GET 6oszwqmr.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3
200 OK 38 B URL GET HTTP/3 6oszwqmr.xyz/js/dnsads.js?dfp=1&ad_code=2&adsrc=3
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
File type ASCII text, with CRLF line terminators
Hash 99eccae6afa72c589ae54b5c3890282a
0f102f8f5b556635de65d16cf70fa8269c6761b4
b74a58316385de04b054737776e71c160cd60d2d01b5440b32c21651fb0ab8d3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/dnsads.js?dfp=1&ad_code=2&adsrc=3 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 38
last-modified: Mon, 13 Sep 2021 15:50:14 GMT
etag: "613f7336-26"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 361674
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eGOLnABJX%2BxJAgTFFN2prAWHvsIHBipRMOrrADKaphduP0Pg1kSqi6EsfCHgNsXKwkT41uDtsX24gLluI3BpMog79XEzxnDTFHLAjW%2FM5shUoqJDYHCAfzAP%2B9UlYUM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fb1d7f1c16-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30458&sent=27&recv=13&lost=0&retrans=0&sent_bytes=16206&recv_bytes=3090&delivery_rate=15284&cwnd=12000&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=241&x=1", cfExtPri, cfHdrFlush;dur=30
GET 6oszwqmr.xyz/assets/css/jw8-theme.css?v=3.0.6
200 OK 5.6 kB URL GET HTTP/3 6oszwqmr.xyz/assets/css/jw8-theme.css?v=3.0.6
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
File type ASCII text, with very long lines (938), with CRLF line terminators
Hash 218f1af32c959506efe281f39309d9a5
948fbcdba4275e13fc3e469a04df2d727aabdf4a
5425c5e4dfa36e386ee465a9fe20f61290bcd377fe3fd950164c5c6e16301593
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /assets/css/jw8-theme.css?v=3.0.6 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: text/css
last-modified: Wed, 03 Apr 2024 15:50:39 GMT
etag: W/"660d7acf-62a2"
expires: Thu, 31 Oct 2024 00:03:57 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 233843
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zFmF9SdAuOIIUG42I4jgj0NUih4F8NF31D4Wt5D8KUgh7VSoTnjusPfXH4P82IZ88xfkrZ8vfKG6M7%2FY16o%2FUzlCkIBwXcKAAbTiNCErU8AwK9Uhoo%2BqZlJlB2DrG%2F8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fd687b1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=26922&sent=143&recv=22&lost=0&retrans=0&sent_bytes=141739&recv_bytes=4482&delivery_rate=921056&cwnd=96000&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=606&x=1", cfExtPri, cfHdrFlush;dur=0
GET be7713.rcr82.waw05.cdn112.com/hls2/01/03512/3g1hcyv8fxj1_x/index-v1-a1.m3u8?t=mUqeHBPzgYUn7mF2dxk1eHuJcvKbKHekjWqhHNq3_7I&s=1729962080&e=10800&f=20230026&srv=26&asn=50304&sp=5500&p=
200 OK 2.3 kB URL GET HTTP/1.1 be7713.rcr82.waw05.cdn112.com/hls2/01/03512/3g1hcyv8fxj1_x/index-v1-a1.m3u8?t=mUqeHBPzgYUn7mF2dxk1eHuJcvKbKHekjWqhHNq3_7I&s=1729962080&e=10800&f=20230026&srv=26&asn=50304&sp=5500&p=
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerLet's Encrypt
Subjectcdn112.com
FingerprintBF:1B:3E:F6:7F:6E:FD:9C:0A:46:8A:AF:5D:BF:95:13:CA:EB:F4:C7
ValidityFri, 20 Sep 2024 01:55:16 GMT - Thu, 19 Dec 2024 01:55:15 GMT
Hash 80a25138f9386c5dd9be09fbddf438b1
d2a06e06a0b2b8f5310fc283b358d62ce3e21850
dda5e33304bf837bb4deb4857094f3665e642d193a295f1b73732d46a54c6c74
GET /hls2/01/03512/3g1hcyv8fxj1_x/index-v1-a1.m3u8?t=mUqeHBPzgYUn7mF2dxk1eHuJcvKbKHekjWqhHNq3_7I&s=1729962080&e=10800&f=20230026&srv=26&asn=50304&sp=5500&p= HTTP/1.1
Host: be7713.rcr82.waw05.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://6oszwqmr.xyz
