Report - primewire.theproxy.vip/

Report Overview

Visitedpublic

2025-07-20 13:55:32

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
matomo.hellohi.me	545402	2019-07-03	2019-07-03	2025-07-16	422 B	613 B	104.21.48.1
msdoj.com	unknown	2025-07-01	2025-07-02	2025-07-16	452 B	64 kB	178.162.215.162
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-07-16	470 B	6.4 kB	142.250.74.10
vmuid.com	939822	2018-10-22	2019-07-09	2025-07-18	455 B	10 kB	178.162.215.162
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-07-16	574 B	21 kB	142.250.74.35
theusualsuspectz.biz	unknown	2023-01-27	2023-01-27	2025-07-16	427 B	49 kB	104.21.96.1
primewire.theproxy.vip	unknown	2021-01-06	2025-07-20	2025-07-20	5.1 kB	170 kB	172.67.175.16
heartilyscales.com	unknown	2022-12-16	2022-12-16	2025-07-15	458 B	68 kB	192.243.59.12
equilibriumfestive.com	unknown	2025-04-19	2025-04-23	2025-07-20	924 B	173 kB	172.240.108.68
i.ibb.co	13485	2010-07-20	2018-11-25	2025-07-13	446 B	5.9 kB	45.43.142.7
metrica-yandex.com	783336	2021-09-14	2021-09-19	2025-07-20	433 B	61 kB	104.21.32.1
origunix.com	unknown	2021-11-30	2021-11-30	2025-07-18	455 B	64 kB	178.162.215.162

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-20	medium	heartilyscales.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	primewire.theproxy.vip/	ScriptElement	26 B	2023-03-07	2025-08-01
URL primewire.theproxy.vip/ IP / ASN 172.67.175.16 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2023-03-07 Last Seen 2025-08-01 Times Seen 1107 Size 26 B (26 bytes) MD5 5779365b0a28c08298ca5847c65b769d SHA1 3076ad9e094690cd6c4ee200ae254e6e7260fd30 SHA256 57c620405714b8baa51067e0ca9bc9a9b252985292b857360aec8a9936688709 Format Code Loading...

HTTP Transactions (22)

URL IP Response Size

GET matomo.hellohi.me/matomo.js

104.21.48.1

404 Not Found

0 B

URL

matomo.hellohi.me/matomo.js

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5607121

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjecthellohi.me

Fingerprint9A:C0:65:8A:86:9A:E1:8C:41:52:B8:1D:E0:FC:8A:9A:76:99:63:F7

ValidityMon, 14 Jul 2025 02:04:18 GMT - Sun, 12 Oct 2025 03:02:50 GMT

HTTP Headers

GET /matomo.js HTTP/1.1
Host: matomo.hellohi.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sun, 20 Jul 2025 13:55:12 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=wiFwrHn2awQfSCOwI%2Bdr2020u%2FhaERZg7sYIdK8ZfbY5NmzSK%2BoaC9%2BW4dHIQR70dy1bHKrH1Vx1zPF%2BNHhcgdApcQ9hF1s50U7UkW1Mbg%3D%3D"}]}
age: 179
cache-control: max-age=14400
cf-cache-status: HIT
vary: accept-encoding
content-encoding: br
cf-ray: 9622f470dba856bf-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET msdoj.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8

178.162.215.162

200 OK

64 kB

URL

msdoj.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8

IP / ASN

178.162.215.162

#28753 Leaseweb Deutschland GmbH

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (63930), with no line terminators

First Seen2025-07-20

Last Seen2025-07-20

Times Seen1

Size64 kB (63930 bytes)

MD5182352ee915da34cee34a51c6ad31dd4

SHA1dd1aa82019d382fec2761bea06700954f48157c3

SHA256792136eba689cbe1ca0358b0cec9aca3b342276ab963a3a69041098e92e9edad

Certificate Info

IssuerLet's Encrypt

Subjectmsdoj.com

FingerprintCC:FD:55:FD:87:E0:9C:C4:75:98:32:66:6C:D9:D7:F6:24:46:11:1C

ValidityTue, 01 Jul 2025 17:10:12 GMT - Mon, 29 Sep 2025 17:10:11 GMT

HTTP Headers

GET /sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8 HTTP/1.1
Host: msdoj.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://primewire.theproxy.vip/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 20 Jul 2025 13:55:12 GMT
Content-Type: text/javascript
Content-Length: 63930
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Cache-Status: MISS

