| cdn.xsportbox.com/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch3.php&ask=1715284800&lgt=3&noplayer=0 | 188.114.96.1 | 200 OK | 0 B |
URL User Request GET HTTP/2cdn.xsportbox.com/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch3.php&ask=1715284800&lgt=3&noplayer=0 IP188.114.96.1:443
CertificateIssuerLet's Encrypt Subjectxsportbox.com Fingerprint26:37:30:3E:D3:36:0C:80:9E:E5:AC:9B:48:2B:AD:61:B7:03:5A:46 ValidityThu, 28 Mar 2024 08:02:25 GMT - Wed, 26 Jun 2024 08:02:24 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch3.php&ask=1715284800&lgt=3&noplayer=0 HTTP/1.1
Host: cdn.xsportbox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.xsportbox.com/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch3.php&ask=1715284800&lgt=3&noplayer=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 19:15:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=apRx6ULGlIlgT5q6w%2FGkZvQ4A4hDOtzMx7yRGR1dZXUQ7bxKYgHt%2BAchj%2BHRrvySXJmQURlCgeItFUbpKnvVtonlQYJHne7lO%2FbPQs23p0cMNIg7ycmgG5ypHsc1WzOlywvGlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88140466efb0b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| chulhawakened.com/rmxWWDcqKHA/71505 | 23.109.170.224 | 200 OK | 20 B |
URL GET HTTP/1.1chulhawakened.com/rmxWWDcqKHA/71505 IP23.109.170.224:443
Requested byhttps://cdn.xsportbox.com/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch3.php&ask=1715284800&lgt=3&noplayer=0 CertificateIssuerLet's Encrypt Subjectchulhawakened.com Fingerprint89:5A:CB:99:4E:7A:3B:18:51:2E:3D:3D:31:FE:A2:66:B5:0B:3D:23 ValiditySun, 21 Apr 2024 23:19:52 GMT - Sat, 20 Jul 2024 23:19:51 GMT
File typegzip compressed data, from Unix Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rmxWWDcqKHA/71505 HTTP/1.1
Host: chulhawakened.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.xsportbox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 May 2024 19:15:15 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://cdn.xsportbox.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Fri, 10-May-2024 19:15:15 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Fri, 10-May-2024 19:15:15 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| tuskhautein.com/r7838fFXOj9CwcDJw/77025 | 23.109.170.224 | 200 OK | 20 B |
URL GET HTTP/1.1tuskhautein.com/r7838fFXOj9CwcDJw/77025 IP23.109.170.224:443
Requested byhttps://cdn.xsportbox.com/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch3.php&ask=1715284800&lgt=3&noplayer=0 CertificateIssuerLet's Encrypt Subjecttuskhautein.com FingerprintFD:4C:A9:74:FE:61:4C:0F:18:42:BF:D0:1F:A3:68:FE:9F:D5:ED:83 ValidityFri, 26 Apr 2024 23:32:03 GMT - Thu, 25 Jul 2024 23:32:02 GMT
File typegzip compressed data, from Unix Hash7029066c27ac6f5ef18d660d5741979a 46c6643f07aa7f6bfe7118de926b86defc5087c4 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /r7838fFXOj9CwcDJw/77025 HTTP/1.1
Host: tuskhautein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.xsportbox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 May 2024 19:15:15 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://cdn.xsportbox.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Fri, 10-May-2024 19:15:15 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Fri, 10-May-2024 19:15:15 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
|
|
| streambtw.com/iframe/ch3.php | 104.21.5.234 | 200 OK | 0 B |
