENT-174

File type
M3U playlist, ASCII text
Size
4.6 kB (4584 bytes)
Hash
62f4350c173902db76e829eceb46df52
af97ad958da00b2eb47609279cf2f3ce99418757
154563fd080b61760ff15348e6f37b70be1ae67ef4992d18753157438e5762eb

HTTP Headers

GET /hls2/02/03864/52cv7tmjl547_x/index-v1-a1.m3u8?t=G5aTupwQG1GyL3YELWgRCKnMy2Dvq-TqiwMYxxCsWZ0&s=1728181411&e=10800&f=29972861&srv=27&asn=50304&sp=5500 HTTP/1.1
Host: be4235.rcr32.ams02.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jmzkzesy.xyz
DNT: 1
Connection: keep-alive
Referer: https://jmzkzesy.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 06 Oct 2024 02:23:32 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sun, 06 Oct 2024 02:23:32 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Tue, 08 Oct 2024 01:22:04 GMT
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Content-Encoding: gzip

videothumbs.me/03wxu5r4c5db0000.jpg

188.114.97.1

890 kB

URL
videothumbs.me/03wxu5r4c5db0000.jpg
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2000x1120, components 3
Size
890 kB (890110 bytes)
Hash
2100dc3817ec430ebd07c6b5f992b8c9
b21e77e1d4b4c07a5fa5de580f12f04a405a544d
72e0d8600e6bf038bb4831c238f42e69615dedd1ece10ab8858dede282e34a2d

HTTP Headers

GET /03wxu5r4c5db0000.jpg HTTP/1.1
Host: videothumbs.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmzkzesy.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Oct 2024 02:23:32 GMT
content-type: image/jpeg
content-length: 890110
last-modified: Mon, 22 May 2023 23:48:39 GMT
etag: "646bff57-d94fe"
expires: Fri, 11 Oct 2024 11:29:41 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 52161
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EZrGpzTJjZqXYUhowHblSZcsuHrOAJU4S03aoAPv3Lqrjfuf7bxJqiKBQPOfpQx80tvxljxkYaoe%2FsmMhHqszgTGh2u3mD8ddRhS1zp%2FmPtpUIusx2iYXE%2Fu6E631V1v9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ce230a35969930f-CPH
X-Firefox-Spdy: h2

be4235.rcr32.ams02.cdn112.com/hls2/02/03864/52cv7tmjl547_x/encryption.key?t=G5aTupwQG1GyL3YELWgRCKnMy2Dvq-TqiwMYxxCsWZ0&s=1728181411&e=10800&f=29972861&srv=27&asn=50304&sp=5500

194.31.157.55

16 B

URL
be4235.rcr32.ams02.cdn112.com/hls2/02/03864/52cv7tmjl547_x/encryption.key?t=G5aTupwQG1GyL3YELWgRCKnMy2Dvq-TqiwMYxxCsWZ0&s=1728181411&e=10800&f=29972861&srv=27&asn=50304&sp=5500
IP
194.31.157.55:0
ASN
#174 COGENT-174

File type
data
Size
16 B (16 bytes)
Hash
5b2f73af5f52739a5783ee41962b840d
2157a6851c5564958b2e17640aacdb408adfc330
75868b9e8e3b826a0627771cb7ebc8c5d2b09a1231868f60a3ae921ec29a4ee6

HTTP Headers

GET /hls2/02/03864/52cv7tmjl547_x/encryption.key?t=G5aTupwQG1GyL3YELWgRCKnMy2Dvq-TqiwMYxxCsWZ0&s=1728181411&e=10800&f=29972861&srv=27&asn=50304&sp=5500 HTTP/1.1
Host: be4235.rcr32.ams02.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jmzkzesy.xyz
DNT: 1
Connection: keep-alive
Referer: https://jmzkzesy.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 06 Oct 2024 02:23:32 GMT
Content-Type: application/octet-stream
Content-Length: 16
Connection: keep-alive
Last-Modified: Sun, 19 Nov 2000 08:52:00 GMT
Expires: Tue, 08 Oct 2024 01:22:40 GMT
ETag: "5f693e80-10"
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Accept-Ranges: bytes

be4235.rcr32.ams02.cdn112.com/hls2/02/03864/52cv7tmjl547_x/seg-1-v1-a1.ts?t=G5aTupwQG1GyL3YELWgRCKnMy2Dvq-TqiwMYxxCsWZ0&s=1728181411&e=10800&f=29972861&srv=27&asn=50304&sp=5500

194.31.157.55

1.0 MB

URL
be4235.rcr32.ams02.cdn112.com/hls2/02/03864/52cv7tmjl547_x/seg-1-v1-a1.ts?t=G5aTupwQG1GyL3YELWgRCKnMy2Dvq-TqiwMYxxCsWZ0&s=1728181411&e=10800&f=29972861&srv=27&asn=50304&sp=5500
IP
194.31.157.55:0
ASN
#174 COGENT-174

File type
data
Size
1.0 MB (1038144 bytes)
Hash
2ca10d8828decc95e2d04b05b2ed5821
b86d8d946a796e0fa8794531f208315b7e1840d7
fdbff7637d12c22c1f801bf093f2da6f3d51883fe57e9397d20c51c4fa05c7fa

HTTP Headers

GET /hls2/02/03864/52cv7tmjl547_x/seg-1-v1-a1.ts?t=G5aTupwQG1GyL3YELWgRCKnMy2Dvq-TqiwMYxxCsWZ0&s=1728181411&e=10800&f=29972861&srv=27&asn=50304&sp=5500 HTTP/1.1
Host: be4235.rcr32.ams02.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://jmzkzesy.xyz
DNT: 1
Connection: keep-alive
Referer: https://jmzkzesy.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 06 Oct 2024 02:23:32 GMT
Content-Type: video/MP2T
Content-Length: 1038144
Connection: keep-alive
Last-Modified: Sun, 19 Nov 2000 08:52:00 GMT
Expires: Tue, 08 Oct 2024 01:22:04 GMT
ETag: "5f693e80-fd740"
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Accept-Ranges: bytes

jmzkzesy.xyz/adcgi?id=90464033

104.21.96.55

6.3 kB

URL
jmzkzesy.xyz/adcgi?id=90464033
IP
104.21.96.55:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (394)
Size
6.3 kB (6329 bytes)
Hash
80400db7d87352937c9a8f1d714ba097
3683e940ff75e1b24e20de5e3bef5a0a1a353e4b
2c7ffce67a99e36f21fff2681e14cb2aa861478490f456ba0538ef4d3370161d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /adcgi?id=90464033 HTTP/1.1
Host: jmzkzesy.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 504 Gateway Timeout
date: Sun, 06 Oct 2024 02:23:32 GMT
content-type: text/html; charset=UTF-8
content-length: 6329
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ea%2Bh6vyGmAZ58BaAV05yihh5ODrciuceiH8KLjru8vT%2BX9XRKXVigRyVGYihJQGj9W3xMyY7joIWctMrvjBNEvpAUO6Bdi7s4h7MDRcBERdZbI1FVfrdEBcsTEiYa%2BI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 8ce230a61af892a6-CPH
X-Firefox-Spdy: h2

