Report - tnt-usa.site/f1/60.php

Report Overview

Submitted URL
tnt-usa.site/f1/60.php
IP
66.29.153.116
ASN
#22612 NAMECHEAP-NET
Submitted
2024-05-04 16:01:32
Access
public
Website Title
tnt-usa.site/f1/60.php
Final URL
tnt-usa.site/f1/60.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
acdcdn.com	108449	2020-05-05	2020-05-08	2024-03-03	1.6 kB	136 kB	188.114.97.1
zeekaihu.net	unknown	2023-07-04	2023-07-04	2024-04-27	818 B	34 kB	139.45.197.245
quartaherbist.com	unknown	unknown	No data	No data	407 B	1.5 kB	188.42.247.212
dlhd.sx	unknown	unknown	2023-08-24	2024-02-03	511 B	836 B	188.114.97.1
shitcustody.com	unknown	2021-08-01	2021-08-01	2023-11-12	860 B	44 kB	192.243.61.227
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-03	825 B	57 kB	172.67.180.87
tnt-usa.site	unknown	unknown	No data	No data	1.5 kB	8.8 kB	66.29.153.116
kzt2afc1rp52.com	unknown	2020-04-27	2020-04-27	2024-04-25	429 B	31 kB	192.243.61.227
1.dlhd.sx	unknown	unknown	No data	No data	857 B	47 kB	188.114.97.1
claplivehdplay.ru	unknown	2024-01-19	2024-01-19	2024-04-25	1.9 kB	827 kB	188.114.96.1
code.jquery.com	634	2005-12-10	2012-05-21	2024-05-03	413 B	90 kB	151.101.194.137
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-03	338 B	942 B	143.204.53.97
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-03	441 B	106 kB	45.133.44.9
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-03	732 B	423 B	192.243.61.225
www.xadsmart.com	151441	2020-04-18	2020-04-18	2024-04-28	422 B	38 kB	185.76.9.22
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-03	916 B	711 B	18.185.9.67
slimytree.com	unknown	unknown	No data	No data	899 B	17 kB	192.243.61.227
c.adsco.re	16577	2017-02-14	2017-11-29	2024-05-02	379 B	60 kB	104.17.167.186
disguisedgraceeveryday.com	unknown	unknown	No data	No data	491 B	469 B	192.243.59.20
weblivehdplay.ru	unknown	2023-10-05	2023-10-05	2024-01-15	525 B	870 B	172.67.219.2
youradexchange.com	273384	2012-11-09	2013-02-04	2024-05-03	1.6 kB	3.4 kB	104.21.91.188
eyhcervzexp.com	unknown	2024-04-30	2024-05-04	2024-05-04	415 B	64 kB	104.21.57.20
d.daddylivehd.sx	unknown	unknown	2023-07-13	2023-11-21	520 B	844 B	188.114.96.1
pubtrky.com	unknown	2023-11-21	2023-11-21	2024-05-03	467 B	558 B	104.21.8.108
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-03	881 B	16 kB	151.101.65.229
baskdisk.com	unknown	2024-04-29	2024-04-30	2024-05-03	2.3 kB	9.2 kB	192.243.59.13
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-05-03	408 B	327 B	192.243.61.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-04	medium	quartaherbist.com	Sinkholed
2024-05-04	medium	zeekaihu.net	Sinkholed
2024-05-04	medium	slimytree.com	Sinkholed
2024-05-04	medium	slimytree.com	Sinkholed
2024-05-04	medium	baskdisk.com	Sinkholed
2024-05-04	medium	unseenreport.com	Sinkholed
2024-05-04	medium	baskdisk.com	Sinkholed
2024-05-04	medium	disguisedgraceeveryday.com	Sinkholed
2024-05-04	medium	zeekaihu.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (29)

	URL	Size	First Seen	Last Seen
	1.dlhd.sx/embed/stream-60.php	467 B	2023-03-09	2024-05-18
Pretty URL 1.dlhd.sx/embed/stream-60.php IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 01:35:27 Last Seen2024-05-18 15:12:42 Times Seen72 Hash f6ca01bb0ca3ebde821544f18ec83583 2e8cbf747f80c79ae8c12b8685556757e813b9db a1d2b03b3b1269adbdcbda20f64807bc730335783a9a90e9fbd743f898fb675c Loading...

	claplivehdplay.ru/premiumtv/daddyhd.php?id=60	46 B	2023-07-23	2024-05-18
Pretty URL claplivehdplay.ru/premiumtv/daddyhd.php?id=60 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-23 19:35:27 Last Seen2024-05-18 15:12:42 Times Seen56 Hash 4e1e753f543ab69894b98c449e10234d 8ed53684f57e4c1e60ef3de40bf48d9e692fd3f1 1a0a20c8c7ace362f60bd79417d8bd1d5ab34fecd8bd335e7aa1bd3952d84db9 Loading...

	unknown	3.3 kB	2024-05-04	2024-05-04
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 18:01:40 Last Seen2024-05-04 18:01:40 Times Seen1 Hash b48e33d34cfaeca33d2a5351a3837c17 a3ac26c31fa6b369d6e2909076b9db610825f24c 308433eeddf5bf1c374150c03a717cb8316ead707aebaedbeae8fddea770110f Loading...

	eyhcervzexp.com/script/ut.js?cb=1714838466506	63 kB	2024-04-25	2024-05-18
Pretty URL eyhcervzexp.com/script/ut.js?cb=1714838466506 IP 104.21.57.20 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 17:58:25 Last Seen2024-05-18 14:19:16 Times Seen307 Hash bc481e345c04b4534e0a4e54a0f2c1c6 2be428035dd37b2722891c200f35449c5893df33 04d8cc0aacc3f172f638e608d3f08e8457d849290ae553090cb951d4b3f1b97b Loading...

	zeekaihu.net/tag.min.js	90 kB	2024-05-03	2024-05-05
Pretty URL zeekaihu.net/tag.min.js IP 139.45.197.245 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 10:08:14 Last Seen2024-05-05 17:05:03 Times Seen86 Hash 6161cd5b16afc637789c8a29da15ed13 04f9e513c05079726b06b2154995c4c5c7c09b08 562a877675f8c3df7e1be8c3b2999127466ca8784a0a556810ec018ab6c86e34 Loading...

	claplivehdplay.ru/premiumtv/daddyhd.php?id=60	82 kB	2024-04-26	2024-05-18
Pretty URL claplivehdplay.ru/premiumtv/daddyhd.php?id=60 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 01:43:46 Last Seen2024-05-18 15:12:42 Times Seen19 Hash 7173872d985b3515c5997342838528f8 d7f7f0e91674b4cf0c9972058e6137f2eaf10367 1d5e36529f31b56eebb0438d876e2bd5a1c05ecd23ab9443829614ddd609fd75 Loading...

	acdcdn.com/script/suv4.js	130 kB	2024-04-29	2024-05-15
Pretty URL acdcdn.com/script/suv4.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-29 17:52:37 Last Seen2024-05-15 11:48:44 Times Seen43 Hash 5b9ce85560e722a043303556bbc7d2ab 6bf6efa223c5bffc55922a2808f2e27bca6d48e3 1722aa05720be346e4b0fbb95ebca4d3ea11cf092b4df7db81fe9083ccdb94ac Loading...

	acdcdn.com/script/suv5.js	74 kB	2024-04-29	2024-05-15
Pretty URL acdcdn.com/script/suv5.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-29 17:52:36 Last Seen2024-05-15 11:48:44 Times Seen77 Hash 9d6eb2890d21b253ae6805e887bc3e7d 445a76360b55b73e5be624029c6a152f859532ba 46bca0d03531443972441e135afb00e7fd35bc74d0f466efe2dd782071a2d9e0 Loading...

	1.dlhd.sx/embed/stream-60.php	157 B	2023-03-11	2024-05-18
Pretty URL 1.dlhd.sx/embed/stream-60.php IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 19:15:55 Last Seen2024-05-18 15:12:42 Times Seen62 Hash 60f1798bac26472658ff588720760829 9929b26eeb812be15261ac5aee076e468bf4764f acf1662d0ddc764da1a0a9ca8c14ce6d6a937aecef80b4b0e0426698a24b765d Loading...

	quartaherbist.com/rajJs8QOI9CknaS/69521	0 B	2023-03-07	2024-05-18
Pretty URL quartaherbist.com/rajJs8QOI9CknaS/69521 IP 188.42.247.212 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 15:14:26 Times Seen37788317 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 172.67.180.87 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	unknown	196 B	2024-05-04	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 18:01:40 Last Seen2024-05-05 19:17:26 Times Seen2 Hash 629c6707371afd01350ab28e35098754 3d80ecf5a4a5803801310b8ab764104bf9da88e2 26ba5efe4872a9e334ee42a9be6e0bcebce8492379c35fdfaad2e99e6f082109 Loading...