GET primewire.theproxy.vip/favicon.ico

172.67.175.16

200 OK

1.4 kB

URL

primewire.theproxy.vip/favicon.ico

IP / ASN

172.67.175.16

#13335 CLOUDFLARENET

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeMS Windows icon resource - 1 icon, 16x16

First Seen2023-05-23

Last Seen2025-07-25

Times Seen41

Size1.4 kB (1406 bytes)

MD5c07ad160a2c09fa349bdbc1603599b77

SHA1ff942493d6f3367c8d169350f115d25ce5d6d8b5

SHA25611f07f78fa1141cfa3391d8f1438b586ad9741e203ed4f481c3579bd853131ca

Certificate Info

IssuerGoogle Trust Services

Subjecttheproxy.vip

Fingerprint08:9B:A2:4E:C5:C4:D9:D0:91:6D:F7:E8:55:9A:54:A1:C5:AD:7F:98

ValidityThu, 17 Jul 2025 03:53:38 GMT - Wed, 15 Oct 2025 04:52:01 GMT

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=agobhsagj70svolrpf8ddg49au
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Jul 2025 13:55:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZZ%2Bap1vKSu8tSqPt0u9qoXQLRpVMSxGy%2BrajobEWpOD2eNGvAWT13SCodshIqPT0nC%2FFddKYubIAbpwHHvA%2FiGZG0%2BwY0ggRJeehBCu8tZDgD8TO%2FPOBtLBwbLt5IOZDtqGzP%2FmOPLkb"}],"group":"cf-nel","max_age":604800}
set-cookie: view=1; expires=Mon, 21-Jul-2025 13:55:13 GMT; Max-Age=86400
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-ray: 9622f478dea7b4fa-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3676&min_rtt=739&rtt_var=1679&sent=205&recv=252&lost=0&retrans=0&sent_bytes=16802&recv_bytes=14603&delivery_rate=316024&ss_exit_cwnd=14911&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=b64cb6f0c97e8146&ts=2870&inflight_dur=74&x=40"

GET fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap

142.250.74.10

200 OK

5.7 kB

URL

fonts.googleapis.com/css2?family=Roboto:wght@400&display=swap

IP / ASN

142.250.74.10

#15169 GOOGLE

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeASCII text, with very long lines (1572)

First Seen2025-06-02

Last Seen2025-08-02

Times Seen2869

Size5.7 kB (5746 bytes)

MD5de7e697b2ba2c2cc63ea8a9f63d22ad9

SHA1726cd824dedfe6246875cbd81bfcf95da1efb4e2

SHA2567eeaa18ea1e4245acccd54af188f48004ea2f276f7457cbbe97adf4552791bfa

Certificate Info

IssuerGoogle Trust Services

Subjectupload.video.google.com

FingerprintDC:40:BF:B1:59:C9:CC:B5:4A:38:2D:D0:16:8D:06:A5:1D:B4:08:8B

ValidityMon, 23 Jun 2025 08:41:28 GMT - Mon, 15 Sep 2025 08:41:27 GMT

HTTP Headers

GET /css2?family=Roboto:wght@400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 20 Jul 2025 13:55:11 GMT
date: Sun, 20 Jul 2025 13:55:11 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js

192.243.59.12

200 OK

67 kB

URL

heartilyscales.com/a2/86/90/a286902791a7f4c98bcb1e812322cd78.js

IP / ASN

192.243.59.12

#39572 DataWeb Global Group B.V.

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2025-07-16

Last Seen2025-07-24

Times Seen24

Size67 kB (66991 bytes)

MD5946733bcd0ba3aea816bf9196d5edd05

SHA1ffe1b10710a27b4cfd4b23301c13246c929cdf45

SHA256a665215fb7d34ce9190d8f25163ee985963fdcd7aac9fb83f7ac8dbe7ea74895

Certificate Info

IssuerLet's Encrypt

Subjectheartilyscales.com

Fingerprint66:DE:86:19:2D:4A:4C:6C:44:82:D8:50:47:76:5D:0D:C2:0B:0A:62

ValidityThu, 05 Jun 2025 21:16:18 GMT - Wed, 03 Sep 2025 21:16:17 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a2/86/90/a286902791a7f4c98bcb1e812322cd78.js HTTP/1.1
Host: heartilyscales.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Jul 2025 13:55:11 GMT
Content-Type: application/javascript
Content-Length: 23965
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: heartilyscales.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: f9567908c4216851076c068389e58655
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET equilibriumfestive.com/22/00/54/2200540f09f939738419313a1a090c32.js

