Report - primewire.unblocked.help/

Report Overview

Visited public
2025-07-16 14:03:03
Tags
Submit Tags
URL
primewire.unblocked.help/
Finishing URL
primewire.unblocked.help/
IP / ASN
172.67.210.112
#13335 CLOUDFLARENET
Title
Suspected phishing site | Cloudflare

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
heartilyscales.com	unknown	2022-12-16	2022-12-16	2025-07-15	460 B	68 kB	172.240.108.76
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-07-09	472 B	6.4 kB	142.250.178.74
i.ibb.co	13485	2010-07-20	2018-11-25	2025-07-13	448 B	5.9 kB	45.43.142.2
metrica-yandex.com	783336	2021-09-14	2021-09-19	2025-07-13	435 B	61 kB	104.21.96.1
vmuid.com	939822	2018-10-22	2019-07-09	2025-07-11	457 B	10 kB	178.162.215.162
theusualsuspectz.biz	unknown	2023-01-27	2023-01-27	2025-07-16	429 B	49 kB	104.21.64.1
equilibriumfestive.com	unknown	2025-04-19	2025-04-23	2025-07-13	928 B	173 kB	172.240.108.84
origunix.com	unknown	2021-11-30	2021-11-30	2025-07-11	457 B	64 kB	178.162.215.162
matomo.hellohi.me	545402	2019-07-03	2019-07-03	2025-07-16	424 B	605 B	104.21.96.1
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-07-09	576 B	21 kB	142.250.178.99
primewire.unblocked.help	unknown	2019-04-26	2025-05-29	2025-05-29	5.2 kB	170 kB	172.67.210.112
msdoj.com	unknown	2025-07-01	2025-07-02	2025-07-16	454 B	64 kB	178.162.215.162

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-16	medium	equilibriumfestive.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	primewire.unblocked.help/	ScriptElement	26 B	2023-03-07	2025-07-21
Pretty URL primewire.unblocked.help/ IP 172.67.210.112 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:40 Last Seen2025-07-21 04:23 Times Seen1032 Hash 5779365b0a28c08298ca5847c65b769d 3076ad9e094690cd6c4ee200ae254e6e7260fd30 57c620405714b8baa51067e0ca9bc9a9b252985292b857360aec8a9936688709 Loading...

HTTP Transactions (22)

URL IP Response Size

GET fonts.gstatic.com/s/roboto/v48/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2

142.250.178.99

200 OK

21 kB

URL GET
fonts.gstatic.com/s/roboto/v48/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2
IP
142.250.178.99:443
ASN
#15169 GOOGLE

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint9A:5E:6D:44:D8:FB:03:E5:9A:13:6D:FF:53:DA:1C:8C:EA:3A:A7:AA
ValidityMon, 23 Jun 2025 08:41:27 GMT - Mon, 15 Sep 2025 08:41:26 GMT

File type
Web Open Font Format (Version 2), TrueType, length 20612, version 1.0
Size
21 kB (20612 bytes)
Hash
b07da7aa3e4f363c5cdbc11312239e8c
47bf5b2f24ea4a4caafccc89b9d2a6677ef9e3b8
e44c11f4834bdd4d6b6da7b8ee5eaebc8acb41250cd6bce5cc82ea8262140eaa

HTTP Headers

GET /s/roboto/v48/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://primewire.unblocked.help
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20612
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 11 Jul 2025 03:37:34 GMT
expires: Sat, 11 Jul 2026 03:37:34 GMT
cache-control: public, max-age=31536000
age: 469508
last-modified: Thu, 29 May 2025 23:35:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET primewire.unblocked.help/favicon.ico

172.67.210.112

200 OK

1.4 kB

URL GET
primewire.unblocked.help/favicon.ico
IP
172.67.210.112:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subjectunblocked.help
Fingerprint44:D8:F3:60:40:DC:D6:78:BD:43:21:28:C0:F7:70:F2:2E:4A:86:1B
ValidityTue, 15 Jul 2025 21:06:12 GMT - Mon, 13 Oct 2025 21:21:45 GMT