URL HEAD HTTP/3streambtw.com/iframe/ch3.php IP104.21.5.234:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerGoogle Trust Services LLC Subjectstreambtw.com FingerprintD8:97:8E:55:E7:91:FA:80:DF:3A:35:36:D3:6C:CC:D6:6B:27:D9:3E ValiditySun, 31 Mar 2024 23:25:29 GMT - Sat, 29 Jun 2024 23:25:28 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /iframe/ch3.php HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/ch3.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 19:15:15 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FM9Iqm1OQMbaOsyxGw%2F3oAgyXqnG%2F5ustCjqIPzI273zgrL8cUaueViRTFVCs%2F44W4l4f9vm4FV8fG%2BokcRwXloXAy1PBphUcg%2BGe4YdEU%2FD6xFYHVF%2Bg%2BRmhwrO0UBX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881404689a18712a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| ptaixout.net/tag.min.js | 139.45.197.244 | 200 OK | 28 kB |
IP139.45.197.244:443
Requested byhttps://cdn.xsportbox.com/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch3.php&ask=1715284800&lgt=3&noplayer=0 CertificateIssuerLet's Encrypt Subjectptaixout.net Fingerprint68:9C:78:69:60:28:90:FB:1C:BD:D0:98:14:FB:F6:C2:C7:45:CD:5C ValidityMon, 18 Mar 2024 05:39:00 GMT - Sun, 16 Jun 2024 05:38:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashc9a49fd9519e543d8aba5751c8620ac4 fe219e2cadc1aafa9b30db2e859b6fc0370382c7 d47154039646eef027253c3016c612cb2db3fa5a7b8fbd38873a99c1d2cf3f46
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tag.min.js HTTP/1.1
Host: ptaixout.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.xsportbox.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:15:15 GMT
content-type: text/javascript; charset=utf-8
content-length: 28440
content-encoding: br
x-trace-id: 23de7fabb51c4b668d096d16fceb0692
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Thu, 09 May 2024 10:33:14 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| streambtw.com/z-7102142 | 104.21.5.234 | 200 OK | 162 kB |
IP104.21.5.234:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerGoogle Trust Services LLC Subjectstreambtw.com FingerprintD8:97:8E:55:E7:91:FA:80:DF:3A:35:36:D3:6C:CC:D6:6B:27:D9:3E ValiditySun, 31 Mar 2024 23:25:29 GMT - Sat, 29 Jun 2024 23:25:28 GMT
File typeJavaScript source, Unicode text, UTF-8 text, with very long lines (40952), with NEL line terminators Size162 kB (161591 bytes) Hashb9ec27ef204ef7bdbb137196528fdd74 20a5513b57f37b59a30dd47742e53b95d3b4375a 5661b2c4878fa1259fb250742c4831d7e4b5f0262c30fad360fcbc82e14fc3c6
GET /z-7102142 HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/ch3.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 19:15:15 GMT
content-type: application/octet-stream
content-length: 161591
last-modified: Thu, 09 May 2024 18:17:01 GMT
etag: "663d131d-27737"
cache-control: no-cache
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UAY8gtZCBI6gCGItXbEVJN9eBMTec%2FQ3py8gHy2Lje6EiI3KwOLZcduQfMS4l5tiUIvEi4XCnpbn9fqCc2pxSIzY0miHdiHYQ7n5depxzzNU5mUxoIJx9C9WT3%2FlXEmO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88140468ba49712a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| cdn.jsdelivr.net/npm/@clappr/player@latest/dist/clappr.min.js | 151.101.1.229 | 200 OK | 170 kB |
URL GET HTTP/2cdn.jsdelivr.net/npm/@clappr/player@latest/dist/clappr.min.js IP151.101.1.229:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size170 kB (169818 bytes) Hashdab2d64437710247c214acc3b9330c41 bd540e94b5d09675672c524fb018902bd6a1a388 d2fbcb1544ff003e2c11bf04bb7d97c44d32442fd55d7a9df324c2133ae1648b
GET /npm/@clappr/player@latest/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.6.0
x-jsd-version-type: version
etag: W/"9871a-vVQOlLXQlnVnLFJPsBiQK9aho4g"
content-encoding: br
accept-ranges: bytes
