GET cdn.creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js
200 OK 84 kB URL
cdn.creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js
IP / ASN
104.21.64.1
#13335 CLOUDFLARENET
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators
First Seen 2023-03-07
Last Seen 2025-08-02
Times Seen 2455
Size 84 kB (84384 bytes)
MD5 6326c600df01e3bfb9b40e1aa08176f8
SHA1 6b4fb754d29b297b539bf62ba9b4eaf0f33f314a
SHA256 df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3
Certificate Info
Issuer Google Trust Services
Subject creative-sb1.com
Fingerprint CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B
Validity Tue, 01 Jul 2025 14:01:22 GMT - Mon, 29 Sep 2025 14:59:36 GMT
GET /sb/interstitial/utility/robot/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-sb1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:34 GMT
content-type: application/javascript
server: cloudflare
last-modified: Thu, 12 Dec 2024 14:36:25 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=JWHlD6B78P6kEIL6SrFJfP%2B8SI1bxbGX7CjkEglfXvF6OT%2BI1U%2BUbT8qD2CBD9RZztRMYurR47sEk9XlSaL2MBHvEgYUSz%2F3vYuF%2BHem%2FIICnA%3D%3D"}]}
age: 1123222
cf-cache-status: HIT
etag: W/"675af4e9-149a0"
content-encoding: br
cf-ray: 962a66bf0f6c0b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdn.creative-sb1.com/sb/interstitial/utility/robot/3/js/script.js
200 OK 8.3 kB URL
cdn.creative-sb1.com/sb/interstitial/utility/robot/3/js/script.js
IP / ASN
104.21.64.1
#13335 CLOUDFLARENET
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type Unicode text, UTF-8 text
First Seen 2025-07-05
Last Seen 2025-07-26
Times Seen 118
Size 8.3 kB (8335 bytes)
MD5 5095f58af63fd8065c2a2d9b2a876619
SHA1 c8b45443a779404214368ee7554c12561d245693
SHA256 d675bd49116ef0ee66784ef278bc42e86d664aa5f8e62ddc3b9b503dbf6d53e6
Certificate Info
Issuer Google Trust Services
Subject creative-sb1.com
Fingerprint CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B
Validity Tue, 01 Jul 2025 14:01:22 GMT - Mon, 29 Sep 2025 14:59:36 GMT
GET /sb/interstitial/utility/robot/3/js/script.js HTTP/1.1
Host: cdn.creative-sb1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:35 GMT
content-type: application/javascript
server: cloudflare
last-modified: Tue, 08 Apr 2025 15:04:49 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=2QBQX5arslxVOpTxWwp4QD0ncg8YM7DlMX5LmmQmxpi6tN3IUmHAL4dZxNMpWscy8chCp5MwWng0gZ0cJ5KcwrA6Im1ADSHjXeUTBDMb6Jmokw%3D%3D"}]}
cf-cache-status: MISS
etag: W/"67f53b11-208f"
content-encoding: br
cf-ray: 962a66c0290d0b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET skinnycrawlinglax.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css&l=45054&fd=563
200 OK 0 B URL
skinnycrawlinglax.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css&l=45054&fd=563
IP / ASN
192.243.59.20
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject skinnycrawlinglax.com
Fingerprint 4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97
Validity Sat, 28 Jun 2025 22:21:33 GMT - Fri, 26 Sep 2025 22:21:32 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css&l=45054&fd=563 HTTP/1.1
Host: skinnycrawlinglax.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: uid_id2=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl24804225=1; slec18f2b048ab65b52e6e50de68b648de38=[6047961]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:34 GMT
Content-Length: 0
Connection: keep-alive
Host: skinnycrawlinglax.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET fonts.gstatic.com/s/worksans/v23/QGYqz_wNahGAdqQ43Rh_eZDrv_0.woff2
200 OK 48 kB URL
fonts.gstatic.com/s/worksans/v23/QGYqz_wNahGAdqQ43Rh_eZDrv_0.woff2
IP / ASN
142.250.178.99
#15169 GOOGLE
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type Web Open Font Format (Version 2), TrueType, length 48172, version 1.0
First Seen 2025-06-04
Last Seen 2025-07-31
Times Seen 446
Size 48 kB (48172 bytes)
MD5 c285ff9337531c8844a85a72ec8956d2
SHA1 dd64ed9586fea40aaa156fec6305231b0c5c524d
SHA256 13c7094295f54425e2f21aeadcbe7f240bd0b08491c3aae2e506787b647084f1
Certificate Info
Issuer Google Trust Services
Subject *.gstatic.com
Fingerprint 9A:5E:6D:44:D8:FB:03:E5:9A:13:6D:FF:53:DA:1C:8C:EA:3A:A7:AA
Validity Mon, 23 Jun 2025 08:41:27 GMT - Mon, 15 Sep 2025 08:41:26 GMT
GET /s/worksans/v23/QGYqz_wNahGAdqQ43Rh_eZDrv_0.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48172
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Jul 2025 17:34:08 GMT
expires: Tue, 14 Jul 2026 17:34:08 GMT
cache-control: public, max-age=31536000
age: 583344
last-modified: Thu, 29 May 2025 23:38:46 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET mallowessencedialect.com/18/85/39/1885394a44ed5048c0ebbf62a9abf92d.js
200 OK 106 kB URL
mallowessencedialect.com/18/85/39/1885394a44ed5048c0ebbf62a9abf92d.js
IP / ASN
192.243.59.13
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
First Seen 2025-07-21
Last Seen 2025-07-21
Times Seen 1
Size 106 kB (106168 bytes)
MD5 27f010b75f0929eaf6bc8f8a18046e06
SHA1 c5678e6cb70fa8ab5a7899e68734961589d9f2cb
SHA256 2bba399724a206f2cd5940b7f0e373ffd42b1ada1e67458c06c18f5d1f536fd4
Certificate Info
Issuer Let's Encrypt
Subject mallowessencedialect.com
Fingerprint 83:27:60:20:5C:EA:21:00:2A:D7:CB:70:D1:90:92:EF:DC:FC:26:41
Validity Wed, 09 Jul 2025 21:29:46 GMT - Tue, 07 Oct 2025 21:29:45 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /18/85/39/1885394a44ed5048c0ebbf62a9abf92d.js HTTP/1.1
Host: mallowessencedialect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:32 GMT
Content-Type: application/javascript
Content-Length: 32828
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: mallowessencedialect.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 8c940bfe3744d9505490a16138ce15d2
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET cdn.storageimagedisplay.com/cti/e9/d1/97/e9d197f94b7451153825e1722900f213/1707820556.png
200 OK 129 kB URL
cdn.storageimagedisplay.com/cti/e9/d1/97/e9d197f94b7451153825e1722900f213/1707820556.png
IP / ASN
45.133.44.1
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type PNG image data, 320 x 240, 8-bit/color RGB, non-interlaced
First Seen 2024-02-13
Last Seen 2025-07-29
Times Seen 44
Size 129 kB (129395 bytes)
MD5 7f8fcc0c5a760a70947f6baca1c9d7ee
SHA1 a424bced4243e2a23da8f1fdbc06a7fd40069be6
SHA256 0bdb7a61351ff1fc127ff9c0b26ffc1d242957f00833476169ddf1578012c480
Certificate Info
Issuer Let's Encrypt
Subject cdn.storageimagedisplay.com
Fingerprint 06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9
Validity Thu, 10 Jul 2025 02:33:11 GMT - Wed, 08 Oct 2025 02:33:10 GMT
GET /cti/e9/d1/97/e9d197f94b7451153825e1722900f213/1707820556.png HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:33 GMT
content-type: image/png
content-length: 129395
server: nginx/1.21.6
last-modified: Tue, 13 Feb 2024 10:36:04 GMT
etag: "65cb4614-1f973"
expires: Wed, 23 Jul 2025 11:36:33 GMT
cache-control: max-age=172800
x-cdn-host-id: ah0543
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET mallowessencedialect.com/ren.gif?sid=H4sIAAAAAAAC_1RSwYscxReu3swpv8MPQ1T0NHgQBZnt7umZzJhDNIkJwTGJSSSgp6qu6tlya7raqu7pyQRkcUFynIOCeur9Zjerawj6BwjLrBdZFOyL7CGrIvgPCMGj9GRg9EG_977-quB936uPt7Jj0kRGj66_pcdSKbraarj1l27LmOvc1q_eqntuwz1bvy3jdnC2PqqSGb7qNYOG-3L9sgjX9arveq7ruV79kjQi0qPVOQuZPOh6ja7bCPyG1wowMv_FNnNgqQM-PCanIHn5_z-i9yDDGeLBNxeFXU918sobg0zRVBsM-e478Xqs8xiDZRsZB1G8uzgNbUtCPluBjncXCqCH25UCMFmSlWcegcW7izHBhjtPJmUKIgbj_0M-nEGoGSSdIdSbkPxnAoQcV68hHty_qk1O7zxhacWWpPb4L8i8JLVHpxEPHp5XclS_qVWWSh1bjKICcjSD7M-QZAdIxyuQ-QHC9CNI_hNZfdxDPNi-ZpWG5MVcvYxmoNZBVn3SQRY5yBIHA35UD9xOEHq02Y66PDzjBjQIuGBut-O7Lu2GZ5CF1VgTpMkEoZogNBtIzAbW5QQm24ddK2C5A5uWxHl7A0NeIBcEuSXIKUEuCfKUIB8WO1xZ3xb3ubIZ8xbVX9RmMdVpf4vu6LQvYgJqJjC82JbJB3YTYXpiOo4sn-oqUZYWU8p4sZUck6cq15y7h79hXRzVWRRxT3hBu9tirNOOXOGLyG9zJtiZZtf3YWUBaVfmhoxlSS489yMSWZIX_vwUjB7AqgOE0gHNPNC8AF0rMI73QhmLvm4orcB1gSStIb3jbKlj8vx8a-9-eQ4iPDyXjn-__PD0XYSmQGIKvC-_J-ire9MbOifbN3RuybfXklQO5JhWG72Z0lSc2HtT3Mm14Vcu2slXr4cVUbUPbgmb9mjMZdy35OvzknNhLmkTCvLdFXtbsOuZXTufmThLetcvXLoySIywVup4BipLcnJ_D6EsyalfNuevtXn5b0gzg8kKDLJDsgiEyQZsssRWExi1xCw5gTwrpsZny59KEiixxJQVsP_CbNlPDa1uU1ls2Xvomxpouol4UGBoCgxVAaomsNnJaZqYw3M_fF7FF2CqNmXK1LaZMuqTkvSefrYkvc6vc7NL0pP7sPKo3vJZs93ptEXU5lGTN_0m77Zc0Q1otx10gxZSW659-OJr_wQAAP__7bm1HpoEAAA=
200 OK 0 B URL
mallowessencedialect.com/ren.gif?sid=H4sIAAAAAAAC_1RSwYscxReu3swpv8MPQ1T0NHgQBZnt7umZzJhDNIkJwTGJSSSgp6qu6tlya7raqu7pyQRkcUFynIOCeur9Zjerawj6BwjLrBdZFOyL7CGrIvgPCMGj9GRg9EG_977-quB936uPt7Jj0kRGj66_pcdSKbraarj1l27LmOvc1q_eqntuwz1bvy3jdnC2PqqSGb7qNYOG-3L9sgjX9arveq7ruV79kjQi0qPVOQuZPOh6ja7bCPyG1wowMv_FNnNgqQM-PCanIHn5_z-i9yDDGeLBNxeFXU918sobg0zRVBsM-e478Xqs8xiDZRsZB1G8uzgNbUtCPluBjncXCqCH25UCMFmSlWcegcW7izHBhjtPJmUKIgbj_0M-nEGoGSSdIdSbkPxnAoQcV68hHty_qk1O7zxhacWWpPb4L8i8JLVHpxEPHp5XclS_qVWWSh1bjKICcjSD7M-QZAdIxyuQ-QHC9CNI_hNZfdxDPNi-ZpWG5MVcvYxmoNZBVn3SQRY5yBIHA35UD9xOEHq02Y66PDzjBjQIuGBut-O7Lu2GZ5CF1VgTpMkEoZogNBtIzAbW5QQm24ddK2C5A5uWxHl7A0NeIBcEuSXIKUEuCfKUIB8WO1xZ3xb3ubIZ8xbVX9RmMdVpf4vu6LQvYgJqJjC82JbJB3YTYXpiOo4sn-oqUZYWU8p4sZUck6cq15y7h79hXRzVWRRxT3hBu9tirNOOXOGLyG9zJtiZZtf3YWUBaVfmhoxlSS489yMSWZIX_vwUjB7AqgOE0gHNPNC8AF0rMI73QhmLvm4orcB1gSStIb3jbKlj8vx8a-9-eQ4iPDyXjn-__PD0XYSmQGIKvC-_J-ire9MbOifbN3RuybfXklQO5JhWG72Z0lSc2HtT3Mm14Vcu2slXr4cVUbUPbgmb9mjMZdy35OvzknNhLmkTCvLdFXtbsOuZXTufmThLetcvXLoySIywVup4BipLcnJ_D6EsyalfNuevtXn5b0gzg8kKDLJDsgiEyQZsssRWExi1xCw5gTwrpsZny59KEiixxJQVsP_CbNlPDa1uU1ls2Xvomxpouol4UGBoCgxVAaomsNnJaZqYw3M_fF7FF2CqNmXK1LaZMuqTkvSefrYkvc6vc7NL0pP7sPKo3vJZs93ptEXU5lGTN_0m77Zc0Q1otx10gxZSW659-OJr_wQAAP__7bm1HpoEAAA=
IP / ASN
172.240.108.84
#7979 SERVERS-COM
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject mallowessencedialect.com
Fingerprint 83:27:60:20:5C:EA:21:00:2A:D7:CB:70:D1:90:92:EF:DC:FC:26:41
Validity Wed, 09 Jul 2025 21:29:46 GMT - Tue, 07 Oct 2025 21:29:45 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC_1RSwYscxReu3swpv8MPQ1T0NHgQBZnt7umZzJhDNIkJwTGJSSSgp6qu6tlya7raqu7pyQRkcUFynIOCeur9Zjerawj6BwjLrBdZFOyL7CGrIvgPCMGj9GRg9EG_977-quB936uPt7Jj0kRGj66_pcdSKbraarj1l27LmOvc1q_eqntuwz1bvy3jdnC2PqqSGb7qNYOG-3L9sgjX9arveq7ruV79kjQi0qPVOQuZPOh6ja7bCPyG1wowMv_FNnNgqQM-PCanIHn5_z-i9yDDGeLBNxeFXU918sobg0zRVBsM-e478Xqs8xiDZRsZB1G8uzgNbUtCPluBjncXCqCH25UCMFmSlWcegcW7izHBhjtPJmUKIgbj_0M-nEGoGSSdIdSbkPxnAoQcV68hHty_qk1O7zxhacWWpPb4L8i8JLVHpxEPHp5XclS_qVWWSh1bjKICcjSD7M-QZAdIxyuQ-QHC9CNI_hNZfdxDPNi-ZpWG5MVcvYxmoNZBVn3SQRY5yBIHA35UD9xOEHq02Y66PDzjBjQIuGBut-O7Lu2GZ5CF1VgTpMkEoZogNBtIzAbW5QQm24ddK2C5A5uWxHl7A0NeIBcEuSXIKUEuCfKUIB8WO1xZ3xb3ubIZ8xbVX9RmMdVpf4vu6LQvYgJqJjC82JbJB3YTYXpiOo4sn-oqUZYWU8p4sZUck6cq15y7h79hXRzVWRRxT3hBu9tirNOOXOGLyG9zJtiZZtf3YWUBaVfmhoxlSS489yMSWZIX_vwUjB7AqgOE0gHNPNC8AF0rMI73QhmLvm4orcB1gSStIb3jbKlj8vx8a-9-eQ4iPDyXjn-__PD0XYSmQGIKvC-_J-ire9MbOifbN3RuybfXklQO5JhWG72Z0lSc2HtT3Mm14Vcu2slXr4cVUbUPbgmb9mjMZdy35OvzknNhLmkTCvLdFXtbsOuZXTufmThLetcvXLoySIywVup4BipLcnJ_D6EsyalfNuevtXn5b0gzg8kKDLJDsgiEyQZsssRWExi1xCw5gTwrpsZny59KEiixxJQVsP_CbNlPDa1uU1ls2Xvomxpouol4UGBoCgxVAaomsNnJaZqYw3M_fF7FF2CqNmXK1LaZMuqTkvSefrYkvc6vc7NL0pP7sPKo3vJZs93ptEXU5lGTN_0m77Zc0Q1otx10gxZSW659-OJr_wQAAP__7bm1HpoEAAA= HTTP/1.1
Host: mallowessencedialect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl24890336=1; nlecbffd1e14695bb86f0e2ef26dbeb73922=[5941311]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 21 Jul 2025 11:36:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
access-control-allow-origin: *
vary: Origin
access-control-allow-credentials: true
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 2
Host: mallowessencedialect.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: da38160160eaeda68b6e47bf51d7a9cd