172.240.108.68

200 OK

104 kB

URL

equilibriumfestive.com/22/00/54/2200540f09f939738419313a1a090c32.js

IP / ASN

172.240.108.68

#7979 SERVERS-COM

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2025-07-15

Last Seen2025-07-21

Times Seen18

Size104 kB (104203 bytes)

MD53032f95b595e2b99694fe79ea99450dc

SHA197e150c85c5ee88517bd27e540206192b34b3b93

SHA256fbcd2e60c54cbddd6ac3c417d4b29fdcd6d8f2f9e5f6618ab1930cacc42b76b3

Certificate Info

IssuerLet's Encrypt

Subjectequilibriumfestive.com

Fingerprint65:20:29:C8:B9:EF:EE:CF:D1:F7:82:C7:A0:1D:33:99:BA:75:6A:F6

ValidityWed, 18 Jun 2025 15:10:48 GMT - Tue, 16 Sep 2025 15:10:47 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /22/00/54/2200540f09f939738419313a1a090c32.js HTTP/1.1
Host: equilibriumfestive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Jul 2025 13:55:11 GMT
Content-Type: application/javascript
Content-Length: 32888
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 5
Host: equilibriumfestive.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 17ad03f5cd15eb228d94c5fccde589fe
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET primewire.theproxy.vip/

172.67.175.16

200 OK

14 kB

URL

primewire.theproxy.vip/

IP / ASN

172.67.175.16

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (6876)

First Seen2025-07-20

Last Seen2025-07-20

Times Seen1

Size14 kB (14297 bytes)

MD5772435526e3f582be3514142ac6fa1ef

SHA165ba0914ea3c21eee42dd1a3b972d6d2e6e01cb5

SHA256d833e11139040bc752fbf8c9e4d0cc655656b5aec9cc58cf0f1b5cb79ac95f1f

Certificate Info

IssuerGoogle Trust Services

Subjecttheproxy.vip

Fingerprint08:9B:A2:4E:C5:C4:D9:D0:91:6D:F7:E8:55:9A:54:A1:C5:AD:7F:98

ValidityThu, 17 Jul 2025 03:53:38 GMT - Wed, 15 Oct 2025 04:52:01 GMT

HTTP Headers

GET / HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Jul 2025 13:55:10 GMT
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=3r9ATdvCavKO81vrrEVsRmj2gJVjKvXujbDPI16WkUv8BlzGYA0omKpWp7l457jqQIdzJQ196bXu0RdvoOkzq6doLM69BN6c2%2FSp4b3w224pa3jz"}]}
set-cookie: view=1; Max-Age=86400; Expires=Mon, 21 Jul 2025 13:55:10 GMT
PHPSESSID=agobhsagj70svolrpf8ddg49au; Path=/
cf-ray: 9622f466381a56a3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET i.ibb.co/pyC2VvJ/alert-xxl.png

45.43.142.7

200 OK

5.6 kB

URL

i.ibb.co/pyC2VvJ/alert-xxl.png

IP / ASN

45.43.142.7

#215751 Mikhail Fedorov

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typePNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

First Seen2023-08-08

Last Seen2025-08-02

Times Seen1157

Size5.6 kB (5554 bytes)

MD58d0eed07b450044fdca282d1daf8a58c

SHA1794e1284cdf81fd60154955c1805282ae21240cd

SHA256baac89456a2d4dfdcdc14244fbe50a04ade7a401c82de605938a92e16f35c1af

Certificate Info

IssuerLet's Encrypt

Subjectibb.co

Fingerprint54:9B:89:F2:DD:E2:46:5A:E1:68:2B:B3:06:E5:D6:77:0E:E6:62:A5

ValidityThu, 19 Jun 2025 07:18:01 GMT - Wed, 17 Sep 2025 07:18:00 GMT

HTTP Headers

GET /pyC2VvJ/alert-xxl.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 20 Jul 2025 13:55:11 GMT
content-type: image/png
content-length: 5554
last-modified: Mon, 07 Aug 2023 04:09:39 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