File type
MS Windows icon resource - 1 icon, 16x16
Size
1.4 kB (1406 bytes)
Hash
c07ad160a2c09fa349bdbc1603599b77
ff942493d6f3367c8d169350f115d25ce5d6d8b5
11f07f78fa1141cfa3391d8f1438b586ad9741e203ed4f481c3579bd853131ca

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: primewire.unblocked.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Cookie: view=1; PHPSESSID=7vvl5jv71lv0lqv0fsctolrl6j
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 16 Jul 2025 14:02:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UNyQKoxDDG3eAvvQAKIFLYc%2Blzxn4Fwuz9Z4MTTYtbyWswFWVsbTPrj31ROiByB3%2ByUjEu%2BNW1EV%2BPbDbgIInNF1tO7vreDAWfAielysFoJ1i014E2TmfhUDacrZ0yX6SP1ai2nJsh4itZU%3D"}],"group":"cf-nel","max_age":604800}
set-cookie: view=1; expires=Thu, 17-Jul-2025 14:02:43 GMT; Max-Age=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: BYPASS
cf-ray: 960209f71a49b4f1-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3131&min_rtt=567&rtt_var=1998&sent=93&recv=122&lost=0&retrans=0&sent_bytes=10630&recv_bytes=7814&delivery_rate=489380&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=19470&unsent_bytes=0&cid=f410512247ac43f8&ts=2202&inflight_dur=38&x=40"

GET metrica-yandex.com/metrika/tag.js?1001

104.21.96.1

200 OK

60 kB

URL GET
metrica-yandex.com/metrika/tag.js?1001
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subjectmetrica-yandex.com
FingerprintBF:9B:7B:CA:71:01:8D:8C:9F:33:8E:1A:E2:F2:5A:26:25:1E:70:22
ValidityFri, 27 Jun 2025 20:56:28 GMT - Thu, 25 Sep 2025 21:56:25 GMT

File type
JavaScript source, ASCII text, with very long lines (60271), with no line terminators
Size
60 kB (60271 bytes)
Hash
ea67b2343fc359662afdae5d4c8c8e03
7f07219a8cd9d6d5c17e20bd7e80fac0281c2b18
5e31460a6eacabdc5895ad2ad898a4a570ac88f2794c61ddce6b0beee304eb11

HTTP Headers

GET /metrika/tag.js?1001 HTTP/1.1
Host: metrica-yandex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 16 Jul 2025 14:02:41 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 03:41:41 GMT
etag: W/"685629f5-eb6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 1061253
cf-cache-status: HIT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=HjhVjeGG60FphsVdXEUfsV%2BCd6TVy9s319txMd7cqtkx%2FKSgJkJZol0OOObDNv9TcqE3as4QuEK0qzDSUyWWUoUJk0wasH%2BPfhV2TUbZ86U%3D"}]}
cf-ray: 960209ec4cee5685-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET primewire.unblocked.help/cdn-cgi/styles/cf.errors.css

172.67.210.112

200 OK

24 kB

URL GET
primewire.unblocked.help/cdn-cgi/styles/cf.errors.css
IP
172.67.210.112:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subjectunblocked.help
Fingerprint44:D8:F3:60:40:DC:D6:78:BD:43:21:28:C0:F7:70:F2:2E:4A:86:1B
ValidityTue, 15 Jul 2025 21:06:12 GMT - Mon, 13 Oct 2025 21:21:45 GMT

File type
ASCII text, with very long lines (24050)
Size
24 kB (24051 bytes)
Hash
5e8c69a459a691b5d1b9be442332c87d
f24dd1ad7c9080575d92a9a9a2c42620725ef836
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