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET flix2day-cc1.pages.dev/img/icon4.jpg
404 Not Found 1.5 kB URL
flix2day-cc1.pages.dev/img/icon4.jpg
IP / ASN
104.21.32.1
#13335 CLOUDFLARENET
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type HTML document, ASCII text, with CRLF line terminators
First Seen 2025-05-10
Last Seen 2025-07-21
Times Seen 6
Size 1.5 kB (1545 bytes)
MD5 38712d628800346bdbf04c37f403e6b2
SHA1 69b4de0d45cf6b8bfe65c3e9b855f7c67b070316
SHA256 6d6f4f8aaff9026c4aec563c35c28ea2222c6564cad11b23bf9f795bf14f864a
Certificate Info
Issuer Google Trust Services
Subject flix2day-cc1.pages.dev
Fingerprint EE:DE:5D:15:B9:3F:9F:C5:7F:16:19:D8:C2:E9:F2:02:71:92:33:20
Validity Mon, 07 Jul 2025 13:24:06 GMT - Sun, 05 Oct 2025 14:21:31 GMT
GET /img/icon4.jpg HTTP/1.1
Host: flix2day-cc1.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e%3A1%3A1; sb_main_18f2b048ab65b52e6e50de68b648de38=1; sb_count_18f2b048ab65b52e6e50de68b648de38=1; m5a4xojbcp2nx3gptmm633qal3gzmadn=mallowessencedialect.com; pp_main_1885394a44ed5048c0ebbf62a9abf92d=1; pp_idelay_1885394a44ed5048c0ebbf62a9abf92d=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=skinnycrawlinglax.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Mon, 21 Jul 2025 11:36:33 GMT
content-type: text/html; charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LjqRsLCmIjEn0LrdoYmUTMxr6dQPfMnHJ7FhuZPp1iCqCxzL38FUE%2BnPI1ythwZ871EnssqDS6XvqZCPzN0YHe6c6kte7GDPML%2BkdUqFzYozFl2cHL8M4zA6nGTllCRJcJgFbLGf2%2FhV"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
content-encoding: br
cf-ray: 962a66bba8740b69-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5360&min_rtt=1040&rtt_var=3590&sent=93&recv=117&lost=0&retrans=1&sent_bytes=9535&recv_bytes=7125&delivery_rate=502368&ss_exit_cwnd=14940&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=5d58d736542b4c75&ts=2465&inflight_dur=98&x=40"
GET skinnycrawlinglax.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css&l=5407&fd=607
200 OK 0 B URL
skinnycrawlinglax.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css&l=5407&fd=607
IP / ASN
192.243.59.20
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject skinnycrawlinglax.com
Fingerprint 4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97
Validity Sat, 28 Jun 2025 22:21:33 GMT - Fri, 26 Sep 2025 22:21:32 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css&l=5407&fd=607 HTTP/1.1
Host: skinnycrawlinglax.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: uid_id2=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl24804225=1; slec18f2b048ab65b52e6e50de68b648de38=[6047961]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:34 GMT
Content-Length: 0
Connection: keep-alive
Host: skinnycrawlinglax.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET fonts.gstatic.com/s/oswald/v56/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZosUZiZQ.woff2
200 OK 13 kB URL
fonts.gstatic.com/s/oswald/v56/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZosUZiZQ.woff2
IP / ASN
142.250.178.99
#15169 GOOGLE
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type Web Open Font Format (Version 2), TrueType, length 12652, version 1.0
First Seen 2025-06-01
Last Seen 2025-08-01
Times Seen 208
Size 13 kB (12652 bytes)
MD5 ebf20fdd07d02ef86d4b3bcf49e7c314
SHA1 fb5c6919621f7bb270a6f5a4918f9cf5f83c8897
SHA256 437665a811748f9bb97603fedca00b007eae14745b283042b624b38682d33437
Certificate Info
Issuer Google Trust Services
Subject *.gstatic.com
Fingerprint 9A:5E:6D:44:D8:FB:03:E5:9A:13:6D:FF:53:DA:1C:8C:EA:3A:A7:AA
Validity Mon, 23 Jun 2025 08:41:27 GMT - Mon, 15 Sep 2025 08:41:26 GMT
GET /s/oswald/v56/TK3_WkUHHAIjg75cFRf3bXL8LICs1xZosUZiZQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12652
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Jul 2025 17:28:13 GMT
expires: Fri, 17 Jul 2026 17:28:13 GMT
cache-control: public, max-age=31536000
age: 324499
last-modified: Wed, 28 May 2025 17:24:13 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET skinnycrawlinglax.com/sbar.json?key=18f2b048ab65b52e6e50de68b648de38&uuid=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e%3A1%3A1
200 OK 6.0 kB URL
skinnycrawlinglax.com/sbar.json?key=18f2b048ab65b52e6e50de68b648de38&uuid=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e%3A1%3A1
IP / ASN
192.243.59.20
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type JSON text data
First Seen 2025-07-21
Last Seen 2025-07-21
Times Seen 1
Size 6.0 kB (6012 bytes)
MD5 cfc9e5f42306581c6658315db1794e47
SHA1 6d5e0d78ae7d96aa9df8374ce5499cdd7fca82c6
SHA256 e24675efcc9dfbc9a1d69edf9a2f1bd40a16cf0a9193e19c1c34f240f52032a1
Certificate Info
Issuer Let's Encrypt
Subject skinnycrawlinglax.com
Fingerprint 4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97
Validity Sat, 28 Jun 2025 22:21:33 GMT - Fri, 26 Sep 2025 22:21:32 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=18f2b048ab65b52e6e50de68b648de38&uuid=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e%3A1%3A1 HTTP/1.1
Host: skinnycrawlinglax.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:33 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Access-Control-Allow-Origin: https://flix2day-cc1.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e:1:1; expires=Mon, 28 Jul 2025 11:36:33 GMT; path=/; secure; SameSite=None
pdhtkv=true; expires=Tue, 22 Jul 2025 11:36:33 GMT; path=/; secure; SameSite=None
uncs=1; expires=Tue, 22 Jul 2025 11:36:33 GMT; path=/; secure; SameSite=None
pdhtkv29=true; expires=Tue, 22 Jul 2025 11:36:33 GMT; path=/; secure; SameSite=None
uncs29=1; expires=Tue, 22 Jul 2025 11:36:33 GMT; path=/; secure; SameSite=None
u_pl24804225=1; expires=Tue, 22 Jul 2025 11:36:33 GMT; path=/; secure; SameSite=None
slec18f2b048ab65b52e6e50de68b648de38=[6047961]; expires=Mon, 21 Jul 2025 11:36:38 GMT; path=/; secure; SameSite=None
Host: skinnycrawlinglax.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: db923a1ba376e6fa515efd1d26de87a1
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
GET mallowessencedialect.com/impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRuuzjefBz2I4g_0NHgQFZl0z3QmM-5hdXeNBMck7q4E9FTdVT0pU9PVVnVPT0bQYED2OAcX1FPlmWSj6yJ6FmGZeJGgsH3LYaMg-A8IiwcP0rMDs77Q7_s-_VTB8z5vfbqfnZEGMnq68ZYaCinp4lLNrb6wKWKmclNdu1r13Jp7rrop4qZ_rjook-6_4jX8mvti9Q0ebqvFuuu5rud61RWheaQGi1MWIrnV9mptt-bXa96Sj4H-LzaZA0MdsP4ZeRyCFY_-Eb0HEU4Q9767xM12qpKXX-9lkqZKo8-O3om3Y5XH6M3bSDuI4qPZaShTEPL5AlR8NJsAqn9QToBAFGThqbsI4qOZTAT9w_tKAwkeI2CPIO9PwOUEgk4Qqj0IdocAIcPaOuLejTWlc7pzn6UlW5DKvb8g8oJU7j6BuPftBSkG1StKZqlQscEgshCDCUR3giQ7RjpcgMiPEaafQLBfyeK9DuLewbqRCoLZ6fQimoAaB1n5CQdZ5CBLHPTYadV3W37o0UYzarNw2fWp7zMeuO1W3XVpO1xGFpayRkiTEUI5Qqh3kehdbIsRdHYbZsvCMAcmLYjz9i76zCLnBLkhyClBLgjylCDv20MmTd3YG0yaLPBmtT6rDTtWaXefHqq0y2MCqkfQzB6I5AOzhzD933gYGTZWZaJBasc0YHY_OSOPla45H578jm1-Wg2iiHnc85vtpSBoNSOX13lUb7KAB8uNdr0OIyyEWZgaMhQFufjML0hEQZ778zoCegwjjxEKBzTzQHMLumUxjG-GIuZdVZNKgimLJK0g3XH25Rl5drq1Tus38PCEzAKhtki0xfviJ4KuvDa-rHJycFnlhny_nqSiJ4a03OiVlKb8oZtv8p1cabZ6yYy-fi0sibK9dZWbtENjJuKuId9cEIxxvaJ0yMmPq2aTBxuZ2bqQ6ThLOhsXV1Z7iebGCBVPQMWd9b8RioL8_5_r07f60sc_QOgJdGbRyx5QmuzCJHNsFIGWcxwkC8gzO9b1YP5TCgLJ55gGFuYBHMz7sablbSrsvrmGrq6ApnuIexZ9bdGXFlSOYLKHx2miT87__EUZXyKQlXEgdeUgkFp-VpDOk09PXS7Iu1-dL0hH3IYRp9Woweuh67aWm16jFXGv4bMwWmr5bdakbqPBkZpi66PnX_03AAD__94AScSYBAAA
200 OK 0 B URL
mallowessencedialect.com/impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRuuzjefBz2I4g_0NHgQFZl0z3QmM-5hdXeNBMck7q4E9FTdVT0pU9PVVnVPT0bQYED2OAcX1FPlmWSj6yJ6FmGZeJGgsH3LYaMg-A8IiwcP0rMDs77Q7_s-_VTB8z5vfbqfnZEGMnq68ZYaCinp4lLNrb6wKWKmclNdu1r13Jp7rrop4qZ_rjook-6_4jX8mvti9Q0ebqvFuuu5rud61RWheaQGi1MWIrnV9mptt-bXa96Sj4H-LzaZA0MdsP4ZeRyCFY_-Eb0HEU4Q9767xM12qpKXX-9lkqZKo8-O3om3Y5XH6M3bSDuI4qPZaShTEPL5AlR8NJsAqn9QToBAFGThqbsI4qOZTAT9w_tKAwkeI2CPIO9PwOUEgk4Qqj0IdocAIcPaOuLejTWlc7pzn6UlW5DKvb8g8oJU7j6BuPftBSkG1StKZqlQscEgshCDCUR3giQ7RjpcgMiPEaafQLBfyeK9DuLewbqRCoLZ6fQimoAaB1n5CQdZ5CBLHPTYadV3W37o0UYzarNw2fWp7zMeuO1W3XVpO1xGFpayRkiTEUI5Qqh3kehdbIsRdHYbZsvCMAcmLYjz9i76zCLnBLkhyClBLgjylCDv20MmTd3YG0yaLPBmtT6rDTtWaXefHqq0y2MCqkfQzB6I5AOzhzD933gYGTZWZaJBasc0YHY_OSOPla45H578jm1-Wg2iiHnc85vtpSBoNSOX13lUb7KAB8uNdr0OIyyEWZgaMhQFufjML0hEQZ778zoCegwjjxEKBzTzQHMLumUxjG-GIuZdVZNKgimLJK0g3XH25Rl5drq1Tus38PCEzAKhtki0xfviJ4KuvDa-rHJycFnlhny_nqSiJ4a03OiVlKb8oZtv8p1cabZ6yYy-fi0sibK9dZWbtENjJuKuId9cEIxxvaJ0yMmPq2aTBxuZ2bqQ6ThLOhsXV1Z7iebGCBVPQMWd9b8RioL8_5_r07f60sc_QOgJdGbRyx5QmuzCJHNsFIGWcxwkC8gzO9b1YP5TCgLJ55gGFuYBHMz7sablbSrsvrmGrq6ApnuIexZ9bdGXFlSOYLKHx2miT87__EUZXyKQlXEgdeUgkFp-VpDOk09PXS7Iu1-dL0hH3IYRp9Woweuh67aWm16jFXGv4bMwWmr5bdakbqPBkZpi66PnX_03AAD__94AScSYBAAA
IP / ASN
192.243.59.13
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject mallowessencedialect.com
Fingerprint 83:27:60:20:5C:EA:21:00:2A:D7:CB:70:D1:90:92:EF:DC:FC:26:41
Validity Wed, 09 Jul 2025 21:29:46 GMT - Tue, 07 Oct 2025 21:29:45 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRuuzjefBz2I4g_0NHgQFZl0z3QmM-5hdXeNBMck7q4E9FTdVT0pU9PVVnVPT0bQYED2OAcX1FPlmWSj6yJ6FmGZeJGgsH3LYaMg-A8IiwcP0rMDs77Q7_s-_VTB8z5vfbqfnZEGMnq68ZYaCinp4lLNrb6wKWKmclNdu1r13Jp7rrop4qZ_rjook-6_4jX8mvti9Q0ebqvFuuu5rud61RWheaQGi1MWIrnV9mptt-bXa96Sj4H-LzaZA0MdsP4ZeRyCFY_-Eb0HEU4Q9767xM12qpKXX-9lkqZKo8-O3om3Y5XH6M3bSDuI4qPZaShTEPL5AlR8NJsAqn9QToBAFGThqbsI4qOZTAT9w_tKAwkeI2CPIO9PwOUEgk4Qqj0IdocAIcPaOuLejTWlc7pzn6UlW5DKvb8g8oJU7j6BuPftBSkG1StKZqlQscEgshCDCUR3giQ7RjpcgMiPEaafQLBfyeK9DuLewbqRCoLZ6fQimoAaB1n5CQdZ5CBLHPTYadV3W37o0UYzarNw2fWp7zMeuO1W3XVpO1xGFpayRkiTEUI5Qqh3kehdbIsRdHYbZsvCMAcmLYjz9i76zCLnBLkhyClBLgjylCDv20MmTd3YG0yaLPBmtT6rDTtWaXefHqq0y2MCqkfQzB6I5AOzhzD933gYGTZWZaJBasc0YHY_OSOPla45H578jm1-Wg2iiHnc85vtpSBoNSOX13lUb7KAB8uNdr0OIyyEWZgaMhQFufjML0hEQZ778zoCegwjjxEKBzTzQHMLumUxjG-GIuZdVZNKgimLJK0g3XH25Rl5drq1Tus38PCEzAKhtki0xfviJ4KuvDa-rHJycFnlhny_nqSiJ4a03OiVlKb8oZtv8p1cabZ6yYy-fi0sibK9dZWbtENjJuKuId9cEIxxvaJ0yMmPq2aTBxuZ2bqQ6ThLOhsXV1Z7iebGCBVPQMWd9b8RioL8_5_r07f60sc_QOgJdGbRyx5QmuzCJHNsFIGWcxwkC8gzO9b1YP5TCgLJ55gGFuYBHMz7sablbSrsvrmGrq6ApnuIexZ9bdGXFlSOYLKHx2miT87__EUZXyKQlXEgdeUgkFp-VpDOk09PXS7Iu1-dL0hH3IYRp9Woweuh67aWm16jFXGv4bMwWmr5bdakbqPBkZpi66PnX_03AAD__94AScSYBAAA HTTP/1.1
Host: mallowessencedialect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl24890336=1; nlecbffd1e14695bb86f0e2ef26dbeb73922=[5941311]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
Access-Control-Allow-Origin: *
Vary: Origin
Access-Control-Allow-Credentials: true
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: mallowessencedialect.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 423b435a1cb937dc7e3ca05931985981
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET weirdopt.com/ad/advertisers.js
200 OK 0 B URL
weirdopt.com/ad/advertisers.js
IP / ASN
185.196.197.71
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject weirdopt.com
Fingerprint 1A:27:71:C0:8E:44:D4:6B:F5:AA:49:F0:F1:AF:E5:5F:30:23:A4:D4
Validity Tue, 01 Jul 2025 15:18:37 GMT - Mon, 29 Sep 2025 15:18:36 GMT
GET /ad/advertisers.js HTTP/1.1
Host: weirdopt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 21 Jul 2025 11:36:33 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 7f788de0aee0a6fb597e96870b8f045d
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
200 OK 40 kB URL
fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP / ASN
142.250.178.99
#15169 GOOGLE
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
First Seen 2025-01-08
Last Seen 2025-08-02
Times Seen 97624
Size 40 kB (40128 bytes)
MD5 9a01b69183a9604ab3a439e388b30501
SHA1 8ed1d59003d0dbe6360481017b44665153665fbe
SHA256 20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
Certificate Info
Issuer Google Trust Services