r11.o.lencr.org/

2.23.172.203

504 B

URL
r11.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
411ab02262050ed139dfbeebe6253230
aa72a13d4ab5645a3e8defa0febfe6cb09a1e356
8b40a1b25a264df6947834738d8acf446969ed37583c1349f83d13d3f2e0e42a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8B40A1B25A264DF6947834738D8ACF446969ED37583C1349F83D13D3F2E0E42A"
Last-Modified: Sat, 05 Oct 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3574
Expires: Sun, 06 Oct 2024 03:23:07 GMT
Date: Sun, 06 Oct 2024 02:23:33 GMT
Connection: keep-alive

r11.o.lencr.org/

2.23.172.203

504 B

URL
r11.o.lencr.org/
IP
2.23.172.203:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
411ab02262050ed139dfbeebe6253230
aa72a13d4ab5645a3e8defa0febfe6cb09a1e356
8b40a1b25a264df6947834738d8acf446969ed37583c1349f83d13d3f2e0e42a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8B40A1B25A264DF6947834738D8ACF446969ED37583C1349F83D13D3F2E0E42A"
Last-Modified: Sat, 05 Oct 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3574
Expires: Sun, 06 Oct 2024 03:23:07 GMT
Date: Sun, 06 Oct 2024 02:23:33 GMT
Connection: keep-alive

jmzkzesy.xyz/js/ls.js

104.21.96.55

130 kB

URL
jmzkzesy.xyz/js/ls.js
IP
104.21.96.55:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (2063), with no line terminators
Size
130 kB (129815 bytes)
Hash
f6784d7271569579cbc7e508fddb3fbb
61be0722316952e865893972791486e26961cdda
96f2f3c87be4a0582def1b5e1e9e19aa0529adb7fd9277cede56c1eefd906d01

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/ls.js HTTP/1.1
Host: jmzkzesy.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Oct 2024 02:23:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 14 Feb 2023 11:28:54 GMT
etag: W/"63eb7076-80f"
expires: Tue, 08 Oct 2024 10:49:49 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 401622
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nXFVmvtloH%2BTQcLYJiymwUN6Yhf8qryEq1alwAg%2BJT6KMnaA3C7Ebscew%2FwjZoR4IdPBFtMKcNWP7eAKgC%2BYWPwyJx%2FV56UJit%2Fy9wC5mlJz4elnCZ5wF0e76kgRaMI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ce2309debdd92a6-CPH
content-encoding: br
X-Firefox-Spdy: h2

jmzkzesy.xyz/player/jw8_26/jwplayer.core.controls.js?v=2

104.21.96.55

87 kB

URL
jmzkzesy.xyz/player/jw8_26/jwplayer.core.controls.js?v=2
IP
104.21.96.55:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (65143)
Size
87 kB (87310 bytes)
Hash
fee77850b6b254569cf03f43a4dfdde4
35841d306d3404fbef6825371ffdbcd992ade913
50b22ddf7e9cf49716e33660cc9de3c2bbf3cb90f203d8af93810f8f97bdee3f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /player/jw8_26/jwplayer.core.controls.js?v=2 HTTP/1.1
Host: jmzkzesy.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Oct 2024 02:23:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 09:09:34 GMT
etag: W/"660d1cce-4fcf7"
expires: Tue, 08 Oct 2024 10:49:49 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 401622
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CcDmkXBncOtcjbZuTwLMdgmxao2elhoqKa0Zdm8Zw9xWJ%2FbUhA3XL9tMb5vQLIViX8jG6enqO4r2RwbQnxZae44VIF4FdWfxpNin8fw5TyZAu8ywVh%2F%2ByntaXqv96bg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ce230a01def92a6-CPH
content-encoding: br
X-Firefox-Spdy: h2

r11.o.lencr.org/

2.23.172.201

504 B

URL
r11.o.lencr.org/
IP
2.23.172.201:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
411ab02262050ed139dfbeebe6253230
aa72a13d4ab5645a3e8defa0febfe6cb09a1e356
8b40a1b25a264df6947834738d8acf446969ed37583c1349f83d13d3f2e0e42a

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8B40A1B25A264DF6947834738D8ACF446969ED37583C1349F83D13D3F2E0E42A"
Last-Modified: Sat, 05 Oct 2024 16:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3667
Expires: Sun, 06 Oct 2024 03:24:40 GMT
Date: Sun, 06 Oct 2024 02:23:33 GMT
Connection: keep-alive

vwpttkoh.xyz/

172.67.143.219

0 B

URL
vwpttkoh.xyz/
IP
172.67.143.219:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: vwpttkoh.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmzkzesy.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 06 Oct 2024 02:23:40 GMT
content-type: text/html; charset=UTF-8
location: https://ijobloemotherofh.com/?fmon=1100124
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6howNdsGAEXfhQqJWfwy6az7cSD17Mvtfd1hNlQsHp4UVFOJks%2BfxMqNRS2%2FvkDesBXfgXTdV4zuzH8roBJA%2Fpv7oWRqh54QD5woBvmSFk28w9ko%2FhLsqGkU2X%2BxT0Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 8ce230d7389f1d12-CPH
X-Firefox-Spdy: h2

xml-v4.bidderads.com/click?i=G-jW8uVGQxc_0

174.137.133.17

0 B

URL
xml-v4.bidderads.com/click?i=G-jW8uVGQxc_0
IP
174.137.133.17:0
ASN
#27257 WEBAIR-INTERNET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?i=G-jW8uVGQxc_0 HTTP/1.1
Host: xml-v4.bidderads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jmzkzesy.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 06 Oct 2024 02:23:41 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://lernodydenknow.info/redirect?tid=1029916

