Report - primewire.theproxy.vip/

Report Overview

Visited public
2025-05-30 20:24:10
Tags
URL
primewire.theproxy.vip/
Finishing URL
primewire.theproxy.vip/
IP / ASN
104.21.64.31
#13335 CLOUDFLARENET
Title
Suspected phishing site | Cloudflare

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
matomo.hellohi.me	545402	2019-07-03	2019-07-03	2025-05-24	422 B	613 B	104.21.48.1
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-05-28	574 B	21 kB	142.250.178.35
primewire.theproxy.vip	unknown	unknown	No data	No data	5.1 kB	170 kB	104.21.64.31
i.ibb.co	13485	2010-07-20	2018-11-25	2025-05-25	446 B	5.9 kB	91.134.9.160
matomo3.org	unknown	2019-09-20	2019-11-23	2025-05-29	824 B	1.5 kB	172.67.211.223
equilibriumfestive.com	unknown	2025-04-19	2025-04-23	2025-05-23	924 B	171 kB	192.243.59.20
theusualsuspectz.biz	unknown	2023-01-27	2023-01-27	2025-05-24	427 B	49 kB	104.21.32.1
heartilyscales.com	unknown	2022-12-16	2022-12-16	2025-05-24	458 B	66 kB	192.243.61.227
metrica-yandex.com	783336	2021-09-14	2021-09-19	2025-05-24	433 B	61 kB	104.21.64.1
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-05-28	470 B	6.4 kB	142.250.74.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-30	medium	heartilyscales.com	Sinkholed
2025-05-30	medium	equilibriumfestive.com	Sinkholed
2025-05-30	medium	equilibriumfestive.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	primewire.theproxy.vip/	ScriptElement	26 B	2023-03-07	2025-06-08
Pretty URL primewire.theproxy.vip/ IP 104.21.64.31 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:40 Last Seen2025-06-08 16:56 Times Seen833 Hash 5779365b0a28c08298ca5847c65b769d 3076ad9e094690cd6c4ee200ae254e6e7260fd30 57c620405714b8baa51067e0ca9bc9a9b252985292b857360aec8a9936688709 Loading...

HTTP Transactions (21)

URL IP Response Size

primewire.theproxy.vip/cdn-cgi/styles/cf.errors.css

104.21.64.31

200 OK

24 kB

URL GET
primewire.theproxy.vip/cdn-cgi/styles/cf.errors.css
IP
104.21.64.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjecttheproxy.vip
FingerprintA4:0D:91:1C:0A:B1:08:69:DA:76:4D:BA:A1:19:6A:8C:35:FA:A7:C8
ValiditySun, 18 May 2025 23:51:23 GMT - Sun, 17 Aug 2025 00:49:45 GMT

File type
ASCII text, with very long lines (24050)
Size
24 kB (24051 bytes)
Hash
5e8c69a459a691b5d1b9be442332c87d
f24dd1ad7c9080575d92a9a9a2c42620725ef836
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

HTTP Headers

GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=euq9qltdv13fdd6uc3vg1h97es
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 30 May 2025 20:23:49 GMT
content-type: text/css
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RhNMBpa2k2IvdEaGQ9n0R5vHtol8Sr0ZAXgYyhLdl7rgMyg8juFb10eq70P%2F5bIBAU3htR%2BVd%2FBqGuWipNSoBWBdDvlz1IOd4MD0PSflFCqLs6i%2B"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
server: cloudflare
cf-ray: 9480f3936e9256c6-OSL
X-Firefox-Spdy: h2

i.ibb.co/pyC2VvJ/alert-xxl.png

91.134.9.160

200 OK

5.6 kB

URL GET
i.ibb.co/pyC2VvJ/alert-xxl.png
IP
91.134.9.160:443
ASN
#16276 OVH SAS

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerLet's Encrypt
Subjectibb.co
Fingerprint0C:AA:F7:77:A3:D5:B6:E8:71:39:92:D2:3F:B9:BD:20:7C:B9:1E:14
ValiditySun, 20 Apr 2025 07:15:11 GMT - Sat, 19 Jul 2025 07:15:10 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
5.6 kB (5554 bytes)
Hash
8d0eed07b450044fdca282d1daf8a58c
794e1284cdf81fd60154955c1805282ae21240cd
baac89456a2d4dfdcdc14244fbe50a04ade7a401c82de605938a92e16f35c1af