Subject *.gstatic.com
Fingerprint 9A:5E:6D:44:D8:FB:03:E5:9A:13:6D:FF:53:DA:1C:8C:EA:3A:A7:AA
Validity Mon, 23 Jun 2025 08:41:27 GMT - Mon, 15 Sep 2025 08:41:26 GMT
GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Jul 2025 08:13:08 GMT
expires: Sat, 18 Jul 2026 08:13:08 GMT
cache-control: public, max-age=31536000
age: 271407
last-modified: Thu, 29 May 2025 23:30:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET fonts.googleapis.com/css2?family=Oswald:wght@700&family=Work+Sans:ital,wght@0,100..900;1,100..900&display=swap
200 OK 4.4 kB URL
fonts.googleapis.com/css2?family=Oswald:wght@700&family=Work+Sans:ital,wght@0,100..900;1,100..900&display=swap
IP / ASN
142.250.74.10
#15169 GOOGLE
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type ASCII text
First Seen 2025-06-10
Last Seen 2025-07-26
Times Seen 15
Size 4.4 kB (4436 bytes)
MD5 cdc29c2b54cb4cb650ef4ac38da67c6a
SHA1 2d13c5effcfa7e28f79b06db8b0924773a1d3bdb
SHA256 419293e85bbeaf22b8bcae9a22a1bb39bf88dde2f46655fdd751057c0f0d8c8c
Certificate Info
Issuer Google Trust Services
Subject upload.video.google.com
Fingerprint DC:40:BF:B1:59:C9:CC:B5:4A:38:2D:D0:16:8D:06:A5:1D:B4:08:8B
Validity Mon, 23 Jun 2025 08:41:28 GMT - Mon, 15 Sep 2025 08:41:27 GMT
GET /css2?family=Oswald:wght@700&family=Work+Sans:ital,wght@0,100..900;1,100..900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 21 Jul 2025 11:36:31 GMT
date: Mon, 21 Jul 2025 11:36:31 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET wiflix-a.pages.dev/index_files/intro.jpg
0 B URL
wiflix-a.pages.dev/index_files/intro.jpg
IP / ASN
0.0.0.0
#0
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /index_files/intro.jpg HTTP/1.1
Host: wiflix-a.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
GET professionaltrafficmonitor.com/stats
200 OK 40 B URL
professionaltrafficmonitor.com/stats
IP / ASN
35.157.202.115
#16509 AMAZON-02
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type ASCII text, with no line terminators
First Seen 2025-07-21
Last Seen 2025-07-21
Times Seen 1
Size 40 B (40 bytes)
MD5 86f40cbcb98ff11dcbb6f0b72204c0a2
SHA1 2e4c97acd067e23b7d2d8f0572f37338d7b26d89
SHA256 e02676d5ec22d2d4ff4d57af94b1fec1b0303960317e06661ee5be3dd25993ef
Certificate Info
Issuer Amazon
Subject protrafficinspector.com
Fingerprint 5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6
Validity Tue, 01 Jul 2025 00:00:00 GMT - Thu, 30 Jul 2026 23:59:59 GMT
GET /stats HTTP/1.1
Host: professionaltrafficmonitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:32 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://flix2day-cc1.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=9fbee161-498c-4083-8185-72037101ef09:3:1; expires=Thu, 19 Jul 2035 11:36:32 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
GET skinnycrawlinglax.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html&l=1332&fd=586
200 OK 0 B URL
skinnycrawlinglax.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html&l=1332&fd=586
IP / ASN
192.243.59.20
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject skinnycrawlinglax.com
Fingerprint 4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97
Validity Sat, 28 Jun 2025 22:21:33 GMT - Fri, 26 Sep 2025 22:21:32 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html&l=1332&fd=586 HTTP/1.1
Host: skinnycrawlinglax.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: uid_id2=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl24804225=1; slec18f2b048ab65b52e6e50de68b648de38=[6047961]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:34 GMT
Content-Length: 0
Connection: keep-alive
Host: skinnycrawlinglax.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET cdn.creative-sb1.com/sb/interstitial/utility/robot/3/css/style.css
200 OK 5.4 kB URL
cdn.creative-sb1.com/sb/interstitial/utility/robot/3/css/style.css
IP / ASN
104.21.64.1
#13335 CLOUDFLARENET
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type ASCII text
First Seen 2025-07-05
Last Seen 2025-07-26
Times Seen 120
Size 5.4 kB (5407 bytes)
MD5 df57eed868349d658c08b8d20b623f8e
SHA1 956cc8f1814f094d9d5e4730b68a22410c664dde
SHA256 a1095d988ac42d4cc085fb1670b0c8a88edbcbc98bf6e071dc2d8faea55d7cc8
Certificate Info
Issuer Google Trust Services
Subject creative-sb1.com
Fingerprint CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B
Validity Tue, 01 Jul 2025 14:01:22 GMT - Mon, 29 Sep 2025 14:59:36 GMT
GET /sb/interstitial/utility/robot/3/css/style.css HTTP/1.1
Host: cdn.creative-sb1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:34 GMT
content-type: text/css
server: cloudflare
last-modified: Thu, 12 Dec 2024 14:36:20 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
etag: W/"675af4e4-151f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=QDQiBrWKuFPknDQ6DgRENj0OX%2FfZz1kwSL78QOhVUdak4fS913B%2Bg4QRu%2FBsIO6Go2ecQrsTqOtQftvImWYIgAfnNEJCnsT3QAxxjtW2wDru3Q%3D%3D"}]}
cf-ray: 962a66beef1c0b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET professionaltrafficmonitor.com/stats
200 OK 40 B URL
professionaltrafficmonitor.com/stats
IP / ASN
35.157.202.115
#16509 AMAZON-02
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type ASCII text, with no line terminators
First Seen 2025-07-21
Last Seen 2025-07-21
Times Seen 1
Size 40 B (40 bytes)
MD5 ed54b59e92ca372cab4e9fc832806e65
SHA1 1c0b3ecc41cd312049db430712629744349404d0
SHA256 9a7525854cc27d5aa8702e71e1c6f05fdaab9d5017bc49ee34ba85dcbb4a5512
Certificate Info
Issuer Amazon
Subject protrafficinspector.com
Fingerprint 5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6
Validity Tue, 01 Jul 2025 00:00:00 GMT - Thu, 30 Jul 2026 23:59:59 GMT
GET /stats HTTP/1.1
Host: professionaltrafficmonitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:32 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://flix2day-cc1.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e:1:1; expires=Thu, 19 Jul 2035 11:36:32 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
GET mallowessencedialect.com/ren.gif?sid=H4sIAAAAAAAC_1RST4scxRuu3t_8POhBFP-gpyEHUZHZ7p6eyYw5RJMYCY7ZmEQW9FTVVT1bbk1XW9U9PTuCLC5IjoOoqKfeZ3azGoPoBxDCrBdZFNK3PWQVBL-AEHKU3h2Y-EK_7_v0UwXP-7z16XZ2RJrI6OGVt_VYKkWXWw23_uKqjLnObf3y9brnNtwz9VUZt4Mz9VGVzPBVrxk03Jfqb4pwXS_7rue6nuvVL0ojIj1aPmYhk9tdr9F1G4Hf8FoBRua_2GYOLHXAh0fkSUhePv5X9D5kOEM8-PGCsOupTl55Y5ApmmqDId97N16PdR5jsGgj4yCK9-anoW1JyFdL0PHefALo4U41AZgsydIz98DivblMsOHuiVKmIGIw_hjy4QxCzSDpDKHeguR3CRByXF5BPLh5WZucbpywtGJLUrv_D2Rektq9pxAPfjin5Kh-TasslTq2GEUF5GgG2Z8hyfaRjpcg832E6SeQ_HeyfL-HeLCzYpWG5MXx9DKagVoHWfVJB1nkIEscDPhhPXA7QejRZjvq8vC0G9Ag4IK53Y7vurQbnkYWVrImSJMJQjVBaDaRmE2sywlMdgd2rYDlDmxaEuedTQx5gVwQ5JYgpwS5JMhTgnxY7HJlfVvc5MpmzJtXf16bxVSn_W26q9O-iAmomcDwYkcmH9othOn_puPI8qmuEmVpMaWMF9vJEXmics356OBPrIvDOosi7gkvaHdbjHXakSt8EfltzgQ73ez6PqwsIO3SsSFjWZLzz_2GRJbk1N9fgNF9WLWPUDqgmQeaF6BrBcbxrVDGoq8bSitwXSBJa0g3nG11RJ4_3lpP3oEID8g8EJoCiSnwgfyFoK9uTK_qnOxc1bklP60kqRzIMa02ei2lqXjk1ltiI9eGX7pgJ9-9HlZE1d6-LmzaozGXcd-S789JzoW5qE0oyM-X7KpgVzK7di4zcZb0rpy_eGmQGGGt1PEMVN5deYBQluT_D04dv9WXv_wM0sxgsgKD7CGlySZsssBWExi1wCypIc-KqfHZ4qeSBEosMGUF7EOYLfqpodVtKottewN9UwNNtxAPCgxNgaEqQNUENnt0mibm4OyvX1fxDZiqTZkytR2mjPq8JL2nny1Jr_NHSd779uyJ31Ye1ls-a7Y7nbaI2jxq8qbf5N2WK7oB7baDbtBCasu1j1947d8AAAD__47dXuCYBAAA
200 OK 0 B URL
mallowessencedialect.com/ren.gif?sid=H4sIAAAAAAAC_1RST4scxRuu3t_8POhBFP-gpyEHUZHZ7p6eyYw5RJMYCY7ZmEQW9FTVVT1bbk1XW9U9PTuCLC5IjoOoqKfeZ3azGoPoBxDCrBdZFNK3PWQVBL-AEHKU3h2Y-EK_7_v0UwXP-7z16XZ2RJrI6OGVt_VYKkWXWw23_uKqjLnObf3y9brnNtwz9VUZt4Mz9VGVzPBVrxk03Jfqb4pwXS_7rue6nuvVL0ojIj1aPmYhk9tdr9F1G4Hf8FoBRua_2GYOLHXAh0fkSUhePv5X9D5kOEM8-PGCsOupTl55Y5ApmmqDId97N16PdR5jsGgj4yCK9-anoW1JyFdL0PHefALo4U41AZgsydIz98DivblMsOHuiVKmIGIw_hjy4QxCzSDpDKHeguR3CRByXF5BPLh5WZucbpywtGJLUrv_D2Rektq9pxAPfjin5Kh-TasslTq2GEUF5GgG2Z8hyfaRjpcg832E6SeQ_HeyfL-HeLCzYpWG5MXx9DKagVoHWfVJB1nkIEscDPhhPXA7QejRZjvq8vC0G9Ag4IK53Y7vurQbnkYWVrImSJMJQjVBaDaRmE2sywlMdgd2rYDlDmxaEuedTQx5gVwQ5JYgpwS5JMhTgnxY7HJlfVvc5MpmzJtXf16bxVSn_W26q9O-iAmomcDwYkcmH9othOn_puPI8qmuEmVpMaWMF9vJEXmics356OBPrIvDOosi7gkvaHdbjHXakSt8EfltzgQ73ez6PqwsIO3SsSFjWZLzz_2GRJbk1N9fgNF9WLWPUDqgmQeaF6BrBcbxrVDGoq8bSitwXSBJa0g3nG11RJ4_3lpP3oEID8g8EJoCiSnwgfyFoK9uTK_qnOxc1bklP60kqRzIMa02ei2lqXjk1ltiI9eGX7pgJ9-9HlZE1d6-LmzaozGXcd-S789JzoW5qE0oyM-X7KpgVzK7di4zcZb0rpy_eGmQGGGt1PEMVN5deYBQluT_D04dv9WXv_wM0sxgsgKD7CGlySZsssBWExi1wCypIc-KqfHZ4qeSBEosMGUF7EOYLfqpodVtKottewN9UwNNtxAPCgxNgaEqQNUENnt0mibm4OyvX1fxDZiqTZkytR2mjPq8JL2nny1Jr_NHSd779uyJ31Ye1ls-a7Y7nbaI2jxq8qbf5N2WK7oB7baDbtBCasu1j1947d8AAAD__47dXuCYBAAA
IP / ASN
172.240.108.84
#7979 SERVERS-COM
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject mallowessencedialect.com
Fingerprint 83:27:60:20:5C:EA:21:00:2A:D7:CB:70:D1:90:92:EF:DC:FC:26:41
Validity Wed, 09 Jul 2025 21:29:46 GMT - Tue, 07 Oct 2025 21:29:45 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC_1RST4scxRuu3t_8POhBFP-gpyEHUZHZ7p6eyYw5RJMYCY7ZmEQW9FTVVT1bbk1XW9U9PTuCLC5IjoOoqKfeZ3azGoPoBxDCrBdZFNK3PWQVBL-AEHKU3h2Y-EK_7_v0UwXP-7z16XZ2RJrI6OGVt_VYKkWXWw23_uKqjLnObf3y9brnNtwz9VUZt4Mz9VGVzPBVrxk03Jfqb4pwXS_7rue6nuvVL0ojIj1aPmYhk9tdr9F1G4Hf8FoBRua_2GYOLHXAh0fkSUhePv5X9D5kOEM8-PGCsOupTl55Y5ApmmqDId97N16PdR5jsGgj4yCK9-anoW1JyFdL0PHefALo4U41AZgsydIz98DivblMsOHuiVKmIGIw_hjy4QxCzSDpDKHeguR3CRByXF5BPLh5WZucbpywtGJLUrv_D2Rektq9pxAPfjin5Kh-TasslTq2GEUF5GgG2Z8hyfaRjpcg832E6SeQ_HeyfL-HeLCzYpWG5MXx9DKagVoHWfVJB1nkIEscDPhhPXA7QejRZjvq8vC0G9Ag4IK53Y7vurQbnkYWVrImSJMJQjVBaDaRmE2sywlMdgd2rYDlDmxaEuedTQx5gVwQ5JYgpwS5JMhTgnxY7HJlfVvc5MpmzJtXf16bxVSn_W26q9O-iAmomcDwYkcmH9othOn_puPI8qmuEmVpMaWMF9vJEXmics356OBPrIvDOosi7gkvaHdbjHXakSt8EfltzgQ73ez6PqwsIO3SsSFjWZLzz_2GRJbk1N9fgNF9WLWPUDqgmQeaF6BrBcbxrVDGoq8bSitwXSBJa0g3nG11RJ4_3lpP3oEID8g8EJoCiSnwgfyFoK9uTK_qnOxc1bklP60kqRzIMa02ei2lqXjk1ltiI9eGX7pgJ9-9HlZE1d6-LmzaozGXcd-S789JzoW5qE0oyM-X7KpgVzK7di4zcZb0rpy_eGmQGGGt1PEMVN5deYBQluT_D04dv9WXv_wM0sxgsgKD7CGlySZsssBWExi1wCypIc-KqfHZ4qeSBEosMGUF7EOYLfqpodVtKottewN9UwNNtxAPCgxNgaEqQNUENnt0mibm4OyvX1fxDZiqTZkytR2mjPq8JL2nny1Jr_NHSd779uyJ31Ye1ls-a7Y7nbaI2jxq8qbf5N2WK7oB7baDbtBCasu1j1947d8AAAD__47dXuCYBAAA HTTP/1.1
Host: mallowessencedialect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl24890336=1; nlecbffd1e14695bb86f0e2ef26dbeb73922=[5941311]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 21 Jul 2025 11:36:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
access-control-allow-origin: *
vary: Origin
access-control-allow-credentials: true
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 0
Host: mallowessencedialect.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 5e367d5f752c4144f059951cde1806ef
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET wearychallengeraise.com/pixel/purst?dl=0&th=0&sc=0&rs=2293&rd=2293&fd=612&bv=25.7.3790&tmpl=136
200 OK 0 B URL
wearychallengeraise.com/pixel/purst?dl=0&th=0&sc=0&rs=2293&rd=2293&fd=612&bv=25.7.3790&tmpl=136
IP / ASN
192.243.61.227
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject wearychallengeraise.com
Fingerprint C2:9A:4F:D1:20:4F:D6:7B:AD:D9:F3:AE:DB:94:98:E2:A5:BE:EF:8B
Validity Thu, 19 Jun 2025 03:13:57 GMT - Wed, 17 Sep 2025 03:13:56 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2293&rd=2293&fd=612&bv=25.7.3790&tmpl=136 HTTP/1.1
Host: wearychallengeraise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 21 Jul 2025 11:36:33 GMT
Content-Length: 0
Connection: keep-alive
Host: wearychallengeraise.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
200 OK 40 kB URL
fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP / ASN
142.250.178.99
#15169 GOOGLE
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
First Seen 2025-01-08
Last Seen 2025-08-02
Times Seen 97624
Size 40 kB (40128 bytes)