lernodydenknow.info/redirect?tid=1029916

108.157.229.51

0 B

URL
lernodydenknow.info/redirect?tid=1029916
IP
108.157.229.51:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?tid=1029916 HTTP/1.1
Host: lernodydenknow.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jmzkzesy.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://s.optnx.com/cimp.php?data=TVRjeU9ERTRNVFF5TW53NU9UWTVNelE0TURGaFpESmlNVEZoTVRkaU5UaGlZemt4WWpjNE1qQm1aZy0tfGh0dHBzOi8vbW55bWtyLm5ldC9kNTNjZDA2Mi02OWY1LTQ1MjgtYTZkYS0wM2QzYTM4OGVkODk_Y2FtcGlkPTY4Mzk0NzQmdmFyaWQ9MTA0MDg1NzkyJnNvdXJjZT1hZC1tYXZlbi5jb20ma2V5d29yZD0lJnRhZ3M9am16a3plc3kseHl6JnNpdGVpZD04MTU0MzEmem9uZWlkPTQ5NjgxNjgmY2F0aWQ9NTExJmNvdW50cnk9Tk9SJmZvcm1hdD0mY29zdD0wLjAwMDEmdGFnPW9wZGROSGRMSFRQSE5WUzRBU09wdXJ0bXJ0ZE5MVExiVlpkTzZWenFwcG5Vek9vZE5VNlYwcnBYVDFVVTB1b21yb3B0bGRSTlZOWFBZNlYwenBYU3VsZEs2WjBycFhUTzBybzBubHpuejAxMWwwNG50cnVyMGx0czNwbXAxbTRzZHhiVExQdlBwdmJUcFpiVHhScFJadnhwcFhwZExadHR3NmFXZTY2YXQzbjdQV2JsWEdwYkhPZEs2VjBycFhTdWxkSzZWMHJwcko3WnJacVo1M09kSzZWMHJwWFN1bGRLNlYwcnBYVE8yM2x1cDEybHRwczQxcDJxc3J6enV0cm1sdG00cG0zMGNIMkF8aHR0cHN8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZC1tYXZlbi5jb218ODQ0MjQ0fDQzMDY3NXw4MTU0MzF8NDk2ODE2OHw1MTF8NjgzOTQ3NHwxMDQwODU3OTJ8MTV8M3wwfDB8MjUzNDR8MTAyOTkxNnwxMHw3NXxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDc4fDR8MXx8YjYzYjIwYTJhYmNjMGJmMjg2OTZiMDg3ZTQxNGMxZjd8Zjg0MDJlMmJlODRiNzg0ZjNiMzdlZmJiNmI5MDdkZGZ8MXwwfGptemt6ZXN5Lnh5enwwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTYzNDgwfC0xfDB8MzE1MTYyN3x8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8fDI0fDd8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwxfDJ8T0t8NGZjNWJhNGI3YTk0YjA3ZmM4OTI2MTgzMTA3MzZjNTg-
date: Sun, 06 Oct 2024 02:23:42 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=a5bbff79-8d9a-41cb-a043-b88a1c42b6aa
x-cache: Miss from cloudfront
via: 1.1 d913eed4ff9d3ba68bce11280aa7e1b8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: mjeAeUJJQEtDPxK4wXKVSteBD53b3TKfj-MaaD-pHtmRfCoJkeaqFg==
X-Firefox-Spdy: h2

s.optnx.com/cimp.php?data=TVRjeU9ERTRNVFF5TW53NU9UWTVNelE0TURGaFpESmlNVEZoTVRkaU5UaGlZemt4WWpjNE1qQm1aZy0tfGh0dHBzOi8vbW55bWtyLm5ldC9kNTNjZDA2Mi02OWY1LTQ1MjgtYTZkYS0wM2QzYTM4OGVkODk_Y2FtcGlkPTY4Mzk0NzQmdmFyaWQ9MTA0MDg1NzkyJnNvdXJjZT1hZC1tYXZlbi5jb20ma2V5d29yZD0lJnRhZ3M9am16a3plc3kseHl6JnNpdGVpZD04MTU0MzEmem9uZWlkPTQ5NjgxNjgmY2F0aWQ9NTExJmNvdW50cnk9Tk9SJmZvcm1hdD0mY29zdD0wLjAwMDEmdGFnPW9wZGROSGRMSFRQSE5WUzRBU09wdXJ0bXJ0ZE5MVExiVlpkTzZWenFwcG5Vek9vZE5VNlYwcnBYVDFVVTB1b21yb3B0bGRSTlZOWFBZNlYwenBYU3VsZEs2WjBycFhUTzBybzBubHpuejAxMWwwNG50cnVyMGx0czNwbXAxbTRzZHhiVExQdlBwdmJUcFpiVHhScFJadnhwcFhwZExadHR3NmFXZTY2YXQzbjdQV2JsWEdwYkhPZEs2VjBycFhTdWxkSzZWMHJwcko3WnJacVo1M09kSzZWMHJwWFN1bGRLNlYwcnBYVE8yM2x1cDEybHRwczQxcDJxc3J6enV0cm1sdG00cG0zMGNIMkF8aHR0cHN8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZC1tYXZlbi5jb218ODQ0MjQ0fDQzMDY3NXw4MTU0MzF8NDk2ODE2OHw1MTF8NjgzOTQ3NHwxMDQwODU3OTJ8MTV8M3wwfDB8MjUzNDR8MTAyOTkxNnwxMHw3NXxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDc4fDR8MXx8YjYzYjIwYTJhYmNjMGJmMjg2OTZiMDg3ZTQxNGMxZjd8Zjg0MDJlMmJlODRiNzg0ZjNiMzdlZmJiNmI5MDdkZGZ8MXwwfGptemt6ZXN5Lnh5enwwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTYzNDgwfC0xfDB8MzE1MTYyN3x8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8fDI0fDd8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwxfDJ8T0t8NGZjNWJhNGI3YTk0YjA3ZmM4OTI2MTgzMTA3MzZjNTg-