	1.dlhd.sx/embed/adblock.php	162 kB	2024-05-04	2024-05-04
Pretty URL 1.dlhd.sx/embed/adblock.php IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 18:01:40 Last Seen2024-05-04 18:01:41 Times Seen2 Hash 696c5600f7692b3c36c2b9cb2d003520 3624d5bca269449ab0988aa2ced6be4db4ad2086 c80ce31ab0b150f3006ed1f7f361e5a0941a333ac77b1922f42107e4c759320d Loading...

	kzt2afc1rp52.com/dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js	84 kB	2024-05-04	2024-05-04
Pretty URL kzt2afc1rp52.com/dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 18:01:41 Last Seen2024-05-04 18:01:41 Times Seen2 Hash ebfbb2d629275975ee3a5d9a056aad9d 8014daa9bfd401a8a9a0ececa0cec9824840143d 0ea1f05eb0b4c84d7ddcc8a050dc61423fda1e21e3e24d427e1f565bc4f979e4 Loading...

	1.dlhd.sx/embed/stream-60.php	8.5 kB	2023-07-23	2024-05-18
Pretty URL 1.dlhd.sx/embed/stream-60.php IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-23 19:35:27 Last Seen2024-05-18 15:12:42 Times Seen25 Hash ff656e6bdffbea98da4df97ff7ae3d21 f742e8d729409184fdaf152c2d2b670d6db7e9ec 9e6e95d6fa2ce522e900a6eb22ef91ae4fa930a9e39e2ca913742d48d0484b68 Loading...

	1.dlhd.sx/embed/stream-60.php	935 B	2024-05-04	2024-05-04
Pretty URL 1.dlhd.sx/embed/stream-60.php IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-04 18:01:41 Last Seen2024-05-04 18:01:41 Times Seen1 Hash b89e2c03804116764279573a8360d50b ab0f5a1ead8fe352a58009a4d11b853b0ca06cc5 1febb231a741d0d0be04bf858fd98a13bba00489c80434b2561e99ee39695138 Loading...

	unknown	145 B	2024-05-04	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 18:01:41 Last Seen2024-05-05 19:17:26 Times Seen2 Hash e9a643fdaf689d455db92771719b1998 58ffec72bde3ede05d9e7930e374118e2249e9be 9c336c499ce8e8380084cb61daa141a5de1abbad462073d3714be79910daf751 Loading...

	1.dlhd.sx/embed/stream-60.php	424 B	2023-03-09	2024-05-15
Pretty URL 1.dlhd.sx/embed/stream-60.php IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 16:51:34 Last Seen2024-05-15 21:18:09 Times Seen33 Hash 0d76eb8dc02861ed102d5d2586f0d82b 55f9121e69e32deb1d9248bd692cdf06e3e76267 81471189f19f3e6d41e33d4f12ba8a5e03b70522fc6c9b0715ec63fdacf35076 Loading...

	shitcustody.com/36/91/b0/3691b06001ba839fe5f3337c408d7916.js	84 kB	2024-05-04	2024-05-04
Pretty URL shitcustody.com/36/91/b0/3691b06001ba839fe5f3337c408d7916.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 18:01:41 Last Seen2024-05-04 18:01:41 Times Seen2 Hash fdb2e7c05ccb9ee40dc7ad0063f737ae f283c94fb691460e4e8ab6c02d291e83248d6b9f 951a8762ea4f7ba962826c7df9c3c2d6f562e1cd98a6cbb8dd27a7ef1bd37a2f Loading...

	shitcustody.com/43f4570df01f0b67facdfc1cf0de49b0/invoke.js	31 kB	2024-05-04	2024-05-04
Pretty URL shitcustody.com/43f4570df01f0b67facdfc1cf0de49b0/invoke.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 18:01:41 Last Seen2024-05-04 18:01:41 Times Seen2 Hash d4a2d91827581aab303af563b3a69f19 d029641756a76bb11dfb673e1865a87e3df04602 a6c8250dad5855490ecd8b3c11ac177c9909acd476c9f2b12a115b72fe2552f3 Loading...

	1.dlhd.sx/embed/stream-60.php	66 kB	2024-04-26	2024-05-17
Pretty URL 1.dlhd.sx/embed/stream-60.php IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 01:43:46 Last Seen2024-05-17 09:52:55 Times Seen13 Hash 90d869580af15a27c3d2f6952ac58f5e e637748d02703d0ee04761324c1cbd3d3c5926c5 dbe5a09254083876039612cb8cb1433841735dea201ec3cc7887181c13893e8f Loading...

	unknown	5 B	2023-03-07	2024-05-18
Pretty Introduced by javascriptURL Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-18 15:12:42 Times Seen15160 Hash 68934a3e9455fa72420237eb05902327 7cb6efb98ba5972a9b5090dc2e517fe14d12cb04 fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa Loading...

	tnt-usa.site/f1/60.php	0 B	2023-03-07	2024-05-18
Pretty URL tnt-usa.site/f1/60.php IP 66.29.153.116 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 15:14:26 Times Seen37788317 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.xadsmart.com/kdc.min.css	37 kB	2024-05-04	2024-05-04
Pretty URL www.xadsmart.com/kdc.min.css IP 185.76.9.22 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-04 18:01:41 Last Seen2024-05-04 18:01:41 Times Seen2 Hash 5be69947b6f5c1e130ca8b50f280caa2 0adbc498cae61699f705cf93651e04eef97f3aed 7c492eda0e5b4fa72ea8a9ae42e41be342ffacb198a3af7d9669254e8ac8aa50 Loading...

	1.dlhd.sx/embed/stream-60.php	445 B	2024-04-26	2024-05-17
Pretty URL 1.dlhd.sx/embed/stream-60.php IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 01:43:47 Last Seen2024-05-17 09:52:55 Times Seen13 Hash 6d7cf20ca66176842303cf97bdf26bde 0cf10c1cf2ee995c05bae4735c0a2e42084b315a 21a1d3c6d41098beebbc7b4f829384b3b530ef7bcfc81e1e1e48e9e6a6b42160 Loading...

	unknown	34 B	2023-04-11	2024-05-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:16:40 Last Seen2024-05-18 15:12:42 Times Seen77519 Hash 572cb94037fffc2a0a53b465972e15f1 0d679b041a7c1ca45cc99e2d229fc2b86762838d 6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35 Loading...

		Size	First Seen	Last Seen
	#1 Eval - bcf8252390ab96e00870226743cfb8b7	2.1 kB	2024-05-04	2024-05-04
Pretty Observations First Seen2024-05-04 18:01:41 Last Seen2024-05-04 18:01:41 Times Seen1 Hash bcf8252390ab96e00870226743cfb8b7 6ad66b265994acd6536af7268d688940487f3c68 1bd16dca57ebcfc61f754fcc2312fd29722312c62bf6d5b8bd0a6cb8a2045b4e Loading...

	#2 Eval - 73497a37c3561adbd8ce84e4f017b368	9 B	2023-03-07	2024-05-18
Pretty Observations First Seen2023-03-07 01:03:23 Last Seen2024-05-18 15:04:35 Times Seen2446 Hash 73497a37c3561adbd8ce84e4f017b368 9193ae73cb3dd2833be8c942714d5544bfb628c9 9312a1adbbf0a4c05fc296d158ec3bd39acfe50e9e98ff02688139aad6fc3351 Loading...

		Size	First Seen	Last Seen
	#1 Write - a1ccc961855b887ffa0daa4d628ebd10	107 B	2024-05-04	2024-05-05
Pretty Observations First Seen2024-05-04 18:01:41 Last Seen2024-05-05 19:17:27 Times Seen2 Hash a1ccc961855b887ffa0daa4d628ebd10 50140f85d5d61de2eab1cb8feee528fa1c2bbc90 97c4216fdf9abeba4da66587c7694f9b76e9a41b00c1bd7af6c210881560b52f Loading...