MD5 9a01b69183a9604ab3a439e388b30501
SHA1 8ed1d59003d0dbe6360481017b44665153665fbe
SHA256 20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
Certificate Info
Issuer Google Trust Services
Subject *.gstatic.com
Fingerprint 9A:5E:6D:44:D8:FB:03:E5:9A:13:6D:FF:53:DA:1C:8C:EA:3A:A7:AA
Validity Mon, 23 Jun 2025 08:41:27 GMT - Mon, 15 Sep 2025 08:41:26 GMT
GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Jul 2025 08:13:08 GMT
expires: Sat, 18 Jul 2026 08:13:08 GMT
cache-control: public, max-age=31536000
age: 271407
last-modified: Thu, 29 May 2025 23:30:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET pl24990835.profitablecpmrate.com/bffd1e14695bb86f0e2ef26dbeb73922/invoke.js
200 OK 26 kB URL
pl24990835.profitablecpmrate.com/bffd1e14695bb86f0e2ef26dbeb73922/invoke.js
IP / ASN
172.240.108.84
#7979 SERVERS-COM
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (25633), with no line terminators
First Seen 2025-07-13
Last Seen 2025-07-21
Times Seen 2
Size 26 kB (25635 bytes)
MD5 2b9f6c22a445c2593525279960f030c0
SHA1 dad485caa2b90fbd520584f7b1bb97eb60a1278a
SHA256 7e63e1eaa86a6b526cfa8c9df99b657b371aa85caac9c29596cd96fb7a7ba3bc
Certificate Info
Issuer Let's Encrypt
Subject profitablecpmrate.com
Fingerprint AD:94:8C:B4:3A:E9:7C:3E:11:F7:87:52:39:DE:6E:6F:45:82:4F:6F
Validity Thu, 12 Jun 2025 22:24:53 GMT - Wed, 10 Sep 2025 22:24:52 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bffd1e14695bb86f0e2ef26dbeb73922/invoke.js HTTP/1.1
Host: pl24990835.profitablecpmrate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 21 Jul 2025 11:36:32 GMT
Content-Type: application/javascript
Content-Length: 9569
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 6
Host: pl24990835.profitablecpmrate.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: aa1122c965e5ede66f371a9b8c0b19db
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET flixhive.site/wp-content/uploads/2024/10/flixhive-image_11zon-2.png
404 Not Found 0 B URL
flixhive.site/wp-content/uploads/2024/10/flixhive-image_11zon-2.png
IP / ASN
104.21.96.1
#13335 CLOUDFLARENET
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Google Trust Services
Subject flixhive.site
Fingerprint BA:85:5E:C1:C4:75:45:73:AF:37:7F:16:9B:0A:E2:3C:85:B3:E5:27
Validity Fri, 04 Jul 2025 17:58:24 GMT - Thu, 02 Oct 2025 18:56:42 GMT
GET /wp-content/uploads/2024/10/flixhive-image_11zon-2.png HTTP/1.1
Host: flixhive.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Mon, 21 Jul 2025 11:36:32 GMT
content-type: text/html
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zIZDOmIPqtW0VuGb5LZZ3i9eqEChLwDuoxV8WoWB1OWNglAj0FAypwCuGKg%2FlruomtZlq%2BoI%2FRb%2FWRxzmc4gKZEUCbQ6QAPur5UE"}]}
display: staticcontent_sol
expires: Sun, 20 Jul 2025 11:36:32 GMT
pragma: no-cache
response: 404
server: cloudflare
vary: Accept-Encoding,User-Agent,Origin
x-ezoic-cdn: Miss
x-middleton-display: staticcontent_sol
x-middleton-response: 404
x-origin-cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 962a66afac2c56b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET mallowessencedialect.com/impr.gif?sid=H4sIAAAAAAAC_1RST2skxRuuzm9-HvQgin_Q07AHUZFJ90xnMuMeVrNrJDgmcXcloKfqrupJmZqutqp7ejKCBAOyx0FU1FPlmWSj6yL6AYRl4kWCwvYth42C4BcQlj1KJwOzvtDv-z79VMHzPm99upedkgYyerL-thoKKen8Qs2tvrghYqZyU129XvXcmnuxuiHipn-xOiiT7r_qNfya-1L1TR5uqfm667mu53rVZaF5pAbzZyxEcrvt1dpuza_XvAUfA_1fbDIHhjpg_VPyJAQrHv8reh8inCDu_XiFm61UJa-80cskTZVGnx2-G2_FKo_Rm7WRdhDFh9PTUKYg5Ks5qPhwOgFUf7-cAIEoyNwz9xDEh1OZCPoH50oDCR4jYI8h70_A5QSCThCqXQh2lwAhw-oa4t7NVaVzun3O0pItSOX-PxB5QSr3nkLc-2FJikH1mpJZKlRsMIgsxGAC0Z0gyY6QDucg8iOE6ScQ7Hcyf7-DuLe_ZqSCYPZsehFNQI2DrPyEgyxykCUOeuyk6rstP_Rooxm1Wbjo-tT3GQ_cdqvuurQdLiILS1kjpMkIoRwh1DtI9A62xAg6uwOzaWGYA5MWxHlnB31mkXOC3BDklCAXBHlKkPftAZOmbuxNJk0WeNNan9aGHau0u0cPVNrlMQHVI2hm90XyodlFmP5vPIwMG6sy0SC1Yxowu5eckidK15yPjv_EFj-pBlHEPO75zfZCELSakcvrPKo3WcCDxUa7XocRFsLMnRkyFAW5_NxvSERBLvz9BQJ6BCOPEAoHNPNAcwu6aTGMb4Ui5l1Vk0qCKYskrSDddvbkKXn-bGsdcQc8PCbTQKgtEm3xgfiFoCtvjK-qnOxfVbkhP60lqeiJIS03ei2lKX_k1lt8O1earVwxo-9eD0uibG9f5ybt0JiJuGvI90uCMa6XlQ45-XnFbPBgPTObS5mOs6Szfnl5pZdoboxQ8QRU3F17gFAU5P8PLpy91Ze__AxCT6Azi172kNJkByaZYaMItJzhIKkgz-xY14PZTykIJJ9hGliYh3Aw68ealrepsHvmBrq6ApruIu5Z9LVFX1pQOYLJHh2niT6-9OvXZXyDQFbGgdSV_UBq-XlBOk8_W5BO64-CvPftpXO_jTipRg1eD123tdj0Gq2Iew2fhdFCy2-zJnUbDY7UFJsfv_DavwEAAP__crXOPpgEAAA=
200 OK 0 B URL
mallowessencedialect.com/impr.gif?sid=H4sIAAAAAAAC_1RST2skxRuuzm9-HvQgin_Q07AHUZFJ90xnMuMeVrNrJDgmcXcloKfqrupJmZqutqp7ejKCBAOyx0FU1FPlmWSj6yL6AYRl4kWCwvYth42C4BcQlj1KJwOzvtDv-z79VMHzPm99upedkgYyerL-thoKKen8Qs2tvrghYqZyU129XvXcmnuxuiHipn-xOiiT7r_qNfya-1L1TR5uqfm667mu53rVZaF5pAbzZyxEcrvt1dpuza_XvAUfA_1fbDIHhjpg_VPyJAQrHv8reh8inCDu_XiFm61UJa-80cskTZVGnx2-G2_FKo_Rm7WRdhDFh9PTUKYg5Ks5qPhwOgFUf7-cAIEoyNwz9xDEh1OZCPoH50oDCR4jYI8h70_A5QSCThCqXQh2lwAhw-oa4t7NVaVzun3O0pItSOX-PxB5QSr3nkLc-2FJikH1mpJZKlRsMIgsxGAC0Z0gyY6QDucg8iOE6ScQ7Hcyf7-DuLe_ZqSCYPZsehFNQI2DrPyEgyxykCUOeuyk6rstP_Rooxm1Wbjo-tT3GQ_cdqvuurQdLiILS1kjpMkIoRwh1DtI9A62xAg6uwOzaWGYA5MWxHlnB31mkXOC3BDklCAXBHlKkPftAZOmbuxNJk0WeNNan9aGHau0u0cPVNrlMQHVI2hm90XyodlFmP5vPIwMG6sy0SC1Yxowu5eckidK15yPjv_EFj-pBlHEPO75zfZCELSakcvrPKo3WcCDxUa7XocRFsLMnRkyFAW5_NxvSERBLvz9BQJ6BCOPEAoHNPNAcwu6aTGMb4Ui5l1Vk0qCKYskrSDddvbkKXn-bGsdcQc8PCbTQKgtEm3xgfiFoCtvjK-qnOxfVbkhP60lqeiJIS03ei2lKX_k1lt8O1earVwxo-9eD0uibG9f5ybt0JiJuGvI90uCMa6XlQ45-XnFbPBgPTObS5mOs6Szfnl5pZdoboxQ8QRU3F17gFAU5P8PLpy91Ze__AxCT6Azi172kNJkByaZYaMItJzhIKkgz-xY14PZTykIJJ9hGliYh3Aw68ealrepsHvmBrq6ApruIu5Z9LVFX1pQOYLJHh2niT6-9OvXZXyDQFbGgdSV_UBq-XlBOk8_W5BO64-CvPftpXO_jTipRg1eD123tdj0Gq2Iew2fhdFCy2-zJnUbDY7UFJsfv_DavwEAAP__crXOPpgEAAA=
IP / ASN
172.240.108.84
#7979 SERVERS-COM
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject mallowessencedialect.com
Fingerprint 83:27:60:20:5C:EA:21:00:2A:D7:CB:70:D1:90:92:EF:DC:FC:26:41
Validity Wed, 09 Jul 2025 21:29:46 GMT - Tue, 07 Oct 2025 21:29:45 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC_1RST2skxRuuzm9-HvQgin_Q07AHUZFJ90xnMuMeVrNrJDgmcXcloKfqrupJmZqutqp7ejKCBAOyx0FU1FPlmWSj6yL6AYRl4kWCwvYth42C4BcQlj1KJwOzvtDv-z79VMHzPm99upedkgYyerL-thoKKen8Qs2tvrghYqZyU129XvXcmnuxuiHipn-xOiiT7r_qNfya-1L1TR5uqfm667mu53rVZaF5pAbzZyxEcrvt1dpuza_XvAUfA_1fbDIHhjpg_VPyJAQrHv8reh8inCDu_XiFm61UJa-80cskTZVGnx2-G2_FKo_Rm7WRdhDFh9PTUKYg5Ks5qPhwOgFUf7-cAIEoyNwz9xDEh1OZCPoH50oDCR4jYI8h70_A5QSCThCqXQh2lwAhw-oa4t7NVaVzun3O0pItSOX-PxB5QSr3nkLc-2FJikH1mpJZKlRsMIgsxGAC0Z0gyY6QDucg8iOE6ScQ7Hcyf7-DuLe_ZqSCYPZsehFNQI2DrPyEgyxykCUOeuyk6rstP_Rooxm1Wbjo-tT3GQ_cdqvuurQdLiILS1kjpMkIoRwh1DtI9A62xAg6uwOzaWGYA5MWxHlnB31mkXOC3BDklCAXBHlKkPftAZOmbuxNJk0WeNNan9aGHau0u0cPVNrlMQHVI2hm90XyodlFmP5vPIwMG6sy0SC1Yxowu5eckidK15yPjv_EFj-pBlHEPO75zfZCELSakcvrPKo3WcCDxUa7XocRFsLMnRkyFAW5_NxvSERBLvz9BQJ6BCOPEAoHNPNAcwu6aTGMb4Ui5l1Vk0qCKYskrSDddvbkKXn-bGsdcQc8PCbTQKgtEm3xgfiFoCtvjK-qnOxfVbkhP60lqeiJIS03ei2lKX_k1lt8O1earVwxo-9eD0uibG9f5ybt0JiJuGvI90uCMa6XlQ45-XnFbPBgPTObS5mOs6Szfnl5pZdoboxQ8QRU3F17gFAU5P8PLpy91Ze__AxCT6Azi172kNJkByaZYaMItJzhIKkgz-xY14PZTykIJJ9hGliYh3Aw68ealrepsHvmBrq6ApruIu5Z9LVFX1pQOYLJHh2niT6-9OvXZXyDQFbGgdSV_UBq-XlBOk8_W5BO64-CvPftpXO_jTipRg1eD123tdj0Gq2Iew2fhdFCy2-zJnUbDY7UFJsfv_DavwEAAP__crXOPpgEAAA= HTTP/1.1
Host: mallowessencedialect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl24890336=1; nlecbffd1e14695bb86f0e2ef26dbeb73922=[5941311]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 21 Jul 2025 11:36:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
access-control-allow-origin: *
vary: Origin
access-control-allow-credentials: true
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 1
Host: mallowessencedialect.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 1df3baa3034e498c53b6c0ec1c00ec17
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET flushpersist.com/pxf.gif?uuid=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=18f2b048ab65b52e6e50de68b648de38&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11
200 OK 0 B URL
flushpersist.com/pxf.gif?uuid=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=18f2b048ab65b52e6e50de68b648de38&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11
IP / ASN
192.243.61.225
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject flushpersist.com
Fingerprint 9E:08:20:A0:75:ED:21:51:E0:3D:DE:29:CD:B0:11:01:4D:04:77:0A
Validity Tue, 01 Jul 2025 15:12:33 GMT - Mon, 29 Sep 2025 15:12:32 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=18f2b048ab65b52e6e50de68b648de38&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: flushpersist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 21 Jul 2025 11:36:34 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: flushpersist.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: fb70dc78e1ade0b0a9a98d43938f6792
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET skinnycrawlinglax.com/pixel/sbs?c=1
200 OK 0 B URL
skinnycrawlinglax.com/pixel/sbs?c=1
IP / ASN
192.243.59.13
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject skinnycrawlinglax.com
Fingerprint 4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97
Validity Sat, 28 Jun 2025 22:21:33 GMT - Fri, 26 Sep 2025 22:21:32 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: skinnycrawlinglax.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: uid_id2=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl24804225=1; slec18f2b048ab65b52e6e50de68b648de38=[6047961]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:35 GMT
Content-Length: 0
Connection: keep-alive
Host: skinnycrawlinglax.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET preferencenail.com/sfp.js
200 OK 85 kB URL
preferencenail.com/sfp.js
IP / ASN
185.196.197.71
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
First Seen 2025-07-08
Last Seen 2025-08-02
Times Seen 2006
Size 85 kB (85386 bytes)
MD5 46a6fef91632b94d14252fe324c1585f
SHA1 387cebbd261b8fe947fe9805875300f2ceeb5cfd
SHA256 36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5
Certificate Info
Issuer Let's Encrypt
Subject preferencenail.com
Fingerprint F9:52:70:4B:81:A8:F8:39:E6:E7:96:8F:EA:FE:17:FD:96:C5:32:E3
Validity Tue, 01 Jul 2025 15:11:38 GMT - Mon, 29 Sep 2025 15:11:37 GMT
GET /sfp.js HTTP/1.1
Host: preferencenail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 21 Jul 2025 11:36:32 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28254
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: preferencenail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: ca647695c89a758152ec7e0c136973b4
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET cdn.storageimagedisplay.com/cti/f7/1c/42/f71c4292c3fe348c44a28397239bbce1/1708077539.png
200 OK 136 kB URL
cdn.storageimagedisplay.com/cti/f7/1c/42/f71c4292c3fe348c44a28397239bbce1/1708077539.png
IP / ASN
45.133.44.1
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type PNG image data, 320 x 240, 8-bit/color RGB, non-interlaced
First Seen 2024-02-17
Last Seen 2025-07-27
Times Seen 33
Size 136 kB (136118 bytes)
MD5 5b27ad02703ced9be8dbbc40f83e363e
SHA1 175dea866a78217f29b1c09f81bdf9ec65f63119
SHA256 a7d14303f785298a956bb3c90e2e9a6b47f6c89ac188f9682fc72918ff51e1be
Certificate Info
Issuer Let's Encrypt
Subject cdn.storageimagedisplay.com
Fingerprint 06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9
Validity Thu, 10 Jul 2025 02:33:11 GMT - Wed, 08 Oct 2025 02:33:10 GMT
GET /cti/f7/1c/42/f71c4292c3fe348c44a28397239bbce1/1708077539.png HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:33 GMT
content-type: image/png
content-length: 136118
server: nginx/1.21.6
last-modified: Fri, 16 Feb 2024 09:59:07 GMT
etag: "65cf31eb-213b6"
expires: Wed, 23 Jul 2025 11:36:33 GMT
cache-control: max-age=172800