95.211.229.247

1.5 kB

URL
s.optnx.com/cimp.php?data=TVRjeU9ERTRNVFF5TW53NU9UWTVNelE0TURGaFpESmlNVEZoTVRkaU5UaGlZemt4WWpjNE1qQm1aZy0tfGh0dHBzOi8vbW55bWtyLm5ldC9kNTNjZDA2Mi02OWY1LTQ1MjgtYTZkYS0wM2QzYTM4OGVkODk_Y2FtcGlkPTY4Mzk0NzQmdmFyaWQ9MTA0MDg1NzkyJnNvdXJjZT1hZC1tYXZlbi5jb20ma2V5d29yZD0lJnRhZ3M9am16a3plc3kseHl6JnNpdGVpZD04MTU0MzEmem9uZWlkPTQ5NjgxNjgmY2F0aWQ9NTExJmNvdW50cnk9Tk9SJmZvcm1hdD0mY29zdD0wLjAwMDEmdGFnPW9wZGROSGRMSFRQSE5WUzRBU09wdXJ0bXJ0ZE5MVExiVlpkTzZWenFwcG5Vek9vZE5VNlYwcnBYVDFVVTB1b21yb3B0bGRSTlZOWFBZNlYwenBYU3VsZEs2WjBycFhUTzBybzBubHpuejAxMWwwNG50cnVyMGx0czNwbXAxbTRzZHhiVExQdlBwdmJUcFpiVHhScFJadnhwcFhwZExadHR3NmFXZTY2YXQzbjdQV2JsWEdwYkhPZEs2VjBycFhTdWxkSzZWMHJwcko3WnJacVo1M09kSzZWMHJwWFN1bGRLNlYwcnBYVE8yM2x1cDEybHRwczQxcDJxc3J6enV0cm1sdG00cG0zMGNIMkF8aHR0cHN8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZC1tYXZlbi5jb218ODQ0MjQ0fDQzMDY3NXw4MTU0MzF8NDk2ODE2OHw1MTF8NjgzOTQ3NHwxMDQwODU3OTJ8MTV8M3wwfDB8MjUzNDR8MTAyOTkxNnwxMHw3NXxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDc4fDR8MXx8YjYzYjIwYTJhYmNjMGJmMjg2OTZiMDg3ZTQxNGMxZjd8Zjg0MDJlMmJlODRiNzg0ZjNiMzdlZmJiNmI5MDdkZGZ8MXwwfGptemt6ZXN5Lnh5enwwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTYzNDgwfC0xfDB8MzE1MTYyN3x8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8fDI0fDd8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwxfDJ8T0t8NGZjNWJhNGI3YTk0YjA3ZmM4OTI2MTgzMTA3MzZjNTg-
IP
95.211.229.247:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document, ASCII text, with very long lines (2033)
Size
1.5 kB (1474 bytes)
Hash
5d8cb38e564ebe610e35b0f65b6fec33
85343153ffd11d664538bc7322457412e3770afe
d3ec68daeea63b543612f536bc34dc42bd54431f4ba4d46f89b3d50e19f3218c

HTTP Headers

GET /cimp.php?data=TVRjeU9ERTRNVFF5TW53NU9UWTVNelE0TURGaFpESmlNVEZoTVRkaU5UaGlZemt4WWpjNE1qQm1aZy0tfGh0dHBzOi8vbW55bWtyLm5ldC9kNTNjZDA2Mi02OWY1LTQ1MjgtYTZkYS0wM2QzYTM4OGVkODk_Y2FtcGlkPTY4Mzk0NzQmdmFyaWQ9MTA0MDg1NzkyJnNvdXJjZT1hZC1tYXZlbi5jb20ma2V5d29yZD0lJnRhZ3M9am16a3plc3kseHl6JnNpdGVpZD04MTU0MzEmem9uZWlkPTQ5NjgxNjgmY2F0aWQ9NTExJmNvdW50cnk9Tk9SJmZvcm1hdD0mY29zdD0wLjAwMDEmdGFnPW9wZGROSGRMSFRQSE5WUzRBU09wdXJ0bXJ0ZE5MVExiVlpkTzZWenFwcG5Vek9vZE5VNlYwcnBYVDFVVTB1b21yb3B0bGRSTlZOWFBZNlYwenBYU3VsZEs2WjBycFhUTzBybzBubHpuejAxMWwwNG50cnVyMGx0czNwbXAxbTRzZHhiVExQdlBwdmJUcFpiVHhScFJadnhwcFhwZExadHR3NmFXZTY2YXQzbjdQV2JsWEdwYkhPZEs2VjBycFhTdWxkSzZWMHJwcko3WnJacVo1M09kSzZWMHJwWFN1bGRLNlYwcnBYVE8yM2x1cDEybHRwczQxcDJxc3J6enV0cm1sdG00cG0zMGNIMkF8aHR0cHN8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZC1tYXZlbi5jb218ODQ0MjQ0fDQzMDY3NXw4MTU0MzF8NDk2ODE2OHw1MTF8NjgzOTQ3NHwxMDQwODU3OTJ8MTV8M3wwfDB8MjUzNDR8MTAyOTkxNnwxMHw3NXxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDc4fDR8MXx8YjYzYjIwYTJhYmNjMGJmMjg2OTZiMDg3ZTQxNGMxZjd8Zjg0MDJlMmJlODRiNzg0ZjNiMzdlZmJiNmI5MDdkZGZ8MXwwfGptemt6ZXN5Lnh5enwwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTYzNDgwfC0xfDB8MzE1MTYyN3x8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8fDI0fDd8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwxfDJ8T0t8NGZjNWJhNGI3YTk0YjA3ZmM4OTI2MTgzMTA3MzZjNTg- HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jmzkzesy.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 06 Oct 2024 02:23:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226701f4ae6d8224.07935371573266898%22%3B%7D; expires=Tue, 06 Oct 2026 02:23:42 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Accept-Ch: Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Full-Version,Sec-Ch-Ua-Full-Version-list,Sec-Ch-Ua-Platform,Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Bitness,Sec-Ch-Ua-Arch
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