GET vmuid.com/script.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8

178.162.215.162

200 OK

10 kB

URL

vmuid.com/script.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8

IP / ASN

178.162.215.162

#28753 Leaseweb Deutschland GmbH

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (10178), with no line terminators

First Seen2024-01-26

Last Seen2025-08-02

Times Seen1017

Size10 kB (10178 bytes)

MD5dedd352338543b137f608adc8d0d4aa8

SHA1100edb4e8fef9b6da043d51135077e68d2a61b22

SHA256b338a91ba1d2ab7c3a7a0dd659426f5ffa4cd699be38e2bed5075c4d3e773a48

Certificate Info

IssuerLet's Encrypt

Subjectvmuid.com

FingerprintB9:61:53:79:E1:11:9F:49:D4:F0:7A:18:26:5A:A4:47:64:FA:A8:3A

ValiditySat, 19 Jul 2025 01:38:16 GMT - Fri, 17 Oct 2025 01:38:15 GMT

HTTP Headers

GET /script.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8 HTTP/1.1
Host: vmuid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 20 Jul 2025 13:55:11 GMT
Content-Type: text/javascript
Content-Length: 10178
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version
X-Cache-Status: MISS

GET fonts.gstatic.com/s/roboto/v48/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2

142.250.74.35

200 OK

21 kB

URL

fonts.gstatic.com/s/roboto/v48/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2

IP / ASN

142.250.74.35

#15169 GOOGLE

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeWeb Open Font Format (Version 2), TrueType, length 20612, version 1.0

First Seen2025-01-09

Last Seen2025-08-02

Times Seen9615

Size21 kB (20612 bytes)

MD5b07da7aa3e4f363c5cdbc11312239e8c

SHA147bf5b2f24ea4a4caafccc89b9d2a6677ef9e3b8

SHA256e44c11f4834bdd4d6b6da7b8ee5eaebc8acb41250cd6bce5cc82ea8262140eaa

Certificate Info

IssuerGoogle Trust Services

Subject*.gstatic.com

Fingerprint9A:5E:6D:44:D8:FB:03:E5:9A:13:6D:FF:53:DA:1C:8C:EA:3A:A7:AA

ValidityMon, 23 Jun 2025 08:41:27 GMT - Mon, 15 Sep 2025 08:41:26 GMT

HTTP Headers

GET /s/roboto/v48/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWubEbVmUiAo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://primewire.theproxy.vip
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20612
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Jul 2025 10:25:01 GMT
expires: Fri, 17 Jul 2026 10:25:01 GMT
cache-control: public, max-age=31536000
age: 271811
last-modified: Thu, 29 May 2025 23:35:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

POST primewire.theproxy.vip/user.php

172.67.175.16

200 OK

0 B

URL

primewire.theproxy.vip/user.php

IP / ASN

172.67.175.16

#13335 CLOUDFLARENET

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5607121

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjecttheproxy.vip

Fingerprint08:9B:A2:4E:C5:C4:D9:D0:91:6D:F7:E8:55:9A:54:A1:C5:AD:7F:98

ValidityThu, 17 Jul 2025 03:53:38 GMT - Wed, 15 Oct 2025 04:52:01 GMT

HTTP Headers

POST /user.php HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Content-Length: 39
Origin: https://primewire.theproxy.vip
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=agobhsagj70svolrpf8ddg49au
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Jul 2025 13:55:12 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FyxkYEd3T%2FGCH5nt8qaBkq1Od3XqmZV0hG9bYLuhsB%2FVJxH8rsGDXc3Kt0jMYRyp4R0Uw4owkc3%2BvXJN4tJwJ%2BmI9Oo4n%2BubIH%2FBBwXsYvBr9l7mFg5mXKUDSw0kXNANrolC6ZOlNgCa"}],"group":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
vary: accept-encoding
content-encoding: br
cf-ray: 9622f4704d40b4fa-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3899&min_rtt=739&rtt_var=1643&sent=203&recv=250&lost=0&retrans=0&sent_bytes=16131&recv_bytes=14232&delivery_rate=316024&ss_exit_cwnd=14911&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=b64cb6f0c97e8146&ts=1544&inflight_dur=52&x=40"