x-cdn-host-id: ah0543
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET mallowessencedialect.com/impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRuuzjd8BwVF8Qd6GjyIiky6ZzqTGfewurtGgmMSd1cCeqruqp7UpqarreqenowgwYAsnuagoJ4qzyQbXRfRizdhmXiRoLB9kRw2CoL_gLB4lJ4dmPWFft_36acKnvd56-P97Iw0kNHTjbfUUEhJF5dqbvWFTREzlZvq2tWq59bcc9VNETf9c9VBmXT_Fa_h19wXq2_wcFst1l3PdT3Xq64IzSM1WJyyEMmttldruzW_XvOWfAz0f7HJHBjqgPXPyOMQrHj0z-g9iHCCuPfdJW62U5W8_HovkzRVGn129E68Has8Rm_eRtpBFB_NTkOZgpDPF6Dio9kEUP2DcgIEoiALT91FEB_NZCLoH95XGkjwGAF7GHl_Ai4nEHSCUO1BsDsECBnW1hH3bqwpndOd-ywt2YJU7v0NkRekcvcJxL1vL0gxqF5RMkuFig0GkYUYTCC6EyTZMdLhAkR-jDD9CIL9ShbvdRD3DtaNVBDMTqcX0QTUOMjKTzjIIgdZ4qDHTqu-2_JDjzaaUZuFy65PfZ_xwG236q5L2-EysrCUNUKajBDKEUK9i0TvYluMoLPbMFsWhjkwaUGct3fRZxY5J8gNQU4JckGQpwR53x4yaerG3mDSZIE3q_VZbdixSrv79FClXR4TUD2CZvZAJO-bPYTp_8bDyLCxKhMNUjumAbP7yRl5rHTN-eDkD2zz02oQRczjnt9sLwVBqxm5vM6jepMFPFhutOt1GGEhzMLUkKEoyMVnfkEiCvLcX58hoMcw8hihcEAzDzS3oFsWw_hmKGLeVTWpJJiySNIK0h1nX56RZ6db6zz5NHh4QmaBUFsk2uKa-ImgK6-PL6ucHFxWuSHfryep6IkhLTd6JaUp___NN_lOrjRbvWRGX78WlkTZ3rrKTdqhMRNx15BvLgjGuF5ROuTkx1WzyYONzGxdyHScJZ2NiyurvURzY4SKJ6Dizvo_CEVBHvnth-lbfenaJxB6Ap1Z9LIHlCa7MMkcG0Wg5RwHiYM8s2NdD-Y_pSCQfI5pYGEewMG8H2ta3qbC7pvr6OoKaLqHuGfR1xZ9aUHlCCZ7aJwm-uT8z1-U8SUCWRkHUlcOAqnlp1ODC9Jp_V6Qd786X5COuA0jTqtRg9dD120tN71GK-Jew2dhtNTy26xJ3UaDIzXF1ofPv_pvAAAA__9b2huemAQAAA==
200 OK 0 B URL
mallowessencedialect.com/impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRuuzjd8BwVF8Qd6GjyIiky6ZzqTGfewurtGgmMSd1cCeqruqp7UpqarreqenowgwYAsnuagoJ4qzyQbXRfRizdhmXiRoLB9kRw2CoL_gLB4lJ4dmPWFft_36acKnvd56-P97Iw0kNHTjbfUUEhJF5dqbvWFTREzlZvq2tWq59bcc9VNETf9c9VBmXT_Fa_h19wXq2_wcFst1l3PdT3Xq64IzSM1WJyyEMmttldruzW_XvOWfAz0f7HJHBjqgPXPyOMQrHj0z-g9iHCCuPfdJW62U5W8_HovkzRVGn129E68Has8Rm_eRtpBFB_NTkOZgpDPF6Dio9kEUP2DcgIEoiALT91FEB_NZCLoH95XGkjwGAF7GHl_Ai4nEHSCUO1BsDsECBnW1hH3bqwpndOd-ywt2YJU7v0NkRekcvcJxL1vL0gxqF5RMkuFig0GkYUYTCC6EyTZMdLhAkR-jDD9CIL9ShbvdRD3DtaNVBDMTqcX0QTUOMjKTzjIIgdZ4qDHTqu-2_JDjzaaUZuFy65PfZ_xwG236q5L2-EysrCUNUKajBDKEUK9i0TvYluMoLPbMFsWhjkwaUGct3fRZxY5J8gNQU4JckGQpwR53x4yaerG3mDSZIE3q_VZbdixSrv79FClXR4TUD2CZvZAJO-bPYTp_8bDyLCxKhMNUjumAbP7yRl5rHTN-eDkD2zz02oQRczjnt9sLwVBqxm5vM6jepMFPFhutOt1GGEhzMLUkKEoyMVnfkEiCvLcX58hoMcw8hihcEAzDzS3oFsWw_hmKGLeVTWpJJiySNIK0h1nX56RZ6db6zz5NHh4QmaBUFsk2uKa-ImgK6-PL6ucHFxWuSHfryep6IkhLTd6JaUp___NN_lOrjRbvWRGX78WlkTZ3rrKTdqhMRNx15BvLgjGuF5ROuTkx1WzyYONzGxdyHScJZ2NiyurvURzY4SKJ6Dizvo_CEVBHvnth-lbfenaJxB6Ap1Z9LIHlCa7MMkcG0Wg5RwHiYM8s2NdD-Y_pSCQfI5pYGEewMG8H2ta3qbC7pvr6OoKaLqHuGfR1xZ9aUHlCCZ7aJwm-uT8z1-U8SUCWRkHUlcOAqnlp1ODC9Jp_V6Qd786X5COuA0jTqtRg9dD120tN71GK-Jew2dhtNTy26xJ3UaDIzXF1ofPv_pvAAAA__9b2huemAQAAA==
IP / ASN
192.243.59.13
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject mallowessencedialect.com
Fingerprint 83:27:60:20:5C:EA:21:00:2A:D7:CB:70:D1:90:92:EF:DC:FC:26:41
Validity Wed, 09 Jul 2025 21:29:46 GMT - Tue, 07 Oct 2025 21:29:45 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRuuzjd8BwVF8Qd6GjyIiky6ZzqTGfewurtGgmMSd1cCeqruqp7UpqarreqenowgwYAsnuagoJ4qzyQbXRfRizdhmXiRoLB9kRw2CoL_gLB4lJ4dmPWFft_36acKnvd56-P97Iw0kNHTjbfUUEhJF5dqbvWFTREzlZvq2tWq59bcc9VNETf9c9VBmXT_Fa_h19wXq2_wcFst1l3PdT3Xq64IzSM1WJyyEMmttldruzW_XvOWfAz0f7HJHBjqgPXPyOMQrHj0z-g9iHCCuPfdJW62U5W8_HovkzRVGn129E68Has8Rm_eRtpBFB_NTkOZgpDPF6Dio9kEUP2DcgIEoiALT91FEB_NZCLoH95XGkjwGAF7GHl_Ai4nEHSCUO1BsDsECBnW1hH3bqwpndOd-ywt2YJU7v0NkRekcvcJxL1vL0gxqF5RMkuFig0GkYUYTCC6EyTZMdLhAkR-jDD9CIL9ShbvdRD3DtaNVBDMTqcX0QTUOMjKTzjIIgdZ4qDHTqu-2_JDjzaaUZuFy65PfZ_xwG236q5L2-EysrCUNUKajBDKEUK9i0TvYluMoLPbMFsWhjkwaUGct3fRZxY5J8gNQU4JckGQpwR53x4yaerG3mDSZIE3q_VZbdixSrv79FClXR4TUD2CZvZAJO-bPYTp_8bDyLCxKhMNUjumAbP7yRl5rHTN-eDkD2zz02oQRczjnt9sLwVBqxm5vM6jepMFPFhutOt1GGEhzMLUkKEoyMVnfkEiCvLcX58hoMcw8hihcEAzDzS3oFsWw_hmKGLeVTWpJJiySNIK0h1nX56RZ6db6zz5NHh4QmaBUFsk2uKa-ImgK6-PL6ucHFxWuSHfryep6IkhLTd6JaUp___NN_lOrjRbvWRGX78WlkTZ3rrKTdqhMRNx15BvLgjGuF5ROuTkx1WzyYONzGxdyHScJZ2NiyurvURzY4SKJ6Dizvo_CEVBHvnth-lbfenaJxB6Ap1Z9LIHlCa7MMkcG0Wg5RwHiYM8s2NdD-Y_pSCQfI5pYGEewMG8H2ta3qbC7pvr6OoKaLqHuGfR1xZ9aUHlCCZ7aJwm-uT8z1-U8SUCWRkHUlcOAqnlp1ODC9Jp_V6Qd786X5COuA0jTqtRg9dD120tN71GK-Jew2dhtNTy26xJ3UaDIzXF1ofPv_pvAAAA__9b2huemAQAAA== HTTP/1.1
Host: mallowessencedialect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl24890336=1; nlecbffd1e14695bb86f0e2ef26dbeb73922=[5941311]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
Access-Control-Allow-Origin: *
Vary: Origin
Access-Control-Allow-Credentials: true
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: mallowessencedialect.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 18e7ac0cdad4374818dbf0c80f370461
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET skinnycrawlinglax.com/impr.gif?sid=H4sIAAAAAAAC_1RSTWhc1Re_L83i_8eF-IELURhERMFM3tdM3rSL2FirxfSDtlJQF96vl9zmvXef9743LxmhVAvS5YgKruTlN2mjNojdK8rEXUBwXAVpNoIuLQpduJKZDAQP3HPOvb_D5Xd-53y4WR6QACXdv3BW91SS0PlW0208f0VlQle2ce5yw3Ob7onGFZW1wxON9bEz3eNeEDbdFxqvSr6m533Xc13P9RqnlZGxXp-foFD5Tsdrdtxm6De9Voh189-7LR1Y6kB0D8ijUGL08G_xW1B8iCz95pS0a4XOX3wlLRNaaIOu2H4jW8t0lSE9SmPjIM62p9XQdkTIZzPQ2fa0A-ju1rgDMDUiM0_cA8u2pzTBurcOmbIEMgMTD6HqDiGTIRQdgusbUOJnAnCBc-eRpbfPaVPRjUOUjtERmX3wN1Q1IrP3HkeWfr2UqPXGJZ2UhdKZxXpcQ60PoVaGyMtdFL0ZqGoXvPgASvxE5h8sI0u3zttEQ4n9ZwWLfT_kfI6HcWcujPzWXLQg2nN0gTGfLfAw8OVEIhUPQa2DcnyUgzJ2UOYOUrHfCN0o5B4N2nFH8AU3pGEoJHM7ke-6tMMXUPIx9z6KvA-e9MHNdeTmOtZUH6b8AXa1hhUObEHQFTUqSVBZgooSVIqgKgiqbn1LJNa39W2R2JJ50-hPY1APdLGySW_pYkVmBNT0YUS9pfJ37Q3w4tigF1sx0GNHWVEPKBP1Zn5AHhnL6vTeex9rcr_hRbHP3DCirN1iLV-2ZcsVsh2xdhgJGUSwqoayMxMxempElu6myNWIPPP7p2B0FzbZBVcOaPk0aFWDrtboZXdS3VVio2lVISF0jbyYRbHhbCYH5MnJXN9-bR-S7700-3Hx7dVr_4CbGrmpcVX9SLCS3Bxc1BXZuqgrS-6ezwuVqh4dz_xSQQs5-9XrcqPSRpw5ZftfnuRjYJzuXJa2WKaZUNmKJXeWlBDSnNaGS_LdGXtFsgulXV0qTVbmyxdePn0mzY20VulsCKpGhBz8Cq5G5LHlvyb7HLYuQZkhTFkjLffI1MDz67D53uKfJ8SbT-38D1YTmOQIZ7mDqqwHxmdHj4kakbOffIFE7i1-_s79438s_h-U1bDySAQm976_f1g_MHT8A1X1pr2JFeOAFjeQpTW6pkY3qUGTPmx5bFDkZm_xl2BiYIkzYIlxtlhiko8OZbZqvxEH0ueuGy20vSCKpReEgsetKOyINnWDQKKwo9Vrz538NwAA__8HpCnvsQQAAA==
200 OK 0 B URL
skinnycrawlinglax.com/impr.gif?sid=H4sIAAAAAAAC_1RSTWhc1Re_L83i_8eF-IELURhERMFM3tdM3rSL2FirxfSDtlJQF96vl9zmvXef9743LxmhVAvS5YgKruTlN2mjNojdK8rEXUBwXAVpNoIuLQpduJKZDAQP3HPOvb_D5Xd-53y4WR6QACXdv3BW91SS0PlW0208f0VlQle2ce5yw3Ob7onGFZW1wxON9bEz3eNeEDbdFxqvSr6m533Xc13P9RqnlZGxXp-foFD5Tsdrdtxm6De9Voh189-7LR1Y6kB0D8ijUGL08G_xW1B8iCz95pS0a4XOX3wlLRNaaIOu2H4jW8t0lSE9SmPjIM62p9XQdkTIZzPQ2fa0A-ju1rgDMDUiM0_cA8u2pzTBurcOmbIEMgMTD6HqDiGTIRQdgusbUOJnAnCBc-eRpbfPaVPRjUOUjtERmX3wN1Q1IrP3HkeWfr2UqPXGJZ2UhdKZxXpcQ60PoVaGyMtdFL0ZqGoXvPgASvxE5h8sI0u3zttEQ4n9ZwWLfT_kfI6HcWcujPzWXLQg2nN0gTGfLfAw8OVEIhUPQa2DcnyUgzJ2UOYOUrHfCN0o5B4N2nFH8AU3pGEoJHM7ke-6tMMXUPIx9z6KvA-e9MHNdeTmOtZUH6b8AXa1hhUObEHQFTUqSVBZgooSVIqgKgiqbn1LJNa39W2R2JJ50-hPY1APdLGySW_pYkVmBNT0YUS9pfJ37Q3w4tigF1sx0GNHWVEPKBP1Zn5AHhnL6vTeex9rcr_hRbHP3DCirN1iLV-2ZcsVsh2xdhgJGUSwqoayMxMxempElu6myNWIPPP7p2B0FzbZBVcOaPk0aFWDrtboZXdS3VVio2lVISF0jbyYRbHhbCYH5MnJXN9-bR-S7700-3Hx7dVr_4CbGrmpcVX9SLCS3Bxc1BXZuqgrS-6ezwuVqh4dz_xSQQs5-9XrcqPSRpw5ZftfnuRjYJzuXJa2WKaZUNmKJXeWlBDSnNaGS_LdGXtFsgulXV0qTVbmyxdePn0mzY20VulsCKpGhBz8Cq5G5LHlvyb7HLYuQZkhTFkjLffI1MDz67D53uKfJ8SbT-38D1YTmOQIZ7mDqqwHxmdHj4kakbOffIFE7i1-_s79438s_h-U1bDySAQm976_f1g_MHT8A1X1pr2JFeOAFjeQpTW6pkY3qUGTPmx5bFDkZm_xl2BiYIkzYIlxtlhiko8OZbZqvxEH0ueuGy20vSCKpReEgsetKOyINnWDQKKwo9Vrz538NwAA__8HpCnvsQQAAA==
IP / ASN
192.243.59.20
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject skinnycrawlinglax.com
Fingerprint 4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97
Validity Sat, 28 Jun 2025 22:21:33 GMT - Fri, 26 Sep 2025 22:21:32 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC_1RSTWhc1Re_L83i_8eF-IELURhERMFM3tdM3rSL2FirxfSDtlJQF96vl9zmvXef9743LxmhVAvS5YgKruTlN2mjNojdK8rEXUBwXAVpNoIuLQpduJKZDAQP3HPOvb_D5Xd-53y4WR6QACXdv3BW91SS0PlW0208f0VlQle2ce5yw3Ob7onGFZW1wxON9bEz3eNeEDbdFxqvSr6m533Xc13P9RqnlZGxXp-foFD5Tsdrdtxm6De9Voh189-7LR1Y6kB0D8ijUGL08G_xW1B8iCz95pS0a4XOX3wlLRNaaIOu2H4jW8t0lSE9SmPjIM62p9XQdkTIZzPQ2fa0A-ju1rgDMDUiM0_cA8u2pzTBurcOmbIEMgMTD6HqDiGTIRQdgusbUOJnAnCBc-eRpbfPaVPRjUOUjtERmX3wN1Q1IrP3HkeWfr2UqPXGJZ2UhdKZxXpcQ60PoVaGyMtdFL0ZqGoXvPgASvxE5h8sI0u3zttEQ4n9ZwWLfT_kfI6HcWcujPzWXLQg2nN0gTGfLfAw8OVEIhUPQa2DcnyUgzJ2UOYOUrHfCN0o5B4N2nFH8AU3pGEoJHM7ke-6tMMXUPIx9z6KvA-e9MHNdeTmOtZUH6b8AXa1hhUObEHQFTUqSVBZgooSVIqgKgiqbn1LJNa39W2R2JJ50-hPY1APdLGySW_pYkVmBNT0YUS9pfJ37Q3w4tigF1sx0GNHWVEPKBP1Zn5AHhnL6vTeex9rcr_hRbHP3DCirN1iLV-2ZcsVsh2xdhgJGUSwqoayMxMxempElu6myNWIPPP7p2B0FzbZBVcOaPk0aFWDrtboZXdS3VVio2lVISF0jbyYRbHhbCYH5MnJXN9-bR-S7700-3Hx7dVr_4CbGrmpcVX9SLCS3Bxc1BXZuqgrS-6ezwuVqh4dz_xSQQs5-9XrcqPSRpw5ZftfnuRjYJzuXJa2WKaZUNmKJXeWlBDSnNaGS_LdGXtFsgulXV0qTVbmyxdePn0mzY20VulsCKpGhBz8Cq5G5LHlvyb7HLYuQZkhTFkjLffI1MDz67D53uKfJ8SbT-38D1YTmOQIZ7mDqqwHxmdHj4kakbOffIFE7i1-_s79438s_h-U1bDySAQm976_f1g_MHT8A1X1pr2JFeOAFjeQpTW6pkY3qUGTPmx5bFDkZm_xl2BiYIkzYIlxtlhiko8OZbZqvxEH0ueuGy20vSCKpReEgsetKOyINnWDQKKwo9Vrz538NwAA__8HpCnvsQQAAA== HTTP/1.1
Host: skinnycrawlinglax.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: uid_id2=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl24804225=1; slec18f2b048ab65b52e6e50de68b648de38=[6047961]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:35 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
Access-Control-Allow-Origin: *
Vary: Origin
Access-Control-Allow-Credentials: true
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: iprc_l+112a5e6407af9a5058711751a995645d=6047961; expires=Tue, 22 Jul 2025 11:36:35 GMT; path=/; secure; SameSite=None
iprc_l:6047961=1; expires=Tue, 22 Jul 2025 11:36:35 GMT; path=/; secure; SameSite=None
Host: skinnycrawlinglax.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 8413a88bb6d3207b8f8e655a2094dec5
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET cdn.storageimagedisplay.com/si/d8/b1/09/d8b109165fc0ec08002c14fd9e81f6ece67b955e786b918b73abb33e5be5188f.png
200 OK 57 kB URL
cdn.storageimagedisplay.com/si/d8/b1/09/d8b109165fc0ec08002c14fd9e81f6ece67b955e786b918b73abb33e5be5188f.png
IP / ASN
45.133.44.1
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced
First Seen 2025-05-16
Last Seen 2025-08-02
Times Seen 635
Size 57 kB (57237 bytes)
MD5 423a240fbfb182d7805dad3bb9e822bb
SHA1 6a853689b2cc95a6c36b98e6938e598bf2a28d52
SHA256 da19475c70c6669a83473eb52dec1feb61e629e374fdd426dd02024080d0b1a6
Certificate Info
Issuer Let's Encrypt
Subject cdn.storageimagedisplay.com
Fingerprint 06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9
Validity Thu, 10 Jul 2025 02:33:11 GMT - Wed, 08 Oct 2025 02:33:10 GMT
GET /si/d8/b1/09/d8b109165fc0ec08002c14fd9e81f6ece67b955e786b918b73abb33e5be5188f.png HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:33 GMT
content-type: image/png
content-length: 57237
server: nginx/1.21.6
last-modified: Sun, 11 May 2025 14:02:30 GMT
etag: "6820adf6-df95"
expires: Wed, 23 Jul 2025 11:36:33 GMT
cache-control: max-age=172800
x-cdn-host-id: ah0543
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET mallowessencedialect.com/impr.gif?sid=H4sIAAAAAAAC_1RSwYscxReu3swpv8MPQ1T0NHgQBZntnumdnTGHaBITguPumkQW9FTdVT1bbk1XW9U9PTsBWVyQHOegoJ5qv9nN6hqC_gHCMutFFgX7InvIqgj-A0LwKD0ZGH3Q772vvyp43_fq493sjDSQ0dO1t9RQSEkXl2pu9aV1ETOVm-rKnarn1txL1XURN_1L1UGZdP9Vr-HX3JerN3i4qRbrrue6nutVrwvNIzVYnLIQyYO2V2u7Nb9e85Z8DPR_sckcGOqA9c_IBQhW_P-P6D2IcIK49801bjZTlbzyRi-TNFUafXbwTrwZqzxGb95G2kEUH8xOQ5mCkM8WoOKDmQKo_l6pAIEoyMIzjxDEB7MxEfT3n0waSPAYAfsf8v4EXE4g6ASh2oFgPxMgZFhZRdy7v6J0TreesLRkC1J5_BdEXpDKo4uIew-vSDGo3lYyS4WKDQaRhRhMILoTJNkx0uECRH6MMP0Igv1EFh93EPf2Vo1UEMxO1YtoAmocZOUnHGSRgyxx0GOnVd9t-aFHG82ozcJl16e-z3jgtlt116XtcBlZWI41QpqMEMoRQr2NRG9jU4ygsyOYDQvDHJi0IM7b2-gzi5wT5IYgpwS5IMhTgrxv95k0dWPvM2mywJvV-qw27Fil3V26r9IujwmoHkEzuyeSD8wOwvTceBgZNlZlokFqxzRgdjc5I0-Vrjl3T37DJj-tBlHEPO75zfZSELSakcvrPKo3WcCD5Ua7XocRFsIsTA0ZioJcfe5HJKIgL_z5KQJ6DCOPEQoHNPNAcwu6YTGMD0MR866qSSXBlEWSVpBuObvyjDw_3dq7X14GD08up8Pfbzy8eBehtki0xfvie4KuvDe-pXKyd0vlhny7mqSiJ4a03OjtlKb83OGbfCtXmt28ZkZfvR6WRNk-uMNN2qExE3HXkK-vCMa4vq50yMl3N806D9Yys3El03GWdNauXr_ZSzQ3Rqh4AioKcv7oEKEoyIVfdqavtXHjbwg9gc4setkJmQXCZBsmmWOjCLSc4yA5hzyzY10P5j-lIJB8jmlgYf6Fg3k_1rS8TYXdNffQ1RXQdAdxz6KvLfrSgsoRTHZ-nCb65PIPn5fxBQJZGQdSV_YCqeUnBek8_WxBOq1fp2YXpCOOYMRpNWrweui6reWm12hF3Gv4LIyWWn6bNanbaHCkptj48MXX_gkAAP__EdElwJoEAAA=