95.211.229.247

0 B

URL
s.optnx.com/cimp.php?data=TVRjeU9ERTRNVFF5TW53NU9UWTVNelE0TURGaFpESmlNVEZoTVRkaU5UaGlZemt4WWpjNE1qQm1aZy0tfGh0dHBzOi8vbW55bWtyLm5ldC9kNTNjZDA2Mi02OWY1LTQ1MjgtYTZkYS0wM2QzYTM4OGVkODk_Y2FtcGlkPTY4Mzk0NzQmdmFyaWQ9MTA0MDg1NzkyJnNvdXJjZT1hZC1tYXZlbi5jb20ma2V5d29yZD0lJnRhZ3M9am16a3plc3kseHl6JnNpdGVpZD04MTU0MzEmem9uZWlkPTQ5NjgxNjgmY2F0aWQ9NTExJmNvdW50cnk9Tk9SJmZvcm1hdD0mY29zdD0wLjAwMDEmdGFnPW9wZGROSGRMSFRQSE5WUzRBU09wdXJ0bXJ0ZE5MVExiVlpkTzZWenFwcG5Vek9vZE5VNlYwcnBYVDFVVTB1b21yb3B0bGRSTlZOWFBZNlYwenBYU3VsZEs2WjBycFhUTzBybzBubHpuejAxMWwwNG50cnVyMGx0czNwbXAxbTRzZHhiVExQdlBwdmJUcFpiVHhScFJadnhwcFhwZExadHR3NmFXZTY2YXQzbjdQV2JsWEdwYkhPZEs2VjBycFhTdWxkSzZWMHJwcko3WnJacVo1M09kSzZWMHJwWFN1bGRLNlYwcnBYVE8yM2x1cDEybHRwczQxcDJxc3J6enV0cm1sdG00cG0zMGNIMkF8aHR0cHN8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZC1tYXZlbi5jb218ODQ0MjQ0fDQzMDY3NXw4MTU0MzF8NDk2ODE2OHw1MTF8NjgzOTQ3NHwxMDQwODU3OTJ8MTV8M3wwfDB8MjUzNDR8MTAyOTkxNnwxMHw3NXxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDc4fDR8MXx8YjYzYjIwYTJhYmNjMGJmMjg2OTZiMDg3ZTQxNGMxZjd8Zjg0MDJlMmJlODRiNzg0ZjNiMzdlZmJiNmI5MDdkZGZ8MXwwfGptemt6ZXN5Lnh5enwwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTYzNDgwfC0xfDB8MzE1MTYyN3x8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8fDI0fDd8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwxfDJ8T0t8NGZjNWJhNGI3YTk0YjA3ZmM4OTI2MTgzMTA3MzZjNTg-&p=https%3A%2F%2Fjmzkzesy.xyz%2F&tested=1&check=4982d74cc5945eb5f443cbeab8c29c8c&screen_resolution=1280x1024&container_resolution=1280x1024&iframe=1
IP
95.211.229.247:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cimp.php?data=TVRjeU9ERTRNVFF5TW53NU9UWTVNelE0TURGaFpESmlNVEZoTVRkaU5UaGlZemt4WWpjNE1qQm1aZy0tfGh0dHBzOi8vbW55bWtyLm5ldC9kNTNjZDA2Mi02OWY1LTQ1MjgtYTZkYS0wM2QzYTM4OGVkODk_Y2FtcGlkPTY4Mzk0NzQmdmFyaWQ9MTA0MDg1NzkyJnNvdXJjZT1hZC1tYXZlbi5jb20ma2V5d29yZD0lJnRhZ3M9am16a3plc3kseHl6JnNpdGVpZD04MTU0MzEmem9uZWlkPTQ5NjgxNjgmY2F0aWQ9NTExJmNvdW50cnk9Tk9SJmZvcm1hdD0mY29zdD0wLjAwMDEmdGFnPW9wZGROSGRMSFRQSE5WUzRBU09wdXJ0bXJ0ZE5MVExiVlpkTzZWenFwcG5Vek9vZE5VNlYwcnBYVDFVVTB1b21yb3B0bGRSTlZOWFBZNlYwenBYU3VsZEs2WjBycFhUTzBybzBubHpuejAxMWwwNG50cnVyMGx0czNwbXAxbTRzZHhiVExQdlBwdmJUcFpiVHhScFJadnhwcFhwZExadHR3NmFXZTY2YXQzbjdQV2JsWEdwYkhPZEs2VjBycFhTdWxkSzZWMHJwcko3WnJacVo1M09kSzZWMHJwWFN1bGRLNlYwcnBYVE8yM2x1cDEybHRwczQxcDJxc3J6enV0cm1sdG00cG0zMGNIMkF8aHR0cHN8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZC1tYXZlbi5jb218ODQ0MjQ0fDQzMDY3NXw4MTU0MzF8NDk2ODE2OHw1MTF8NjgzOTQ3NHwxMDQwODU3OTJ8MTV8M3wwfDB8MjUzNDR8MTAyOTkxNnwxMHw3NXxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDc4fDR8MXx8YjYzYjIwYTJhYmNjMGJmMjg2OTZiMDg3ZTQxNGMxZjd8Zjg0MDJlMmJlODRiNzg0ZjNiMzdlZmJiNmI5MDdkZGZ8MXwwfGptemt6ZXN5Lnh5enwwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTYzNDgwfC0xfDB8MzE1MTYyN3x8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8fDI0fDd8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwxfDJ8T0t8NGZjNWJhNGI3YTk0YjA3ZmM4OTI2MTgzMTA3MzZjNTg-&p=https%3A%2F%2Fjmzkzesy.xyz%2F&tested=1&check=4982d74cc5945eb5f443cbeab8c29c8c&screen_resolution=1280x1024&container_resolution=1280x1024&iframe=1 HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.optnx.com/cimp.php?data=TVRjeU9ERTRNVFF5TW53NU9UWTVNelE0TURGaFpESmlNVEZoTVRkaU5UaGlZemt4WWpjNE1qQm1aZy0tfGh0dHBzOi8vbW55bWtyLm5ldC9kNTNjZDA2Mi02OWY1LTQ1MjgtYTZkYS0wM2QzYTM4OGVkODk_Y2FtcGlkPTY4Mzk0NzQmdmFyaWQ9MTA0MDg1NzkyJnNvdXJjZT1hZC1tYXZlbi5jb20ma2V5d29yZD0lJnRhZ3M9am16a3plc3kseHl6JnNpdGVpZD04MTU0MzEmem9uZWlkPTQ5NjgxNjgmY2F0aWQ9NTExJmNvdW50cnk9Tk9SJmZvcm1hdD0mY29zdD0wLjAwMDEmdGFnPW9wZGROSGRMSFRQSE5WUzRBU09wdXJ0bXJ0ZE5MVExiVlpkTzZWenFwcG5Vek9vZE5VNlYwcnBYVDFVVTB1b21yb3B0bGRSTlZOWFBZNlYwenBYU3VsZEs2WjBycFhUTzBybzBubHpuejAxMWwwNG50cnVyMGx0czNwbXAxbTRzZHhiVExQdlBwdmJUcFpiVHhScFJadnhwcFhwZExadHR3NmFXZTY2YXQzbjdQV2JsWEdwYkhPZEs2VjBycFhTdWxkSzZWMHJwcko3WnJacVo1M09kSzZWMHJwWFN1bGRLNlYwcnBYVE8yM2x1cDEybHRwczQxcDJxc3J6enV0cm1sdG00cG0zMGNIMkF8aHR0cHN8OTEuOTAuNDIuMTU0fE5PUnw0MXxhZC1tYXZlbi5jb218ODQ0MjQ0fDQzMDY3NXw4MTU0MzF8NDk2ODE2OHw1MTF8NjgzOTQ3NHwxMDQwODU3OTJ8MTV8M3wwfDB8MjUzNDR8MTAyOTkxNnwxMHw3NXxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDc4fDR8MXx8YjYzYjIwYTJhYmNjMGJmMjg2OTZiMDg3ZTQxNGMxZjd8Zjg0MDJlMmJlODRiNzg0ZjNiMzdlZmJiNmI5MDdkZGZ8MXwwfGptemt6ZXN5Lnh5enwwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTYzNDgwfC0xfDB8MzE1MTYyN3x8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8fDI0fDd8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8MHwxfDJ8T0t8NGZjNWJhNGI3YTk0YjA3ZmM4OTI2MTgzMTA3MzZjNTg-
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226701f4ae6d8224.07935371573266898%22%3B%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 06 Oct 2024 02:23:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226701f4ae6d8224.07935371573266898%22%3B%7D; expires=Tue, 06 Oct 2026 02:23:42 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: https://mnymkr.net/d53cd062-69f5-4528-a6da-03d3a388ed89?campid=6839474&varid=104085792&source=ad-maven.com&keyword=%&tags=jmzkzesy,xyz&siteid=815431&zoneid=4968168&catid=511&country=NOR&format=&cost=0.0001&tag=opddNHdLHTPHNVS4ASOpurtmrtdNLTLbVZdO6VzqppnUzOodNU6V0rpXT1UU0uomroptldRNVNXPY6V0zpXSuldK6Z0rpXTO0ro0nlznz011l04ntrur0lts3pmp1m4sdxbTLPvPpvbTpZbTxRpRZvxppXpdLZttw6aWe66at3n7PWblXGpbHOdK6V0rpXSuldK6V0rprJ7ZrZqZ53OdK6V0rpXSuldK6V0rpXTO23lup12ltps41p2qsrzzutrmltm4pm30cH2A&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDEwMjQiLCJpIjoiMSJ9
X-Robots-Tag: noindex, follow