date: Thu, 09 May 2024 19:15:16 GMT
age: 39761
x-served-by: cache-fra-eddf8230062-FRA, cache-hel1410033-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 169818
X-Firefox-Spdy: h2
|
|
| cdn.jsdelivr.net/gh/clappr/clappr-level-selector-plugin@latest/dist/level-selector.min.js | 151.101.1.229 | 200 OK | 11 kB |
URL GET HTTP/2cdn.jsdelivr.net/gh/clappr/clappr-level-selector-plugin@latest/dist/level-selector.min.js IP151.101.1.229:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerGlobalSign nv-sa Subjectjsdelivr.net Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09 ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File typeJavaScript source, ASCII text, with very long lines (30387) Hash1b142ebaf5f868c4c11a73ffe9175afb aa8b49bab8e92ff04d17a5a2c7c0dafc426e2fe9 df86557c0f11c06f425dab021ec5a970b22b6fa8b9651af3d26f137fb30c3702
GET /gh/clappr/clappr-level-selector-plugin@latest/dist/level-selector.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.3.0
x-jsd-version-type: version
etag: W/"76e2-qotJurjpL/BNF6Wix8Da/EJuL+k"
content-encoding: br
accept-ranges: bytes
date: Thu, 09 May 2024 19:15:16 GMT
age: 6592
x-served-by: cache-fra-eddf8230055-FRA, cache-hel1410033-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 10804
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF | 142.250.74.168 | 200 OK | 102 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF IP142.250.74.168:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Size102 kB (101648 bytes) Hasheee661fe932f8b72314f3e10dc4117c5 1ff1c9b4b14ac7e7a3533f9b44dc2985e2692b2a 2e5d2edd446c81f8be83c271975f526af52c867dff3758517e631948fd0bb0c7
GET /gtag/js?id=G-PQ1PJ56MMF HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 May 2024 19:15:16 GMT
expires: Thu, 09 May 2024 19:15:16 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 101648
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| phomoach.net/tag.min.js | 139.45.197.245 | 200 OK | 28 kB |
IP139.45.197.245:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerLet's Encrypt Subjectphomoach.net Fingerprint4D:5D:41:54:2C:98:6F:5D:8D:BC:45:87:4B:76:9B:E0:30:B6:88:BF ValidityFri, 15 Mar 2024 06:26:26 GMT - Thu, 13 Jun 2024 06:26:25 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Hashc9a49fd9519e543d8aba5751c8620ac4 fe219e2cadc1aafa9b30db2e859b6fc0370382c7 d47154039646eef027253c3016c612cb2db3fa5a7b8fbd38873a99c1d2cf3f46
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /tag.min.js HTTP/1.1
Host: phomoach.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:15:16 GMT
content-type: text/javascript; charset=utf-8
content-length: 28440
content-encoding: br
x-trace-id: efa8d02192fbfdff5e046dcdfe2c8a08
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Thu, 09 May 2024 10:30:10 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?userId=0080573eed224f8fe858a522d248bb3d | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=0080573eed224f8fe858a522d248bb3d IP139.45.195.8:443
Requested byhttps://cdn.xsportbox.com/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch3.php&ask=1715284800&lgt=3&noplayer=0 CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hasheb384e27d593098dfe13028b1a4e0e72 083edf57a8c7d83f46c20ad53df450b12d06e125 8b747f4b70173837dcc4802b85b81ebcb6e4f39fc153e6f759f771c0809be38c
GET /gid.js?userId=0080573eed224f8fe858a522d248bb3d HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.xsportbox.com
DNT: 1
Connection: keep-alive