HTTP Headers

GET /pyC2VvJ/alert-xxl.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 30 May 2025 20:23:49 GMT
content-type: image/png
content-length: 5554
last-modified: Mon, 07 Aug 2023 04:09:39 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

matomo3.org/l1.js

172.67.211.223

200 OK

17 B

URL GET
matomo3.org/l1.js
IP
172.67.211.223:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjectmatomo3.org
Fingerprint8A:06:F9:A7:D8:1F:4F:5C:FE:94:3A:74:AA:37:98:1F:FB:BB:85:D3
ValiditySat, 26 Apr 2025 08:31:16 GMT - Fri, 25 Jul 2025 09:29:43 GMT

File type
ASCII text
Size
17 B (17 bytes)
Hash
3c9d85f944382c9ae337da34d7574dda
6cf3a128a59a0f8d41ad504037fc743e211c5fac
d411a49b78172355e4ed6708eaeaf20a74765897d6c2690809c6d48173914479

HTTP Headers

GET /l1.js HTTP/1.1
Host: matomo3.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 30 May 2025 20:23:49 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 21 May 2025 21:27:22 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DIqo41yZPKnjCXFD4e6TjO3DwYaDUvP9pkVooWjmACHZVMwLQHh5WvCugLWtBOk5UzY7rpQvo6wJXLW7ryYOKPSQwC3wZBT%2BUw%3D%3D"}]}
age: 773198
cf-cache-status: HIT
etag: W/"682e453a-11"
content-encoding: br
cf-ray: 9480f3943a6856a9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

primewire.theproxy.vip/cdn-cgi/images/icon-exclamation.png?1376755637

104.21.64.31

200 OK

452 B

URL GET
primewire.theproxy.vip/cdn-cgi/images/icon-exclamation.png?1376755637
IP
104.21.64.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjecttheproxy.vip
FingerprintA4:0D:91:1C:0A:B1:08:69:DA:76:4D:BA:A1:19:6A:8C:35:FA:A7:C8
ValiditySun, 18 May 2025 23:51:23 GMT - Sun, 17 Aug 2025 00:49:45 GMT

File type
PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Size
452 B (452 bytes)
Hash
c33de66281e933259772399d10a6afe8
b9f9d500f8814381451011d4dcf59cd2d90ad94f
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

HTTP Headers

GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/cdn-cgi/styles/cf.errors.css
Cookie: view=1; PHPSESSID=euq9qltdv13fdd6uc3vg1h97es
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 30 May 2025 20:23:49 GMT
content-type: image/png
content-length: 452
last-modified: Wed, 28 May 2025 10:49:09 GMT
accept-ranges: bytes
etag: "6836ea25-1c4"
server: cloudflare
cf-ray: 9480f396c84bb4fd-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Fri, 30 May 2025 22:23:49 GMT
cache-control: max-age=7200, public

primewire.theproxy.vip/

104.21.64.31

200 OK

14 kB

URL User Request GET
primewire.theproxy.vip/
IP
104.21.64.31:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecttheproxy.vip
FingerprintA4:0D:91:1C:0A:B1:08:69:DA:76:4D:BA:A1:19:6A:8C:35:FA:A7:C8
ValiditySun, 18 May 2025 23:51:23 GMT - Sun, 17 Aug 2025 00:49:45 GMT

File type
HTML document, ASCII text, with very long lines (6790)
Size
14 kB (14201 bytes)
Hash
3bc3c77f7be98157d90d4e8af96ec81f
7b3d663d22c75c853d8278ba9418863d8bff27eb
519474d88dc3795b49f6445762b700296a523e165269e5060560ac329c42f5c2