mnymkr.net/d53cd062-69f5-4528-a6da-03d3a388ed89?campid=6839474&varid=104085792&source=ad-maven.com&keyword=%&tags=jmzkzesy,xyz&siteid=815431&zoneid=4968168&catid=511&country=NOR&format=&cost=0.0001&tag=opddNHdLHTPHNVS4ASOpurtmrtdNLTLbVZdO6VzqppnUzOodNU6V0rpXT1UU0uomroptldRNVNXPY6V0zpXSuldK6Z0rpXTO0ro0nlznz011l04ntrur0lts3pmp1m4sdxbTLPvPpvbTpZbTxRpRZvxppXpdLZttw6aWe66at3n7PWblXGpbHOdK6V0rpXSuldK6V0rprJ7ZrZqZ53OdK6V0rpXSuldK6V0rpXTO23lup12ltps41p2qsrzzutrmltm4pm30cH2A&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDEwMjQiLCJpIjoiMSJ9

104.21.87.72

0 B

URL
mnymkr.net/d53cd062-69f5-4528-a6da-03d3a388ed89?campid=6839474&varid=104085792&source=ad-maven.com&keyword=%&tags=jmzkzesy,xyz&siteid=815431&zoneid=4968168&catid=511&country=NOR&format=&cost=0.0001&tag=opddNHdLHTPHNVS4ASOpurtmrtdNLTLbVZdO6VzqppnUzOodNU6V0rpXT1UU0uomroptldRNVNXPY6V0zpXSuldK6Z0rpXTO0ro0nlznz011l04ntrur0lts3pmp1m4sdxbTLPvPpvbTpZbTxRpRZvxppXpdLZttw6aWe66at3n7PWblXGpbHOdK6V0rpXSuldK6V0rprJ7ZrZqZ53OdK6V0rpXSuldK6V0rpXTO23lup12ltps41p2qsrzzutrmltm4pm30cH2A&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDEwMjQiLCJpIjoiMSJ9
IP
104.21.87.72:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /d53cd062-69f5-4528-a6da-03d3a388ed89?campid=6839474&varid=104085792&source=ad-maven.com&keyword=%&tags=jmzkzesy,xyz&siteid=815431&zoneid=4968168&catid=511&country=NOR&format=&cost=0.0001&tag=opddNHdLHTPHNVS4ASOpurtmrtdNLTLbVZdO6VzqppnUzOodNU6V0rpXT1UU0uomroptldRNVNXPY6V0zpXSuldK6Z0rpXTO0ro0nlznz011l04ntrur0lts3pmp1m4sdxbTLPvPpvbTpZbTxRpRZvxppXpdLZttw6aWe66at3n7PWblXGpbHOdK6V0rpXSuldK6V0rprJ7ZrZqZ53OdK6V0rpXSuldK6V0rpXTO23lup12ltps41p2qsrzzutrmltm4pm30cH2A&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxMjgweDEwMjQiLCJpIjoiMSJ9 HTTP/1.1
Host: mnymkr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.optnx.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 06 Oct 2024 02:23:42 GMT
content-length: 0
location: https://theinfluhub.com/r.php?ig=https%3A%2F%2Fr.linksprf.com%2Fv1%2Fredirect%3Ftype%3DlinkId%26id%3D609e02d2247b4fde912947870896414d%26api_key%3D5f18a882d3751319dd0ead850d10f2f1%26site_id%3Db343032def5f46bf8afc9b1393dcc3f1%26dch%3Dfeed%26ad_t%3Dadvertiser%26yk_tag%3Dwqpigvt7m3ivj2m4jkkff12v
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: d53cd062-69f5-4528-a6da-03d3a388ed89-v4=21rMKdZghwYZqzRD2llQiYNp8f2pUhu4s8865hYdgvU; Max-Age=86400; Expires=Mon, 07 Oct 2024 02:23:42 GMT; Domain=mnymkr.net; Path=/; HttpOnly
cc-v4=Tuo8VC%2FMr3H1PiZOB%2BK36gGxeOo3%2Fjjfu3XYA5ovA0DuNixXG46qfXuKLPX3V6UrodvNWy7857w%2B%2FY7zT5N1xWUhMXUyS66ME1vSZSqo%2F6%2BFRe1Kh5i1bJ%2BaQE6A3wkSRt20%2BxlddW0BplGbF09G5A%3D%3D; Max-Age=31536000; Expires=Mon, 06 Oct 2025 02:23:42 GMT; Domain=mnymkr.net; Path=/; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LKGeZwLf3%2FizT6103JR%2B2loA319xjXQQs3XO9rNpe4MErt%2FDLtPVspSyUDm8JEEJFupeAxHSR9qp8xnuQORmMBGaNlJjvH7RLvEsCWHRhok9FyxVsLiGBbNmlavP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ce230e56896930d-CPH
X-Firefox-Spdy: h2

theinfluhub.com/r.php?ig=https%3A%2F%2Fr.linksprf.com%2Fv1%2Fredirect%3Ftype%3DlinkId%26id%3D609e02d2247b4fde912947870896414d%26api_key%3D5f18a882d3751319dd0ead850d10f2f1%26site_id%3Db343032def5f46bf8afc9b1393dcc3f1%26dch%3Dfeed%26ad_t%3Dadvertiser%26yk_tag%3Dwqpigvt7m3ivj2m4jkkff12v