200 OK 0 B URL
mallowessencedialect.com/impr.gif?sid=H4sIAAAAAAAC_1RSwYscxReu3swpv8MPQ1T0NHgQBZntnumdnTGHaBITguPumkQW9FTdVT1bbk1XW9U9PTsBWVyQHOegoJ5qv9nN6hqC_gHCMutFFgX7InvIqgj-A0LwKD0ZGH3Q772vvyp43_fq493sjDSQ0dO1t9RQSEkXl2pu9aV1ETOVm-rKnarn1txL1XURN_1L1UGZdP9Vr-HX3JerN3i4qRbrrue6nutVrwvNIzVYnLIQyYO2V2u7Nb9e85Z8DPR_sckcGOqA9c_IBQhW_P-P6D2IcIK49801bjZTlbzyRi-TNFUafXbwTrwZqzxGb95G2kEUH8xOQ5mCkM8WoOKDmQKo_l6pAIEoyMIzjxDEB7MxEfT3n0waSPAYAfsf8v4EXE4g6ASh2oFgPxMgZFhZRdy7v6J0TreesLRkC1J5_BdEXpDKo4uIew-vSDGo3lYyS4WKDQaRhRhMILoTJNkx0uECRH6MMP0Igv1EFh93EPf2Vo1UEMxO1YtoAmocZOUnHGSRgyxx0GOnVd9t-aFHG82ozcJl16e-z3jgtlt116XtcBlZWI41QpqMEMoRQr2NRG9jU4ygsyOYDQvDHJi0IM7b2-gzi5wT5IYgpwS5IMhTgrxv95k0dWPvM2mywJvV-qw27Fil3V26r9IujwmoHkEzuyeSD8wOwvTceBgZNlZlokFqxzRgdjc5I0-Vrjl3T37DJj-tBlHEPO75zfZSELSakcvrPKo3WcCD5Ua7XocRFsIsTA0ZioJcfe5HJKIgL_z5KQJ6DCOPEQoHNPNAcwu6YTGMD0MR866qSSXBlEWSVpBuObvyjDw_3dq7X14GD08up8Pfbzy8eBehtki0xfvie4KuvDe-pXKyd0vlhny7mqSiJ4a03OjtlKb83OGbfCtXmt28ZkZfvR6WRNk-uMNN2qExE3HXkK-vCMa4vq50yMl3N806D9Yys3El03GWdNauXr_ZSzQ3Rqh4AioKcv7oEKEoyIVfdqavtXHjbwg9gc4setkJmQXCZBsmmWOjCLSc4yA5hzyzY10P5j-lIJB8jmlgYf6Fg3k_1rS8TYXdNffQ1RXQdAdxz6KvLfrSgsoRTHZ-nCb65PIPn5fxBQJZGQdSV_YCqeUnBek8_WxBOq1fp2YXpCOOYMRpNWrweui6reWm12hF3Gv4LIyWWn6bNanbaHCkptj48MXX_gkAAP__EdElwJoEAAA=
IP / ASN
172.240.108.84
#7979 SERVERS-COM
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject mallowessencedialect.com
Fingerprint 83:27:60:20:5C:EA:21:00:2A:D7:CB:70:D1:90:92:EF:DC:FC:26:41
Validity Wed, 09 Jul 2025 21:29:46 GMT - Tue, 07 Oct 2025 21:29:45 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC_1RSwYscxReu3swpv8MPQ1T0NHgQBZntnumdnTGHaBITguPumkQW9FTdVT1bbk1XW9U9PTsBWVyQHOegoJ5qv9nN6hqC_gHCMutFFgX7InvIqgj-A0LwKD0ZGH3Q772vvyp43_fq493sjDSQ0dO1t9RQSEkXl2pu9aV1ETOVm-rKnarn1txL1XURN_1L1UGZdP9Vr-HX3JerN3i4qRbrrue6nutVrwvNIzVYnLIQyYO2V2u7Nb9e85Z8DPR_sckcGOqA9c_IBQhW_P-P6D2IcIK49801bjZTlbzyRi-TNFUafXbwTrwZqzxGb95G2kEUH8xOQ5mCkM8WoOKDmQKo_l6pAIEoyMIzjxDEB7MxEfT3n0waSPAYAfsf8v4EXE4g6ASh2oFgPxMgZFhZRdy7v6J0TreesLRkC1J5_BdEXpDKo4uIew-vSDGo3lYyS4WKDQaRhRhMILoTJNkx0uECRH6MMP0Igv1EFh93EPf2Vo1UEMxO1YtoAmocZOUnHGSRgyxx0GOnVd9t-aFHG82ozcJl16e-z3jgtlt116XtcBlZWI41QpqMEMoRQr2NRG9jU4ygsyOYDQvDHJi0IM7b2-gzi5wT5IYgpwS5IMhTgrxv95k0dWPvM2mywJvV-qw27Fil3V26r9IujwmoHkEzuyeSD8wOwvTceBgZNlZlokFqxzRgdjc5I0-Vrjl3T37DJj-tBlHEPO75zfZSELSakcvrPKo3WcCD5Ua7XocRFsIsTA0ZioJcfe5HJKIgL_z5KQJ6DCOPEQoHNPNAcwu6YTGMD0MR866qSSXBlEWSVpBuObvyjDw_3dq7X14GD08up8Pfbzy8eBehtki0xfvie4KuvDe-pXKyd0vlhny7mqSiJ4a03OjtlKb83OGbfCtXmt28ZkZfvR6WRNk-uMNN2qExE3HXkK-vCMa4vq50yMl3N806D9Yys3El03GWdNauXr_ZSzQ3Rqh4AioKcv7oEKEoyIVfdqavtXHjbwg9gc4setkJmQXCZBsmmWOjCLSc4yA5hzyzY10P5j-lIJB8jmlgYf6Fg3k_1rS8TYXdNffQ1RXQdAdxz6KvLfrSgsoRTHZ-nCb65PIPn5fxBQJZGQdSV_YCqeUnBek8_WxBOq1fp2YXpCOOYMRpNWrweui6reWm12hF3Gv4LIyWWn6bNanbaHCkptj48MXX_gkAAP__EdElwJoEAAA= HTTP/1.1
Host: mallowessencedialect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl24890336=1; nlecbffd1e14695bb86f0e2ef26dbeb73922=[5941311]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 21 Jul 2025 11:36:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
access-control-allow-origin: *
vary: Origin
access-control-allow-credentials: true
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
set-cookie: iprc_l+2981ce967cc5a8d2204084b9510a7869=5941311; expires=Tue, 22 Jul 2025 11:36:33 GMT; path=/; secure; SameSite=None
iprc_l:5941311=1; expires=Tue, 22 Jul 2025 11:36:33 GMT; path=/; secure; SameSite=None
x-envoy-upstream-service-time: 4
Host: mallowessencedialect.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: e22520d14dc3cce46cb44c302420d649
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET skinnycrawlinglax.com/ren.gif?sid=H4sIAAAAAAAC_1RSTWgkRRSuzuageBB_8CAKg4gomElPT89kZnOIG9doMJuEzUpAPVjVVT2pTXdXW9U9PRlhiQZkjyMqeJLON8lG3SDuXVEm3gYEx9Mgm4ugRxeFPXiSmQyEfVDvvarvUXzve-_j_fSUlJHS4foV1ZZBQGcrRbvw4qaMuMpMYfVaoWQX7fnCpoyq7nyhNXK6ebFUdov2S4XXhbetZh27ZNslu1RYklr4qjU7RiHj43qpWLeLrlMsVVy09IN3k1ow1AJvnpLHIfng0T_8dyC9HqLwu8vCbCcqfvm1MA1oojSa_OitaDtSWYTwPPW1BT86mlRDmQEhX0xBRUeTDqCaB6MOwOSATD11Fyw6mtAEax6eMWUBRATGH0HW7EEEPUjag6f2IPmvBPA4VtcQhbdWlc7ozhlKR-iATN__FzIbkOm7TyIKv10MZKuwoYI0kSoyaPk5ZKsH2eghTk-QtKcgsxN4yUeQ_Bcye38FUXiwZgIFyYfPc-Y7jut5M57r12fcmlOZqc3x6gydY8xhc55bdsRYIun3QI2FdHSkhdS3kMYWQj4suHbN9Uq0XPXr3JuzXeq6XDC7XnNsm9a9OaTeiHsHSdyBF3Tg6V3EehfbsgOd_gSzlcNwCyYhaPIcmSDIDEFGCTJJkCUEWTM_5IFxTH6LByZlpUl0JrGcd1XS2KeHKmmIiIDqDjTPD2T8vtmDl1zotn3Du2rkKEvyLmU8349PyWMjWa32Bx9iWwwLpZrvMNutUVatsIojqqJic1Gtsapb46Jcg5E5pJkai9GWA7J4J0QsB-S5Pz8HoycwwQk8aYGmz4JmOehWjnZ0O1RNyXeKRiYCXOWIk2kkO9Z-cEqeHs_13TeGEF7_lelPk--v3_gPns4R6xzX5c8EjeBm96rKyMFVlRlyZy1OZCjbdDTzjYQmYvqbN8VOpjRfvmw6X1_yRsAoPb4mTLJCIy6jhiG3FyXnQi8p7Qnyw7LZFGw9NVuLqY7SeGX91aXlMNbCGKmiHqgcEHL6Ozw5IE-s_DPeZ7eyAal70GmOMO2TicGLd2Hi_sLf8_ztZ44fglEEOjjHWWwhS_Oudtj5YyAH5MpnXyEQ_YUv37t38a-Fh0FZDiPORWCi_-O9s_qupqMfqMz3zU00tAWa7CEKczR1jmaQgwYdmPRCN4l1f-G38tjAAqvLAm0dsEAHn5zJbOSwUHFYuVqrVYVf5X6Zl50yr1dsUXdpverW3QoSM9i68cKl_wMAAP__-8y5MbEEAAA=
200 OK 0 B URL
skinnycrawlinglax.com/ren.gif?sid=H4sIAAAAAAAC_1RSTWgkRRSuzuageBB_8CAKg4gomElPT89kZnOIG9doMJuEzUpAPVjVVT2pTXdXW9U9PRlhiQZkjyMqeJLON8lG3SDuXVEm3gYEx9Mgm4ugRxeFPXiSmQyEfVDvvarvUXzve-_j_fSUlJHS4foV1ZZBQGcrRbvw4qaMuMpMYfVaoWQX7fnCpoyq7nyhNXK6ebFUdov2S4XXhbetZh27ZNslu1RYklr4qjU7RiHj43qpWLeLrlMsVVy09IN3k1ow1AJvnpLHIfng0T_8dyC9HqLwu8vCbCcqfvm1MA1oojSa_OitaDtSWYTwPPW1BT86mlRDmQEhX0xBRUeTDqCaB6MOwOSATD11Fyw6mtAEax6eMWUBRATGH0HW7EEEPUjag6f2IPmvBPA4VtcQhbdWlc7ozhlKR-iATN__FzIbkOm7TyIKv10MZKuwoYI0kSoyaPk5ZKsH2eghTk-QtKcgsxN4yUeQ_Bcye38FUXiwZgIFyYfPc-Y7jut5M57r12fcmlOZqc3x6gydY8xhc55bdsRYIun3QI2FdHSkhdS3kMYWQj4suHbN9Uq0XPXr3JuzXeq6XDC7XnNsm9a9OaTeiHsHSdyBF3Tg6V3EehfbsgOd_gSzlcNwCyYhaPIcmSDIDEFGCTJJkCUEWTM_5IFxTH6LByZlpUl0JrGcd1XS2KeHKmmIiIDqDjTPD2T8vtmDl1zotn3Du2rkKEvyLmU8349PyWMjWa32Bx9iWwwLpZrvMNutUVatsIojqqJic1Gtsapb46Jcg5E5pJkai9GWA7J4J0QsB-S5Pz8HoycwwQk8aYGmz4JmOehWjnZ0O1RNyXeKRiYCXOWIk2kkO9Z-cEqeHs_13TeGEF7_lelPk--v3_gPns4R6xzX5c8EjeBm96rKyMFVlRlyZy1OZCjbdDTzjYQmYvqbN8VOpjRfvmw6X1_yRsAoPb4mTLJCIy6jhiG3FyXnQi8p7Qnyw7LZFGw9NVuLqY7SeGX91aXlMNbCGKmiHqgcEHL6Ozw5IE-s_DPeZ7eyAal70GmOMO2TicGLd2Hi_sLf8_ztZ44fglEEOjjHWWwhS_Oudtj5YyAH5MpnXyEQ_YUv37t38a-Fh0FZDiPORWCi_-O9s_qupqMfqMz3zU00tAWa7CEKczR1jmaQgwYdmPRCN4l1f-G38tjAAqvLAm0dsEAHn5zJbOSwUHFYuVqrVYVf5X6Zl50yr1dsUXdpverW3QoSM9i68cKl_wMAAP__-8y5MbEEAAA=
IP / ASN
192.243.59.20
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject skinnycrawlinglax.com
Fingerprint 4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97
Validity Sat, 28 Jun 2025 22:21:33 GMT - Fri, 26 Sep 2025 22:21:32 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC_1RSTWgkRRSuzuageBB_8CAKg4gomElPT89kZnOIG9doMJuEzUpAPVjVVT2pTXdXW9U9PRlhiQZkjyMqeJLON8lG3SDuXVEm3gYEx9Mgm4ugRxeFPXiSmQyEfVDvvarvUXzve-_j_fSUlJHS4foV1ZZBQGcrRbvw4qaMuMpMYfVaoWQX7fnCpoyq7nyhNXK6ebFUdov2S4XXhbetZh27ZNslu1RYklr4qjU7RiHj43qpWLeLrlMsVVy09IN3k1ow1AJvnpLHIfng0T_8dyC9HqLwu8vCbCcqfvm1MA1oojSa_OitaDtSWYTwPPW1BT86mlRDmQEhX0xBRUeTDqCaB6MOwOSATD11Fyw6mtAEax6eMWUBRATGH0HW7EEEPUjag6f2IPmvBPA4VtcQhbdWlc7ozhlKR-iATN__FzIbkOm7TyIKv10MZKuwoYI0kSoyaPk5ZKsH2eghTk-QtKcgsxN4yUeQ_Bcye38FUXiwZgIFyYfPc-Y7jut5M57r12fcmlOZqc3x6gydY8xhc55bdsRYIun3QI2FdHSkhdS3kMYWQj4suHbN9Uq0XPXr3JuzXeq6XDC7XnNsm9a9OaTeiHsHSdyBF3Tg6V3EehfbsgOd_gSzlcNwCyYhaPIcmSDIDEFGCTJJkCUEWTM_5IFxTH6LByZlpUl0JrGcd1XS2KeHKmmIiIDqDjTPD2T8vtmDl1zotn3Du2rkKEvyLmU8349PyWMjWa32Bx9iWwwLpZrvMNutUVatsIojqqJic1Gtsapb46Jcg5E5pJkai9GWA7J4J0QsB-S5Pz8HoycwwQk8aYGmz4JmOehWjnZ0O1RNyXeKRiYCXOWIk2kkO9Z-cEqeHs_13TeGEF7_lelPk--v3_gPns4R6xzX5c8EjeBm96rKyMFVlRlyZy1OZCjbdDTzjYQmYvqbN8VOpjRfvmw6X1_yRsAoPb4mTLJCIy6jhiG3FyXnQi8p7Qnyw7LZFGw9NVuLqY7SeGX91aXlMNbCGKmiHqgcEHL6Ozw5IE-s_DPeZ7eyAal70GmOMO2TicGLd2Hi_sLf8_ztZ44fglEEOjjHWWwhS_Oudtj5YyAH5MpnXyEQ_YUv37t38a-Fh0FZDiPORWCi_-O9s_qupqMfqMz3zU00tAWa7CEKczR1jmaQgwYdmPRCN4l1f-G38tjAAqvLAm0dsEAHn5zJbOSwUHFYuVqrVYVf5X6Zl50yr1dsUXdpverW3QoSM9i68cKl_wMAAP__-8y5MbEEAAA= HTTP/1.1
Host: skinnycrawlinglax.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: uid_id2=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl24804225=1; slec18f2b048ab65b52e6e50de68b648de38=[6047961]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Vary: Origin
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: skinnycrawlinglax.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: b578944401d4374909ae5d66cf162f9b
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET cdn.jsdelivr.net/npm/bootstrap-icons@1.11/font/bootstrap-icons.min.css
200 OK 86 kB URL
cdn.jsdelivr.net/npm/bootstrap-icons@1.11/font/bootstrap-icons.min.css
IP / ASN
151.101.193.229
#54113 FASTLY
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type ASCII text, with very long lines (65354)
First Seen 2025-05-09
Last Seen 2025-07-31
Times Seen 80
Size 86 kB (85875 bytes)
MD5 11e1bb8650bb323688d0e48a791c5f13
SHA1 44fece95e097e13bc68bc6b3c126d97e878953ed
SHA256 7c7d920afe96359df81575f8902ea58dab45a45ab238d1368e48c145ed817346
Certificate Info
Issuer GlobalSign nv-sa
Subject jsdelivr.net
Fingerprint 21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4
Validity Mon, 02 Jun 2025 15:43:52 GMT - Sat, 04 Jul 2026 15:43:51 GMT
GET /npm/bootstrap-icons@1.11/font/bootstrap-icons.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 1.11.4
x-jsd-version-type: version
etag: W/"14f73-RP7OleCX4TvGi8azwSbZfoeJU+0"
content-encoding: br
accept-ranges: bytes
date: Mon, 21 Jul 2025 11:36:31 GMT
age: 11480
x-served-by: cache-fra-etou8220155-FRA, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 13383
X-Firefox-Spdy: h2
GET pl24904724.profitablecpmrate.com/18/f2/b0/18f2b048ab65b52e6e50de68b648de38.js
200 OK 67 kB URL
pl24904724.profitablecpmrate.com/18/f2/b0/18f2b048ab65b52e6e50de68b648de38.js
IP / ASN
192.243.61.225
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
First Seen 2025-07-21
Last Seen 2025-07-21
Times Seen 1
Size 67 kB (66999 bytes)
MD5 482ca255b860caa8a67e7c65d643f695
SHA1 fc7fc812e68b7678e01ef1a79cc1a1c494e19d76
SHA256 e7a22d84b7e0c85742b5c3041e98dc3c0973ed9d462b191d23c252a3307d8101
Certificate Info
Issuer Let's Encrypt
Subject profitablecpmrate.com
Fingerprint AD:94:8C:B4:3A:E9:7C:3E:11:F7:87:52:39:DE:6E:6F:45:82:4F:6F
Validity Thu, 12 Jun 2025 22:24:53 GMT - Wed, 10 Sep 2025 22:24:52 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /18/f2/b0/18f2b048ab65b52e6e50de68b648de38.js HTTP/1.1
Host: pl24904724.profitablecpmrate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 21 Jul 2025 11:36:32 GMT
Content-Type: application/javascript
Content-Length: 23979
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: pl24904724.profitablecpmrate.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 3a5d0fefe694cfc6d3a0fde9681796c6
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET fonts.gstatic.com/s/worksans/v23/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
200 OK 50 kB URL
fonts.gstatic.com/s/worksans/v23/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
IP / ASN
142.250.178.99
#15169 GOOGLE
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type Web Open Font Format (Version 2), TrueType, length 50456, version 1.0