GET metrica-yandex.com/metrika/tag.js?1001

104.21.32.1

200 OK

60 kB

URL

metrica-yandex.com/metrika/tag.js?1001

IP / ASN

104.21.32.1

#13335 CLOUDFLARENET

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (60271), with no line terminators

First Seen2023-03-07

Last Seen2025-08-02

Times Seen1099

Size60 kB (60271 bytes)

MD5ea67b2343fc359662afdae5d4c8c8e03

SHA17f07219a8cd9d6d5c17e20bd7e80fac0281c2b18

SHA2565e31460a6eacabdc5895ad2ad898a4a570ac88f2794c61ddce6b0beee304eb11

Certificate Info

IssuerGoogle Trust Services

Subjectmetrica-yandex.com

FingerprintBF:9B:7B:CA:71:01:8D:8C:9F:33:8E:1A:E2:F2:5A:26:25:1E:70:22

ValidityFri, 27 Jun 2025 20:56:28 GMT - Thu, 25 Sep 2025 21:56:25 GMT

HTTP Headers

GET /metrika/tag.js?1001 HTTP/1.1
Host: metrica-yandex.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Jul 2025 13:55:11 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 03:41:41 GMT
etag: W/"685629f5-eb6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 1406402
cf-cache-status: HIT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4WKZN1vEDQ7XH55ACXURja4q45aKRx2c8LNkhCI285VVFiig0rNF9tKhESS5wdhpGU3hzcNmp0mvPhBjjbsKP4O%2B2b9RjD6BcCjFN2r7ELk%3D"}]}
cf-ray: 9622f46a997e7130-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET primewire.theproxy.vip/hy.js?q22q2q2

172.67.175.16

200 OK

56 kB

URL

primewire.theproxy.vip/hy.js?q22q2q2

IP / ASN

172.67.175.16

#13335 CLOUDFLARENET

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (56131), with no line terminators

First Seen2023-03-07

Last Seen2025-08-02

Times Seen1159

Size56 kB (56131 bytes)

MD5667d77da844b6d5ad62b2f26e77b4b12

SHA101ae61192a38af73a93c67468fb8271d7bbfa4f6

SHA256f240ce7fa62cd81d92f29081815f2cd2376ea6867887d17d5625009ebdf355b1

Certificate Info

IssuerGoogle Trust Services

Subjecttheproxy.vip

Fingerprint08:9B:A2:4E:C5:C4:D9:D0:91:6D:F7:E8:55:9A:54:A1:C5:AD:7F:98

ValidityThu, 17 Jul 2025 03:53:38 GMT - Wed, 15 Oct 2025 04:52:01 GMT

HTTP Headers

GET /hy.js?q22q2q2 HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=agobhsagj70svolrpf8ddg49au
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Jul 2025 13:55:11 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 04:15:57 GMT
etag: W/"685631fd-db43"
content-encoding: br
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rF1VgTypxLk0Odrttu3QL5F6OQ6GyypnY3N6lg8Zv8D5%2BUihdzycek%2F%2Bggk2q%2BpRdLeQg3Y7rFy487SoUlrV379aN7rzguzWgE3gSMqpVJywE5ES"}]}
cf-ray: 9622f46a4d1d56a3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET equilibriumfestive.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js

172.240.108.68

200 OK

67 kB

URL

equilibriumfestive.com/a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js

IP / ASN

172.240.108.68

#7979 SERVERS-COM

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2025-07-15

Last Seen2025-07-24

Times Seen25

Size67 kB (66987 bytes)

MD53bfb3b03e43caf7469db47d88c2fe132

SHA130edcea77e53c19fee3f926a71547a6f773dfc3e

SHA25651bfa066f098a5ab28e04c9e6aa8a1b7ed652a9f6bbb9941a68290ebb3bc26d3

Certificate Info

IssuerLet's Encrypt

Subjectequilibriumfestive.com

Fingerprint65:20:29:C8:B9:EF:EE:CF:D1:F7:82:C7:A0:1D:33:99:BA:75:6A:F6

ValidityWed, 18 Jun 2025 15:10:48 GMT - Tue, 16 Sep 2025 15:10:47 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a0/32/b4/a032b4d33c8aea68a4f9b84235614bff.js HTTP/1.1
Host: equilibriumfestive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Jul 2025 13:55:11 GMT
Content-Type: application/javascript
Content-Length: 23963
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 4
Host: equilibriumfestive.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 5917e8d890c4a8cdf2e0270cca505ce6
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET theusualsuspectz.biz/j/m/qqqq.js