104.26.9.242

9.9 kB

URL
theinfluhub.com/r.php?ig=https%3A%2F%2Fr.linksprf.com%2Fv1%2Fredirect%3Ftype%3DlinkId%26id%3D609e02d2247b4fde912947870896414d%26api_key%3D5f18a882d3751319dd0ead850d10f2f1%26site_id%3Db343032def5f46bf8afc9b1393dcc3f1%26dch%3Dfeed%26ad_t%3Dadvertiser%26yk_tag%3Dwqpigvt7m3ivj2m4jkkff12v
IP
104.26.9.242:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
9.9 kB (9914 bytes)
Hash
beb060e3afd262abd5894920c353e1de
39e1e97d8f98107f9588ef483f8efa5c3842fd35
302b556020cf1271dc80c63749679361d8f4c01dde12cd64f301f2dc688712ca

HTTP Headers

GET /r.php?ig=https%3A%2F%2Fr.linksprf.com%2Fv1%2Fredirect%3Ftype%3DlinkId%26id%3D609e02d2247b4fde912947870896414d%26api_key%3D5f18a882d3751319dd0ead850d10f2f1%26site_id%3Db343032def5f46bf8afc9b1393dcc3f1%26dch%3Dfeed%26ad_t%3Dadvertiser%26yk_tag%3Dwqpigvt7m3ivj2m4jkkff12v HTTP/1.1
Host: theinfluhub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://s.optnx.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 308 Permanent Redirect
date: Sun, 06 Oct 2024 02:23:43 GMT
content-type: text/html; charset=UTF-8
location: https://r.linksprf.com/v1/redirect?type=linkId&id=609e02d2247b4fde912947870896414d&api_key=5f18a882d3751319dd0ead850d10f2f1&site_id=b343032def5f46bf8afc9b1393dcc3f1&dch=feed&ad_t=advertiser&yk_tag=wqpigvt7m3ivj2m4jkkff12v
x-powered-by: PHP/8.2.24, PleskLin
referrer-policy: no-referrer
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tKGN5xoxipNGUtbN8kHHc%2BdTKZZ%2FimCblCpe2Sm6EknoJQajf41rYzQ0YEpq7Te7%2Bgxmr7TS%2FjAo4FFMmVXWau3wRVlgC88yyIMA8q1XBe2iCOBn93nW%2FVpsINbkdzSXUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cflb=0H28vHozRJJ2U2zMtQjnXUhdueqGJYZ1FB346WrTMho; SameSite=None; Secure; path=/; expires=Sun, 06-Oct-24 02:53:43 GMT; HttpOnly
server: cloudflare
cf-ray: 8ce230e65d849424-LHR
X-Firefox-Spdy: h2

jmzkzesy.xyz/js/jquery.cookie.js

104.21.96.55

2.0 kB

URL
jmzkzesy.xyz/js/jquery.cookie.js
IP
104.21.96.55:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
2.0 kB (1978 bytes)
Hash
ae0c2c5d8f01f7d35bb698bb618a62f7
63556a22ddea1c5f23a5cf7d0b6d35c7aab54e20
75aef2e95ea7f3a70999396fba0c2ab866f4ff06313cf1b07780d800a5fc1ebc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: jmzkzesy.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 06 Oct 2024 02:23:31 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 31 May 2011 12:53:56 GMT
etag: W/"4de4e4e4-10eb"
expires: Tue, 08 Oct 2024 10:49:49 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 401622
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WdtEq53OjyLq%2FrH6p%2BI%2B2ORbeyDyDBpUXxNm6XijmltqxVObQUJ2Yt9EaKfkg9Q992d%2FfwSnWF9i%2Bozd7akac8craOGO8kIJQSrkrpkckabvYZf7g2iF3eAObMcKwNM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8ce2309debd892a6-CPH
content-encoding: br
X-Firefox-Spdy: h2

r.linksprf.com/v1/redirect?type=linkId&id=609e02d2247b4fde912947870896414d&api_key=5f18a882d3751319dd0ead850d10f2f1&site_id=b343032def5f46bf8afc9b1393dcc3f1&dch=feed&ad_t=advertiser&yk_tag=wqpigvt7m3ivj2m4jkkff12v

18.202.86.139

302 Found

0 B

URL GET HTTP/2
r.linksprf.com/v1/redirect?type=linkId&id=609e02d2247b4fde912947870896414d&api_key=5f18a882d3751319dd0ead850d10f2f1&site_id=b343032def5f46bf8afc9b1393dcc3f1&dch=feed&ad_t=advertiser&yk_tag=wqpigvt7m3ivj2m4jkkff12v
IP
18.202.86.139:443
ASN
#16509 AMAZON-02

Requested by
https://jmzkzesy.xyz/bdd/03wxu5r4c5db?referer=bflix.sh
Certificate
IssuerLet's Encrypt
Subjectlinksprf.com
FingerprintD0:8A:82:F9:CA:A6:12:31:07:9B:6A:A5:9A:A0:90:98:C1:6E:5E:4C
ValidityThu, 19 Sep 2024 07:42:54 GMT - Wed, 18 Dec 2024 07:42:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v1/redirect?type=linkId&id=609e02d2247b4fde912947870896414d&api_key=5f18a882d3751319dd0ead850d10f2f1&site_id=b343032def5f46bf8afc9b1393dcc3f1&dch=feed&ad_t=advertiser&yk_tag=wqpigvt7m3ivj2m4jkkff12v HTTP/1.1
Host: r.linksprf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sun, 06 Oct 2024 02:23:43 GMT
content-length: 0
set-cookie: ykuid=c2b55d554e5a4ac081c0e2e13179ddd4; Path=/; Secure; Domain=.linksprf.com; Max-Age=31536000; SameSite=None
JSESSIONID=12DF38882183335D64281E7982EA159D; Path=/; HttpOnly
location: /v2/go?t=mtcpo%3Aa%2Fnwr..wwnF.%25o2%2FAw%25ltch.pht%3Feii%3D.0s7o%26ldi1o3%3D6t%26el1c3rcf3%3D30b0c0a0f561f7ffdd3a3f36-4db3b80deffed08b3bd4%266lfcardff%3D7313530d0f0f06%3Dfcaac1b33c3d9c1f9%26fw8rbv4354e0210240b03ce8kfi4c34728a1294444921a82743b44f082ce05042b180f4931v92deckfi%26cx6r4s4c%3Daib6o5t2ddrmcp%26p%3Dktipc3a%25mFc21wiwagwawd%2Fds.toh&e=1&ai=491500292f7f4ed88ec4bb49decd52b6&sct=0&ct=1728181423338&cu=70fcd8aff46347b8b109e4f4d28a32d4&sr=1&cs=827920fe8b50e04debd540c25d7415c9
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