Referer: https://cdn.xsportbox.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:15:16 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://cdn.xsportbox.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080573eed224f8fe858a522d248bb3d; expires=Fri, 09 May 2025 19:15:16 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| perf.cdnads.com/perf.gif | 139.45.195.3 | 200 OK | 43 B |
IP139.45.195.3:443
Requested byhttps://cdn.xsportbox.com/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch3.php&ask=1715284800&lgt=3&noplayer=0 CertificateIssuerLet's Encrypt Subjectcdnads.com Fingerprint6B:69:44:79:74:8D:FF:F3:A1:82:F8:38:E1:18:24:99:82:28:0C:9A ValiditySun, 05 May 2024 19:02:24 GMT - Sat, 03 Aug 2024 19:02:23 GMT
File typeGIF image data, version 89a, 1 x 1 Hashad4b0f606e0f8465bc4c4c170b37e1a3 50b30fd5f87c85fe5cba2635cb83316ca71250d7 cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /perf.gif HTTP/1.1
Host: perf.cdnads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.xsportbox.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 09 May 2024 19:15:12 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
Expires: Fri, 10 May 2024 19:15:12 GMT
Cache-Control: max-age=86400
Timing-Allow-Origin: *
|
|
| my.rtmark.net/gid.js?userId=0080570ccbda4cb4eac6a180dc1e4e11 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=0080570ccbda4cb4eac6a180dc1e4e11 IP139.45.195.8:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash6ab04c7b86abaecb151420f2918aab5e d8650a7dedc6ccc2bebb23f459d6b7ead55234c7 12173375d1ff70bd24ffcde5f9049b6b48bf8f041e57adeb8f63d1255ea18be6
GET /gid.js?userId=0080570ccbda4cb4eac6a180dc1e4e11 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:15:16 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://streambtw.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080570ccbda4cb4eac6a180dc1e4e11; expires=Fri, 09 May 2025 19:15:16 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| www.googletagmanager.com/gtag/js?id=G-G15KG2JMS2&l=dataLayer&cx=c | 142.250.74.168 | 200 OK | 102 kB |
URL GET HTTP/3www.googletagmanager.com/gtag/js?id=G-G15KG2JMS2&l=dataLayer&cx=c IP142.250.74.168:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Size102 kB (101524 bytes) Hashfdb1c0fb631b103d3a6bfef05c9c7b44 f311d792a81f8330f91a915b78f4145dfb3ff825 cff265573f339a7aa92c0dbdc6dc921336d1b40fbc9bcf2a633bbf684491530c
GET /gtag/js?id=G-G15KG2JMS2&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 May 2024 19:15:16 GMT
expires: Thu, 09 May 2024 19:15:16 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 101524
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| sportsleading.online/live/stream_3.m3u8 | 172.67.217.130 | 200 OK | 7.1 kB |
URL GET HTTP/3sportsleading.online/live/stream_3.m3u8 IP172.67.217.130:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerLet's Encrypt Subjectsportsleading.online Fingerprint61:D8:D9:11:C4:3A:9D:80:A2:3A:A8:E9:EB:75:4A:83:4C:9B:D6:36 ValiditySun, 17 Mar 2024 10:39:55 GMT - Sat, 15 Jun 2024 10:39:54 GMT
Hash137840d2ea09cd953437d8e0b384604e 4fdfb3ac0bd85926f592cafc97942fc5f54cde8a bc78f410c174891cb7720ae0477000a5bcc4376cebf2731a8580f037c0cad809
GET /live/stream_3.m3u8 HTTP/1.1
Host: sportsleading.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 19:15:19 GMT
content-type: application/vnd.apple.mpegurl
last-modified: Thu, 09 May 2024 19:15:18 GMT
etag: W/"663d20c6-343"
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R5z4alxHZDRmOZpwj9LJE84bMnNoitlTnheTH%2F5IAasbJ5XC%2FNvyMG7GtLpu7eRb2NPQcKSS7ma%2B5Sg5uPADZefS24vRae%2BP7pXSgSXPfwey%2BRXhY97%2BYTbhdbwimL6E5jrWuu%2BIPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8814047df9595684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| sportsleading.online/live/stream_3.m3u8 | 172.67.217.130 | 200 OK | 6.6 kB |