104.21.96.1

200 OK

48 kB

URL

theusualsuspectz.biz/j/m/qqqq.js

IP / ASN

104.21.96.1

#13335 CLOUDFLARENET

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (48351), with no line terminators

First Seen2023-03-07

Last Seen2025-08-02

Times Seen1173

Size48 kB (48351 bytes)

MD5febd5bfc829d7c8aa363e93e2e61f414

SHA110d66213a9249bea47b15acf295323f01d217ef0

SHA256ff391f38fc73325f58d0626b9415ac121f1461407d74e86ebddefd8180050d76

Certificate Info

IssuerGoogle Trust Services

Subjecttheusualsuspectz.biz

Fingerprint9C:5D:99:79:7A:5F:05:B7:5E:7F:32:04:23:45:86:0E:C9:92:A4:2F

ValidityMon, 30 Jun 2025 11:02:53 GMT - Sun, 28 Sep 2025 11:59:24 GMT

HTTP Headers

GET /j/m/qqqq.js HTTP/1.1
Host: theusualsuspectz.biz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Jul 2025 13:55:11 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 04:02:03 GMT
etag: W/"68562ebb-bcdf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: br
age: 1583572
cf-cache-status: HIT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Eguz%2BcGdkjHOxOHPTDljxXIIhTpk5TbJVxU9bk%2BOPzk8oDWF2G6O%2FIdV%2Bd5jadenNe9PeeVapj2RaTTrwGwGNtVUz35qTR%2BE8EbS8Hxy9FpZAA%3D%3D"}]}
cf-ray: 9622f46ae8dd56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET primewire.theproxy.vip/app/apx14.js

172.67.175.16

200 OK

7.7 kB

URL

primewire.theproxy.vip/app/apx14.js

IP / ASN

172.67.175.16

#13335 CLOUDFLARENET

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (7663), with no line terminators

First Seen2023-03-07

Last Seen2025-08-02

Times Seen1168

Size7.7 kB (7663 bytes)

MD5dfb1f327618e201778f2de85cfbcd173

SHA1fceb89a2221463e5bc5a71feff1247683ab08cc5

SHA256dc03bc8b63938916a73dd976e186d05559ddc61da2725e1063b7936fa9f0fc33

Certificate Info

IssuerGoogle Trust Services

Subjecttheproxy.vip

Fingerprint08:9B:A2:4E:C5:C4:D9:D0:91:6D:F7:E8:55:9A:54:A1:C5:AD:7F:98

ValidityThu, 17 Jul 2025 03:53:38 GMT - Wed, 15 Oct 2025 04:52:01 GMT

HTTP Headers

GET /app/apx14.js HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=agobhsagj70svolrpf8ddg49au
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Jul 2025 13:55:11 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 04:15:57 GMT
etag: W/"685631fd-1def"
content-encoding: br
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Dwyz23Qouw69jKLKPDIKz3RxQzU37pIQXSWyeeMoyYG3z5qjZYW7ubm9lG%2Fmd4wkLKRDViC1l%2BvearvOzteUxbPIdqXUG8hIdqL1nG%2By2lzQTxhM"}]}
cf-ray: 9622f46a7d4e56a3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET primewire.theproxy.vip/app/x12.js

172.67.175.16

200 OK

11 kB

URL

primewire.theproxy.vip/app/x12.js

IP / ASN

172.67.175.16

#13335 CLOUDFLARENET

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (11180), with no line terminators

First Seen2023-03-07

Last Seen2025-08-02

Times Seen1168

Size11 kB (11180 bytes)