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Oct 2024 17:01:21 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 26 Oct 2024 17:01:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 28 Oct 2024 07:53:50 GMT
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Content-Encoding: gzip
GET be7713.rcr82.waw05.cdn112.com/hls2/01/03512/3g1hcyv8fxj1_x/encryption.key?t=mUqeHBPzgYUn7mF2dxk1eHuJcvKbKHekjWqhHNq3_7I&s=1729962080&e=10800&f=20230026&srv=26&asn=50304&sp=5500&p=
200 OK 16 B URL GET HTTP/1.1 be7713.rcr82.waw05.cdn112.com/hls2/01/03512/3g1hcyv8fxj1_x/encryption.key?t=mUqeHBPzgYUn7mF2dxk1eHuJcvKbKHekjWqhHNq3_7I&s=1729962080&e=10800&f=20230026&srv=26&asn=50304&sp=5500&p=
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerLet's Encrypt
Subjectcdn112.com
FingerprintBF:1B:3E:F6:7F:6E:FD:9C:0A:46:8A:AF:5D:BF:95:13:CA:EB:F4:C7
ValidityFri, 20 Sep 2024 01:55:16 GMT - Thu, 19 Dec 2024 01:55:15 GMT
Hash 8b805420edf764d2a29d2be963a903f1
2232b5d173a01c3001ec81f21450de13453b8015
0dfbacf4f9bce34c839a779ff6e54a35b7553a5f96dacdc43227db19befc3c67
GET /hls2/01/03512/3g1hcyv8fxj1_x/encryption.key?t=mUqeHBPzgYUn7mF2dxk1eHuJcvKbKHekjWqhHNq3_7I&s=1729962080&e=10800&f=20230026&srv=26&asn=50304&sp=5500&p= HTTP/1.1
Host: be7713.rcr82.waw05.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://6oszwqmr.xyz
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Oct 2024 17:01:21 GMT
Content-Type: application/octet-stream
Content-Length: 16
Connection: keep-alive
Last-Modified: Sun, 19 Nov 2000 08:52:00 GMT
Expires: Mon, 28 Oct 2024 07:53:50 GMT
ETag: "5f693e80-10"
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Accept-Ranges: bytes
GET 6oszwqmr.xyz/css/main.css?v=4
200 OK 34 kB URL GET HTTP/3 6oszwqmr.xyz/css/main.css?v=4
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
File type assembler source, Unicode text, UTF-8 text
Hash 5a72a30cb5e2721cf7e36ebd9846a4f6
c03db81b75b19f829201db0d01d66ef189b8180a
b0341644a22e09291520c4c51eac70ed71928ee3066f40fcff257c582afac3b1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /css/main.css?v=4 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: text/css
last-modified: Thu, 26 Sep 2024 18:06:54 GMT
etag: W/"66f5a2be-c03c"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 361674
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w0gmYW08NW1sMCbS3VkkADPm7xyUYFOJSvsg8cCBG3Cmc2ndOouhiNzfIFnhVaOw85yzpagyTpkBOjw2lM7M6quV%2FJSg3c1XOpKjKJlUM1kBmehftgFdbNC%2FHFb217Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fb0d5b1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30458&sent=27&recv=13&lost=0&retrans=0&sent_bytes=16206&recv_bytes=3090&delivery_rate=15284&cwnd=12000&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=232&x=1", cfExtPri, cfHdrFlush;dur=18
GET 6oszwqmr.xyz/js/bafsd.js
200 OK 12 kB IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
File type JavaScript source, ASCII text, with CRLF line terminators
Hash c2432aca90e92e0370d2ded2545eb1fa
8f1ae40f7dc9c4ccfcb91d04530a1f072e9d06eb
89c40275bddb7257d519bda010de1c4df70a30b5f84be325f2ae53168f276cb5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/bafsd.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 04 Oct 2024 05:52:43 GMT
etag: W/"66ff82ab-358a"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 361674
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AqafQKN67uyybjZf0J7Tkt84VhvgW6v1s2AR4ywhLs4xy4X4IISvOsEw0H0HjzWOMonMwhIYcEpQXPLlrM2XmM9RggBHsRYxFnZiIDH5lJf6dSk5r36r1bZyZRes3eI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fb1d7c1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30458&sent=27&recv=13&lost=0&retrans=0&sent_bytes=16206&recv_bytes=3090&delivery_rate=15284&cwnd=12000&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=237&x=1", cfExtPri, cfHdrFlush;dur=13