HTTP Headers

GET / HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 30 May 2025 20:23:48 GMT
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=dkeayEJcXHYD%2Bq6r%2FTvsr2v1hBMaGieMyxkApK6rpPu9S3ooYxxRD0OonnVvSK51fAx50m3UGJGuAfOsXobexTBGzwmxWZgyXmD1MENQGiF%2BXRh5"}]}
set-cookie: view=1; Max-Age=86400; Expires=Sat, 31 May 2025 20:23:48 GMT
PHPSESSID=euq9qltdv13fdd6uc3vg1h97es; Path=/
cf-ray: 9480f390493c56c6-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

theusualsuspectz.biz/j/m/qqqq.js

104.21.32.1

200 OK

48 kB

URL GET
theusualsuspectz.biz/j/m/qqqq.js
IP
104.21.32.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjecttheusualsuspectz.biz
Fingerprint72:6A:5A:5E:70:EE:8C:45:A5:F0:31:CA:02:F7:9C:9C:41:F5:AA:4F
ValidityFri, 02 May 2025 09:19:17 GMT - Thu, 31 Jul 2025 10:17:48 GMT

File type
JavaScript source, ASCII text, with very long lines (48351), with no line terminators
Size
48 kB (48351 bytes)
Hash
febd5bfc829d7c8aa363e93e2e61f414
10d66213a9249bea47b15acf295323f01d217ef0
ff391f38fc73325f58d0626b9415ac121f1461407d74e86ebddefd8180050d76

HTTP Headers

GET /j/m/qqqq.js HTTP/1.1
Host: theusualsuspectz.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 30 May 2025 20:23:49 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Mon, 21 Apr 2025 22:12:39 GMT
etag: W/"6806c2d7-bcdf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 2391741
cf-cache-status: HIT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=q6%2FFKxzqyTn6QCgngRQrB9v4U0AqnCWwhdauocXdD%2FyL1IuhlIOJtGtaSyjzfPQDHgGbBkoxsPzNXIGXA8xoeuKGuqknkvy2qMhS5Ux%2BgYnZJQ%3D%3D"}]}
cf-ray: 9480f3941d140b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js

192.243.61.227

200 OK

65 kB

URL GET
heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerLet's Encrypt
Subjectheartilyscales.com
Fingerprint79:35:42:7D:68:22:6E:05:A1:82:F5:C5:9C:6E:A2:1E:48:9C:F9:05
ValiditySun, 06 Apr 2025 21:13:49 GMT - Sat, 05 Jul 2025 21:13:48 GMT

File type
JavaScript source, ASCII text, with very long lines (64949), with no line terminators
Size
65 kB (64949 bytes)
Hash
47925f72ffe3bc756d7b22b8c2f065f0
62f6f716026ed1cbe526db8adb0e42dd408040fa
3cee5c377311bf85c5ee3d959891719761b6d5fb980c37ad4ceb57e4cceb2e21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a2/86/90/a286902791a7f4c98bcb1e812322cd78.js HTTP/1.1
Host: heartilyscales.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 30 May 2025 20:23:49 GMT
Content-Type: application/javascript
Content-Length: 23611
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: heartilyscales.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 498dbf275da020694722a8db7b45b6bb
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

matomo3.org/l2.js

172.67.211.223

200 OK

17 B

URL GET
matomo3.org/l2.js
IP
172.67.211.223:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjectmatomo3.org
Fingerprint8A:06:F9:A7:D8:1F:4F:5C:FE:94:3A:74:AA:37:98:1F:FB:BB:85:D3
ValiditySat, 26 Apr 2025 08:31:16 GMT - Fri, 25 Jul 2025 09:29:43 GMT

File type
ASCII text
Size
17 B (17 bytes)
Hash
1b783e218274d6f0f60ebb285254928b
0c17420fb2950e0c605818435a66d26607cf463d
2bb629349ecec11c7e749a6c0833a58719e347c00af6a3d1debb3e49f99a5da9

HTTP Headers

GET /l2.js HTTP/1.1
Host: matomo3.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 30 May 2025 20:23:49 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 21 May 2025 21:27:34 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=b%2BfApU7YlS9%2B8GZdzQ%2FzUlJjYpm79DRKyHB4EB9EyEmJa2fs3riK%2BLXT0%2BFjfeiCCdnZbRSApWrFaHNFyZ0kcKZzn5Ip69fzQg%3D%3D"}]}
age: 773198
cf-cache-status: HIT
etag: W/"682e4546-11"
content-encoding: br
cf-ray: 9480f3944a7b56a9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