URL GET HTTP/3sportsleading.online/live/stream_3.m3u8 IP172.67.217.130:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerLet's Encrypt Subjectsportsleading.online Fingerprint61:D8:D9:11:C4:3A:9D:80:A2:3A:A8:E9:EB:75:4A:83:4C:9B:D6:36 ValiditySun, 17 Mar 2024 10:39:55 GMT - Sat, 15 Jun 2024 10:39:54 GMT
Hashaf25802ede90afc28a88d1b7fe4ba677 bbabcc7b52038388b8a55e4717a4df1274b2e464 075c33757b3b631f9869dac1c4ea54f79a7b883723ce02463de59a0c62dcd1b6
GET /live/stream_3.m3u8 HTTP/1.1
Host: sportsleading.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 09 May 2024 19:15:29 GMT
content-type: application/vnd.apple.mpegurl
last-modified: Thu, 09 May 2024 19:15:28 GMT
etag: W/"663d20d0-343"
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qVv8dF0BUjJ50VhiR4hEYZ4CWkFRUMLSztGJd1PBXQWsvBJQ%2FYXyyLaso0M4tlYL0HMMs2CvGv6WU9aE9LbezZG%2F8c90%2FJwE76VE4vJIdDSOi%2B7w6NO7OjnlRFXeB0Q%2BOt2LPbL8Aw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881404bb8f365684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| phomoach.net/5/6869446/?oo=1&aab=1 | 139.45.197.245 | 200 OK | 2.9 kB |
URL GET HTTP/2phomoach.net/5/6869446/?oo=1&aab=1 IP139.45.197.245:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerLet's Encrypt Subjectphomoach.net Fingerprint4D:5D:41:54:2C:98:6F:5D:8D:BC:45:87:4B:76:9B:E0:30:B6:88:BF ValidityFri, 15 Mar 2024 06:26:26 GMT - Thu, 13 Jun 2024 06:26:25 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3096), with no line terminators Hash34b87da64d3c69323ccfbdea8f05b4d3 46c65c14d732768ca41d0c01a39fc6aefacede2b 62aed6c54dd09812d949d00341a8285f5567e3ca257a939233e2c9c5cbb4b20d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /5/6869446/?oo=1&aab=1 HTTP/1.1
Host: phomoach.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:15:16 GMT
content-type: application/json
x-trace-id: f78ae20c9f09dba6a165d538e83ad2da
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://streambtw.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080570ccbda4cb4eac6a180dc1e4e11; expires=Fri, 09 May 2025 19:15:16 GMT; path=/; secure; SameSite=None
oaidts=1715282116; expires=Fri, 09 May 2025 19:15:16 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.gettvfree.online/static/stream_3_2903_787.png | 0.0.0.0 | | 0 B |
URL GET www.gettvfree.online/static/stream_3_2903_787.png IP0.0.0.0:0
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerLet's Encrypt Subjectgettvfree.online Fingerprint6D:07:2C:5B:85:2A:06:46:37:1A:B2:79:5A:F6:23:8B:9D:7D:B6:AF ValidityWed, 17 Apr 2024 20:39:48 GMT - Tue, 16 Jul 2024 20:39:47 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /static/stream_3_2903_787.png HTTP/1.1
Host: www.gettvfree.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 19:15:22 GMT
content-type: image/png
content-length: 7064100
last-modified: Thu, 09 May 2024 19:14:59 GMT
etag: "663d20b3-6bca24"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BYnMhAVJWCVXkTt9OIjY7r%2BUa8OPRxvl8aVJHQxRm2eHL4E13ab0lvRB26FMKyRF1%2BAMq2Y2F7IIaebEaYboZwaS2Z%2Bvc%2BfanItUmdL1iMKvmPu6jNucHYHfzC%2Ff1jzVpmUwKVvzwA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8814046d4d1db515-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| cdn.xsportbox.com/favicon.ico | 188.114.96.1 | 404 Not Found | 555 B |
URL GET HTTP/3cdn.xsportbox.com/favicon.ico IP188.114.96.1:443