HTTP Transactions (44)

URL IP Response Size

tnt-usa.site/f1/60.php

66.29.153.116

200 OK

838 B

URL User Request GET HTTP/2
tnt-usa.site/f1/60.php
IP
66.29.153.116:443
ASN
#22612 NAMECHEAP-NET

Certificate
IssuerSectigo Limited
Subjecttnt-usa.site
Fingerprint78:76:EE:DA:24:0B:FD:FA:F5:B1:3F:B2:1D:C5:B4:96:4D:32:72:FD
ValidityTue, 12 Mar 2024 00:00:00 GMT - Wed, 12 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
838 B (838 bytes)
Hash
1970d14e89b9ae5a0d39b2e637485625
1dffe70d25bc3e89018d2bfc3148e49367205393
b3bdb8e5025ed6f000cbc9d8f622dc2fd322716d6b4a4765e907e19f84eb6a46

HTTP Headers

GET /f1/60.php HTTP/1.1
Host: tnt-usa.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/8.0.30
content-type: text/html; charset=UTF-8
content-length: 838
content-encoding: br
vary: Accept-Encoding
date: Sat, 04 May 2024 16:01:04 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

d.daddylivehd.sx/embed/stream-60.php

188.114.96.1

301 Moved Permanently

167 B

URL GET HTTP/2
d.daddylivehd.sx/embed/stream-60.php
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerGoogle Trust Services LLC
Subjectdaddylivehd.sx
Fingerprint6E:00:BE:2A:59:A9:01:45:61:43:68:84:31:FD:7D:3C:B8:B4:25:13
ValiditySat, 16 Mar 2024 20:29:45 GMT - Fri, 14 Jun 2024 20:29:44 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /embed/stream-60.php HTTP/1.1
Host: d.daddylivehd.sx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 04 May 2024 16:01:05 GMT
content-type: text/html
content-length: 167
location: https://dlhd.sx/embed/stream-60.php
cache-control: max-age=3600
expires: Sat, 04 May 2024 17:01:05 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6hF9ztXgsZaaSQ%2FRq8z1pSWy0hMA%2FItCtWTpGKPdT7%2FU42a%2BJyD5Xw6jxazEhSlDqGiBGBKBojmafWt2wbynbki1tfCeMfDL6kSzV9NS3YFDMODUW0PlBO0BOy4TNhs75SlU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b51758b9b4f1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tnt-usa.site/1.png

66.29.153.116

200 OK

5.9 kB

URL GET HTTP/2
tnt-usa.site/1.png
IP
66.29.153.116:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerSectigo Limited
Subjecttnt-usa.site
Fingerprint78:76:EE:DA:24:0B:FD:FA:F5:B1:3F:B2:1D:C5:B4:96:4D:32:72:FD
ValidityTue, 12 Mar 2024 00:00:00 GMT - Wed, 12 Mar 2025 23:59:59 GMT

File type
PNG image data, 394 x 73, 8-bit/color RGB, non-interlaced
Size
5.9 kB (5884 bytes)
Hash
0c09b678fa4f504dad064aaac66bddc3
244c927bb83d2578cdfa439617ac70a053a1b81d
a44505fd1ddb9bffdaf43d00d5b60429a1116d6a5c114d24eab10e9f142b84f7

HTTP Headers

GET /1.png HTTP/1.1
Host: tnt-usa.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/f1/60.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Sat, 11 May 2024 16:01:05 GMT
content-type: image/png
last-modified: Tue, 12 Mar 2024 09:52:41 GMT
accept-ranges: bytes
content-length: 5884
date: Sat, 04 May 2024 16:01:05 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

dlhd.sx/embed/stream-60.php

188.114.97.1

301 Moved Permanently

167 B

URL GET HTTP/2
dlhd.sx/embed/stream-60.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerGoogle Trust Services LLC
Subjectdlhd.sx
Fingerprint21:F0:36:94:DA:BA:26:45:27:88:C8:87:52:83:9C:DF:F9:B0:A5:7E
ValiditySat, 13 Apr 2024 22:56:35 GMT - Fri, 12 Jul 2024 22:56:34 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /embed/stream-60.php HTTP/1.1
Host: dlhd.sx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tnt-usa.site/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 04 May 2024 16:01:05 GMT
content-type: text/html
content-length: 167
location: https://1.dlhd.sx/embed/stream-60.php
cache-control: max-age=3600
expires: Sat, 04 May 2024 17:01:05 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TGuz%2FsLfA1NqGutaJripDn4WRNu%2FEL%2FgcjEWjvG%2FWoPaBzX4z3zmzIAC7Nua0YwPd4JkLlAq8r%2FYb17s0NOYH8mDBkDrTYRFQ3DFg9mQ0IrqAWwlNrC0VFvm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b517cfcd568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

quartaherbist.com/rajJs8QOI9CknaS/69521

188.42.247.212

200 OK

20 B

URL GET HTTP/1.1
quartaherbist.com/rajJs8QOI9CknaS/69521
IP
188.42.247.212:443
ASN
#7979 SERVERS-COM

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerLet's Encrypt
Subjectquartaherbist.com
Fingerprint09:ED:0D:10:E1:38:44:BB:04:D8:BA:98:84:E3:F0:2F:50:D6:75:FC
ValidityWed, 17 Apr 2024 23:14:14 GMT - Tue, 16 Jul 2024 23:14:13 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rajJs8QOI9CknaS/69521 HTTP/1.1
Host: quartaherbist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 May 2024 16:01:05 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://1.dlhd.sx
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 05-May-2024 16:01:05 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sun, 05-May-2024 16:01:05 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

shitcustody.com/36/91/b0/3691b06001ba839fe5f3337c408d7916.js

192.243.61.227

200 OK

31 kB

URL GET HTTP/1.1
shitcustody.com/36/91/b0/3691b06001ba839fe5f3337c408d7916.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerLet's Encrypt
Subject*.shitcustody.com
Fingerprint4C:0A:AD:D6:7F:20:4E:F5:63:5B:12:C2:A3:98:B5:9A:60:C0:BA:38
ValidityThu, 21 Mar 2024 08:37:36 GMT - Wed, 19 Jun 2024 08:37:35 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30621 bytes)
Hash
fdb2e7c05ccb9ee40dc7ad0063f737ae
f283c94fb691460e4e8ab6c02d291e83248d6b9f
951a8762ea4f7ba962826c7df9c3c2d6f562e1cd98a6cbb8dd27a7ef1bd37a2f

HTTP Headers

GET /36/91/b0/3691b06001ba839fe5f3337c408d7916.js HTTP/1.1
Host: shitcustody.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:01:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fdcef647bed392012b8d348e265588cc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

shitcustody.com/43f4570df01f0b67facdfc1cf0de49b0/invoke.js

192.243.61.227

200 OK

12 kB

URL GET HTTP/1.1
shitcustody.com/43f4570df01f0b67facdfc1cf0de49b0/invoke.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerLet's Encrypt
Subject*.shitcustody.com
Fingerprint4C:0A:AD:D6:7F:20:4E:F5:63:5B:12:C2:A3:98:B5:9A:60:C0:BA:38
ValidityThu, 21 Mar 2024 08:37:36 GMT - Wed, 19 Jun 2024 08:37:35 GMT

File type
JavaScript source, ASCII text, with very long lines (31277), with no line terminators
Size
12 kB (11837 bytes)
Hash
d4a2d91827581aab303af563b3a69f19
d029641756a76bb11dfb673e1865a87e3df04602
a6c8250dad5855490ecd8b3c11ac177c9909acd476c9f2b12a115b72fe2552f3

HTTP Headers

GET /43f4570df01f0b67facdfc1cf0de49b0/invoke.js HTTP/1.1
Host: shitcustody.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:01:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: af9158e8c44ed4801263e609f0e15789
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
353dbae1e1b45a750770ae51bef13ba7
465917a2a0bbb947e9727e7f08b584a82aa6fb81
9fa5becc3e07f31f2f08bf5f331d6bfda4f6386634ea524bc3a8c56ac1c0bc2b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 04 May 2024 16:01:06 GMT
Last-Modified: Sat, 04 May 2024 14:12:34 GMT
Server: ECAcc (ska/F75B)
X-Cache: Miss from cloudfront
Via: 1.1 095562e8748e634f880ee3c4ada2b6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: aq69e6u8MFD5x_1ORADMx2ixOzOYH3DqnAWROgfJjr4QlTaOyU04FA==
Age: 6512

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
15ad091252a6cc49877a4da0d2cf8122
0642bbf10904234f26f591f12dd31975a3e5f0e7
f0c89de3ed575d5f9d8157e82e25ff96285ed12d100123dc9738e9f95b09ac7c

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tnt-usa.site
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://tnt-usa.site
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=716d30dc-c68e-4ade-9fbd-d42816825bb8:3:1; expires=Tue, 02 May 2034 16:01:06 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

172.67.180.87

200 OK

28 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
172.67.180.87:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27501 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 505d4b1a73b7b56d288c46e3d804fcc8
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 16:01:05 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FZaRo84CqhIq%2BZnAAnRKK5sv5ZPLApYvdZoVjXiMYieFyx4k1ar24iWcts283%2FeNk7D7CrOtRF5m8XsjObLNgVPRjjIIMnm59VTBCCySjAhYVHw9K5U4flcSi09eMvwLRX7s8aPeB9Gr8gIIZ9Edpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b51cea835693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

kzt2afc1rp52.com/dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js

192.243.61.227

200 OK

31 kB

URL GET HTTP/1.1
kzt2afc1rp52.com/dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerLet's Encrypt
Subjectkzt2afc1rp52.com
Fingerprint9A:52:7D:FA:48:7E:A0:17:19:03:F5:A9:DF:9C:A1:0B:F6:F5:5A:51
ValidityWed, 10 Apr 2024 07:14:41 GMT - Tue, 09 Jul 2024 07:14:40 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30611 bytes)
Hash
ebfbb2d629275975ee3a5d9a056aad9d
8014daa9bfd401a8a9a0ececa0cec9824840143d
0ea1f05eb0b4c84d7ddcc8a050dc61423fda1e21e3e24d427e1f565bc4f979e4

HTTP Headers

GET /dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js HTTP/1.1
Host: kzt2afc1rp52.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:01:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0551fe9ba225fd7255b15cfea4a6c998
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.185.9.67