primewire.theproxy.vip/user.php

104.21.64.31

200 OK

0 B

URL POST
primewire.theproxy.vip/user.php
IP
104.21.64.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjecttheproxy.vip
FingerprintA4:0D:91:1C:0A:B1:08:69:DA:76:4D:BA:A1:19:6A:8C:35:FA:A7:C8
ValiditySun, 18 May 2025 23:51:23 GMT - Sun, 17 Aug 2025 00:49:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /user.php HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 39
Origin: https://primewire.theproxy.vip
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=euq9qltdv13fdd6uc3vg1h97es
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 30 May 2025 20:23:49 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DSFFe7JJDyedPbebTJ%2Fse%2BDf%2FcXn22BDkrYhIkJL5V8YTwtRHDSqReSTp8gkTtf86XQr7jjzNjWtbdZh0xTyWl4fBAxvVXkaDPNfHkLPh7ttPJDUBQFcuE690QUlQZHPR7IxHRW0Vua3"}],"group":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
vary: accept-encoding
content-encoding: br
cf-ray: 9480f397484eb4fd-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5666&min_rtt=1105&rtt_var=3839&sent=111&recv=151&lost=0&retrans=0&sent_bytes=9740&recv_bytes=9056&delivery_rate=602576&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=40975ca8017e781f&ts=1103&x=80"

equilibriumfestive.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js

192.243.59.20

200 OK

65 kB

URL GET
equilibriumfestive.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerLet's Encrypt
Subjectequilibriumfestive.com
Fingerprint17:DD:F5:C0:D6:24:2C:3F:E6:C8:94:31:FE:17:86:D6:F3:F1:31:94
ValiditySat, 19 Apr 2025 10:04:40 GMT - Fri, 18 Jul 2025 10:04:39 GMT

File type
JavaScript source, ASCII text, with very long lines (64920), with no line terminators
Size
65 kB (64920 bytes)
Hash
584637ed2075e9825a0baa56620d1574
5c42789fb6cbf49e8589c26abd7c099f1302a069
545efe6878ad593bf83893ecad2f14fc6d43bc7bd56915200e5e5468a328d56d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js HTTP/1.1
Host: equilibriumfestive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 30 May 2025 20:23:49 GMT
Content-Type: application/javascript
Content-Length: 23611
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: equilibriumfestive.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 7100368b36b27138241fa53be345b871
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

matomo.hellohi.me/matomo.js

104.21.48.1

404 Not Found

0 B

URL GET
matomo.hellohi.me/matomo.js
IP
104.21.48.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjecthellohi.me
Fingerprint8B:62:21:60:9D:C5:78:C7:58:77:08:D3:F9:B2:7D:65:07:98:BA:2C
ValidityFri, 16 May 2025 01:36:28 GMT - Thu, 14 Aug 2025 02:35:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /matomo.js HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Fri, 30 May 2025 20:23:49 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=WXwXeftIzNW%2B19F8HIL1l3DG6BD3%2FYkOws4ULYMwBJWrQ1kgi%2F%2FSl8G8S58wQrQsT3G3Z8anVMk4%2BQYEx8NaFLUQTpNuM4ASa70osrxciw%3D%3D"}]}
age: 162
cache-control: max-age=14400
cf-cache-status: HIT
vary: accept-encoding
content-encoding: br
cf-ray: 9480f397c87b568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

metrica-yandex.com/metrika/tag.js?1001

104.21.64.1

200 OK

60 kB

URL GET
metrica-yandex.com/metrika/tag.js?1001
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjectmetrica-yandex.com
Fingerprint10:B2:A3:B2:E2:B7:A3:63:72:4E:BC:30:5F:49:E3:66:41:9C:73:1A
ValidityTue, 29 Apr 2025 20:13:30 GMT - Mon, 28 Jul 2025 21:13:02 GMT

File type
JavaScript source, ASCII text, with very long lines (60271), with no line terminators
Size
60 kB (60271 bytes)
Hash
ea67b2343fc359662afdae5d4c8c8e03
7f07219a8cd9d6d5c17e20bd7e80fac0281c2b18
5e31460a6eacabdc5895ad2ad898a4a570ac88f2794c61ddce6b0beee304eb11