GET be7713.rcr82.waw05.cdn112.com/hls2/01/03512/3g1hcyv8fxj1_x/seg-1-v1-a1.ts?t=mUqeHBPzgYUn7mF2dxk1eHuJcvKbKHekjWqhHNq3_7I&s=1729962080&e=10800&f=20230026&srv=26&asn=50304&sp=5500&p=
200 OK 3.8 MB URL GET HTTP/1.1 be7713.rcr82.waw05.cdn112.com/hls2/01/03512/3g1hcyv8fxj1_x/seg-1-v1-a1.ts?t=mUqeHBPzgYUn7mF2dxk1eHuJcvKbKHekjWqhHNq3_7I&s=1729962080&e=10800&f=20230026&srv=26&asn=50304&sp=5500&p=
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerLet's Encrypt
Subjectcdn112.com
FingerprintBF:1B:3E:F6:7F:6E:FD:9C:0A:46:8A:AF:5D:BF:95:13:CA:EB:F4:C7
ValidityFri, 20 Sep 2024 01:55:16 GMT - Thu, 19 Dec 2024 01:55:15 GMT
Size 3.8 MB (3811520 bytes)
Hash 084e81ded9c4c997766f152715fa062d
b18e8403fb1e0d981f09bbfdb982bb578ea22d1e
7cab8c13a62a53ea2ab0c671ea0d601a761732a8072573aad80026223bc63313
GET /hls2/01/03512/3g1hcyv8fxj1_x/seg-1-v1-a1.ts?t=mUqeHBPzgYUn7mF2dxk1eHuJcvKbKHekjWqhHNq3_7I&s=1729962080&e=10800&f=20230026&srv=26&asn=50304&sp=5500&p= HTTP/1.1
Host: be7713.rcr82.waw05.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://6oszwqmr.xyz
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Oct 2024 17:01:21 GMT
Content-Type: video/MP2T
Content-Length: 3811520
Connection: keep-alive
Last-Modified: Sun, 19 Nov 2000 08:52:00 GMT
Expires: Mon, 28 Oct 2024 07:53:50 GMT
ETag: "5f693e80-3a28c0"
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Accept-Ranges: bytes
GET 6oszwqmr.xyz/adcgi?id=37360452
504 Gateway Timeout 6.3 kB URL GET HTTP/3 6oszwqmr.xyz/adcgi?id=37360452
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
File type HTML document, ASCII text, with very long lines (394)
Hash d72be95d70c4481261a2ece2dedcc43f
4495ebdf44d5289ea65047b08f1a6e1660dd41ae
07fd02d453951629a5bc0d203189c01cc4501b85ac3500ad55c823786423cded
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /adcgi?id=37360452 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 504 Gateway Timeout
date: Sat, 26 Oct 2024 17:01:22 GMT
content-type: text/html; charset=UTF-8
content-length: 6323
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mDjmb%2FfynYw1jn7SLjdETa4mPyHScUmy31CIdB472tnuxFx97xSJqdaPS7wPkoB2maG3f87dPiInqEg4ZP7%2FoPzWSbx%2BPaUpAeKjDOOea5ysKv8edrdPgwcVT4RPGck%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 8d8c02062c851c16-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=26630&sent=338&recv=28&lost=0&retrans=0&sent_bytes=370658&recv_bytes=5239&delivery_rate=18483&cwnd=190800&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=2094&x=1", cfExtPri, cfHdrFlush;dur=0
GET uqqmj868.xyz/
302 Found 0 B IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subjectuqqmj868.xyz
Fingerprint80:B4:6F:5F:E3:AB:82:94:A6:D1:DE:33:8A:98:26:6B:A3:88:64:8D
ValidityTue, 24 Sep 2024 06:01:54 GMT - Mon, 23 Dec 2024 06:01:53 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: uqqmj868.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 26 Oct 2024 17:01:29 GMT
content-type: text/html; charset=UTF-8
location: https://epededonemile.com/?fmon=1100117
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ocWYaGx4Zo%2F5oZv9mNmZywZ2pIp4n%2BfrEHAQ3QzTDx7felChYPCLNIY7ucDDZg7TtxPengkmkyugJ%2FEW4C01n%2B8bXfzhf3MIzGh9HFA%2BX%2FWGnw69UTCiM1tYcxz0M6A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d8c02314f4f712f-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16543&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3279&recv_bytes=1258&delivery_rate=260963&cwnd=253&unsent_bytes=0&cid=2d8dd95e7b53f76b&ts=77&x=0"