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
18.185.9.67:443
ASN
#16509 AMAZON-02

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
96a039c05c0adf971c363046a781fb09
a32cc87306837a14fd6c609e6b7557ed0170f467
70f5ff10edf7ca7b6491ba7643397fe8421fd8795b9f9a70735476b5bb0df681

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1.dlhd.sx
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Cookie: uid_id2=99462650-3a95-4f94-9399-d35c4272b137:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://1.dlhd.sx
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

acdcdn.com/script/suv4.js

188.114.97.1

200 OK

42 kB

URL GET HTTP/2
acdcdn.com/script/suv4.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerLet's Encrypt
Subjectacdcdn.com
Fingerprint61:10:8A:75:FC:42:B5:AE:D3:A2:22:D9:41:4D:38:C7:1C:22:AB:4B
ValidityThu, 07 Mar 2024 18:24:57 GMT - Wed, 05 Jun 2024 18:24:56 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41877), with NEL line terminators
Size
42 kB (41504 bytes)
Hash
5b9ce85560e722a043303556bbc7d2ab
6bf6efa223c5bffc55922a2808f2e27bca6d48e3
1722aa05720be346e4b0fbb95ebca4d3ea11cf092b4df7db81fe9083ccdb94ac

HTTP Headers

GET /script/suv4.js HTTP/1.1
Host: acdcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:01:05 GMT
content-type: text/javascript
x-goog-generation: 1714389995532631
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 129779
x-goog-hash: crc32c=JsdvEg==, md5=W5zoVWDnIqBDMDVWu8fSqw==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
x-guploader-uploadid: ABPtcPqlbVxjIuscOzVKOvg5RmGg1ffV7gR9Z7JAeSuOQTwrdaPqfKsAUf1J330eVCp3iqavTA6u_b-SJw
expires: Sat, 04 May 2024 16:12:59 GMT
cache-control: public, max-age=3600
age: 1503
last-modified: Mon, 29 Apr 2024 11:26:35 GMT
etag: W/"5b9ce85560e722a043303556bbc7d2ab"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OZFfheXVKGFlvPM8RmkRU%2FXLFTj3GDSrOKg5YRk1lyG5uDrbPL3BLTMc4jdf8ahq5gETb%2FjX0Ww1mOkjT0VbMiI5R%2BoH1KgefLK3VXPiDBKB5jRhDL7%2F%2FkwwjdPZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b5175aec0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

weblivehdplay.ru/premiumtv/daddyhd.php?id=60

172.67.219.2

301 Moved Permanently

167 B

URL GET HTTP/2
weblivehdplay.ru/premiumtv/daddyhd.php?id=60
IP
172.67.219.2:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerLet's Encrypt
Subjectweblivehdplay.ru
FingerprintED:9B:86:DD:E4:DC:86:62:24:8F:5D:F0:F6:69:70:DC:54:A0:21:81
ValiditySat, 30 Mar 2024 19:37:25 GMT - Fri, 28 Jun 2024 19:37:24 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /premiumtv/daddyhd.php?id=60 HTTP/1.1
Host: weblivehdplay.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 04 May 2024 16:01:06 GMT
content-type: text/html
content-length: 167
location: https://claplivehdplay.ru/premiumtv/daddyhd.php?id=60
cache-control: max-age=3600
expires: Sat, 04 May 2024 17:01:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1bq2Lw%2BILh%2B%2FDWx71Z70i4n47g7UI6FCX%2Bd0m%2FVNx9nsbp%2F11z9e3iPIfOxnIiVQWTnLHA2vMOtMss51r1l5hKNA%2FMDHSARzHN2ikUVkNllKiE%2FbHUpkxkIJlvMP8xcnGYzK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b51fcab9568a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1.dlhd.sx/embed/stream-60.php

188.114.97.1

200 OK

0 B

URL HEAD HTTP/3
1.dlhd.sx/embed/stream-60.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerGoogle Trust Services LLC
Subjectdlhd.sx
Fingerprint21:F0:36:94:DA:BA:26:45:27:88:C8:87:52:83:9C:DF:F9:B0:A5:7E
ValiditySat, 13 Apr 2024 22:56:35 GMT - Fri, 12 Jul 2024 22:56:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /embed/stream-60.php HTTP/1.1
Host: 1.dlhd.sx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/embed/stream-60.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nAiGKTsdmk4YpNOGqzOeFVV7hTEiHDX85Z8Rs9SrxdLNPu%2FICdb5EaenuT3euN7a%2FuXRoiwJi98nc41QPhF5lLCJ1YUlGiiV%2BTrppB1RXia3qLxcPKjjs4x4YY8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e9b51fa8ac5691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

pubtrky.com/ut/hb.php?cb=0.2037859852454872&v=1

104.21.8.108

204 No Content

0 B

URL POST HTTP/2
pubtrky.com/ut/hb.php?cb=0.2037859852454872&v=1
IP
104.21.8.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerGoogle Trust Services LLC
Subjectpubtrky.com
Fingerprint1F:C3:3C:5C:C7:6F:56:DF:E4:18:22:98:6F:C2:B3:96:B2:B4:A6:30
ValidityMon, 18 Mar 2024 09:15:33 GMT - Sun, 16 Jun 2024 09:15:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ut/hb.php?cb=0.2037859852454872&v=1 HTTP/1.1
Host: pubtrky.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 795
Origin: https://tnt-usa.site
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sat, 04 May 2024 16:01:06 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yXzLMJWwgxGT6cBoXdVEfmU6P9B%2BN0kYvD%2FWj0gb9HrL2byjkRItNyTvswengeTN49TLY2AiETqa1of5iGESiQk%2FJtow1cupKE2Slqv8NStCGF5AT4wyYlmxcblHag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e9b51fca385695-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

zeekaihu.net/tag.min.js

139.45.197.245

200 OK

28 kB

URL GET HTTP/2
zeekaihu.net/tag.min.js
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerLet's Encrypt
Subjectzeekaihu.net
FingerprintDC:33:58:08:9D:AE:91:96:52:5E:8F:EF:D8:4F:DD:E8:87:D4:36:4F
ValidityThu, 29 Feb 2024 05:53:35 GMT - Wed, 29 May 2024 05:53:34 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (28333 bytes)
Hash
6161cd5b16afc637789c8a29da15ed13
04f9e513c05079726b06b2154995c4c5c7c09b08
562a877675f8c3df7e1be8c3b2999127466ca8784a0a556810ec018ab6c86e34

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: zeekaihu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 16:01:06 GMT
content-type: text/javascript; charset=utf-8
content-length: 28333
content-encoding: br
x-trace-id: cdd1d013468df9122e3100db93b5fcf3
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 03 May 2024 05:53:48 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

1.dlhd.sx/embed/adblock.php

188.114.97.1

200 OK

46 kB

URL GET HTTP/3
1.dlhd.sx/embed/adblock.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerGoogle Trust Services LLC
Subjectdlhd.sx
Fingerprint21:F0:36:94:DA:BA:26:45:27:88:C8:87:52:83:9C:DF:F9:B0:A5:7E
ValiditySat, 13 Apr 2024 22:56:35 GMT - Fri, 12 Jul 2024 22:56:34 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (40957), with NEL line terminators
Size
46 kB (46188 bytes)
Hash
696c5600f7692b3c36c2b9cb2d003520
3624d5bca269449ab0988aa2ced6be4db4ad2086
c80ce31ab0b150f3006ed1f7f361e5a0941a333ac77b1922f42107e4c759320d

HTTP Headers

GET /embed/adblock.php HTTP/1.1
Host: 1.dlhd.sx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/embed/stream-60.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:01:05 GMT
content-type: application/javascript
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ssIKpk2r8OPCH41IuU3MNrvslbeadWC9BIPU80DeTSu2GPRgN9Mw%2FYaY7XWeV%2BGQTBvfw00MBNVu7VzOJMsoD8zEkyYy2xlfFHA%2FlJfdLKLPp%2BwhCgAi%2BE6nqIs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e9b51968375691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

acdcdn.com/script/suv5.js

188.114.97.1

200 OK

26 kB

URL GET HTTP/3
acdcdn.com/script/suv5.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerLet's Encrypt
Subjectacdcdn.com
Fingerprint61:10:8A:75:FC:42:B5:AE:D3:A2:22:D9:41:4D:38:C7:1C:22:AB:4B
ValidityThu, 07 Mar 2024 18:24:57 GMT - Wed, 05 Jun 2024 18:24:56 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65499), with no line terminators
Size
26 kB (25688 bytes)
Hash
9d6eb2890d21b253ae6805e887bc3e7d
445a76360b55b73e5be624029c6a152f859532ba
46bca0d03531443972441e135afb00e7fd35bc74d0f466efe2dd782071a2d9e0