HTTP Headers

GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: primewire.unblocked.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Cookie: view=1; PHPSESSID=7vvl5jv71lv0lqv0fsctolrl6j
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 16 Jul 2025 14:02:41 GMT
content-type: text/css
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=mwNjW1V1mGfMHCVV8P2EM69fWmpdEo8TdPe7RISoZupF%2FcAatoneDnjIbw2rYQwEA6qCJOjXHxs06R2oy9VtsgGzJEE%2FMMpfq40ipQa0ysfgk1dRD9s%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
server: cloudflare
cf-ray: 960209ebf9f1712d-OSL
X-Firefox-Spdy: h2

GET vmuid.com/script.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8

178.162.215.162

200 OK

10 kB

URL GET
vmuid.com/script.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8
IP
178.162.215.162:443
ASN
#28753 Leaseweb Deutschland GmbH

Requested by
https://primewire.unblocked.help/
Certificate
IssuerLet's Encrypt
Subjectvmuid.com
FingerprintAC:76:B6:C1:79:2C:B4:4F:B4:1C:5A:B3:D1:F0:88:F6:1E:64:74:97
ValidityWed, 21 May 2025 01:21:39 GMT - Tue, 19 Aug 2025 01:21:38 GMT

File type
JavaScript source, ASCII text, with very long lines (10178), with no line terminators
Size
10 kB (10178 bytes)
Hash
dedd352338543b137f608adc8d0d4aa8
100edb4e8fef9b6da043d51135077e68d2a61b22
b338a91ba1d2ab7c3a7a0dd659426f5ffa4cd699be38e2bed5075c4d3e773a48

HTTP Headers

GET /script.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8 HTTP/1.1
Host: vmuid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Jul 2025 14:02:42 GMT
Content-Type: text/javascript
Content-Length: 10178
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version
X-Cache-Status: MISS

GET theusualsuspectz.biz/j/m/qqqq.js

104.21.64.1

200 OK

48 kB

URL GET
theusualsuspectz.biz/j/m/qqqq.js
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subjecttheusualsuspectz.biz
Fingerprint9C:5D:99:79:7A:5F:05:B7:5E:7F:32:04:23:45:86:0E:C9:92:A4:2F
ValidityMon, 30 Jun 2025 11:02:53 GMT - Sun, 28 Sep 2025 11:59:24 GMT

File type
JavaScript source, ASCII text, with very long lines (48351), with no line terminators
Size
48 kB (48351 bytes)
Hash
febd5bfc829d7c8aa363e93e2e61f414
10d66213a9249bea47b15acf295323f01d217ef0
ff391f38fc73325f58d0626b9415ac121f1461407d74e86ebddefd8180050d76

HTTP Headers

GET /j/m/qqqq.js HTTP/1.1
Host: theusualsuspectz.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 16 Jul 2025 14:02:42 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 04:02:03 GMT
etag: W/"68562ebb-bcdf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 1238423
cf-cache-status: HIT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=52QajFNrDtoJUOvtHrJtVgZCYCC8N9wARuzp9Z9y6DvYBXfuwSXLhMhUvEXaAuiufhmGxk0%2Fi%2FuJLfKIsuXFI8fO45eLoHW54qZV5JQmXnityQ%3D%3D"}]}
cf-ray: 960209ecb8f10b3d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET equilibriumfestive.com/22/00/54/2200540f09f939738419313a1a090c32.js

172.240.108.84

200 OK

104 kB

URL GET
equilibriumfestive.com/22/00/54/2200540f09f939738419313a1a090c32.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://primewire.unblocked.help/
Certificate
IssuerLet's Encrypt
Subjectequilibriumfestive.com
Fingerprint65:20:29:C8:B9:EF:EE:CF:D1:F7:82:C7:A0:1D:33:99:BA:75:6A:F6
ValidityWed, 18 Jun 2025 15:10:48 GMT - Tue, 16 Sep 2025 15:10:47 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
104 kB (104201 bytes)
Hash
976f618875ccb6733627d609a4e4cbe2
595be4275e26da3269f53e5eba45308821ff0ade
95a8de35be9af5e6a7e0e05693d5a9389c9766e7eb9b875a93ff881d03e22e0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /22/00/54/2200540f09f939738419313a1a090c32.js HTTP/1.1
Host: equilibriumfestive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 16 Jul 2025 14:02:42 GMT
Content-Type: application/javascript
Content-Length: 32888
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 7
Host: equilibriumfestive.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: fc4a6c34ece905e4a5198c7c36b8b7bc
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap

142.250.178.74

200 OK

5.7 kB

URL GET
fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap
IP
142.250.178.74:443
ASN
#15169 GOOGLE

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintDC:40:BF:B1:59:C9:CC:B5:4A:38:2D:D0:16:8D:06:A5:1D:B4:08:8B
ValidityMon, 23 Jun 2025 08:41:28 GMT - Mon, 15 Sep 2025 08:41:27 GMT

File type
ASCII text, with very long lines (1572)
Size
5.7 kB (5746 bytes)
Hash
de7e697b2ba2c2cc63ea8a9f63d22ad9
726cd824dedfe6246875cbd81bfcf95da1efb4e2
7eeaa18ea1e4245acccd54af188f48004ea2f276f7457cbbe97adf4552791bfa

HTTP Headers

GET /css2?family=Roboto:wght@400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 16 Jul 2025 14:02:42 GMT
date: Wed, 16 Jul 2025 14:02:42 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET i.ibb.co/pyC2VvJ/alert-xxl.png

45.43.142.2

200 OK

5.6 kB

URL GET
i.ibb.co/pyC2VvJ/alert-xxl.png
IP
45.43.142.2:443
ASN
#215751 Mikhail Fedorov

Requested by
https://primewire.unblocked.help/
Certificate
IssuerLet's Encrypt
Subjectibb.co
Fingerprint54:9B:89:F2:DD:E2:46:5A:E1:68:2B:B3:06:E5:D6:77:0E:E6:62:A5
ValidityThu, 19 Jun 2025 07:18:01 GMT - Wed, 17 Sep 2025 07:18:00 GMT

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
Size
5.6 kB (5554 bytes)
Hash
8d0eed07b450044fdca282d1daf8a58c
794e1284cdf81fd60154955c1805282ae21240cd
baac89456a2d4dfdcdc14244fbe50a04ade7a401c82de605938a92e16f35c1af

HTTP Headers

GET /pyC2VvJ/alert-xxl.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 16 Jul 2025 14:02:42 GMT
content-type: image/png
content-length: 5554
last-modified: Mon, 07 Aug 2023 04:09:39 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

GET primewire.unblocked.help/hy.js?q22q2q2

172.67.210.112

200 OK

56 kB

URL GET
primewire.unblocked.help/hy.js?q22q2q2
IP
172.67.210.112:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subjectunblocked.help
Fingerprint44:D8:F3:60:40:DC:D6:78:BD:43:21:28:C0:F7:70:F2:2E:4A:86:1B
ValidityTue, 15 Jul 2025 21:06:12 GMT - Mon, 13 Oct 2025 21:21:45 GMT

File type
JavaScript source, ASCII text, with very long lines (56131), with no line terminators
Size
56 kB (56131 bytes)
Hash
667d77da844b6d5ad62b2f26e77b4b12
01ae61192a38af73a93c67468fb8271d7bbfa4f6
f240ce7fa62cd81d92f29081815f2cd2376ea6867887d17d5625009ebdf355b1

HTTP Headers

GET /hy.js?q22q2q2 HTTP/1.1
Host: primewire.unblocked.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Cookie: view=1; PHPSESSID=7vvl5jv71lv0lqv0fsctolrl6j
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 16 Jul 2025 14:02:42 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 05:48:41 GMT
etag: W/"685647b9-db43"
content-encoding: br
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=IKgQNd8M4khbDdHxB9BAru40P1fpVXaBeuXz20o2Cn5q8c2a5JyN4U3KpeEo9FyKtCQ%2FsuvKtjY6Hzwg7NzrvYuCiIOevzKOrgqnz9tdjW9ywkGs8eQ%3D"}]}
cf-ray: 960209ec0a04712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET primewire.unblocked.help/app/x12.js