X-Firefox-Spdy: h2
GET xml.zaimads.com/click?i=GQQmB-booNk_0
302 Found 0 B URL GET HTTP/1.1 xml.zaimads.com/click?i=GQQmB-booNk_0
IP
ASN #27257 WEBAIR-INTERNET
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGlobalSign nv-sa
Subject*.zaimads.com
Fingerprint35:9B:E2:0D:4B:C6:AF:A3:5A:9C:F9:0A:2A:75:9D:DE:60:25:92:AD
ValidityWed, 24 Jan 2024 10:07:47 GMT - Mon, 24 Feb 2025 10:07:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=GQQmB-booNk_0 HTTP/1.1
Host: xml.zaimads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6oszwqmr.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 26 Oct 2024 17:01:30 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://ko.imidesestreat.com/iDyQ5E4TGiziUC/MoeON
GET 6oszwqmr.xyz/player/jw8_26/jwplayer.js?v=5.0.2
200 OK 43 kB URL GET HTTP/3 6oszwqmr.xyz/player/jw8_26/jwplayer.js?v=5.0.2
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65511)
Hash f91de142eed44442bad231961488c5d0
ea6c79968011a5b59e444d792f7ab048a1f7e31d
b3031ee0f2674c203fe1400df12a96148c4bed344553fc9063c3846ba8466295
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /player/jw8_26/jwplayer.js?v=5.0.2 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 05 Apr 2024 14:58:43 GMT
etag: W/"661011a3-1b351"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 361674
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d6Yc8w7Qin9vOcszLvSYcgFZDxT4Ikkm9JxNA1ulp7tRW5owiLkfun2qv9qAb1llK2veJB6eto%2FyXUtD%2FyE%2B123G7WVHKJpSwaZ4vyPOvEo5D0VQ60kTwgtHO190bf8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fb1d7e1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30458&sent=27&recv=13&lost=0&retrans=0&sent_bytes=16206&recv_bytes=3090&delivery_rate=15284&cwnd=12000&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=246&x=1", cfExtPri, cfHdrFlush;dur=25
GET ko.imidesestreat.com/iDyQ5E4TGiziUC/MoeON
200 OK 61 B URL GET HTTP/1.1 ko.imidesestreat.com/iDyQ5E4TGiziUC/MoeON
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerLet's Encrypt
Subjectko.imidesestreat.com
Fingerprint8A:31:53:E8:0A:89:F0:54:A6:B4:6E:7C:D0:10:9B:F1:59:1D:84:C4
ValiditySat, 31 Aug 2024 00:42:25 GMT - Fri, 29 Nov 2024 00:42:24 GMT
File type HTML document, ASCII text, with no line terminators
Hash 86733bb66fb84b851592d733e51f0cbd
42eaf19a5ca195667a9212b0ea3557eee76954a8
927676bdf7f1bdcd71f06cc0d9fa573791b12c905629d806851624687c4b4a0d
GET /iDyQ5E4TGiziUC/MoeON HTTP/1.1
Host: ko.imidesestreat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6oszwqmr.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Oct 2024 17:01:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 27-Oct-2024 17:01:30 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sun, 27-Oct-2024 17:01:30 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
GET 6oszwqmr.xyz/js/jquery.js
200 OK 90 kB URL GET HTTP/3 6oszwqmr.xyz/js/jquery.js
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/jquery.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
etag: W/"603e8adc-15d9d"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 361674
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=28VvdwIFmxf3Ndy6LoYK23gX%2FXFTLvBl6PSM0i2IDg3FLjUX8OtSqxsU5glQjTeEFOxs0ihBCQEbuOv%2FMur1Tw4k6gDOk0AKYe8a1No3CE9JVsRoUFlsAduEy2pu3OQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fb1d621c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30458&sent=17&recv=13&lost=0&retrans=0&sent_bytes=4206&recv_bytes=3090&delivery_rate=15284&cwnd=12000&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=230&x=1", cfExtPri, cfHdrFlush;dur=0