HTTP Headers

GET /script/suv5.js HTTP/1.1
Host: acdcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: text/javascript
x-goog-generation: 1714390003317461
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 74331
x-goog-hash: crc32c=uRKYDw==, md5=nW6yiQ0hslOuaAXoh7w+fQ==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
x-guploader-uploadid: ABPtcPqXz1MQ2C6fuyzrZWSpBpCGGFecg2PLmfFox6h338M2KR_xIj8big_TWs2wOJHmc0SXXQyz06lrHg
expires: Sat, 04 May 2024 16:17:56 GMT
cache-control: public, max-age=3600
age: 2182
last-modified: Mon, 29 Apr 2024 11:26:43 GMT
etag: W/"9d6eb2890d21b253ae6805e887bc3e7d"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bN1GU9W9%2BN6f8gZMk630i9yJatq272e4mZ%2BRC8Yw72p1JDemWBI8UtHtlPzWVB14jQEhEWnQiUTf2pQ2j8Q4nNgCJ%2Fo%2BUJvjLFlqDJTVp1QjM7shvC9IJWDjssWQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b51e0faf56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

acdcdn.com/script/suv4.js

188.114.97.1

200 OK

41 kB

URL GET HTTP/2
acdcdn.com/script/suv4.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerLet's Encrypt
Subjectacdcdn.com
Fingerprint61:10:8A:75:FC:42:B5:AE:D3:A2:22:D9:41:4D:38:C7:1C:22:AB:4B
ValidityThu, 07 Mar 2024 18:24:57 GMT - Wed, 05 Jun 2024 18:24:56 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (41877), with NEL line terminators
Size
41 kB (41001 bytes)
Hash
5b9ce85560e722a043303556bbc7d2ab
6bf6efa223c5bffc55922a2808f2e27bca6d48e3
1722aa05720be346e4b0fbb95ebca4d3ea11cf092b4df7db81fe9083ccdb94ac

HTTP Headers

GET /script/suv4.js HTTP/1.1
Host: acdcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: text/javascript
x-goog-generation: 1714389995532631
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 129779
x-goog-hash: crc32c=JsdvEg==, md5=W5zoVWDnIqBDMDVWu8fSqw==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
x-guploader-uploadid: ABPtcPqlbVxjIuscOzVKOvg5RmGg1ffV7gR9Z7JAeSuOQTwrdaPqfKsAUf1J330eVCp3iqavTA6u_b-SJw
expires: Sat, 04 May 2024 16:12:59 GMT
cache-control: public, max-age=3600
age: 1504
last-modified: Mon, 29 Apr 2024 11:26:35 GMT
etag: W/"5b9ce85560e722a043303556bbc7d2ab"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xt%2FlIsPfzt9Dbx6fTtsMrc3zFhdugHCcP0iMy%2F6M5KXm2Jeg4HLji214UU%2BW0wmSL361QMUouSb3HDTpVreZISSwGj%2Fo2uf6KHXztflV5N5wNnHyowWd04jlcn%2BZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b51e0fb256c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

slimytree.com/18/43/01/1843019bf263f39accf339e8c46780a9.js

192.243.61.227

200 OK

16 kB

URL GET HTTP/1.1
slimytree.com/18/43/01/1843019bf263f39accf339e8c46780a9.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerLet's Encrypt
Subjectslimytree.com
FingerprintA8:DD:81:A9:7F:BA:21:14:6E:83:03:51:19:9B:09:57:D5:99:81:6C
ValidityMon, 29 Apr 2024 12:55:09 GMT - Sun, 28 Jul 2024 12:55:08 GMT

File type
JavaScript source, ASCII text, with very long lines (44119), with no line terminators
Size
16 kB (15823 bytes)
Hash
c5cbeef96f6aec2e21b1d939006f81b4
1c15a5d8979a1b52cae7227d07b4cbd1359f0ddc
8e730bad45aaadd91bb96547e395d595a78d816927f2f944f1093af83945ddb5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /18/43/01/1843019bf263f39accf339e8c46780a9.js HTTP/1.1
Host: slimytree.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:01:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=0; expires=Tue, 07 May 2024 19:01:06 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1b1a6b1d11b567323077c8ab5b7cf9c6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

slimytree.com/pixel/purst?dl=0&th=0&sc=0&rs=1235&rd=1235&fd=791&bv=24.5.6485&tmpl=70

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
slimytree.com/pixel/purst?dl=0&th=0&sc=0&rs=1235&rd=1235&fd=791&bv=24.5.6485&tmpl=70
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerLet's Encrypt
Subjectslimytree.com
FingerprintA8:DD:81:A9:7F:BA:21:14:6E:83:03:51:19:9B:09:57:D5:99:81:6C
ValidityMon, 29 Apr 2024 12:55:09 GMT - Sun, 28 Jul 2024 12:55:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1235&rd=1235&fd=791&bv=24.5.6485&tmpl=70 HTTP/1.1
Host: slimytree.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:01:06 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.jsdelivr.net/npm/disable-devtool@latest

151.101.65.229

200 OK

6.7 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/disable-devtool@latest
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://claplivehdplay.ru/premiumtv/daddyhd.php?id=60
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (17245)
Size
6.7 kB (6741 bytes)
Hash
f71da0117b47fe056c382d44f7c1af53
c384c695d7a74e1e4272b13f9d5942d0f24d099d
2a741550c18b132b0ef573f818fc79d6c09169be71d538b968ceac551c178ad3

HTTP Headers

GET /npm/disable-devtool@latest HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://claplivehdplay.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.3.7
x-jsd-version-type: version
etag: W/"4372-w4TGldenTh5CcrE/nVlC0PJNCZ0"
content-encoding: br
accept-ranges: bytes
date: Sat, 04 May 2024 16:01:06 GMT
age: 38074
x-served-by: cache-fra-eddf8230055-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6741
X-Firefox-Spdy: h2

c.adsco.re/

104.17.167.186

58 kB

URL GET
c.adsco.re/
IP
104.17.167.186:0
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerSectigo Limited
Subject*.adsco.re
Fingerprint40:64:05:9C:99:0A:1E:9F:A7:49:61:8E:86:4C:4B:06:9C:73:83:73
ValiditySat, 23 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (689)
Size
58 kB (58410 bytes)
Hash
a0b475c65fed312aba8d7c43a0cbc928
3fdd052b41c37318e44084be4f92d42fba4ded61
2dfb2101b24f80be00b1baecce7eec815e61a13381f6983051b6261b8035468a

HTTP Headers

GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Tue, 04 Jun 2024 16:01:06 GMT
etag: W/"oLR1xl/tMSq6jXxDoMvJKA=="
cf-cache-status: HIT
age: 344607
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b520abc7b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

172.67.180.87

200 OK

28 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
172.67.180.87:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27461 bytes)
Hash
f4a2f8f9f99541c6f105bbd0a025bd40
1f8e3eff12168fdd9e719adfc098d24a45b6916a
b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 76c73039da59e7a34ba389111a5f0ade
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sat, 04 May 2024 16:01:06 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5fk%2BB2HBdBroYYGNdtVl9Fv0uAvnHMWEZNxeT4%2Bu2yTv9LrrG6K4SSk%2F9CdniKz8C9rgKSIq%2BT6VDJ%2B1fKlNYPaM9x2vIn47VWad8pL5Ev60rEJffpzYPDZDf115k9ClIgpqyd5eJpxz%2FWNAIHhRwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b51effd45691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.jsdelivr.net/npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js

151.101.65.229

200 OK

8.1 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://claplivehdplay.ru/premiumtv/daddyhd.php?id=60
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (26814)
Size
8.1 kB (8149 bytes)
Hash
835f1f7feab838f171c6334abc3d14da
68b97b433d37600647338e57f4344e5e1faf6246
189334d0a898e2aa16794cdd1ea47a0e7c1750578173b25033049fafdf55f2a4

HTTP Headers

GET /npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://claplivehdplay.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.6.2
x-jsd-version-type: version
etag: W/"68bf-aLl7Qz03YAZHM45X9DROXh+vYkY"
content-encoding: br
accept-ranges: bytes
date: Sat, 04 May 2024 16:01:07 GMT
age: 8355
x-served-by: cache-fra-eddf8230045-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 8149
X-Firefox-Spdy: h2

baskdisk.com/watch.982992925610.js?dev=e&key=43f4570df01f0b67facdfc1cf0de49b0&kw=%5B%5D&pst=1714838526&refer=https%3A%2F%2Ftnt-usa.site%2Ff1%2F60.php&res=14.2071&rmtc=t&shu=1f4b9f51876323c0fbe93890e2676d257dc04bcf3b9b263604062412f9eb3d8c826e758dd36a52cb7cf35c0959bbedc2c52a8d943fc147581a3c28138a86865695c0105d8d1d0081daed83b004bd8eba49c8ea68d7631321fe5b540eca5413&tz=0&uuid=99462650-3a95-4f94-9399-d35c4272b137%3A3%3A1