First Seen 2025-06-02
Last Seen 2025-08-02
Times Seen 2203
Size 50 kB (50456 bytes)
MD5 a8b15c4a3859b33ed95739c0b71f3155
SHA1 52354496e9829941995156c933a14b7679268244
SHA256 5c2315b50f8da421a9dd52ec82e78aeca1c267c819c3faace1b7b5566954b7f1
Certificate Info
Issuer Google Trust Services
Subject *.gstatic.com
Fingerprint 9A:5E:6D:44:D8:FB:03:E5:9A:13:6D:FF:53:DA:1C:8C:EA:3A:A7:AA
Validity Mon, 23 Jun 2025 08:41:27 GMT - Mon, 15 Sep 2025 08:41:26 GMT
GET /s/worksans/v23/QGYsz_wNahGAdqQ43Rh_fKDp.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 50456
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Jul 2025 17:23:48 GMT
expires: Tue, 14 Jul 2026 17:23:48 GMT
cache-control: public, max-age=31536000
age: 583964
last-modified: Thu, 29 May 2025 23:33:05 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET cdn.jsdelivr.net/npm/bootstrap-icons@1.11/font/fonts/bootstrap-icons.woff2?76330468ac064ad9a96c3f28eba72c8d
200 OK 130 kB URL
cdn.jsdelivr.net/npm/bootstrap-icons@1.11/font/fonts/bootstrap-icons.woff2?76330468ac064ad9a96c3f28eba72c8d
IP / ASN
151.101.193.229
#54113 FASTLY
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type Web Open Font Format (Version 2), TrueType, length 130400, version 1.0
First Seen 2025-05-04
Last Seen 2025-07-31
Times Seen 78
Size 130 kB (130400 bytes)
MD5 d1b54731edffbaead4f2dc751abe1ad9
SHA1 0ca3a9857f3f53808116c998c8051b9caaea9f35
SHA256 7830d597879a5671c747c50034e865631166eb2fd0980b1abfaf1dffcdc59561
Certificate Info
Issuer GlobalSign nv-sa
Subject jsdelivr.net
Fingerprint 21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4
Validity Mon, 02 Jun 2025 15:43:52 GMT - Sat, 04 Jul 2026 15:43:51 GMT
GET /npm/bootstrap-icons@1.11/font/fonts/bootstrap-icons.woff2?76330468ac064ad9a96c3f28eba72c8d HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
x-jsd-version: 1.11.4
x-jsd-version-type: version
etag: W/"1fd60-DKOphX8/U4CBFsmYyAUbnKrqnzU"
accept-ranges: bytes
age: 549
date: Mon, 21 Jul 2025 11:36:32 GMT
x-served-by: cache-fra-etou8220124-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 130400
X-Firefox-Spdy: h2
GET mallowessencedialect.com/ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRuu3m_4DgqK4g_0NHgQFZnt7umZzJhDNImR4JiNSSSgp6qu6tnK1nS1Vd3TsyPI4oIET3NQUE-9z-xmNQbRizchzHqRRSF9kT1kFQT_ASF4lJ4MTHyh3_d9-qmC533e-ngnOyZNZPTo4lt6LJWiq62GW3_hqoy5zm39wpW65zbck_WrMm4HJ-ujKpnhK14zaLgv1t8Q4YZe9V3PdT3Xq5-TRkR6tDpnIZNbXa_RdRuB3_BaAUbmv9hmDix1wIfH5HFIXj76Z_QeZDhDPPjurLAbqU5efn2QKZpqgyHffyfeiHUeY7BsI-MgivcXp6FtScjnK9Dx_mIC6OFuNQGYLMnKU3fB4v2FTLDh3n2lTEHEYPxh5MMZhJpB0hlCvQ3J7xAg5Liwhnhw44I2Od28z9KKLUnt3t-QeUlqd59APPj2tJKj-mWtslTq2GIUFZCjGWR_hiQ7QDpegcwPEKYfQfJfyeq9HuLB7ppVGpIX8-llNAO1DrLqkw6yyEGWOBjwo3rgdoLQo8121OXhCTegQcAFc7sd33VpNzyBLKxkTZAmE4RqgtBsITFb2JATmOw27HoByx3YtCTO21sY8gK5IMgtQU4JckmQpwT5sNjjyvq2uMGVzZi3qP6iNoupTvs7dE-nfRETUDOB4cWuTN632wjT_03HkeVTXSXK0mJKGS92kmPyWOWa88HhH9gQR3UWRdwTXtDuthjrtCNX-CLy25wJdqLZ9X1YWUDalbkhY1mSM8_8gkSW5Lm_PgOjB7DqAKF0QDMPNC9A1wuM45uhjEVfN5RW4LpAktaQbjo76pg8O99a78mnIcJDsgiEpkBiClyTPxH01fXpJZ2T3Us6t-T7tSSVAzmm1UYvpzQV_7_5ptjMteHnz9rJ16-FFVG1t64Im_ZozGXct-Sb05JzYc5pEwry43l7VbCLmV0_nZk4S3oXz5w7P0iMsFbqeAYq76z9g1CW5JHffpi_1ZeufQJpZjBZgUH2gNJkCzZZYqsJjFpiljjIs2JqfLb8qSSBEktMWQH7AGbLfmpodZvKYsdeR9_UQNNtxIMCQ1NgqApQNYHNHpqmiTk89fMXVXwJpmpTpkxtlymjPp0bXJJe5_eSvPvVqZL05G1YeVRv-azZ7nTaImrzqMmbfpN3W67oBrTbDrpBC6kt1z98_tV_AwAA__-nsotAmAQAAA==
200 OK 0 B URL
mallowessencedialect.com/ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRuu3m_4DgqK4g_0NHgQFZnt7umZzJhDNImR4JiNSSSgp6qu6tnK1nS1Vd3TsyPI4oIET3NQUE-9z-xmNQbRizchzHqRRSF9kT1kFQT_ASF4lJ4MTHyh3_d9-qmC533e-ngnOyZNZPTo4lt6LJWiq62GW3_hqoy5zm39wpW65zbck_WrMm4HJ-ujKpnhK14zaLgv1t8Q4YZe9V3PdT3Xq5-TRkR6tDpnIZNbXa_RdRuB3_BaAUbmv9hmDix1wIfH5HFIXj76Z_QeZDhDPPjurLAbqU5efn2QKZpqgyHffyfeiHUeY7BsI-MgivcXp6FtScjnK9Dx_mIC6OFuNQGYLMnKU3fB4v2FTLDh3n2lTEHEYPxh5MMZhJpB0hlCvQ3J7xAg5Liwhnhw44I2Od28z9KKLUnt3t-QeUlqd59APPj2tJKj-mWtslTq2GIUFZCjGWR_hiQ7QDpegcwPEKYfQfJfyeq9HuLB7ppVGpIX8-llNAO1DrLqkw6yyEGWOBjwo3rgdoLQo8121OXhCTegQcAFc7sd33VpNzyBLKxkTZAmE4RqgtBsITFb2JATmOw27HoByx3YtCTO21sY8gK5IMgtQU4JckmQpwT5sNjjyvq2uMGVzZi3qP6iNoupTvs7dE-nfRETUDOB4cWuTN632wjT_03HkeVTXSXK0mJKGS92kmPyWOWa88HhH9gQR3UWRdwTXtDuthjrtCNX-CLy25wJdqLZ9X1YWUDalbkhY1mSM8_8gkSW5Lm_PgOjB7DqAKF0QDMPNC9A1wuM45uhjEVfN5RW4LpAktaQbjo76pg8O99a78mnIcJDsgiEpkBiClyTPxH01fXpJZ2T3Us6t-T7tSSVAzmm1UYvpzQV_7_5ptjMteHnz9rJ16-FFVG1t64Im_ZozGXct-Sb05JzYc5pEwry43l7VbCLmV0_nZk4S3oXz5w7P0iMsFbqeAYq76z9g1CW5JHffpi_1ZeufQJpZjBZgUH2gNJkCzZZYqsJjFpiljjIs2JqfLb8qSSBEktMWQH7AGbLfmpodZvKYsdeR9_UQNNtxIMCQ1NgqApQNYHNHpqmiTk89fMXVXwJpmpTpkxtlymjPp0bXJJe5_eSvPvVqZL05G1YeVRv-azZ7nTaImrzqMmbfpN3W67oBrTbDrpBC6kt1z98_tV_AwAA__-nsotAmAQAAA==
IP / ASN
192.243.59.13
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject mallowessencedialect.com
Fingerprint 83:27:60:20:5C:EA:21:00:2A:D7:CB:70:D1:90:92:EF:DC:FC:26:41
Validity Wed, 09 Jul 2025 21:29:46 GMT - Tue, 07 Oct 2025 21:29:45 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRuu3m_4DgqK4g_0NHgQFZnt7umZzJhDNImR4JiNSSSgp6qu6tnK1nS1Vd3TsyPI4oIET3NQUE-9z-xmNQbRizchzHqRRSF9kT1kFQT_ASF4lJ4MTHyh3_d9-qmC533e-ngnOyZNZPTo4lt6LJWiq62GW3_hqoy5zm39wpW65zbck_WrMm4HJ-ujKpnhK14zaLgv1t8Q4YZe9V3PdT3Xq5-TRkR6tDpnIZNbXa_RdRuB3_BaAUbmv9hmDix1wIfH5HFIXj76Z_QeZDhDPPjurLAbqU5efn2QKZpqgyHffyfeiHUeY7BsI-MgivcXp6FtScjnK9Dx_mIC6OFuNQGYLMnKU3fB4v2FTLDh3n2lTEHEYPxh5MMZhJpB0hlCvQ3J7xAg5Liwhnhw44I2Od28z9KKLUnt3t-QeUlqd59APPj2tJKj-mWtslTq2GIUFZCjGWR_hiQ7QDpegcwPEKYfQfJfyeq9HuLB7ppVGpIX8-llNAO1DrLqkw6yyEGWOBjwo3rgdoLQo8121OXhCTegQcAFc7sd33VpNzyBLKxkTZAmE4RqgtBsITFb2JATmOw27HoByx3YtCTO21sY8gK5IMgtQU4JckmQpwT5sNjjyvq2uMGVzZi3qP6iNoupTvs7dE-nfRETUDOB4cWuTN632wjT_03HkeVTXSXK0mJKGS92kmPyWOWa88HhH9gQR3UWRdwTXtDuthjrtCNX-CLy25wJdqLZ9X1YWUDalbkhY1mSM8_8gkSW5Lm_PgOjB7DqAKF0QDMPNC9A1wuM45uhjEVfN5RW4LpAktaQbjo76pg8O99a78mnIcJDsgiEpkBiClyTPxH01fXpJZ2T3Us6t-T7tSSVAzmm1UYvpzQV_7_5ptjMteHnz9rJ16-FFVG1t64Im_ZozGXct-Sb05JzYc5pEwry43l7VbCLmV0_nZk4S3oXz5w7P0iMsFbqeAYq76z9g1CW5JHffpi_1ZeufQJpZjBZgUH2gNJkCzZZYqsJjFpiljjIs2JqfLb8qSSBEktMWQH7AGbLfmpodZvKYsdeR9_UQNNtxIMCQ1NgqApQNYHNHpqmiTk89fMXVXwJpmpTpkxtlymjPp0bXJJe5_eSvPvVqZL05G1YeVRv-azZ7nTaImrzqMmbfpN3W67oBrTbDrpBC6kt1z98_tV_AwAA__-nsotAmAQAAA== HTTP/1.1
Host: mallowessencedialect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl24890336=1; nlecbffd1e14695bb86f0e2ef26dbeb73922=[5941311]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
Access-Control-Allow-Origin: *
Vary: Origin
Access-Control-Allow-Credentials: true
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: mallowessencedialect.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: dfd98bfb7c76e660ba6bb60b0f9808ef
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
200 OK 17 kB URL
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP / ASN
142.250.74.10
#15169 GOOGLE
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type ASCII text, with very long lines (1572)
First Seen 2025-06-02
Last Seen 2025-08-02
Times Seen 2307
Size 17 kB (16755 bytes)
MD5 e9d2e14beb088f37fae98294940a9dcd
SHA1 1dafc3c55550249c8c2d782d5616c7b445c8e005
SHA256 f2e491cc46d3fcba81f729065d622bd722751d4a2e7f80b479aa64a92c17b5c7
Certificate Info
Issuer Google Trust Services
Subject upload.video.google.com
Fingerprint DC:40:BF:B1:59:C9:CC:B5:4A:38:2D:D0:16:8D:06:A5:1D:B4:08:8B
Validity Mon, 23 Jun 2025 08:41:28 GMT - Mon, 15 Sep 2025 08:41:27 GMT
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 21 Jul 2025 11:36:34 GMT
date: Mon, 21 Jul 2025 11:36:34 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET cdn.creative-sb1.com/sb/interstitial/utility/robot/3/img/close.svg
200 OK 1.3 kB URL
cdn.creative-sb1.com/sb/interstitial/utility/robot/3/img/close.svg
IP / ASN
104.21.64.1
#13335 CLOUDFLARENET
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type SVG Scalable Vector Graphics image
First Seen 2023-04-07
Last Seen 2025-08-02
Times Seen 2011
Size 1.3 kB (1279 bytes)
MD5 369850b9873659adf0951d845f57dba1
SHA1 a64257186daa33b6b318943a457b6cf8d80b26b6
SHA256 9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21
Certificate Info
Issuer Google Trust Services
Subject creative-sb1.com
Fingerprint CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B
Validity Tue, 01 Jul 2025 14:01:22 GMT - Mon, 29 Sep 2025 14:59:36 GMT
GET /sb/interstitial/utility/robot/3/img/close.svg HTTP/1.1
Host: cdn.creative-sb1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:34 GMT
content-type: image/svg+xml
server: cloudflare
last-modified: Thu, 12 Dec 2024 14:36:22 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ctZdU2%2BFUFPn1xJwBc12%2BMae42LNG8o2%2FU3rx7%2BQOcu0C6nc8TjdH%2BXlMOOCWQPEfgjPTLbLLBa1TgHxVitmNeHfhw%2BL5KBUWn9eb159EGW51Q%3D%3D"}]}
age: 1123222
cf-cache-status: HIT
etag: W/"675af4e6-4ff"
content-encoding: br
cf-ray: 962a66bf0f650b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdn.creative-sb1.com/sb/interstitial/utility/robot/3/img/banner.png
200 OK 32 kB URL
cdn.creative-sb1.com/sb/interstitial/utility/robot/3/img/banner.png
IP / ASN
104.21.64.1
#13335 CLOUDFLARENET
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type PNG image data, 600 x 400, 8-bit/color RGBA, non-interlaced
First Seen 2025-07-04
Last Seen 2025-08-01
Times Seen 544
Size 32 kB (31747 bytes)
MD5 8b80e5aaebd2987d46dd0382da97fdc1
SHA1 bccdfd974f19600eac67f10c43a8d3cd92188aff
SHA256 41f23c36cc8dedef9d191f90f7f85c4aebba6012af7794fdfdf30331df5afe05
Certificate Info
Issuer Google Trust Services
Subject creative-sb1.com
Fingerprint CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B
Validity Tue, 01 Jul 2025 14:01:22 GMT - Mon, 29 Sep 2025 14:59:36 GMT
GET /sb/interstitial/utility/robot/3/img/banner.png HTTP/1.1
Host: cdn.creative-sb1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:34 GMT
content-type: image/png
content-length: 31747
server: cloudflare
last-modified: Thu, 12 Dec 2024 14:36:22 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
etag: "675af4e6-7c03"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
accept-ranges: bytes
age: 990679
cf-cache-status: HIT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cQJeJwqZmq2WKqxxSE3ljhBRj1rrsuD%2FxKNZB93DGLOMWOzplT4IMHyS1Rp9bWikY5eXQyP6WKZ4nPrwNLlsKunE7V3%2BUF3uwS1Kf1b7AtQg7w%3D%3D"}]}
cf-ray: 962a66bf0f680b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdn.creative-sb1.com/sb/interstitial/utility/robot/3/css/magic.css
200 OK 45 kB URL
cdn.creative-sb1.com/sb/interstitial/utility/robot/3/css/magic.css
IP / ASN
104.21.64.1
#13335 CLOUDFLARENET
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type ASCII text
First Seen 2025-06-11
Last Seen 2025-08-01
Times Seen 633
Size 45 kB (45054 bytes)
MD5 bcd1967f8c2604f55f57197de0ae895e
SHA1 c31a10c3ecde74b50450a0a1ad21aa474ff05e7d
SHA256 787eac5d9417257a04de7b18ef21f5ec887de3aee642ceba9a7d56a8209eea2a
Certificate Info
Issuer Google Trust Services
Subject creative-sb1.com
Fingerprint CD:76:E0:2A:28:09:08:24:2D:4C:A1:14:B2:AE:6C:39:A4:CC:2F:6B
Validity Tue, 01 Jul 2025 14:01:22 GMT - Mon, 29 Sep 2025 14:59:36 GMT
GET /sb/interstitial/utility/robot/3/css/magic.css HTTP/1.1
Host: cdn.creative-sb1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:34 GMT
content-type: text/css
server: cloudflare
last-modified: Thu, 12 Dec 2024 14:36:19 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
etag: W/"675af4e3-affe"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=gzJoQ7laPFsvwc1MYuQ56P0x%2FDoIpunWGN8vp0atSGriiHpxB0QJvTJhVXKOsTW%2BO%2B3Q7ImV0r%2B%2FTqNrZYLLnINLQpk9z98hqj3thZehMVYbHw%3D%3D"}]}
cf-ray: 962a66bebebf0b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET skinnycrawlinglax.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js&l=6640&fd=485