172.67.210.112

200 OK

11 kB

URL GET
primewire.unblocked.help/app/x12.js
IP
172.67.210.112:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subjectunblocked.help
Fingerprint44:D8:F3:60:40:DC:D6:78:BD:43:21:28:C0:F7:70:F2:2E:4A:86:1B
ValidityTue, 15 Jul 2025 21:06:12 GMT - Mon, 13 Oct 2025 21:21:45 GMT

File type
JavaScript source, ASCII text, with very long lines (11180), with no line terminators
Size
11 kB (11180 bytes)
Hash
94efa3c05291ac5cccd32cc3a11c9724
3a033e4d6f5e5eaf76030a81c8a05c619de436c2
58c753f7ffcb584d2ed43470ec9bdd30a4cd4723f368d83de6163413d5555102

HTTP Headers

GET /app/x12.js HTTP/1.1
Host: primewire.unblocked.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Cookie: view=1; PHPSESSID=7vvl5jv71lv0lqv0fsctolrl6j
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 16 Jul 2025 14:02:42 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 05:45:00 GMT
etag: W/"685646dc-2bac"
content-encoding: br
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rSY6dWGQ3p842hzNrzfMHR0WUh0boIJAiuXGGr%2FKI3%2F9QssArz4AqE8U%2BIAIdojuHboDE36KJ23cgFa5KWp2m8Hh%2B7ZggA5k8pmEu8DUn2rNZC6Ktss%3D"}]}
cf-ray: 960209ec1a17712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js

172.240.108.76

200 OK

67 kB

URL GET
heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://primewire.unblocked.help/
Certificate
IssuerLet's Encrypt
Subjectheartilyscales.com
Fingerprint66:DE:86:19:2D:4A:4C:6C:44:82:D8:50:47:76:5D:0D:C2:0B:0A:62
ValidityThu, 05 Jun 2025 21:16:18 GMT - Wed, 03 Sep 2025 21:16:17 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
67 kB (66995 bytes)
Hash
07bfe3341640c0559b91ded2bc8cc3f0
3403244545590517ad609101a7cafa875c4aca85
da01e689c9b1dba3f9b10e150858769d35acb4159e1bb4635cfdc21331c7ba76

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a2/86/90/a286902791a7f4c98bcb1e812322cd78.js HTTP/1.1
Host: heartilyscales.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 16 Jul 2025 14:02:42 GMT
Content-Type: application/javascript
Content-Length: 23970
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 4
Host: heartilyscales.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 6fded5c0ab1863691b4f0df3939fa655
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET origunix.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8

178.162.215.162

302 Found

64 kB

URL GET
origunix.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8
IP
178.162.215.162:443
ASN
#28753 Leaseweb Deutschland GmbH

Requested by
https://primewire.unblocked.help/
Certificate
IssuerLet's Encrypt
Subjectorigunix.com
FingerprintA5:9A:7F:EE:63:D0:98:B7:83:31:03:33:E6:DC:9A:64:26:DC:A7:50
ValidityWed, 21 May 2025 00:36:41 GMT - Tue, 19 Aug 2025 00:36:40 GMT

File type

Size
64 kB (63930 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8 HTTP/1.1
Host: origunix.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Wed, 16 Jul 2025 14:02:42 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Location: https://msdoj.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8
X-Cache-Status: MISS