192.243.59.13

200 OK

2.1 kB

URL GET HTTP/1.1
baskdisk.com/watch.982992925610.js?dev=e&key=43f4570df01f0b67facdfc1cf0de49b0&kw=%5B%5D&pst=1714838526&refer=https%3A%2F%2Ftnt-usa.site%2Ff1%2F60.php&res=14.2071&rmtc=t&shu=1f4b9f51876323c0fbe93890e2676d257dc04bcf3b9b263604062412f9eb3d8c826e758dd36a52cb7cf35c0959bbedc2c52a8d943fc147581a3c28138a86865695c0105d8d1d0081daed83b004bd8eba49c8ea68d7631321fe5b540eca5413&tz=0&uuid=99462650-3a95-4f94-9399-d35c4272b137%3A3%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerLet's Encrypt
Subjectbaskdisk.com
Fingerprint38:F5:31:F3:64:B5:5C:ED:CA:6C:5E:FB:F7:04:F9:CE:A5:3C:74:BC
ValidityMon, 29 Apr 2024 12:48:34 GMT - Sun, 28 Jul 2024 12:48:33 GMT

File type
JavaScript source, ASCII text, with very long lines (2642)
Size
2.1 kB (2096 bytes)
Hash
0544629f561f2f47565b4fbe1859ee30
382d3d65393340b958609dcafeb7ee378083023c
f44eeef9046caaf246a29d3ee2841815d50aac23655c2e4943b2581d2057ec13

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.982992925610.js?dev=e&key=43f4570df01f0b67facdfc1cf0de49b0&kw=%5B%5D&pst=1714838526&refer=https%3A%2F%2Ftnt-usa.site%2Ff1%2F60.php&res=14.2071&rmtc=t&shu=1f4b9f51876323c0fbe93890e2676d257dc04bcf3b9b263604062412f9eb3d8c826e758dd36a52cb7cf35c0959bbedc2c52a8d943fc147581a3c28138a86865695c0105d8d1d0081daed83b004bd8eba49c8ea68d7631321fe5b540eca5413&tz=0&uuid=99462650-3a95-4f94-9399-d35c4272b137%3A3%3A1 HTTP/1.1
Host: baskdisk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tnt-usa.site
Referer: https://tnt-usa.site/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22668611; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY2ODYxMSwiayI6IjQzZjQ1NzBkZjAxZjBiNjdmYWNkZmMxY2YwZGU0OWIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjU2MzA0LCJwaWQiOjE0NDM2NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyMywicHQiOjQsInBrIjoibXc3dXNkM2YiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly90bnQtdXNhLnNpdGUvZjEvNjAucGhwIiwiYXIiOltdfX0.LSc91QR274xmHacrergB7jwgpfmz3m7-2nd9ZmtANmA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 16:01:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://tnt-usa.site
Access-Control-Allow-Origin: https://tnt-usa.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=99462650-3a95-4f94-9399-d35c4272b137:3:1; expires=Sat, 11 May 2024 16:01:07 GMT; secure; SameSite=None
iprcfa46e28d11c8dbd5b7a277d8d14add34=3569808; expires=Sat, 04 May 2024 20:01:07 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 05 May 2024 16:01:07 GMT; secure; SameSite=None
uncs=1; expires=Sun, 05 May 2024 16:01:07 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sun, 05 May 2024 16:01:07 GMT; secure; SameSite=None
uncs23=1; expires=Sun, 05 May 2024 16:01:07 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ce35ef31357701c3d5b28cce397b2a83
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

capaciousdrewreligion.com/advertisers.js

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC
ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:01:07 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1f7f91edb927e69d16f7c834e2cb2c4b
Strict-Transport-Security: max-age=0; includeSubdomains

acdcdn.com/script/ut.js?cb=1714838466225

188.114.97.1

200 OK

24 kB

URL GET HTTP/3
acdcdn.com/script/ut.js?cb=1714838466225
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerLet's Encrypt
Subjectacdcdn.com
Fingerprint61:10:8A:75:FC:42:B5:AE:D3:A2:22:D9:41:4D:38:C7:1C:22:AB:4B
ValidityThu, 07 Mar 2024 18:24:57 GMT - Wed, 05 Jun 2024 18:24:56 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (62938), with no line terminators
Size
24 kB (23657 bytes)
Hash
bc481e345c04b4534e0a4e54a0f2c1c6
2be428035dd37b2722891c200f35449c5893df33
04d8cc0aacc3f172f638e608d3f08e8457d849290ae553090cb951d4b3f1b97b

HTTP Headers

GET /script/ut.js?cb=1714838466225 HTTP/1.1
Host: acdcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: text/javascript
x-guploader-uploadid: ABPtcPq4rLQfUzIb4PXABJF3kaL6QpNC2eEDt1dZIA_AICzJwRtEzQkHmfGBvBjJTgyllcLoFfCchk7ypw
x-goog-generation: 1714053300452258
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 62975
x-goog-hash: crc32c=f8d0YQ==, md5=vEgeNFwEtFNOCk5UoPLBxg==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Sat, 04 May 2024 15:32:58 GMT
cache-control: public, max-age=3600
age: 2961
last-modified: Thu, 25 Apr 2024 13:55:00 GMT
etag: W/"bc481e345c04b4534e0a4e54a0f2c1c6"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0AURGVtCwIVhbZTxZEjWbwb7etne8cZuYy%2FRF7nCAc%2FgP%2FKmNDmy%2BRByDE0anOzVy%2Fa1Yw8lEK%2BjTwZwBocTmtkxMAgx005LE2sERatNaasyPIJt4gXpcuMQEaD4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b51e0fac56c0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png

45.133.44.9

200 OK

106 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced
Size
106 kB (105910 bytes)
Hash
a36b92bb68d9b579458560ba9b94862a
782d2932ccd3a56e5aad1cca7e6e7fb4a3cf23d6
9de12cf85ad80cae34d8bdaeb59169d75e3bd4f8b931ec90ea2c3be166647c0e

HTTP Headers

GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:01:07 GMT
content-type: image/png
content-length: 105910
server: nginx/1.21.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Mon, 06 May 2024 16:01:07 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=99462650-3a95-4f94-9399-d35c4272b137&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=3691b06001ba839fe5f3337c408d7916&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16

192.243.61.225

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=99462650-3a95-4f94-9399-d35c4272b137&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=3691b06001ba839fe5f3337c408d7916&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=99462650-3a95-4f94-9399-d35c4272b137&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=3691b06001ba839fe5f3337c408d7916&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 04 May 2024 16:01:07 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dc476b2b29731e4d54b72b5499825e43
Strict-Transport-Security: max-age=0; includeSubdomains

claplivehdplay.ru/clappr.min.js

188.114.96.1

200 OK

145 kB

URL GET HTTP/3
claplivehdplay.ru/clappr.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://claplivehdplay.ru/premiumtv/daddyhd.php?id=60
Certificate
IssuerLet's Encrypt
Subjectclaplivehdplay.ru
Fingerprint37:8C:3F:7E:2F:FA:77:B9:0B:C9:55:E0:E5:4E:A3:31:FE:F9:F8:47
ValidityMon, 18 Mar 2024 08:20:21 GMT - Sun, 16 Jun 2024 08:20:20 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
145 kB (145113 bytes)
Hash
f55c6c796275a41ce7d97bd160e648ff
936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89
db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c

HTTP Headers

GET /clappr.min.js HTTP/1.1
Host: claplivehdplay.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://claplivehdplay.ru/premiumtv/daddyhd.php?id=60
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: application/javascript
last-modified: Sun, 03 Mar 2024 13:23:49 GMT
etag: W/"65e479e5-80319"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3705
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g1VpOJcJu0wIjbfUBaa1JBlsi5KRw2J8Ot0uKCyCA86UQDSJJH8HBfVBCoFrnVpEHx2l8%2FY6fzECOZK2SZxfHjGhbneYDV1BmlkOGaCWaDyDW%2BoqR1gPHHJsvzpqP22OnPCKGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b5225f465684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

baskdisk.com/watch.982992925610.js?key=43f4570df01f0b67facdfc1cf0de49b0&kw=%5B%5D&refer=https%3A%2F%2Ftnt-usa.site%2Ff1%2F60.php&tz=0&dev=e&res=14.2071&uuid=99462650-3a95-4f94-9399-d35c4272b137%3A3%3A1

192.243.59.13

307 Temporary Redirect

3.5 kB

URL GET HTTP/1.1
baskdisk.com/watch.982992925610.js?key=43f4570df01f0b67facdfc1cf0de49b0&kw=%5B%5D&refer=https%3A%2F%2Ftnt-usa.site%2Ff1%2F60.php&tz=0&dev=e&res=14.2071&uuid=99462650-3a95-4f94-9399-d35c4272b137%3A3%3A1
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerLet's Encrypt
Subjectbaskdisk.com
Fingerprint38:F5:31:F3:64:B5:5C:ED:CA:6C:5E:FB:F7:04:F9:CE:A5:3C:74:BC
ValidityMon, 29 Apr 2024 12:48:34 GMT - Sun, 28 Jul 2024 12:48:33 GMT