MD594efa3c05291ac5cccd32cc3a11c9724

SHA13a033e4d6f5e5eaf76030a81c8a05c619de436c2

SHA25658c753f7ffcb584d2ed43470ec9bdd30a4cd4723f368d83de6163413d5555102

Certificate Info

IssuerGoogle Trust Services

Subjecttheproxy.vip

Fingerprint08:9B:A2:4E:C5:C4:D9:D0:91:6D:F7:E8:55:9A:54:A1:C5:AD:7F:98

ValidityThu, 17 Jul 2025 03:53:38 GMT - Wed, 15 Oct 2025 04:52:01 GMT

HTTP Headers

GET /app/x12.js HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=agobhsagj70svolrpf8ddg49au
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Jul 2025 13:55:11 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 04:15:57 GMT
etag: W/"685631fd-2bac"
content-encoding: br
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=IhrXnLWH3jGGRL9xwew3yvCBo6CT%2BIX62QgRVPOw1IvVZACnu%2Bpa%2FQyfRUQmxH8JvydVNS%2FPszgFTfsuPZQhkny%2BiUlBF9cxfrVX7AeHQ4TE24LH"}]}
cf-ray: 9622f46a7d6156a3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET origunix.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8

178.162.215.162

302 Found

64 kB

URL

origunix.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8

IP / ASN

178.162.215.162

#28753 Leaseweb Deutschland GmbH

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5607121

Size64 kB (63930 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerLet's Encrypt

Subjectorigunix.com

Fingerprint19:BA:64:D8:30:D6:B9:3C:BF:AC:E3:49:9C:66:B5:6D:F8:FE:2A:D4

ValiditySat, 19 Jul 2025 00:53:46 GMT - Fri, 17 Oct 2025 00:53:45 GMT

HTTP Headers

GET /sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8 HTTP/1.1
Host: origunix.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 20 Jul 2025 13:55:11 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, max-age=0
Accept-Ch: Sec-CH-UA-Platform,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform-Version
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Location: https://msdoj.com/sdk.js?sid=4dd7d833-3142-4a3f-a135-6fb1263ef9b8
X-Cache-Status: MISS

GET primewire.theproxy.vip/cdn-cgi/styles/cf.errors.css

172.67.175.16

200 OK

24 kB

URL

primewire.theproxy.vip/cdn-cgi/styles/cf.errors.css

IP / ASN

172.67.175.16

#13335 CLOUDFLARENET

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeASCII text, with very long lines (24050)

First Seen0001-01-01

Last Seen2025-08-02

Times Seen229582

Size24 kB (24051 bytes)

MD55e8c69a459a691b5d1b9be442332c87d

SHA1f24dd1ad7c9080575d92a9a9a2c42620725ef836

SHA25684e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Certificate Info

IssuerGoogle Trust Services

Subjecttheproxy.vip

Fingerprint08:9B:A2:4E:C5:C4:D9:D0:91:6D:F7:E8:55:9A:54:A1:C5:AD:7F:98

ValidityThu, 17 Jul 2025 03:53:38 GMT - Wed, 15 Oct 2025 04:52:01 GMT

HTTP Headers

GET /cdn-cgi/styles/cf.errors.css HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=agobhsagj70svolrpf8ddg49au
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Jul 2025 13:55:11 GMT
content-type: text/css
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DTz%2FX%2BM3OUPW3mDWU%2B3geJynUvbLzKfqtT7h6uMWBfeCpNr6CfWgJhP9MEbVC%2BYF650QO1ITxu1o7sMod48KGR22cYC3qpH03n6N%2Bb3HSc1Ilw%2Fo"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
server: cloudflare
cf-ray: 9622f46a3cf556a3-OSL
X-Firefox-Spdy: h2

GET primewire.theproxy.vip/zpp/zpp4.js?q22q2q2

172.67.175.16

200 OK

39 kB

URL

primewire.theproxy.vip/zpp/zpp4.js?q22q2q2

IP / ASN

172.67.175.16

#13335 CLOUDFLARENET

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (38995), with no line terminators

First Seen2023-03-07

Last Seen2025-08-02

Times Seen1165

Size39 kB (38995 bytes)