POST primewire.unblocked.help/user.php

172.67.210.112

200 OK

0 B

URL POST
primewire.unblocked.help/user.php
IP
172.67.210.112:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subjectunblocked.help
Fingerprint44:D8:F3:60:40:DC:D6:78:BD:43:21:28:C0:F7:70:F2:2E:4A:86:1B
ValidityTue, 15 Jul 2025 21:06:12 GMT - Mon, 13 Oct 2025 21:21:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /user.php HTTP/1.1
Host: primewire.unblocked.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 39
Origin: https://primewire.unblocked.help
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Cookie: view=1; PHPSESSID=7vvl5jv71lv0lqv0fsctolrl6j
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 16 Jul 2025 14:02:42 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9ytihBsNQ%2BMG5N9FUB8Og1YR4Itk5l5XlS2fPoLe%2BvqMB67xmpYHFqyhmOG%2BwPvkfZ8neR9vvrYF%2FhDhANqIoCKJ24C8K%2F%2BtJg8bX6Ing0inCJYpNia%2F6i9rIDSmn%2FoAR2kRDCUrkat%2Flto%3D"}],"group":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
vary: accept-encoding
content-encoding: br
cf-ray: 960209eef960b4f1-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3421&min_rtt=567&rtt_var=1890&sent=90&recv=120&lost=0&retrans=0&sent_bytes=9930&recv_bytes=7440&delivery_rate=489380&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=18796&unsent_bytes=0&cid=f410512247ac43f8&ts=920&inflight_dur=36&x=40"

GET primewire.unblocked.help/

172.67.210.112

200 OK

14 kB

URL User Request GET
primewire.unblocked.help/
IP
172.67.210.112:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectunblocked.help
Fingerprint44:D8:F3:60:40:DC:D6:78:BD:43:21:28:C0:F7:70:F2:2E:4A:86:1B
ValidityTue, 15 Jul 2025 21:06:12 GMT - Mon, 13 Oct 2025 21:21:45 GMT

File type
HTML document, ASCII text, with very long lines (6876)
Size
14 kB (14298 bytes)
Hash
5cca86dc56bbc54daaeebdc4a30a0d15
5ab7f0172fb2ee223c63b864f5384324506c9a23
ab123bf8511a43364df008bc8df3f72293e2332c5f9fc68a3f492a024843ed7d

HTTP Headers

GET / HTTP/1.1
Host: primewire.unblocked.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 16 Jul 2025 14:02:41 GMT
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=p9T9sw2Sg2tSKCh0eeSMXbHK1tlTtBVf3astKIqVG7EWDM%2FaKNuAjQl1BMs4CFwpuzbTBbyVYHjDKzC11moDULiCNUnXFlWWAiFqShfnGrYAwoDQwAU%3D"}]}
set-cookie: view=1; Max-Age=86400; Expires=Thu, 17 Jul 2025 14:02:41 GMT
PHPSESSID=7vvl5jv71lv0lqv0fsctolrl6j; Path=/
cf-ray: 960209e95e68712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET primewire.unblocked.help/app/apx19.js

172.67.210.112

200 OK

9.2 kB

URL GET
primewire.unblocked.help/app/apx19.js
IP
172.67.210.112:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subjectunblocked.help
Fingerprint44:D8:F3:60:40:DC:D6:78:BD:43:21:28:C0:F7:70:F2:2E:4A:86:1B
ValidityTue, 15 Jul 2025 21:06:12 GMT - Mon, 13 Oct 2025 21:21:45 GMT

File type
JavaScript source, ASCII text, with very long lines (9183), with no line terminators
Size
9.2 kB (9183 bytes)
Hash
2344c3f05f624d595f6fb920e4d74ded
eb4d1404ac2d5eecd307f4588aeeab5c8ef463f1
3a28fe59e4a2af96d8edeeb12d7040c574cf71fa88fccb5cf49e9c0a1d4e4c7a

HTTP Headers

GET /app/apx19.js HTTP/1.1
Host: primewire.unblocked.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Cookie: view=1; PHPSESSID=7vvl5jv71lv0lqv0fsctolrl6j
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 16 Jul 2025 14:02:42 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 05:45:00 GMT
etag: W/"685646dc-23df"
content-encoding: br
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=2kSHniHG2%2BWaNPeRFNiwQxiFNxxk5ydDbamuDOgWjJhoxzWAYg%2Fh3%2BJ9Vw%2FODYqHWpIY9R1N2M589Wc2FktaxPsCoZmcGuVwqQhNzHxcUS%2FaS9fEu10%3D"}]}
cf-ray: 960209ec09fd712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET primewire.unblocked.help/zpp/zpp4.js?q22q2q2