File type

Size
3.5 kB (3518 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.982992925610.js?key=43f4570df01f0b67facdfc1cf0de49b0&kw=%5B%5D&refer=https%3A%2F%2Ftnt-usa.site%2Ff1%2F60.php&tz=0&dev=e&res=14.2071&uuid=99462650-3a95-4f94-9399-d35c4272b137%3A3%3A1 HTTP/1.1
Host: baskdisk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tnt-usa.site
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sat, 04 May 2024 16:01:06 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://tnt-usa.site
Access-Control-Allow-Origin: https://tnt-usa.site
Access-Control-Allow-Credentials: true
Location: https://baskdisk.com/watch.982992925610.js?dev=e&key=43f4570df01f0b67facdfc1cf0de49b0&kw=%5B%5D&pst=1714838526&refer=https%3A%2F%2Ftnt-usa.site%2Ff1%2F60.php&res=14.2071&rmtc=t&shu=1f4b9f51876323c0fbe93890e2676d257dc04bcf3b9b263604062412f9eb3d8c826e758dd36a52cb7cf35c0959bbedc2c52a8d943fc147581a3c28138a86865695c0105d8d1d0081daed83b004bd8eba49c8ea68d7631321fe5b540eca5413&tz=0&uuid=99462650-3a95-4f94-9399-d35c4272b137%3A3%3A1
Set-Cookie: u_pl=22668611; expires=Sun, 05 May 2024 16:01:06 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjY2ODYxMSwiayI6IjQzZjQ1NzBkZjAxZjBiNjdmYWNkZmMxY2YwZGU0OWIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNjU2MzA0LCJwaWQiOjE0NDM2NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyMywicHQiOjQsInBrIjoibXc3dXNkM2YiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly90bnQtdXNhLnNpdGUvZjEvNjAucGhwIiwiYXIiOltdfX0.LSc91QR274xmHacrergB7jwgpfmz3m7-2nd9ZmtANmA; expires=Sat, 04 May 2024 16:02:06 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a24758f503b6417ffe40f2b6bdc35e50
Strict-Transport-Security: max-age=0; includeSubdomains

claplivehdplay.ru/p2p-media-loader-core.min.js

188.114.96.1

200 OK

350 kB

URL GET HTTP/3
claplivehdplay.ru/p2p-media-loader-core.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://claplivehdplay.ru/premiumtv/daddyhd.php?id=60
Certificate
IssuerLet's Encrypt
Subjectclaplivehdplay.ru
Fingerprint37:8C:3F:7E:2F:FA:77:B9:0B:C9:55:E0:E5:4E:A3:31:FE:F9:F8:47
ValidityMon, 18 Mar 2024 08:20:21 GMT - Sun, 16 Jun 2024 08:20:20 GMT

File type
JavaScript source, ASCII text, with very long lines (505), with CRLF line terminators
Size
350 kB (350181 bytes)
Hash
456780886716e31a2c5031869a56024d
9ddf91b9e4e6321fbb0d0160f386203d326092fb
97ba329694ba923bc5d7d93e051cf0ecdc8121d4488adb52b682a646b3721511

HTTP Headers

GET /p2p-media-loader-core.min.js HTTP/1.1
Host: claplivehdplay.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://claplivehdplay.ru/premiumtv/daddyhd.php?id=60
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: application/javascript
last-modified: Mon, 18 Mar 2024 17:15:39 GMT
etag: W/"65f876bb-557e5"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1602
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tt5%2F%2F9ZLnH5QEtJkwkH1y0Azj6xhearEFficsfjQSgEXTmfB%2BSLHVKGYJfJ4I9RjLnrZKepGtDvJ%2F3N95c4sEfNCowiZTYW7xsTFwYYQbfbhDaFU8rI%2FjiYPxJosaZbArb9%2FHg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b5225f4b5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

claplivehdplay.ru/premiumtv/daddyhd.php?id=60

188.114.96.1

200 OK

251 kB

URL GET HTTP/2
claplivehdplay.ru/premiumtv/daddyhd.php?id=60
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerLet's Encrypt
Subjectclaplivehdplay.ru
Fingerprint37:8C:3F:7E:2F:FA:77:B9:0B:C9:55:E0:E5:4E:A3:31:FE:F9:F8:47
ValidityMon, 18 Mar 2024 08:20:21 GMT - Sun, 16 Jun 2024 08:20:20 GMT

File type

Size
251 kB (251354 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /premiumtv/daddyhd.php?id=60 HTTP/1.1
Host: claplivehdplay.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1.dlhd.sx/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=14400, immutable, no-transform
expires: Sun, 05 May 2024 05:36:14 GMT
videocdn: HIT
node: PHP
x-cache: HIT
cf-cache-status: HIT
age: 1092
last-modified: Sat, 04 May 2024 15:42:54 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Du8N%2BhdqeM9NXWNNpmZ39SBjmX3%2BO%2BaJncDERDG99VyCWFsShqyFGeOdUPQtK9zhELZolPj40h2iFDfsasyDAPRv7vFHo2Ig2cs9uaVuvDcwvrz8WV834FJl2m3OnXkO6S9X0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b520ae0d5696-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

youradexchange.com/script/suurl5.php?r=6707202&cbur=0.1301893241701012&cbiframe=1&cbWidth=730&cbHeight=480&cbtitle=&cbpage=https%3A%2F%2Ftnt-usa.site%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=eyhcervzexp.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1714838465817&srs=83eb7596e8bc814253dbcc6f9cde7a77&atv=48.1&abtg=1&adbv=3-swat3-swf2

104.21.91.188

200 OK

955 B

URL GET HTTP/2
youradexchange.com/script/suurl5.php?r=6707202&cbur=0.1301893241701012&cbiframe=1&cbWidth=730&cbHeight=480&cbtitle=&cbpage=https%3A%2F%2Ftnt-usa.site%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=eyhcervzexp.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1714838465817&srs=83eb7596e8bc814253dbcc6f9cde7a77&atv=48.1&abtg=1&adbv=3-swat3-swf2
IP
104.21.91.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintD5:0B:42:43:E8:69:FA:76:AA:C8:B3:28:9A:EB:33:C4:6F:62:7A:2B
ValiditySun, 14 Apr 2024 01:48:20 GMT - Sat, 13 Jul 2024 01:48:19 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (982), with no line terminators
Size
955 B (955 bytes)
Hash
479b0dd5a62af3d53ca97e9c1d114a22
0b2c53015024fca04eafb8b9ce2c0d0eb6edf70f
934b8c1aceb6674acafa2a4f1a8f157f3680a6223fc2cecc0dcf3f162dd4e355

HTTP Headers

GET /script/suurl5.php?r=6707202&cbur=0.1301893241701012&cbiframe=1&cbWidth=730&cbHeight=480&cbtitle=&cbpage=https%3A%2F%2Ftnt-usa.site%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=eyhcervzexp.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1714838465817&srs=83eb7596e8bc814253dbcc6f9cde7a77&atv=48.1&abtg=1&adbv=3-swat3-swf2 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1.dlhd.sx/
Origin: https://1.dlhd.sx
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dz%2Bq7MMyPr6GdgpVkYbTxQAy9tLqrtOcY3rgVH6BA2UOjUBB3SVviPU4SH4Zq2DAdAYtp%2F5RKLBgg8xZxIOiFFuHOepl7qYdRbFphRxUV3fLQBD1gaUXPUR6VD5L%2BbcLRdbVnOw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e9b51b7bb87127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.xadsmart.com/kdc.min.css

185.76.9.22

200 OK

37 kB

URL GET HTTP/2
www.xadsmart.com/kdc.min.css
IP
185.76.9.22:443
ASN
#60068 Datacamp Limited

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerLet's Encrypt
Subject1376341044.rsc.cdn77.org
Fingerprint68:8B:ED:E2:67:C5:82:02:7F:17:31:6A:4A:5F:F4:34:D3:AB:57:CF
ValidityTue, 30 Apr 2024 06:35:29 GMT - Mon, 29 Jul 2024 06:35:28 GMT

File type
JavaScript source, ASCII text, with very long lines (1568)
Size
37 kB (37168 bytes)
Hash
5be69947b6f5c1e130ca8b50f280caa2
0adbc498cae61699f705cf93651e04eef97f3aed
7c492eda0e5b4fa72ea8a9ae42e41be342ffacb198a3af7d9669254e8ac8aa50

HTTP Headers

GET /kdc.min.css HTTP/1.1
Host: www.xadsmart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1.dlhd.sx
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: application/x-javascript
vary: Accept-Encoding, Origin
popads-node: wb12
expires: Mon, 06 May 2024 09:55:28 GMT
access-control-allow-origin: https://1.dlhd.sx
link: <https://xadsmart.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-77-nzt: EwwBuUwJFAH3VwkAAAwBuUwKEwH3JAMAAAwB1GY4EQH3t+AGAA
x-77-nzt-ray: af5856301f5d41e8c25b36666fdb151f
x-accel-expires: @1714989328
x-accel-date: 1714836075
x-77-cache: HIT
x-77-age: 2391
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 2391
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

disguisedgraceeveryday.com/pixel/purst?dl=0&th=0&sc=0&rs=1716&rd=1716&fd=924&bv=24.5.6485&tmpl=70