200 OK 0 B URL
skinnycrawlinglax.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js&l=6640&fd=485
IP / ASN
192.243.59.20
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject skinnycrawlinglax.com
Fingerprint 4A:6A:48:C8:5B:C5:2B:2E:9C:03:AF:BF:4C:E6:10:23:E2:7B:EA:97
Validity Sat, 28 Jun 2025 22:21:33 GMT - Fri, 26 Sep 2025 22:21:32 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js&l=6640&fd=485 HTTP/1.1
Host: skinnycrawlinglax.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: uid_id2=dbf224cc-c4f9-4825-87d6-a7bb2b7c432e:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl24804225=1; slec18f2b048ab65b52e6e50de68b648de38=[6047961]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:35 GMT
Content-Length: 0
Connection: keep-alive
Host: skinnycrawlinglax.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET flix2day-cc1.pages.dev/
200 OK 21 kB URL
flix2day-cc1.pages.dev/
IP / ASN
104.21.32.1
#13335 CLOUDFLARENET
Resource Info
File type HTML document, Unicode text, UTF-8 text, with very long lines (573), with CRLF line terminators
First Seen 2025-07-21
Last Seen 2025-07-21
Times Seen 1
Size 21 kB (21186 bytes)
MD5 c989c5aca357278b2d6a928c5849a332
SHA1 feab8d7eab041be06814d95aa4b120ecc063bdf7
SHA256 a6bf7bbce80af513fa452caa77f86b1ffff91dd88e5469d654a9de2eee9b2a4b
Certificate Info
Issuer Google Trust Services
Subject flix2day-cc1.pages.dev
Fingerprint EE:DE:5D:15:B9:3F:9F:C5:7F:16:19:D8:C2:E9:F2:02:71:92:33:20
Validity Mon, 07 Jul 2025 13:24:06 GMT - Sun, 05 Oct 2025 14:21:31 GMT
GET / HTTP/1.1
Host: flix2day-cc1.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:31 GMT
content-type: text/html; charset=utf-8
content-encoding: br
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qouywse3zREgVa4UbMqVKfYgvOwnqyX1fUT7Eq3jFTv4j%2FKAj9mWgofiBGYYW6Gvv4XJdceTYdBmYpH82bcxsLle2%2FmNYpja9ituy51Ngq9JMST76NOoa9PbQgMVO0x2LXYV8k%2FFG1Jx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 962a66a8598456bf-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=5611&min_rtt=516&rtt_var=10186&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3308&recv_bytes=1265&delivery_rate=5671018&cwnd=254&unsent_bytes=0&cid=b2958d83527cbaac&ts=667&x=0"
X-Firefox-Spdy: h2
GET mallowessencedialect.com/ntv.json?key=bffd1e14695bb86f0e2ef26dbeb73922&vstc=4&rb=
200 OK 16 kB URL
mallowessencedialect.com/ntv.json?key=bffd1e14695bb86f0e2ef26dbeb73922&vstc=4&rb=
IP / ASN
192.243.59.13
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type JSON text data
First Seen 2025-07-21
Last Seen 2025-07-21
Times Seen 1
Size 16 kB (15968 bytes)
MD5 d7d611bc4f0199225d5dc95d24f39468
SHA1 048d3def2ce03cba01aeb1cdb56cdfbdba32fece
SHA256 7c7c221821149e981bae391ff09bfa1879a71dc0a49b6e70489c181dbd753f9a
Certificate Info
Issuer Let's Encrypt
Subject mallowessencedialect.com
Fingerprint 83:27:60:20:5C:EA:21:00:2A:D7:CB:70:D1:90:92:EF:DC:FC:26:41
Validity Wed, 09 Jul 2025 21:29:46 GMT - Tue, 07 Oct 2025 21:29:45 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ntv.json?key=bffd1e14695bb86f0e2ef26dbeb73922&vstc=4&rb= HTTP/1.1
Host: mallowessencedialect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:32 GMT
Content-Type: application/json
Content-Length: 15968
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Access-Control-Allow-Origin: https://flix2day-cc1.pages.dev
Access-Control-Allow-Credentials: true
Set-Cookie: pdhtkv=true; expires=Tue, 22 Jul 2025 11:36:32 GMT; path=/; secure; SameSite=None
uncs=1; expires=Tue, 22 Jul 2025 11:36:32 GMT; path=/; secure; SameSite=None
pdhtkv49=true; expires=Tue, 22 Jul 2025 11:36:32 GMT; path=/; secure; SameSite=None
uncs49=1; expires=Tue, 22 Jul 2025 11:36:32 GMT; path=/; secure; SameSite=None
u_pl24890336=1; expires=Tue, 22 Jul 2025 11:36:32 GMT; path=/; secure; SameSite=None
nlecbffd1e14695bb86f0e2ef26dbeb73922=[5941311]; expires=Mon, 21 Jul 2025 11:36:37 GMT; path=/; secure; SameSite=None
Host: mallowessencedialect.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: c5b20fa0bd1b3e8f534df0014cfbbb5c
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET mallowessencedialect.com/ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRuu3m8-D3oQxR_oafAgKjLb3dMzmTGHaBIjwTEbk0hAT1Vd1bPl1nS1Vd3TsyPo4oLkOAcD6qn3md2sxiB6FiHMepFFIX3bQ1ZB8B8QggcP0pOBiS_0-75PP1XwvM9bn-5kx6SJjB5dfEuPpVJ0tdVw6y9clTHXua1fuFL33IZ7sn5Vxu3gZH1UJTN8xWsGDffF-hsi3NCrvuu5rud69XPSiEiPVucsZHKr6zW6biPwG14rwMj8F9vMgaUO-PCYPA7Jy0f_iN6DDGeIB9-dFXYj1cnLrw8yRVNtMOT778Qbsc5jDJZtZBxE8f7iNLQtCfl8BTreX0wAPdytJgCTJVl56i5YvL-QCTbcu6-UKYgYjD-CfDiDUDNIOkOotyH5HQKEHBfWEA9uXNAmp5v3WVqxJand-wsyL0nt7hOIB9-eVnJUv6xVlkodW4yiAnI0g-zPkGQHSMcrkPkBwvQTSP4rWb3XQzzYXbNKQ_JiPr2MZqDWQVZ90kEWOcgSBwN-VA_cThB6tNmOujw84QY0CLhgbrfjuy7thieQhZWsCdJkglBNEJotJGYLG3ICk92GXS9guQOblsR5ewtDXiAXBLklyClBLgnylCAfFntcWd8WN7iyGfMW1V_UZjHVaX-H7um0L2ICaiYwvNiVyQd2G2H6v-k4snyqq0RZWkwp48VOckweq1xzPjz8HRviqM6iiHvCC9rdFmOdduQKX0R-mzPBTjS7vg8rC0i7MjdkLEty5plfkMiSPPfndTB6AKsOEEoHNPNA8wJ0vcA4vhnKWPR1Q2kFrgskaQ3pprOjjsmz8631Or9BhIdkEQhNgcQUeF_-RNBX16aXdE52L-ncku_XklQO5JhWG72c0lQ8dPNNsZlrw8-ftZOvXwsrompvXRE27dGYy7hvyTenJefCnNMmFOTH8_aqYBczu346M3GW9C6eOXd-kBhhrdTxDFTeWfsboSzJ__-5Pn-rL338A6SZwWQFBtkDSpMt2GSJrSYwaolZsoI8K6bGZ8ufShIoscSUFbAPYLbsp4ZWt6ksduw19E0NNN1GPCgwNAWGqgBVE9js4WmamMNTP39RxZdgqjZlytR2mTLqs5L0nnx67nJJ3v3qVEl68jasPKq3fNZsdzptEbV51ORNv8m7LVd0A9ptB92ghdSW6x89_-q_AQAA__8iaNkamAQAAA==
200 OK 0 B URL
mallowessencedialect.com/ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRuu3m8-D3oQxR_oafAgKjLb3dMzmTGHaBIjwTEbk0hAT1Vd1bPl1nS1Vd3TsyPo4oLkOAcD6qn3md2sxiB6FiHMepFFIX3bQ1ZB8B8QggcP0pOBiS_0-75PP1XwvM9bn-5kx6SJjB5dfEuPpVJ0tdVw6y9clTHXua1fuFL33IZ7sn5Vxu3gZH1UJTN8xWsGDffF-hsi3NCrvuu5rud69XPSiEiPVucsZHKr6zW6biPwG14rwMj8F9vMgaUO-PCYPA7Jy0f_iN6DDGeIB9-dFXYj1cnLrw8yRVNtMOT778Qbsc5jDJZtZBxE8f7iNLQtCfl8BTreX0wAPdytJgCTJVl56i5YvL-QCTbcu6-UKYgYjD-CfDiDUDNIOkOotyH5HQKEHBfWEA9uXNAmp5v3WVqxJand-wsyL0nt7hOIB9-eVnJUv6xVlkodW4yiAnI0g-zPkGQHSMcrkPkBwvQTSP4rWb3XQzzYXbNKQ_JiPr2MZqDWQVZ90kEWOcgSBwN-VA_cThB6tNmOujw84QY0CLhgbrfjuy7thieQhZWsCdJkglBNEJotJGYLG3ICk92GXS9guQOblsR5ewtDXiAXBLklyClBLgnylCAfFntcWd8WN7iyGfMW1V_UZjHVaX-H7um0L2ICaiYwvNiVyQd2G2H6v-k4snyqq0RZWkwp48VOckweq1xzPjz8HRviqM6iiHvCC9rdFmOdduQKX0R-mzPBTjS7vg8rC0i7MjdkLEty5plfkMiSPPfndTB6AKsOEEoHNPNA8wJ0vcA4vhnKWPR1Q2kFrgskaQ3pprOjjsmz8631Or9BhIdkEQhNgcQUeF_-RNBX16aXdE52L-ncku_XklQO5JhWG72c0lQ8dPNNsZlrw8-ftZOvXwsrompvXRE27dGYy7hvyTenJefCnNMmFOTH8_aqYBczu346M3GW9C6eOXd-kBhhrdTxDFTeWfsboSzJ__-5Pn-rL338A6SZwWQFBtkDSpMt2GSJrSYwaolZsoI8K6bGZ8ufShIoscSUFbAPYLbsp4ZWt6ksduw19E0NNN1GPCgwNAWGqgBVE9js4WmamMNTP39RxZdgqjZlytR2mTLqs5L0nnx67nJJ3v3qVEl68jasPKq3fNZsdzptEbV51ORNv8m7LVd0A9ptB92ghdSW6x89_-q_AQAA__8iaNkamAQAAA==
IP / ASN
192.243.59.13
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type N/A
First Seen 0001-01-01
Last Seen 2025-08-02
Times Seen 5606696
Size 0 B (0 bytes)
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Certificate Info
Issuer Let's Encrypt
Subject mallowessencedialect.com
Fingerprint 83:27:60:20:5C:EA:21:00:2A:D7:CB:70:D1:90:92:EF:DC:FC:26:41
Validity Wed, 09 Jul 2025 21:29:46 GMT - Tue, 07 Oct 2025 21:29:45 GMT
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC_1RSz4scRRuu3m8-D3oQxR_oafAgKjLb3dMzmTGHaBIjwTEbk0hAT1Vd1bPl1nS1Vd3TsyPo4oLkOAcD6qn3md2sxiB6FiHMepFFIX3bQ1ZB8B8QggcP0pOBiS_0-75PP1XwvM9bn-5kx6SJjB5dfEuPpVJ0tdVw6y9clTHXua1fuFL33IZ7sn5Vxu3gZH1UJTN8xWsGDffF-hsi3NCrvuu5rud69XPSiEiPVucsZHKr6zW6biPwG14rwMj8F9vMgaUO-PCYPA7Jy0f_iN6DDGeIB9-dFXYj1cnLrw8yRVNtMOT778Qbsc5jDJZtZBxE8f7iNLQtCfl8BTreX0wAPdytJgCTJVl56i5YvL-QCTbcu6-UKYgYjD-CfDiDUDNIOkOotyH5HQKEHBfWEA9uXNAmp5v3WVqxJand-wsyL0nt7hOIB9-eVnJUv6xVlkodW4yiAnI0g-zPkGQHSMcrkPkBwvQTSP4rWb3XQzzYXbNKQ_JiPr2MZqDWQVZ90kEWOcgSBwN-VA_cThB6tNmOujw84QY0CLhgbrfjuy7thieQhZWsCdJkglBNEJotJGYLG3ICk92GXS9guQOblsR5ewtDXiAXBLklyClBLgnylCAfFntcWd8WN7iyGfMW1V_UZjHVaX-H7um0L2ICaiYwvNiVyQd2G2H6v-k4snyqq0RZWkwp48VOckweq1xzPjz8HRviqM6iiHvCC9rdFmOdduQKX0R-mzPBTjS7vg8rC0i7MjdkLEty5plfkMiSPPfndTB6AKsOEEoHNPNA8wJ0vcA4vhnKWPR1Q2kFrgskaQ3pprOjjsmz8631Or9BhIdkEQhNgcQUeF_-RNBX16aXdE52L-ncku_XklQO5JhWG72c0lQ8dPNNsZlrw8-ftZOvXwsrompvXRE27dGYy7hvyTenJefCnNMmFOTH8_aqYBczu346M3GW9C6eOXd-kBhhrdTxDFTeWfsboSzJ__-5Pn-rL338A6SZwWQFBtkDSpMt2GSJrSYwaolZsoI8K6bGZ8ufShIoscSUFbAPYLbsp4ZWt6ksduw19E0NNN1GPCgwNAWGqgBVE9js4WmamMNTP39RxZdgqjZlytR2mTLqs5L0nnx67nJJ3v3qVEl68jasPKq3fNZsdzptEbV51ORNv8m7LVd0A9ptB92ghdSW6x89_-q_AQAA__8iaNkamAQAAA== HTTP/1.1
Host: mallowessencedialect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl24890336=1; nlecbffd1e14695bb86f0e2ef26dbeb73922=[5941311]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 21 Jul 2025 11:36:33 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
Access-Control-Allow-Origin: *
Vary: Origin
Access-Control-Allow-Credentials: true
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: mallowessencedialect.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 5d754a7507ba71c122ace6e4272ca274
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET cdn.storageimagedisplay.com/cti/be/38/eb/be38eb907195daad7d760b3b90b3d986/1708428436.jpg
200 OK 20 kB URL
cdn.storageimagedisplay.com/cti/be/38/eb/be38eb907195daad7d760b3b90b3d986/1708428436.jpg
IP / ASN
45.133.44.1
#39572 DataWeb Global Group B.V.
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3
First Seen 2024-03-03
Last Seen 2025-07-29
Times Seen 39
Size 20 kB (19851 bytes)
MD5 5a9bffabf8775fc136cd714fa0639a53
SHA1 03ea0d921cb80fa1341cea0a8e2440a43736f3c0
SHA256 f29b954dbda52be85564ed97d4cf25b479274f1040387da07dd13064db5c3b6e
Certificate Info
Issuer Let's Encrypt
Subject cdn.storageimagedisplay.com
Fingerprint 06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9
Validity Thu, 10 Jul 2025 02:33:11 GMT - Wed, 08 Oct 2025 02:33:10 GMT
GET /cti/be/38/eb/be38eb907195daad7d760b3b90b3d986/1708428436.jpg HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:33 GMT
content-type: image/jpeg
content-length: 19851
server: nginx/1.21.6
last-modified: Tue, 20 Feb 2024 11:27:24 GMT
etag: "65d48c9c-4d8b"
expires: Wed, 23 Jul 2025 11:36:33 GMT
cache-control: max-age=172800
x-cdn-host-id: ah0543
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET cdn.show-creative1.com/sb/interstitial/utility/robot/3/index.html
200 OK 1.3 kB URL
cdn.show-creative1.com/sb/interstitial/utility/robot/3/index.html
IP / ASN
172.67.208.42
#13335 CLOUDFLARENET
Requested by https://flix2day-cc1.pages.dev/
Resource Info
File type HTML document, ASCII text
First Seen 2025-07-05
Last Seen 2025-07-26
Times Seen 123
Size 1.3 kB (1332 bytes)
MD5 2f0d1bea6beedbf0b97c9eb03597562e
SHA1 5428af5ccdfaa6f1d0509bb8842afd0fdf17c4bb
SHA256 b84c3c03e8e4a088a05e8afb94fcfff7edd33120360fd0b601d3b33216d8c811
Certificate Info
Issuer Google Trust Services
Subject show-creative1.com
Fingerprint 71:AE:E3:FA:6F:22:A3:9D:C5:0D:04:F8:E3:9F:A3:3C:E7:02:E6:9F
Validity Wed, 11 Jun 2025 18:52:57 GMT - Tue, 09 Sep 2025 19:50:24 GMT
GET /sb/interstitial/utility/robot/3/index.html HTTP/1.1
Host: cdn.show-creative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://flix2day-cc1.pages.dev/
Origin: https://flix2day-cc1.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 21 Jul 2025 11:36:34 GMT
content-type: text/html
server: cloudflare
last-modified: Thu, 12 Dec 2024 14:36:17 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-expose-headers: Date
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Ihtfu82heMqf5wy2LeszgXA0TuFI3771b%2FbGScHvzunQalLaeLjl1GcI7aq3qh7QMbqittUE6%2BV5tj9uoeZC4c2LIqrZBcgRCR87rR4IVWMqxNqu"}]}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 962a66baab41568f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