172.67.210.112

200 OK

39 kB

URL GET
primewire.unblocked.help/zpp/zpp4.js?q22q2q2
IP
172.67.210.112:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subjectunblocked.help
Fingerprint44:D8:F3:60:40:DC:D6:78:BD:43:21:28:C0:F7:70:F2:2E:4A:86:1B
ValidityTue, 15 Jul 2025 21:06:12 GMT - Mon, 13 Oct 2025 21:21:45 GMT

File type
JavaScript source, ASCII text, with very long lines (38995), with no line terminators
Size
39 kB (38995 bytes)
Hash
7dc63553536847077855df4f82f1ec18
146c3aac34cb4e7e1e9c692ccd0161b2e4f018de
3a18b1964d1d209c46d754459b9ef98d4a9a85065e245f8311be727ffee3f960

HTTP Headers

GET /zpp/zpp4.js?q22q2q2 HTTP/1.1
Host: primewire.unblocked.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Cookie: view=1; PHPSESSID=7vvl5jv71lv0lqv0fsctolrl6j
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 16 Jul 2025 14:02:42 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 05:45:00 GMT
etag: W/"685646dc-9853"
content-encoding: br
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=bZU1tSZrd0NeaPV3QeLftsxnB%2BDN5NTTymbrrLADmrbxYi1sq0hC896HbExwNacbcvlvrq6cbOYfDtGpEdY2E7kuE4EjBRAoQwc9VvHYYoPEDNDRD6A%3D"}]}
cf-ray: 960209ec1a13712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET primewire.unblocked.help/cdn-cgi/images/icon-exclamation.png?1376755637

172.67.210.112

200 OK

452 B

URL GET
primewire.unblocked.help/cdn-cgi/images/icon-exclamation.png?1376755637
IP
172.67.210.112:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subjectunblocked.help
Fingerprint44:D8:F3:60:40:DC:D6:78:BD:43:21:28:C0:F7:70:F2:2E:4A:86:1B
ValidityTue, 15 Jul 2025 21:06:12 GMT - Mon, 13 Oct 2025 21:21:45 GMT

File type
PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Size
452 B (452 bytes)
Hash
c33de66281e933259772399d10a6afe8
b9f9d500f8814381451011d4dcf59cd2d90ad94f
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

HTTP Headers

GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1
Host: primewire.unblocked.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/cdn-cgi/styles/cf.errors.css
Cookie: view=1; PHPSESSID=7vvl5jv71lv0lqv0fsctolrl6j
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 16 Jul 2025 14:02:42 GMT
content-type: image/png
content-length: 452
last-modified: Wed, 09 Jul 2025 15:30:11 GMT
accept-ranges: bytes
etag: "686e8b03-1c4"
server: cloudflare
cf-ray: 960209eeb95ab4f1-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Wed, 16 Jul 2025 16:02:42 GMT
cache-control: max-age=7200, public

GET matomo.hellohi.me/matomo.js

104.21.96.1

404 Not Found

0 B

URL GET
matomo.hellohi.me/matomo.js
IP
104.21.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subjecthellohi.me
Fingerprint9A:C0:65:8A:86:9A:E1:8C:41:52:B8:1D:E0:FC:8A:9A:76:99:63:F7
ValidityMon, 14 Jul 2025 02:04:18 GMT - Sun, 12 Oct 2025 03:02:50 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /matomo.js HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Wed, 16 Jul 2025 14:02:42 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=QVB4s0fEHkGL4jLjr5S%2FEhulBf%2FsC9Ls24HWLgYJab5AbQjf87zkFim0J6GMyU9fPZ%2B17AJ1Q0jEVzeQf%2FuISMQRFD4Ks3ookJQCN5YhEA%3D%3D"}]}
cache-control: max-age=14400
cf-cache-status: EXPIRED
vary: accept-encoding
content-encoding: br
cf-ray: 960209ef5d5456b4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET primewire.unblocked.help/app/apx14.js