HTTP Headers

GET /metrika/tag.js?1001 HTTP/1.1
Host: metrica-yandex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 30 May 2025 20:23:49 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Tue, 22 Apr 2025 10:50:51 GMT
etag: W/"6807748b-eb6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 1215276
cf-cache-status: HIT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=CiR82PRweOZfKEII92kSCIlXzssvYj4invr8ESXMCKYhyoxrGJ3zEhnLyPP4W%2FaHYEHg1cBq1u2ZgW1ysLeFnSphjqQ%2B5BByJZxet%2FHgttU%3D"}]}
cf-ray: 9480f393fad0569c-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

primewire.theproxy.vip/hy.js?q22q2q2

104.21.64.31

200 OK

56 kB

URL GET
primewire.theproxy.vip/hy.js?q22q2q2
IP
104.21.64.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjecttheproxy.vip
FingerprintA4:0D:91:1C:0A:B1:08:69:DA:76:4D:BA:A1:19:6A:8C:35:FA:A7:C8
ValiditySun, 18 May 2025 23:51:23 GMT - Sun, 17 Aug 2025 00:49:45 GMT

File type
JavaScript source, ASCII text, with very long lines (56131), with no line terminators
Size
56 kB (56131 bytes)
Hash
667d77da844b6d5ad62b2f26e77b4b12
01ae61192a38af73a93c67468fb8271d7bbfa4f6
f240ce7fa62cd81d92f29081815f2cd2376ea6867887d17d5625009ebdf355b1

HTTP Headers

GET /hy.js?q22q2q2 HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=euq9qltdv13fdd6uc3vg1h97es
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 30 May 2025 20:23:49 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 21 May 2025 21:39:51 GMT
etag: W/"682e4827-db43"
content-encoding: br
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=m6krjXprsLKMDAJHcbn9huPC4jz21La1GAsuq7gm8AwXLmQan9JPVu9IsKb0LQJQ%2Fi0xQeCI5IvO53OB8ap2u2uXllMQNX39WeHesBB%2FyCQz8q46"}]}
cf-ray: 9480f3937ea856c6-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap

142.250.74.10

200 OK

5.7 kB

URL GET
fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap
IP
142.250.74.10:443
ASN
#15169 GOOGLE

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint1C:09:46:89:AD:F3:B6:3E:B4:89:F7:49:AC:15:E7:4E:A6:D2:AA:73
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
ASCII text, with very long lines (1572)
Size
5.7 kB (5746 bytes)
Hash
dce8b1041389e28a34e22250feed115a
9c290194b85035fb588c9e25fa515c676172b920
1ede014f47795c3d04812b724ef687909970f776d37854e7312a5ad859c84e41

HTTP Headers

GET /css2?family=Roboto:wght@400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 30 May 2025 20:23:49 GMT
date: Fri, 30 May 2025 20:23:49 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

primewire.theproxy.vip/app/apx19.js

104.21.64.31

200 OK

9.2 kB

URL GET
primewire.theproxy.vip/app/apx19.js
IP
104.21.64.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjecttheproxy.vip
FingerprintA4:0D:91:1C:0A:B1:08:69:DA:76:4D:BA:A1:19:6A:8C:35:FA:A7:C8
ValiditySun, 18 May 2025 23:51:23 GMT - Sun, 17 Aug 2025 00:49:45 GMT

File type
JavaScript source, ASCII text, with very long lines (9183), with no line terminators
Size
9.2 kB (9183 bytes)
Hash
2344c3f05f624d595f6fb920e4d74ded
eb4d1404ac2d5eecd307f4588aeeab5c8ef463f1
3a28fe59e4a2af96d8edeeb12d7040c574cf71fa88fccb5cf49e9c0a1d4e4c7a

HTTP Headers

GET /app/apx19.js HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=euq9qltdv13fdd6uc3vg1h97es
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 30 May 2025 20:23:49 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 21 May 2025 21:39:51 GMT
etag: W/"682e4827-23df"
content-encoding: br
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=TQTJkiYPU6Aahbn5V%2FMiCW4fZBlG%2Fej2LEmIQ8GMLWALXhXvx%2Fq%2FPPONRTtZzGRilxr6XKSuYLr44A5LL%2BZmq2W9bo2RN3s9pYo63tTqv9yW%2Bz6y"}]}
cf-ray: 9480f3937ea756c6-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

primewire.theproxy.vip/app/apx14.js

104.21.64.31

200 OK

7.7 kB

URL GET
primewire.theproxy.vip/app/apx14.js
IP
104.21.64.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjecttheproxy.vip
FingerprintA4:0D:91:1C:0A:B1:08:69:DA:76:4D:BA:A1:19:6A:8C:35:FA:A7:C8
ValiditySun, 18 May 2025 23:51:23 GMT - Sun, 17 Aug 2025 00:49:45 GMT