Requested byhttps://cdn.xsportbox.com/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch3.php&ask=1715284800&lgt=3&noplayer=0 CertificateIssuerLet's Encrypt Subjectxsportbox.com Fingerprint26:37:30:3E:D3:36:0C:80:9E:E5:AC:9B:48:2B:AD:61:B7:03:5A:46 ValidityThu, 28 Mar 2024 08:02:25 GMT - Wed, 26 Jun 2024 08:02:24 GMT
File typeHTML document, ASCII text, with very long lines (581), with no line terminators Hashe9e4f9c9480bb14ad8343f37e3fb9b99 628fcbc6080fd3e684d1def2e5f67e98133ffa3b 85e4b614933e56b4531289e0bc3d2665db1f2b9d04d2c756a4a72b867c059594
GET /favicon.ico HTTP/1.1
Host: cdn.xsportbox.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.xsportbox.com/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch3.php&ask=1715284800&lgt=3&noplayer=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Thu, 09 May 2024 19:15:16 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 171
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fwv1towx68QuKDzwY2ndMw7zduknm30buKHixgGtny4mb%2B6K%2F7QOCyiKpCBRPT%2FGdK%2FrAzzxqHH28TMBpDWjOuI9iyaYFLdywVWgybiev3TtsHwotrwZxKZIu9mQwF4scnrLnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8814046a2cbab52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| streambtw.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js | 104.21.5.234 | 200 OK | 12 kB |
URL GET HTTP/3streambtw.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP104.21.5.234:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerGoogle Trust Services LLC Subjectstreambtw.com FingerprintD8:97:8E:55:E7:91:FA:80:DF:3A:35:36:D3:6C:CC:D6:6B:27:D9:3E ValiditySun, 31 Mar 2024 23:25:29 GMT - Sat, 29 Jun 2024 23:25:28 GMT
File typeJavaScript source, ASCII text, with very long lines (12331) Hash88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/ch3.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 09 May 2024 19:15:15 GMT
content-type: application/javascript
last-modified: Wed, 08 May 2024 09:31:53 GMT
etag: W/"663b4689-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NRRcttUQb5lMMKQHQXspxhcJ3yRzQZyoHTPesyIRPPLY5csi8gzIIzu4JsiO%2B43NhYZneVMvS9bs8plB%2B2FbOgauKIvyXcBDfAtXOpt2%2FNRIjDIUSzI2QDSMgeaLfuH0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88140468399b712a-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sat, 11 May 2024 19:15:15 GMT
cache-control: max-age=172800, public
content-encoding: gzip
|
|
| youradexchange.com/script/suurl5.php?r=7102142&cbur=0.381736237401062&cbiframe=1&cbWidth=1100&cbHeight=619&cbtitle=&cbpage=https%3A%2F%2Fcdn.xsportbox.com%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=kzzwi.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1715282116175&srs=0ce07e3c6859e04d6598e21f97a51468&atv=48.1&abtg=1&adbv=3-swat3-swf2 | 104.21.91.188 | 200 OK | 959 B |
URL GET HTTP/2youradexchange.com/script/suurl5.php?r=7102142&cbur=0.381736237401062&cbiframe=1&cbWidth=1100&cbHeight=619&cbtitle=&cbpage=https%3A%2F%2Fcdn.xsportbox.com%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=kzzwi.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1715282116175&srs=0ce07e3c6859e04d6598e21f97a51468&atv=48.1&abtg=1&adbv=3-swat3-swf2 IP104.21.91.188:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerGoogle Trust Services LLC Subjectyouradexchange.com FingerprintD5:0B:42:43:E8:69:FA:76:AA:C8:B3:28:9A:EB:33:C4:6F:62:7A:2B ValiditySun, 14 Apr 2024 01:48:20 GMT - Sat, 13 Jul 2024 01:48:19 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (985), with no line terminators Hash5e7b0a1bab66d944f0db5d97fbe29ccb d5011e3606c15a3499fd96e43b619f262d7a3f68 595a3985cd2f1dfb7cb9391465274d64c509e131b10f9f5ff936c898ba0e2138