GET epededonemile.com/?fmon=1100117
302 Found 52 B URL GET HTTP/2 epededonemile.com/?fmon=1100117
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerAmazon
Subjectepededonemile.com
Fingerprint46:83:A9:71:37:5C:CA:E8:CC:04:0A:4C:B6:4D:C4:FF:85:97:F1:1B
ValidityTue, 08 Oct 2024 00:00:00 GMT - Thu, 06 Nov 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?fmon=1100117 HTTP/1.1
Host: epededonemile.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://6oszwqmr.xyz/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://xml.zaimads.com/click?i=GQQmB-booNk_0
date: Sat, 26 Oct 2024 17:01:29 GMT
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=2237cece-26cd-42d9-af95-555cff9b0af9
x-cache: Miss from cloudfront
via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -u4r88adxN8WmpWTBRFQdH9ioBvklS6QPzYRXnantZpIqLtUajMdLg==
X-Firefox-Spdy: h2
GET 6oszwqmr.xyz/js/ls.js
200 OK 2.1 kB IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
File type JavaScript source, ASCII text, with very long lines (2079), with no line terminators
Hash 66b63b5fefbe179c0fd09e63c11b7e12
e657b7d46921bec0bcbd746339ccc03ef4690036
52eb05218aa889bcc3b78062d496c747a04db5126648bd3a57cf8c43e3039bf2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/ls.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 14 Feb 2023 11:28:54 GMT
etag: W/"63eb7076-80f"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 361674
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MQq%2BXmbfe0SMRldYCJs1GAd2Ud36xT0wp%2BB%2BcR0FJ9o76iD6iVuIjlQuKevwkZpwpDogvJaZoojOm2DRsVPatlHc20geLUI2vZMVBdVBvDfLxHZGeSJs3L4hoL18yfs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fb1d761c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30458&sent=27&recv=13&lost=0&retrans=0&sent_bytes=16206&recv_bytes=3090&delivery_rate=15284&cwnd=12000&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=232&x=1", cfExtPri, cfHdrFlush;dur=18
GET ieyri61b.xyz/js/dwarf.js
200 OK 71 kB IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subjectieyri61b.xyz
Fingerprint7C:03:59:1C:CB:57:4A:11:C0:F0:35:06:50:5D:94:B0:83:E1:C7:6A
ValiditySun, 29 Sep 2024 09:41:52 GMT - Sat, 28 Dec 2024 09:41:51 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Hash 645c49c2f4d766a0f53aebc6f39c84be
2cf649c9048d567904389d8032e28f9b82e688f8
637717a3de6b2f9043510f3c9df0ea404eee6df9d6c99a528b4603c590858811
GET /js/dwarf.js HTTP/1.1
Host: ieyri61b.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 07:44:38 GMT
etag: W/"6704e2e6-1154e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 862
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fDbqVVq%2B%2BsNa10SXt%2BomAFbmAew4VuEPBD8Ecu2%2F8TBkPkV%2FQP2kWk4FMDnE5vIVWgF53DSj2cH85QEKME%2BB9uHuTy3Yiq2bP3As8ENwEVk6wOOpO85%2Bd%2FxJvBLcxrs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fbbf95b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=17641&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3203&recv_bytes=1055&delivery_rate=260666&cwnd=254&unsent_bytes=0&cid=b94a6cdfa2dbc8b3&ts=72&x=0"
X-Firefox-Spdy: h2
GET 6oszwqmr.xyz/js/jquery.cookie.js
200 OK 4.3 kB URL GET HTTP/3 6oszwqmr.xyz/js/jquery.cookie.js
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
File type JavaScript source, ASCII text, with very long lines (4427), with no line terminators
Hash c8a0b7f16c38377537c6ab251cb5bc72
528e37de81abf523b92ce0b457cb593983ed347a
e31179e4a4fffc7faee4f95d4f67ce056d12a57c451dee1dae3e9062b126a00e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/jquery.cookie.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 31 May 2011 12:53:56 GMT
etag: W/"4de4e4e4-10eb"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 361674
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5exmB0rKylyquaOWjAzL1yYktIHZVL33kYv%2BzXiU6L2J4msZwib9vWuzZMPIn5jdrab4vvIg2VpyHZbeNwS63pCMHyUg2Updaj2BqMVskWCl%2B%2FxwIsliUYfPCWqR7Gw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fb1d6c1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30458&sent=27&recv=13&lost=0&retrans=0&sent_bytes=16206&recv_bytes=3090&delivery_rate=15284&cwnd=12000&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=232&x=1", cfExtPri, cfHdrFlush;dur=18
GET 6oszwqmr.xyz/player/jw8/vast.js
200 OK 107 kB URL GET HTTP/3 6oszwqmr.xyz/player/jw8/vast.js
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 107 kB (107114 bytes)
Hash 3cd85ca1814c3fd976764bf6b83b989d
90e931622205c6adfbc75cfe681563a127580f05
2e4fe3d8b3565a3f8b5ec0ecfe0e5f26a756401b6847dd475327793da41897f5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /player/jw8/vast.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 08 Sep 2022 10:34:42 GMT
etag: W/"6319c542-1a26a"
expires: Thu, 31 Oct 2024 23:54:11 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 148029
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R0c4MhzayGFZQy7zk9okWuXwL%2BtMtYiKyvuqblguNMHa4u9wH8y46yFqI8SCsdOnZLxWQtljPjMEJGSMpUF2kXSiUs4V3kQ3CEtRkD50kHcX%2BIkMpc8n6marubvoRXk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fd0ff71c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27484&sent=111&recv=18&lost=0&retrans=0&sent_bytes=108015&recv_bytes=3544&delivery_rate=1028130&cwnd=96000&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=536&x=1", cfExtPri, cfHdrFlush;dur=0
GET 6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
200 OK 16 kB URL User Request GET HTTP/2 6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
IP
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
File type JavaScript source, ASCII text, with very long lines (6496), with CRLF, LF line terminators
Hash 69262aa5ae09f31ea7e5388e3cf001f8
f7a8893a68347a55ee980e5f6c8311578e756029
5f34fcbe2f89a33c4ce5c1fd9f3ee459e0fc98f5f92bb17d0450019a21755aad
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cwns/2csi1px0ojux?referer=bflix.sh HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: text/html; charset=UTF-8
expires: Fri, 25 Oct 2024 17:01:20 GMT
set-cookie: lang=1; domain=.6oszwqmr.xyz; path=/; HttpOnly
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mrdLMugYhqXO94CDaSu4StsFsUwZYnfAvTK1RRUruJFpipPEbbbLdPWKFpIyfpyPBhWlWbgu%2BzLa33%2FX6Ov5zbxoWrUOTUGpHEzZZrbfpibsMn4RhMKfLYTCrDw%2FOj8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d8c01f7eccc7127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=20293&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3201&recv_bytes=1141&delivery_rate=203332&cwnd=254&unsent_bytes=0&cid=3d07e781e0e5742f&ts=335&x=0"
X-Firefox-Spdy: h2
GET 6oszwqmr.xyz/js/xupload.js
200 OK 11 kB URL GET HTTP/3 6oszwqmr.xyz/js/xupload.js
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
File type JavaScript source, ASCII text
Hash 2609e3a9490dcfe748407d3af317c472
af55b2b16e9190e09407f67ffae4ca705ea6f112
c3c7c3de97ef15965def93fc9317e82854b979aa1a7980fde49b873a04aab85d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /js/xupload.js HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 04 Aug 2021 13:41:52 GMT
etag: W/"610a9920-2a73"
expires: Tue, 29 Oct 2024 12:33:26 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 361674
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CSjNIwe7x91YOOxm47mZYg6YtFwmkL3RFy1Mh9O98dWCiPixgubXzcxm20aqJQOL2CnJ25XINSRTRCGaBJ6EP3sXz6VYLpmRg5dFza5a0R6dGKtWCOCrpQtZU4r3mD0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fb1d661c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30458&sent=27&recv=13&lost=0&retrans=0&sent_bytes=16206&recv_bytes=3090&delivery_rate=15284&cwnd=12000&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=239&x=1", cfExtPri, cfHdrFlush;dur=11
GET 6oszwqmr.xyz/player/jw8_26/jwplayer.core.controls.js?v=2
200 OK 327 kB URL GET HTTP/3 6oszwqmr.xyz/player/jw8_26/jwplayer.core.controls.js?v=2
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
Size 327 kB (326903 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /player/jw8_26/jwplayer.core.controls.js?v=2 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 03 Apr 2024 09:09:34 GMT
etag: W/"660d1cce-4fcf7"
expires: Tue, 29 Oct 2024 12:34:09 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 361631
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g4JZt5MIPG7c%2BhacxxW3iPvpl3Wxq4lOCykFuEcCvodsWgY4V2GcSH6OdxMXVckx8Ba0YA%2B0tHZAO3rWUuXGHv50GMw30SPUJmYWh9gGeZnHRpWoPa0nP2V9ZHmksDs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fd68781c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=26922&sent=149&recv=22&lost=0&retrans=0&sent_bytes=147903&recv_bytes=4482&delivery_rate=921056&cwnd=96000&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=611&x=1", cfExtPri, cfHdrFlush;dur=0
GET be7713.rcr82.waw05.cdn112.com/hls2/01/03512/3g1hcyv8fxj1_x/master.m3u8?t=mUqeHBPzgYUn7mF2dxk1eHuJcvKbKHekjWqhHNq3_7I&s=1729962080&e=10800&f=20230026&srv=26&asn=50304&sp=5500&p=
200 OK 333 B URL GET HTTP/1.1 be7713.rcr82.waw05.cdn112.com/hls2/01/03512/3g1hcyv8fxj1_x/master.m3u8?t=mUqeHBPzgYUn7mF2dxk1eHuJcvKbKHekjWqhHNq3_7I&s=1729962080&e=10800&f=20230026&srv=26&asn=50304&sp=5500&p=
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerLet's Encrypt
Subjectcdn112.com
FingerprintBF:1B:3E:F6:7F:6E:FD:9C:0A:46:8A:AF:5D:BF:95:13:CA:EB:F4:C7
ValidityFri, 20 Sep 2024 01:55:16 GMT - Thu, 19 Dec 2024 01:55:15 GMT
File type M3U playlist, ASCII text, with very long lines (339), with no line terminators
Hash c97e514a25f2ef29472f8312f58920ce
156ccad4b3bff0c887af875e2d56990c4ccba1ef
4e75f02aec8bbbc68de6003770aaa81c168b7d88def76335adbc7c92489310a6
GET /hls2/01/03512/3g1hcyv8fxj1_x/master.m3u8?t=mUqeHBPzgYUn7mF2dxk1eHuJcvKbKHekjWqhHNq3_7I&s=1729962080&e=10800&f=20230026&srv=26&asn=50304&sp=5500&p= HTTP/1.1
Host: be7713.rcr82.waw05.cdn112.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://6oszwqmr.xyz
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Oct 2024 17:01:21 GMT
Content-Type: application/vnd.apple.mpegurl
Last-Modified: Sat, 26 Oct 2024 17:01:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 28 Oct 2024 07:53:50 GMT
Access-Control-Allow-Origin: *
Cache-Control: max-age=259200, no-store, no-cache
Sprint-Cache: HIT
Content-Encoding: gzip
GET 6oszwqmr.xyz/player/jw8_26/provider.hlsjs.js?v=2
200 OK 423 kB URL GET HTTP/3 6oszwqmr.xyz/player/jw8_26/provider.hlsjs.js?v=2
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
Size 423 kB (422959 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /player/jw8_26/provider.hlsjs.js?v=2 HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 05 Apr 2024 14:57:50 GMT
etag: W/"6610116e-6742f"
expires: Tue, 29 Oct 2024 12:34:09 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 361631
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=utSfU8g%2BxOAW4z1zOC0lDPAzTg1z67s32sFmyjAtyuW8fKwvSz7WVahywSEg6DNbtByTmLZW3QVZe3lo5D1o9ceI6y6zJtQDXPDrAEyN27wjB4dEZ5vepaWTNGiHpRY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fd787f1c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=26922&sent=224&recv=22&lost=0&retrans=0&sent_bytes=237567&recv_bytes=4482&delivery_rate=921056&cwnd=96000&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=619&x=1", cfExtPri, cfHdrFlush;dur=0
GET 6oszwqmr.xyz/favicon.ico
200 OK 1.2 kB IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subject6oszwqmr.xyz
Fingerprint2A:E1:7C:BD:92:46:C2:FF:11:03:8B:CC:44:03:FF:5D:95:3A:EC:0C
ValidityFri, 27 Sep 2024 13:41:49 GMT - Thu, 26 Dec 2024 13:41:48 GMT
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Hash f7b404d04734d64575f577b506c22a06
485d344ea5ace3529dd472f3fadaa621f046eaf5
c53b6a1e519b835191c058325f17d0f3ea15e1507ca47313c94cc54b68741500
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: 6oszwqmr.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Cookie: lang=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sat, 26 Oct 2024 17:01:20 GMT
content-type: image/x-icon
last-modified: Mon, 02 Feb 2015 19:26:28 GMT
etag: W/"54cfcf64-47e"
expires: Sun, 27 Oct 2024 23:32:39 GMT
cache-control: max-age=604800
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 494921
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W%2FwPXhI7udItRD53bdI7UoP2sBKtZZLotuiZ1cFPwMmUseQta6IhJMDx0U0JF6hdzBDGuxnXhpQR45CX1RYzZmJ%2FWsn521G3MGFBR9yua0p6TfgdpinGqMw1X29mq%2BI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01fdf9261c16-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=25013&sent=336&recv=26&lost=0&retrans=0&sent_bytes=369559&recv_bytes=4921&delivery_rate=2985979&cwnd=190800&unsent_bytes=0&cid=0b82d2f83f6b84de&ts=692&x=1", cfExtPri, cfHdrFlush;dur=0
GET videothumbs.me/2csi1px0ojux.jpg
200 OK 22 kB URL GET HTTP/2 videothumbs.me/2csi1px0ojux.jpg
IP
Requested by https://6oszwqmr.xyz/cwns/2csi1px0ojux?referer=bflix.sh
Certificate IssuerGoogle Trust Services
Subjectvideothumbs.me
FingerprintC1:4F:45:F9:18:0B:29:97:8B:ED:6F:9D:8C:05:3F:CB:88:3E:D2:BF
ValidityWed, 18 Sep 2024 10:33:09 GMT - Tue, 17 Dec 2024 10:33:08 GMT
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc59.32.100", baseline, precision 8, 720x405, components 3
Hash 9d0e89bacd21c2eeb9fefd7ed891b1d7
35dd38abd9f5ce7172e8efc5328628ee825e49e1
72e324267f7b65cf5fc7b6a18f64e09fea1e040b1d98511a41bf7e38dc4a51a0
GET /2csi1px0ojux.jpg HTTP/1.1
Host: videothumbs.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://6oszwqmr.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 26 Oct 2024 17:01:21 GMT
content-type: image/jpeg
content-length: 22296
last-modified: Fri, 14 Apr 2023 03:33:25 GMT
etag: "6438c985-5718"
expires: Sat, 02 Nov 2024 03:22:44 GMT
cache-control: max-age=31536000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=towG5TQM40LW%2Bi6Umiqw1mENqqnFdO1FpOH%2FJQAm2u0%2BAK9Qm6Q74X%2FetAp37RFvx2dkSnMEbyr21dbo088t3E%2BtsDAhM2MslmuiLoumHTgeW0Kw35PJvHD2f9swlniutA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d8c01ffbe40568e-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=22464&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3259&recv_bytes=1203&delivery_rate=169416&cwnd=253&unsent_bytes=0&cid=0ebf1381baaf03cd&ts=264&x=0"
X-Firefox-Spdy: h2
172.67.148.253
54.240.174.116
188.114.96.1
178.171.122.244