r.linksprf.com/v2/go?t=mtcpo%3Aa%2Fnwr..wwnF.%25o2%2FAw%25ltch.pht%3Feii%3D.0s7o%26ldi1o3%3D6t%26el1c3rcf3%3D30b0c0a0f561f7ffdd3a3f36-4db3b80deffed08b3bd4%266lfcardff%3D7313530d0f0f06%3Dfcaac1b33c3d9c1f9%26fw8rbv4354e0210240b03ce8kfi4c34728a1294444921a82743b44f082ce05042b180f4931v92deckfi%26cx6r4s4c%3Daib6o5t2ddrmcp%26p%3Dktipc3a%25mFc21wiwagwawd%2Fds.toh&e=1&ai=491500292f7f4ed88ec4bb49decd52b6&sct=0&ct=1728181423338&cu=70fcd8aff46347b8b109e4f4d28a32d4&sr=1&cs=827920fe8b50e04debd540c25d7415c9

18.202.86.139

0 B

URL
r.linksprf.com/v2/go?t=mtcpo%3Aa%2Fnwr..wwnF.%25o2%2FAw%25ltch.pht%3Feii%3D.0s7o%26ldi1o3%3D6t%26el1c3rcf3%3D30b0c0a0f561f7ffdd3a3f36-4db3b80deffed08b3bd4%266lfcardff%3D7313530d0f0f06%3Dfcaac1b33c3d9c1f9%26fw8rbv4354e0210240b03ce8kfi4c34728a1294444921a82743b44f082ce05042b180f4931v92deckfi%26cx6r4s4c%3Daib6o5t2ddrmcp%26p%3Dktipc3a%25mFc21wiwagwawd%2Fds.toh&e=1&ai=491500292f7f4ed88ec4bb49decd52b6&sct=0&ct=1728181423338&cu=70fcd8aff46347b8b109e4f4d28a32d4&sr=1&cs=827920fe8b50e04debd540c25d7415c9
IP
18.202.86.139:0
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectlinksprf.com
FingerprintD0:8A:82:F9:CA:A6:12:31:07:9B:6A:A5:9A:A0:90:98:C1:6E:5E:4C
ValidityThu, 19 Sep 2024 07:42:54 GMT - Wed, 18 Dec 2024 07:42:53 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v2/go?t=mtcpo%3Aa%2Fnwr..wwnF.%25o2%2FAw%25ltch.pht%3Feii%3D.0s7o%26ldi1o3%3D6t%26el1c3rcf3%3D30b0c0a0f561f7ffdd3a3f36-4db3b80deffed08b3bd4%266lfcardff%3D7313530d0f0f06%3Dfcaac1b33c3d9c1f9%26fw8rbv4354e0210240b03ce8kfi4c34728a1294444921a82743b44f082ce05042b180f4931v92deckfi%26cx6r4s4c%3Daib6o5t2ddrmcp%26p%3Dktipc3a%25mFc21wiwagwawd%2Fds.toh&e=1&ai=491500292f7f4ed88ec4bb49decd52b6&sct=0&ct=1728181423338&cu=70fcd8aff46347b8b109e4f4d28a32d4&sr=1&cs=827920fe8b50e04debd540c25d7415c9 HTTP/1.1
Host: r.linksprf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ykuid=c2b55d554e5a4ac081c0e2e13179ddd4
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Sun, 06 Oct 2024 02:23:43 GMT
content-length: 0
location: https://www.awin1.com/awclick.php?mid=20576&id=143466&clickref2=v03040001521070fcd8aff46347b8b109e4f4d28a32d4&clickref3=b343032def5f46bf8afc9b1393dcc3f1&awcr=v03040001521070fcd8aff46347b8b109e4f4d28a32d4-b343032def5f46bf8afc9b1393dcc3f1&extr=socialboost.direct&p=http%3A%2F%2Fwww.grandado.com
strict-transport-security: max-age=31536000; includeSubDomains
X-Firefox-Spdy: h2

www.awin1.com/awclick.php?mid=20576&id=143466&clickref2=v03040001521070fcd8aff46347b8b109e4f4d28a32d4&clickref3=b343032def5f46bf8afc9b1393dcc3f1&awcr=v03040001521070fcd8aff46347b8b109e4f4d28a32d4-b343032def5f46bf8afc9b1393dcc3f1&extr=socialboost.direct&p=http%3A%2F%2Fwww.grandado.com

23.49.29.238

0 B

URL
www.awin1.com/awclick.php?mid=20576&id=143466&clickref2=v03040001521070fcd8aff46347b8b109e4f4d28a32d4&clickref3=b343032def5f46bf8afc9b1393dcc3f1&awcr=v03040001521070fcd8aff46347b8b109e4f4d28a32d4-b343032def5f46bf8afc9b1393dcc3f1&extr=socialboost.direct&p=http%3A%2F%2Fwww.grandado.com
IP
23.49.29.238:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /awclick.php?mid=20576&id=143466&clickref2=v03040001521070fcd8aff46347b8b109e4f4d28a32d4&clickref3=b343032def5f46bf8afc9b1393dcc3f1&awcr=v03040001521070fcd8aff46347b8b109e4f4d28a32d4-b343032def5f46bf8afc9b1393dcc3f1&extr=socialboost.direct&p=http%3A%2F%2Fwww.grandado.com HTTP/1.1
Host: www.awin1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.grandado.com?utm_source=awin _no&utm_medium=affiliate&utm_campaign=yieldkit.com&sv1=affiliate&sv_campaign_id=143466&awc=20576_1728181423_4a552a55a8e52ff8cb6dcf2ca9796253
Allow: GET
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Date: Sun, 06 Oct 2024 02:23:43 GMT
Connection: keep-alive
Set-Cookie: aw20576=143466|0|0|1728181423|v03040001521070fcd8aff46347b8b109e4f4d28a32d4-b343032def5f46bf8afc9b1393dcc3f1|aw|0;domain=.awin1.com;path=/;expires=Tuesday, 05-Nov-2024 02:23:43 UTC;Secure;SameSite=None
bId=HLEX_6701f4aff464b0.42197981;domain=.awin1.com;path=/;expires=Monday, 06-Oct-2025 02:23:43 UTC;Secure;SameSite=None
Strict-Transport-Security: max-age=86400
Awin-Akamai-Rule-Set: default

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by