GET /script/suurl5.php?r=7102142&cbur=0.381736237401062&cbiframe=1&cbWidth=1100&cbHeight=619&cbtitle=&cbpage=https%3A%2F%2Fcdn.xsportbox.com%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=kzzwi.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1715282116175&srs=0ce07e3c6859e04d6598e21f97a51468&atv=48.1&abtg=1&adbv=3-swat3-swf2 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://streambtw.com/
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 19:15:16 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wYS0im9Qs%2BPCs7hWhrFLZ%2BLD5YTbePdMbKXngel3dORkf4UQqjWzqjrX3l%2BclsbsTqxsnz%2B1ga0zwqcF47OOgHi4QG6Q9LcSyuDRyme7juC%2FpKjaZfN%2FfhFnw9i1CzMm%2F%2Be2LdQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8814046b0960b511-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| phomoach.net/?rb=8hgyhN-A4rqE45lLqysljYUocW2Dj5xUYH3_E7ir0arOu3pZeFa1JJgdSQb9kPFyc8aq9oKo_A_pkk95oFkunuM0GyZ-iSCN0P0NCySRThxm_PJcjmA4eFLfn1WZhu6ngu091XIfFUrYm4tBxqKd4FGHNsmwyUdv4VHvUfkZRugwuXqRUQVDMSYLKUgZHOF4Wtf9JvxxwwS9xO5gSZAhuJPXMn06JPn94-KjAqQr9I85sqwHpSqqJ5c28iZ50R1AApCKGpRzxMo%3D&request_ab2=0&zoneid=6869446&js_build=iclick-v1.792.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=619&wiw=1100&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1100&wfc=2&pl=https%3A%2F%2Fstreambtw.com%2Fiframe%2Fch3.php&drf=https%3A%2F%2Fcdn.xsportbox.com%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.0&navlng=en-US&pnt=0&pnrc=0&bs=1d2bac7b-c8b6-4f4b-9bcc-dbe3f25526a0&wasm=1&userId=0080570ccbda4cb4eac6a180dc1e4e11&m=link | 139.45.197.245 | 200 OK | 2.4 kB |
URL GET HTTP/2phomoach.net/?rb=8hgyhN-A4rqE45lLqysljYUocW2Dj5xUYH3_E7ir0arOu3pZeFa1JJgdSQb9kPFyc8aq9oKo_A_pkk95oFkunuM0GyZ-iSCN0P0NCySRThxm_PJcjmA4eFLfn1WZhu6ngu091XIfFUrYm4tBxqKd4FGHNsmwyUdv4VHvUfkZRugwuXqRUQVDMSYLKUgZHOF4Wtf9JvxxwwS9xO5gSZAhuJPXMn06JPn94-KjAqQr9I85sqwHpSqqJ5c28iZ50R1AApCKGpRzxMo%3D&request_ab2=0&zoneid=6869446&js_build=iclick-v1.792.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=619&wiw=1100&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1100&wfc=2&pl=https%3A%2F%2Fstreambtw.com%2Fiframe%2Fch3.php&drf=https%3A%2F%2Fcdn.xsportbox.com%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.0&navlng=en-US&pnt=0&pnrc=0&bs=1d2bac7b-c8b6-4f4b-9bcc-dbe3f25526a0&wasm=1&userId=0080570ccbda4cb4eac6a180dc1e4e11&m=link IP139.45.197.245:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerLet's Encrypt Subjectphomoach.net Fingerprint4D:5D:41:54:2C:98:6F:5D:8D:BC:45:87:4B:76:9B:E0:30:B6:88:BF ValidityFri, 15 Mar 2024 06:26:26 GMT - Thu, 13 Jun 2024 06:26:25 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (2392), with no line terminators Hash0262984388a7c21c6c3cea73752e8205 056113a1413e8214d61e869d75b478e668cb5164 9960bfe935db4dd7be1d8bed9b95fa4ca73bb37b8c6813ed1c66b77e7acc9132
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?rb=8hgyhN-A4rqE45lLqysljYUocW2Dj5xUYH3_E7ir0arOu3pZeFa1JJgdSQb9kPFyc8aq9oKo_A_pkk95oFkunuM0GyZ-iSCN0P0NCySRThxm_PJcjmA4eFLfn1WZhu6ngu091XIfFUrYm4tBxqKd4FGHNsmwyUdv4VHvUfkZRugwuXqRUQVDMSYLKUgZHOF4Wtf9JvxxwwS9xO5gSZAhuJPXMn06JPn94-KjAqQr9I85sqwHpSqqJ5c28iZ50R1AApCKGpRzxMo%3D&request_ab2=0&zoneid=6869446&js_build=iclick-v1.792.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=619&wiw=1100&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1100&wfc=2&pl=https%3A%2F%2Fstreambtw.com%2Fiframe%2Fch3.php&drf=https%3A%2F%2Fcdn.xsportbox.com%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.792.0&navlng=en-US&pnt=0&pnrc=0&bs=1d2bac7b-c8b6-4f4b-9bcc-dbe3f25526a0&wasm=1&userId=0080570ccbda4cb4eac6a180dc1e4e11&m=link HTTP/1.1
Host: phomoach.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://streambtw.com/
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Cookie: OAID=0080570ccbda4cb4eac6a180dc1e4e11; oaidts=1715282116
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:15:16 GMT
content-type: application/json
x-trace-id: 467f2dfc18165a423238af8e95f0690d
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://streambtw.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080570ccbda4cb4eac6a180dc1e4e11; expires=Fri, 09 May 2025 19:15:16 GMT; path=/; secure; SameSite=None
oaidts=1715282116; expires=Fri, 09 May 2025 19:15:16 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 16 May 2024 19:15:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| kzzwi.com/script/ut.js?cb=1715282116169 | 172.67.196.211 | 200 OK | 63 kB |
URL GET HTTP/2kzzwi.com/script/ut.js?cb=1715282116169 IP172.67.196.211:443
Requested byhttps://streambtw.com/iframe/ch3.php CertificateIssuerLet's Encrypt Subjectkzzwi.com Fingerprint93:79:DA:4F:31:4A:0C:F8:01:59:7F:2A:4B:E2:DB:69:CF:3C:65:67 ValiditySun, 05 May 2024 23:44:54 GMT - Sat, 03 Aug 2024 23:44:53 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /script/ut.js?cb=1715282116169 HTTP/1.1
Host: kzzwi.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 09 May 2024 19:15:16 GMT
content-type: text/javascript
x-guploader-uploadid: ABPtcPrCjHGSc70U-nR0__MuMvVZmgf4KgvUyCpFVSFEKMDEDZh19A4Nx4-amK5iP0RUzfZMNWI
x-goog-generation: 1714053300452258
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 62975
x-goog-hash: crc32c=f8d0YQ==, md5=vEgeNFwEtFNOCk5UoPLBxg==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Thu, 09 May 2024 18:48:57 GMT
cache-control: public, max-age=14400
age: 3592
last-modified: Thu, 25 Apr 2024 13:55:00 GMT
etag: W/"bc481e345c04b4534e0a4e54a0f2c1c6"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L7m4PU0uy17kla8L58ZnLO0tEgBlOOn4rMI2r66UOMK623CKW0z9dC0g13Kr11XVgfenOXXOoVQ1%2FuD7yGAbN%2BTxGJGxAEh%2BlzsPSvQpU6cbEXLs%2FnD6tZdR18I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8814046b180156b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ptaixout.net/5/6320745/?oo=1&aab=1 | 139.45.197.244 | 200 OK | 2.9 kB |
URL GET HTTP/2ptaixout.net/5/6320745/?oo=1&aab=1 IP139.45.197.244:443
Requested byhttps://cdn.xsportbox.com/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch3.php&ask=1715284800&lgt=3&noplayer=0 CertificateIssuerLet's Encrypt Subjectptaixout.net Fingerprint68:9C:78:69:60:28:90:FB:1C:BD:D0:98:14:FB:F6:C2:C7:45:CD:5C ValidityMon, 18 Mar 2024 05:39:00 GMT - Sun, 16 Jun 2024 05:38:59 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (3096), with no line terminators Hash92f15a0d7dfb77c967a24461f350a87e 37dfecaf8e1834dc311d99f890247248be8f679a f014c5ae678b879f6b8fae01fb7456745e6d412d69de2f85ec5a01409b603584
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /5/6320745/?oo=1&aab=1 HTTP/1.1
Host: ptaixout.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.xsportbox.com
DNT: 1
Connection: keep-alive
Referer: https://cdn.xsportbox.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 09 May 2024 19:15:16 GMT
content-type: application/json
x-trace-id: 67135e4288f54535dacf9de7a9b85833
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://cdn.xsportbox.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080573eed224f8fe858a522d248bb3d; expires=Fri, 09 May 2025 19:15:16 GMT; path=/; secure; SameSite=None
oaidts=1715282116; expires=Fri, 09 May 2025 19:15:16 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
|
|