172.67.210.112

200 OK

7.7 kB

URL GET
primewire.unblocked.help/app/apx14.js
IP
172.67.210.112:443
ASN
#13335 CLOUDFLARENET

Requested by
https://primewire.unblocked.help/
Certificate
IssuerGoogle Trust Services
Subjectunblocked.help
Fingerprint44:D8:F3:60:40:DC:D6:78:BD:43:21:28:C0:F7:70:F2:2E:4A:86:1B
ValidityTue, 15 Jul 2025 21:06:12 GMT - Mon, 13 Oct 2025 21:21:45 GMT

File type
JavaScript source, ASCII text, with very long lines (7663), with no line terminators
Size
7.7 kB (7663 bytes)
Hash
dfb1f327618e201778f2de85cfbcd173
fceb89a2221463e5bc5a71feff1247683ab08cc5
dc03bc8b63938916a73dd976e186d05559ddc61da2725e1063b7936fa9f0fc33

HTTP Headers

GET /app/apx14.js HTTP/1.1
Host: primewire.unblocked.help
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Cookie: view=1; PHPSESSID=7vvl5jv71lv0lqv0fsctolrl6j
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 16 Jul 2025 14:02:42 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 05:45:00 GMT
etag: W/"685646dc-1def"
content-encoding: br
cache-control: max-age=14400
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=oUWSvie4s9oqajpoz%2BCo23vUSADup8oSFHxrAfwsW86K7Nx%2BCaGY4Bf7lIEj0VsM0IURAi43%2BwkBOJ6hmeerNw3kvyohu%2BekRE5mqIV6WSvipoGR6zY%3D"}]}
cf-ray: 960209ec1a14712d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET equilibriumfestive.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js

172.240.108.84

200 OK

67 kB

URL GET
equilibriumfestive.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://primewire.unblocked.help/
Certificate
IssuerLet's Encrypt
Subjectequilibriumfestive.com
Fingerprint65:20:29:C8:B9:EF:EE:CF:D1:F7:82:C7:A0:1D:33:99:BA:75:6A:F6
ValidityWed, 18 Jun 2025 15:10:48 GMT - Tue, 16 Sep 2025 15:10:47 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
67 kB (66983 bytes)
Hash
45db7669c78f68c928a0917565820c92
4d21e9c8c0c354e1d269aa9071ded7109f393ca4
8a5c5adcf6dd1a511b38c22cb2c9a4f0a1bb460fb2a842a857ee648e0adcaee9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js HTTP/1.1
Host: equilibriumfestive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.unblocked.help/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 16 Jul 2025 14:02:42 GMT
Content-Type: application/javascript
Content-Length: 23963
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 6
Host: equilibriumfestive.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 62afbd609ec677fe4ba6a9c844367459
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET msdoj.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8

178.162.215.162

200 OK

64 kB

URL GET
msdoj.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8
IP
178.162.215.162:443
ASN
#28753 Leaseweb Deutschland GmbH

Requested by
https://primewire.unblocked.help/
Certificate
IssuerLet's Encrypt
Subjectmsdoj.com
FingerprintCC:FD:55:FD:87:E0:9C:C4:75:98:32:66:6C:D9:D7:F6:24:46:11:1C
ValidityTue, 01 Jul 2025 17:10:12 GMT - Mon, 29 Sep 2025 17:10:11 GMT

File type
JavaScript source, ASCII text, with very long lines (63930), with no line terminators
Size
64 kB (63930 bytes)
Hash
6055717dd1a5c4875ece2a03d3c774fb
538a1b26610d349154fcaef98e9f568c0721ef2e
9dd4ddea1752ffe48f94f6f3870ebf64d9498be2a4356b5fe98dd6ae1a44db3a

HTTP Headers

GET /sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8 HTTP/1.1
Host: msdoj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primewire.unblocked.help/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 16 Jul 2025 14:02:42 GMT
Content-Type: text/javascript
Content-Length: 63930
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Cache-Status: MISS

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (22)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type