MD57dc63553536847077855df4f82f1ec18

SHA1146c3aac34cb4e7e1e9c692ccd0161b2e4f018de

SHA2563a18b1964d1d209c46d754459b9ef98d4a9a85065e245f8311be727ffee3f960

Certificate Info

IssuerGoogle Trust Services

Subjecttheproxy.vip

Fingerprint08:9B:A2:4E:C5:C4:D9:D0:91:6D:F7:E8:55:9A:54:A1:C5:AD:7F:98

ValidityThu, 17 Jul 2025 03:53:38 GMT - Wed, 15 Oct 2025 04:52:01 GMT

HTTP Headers

GET /zpp/zpp4.js?q22q2q2 HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=agobhsagj70svolrpf8ddg49au
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Jul 2025 13:55:11 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 04:15:57 GMT
etag: W/"685631fd-9853"
content-encoding: br
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=A3hyHmswfgrSucDPs025xPXdO15Skcx3jFBX9g9Pn66kEGpGeJyIvamiYJKtv94Om9ojJbsJisbYrfsqpanoboBcTTOes76r5x6uLmZpZhoaalvE"}]}
cf-ray: 9622f46a5d2756a3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET primewire.theproxy.vip/app/apx19.js

172.67.175.16

200 OK

9.2 kB

URL

primewire.theproxy.vip/app/apx19.js

IP / ASN

172.67.175.16

#13335 CLOUDFLARENET

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (9183), with no line terminators

First Seen2023-03-07

Last Seen2025-08-02

Times Seen1173

Size9.2 kB (9183 bytes)

MD52344c3f05f624d595f6fb920e4d74ded

SHA1eb4d1404ac2d5eecd307f4588aeeab5c8ef463f1

SHA2563a28fe59e4a2af96d8edeeb12d7040c574cf71fa88fccb5cf49e9c0a1d4e4c7a

Certificate Info

IssuerGoogle Trust Services

Subjecttheproxy.vip

Fingerprint08:9B:A2:4E:C5:C4:D9:D0:91:6D:F7:E8:55:9A:54:A1:C5:AD:7F:98

ValidityThu, 17 Jul 2025 03:53:38 GMT - Wed, 15 Oct 2025 04:52:01 GMT

HTTP Headers

GET /app/apx19.js HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/
Cookie: view=1; PHPSESSID=agobhsagj70svolrpf8ddg49au
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Jul 2025 13:55:11 GMT
content-type: application/javascript; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 21 Jun 2025 04:15:57 GMT
etag: W/"685631fd-23df"
content-encoding: br
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2FwR%2Bxk3m36QUFyig4%2Bl17fAHtikTu%2FiuuLkFx4zxPy7pm0nkULYLpn9QZvloNOTNndW9MFKoGCscKKtHfz%2FbtUeOTpXrbMm9UQSXki7yMpSVgZAd"}]}
cf-ray: 9622f46a4d1756a3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET primewire.theproxy.vip/cdn-cgi/images/icon-exclamation.png?1376755637

172.67.175.16

200 OK

452 B

URL

primewire.theproxy.vip/cdn-cgi/images/icon-exclamation.png?1376755637

IP / ASN

172.67.175.16

#13335 CLOUDFLARENET

Requested byhttps://primewire.theproxy.vip/

Resource Info

File typePNG image data, 54 x 54, 8-bit colormap, non-interlaced

First Seen2023-04-12

Last Seen2025-08-02

Times Seen200617

Size452 B (452 bytes)

MD5c33de66281e933259772399d10a6afe8

SHA1b9f9d500f8814381451011d4dcf59cd2d90ad94f

SHA256f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Certificate Info

IssuerGoogle Trust Services

Subjecttheproxy.vip

Fingerprint08:9B:A2:4E:C5:C4:D9:D0:91:6D:F7:E8:55:9A:54:A1:C5:AD:7F:98

ValidityThu, 17 Jul 2025 03:53:38 GMT - Wed, 15 Oct 2025 04:52:01 GMT

HTTP Headers

GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1
Host: primewire.theproxy.vip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://primewire.theproxy.vip/cdn-cgi/styles/cf.errors.css
Cookie: view=1; PHPSESSID=agobhsagj70svolrpf8ddg49au
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Jul 2025 13:55:11 GMT
content-type: image/png
content-length: 452
last-modified: Wed, 16 Jul 2025 06:07:41 GMT
accept-ranges: bytes
etag: "687741ad-1c4"
server: cloudflare
cf-ray: 9622f46f9d2ab4fa-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Sun, 20 Jul 2025 15:55:11 GMT
cache-control: max-age=7200, public