File type
JavaScript source, ASCII text, with very long lines (7663), with no line terminators
Size
7.7 kB (7663 bytes)
Hash
dfb1f327618e201778f2de85cfbcd173
fceb89a2221463e5bc5a71feff1247683ab08cc5
dc03bc8b63938916a73dd976e186d05559ddc61da2725e1063b7936fa9f0fc33

HTTP Headers

GET /app/apx14.js HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=euq9qltdv13fdd6uc3vg1h97es
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 30 May 2025 20:23:49 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 21 May 2025 21:39:51 GMT
etag: W/"682e4827-1def"
content-encoding: br
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=S8al%2BUMMrVQqQweaJ58v0%2Bgre6LzBayv061FHpNW6dq6kdPXYXCpBekm1VhPWUlSFQ%2B4hwiP8Y%2B%2FLbnPE3GnlVVQpfwRyIaXD%2BUzT142pXR%2F9iRn"}]}
cf-ray: 9480f3937eb556c6-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

equilibriumfestive.com/22/00/54/2200540f09f939738419313a1a090c32.js

192.243.59.20

200 OK

104 kB

URL GET
equilibriumfestive.com/22/00/54/2200540f09f939738419313a1a090c32.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerLet's Encrypt
Subjectequilibriumfestive.com
Fingerprint17:DD:F5:C0:D6:24:2C:3F:E6:C8:94:31:FE:17:86:D6:F3:F1:31:94
ValiditySat, 19 Apr 2025 10:04:40 GMT - Fri, 18 Jul 2025 10:04:39 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
104 kB (104423 bytes)
Hash
36b2b6c83d13813cebf2abacbb6d8c87
39dff3fbd665b3457c32316b73351fff70ecdafc
37b1db51d29d75209af205f14815eee31859b6bb94f08415bf4b6815ad486d84

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /22/00/54/2200540f09f939738419313a1a090c32.js HTTP/1.1
Host: equilibriumfestive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 30 May 2025 20:23:49 GMT
Content-Type: application/javascript
Content-Length: 32727
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: equilibriumfestive.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: a097c2f2e6506bac025cde7b79c170a4
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

primewire.theproxy.vip/favicon.ico

104.21.64.31

200 OK

1.4 kB

URL GET
primewire.theproxy.vip/favicon.ico
IP
104.21.64.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjecttheproxy.vip
FingerprintA4:0D:91:1C:0A:B1:08:69:DA:76:4D:BA:A1:19:6A:8C:35:FA:A7:C8
ValiditySun, 18 May 2025 23:51:23 GMT - Sun, 17 Aug 2025 00:49:45 GMT

File type
MS Windows icon resource - 1 icon, 16x16
Size
1.4 kB (1406 bytes)
Hash
c07ad160a2c09fa349bdbc1603599b77
ff942493d6f3367c8d169350f115d25ce5d6d8b5
11f07f78fa1141cfa3391d8f1438b586ad9741e203ed4f481c3579bd853131ca

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=euq9qltdv13fdd6uc3vg1h97es
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 30 May 2025 20:23:50 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SgyjLKscJtUuVjrJnVI66heArk2XqByyC8xGQf64yJ8yoxk4RZR66FyWVct%2Bu%2FtxRF54SO%2F7B6Hk9k%2FS9FU9CQn17hKQ783RpkWi3RQ9Nc8ue2%2Bfo8GXmkMgcaq4eqm%2F%2FIODYYJ3q%2Bfg"}],"group":"cf-nel","max_age":604800}
set-cookie: view=1; expires=Sat, 31-May-2025 20:23:50 GMT; Max-Age=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-ray: 9480f39ee8a8b4fd-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5168&min_rtt=1105&rtt_var=3875&sent=113&recv=153&lost=0&retrans=0&sent_bytes=10392&recv_bytes=9427&delivery_rate=602576&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=40975ca8017e781f&ts=2189&x=80"

primewire.theproxy.vip/zpp/zpp4.js?q22q2q2

104.21.64.31

200 OK

39 kB

URL GET
primewire.theproxy.vip/zpp/zpp4.js?q22q2q2
IP
104.21.64.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjecttheproxy.vip
FingerprintA4:0D:91:1C:0A:B1:08:69:DA:76:4D:BA:A1:19:6A:8C:35:FA:A7:C8
ValiditySun, 18 May 2025 23:51:23 GMT - Sun, 17 Aug 2025 00:49:45 GMT

File type
JavaScript source, ASCII text, with very long lines (38995), with no line terminators
Size
39 kB (38995 bytes)
Hash
7dc63553536847077855df4f82f1ec18
146c3aac34cb4e7e1e9c692ccd0161b2e4f018de
3a18b1964d1d209c46d754459b9ef98d4a9a85065e245f8311be727ffee3f960

HTTP Headers

GET /zpp/zpp4.js?q22q2q2 HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=euq9qltdv13fdd6uc3vg1h97es
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 30 May 2025 20:23:49 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 21 May 2025 21:39:51 GMT
etag: W/"682e4827-9853"
content-encoding: br
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=MT2uQTtrOmHmKQRdJiGMng8h84AlOX4j%2FAOqc7L01VAsBoLQ6kKenn9JskIlhEmWH5AD8qPUBOEzkiFqh3oy%2BiQgugpuktwFgzNI9LnipvefWE1M"}]}
cf-ray: 9480f3937ead56c6-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

primewire.theproxy.vip/app/x12.js

104.21.64.31

200 OK

11 kB

URL GET
primewire.theproxy.vip/app/x12.js
IP
104.21.64.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subjecttheproxy.vip
FingerprintA4:0D:91:1C:0A:B1:08:69:DA:76:4D:BA:A1:19:6A:8C:35:FA:A7:C8
ValiditySun, 18 May 2025 23:51:23 GMT - Sun, 17 Aug 2025 00:49:45 GMT

File type
JavaScript source, ASCII text, with very long lines (11180), with no line terminators
Size
11 kB (11180 bytes)
Hash
94efa3c05291ac5cccd32cc3a11c9724
3a033e4d6f5e5eaf76030a81c8a05c619de436c2
58c753f7ffcb584d2ed43470ec9bdd30a4cd4723f368d83de6163413d5555102

HTTP Headers

GET /app/x12.js HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=euq9qltdv13fdd6uc3vg1h97es
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 30 May 2025 20:23:49 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Wed, 21 May 2025 21:39:51 GMT
etag: W/"682e4827-2bac"
content-encoding: br
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=0dwTMRamigDnpfgCW1GmHNxAnBS0CLXRmmecyRYd2SqAXMaVtu5a1FkJYvvaSoaiOHx3kJP96DEn%2BRqVD3RHG7%2BJ7%2ByUEKnokDNM%2F19SBGbWtocb"}]}
cf-ray: 9480f3937eb956c6-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2

142.250.178.35

200 OK

21 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2
IP
142.250.178.35:443
ASN
#15169 GOOGLE

Requested by
https://primewire.theproxy.vip/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint41:FF:72:9C:74:6F:D4:D1:3B:A8:03:EB:55:D2:D2:09:7E:7A:44:DC
ValidityMon, 12 May 2025 08:44:01 GMT - Mon, 04 Aug 2025 08:44:00 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20612, version 1.0
Size
21 kB (20612 bytes)
Hash
b07da7aa3e4f363c5cdbc11312239e8c
47bf5b2f24ea4a4caafccc89b9d2a6677ef9e3b8
e44c11f4834bdd4d6b6da7b8ee5eaebc8acb41250cd6bce5cc82ea8262140eaa

HTTP Headers

GET /s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://primewire.theproxy.vip
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20612
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 May 2025 18:16:21 GMT
expires: Fri, 29 May 2026 18:16:21 GMT
cache-control: public, max-age=31536000
age: 94048
last-modified: Wed, 08 Jan 2025 18:23:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size