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
disguisedgraceeveryday.com/pixel/purst?dl=0&th=0&sc=0&rs=1716&rd=1716&fd=924&bv=24.5.6485&tmpl=70
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerLet's Encrypt
Subjectdisguisedgraceeveryday.com
Fingerprint16:DC:B3:22:C8:B6:B2:82:32:C9:AC:95:10:84:7F:8B:4A:4F:AE:EF
ValidityTue, 30 Apr 2024 15:31:31 GMT - Mon, 29 Jul 2024 15:31:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1716&rd=1716&fd=924&bv=24.5.6485&tmpl=70 HTTP/1.1
Host: disguisedgraceeveryday.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 04 May 2024 16:01:06 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

tnt-usa.site/favicon.ico

66.29.153.116

404 Not Found

1.3 kB

URL GET HTTP/2
tnt-usa.site/favicon.ico
IP
66.29.153.116:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerSectigo Limited
Subjecttnt-usa.site
Fingerprint78:76:EE:DA:24:0B:FD:FA:F5:B1:3F:B2:1D:C5:B4:96:4D:32:72:FD
ValidityTue, 12 Mar 2024 00:00:00 GMT - Wed, 12 Mar 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (1285), with no line terminators
Size
1.3 kB (1251 bytes)
Hash
94f08a3a6562f7f079c4f5a67b7260e2
cc5d03e17c41ee6bb2ebf0d26d4354a486ca1823
44ea069d9a3f7dcea953ac173384578b6185f4b2ece05a6f4513b9fda29c4c29

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: tnt-usa.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tnt-usa.site/f1/60.php
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=99462650-3a95-4f94-9399-d35c4272b137%3A3%3A1; pp_main_3691b06001ba839fe5f3337c408d7916=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1251
date: Sat, 04 May 2024 16:01:07 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

eyhcervzexp.com/script/ut.js?cb=1714838466506

104.21.57.20

200 OK

63 kB

URL GET HTTP/2
eyhcervzexp.com/script/ut.js?cb=1714838466506
IP
104.21.57.20:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerGoogle Trust Services LLC
Subjecteyhcervzexp.com
FingerprintA5:4E:EF:DF:2C:BD:5B:F2:4C:1C:1E:0F:B9:E8:1E:38:78:EE:03:E8
ValidityTue, 30 Apr 2024 15:36:09 GMT - Mon, 29 Jul 2024 15:36:08 GMT

File type

Size
63 kB (62975 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/ut.js?cb=1714838466506 HTTP/1.1
Host: eyhcervzexp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: text/javascript
x-guploader-uploadid: ABPtcPpGTPfj02_nQPItZmMyXVAoCs2jHKwVdUv-Fcncl8DWAyk9P-GmoXGTFU0azyQLGed5DA
x-goog-generation: 1714053300452258
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 62975
x-goog-hash: crc32c=f8d0YQ==, md5=vEgeNFwEtFNOCk5UoPLBxg==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Sat, 04 May 2024 15:27:27 GMT
cache-control: public, max-age=14400
age: 2760
last-modified: Thu, 25 Apr 2024 13:55:00 GMT
etag: W/"bc481e345c04b4534e0a4e54a0f2c1c6"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zLaa4ueVCltqhGlyqEKKe0zMhzUvvnxZnIFI7X%2FYTpV5sGsmDTlGcuGs4t6CM0nGv2m52TL4FWPkUmGiFfg0vCRPmze%2BEEqeC2NnAeqhgk5bca7t6HlS%2FVlDFQzhk%2Fvkx4w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b51fe9f21c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

claplivehdplay.ru/blast.js

188.114.96.1

200 OK

78 kB

URL GET HTTP/3
claplivehdplay.ru/blast.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://claplivehdplay.ru/premiumtv/daddyhd.php?id=60
Certificate
IssuerLet's Encrypt
Subjectclaplivehdplay.ru
Fingerprint37:8C:3F:7E:2F:FA:77:B9:0B:C9:55:E0:E5:4E:A3:31:FE:F9:F8:47
ValidityMon, 18 Mar 2024 08:20:21 GMT - Sun, 16 Jun 2024 08:20:20 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77888 bytes)
Hash
091faec928970e76d37a3601c19fcf8a
6441e8eebe90eb8d4a40e7c25440ff99caba3520
eb06375118b1eb73f43b8f1851472008f84999a1b27359c075bf5da6feef9a12

HTTP Headers

GET /blast.js HTTP/1.1
Host: claplivehdplay.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://claplivehdplay.ru/premiumtv/daddyhd.php?id=60
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: application/javascript
last-modified: Sun, 03 Mar 2024 13:23:46 GMT
etag: W/"65e479e2-13040"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3894
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LufFqaamlXi8VbL3V8Kq3JTKAfEjmDOZfuYK0c9%2BfT9tWVog78kV9fRJaCoTMZUAWJ4KJcEgct%2BUjBTPCV6YNERaFpxqHGw2zHQpEVMGphUp1JDJNJiNfcWelbzjqc1rlHxEIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87e9b5225f485684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

youradexchange.com/script/suurl5.php?r=5034787&cbur=0.9269341711193396&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Ftnt-usa.site%2Ff1%2F60.php&cbref=&cbdescription=&cbkeywords=&cbcdn=acdcdn.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1714838466359&srs=d1bcae95fa25de4a98680933a6f895fa&atv=48.1-sw-suv5

104.21.91.188

200 OK

956 B

URL GET HTTP/2
youradexchange.com/script/suurl5.php?r=5034787&cbur=0.9269341711193396&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Ftnt-usa.site%2Ff1%2F60.php&cbref=&cbdescription=&cbkeywords=&cbcdn=acdcdn.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1714838466359&srs=d1bcae95fa25de4a98680933a6f895fa&atv=48.1-sw-suv5
IP
104.21.91.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tnt-usa.site/f1/60.php
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintD5:0B:42:43:E8:69:FA:76:AA:C8:B3:28:9A:EB:33:C4:6F:62:7A:2B
ValiditySun, 14 Apr 2024 01:48:20 GMT - Sat, 13 Jul 2024 01:48:19 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (983), with no line terminators
Size
956 B (956 bytes)
Hash
33a31dd2325109335de5d74d592a069e
4b2db01edcf818d978d425d5ce0238c75cd38697
81720f91659a2567b8492c38c77254c654ed4f8aee6e3972dd44861b6d1910cf

HTTP Headers

GET /script/suurl5.php?r=5034787&cbur=0.9269341711193396&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Ftnt-usa.site%2Ff1%2F60.php&cbref=&cbdescription=&cbkeywords=&cbcdn=acdcdn.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1714838466359&srs=d1bcae95fa25de4a98680933a6f895fa&atv=48.1-sw-suv5 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tnt-usa.site/
Origin: https://tnt-usa.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 04 May 2024 16:01:06 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uyEVxlmUzV3hLnpr7uRXnTeQymV85V9rOzmmv5Oqo6Hfvo2ZsgKtjx%2FChJIzP5h05ob2J9Fs5NzYZODz3%2Bu9VzhpZJTKBnji69LxQMyKg6CoQwLjKeFxnnBHukymX85fcGnjjTY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87e9b51ef8f77127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

90 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://claplivehdplay.ru/premiumtv/daddyhd.php?id=60
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://claplivehdplay.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 04 May 2024 16:01:06 GMT
age: 694647
x-served-by: cache-lga21931-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 3, 512176
x-timer: S1714838467.984892,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

zeekaihu.net/5/6712285/?oo=1&aab=1

139.45.197.245

200 OK

2.9 kB

URL GET HTTP/2
zeekaihu.net/5/6712285/?oo=1&aab=1
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://1.dlhd.sx/embed/stream-60.php
Certificate
IssuerLet's Encrypt
Subjectzeekaihu.net
FingerprintDC:33:58:08:9D:AE:91:96:52:5E:8F:EF:D8:4F:DD:E8:87:D4:36:4F
ValidityThu, 29 Feb 2024 05:53:35 GMT - Wed, 29 May 2024 05:53:34 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3139), with no line terminators
Size
2.9 kB (2891 bytes)
Hash
cd6e4cf85ad5f90282f8f33148c25993
2aae39f79279291403b32258e01717795db51db3
3f851f99448df8049188ca2942128edba5aa86597354e341fe70abbae6c69b30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6712285/?oo=1&aab=1 HTTP/1.1
Host: zeekaihu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1.dlhd.sx
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 16:01:06 GMT
content-type: application/json
x-trace-id: 10107de46f313843105946caa93b43b9
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://1.dlhd.sx
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080527d9b874e8ee4763323c099c7f7; expires=Sun, 04 May 2025 16:01:06 GMT; path=/; secure; SameSite=None
oaidts=1714838466; expires=Sun, 04 May 2025 16:01:06 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (29)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL