Report - daddylivehd.site/stream/stream-350.php

Report Overview

Visited public
2025-06-08 19:09:46
Tags
Submit Tags
URL
daddylivehd.site/stream/stream-350.php
Finishing URL
daddylivehd.site/stream/stream-350.php
IP / ASN
104.21.32.1
#13335 CLOUDFLARENET
Title
DaddyLiveHD

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
unseenreport.com	unknown	2022-03-30	2022-03-30	2025-06-05	768 B	496 B	192.243.61.227
madurird.com	unknown	2023-10-06	2023-10-07	2025-06-06	407 B	108 kB	139.45.197.106
top2new.newkso.ru	unknown	2025-04-01	2025-05-02	2025-06-04	549 B	776 B	104.21.45.220
daddylivehd.site	unknown	2025-05-15	2025-05-20	2025-05-20	2.5 kB	29 kB	104.21.80.1
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-06-04	887 B	545 kB	104.16.175.226
bvtpk.com	unknown	2019-03-16	2025-05-21	2025-06-06	409 B	109 kB	172.67.154.171
code.jquery.com	634	2005-12-10	2012-05-21	2025-06-04	419 B	90 kB	151.101.130.137
waust.at	38137	unknown	2016-01-28	2025-06-06	397 B	13 kB	172.67.71.57
sabotagesophisticatedfragile.com	unknown	unknown	No data	No data	466 B	105 kB	192.243.59.13
nannyirrationalacquainted.com	unknown	2024-08-19	2025-01-22	2025-06-02	2.6 kB	2.6 kB	172.240.108.76
t.dtscout.com	11951	2013-11-01	2017-01-30	2025-06-06	492 B	3.2 kB	172.67.70.180
uu.kniveyhagweed.com	unknown	unknown	No data	No data	428 B	1.4 kB	23.109.170.137
daddylivehd.click	unknown	2025-05-31	2025-06-08	2025-06-08	439 B	1.1 kB	188.114.96.1
recordedthereby.com	unknown	2024-05-08	2024-05-08	2025-06-02	415 B	86 kB	185.196.197.72
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2025-06-06	429 B	377 B	185.196.197.72
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2025-06-04	516 B	20 kB	104.16.79.73
x3os.com	unknown	2021-03-18	2025-04-24	2025-06-01	556 B	811 B	139.45.196.64
daddylivehd1.online	unknown	2025-05-07	2025-06-03	2025-06-03	2.6 kB	81 kB	104.21.50.105
topembed.pw	unknown	2024-06-01	2024-06-02	2025-06-08	1.4 kB	122 kB	188.114.96.1
experttrafficcounter.com	unknown	2025-01-23	2025-01-24	2025-06-06	956 B	726 B	18.192.242.105

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-08	medium	nannyirrationalacquainted.com	Sinkholed
2025-06-08	medium	nannyirrationalacquainted.com	Sinkholed
2025-06-08	medium	nannyirrationalacquainted.com	Sinkholed
2025-06-08	medium	unseenreport.com	Sinkholed
2025-06-08	medium	nannyirrationalacquainted.com	Sinkholed
2025-06-08	medium	madurird.com	Sinkholed
2025-06-08	medium	kniveyhagweed.com	Sinkholed
2025-06-08	medium	nannyirrationalacquainted.com	Sinkholed
2025-06-08	medium	recordedthereby.com	Sinkholed
2025-06-08	medium	capaciousdrewreligion.com	Sinkholed
2025-06-08	medium	sabotagesophisticatedfragile.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (22)

	URL	From	Size	First Seen	Last Seen
	daddylivehd.site/stream/stream-350.php	ScriptElement	189 B	2025-05-31	2025-06-22
Pretty URL daddylivehd.site/stream/stream-350.php IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-31 09:05 Last Seen2025-06-22 04:07 Times Seen4 Hash 4bb8de6850f4b271fd8f665f1642c3ca 95963c09d8f630e9e5cb848faa3f92e76534502f 7b15c1802c1060c5b7aa4ce8d608a4065c8801ca907d0c7e010bcbb0686db04d Loading...

	bvtpk.com/tag.min.js	ScriptElement	108 kB	2025-06-07	2025-06-09
Pretty URL bvtpk.com/tag.min.js IP 172.67.154.171 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-07 00:54 Last Seen2025-06-09 07:23 Times Seen33 Hash 1de4a5a75f077a0c9ab14e2e492c9ac5 bd470e4b34b3a60a76d6ea7f52440d593d206540 dea17b14b47fa050f29c38a6d6e99b0546cd95336ec1a59ad484a8cc0ecf957c Loading...

	topembed.pw/channel/ITV1[UK]	ScriptElement	1 B	2023-03-07	2025-06-27
Pretty URL topembed.pw/channel/ITV1[UK] IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-06-27 06:18 Times Seen69916 Hash 68b329da9893e34099c7d8ad5cb9c940 adc83b19e793491b1c6ea0fd8b46cd9f32e592fc 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b Loading...

	daddylivehd.site/stream/stream-350.php	ScriptElement	424 B	2024-01-30	2025-06-22
Pretty URL daddylivehd.site/stream/stream-350.php IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-30 10:50 Last Seen2025-06-22 04:07 Times Seen9 Hash 987b13b2cbc9dfdc9879b4008673b10f 7aa71c8145c630a01aff5362ff32dd482ecd17e9 fde0a8dee7ed4cb89ff47afee5233d1164cac820dd063df589042751a4e8ab2e Loading...

	recordedthereby.com/sfp.js	ScriptElement	85 kB	2025-01-25	2025-06-27
Pretty URL recordedthereby.com/sfp.js IP 185.196.197.72 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-25 09:25 Last Seen2025-06-27 06:21 Times Seen2209 Hash 108625937affa4b38bb17cea65510d72 2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0 Loading...

	uu.kniveyhagweed.com/rQj6YH8H49N/113434	ScriptElement	5 B	2025-04-24	2025-06-27
Pretty URL uu.kniveyhagweed.com/rQj6YH8H49N/113434 IP 23.109.170.137 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-24 10:17 Last Seen2025-06-27 06:21 Times Seen928 Hash 848667c49f5d3aef59cd65ed276cd7ae bd12c0ca2dfaa249586f1b9b8d48b02a1b9e3763 cc5a5851251dd8052292557ba0231c51363ff1474f60b7a4af3be144cb1327c8 Loading...

	cdn.jsdelivr.net/npm/disable-devtool@latest/disable-devtool.min.js	ScriptElement	1.0 kB	2024-08-20	2025-06-25
Pretty URL cdn.jsdelivr.net/npm/disable-devtool@latest/disable-devtool.min.js IP 104.16.175.226 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:58 Last Seen2025-06-25 19:05 Times Seen56 Hash e12fedc7e315e996fa3cbee1c5ade178 ef1e6d083fc24f4fabf59b63d86a703b5af4b7aa 6ec537d8fa199eb276afac7ea46845f4192c7707958617fb0cced4503e730216 Loading...

	topembed.pw/channel/ITV1[UK]	ScriptElement	28 kB	2025-06-08	2025-06-08
Pretty URL topembed.pw/channel/ITV1[UK] IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-08 18:40 Last Seen2025-06-08 19:09 Times Seen2 Hash 05d03aa32dca93b912011174516224e8 b10fc7c386c748502448ebe2de1df609a3b0b428 76444b0189caed8b8cb9b3a1ee7912d822260199912a78eb25b81b0db7fd9daa Loading...

	sabotagesophisticatedfragile.com/9f/45/99/9f4599940e2778b83b86ab9f9df533ae.js	ScriptElement	104 kB	2025-05-31	2025-06-08
Pretty URL sabotagesophisticatedfragile.com/9f/45/99/9f4599940e2778b83b86ab9f9df533ae.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-31 09:05 Last Seen2025-06-08 19:09 Times Seen2 Hash 253eda3ad93ee53f8ef8803fda89102d 838224613f914fc4adb19be42520b9c1e0fe58de cf003ee53f20ea43c0fadee810142c418710b8f92475a8deea8bab1c6bfaf851 Loading...

	about:blank	ScriptElement	236 B	2025-06-08	2025-06-08
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-08 19:09 Last Seen2025-06-08 19:09 Times Seen1 Hash ba8b6a60011c856bbeb87a0f0af13c85 06add35267430b8d83ef6299e3120688d442d40e 06761c0a876ac99bdd4c99e5e0159c4e064af696c826ba00f304d041ec19c7d5 Loading...

	daddylivehd.site/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	10 kB	2025-06-08	2025-06-08
Pretty URL daddylivehd.site/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-08 18:32 Last Seen2025-06-08 19:19 Times Seen3 Hash d93ee493d8b3eea197241a9528ae3a57 ef2b6ec9fee513ec49554bdbba0498770abae241 ef6ae14ec885f77703b1ddfba2bf39e9faca32fa84463eda1e1c92efcc77d246 Loading...

	cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js	ScriptElement	1.0 kB	2025-04-08	2025-06-25
Pretty URL cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js IP 104.16.175.226 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-08 02:16 Last Seen2025-06-25 19:05 Times Seen37 Hash 4692d44b1860b33e430a87c56b6cdc22 ab49192fc1912cab78a1b6cfe12e00afafca8100 c7c3cddd2d4c88819bed5b3ce8964a258534be4a2ad17cba9587424a7a10cc42 Loading...

	static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015	ScriptElement	20 kB	2024-06-07	2025-06-27
Pretty URL static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 IP 104.16.79.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-07 09:21 Last Seen2025-06-27 06:21 Times Seen71396 Hash ec18af6d41f6f278b6aed3bdabffa7bc 62c9e2cab76b888829f3c5335e91c320b22329ae 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f Loading...

	about:blank	ScriptElement	236 B	2025-06-08	2025-06-08
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-08 19:09 Last Seen2025-06-08 19:09 Times Seen1 Hash d1c93c6452ed327542c5c4171ecbcf7d 940953ae157491db2dcd0e94a54dd04df610c2a6 68ddf9de5032856be1645965882ef44f45afa87badbe7e175d1c09cb74651379 Loading...

	topembed.pw/channel/ITV1[UK]	ScriptElement	332 B	2025-04-16	2025-06-25
Pretty URL topembed.pw/channel/ITV1[UK] IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-16 10:55 Last Seen2025-06-25 19:05 Times Seen35 Hash 5a774e3f3f50d990ee426b47a7a5e033 9aa8984d60feb823b28791881bf02f3a0e9caf1c b869dcaa9146835641bfdf2eb8f89a7333dfb5b3e3acb61cf77f5bdc1488c281 Loading...

	daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/	ScriptElement	2.1 kB	2024-08-19	2025-06-24
Pretty URL daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/ IP 104.21.50.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-19 13:44 Last Seen2025-06-24 22:04 Times Seen11 Hash 6bf07c36ae8bb1155c77bc94763dd914 327f3e5b5ff218ee88388c1c9aa5c6941f0179aa b39afaa4ef34988bf8f8d7fbd34e363f8fcebd433a6189960a9296977d5ebde1 Loading...

	daddylivehd.site/stream/stream-350.php	ScriptElement	921 B	2025-06-08	2025-06-08
Pretty URL daddylivehd.site/stream/stream-350.php IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-08 19:09 Last Seen2025-06-08 19:09 Times Seen1 Hash 6244168566f0cb0e56a75cce7985a8da 8638b78eafbc3a2e0b2cc0474d71b75330b2b3c1 9f055aa175cf18fc14557ec02b8a8271514b2ce778287899fd1cd2eca901e32d Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	1.0 kB	2023-05-26	2025-06-27
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-26 08:35 Last Seen2025-06-27 04:41 Times Seen1104 Hash 87c725e214683adf9b74663ff14946ab ccbe1b6c564d65ad51f1488627d8ea8d1e97e131 93e773869f7f7e03ab47466b60c2b9113b1da6b969d5963c03678e5a4c0e0807 Loading...

	daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/	ScriptElement	168 B	2025-05-20	2025-06-08
Pretty URL daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/ IP 104.21.50.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-20 01:10 Last Seen2025-06-08 19:09 Times Seen6 Hash 3c627f479da64d31a2101d502c8589ca d3879304d4f3de104b1c4c0b11467d74c6124e83 59f1a8a23525c2e6b6070f66fb5a76b41fffa1dcfa6aaf9cc6af5ad4f1530423 Loading...

	daddylivehd1.online/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	10 kB	2025-06-08	2025-06-08
Pretty URL daddylivehd1.online/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.50.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-08 18:25 Last Seen2025-06-08 19:09 Times Seen2 Hash 8c6874ad6b10c47d49523fd2507b5dbb 3253b248c60168c2dcd5f1310303982d888e5f8a 957a85b62dc0d70262f472a7626227f18d660aa7f52f3361ba5e7a2606a55341 Loading...

	daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/	ScriptElement	921 B	2025-06-08	2025-06-08
Pretty URL daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/ IP 104.21.50.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-08 19:09 Last Seen2025-06-08 19:09 Times Seen1 Hash e3e7938345135f439f1deac1214facc4 501dbe818e4d5a357fde9360088538786e115acd 99757f257755b1730254f6321662b9aee48edcc1aeb879d8e757f44a15c426a6 Loading...

	waust.at/c.js	ScriptElement	1.0 kB	2025-04-16	2025-06-26
Pretty URL waust.at/c.js IP 172.67.71.57 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-16 10:55 Last Seen2025-06-26 05:38 Times Seen22 Hash 1da4c7bb0f7222312108bf4c5a68c022 14ee17f842582996cd4fdea2c5186efbfa30bf1b 8b68a03f3760c4285d41df81b4d452578dd8d10ba8858bb3addf94e58b94467f Loading...

HTTP Transactions (36)

URL IP Response Size

OPTIONS nannyirrationalacquainted.com/pixel/pure

172.240.108.76

204 No Content

0 B

URL OPTIONS
nannyirrationalacquainted.com/pixel/pure
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerLet's Encrypt
Subjectnannyirrationalacquainted.com
Fingerprint02:A2:15:3C:6C:15:16:0E:78:8F:56:09:21:EA:27:04:2D:EC:D5:E2
ValiditySun, 20 Apr 2025 00:43:48 GMT - Sat, 19 Jul 2025 00:43:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /pixel/pure HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://daddylivehd.site/
Origin: https://daddylivehd.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Sun, 08 Jun 2025 19:09:26 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET topembed.pw/channel/ITV1[UK]

188.114.96.1

200 OK

41 kB

URL GET
topembed.pw/channel/ITV1[UK]
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/
Certificate
IssuerGoogle Trust Services
Subjecttopembed.pw
Fingerprint4D:4A:73:BA:44:EB:4D:40:8A:F6:36:F1:92:92:6A:97:88:C9:EF:0F
ValidityFri, 30 May 2025 16:10:04 GMT - Thu, 28 Aug 2025 17:07:41 GMT

File type
JavaScript source, ASCII text, with very long lines (28179), with CRLF, LF line terminators
Size
41 kB (41406 bytes)
Hash
7be57fb43e113fbce57b876d1f0cb948
ab4db199cb2aeebdf3518f07910ae94e59779f92
7e09b7b1feb1484adcc8a1d3a508efb1989f5736bb8b1a8cf5b3d4b8d9c61fd5

HTTP Headers

GET /channel/ITV1[UK] HTTP/1.1
Host: topembed.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd1.online/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 19:09:28 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, no-store, must-revalidate
x-cacheable: YES
expires: Sun, 08 Jun 2025 19:10:18 GMT
videocdn: HIT
videocdnx: NO
node: PHP
x-cache: HIT
cf-cache-status: EXPIRED
last-modified: Sun, 08 Jun 2025 19:09:28 GMT
vary: accept-encoding
max-age: 0
pragma: no-cache
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Ckc%2F1lQMbEtrjzCP3d0WwN21xtUK1GxPmTZ5LHlAlPzvJw%2Bzvw2Dq3dCPggjYqfYz5DWUwXfkhh%2BxtWyXhfO63%2FxP8v8feE1hQ%3D%3D"}]}
cf-ray: 94caaf099e4d569f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET t.dtscout.com/i/?l=https%3A%2F%2Ftopembed.pw%2Fchannel%2FITV1%5BUK%5D&j=https%3A%2F%2Fdaddylivehd1.online%2F

172.67.70.180

200 OK

2.1 kB

URL GET
t.dtscout.com/i/?l=https%3A%2F%2Ftopembed.pw%2Fchannel%2FITV1%5BUK%5D&j=https%3A%2F%2Fdaddylivehd1.online%2F
IP
172.67.70.180:443
ASN
#13335 CLOUDFLARENET

Requested by
https://topembed.pw/channel/ITV1[UK]
Certificate
IssuerGoogle Trust Services
Subjectdtscout.com
Fingerprint11:3C:3D:5C:B0:6F:26:8A:49:75:78:AB:D4:5F:97:20:13:A2:96:DC
ValidityMon, 05 May 2025 03:38:34 GMT - Sun, 03 Aug 2025 04:38:30 GMT

File type
ASCII text, with very long lines (2077)
Size
2.1 kB (2079 bytes)
Hash
51bd741af3fcc4984d1a753eebfa1141
534664acf69cbbb5c9b97c96b63dd37bdc580da2
3e9c8e5dcf3cbff9e1b7211551a31fe388f1b8e607fd78a0a34855be65da721c

HTTP Headers

GET /i/?l=https%3A%2F%2Ftopembed.pw%2Fchannel%2FITV1%5BUK%5D&j=https%3A%2F%2Fdaddylivehd1.online%2F HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://topembed.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 19:09:28 GMT
content-type: application/javascript
content-encoding: br
x-s: mtl2
set-cookie: m=1; Domain=dtscout.com; Expires=Sun, 08-Jun-2025 20:32:48 GMT; Max-Age=5000; Path=/; SameSite=None; Secure
df=1749409768; Domain=dtscout.com; Expires=Tue, 16-Sep-2025 19:09:28 GMT; Max-Age=8640000; Path=/; SameSite=None; Secure
x-t: 0.249
expires: Sun, 08 Jun 2025 19:09:27 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jApdf7PHO2PpjSn%2BrZHLd7GpVX%2B5kSHLU2x6egNmAjNoqkeuuMPWGHt7X5b8Q1QaBBt1Q3ojvFvbcMiKNZ32TX%2B2nLe1WBnVyBeRAVQTAI0ES45B%2FIN0Q5ywYAKeZJ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 94caaf0e5f890b51-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=582&min_rtt=432&rtt_var=276&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3270&recv_bytes=1250&delivery_rate=7362711&cwnd=254&unsent_bytes=0&cid=9370670d0261782f&ts=300&x=0"
X-Firefox-Spdy: h2

GET experttrafficcounter.com/stats

18.192.242.105

200 OK

40 B

URL GET
experttrafficcounter.com/stats
IP
18.192.242.105:443
ASN
#16509 AMAZON-02

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerAmazon
Subjectexperttrafficcounter.com
FingerprintCE:93:F6:82:20:C2:20:51:6E:53:85:EC:03:9C:48:F0:13:0B:67:D7
ValidityTue, 29 Apr 2025 00:00:00 GMT - Thu, 28 May 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
3128b2cf4ebb8a1e5e380fb113c46d20
8a6e11afc4c89017177e16faa7e75e8df58d0641
42e54b3c17c4d72cdb6ad454dd2da1949b397d6f7a222317a19d5cd6f5dcc86c

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://daddylivehd.site
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 19:09:25 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://daddylivehd.site
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=93f702fa-a1c4-42e8-9945-1d28a3700cae:2:1; expires=Wed, 06 Jun 2035 19:09:25 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

POST nannyirrationalacquainted.com/pixel/pure

172.240.108.76

200 OK

0 B

URL POST
nannyirrationalacquainted.com/pixel/pure
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerLet's Encrypt
Subjectnannyirrationalacquainted.com
Fingerprint02:A2:15:3C:6C:15:16:0E:78:8F:56:09:21:EA:27:04:2D:EC:D5:E2
ValiditySun, 20 Apr 2025 00:43:48 GMT - Sat, 19 Jul 2025 00:43:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /pixel/pure HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://daddylivehd.site
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 08 Jun 2025 19:09:26 GMT
Content-Length: 0
Connection: keep-alive
Host: nannyirrationalacquainted.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET top2new.newkso.ru/auth.php?channel_id=itv1uk&ts=1749409432&rnd=32ee3ccf&sig=f1b52dc844c6322161631024dfc9508bd6f0bc638a79d811b9dc0ae7c3292009

104.21.45.220

200 OK

15 B

URL GET
top2new.newkso.ru/auth.php?channel_id=itv1uk&ts=1749409432&rnd=32ee3ccf&sig=f1b52dc844c6322161631024dfc9508bd6f0bc638a79d811b9dc0ae7c3292009
IP
104.21.45.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://topembed.pw/channel/ITV1[UK]
Certificate
IssuerGoogle Trust Services
Subjectnewkso.ru
Fingerprint78:B2:4A:4F:8C:08:64:EB:8E:09:91:88:03:A6:48:32:B4:4C:06:29
ValidityFri, 30 May 2025 17:30:46 GMT - Thu, 28 Aug 2025 18:29:06 GMT

File type
JSON text data
Size
15 B (15 bytes)
Hash
0f0479874bf6f4a7281099b15df27c27
55a490e280d48996e564d00492437eb17faadd28
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

HTTP Headers

GET /auth.php?channel_id=itv1uk&ts=1749409432&rnd=32ee3ccf&sig=f1b52dc844c6322161631024dfc9508bd6f0bc638a79d811b9dc0ae7c3292009 HTTP/1.1
Host: top2new.newkso.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://topembed.pw/
Origin: https://topembed.pw
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 19:09:28 GMT
content-type: application/json
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, no-store, must-revalidate
a-php-lb-cache: MISS
x-lb-cache: MISS
cf-cache-status: MISS
last-modified: Sun, 08 Jun 2025 19:09:28 GMT
vary: accept-encoding
access-control-allow-origin: *
no-cache: no-cache
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=SN%2BM%2F1AJDdX6YR1Xz%2BG09zosFMoU0xb7NA2HMw%2FCo0HY1klxz%2BpPLXl%2BHpGQX%2FX6q79OgwWidt%2BzCc4%2B%2F5hi%2BSCCi1LhIwY5FCLP2V9ZXA%3D%3D"}]}
content-encoding: br
cf-ray: 94caaf0e4f770b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET nannyirrationalacquainted.com/pixel/purst?dl=0&th=0&sc=0&rs=949&rd=949&fd=580&bv=25.5.2579&tmpl=70

172.240.108.76

200 OK

0 B

URL GET
nannyirrationalacquainted.com/pixel/purst?dl=0&th=0&sc=0&rs=949&rd=949&fd=580&bv=25.5.2579&tmpl=70
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerLet's Encrypt
Subjectnannyirrationalacquainted.com
Fingerprint02:A2:15:3C:6C:15:16:0E:78:8F:56:09:21:EA:27:04:2D:EC:D5:E2
ValiditySun, 20 Apr 2025 00:43:48 GMT - Sat, 19 Jul 2025 00:43:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=949&rd=949&fd=580&bv=25.5.2579&tmpl=70 HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 08 Jun 2025 19:09:25 GMT
Content-Length: 0
Connection: keep-alive
Host: nannyirrationalacquainted.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js

104.16.175.226

200 OK

525 kB

URL GET
cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js
IP
104.16.175.226:443
ASN
#13335 CLOUDFLARENET

Requested by
https://topembed.pw/channel/ITV1[UK]
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
FingerprintA6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F
ValidityFri, 25 Apr 2025 00:00:00 GMT - Mon, 04 May 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
525 kB (525081 bytes)
Hash
f55c6c796275a41ce7d97bd160e648ff
936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89
db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c

HTTP Headers

GET /npm/clappr@latest/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://topembed.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 19:09:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 145133
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 0.3.13
x-jsd-version-type: version
etag: W/"80319-k2KF+cjIWnSaHvjPxNXoS36ivIk"
content-encoding: br
x-served-by: cache-fra-eddf8230067-FRA, cache-lga21958-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 16288
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JjWnBvunHvh%2FolXRNmkGQazQYGflxVrdN1EJYougjGPO2SjdumOUcOKb75U8Q%2FFbEoRhKWfSCg53UKtioLji6YyQK%2BDx%2FdH33NMTgn7SvPH6r5m4I%2BaSCSjM95E7yPd3Kc8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 94caaf0ba90e7128-OSL
X-Firefox-Spdy: h2

GET topembed.pw/blast.js

188.114.96.1

200 OK

78 kB

URL GET
topembed.pw/blast.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://topembed.pw/channel/ITV1[UK]
Certificate
IssuerGoogle Trust Services
Subjecttopembed.pw
Fingerprint4D:4A:73:BA:44:EB:4D:40:8A:F6:36:F1:92:92:6A:97:88:C9:EF:0F
ValidityFri, 30 May 2025 16:10:04 GMT - Thu, 28 Aug 2025 17:07:41 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77888 bytes)
Hash
091faec928970e76d37a3601c19fcf8a
6441e8eebe90eb8d4a40e7c25440ff99caba3520
eb06375118b1eb73f43b8f1851472008f84999a1b27359c075bf5da6feef9a12

HTTP Headers

GET /blast.js HTTP/1.1
Host: topembed.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://topembed.pw/channel/ITV1[UK]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Jun 2025 19:09:28 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 26 Jun 2024 13:53:09 GMT
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
expires: Sun, 08 Jun 2025 19:11:07 GMT
cache-control: no-cache, no-store, must-revalidate
age: 261
cf-cache-status: HIT
priority: u=3,i=?0
vary: accept-encoding
max-age: 0
pragma: no-cache
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=k1FDe4wmwbNVOMMOVdYpGGTX37aT6nwYdYFmDsmL46pXembCThmbmeTWKQNwy6DQRFVZheWpoqQrMHrEeev5hc%2FybZ%2FDRTbrZQ%3D%3D"}]}
etag: W/"667c1d45-13040"
content-encoding: br
cf-ray: 94caaf0d0d7e56a5-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET daddylivehd.site/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.80.1

302 Found

10 kB

URL GET
daddylivehd.site/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerGoogle Trust Services
Subjectdaddylivehd.site
FingerprintC0:9D:FD:69:CA:5F:CC:E2:13:16:72:E7:EE:45:CD:9B:C3:30:FB:F5
ValidityThu, 15 May 2025 22:55:25 GMT - Wed, 13 Aug 2025 23:54:07 GMT

File type

Size
10 kB (10119 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: daddylivehd.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Sun, 08 Jun 2025 19:09:25 GMT
content-length: 0
vary: Accept-Encoding
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/f9574c83b4d7/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
cf-ray: 94caaef7f8135699-OSL
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7EaInYy0xjwnlpz5dNZxJqIEDF4GLboMhSmAlqxEpDWaepHT4gh0i9iOIrVsoU2Zsqj2M3toEiRv5jPx0WC2Fn1DYUplh4yXkUnEqSbXZgteN7PgTBf5IzVB0eUtO4nZqLCh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4220&min_rtt=2585&rtt_var=1557&sent=66&recv=100&lost=0&retrans=0&sent_bytes=6660&recv_bytes=5945&delivery_rate=574465&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=1610556658bb9e23&ts=929&inflight_dur=32&x=80"

GET bvtpk.com/tag.min.js

172.67.154.171

200 OK

108 kB

URL GET
bvtpk.com/tag.min.js
IP
172.67.154.171:443
ASN
#13335 CLOUDFLARENET

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerGoogle Trust Services
Subjectbvtpk.com
Fingerprint80:D6:91:C2:8E:83:24:9B:4F:8D:6D:D8:9F:ED:C8:E8:4F:95:41:F8
ValidityWed, 14 May 2025 10:17:51 GMT - Tue, 12 Aug 2025 11:16:09 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107521 bytes)
Hash
1de4a5a75f077a0c9ab14e2e492c9ac5
bd470e4b34b3a60a76d6ea7f52440d593d206540
dea17b14b47fa050f29c38a6d6e99b0546cd95336ec1a59ad484a8cc0ecf957c

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: bvtpk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 19:09:25 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-trace-id: 1229e04857fc775651afdcd434c4d9f2
cache-control: public, max-age=600, s-maxage=1800
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
content-encoding: gzip
age: 1695
cf-cache-status: HIT
last-modified: Sun, 08 Jun 2025 18:41:09 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9rxUPDZg5zIw%2FEwmqZFe8M%2BQOaBAqF0ASv86WYOo4rHY9h0%2Bj%2Bp%2BD84DK%2B5%2B2jbL1HHmVh39r4OjwqMpa8eZMcVyXowopuQ%3D"}]}
cf-ray: 94caaef7d97c0b61-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

POST daddylivehd.site/cdn-cgi/challenge-platform/h/b/jsd/r/0.3622691618840888:1749406392:UUQ6V-EHWQ_vxahuw_WPrQmbkd8SqApO9-vkgU80Bbg/94caaef1adfe1c12

104.21.80.1

200 OK

0 B

URL POST
daddylivehd.site/cdn-cgi/challenge-platform/h/b/jsd/r/0.3622691618840888:1749406392:UUQ6V-EHWQ_vxahuw_WPrQmbkd8SqApO9-vkgU80Bbg/94caaef1adfe1c12
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerGoogle Trust Services
Subjectdaddylivehd.site
FingerprintC0:9D:FD:69:CA:5F:CC:E2:13:16:72:E7:EE:45:CD:9B:C3:30:FB:F5
ValidityThu, 15 May 2025 22:55:25 GMT - Wed, 13 Aug 2025 23:54:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.3622691618840888:1749406392:UUQ6V-EHWQ_vxahuw_WPrQmbkd8SqApO9-vkgU80Bbg/94caaef1adfe1c12 HTTP/1.1
Host: daddylivehd.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 12098
Origin: https://daddylivehd.site
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/stream/stream-350.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Jun 2025 19:09:25 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xDJv7bR8yAW0%2FoX8x3Gjh86B7r7HmaE6k0ClU%2BKKaXm%2B6%2BvEgRpOX05qkL7oOxSLnmHqpBVVLdancZYwBkJjl4CNjTkYnBgCy80xvUxNpG%2BGxDzeUO3698jNaaNCKFmIhwqW"}],"group":"cf-nel","max_age":604800}
set-cookie: cf_clearance=dOyMfcdIlTkA.UY1T_Gq1wHYWQlnuaTCSrPX4K8iA58-1749409765-1.2.1.1-9WMSN0.r9YvuaG3TfnK53i5QgX2fHnK7hokHsuQJDdFLhNdCH18VB45DdDZqHq0dE5f.I4a7no.nLr7x5VzkrVcshVI6iDowX1HnZ1kydoNMCMCdvgKfcdiNvShCer_f0lkB5mtPP8FZf._4ENkOHvSbn3I1SxMvnE0LyvtaKOjOLtNyz_9D0wWx3m1KB5jCvMD1eJ20wSsjZ0Ot_X_zfi4M0OS4zERMUM78rvY8n9wo9Pd9G3GS7o2BERxfuGeHCezCzFhUqAZZmY3uRgoZwzKuD_6IaQ9BgiKvxRuQ.McR64iMrJU9dtxm3nn6Dbj4477RFjLLdjDgq_aKLJP3fyuM4hhNRCc0ZUYE_d6UqSQ; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=daddylivehd.site; Expires=Mon, 08 Jun 2026 19:09:25 GMT
cf-ray: 94caaefbe8725699-OSL
server: cloudflare
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7923&min_rtt=2585&rtt_var=7826&sent=80&recv=115&lost=0&retrans=0&sent_bytes=14108&recv_bytes=19518&delivery_rate=2187206&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=1610556658bb9e23&ts=1554&inflight_dur=78&x=80"

GET static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

104.16.79.73

200 OK

20 kB

URL GET
static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/
Certificate
IssuerGoogle Trust Services
Subjectcloudflareinsights.com
FingerprintEA:C7:0D:68:3A:45:CB:AD:C5:33:41:B6:DF:F1:60:64:E1:0F:52:6A
ValiditySun, 27 Apr 2025 18:18:02 GMT - Sat, 26 Jul 2025 19:17:55 GMT

File type
JavaScript source, ASCII text, with very long lines (19948), with no line terminators
Size
20 kB (19948 bytes)
Hash
ec18af6d41f6f278b6aed3bdabffa7bc
62c9e2cab76b888829f3c5335e91c320b22329ae
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

HTTP Headers

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://daddylivehd1.online
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd1.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 19:09:27 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 94caaf08effa56c6-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

GET unseenreport.com/pxf.gif?uuid=93f702fa-a1c4-42e8-9945-1d28a3700cae&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=9f4599940e2778b83b86ab9f9df533ae&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19

192.243.61.227

200 OK

0 B

URL GET
unseenreport.com/pxf.gif?uuid=93f702fa-a1c4-42e8-9945-1d28a3700cae&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=9f4599940e2778b83b86ab9f9df533ae&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint70:62:DC:6C:0A:F4:AA:56:4E:74:DC:EF:DA:CC:60:5A:C4:34:CE:F2
ValiditySat, 17 May 2025 22:34:21 GMT - Fri, 15 Aug 2025 22:34:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=93f702fa-a1c4-42e8-9945-1d28a3700cae&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=9f4599940e2778b83b86ab9f9df533ae&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=19 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 08 Jun 2025 19:09:28 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: unseenreport.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: a6957f2545d073f501317c16daa5c0c7
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET daddylivehd.site/stream/stream-350.php

104.21.80.1

200 OK

2.6 kB

URL User Request GET
daddylivehd.site/stream/stream-350.php
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdaddylivehd.site
FingerprintC0:9D:FD:69:CA:5F:CC:E2:13:16:72:E7:EE:45:CD:9B:C3:30:FB:F5
ValidityThu, 15 May 2025 22:55:25 GMT - Wed, 13 Aug 2025 23:54:07 GMT

File type
HTML document, ASCII text, with very long lines (952), with CRLF line terminators
Size
2.6 kB (2605 bytes)
Hash
2d37127f4718146d2f4c2f066e3517ff
e1f258ce51c1a62a44bb00391e0630421f861e1c
6bccd775e61274ee20d84addf8940775f2fe61408ea94b5264ce115385d3ff86

HTTP Headers

GET /stream/stream-350.php HTTP/1.1
Host: daddylivehd.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 19:09:24 GMT
content-type: text/html; charset=UTF-8
content-encoding: br
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 08 Jun 2025 17:18:02 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Rx0bISNiBw7m58xHEeyHcTf%2Fz0fA9S7HIGNyUQDXfDhotjWfcHMKIENZ1Euyfy50LKFQ9sGt4m%2FcGnQgbfIBd7B7InGiV775N4uwZVWT5cNPgxnaUELPcFqAyjK6adLed9n"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 94caaef1adfe1c12-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=5793&min_rtt=436&rtt_var=10715&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3287&recv_bytes=1270&delivery_rate=7313131&cwnd=254&unsent_bytes=0&cid=9a9516b0b521b207&ts=115&x=0"
X-Firefox-Spdy: h2

POST x3os.com/5/9305824/?oo=1&js_build=iclick-v1.1456.0&dmn=bvtpk.com&tt=2&ix=0

139.45.196.64

204 No Content

0 B

URL POST
x3os.com/5/9305824/?oo=1&js_build=iclick-v1.1456.0&dmn=bvtpk.com&tt=2&ix=0
IP
139.45.196.64:443
ASN
#9002 RETN Limited

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerLet's Encrypt
Subjectx3os.com
Fingerprint50:C0:EA:5D:F8:E5:56:73:E2:8F:35:76:0A:C7:E0:08:49:F5:FD:AB
ValidityTue, 22 Apr 2025 14:19:12 GMT - Mon, 21 Jul 2025 14:19:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /5/9305824/?oo=1&js_build=iclick-v1.1456.0&dmn=bvtpk.com&tt=2&ix=0 HTTP/1.1
Host: x3os.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2630
Origin: https://daddylivehd.site
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sun, 08 Jun 2025 19:09:26 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://daddylivehd.site
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

OPTIONS nannyirrationalacquainted.com/pixel/pure

172.240.108.76

204 No Content

0 B

URL OPTIONS
nannyirrationalacquainted.com/pixel/pure
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerLet's Encrypt
Subjectnannyirrationalacquainted.com
Fingerprint02:A2:15:3C:6C:15:16:0E:78:8F:56:09:21:EA:27:04:2D:EC:D5:E2
ValiditySun, 20 Apr 2025 00:43:48 GMT - Sat, 19 Jul 2025 00:43:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /pixel/pure HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://daddylivehd.site/
Origin: https://daddylivehd.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Sun, 08 Jun 2025 19:09:26 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0

GET daddylivehd1.online/cdn-cgi/challenge-platform/h/b/scripts/jsd/f9574c83b4d7/main.js?

104.21.50.105

200 OK

10 kB

URL GET
daddylivehd1.online/cdn-cgi/challenge-platform/h/b/scripts/jsd/f9574c83b4d7/main.js?
IP
104.21.50.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/
Certificate
IssuerGoogle Trust Services
Subjectdaddylivehd1.online
Fingerprint3A:8E:F4:7E:F9:D0:02:01:99:C9:79:5E:62:5F:71:92:85:9D:20:2F
ValidityWed, 07 May 2025 12:53:28 GMT - Tue, 05 Aug 2025 13:51:41 GMT

File type
JavaScript source, ASCII text, with very long lines (10036), with no line terminators
Size
10 kB (10036 bytes)
Hash
8c6874ad6b10c47d49523fd2507b5dbb
3253b248c60168c2dcd5f1310303982d888e5f8a
957a85b62dc0d70262f472a7626227f18d660aa7f52f3361ba5e7a2606a55341

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/f9574c83b4d7/main.js? HTTP/1.1
Host: daddylivehd1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Jun 2025 19:09:27 GMT
content-type: application/javascript; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
x-content-type-options: nosniff
content-encoding: br
cf-ray: 94caaf09cb8956a2-OSL
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MsXBpid4KzNTiNYbpe5JqKrpCipV3emUhR%2F40yH9y9YEeXcUrmStFzXyDMkB3i1SGKVW5SZXhF8%2FVWh1pWSKcn0TCgZCgNtB5sWllXtHjy53aCuSEmR5NikvecB4u9Fu2vk9dzyT"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5586&min_rtt=1964&rtt_var=2641&sent=28&recv=24&lost=0&retrans=0&sent_bytes=10053&recv_bytes=2482&delivery_rate=2513074&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=e934b2b36aff8033&ts=266&inflight_dur=58&x=80"

GET madurird.com/tag.min.js

139.45.197.106

200 OK

108 kB

URL GET
madurird.com/tag.min.js
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://topembed.pw/channel/ITV1[UK]
Certificate
IssuerLet's Encrypt
Subjectmadurird.com
FingerprintE6:F5:25:47:3F:87:05:23:96:F8:35:FA:1C:BC:79:F8:B3:85:26:2D
ValiditySat, 19 Apr 2025 05:46:37 GMT - Fri, 18 Jul 2025 05:46:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107527 bytes)
Hash
73217dbc1f4a40490924d207f9954b68
36dec7c4513fb9a90109340e387e9a74d683ef20
70e626751e2ecfb9bb2602d111d7aec443f0fa5595bf2002278d00c612b3d9a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: madurird.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://topembed.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Jun 2025 19:09:28 GMT
content-type: application/javascript
x-trace-id: 17b79dc77eed2654815e82f8cd062a39
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/disable-devtool@latest/disable-devtool.min.js

104.16.175.226

200 OK

17 kB

URL GET
cdn.jsdelivr.net/npm/disable-devtool@latest/disable-devtool.min.js
IP
104.16.175.226:443
ASN
#13335 CLOUDFLARENET

Requested by
https://topembed.pw/channel/ITV1[UK]
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
FingerprintA6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F
ValidityFri, 25 Apr 2025 00:00:00 GMT - Mon, 04 May 2026 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (17245)
Size
17 kB (17266 bytes)
Hash
226c2fa3f39c0bb35bb5f1d9d120f9ec
7134ea62cdb655c2a423b1662365c99ba645c2bd
8a23f92a25922d13437d67f25ba2269b64080b5ec030f5cba982e0261abbfe04

HTTP Headers

GET /npm/disable-devtool@latest/disable-devtool.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://topembed.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 19:09:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 6161
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 0.3.8
x-jsd-version-type: version
etag: W/"4372-cTTqYs22VcKkI7FmI2XJm6ZFwr0"
content-encoding: br
x-served-by: cache-fra-etou8220123-FRA, cache-lga21961-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 34145
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zwtH8r26eInTOXRYXBZtL7g2b5Ru8NdzSuFpdh4%2FeDuJ9%2FHvTxXUy248KaIK5td5QVflqtqGOi9flhIOGEb3S2MM%2BSwsvW6HjGI26r%2FOcXgqWNYKq%2BCyK9PlEUW3J0Kim3o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 94caaf0ba9157128-OSL
X-Firefox-Spdy: h2

GET uu.kniveyhagweed.com/rQj6YH8H49N/113434

23.109.170.137

200 OK

5 B

URL GET
uu.kniveyhagweed.com/rQj6YH8H49N/113434
IP
23.109.170.137:443
ASN
#7979 SERVERS-COM

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerLet's Encrypt
Subjectuu.kniveyhagweed.com
Fingerprint5E:23:09:FC:67:FF:6D:D5:45:90:31:52:65:1D:5E:99:C7:81:10:31
ValidityTue, 27 May 2025 11:54:34 GMT - Mon, 25 Aug 2025 11:54:33 GMT

File type
ASCII text, with no line terminators
Size
5 B (5 bytes)
Hash
848667c49f5d3aef59cd65ed276cd7ae
bd12c0ca2dfaa249586f1b9b8d48b02a1b9e3763
cc5a5851251dd8052292557ba0231c51363ff1474f60b7a4af3be144cb1327c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rQj6YH8H49N/113434 HTTP/1.1
Host: uu.kniveyhagweed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 08 Jun 2025 19:09:24 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://daddylivehd.site
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Mon, 09-Jun-2025 19:09:24 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Mon, 09-Jun-2025 19:09:24 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://topembed.pw/channel/ITV1[UK]
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://topembed.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 08 Jun 2025 19:09:28 GMT
age: 1138768
x-served-by: cache-lga21931-LGA, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 311050
x-timer: S1749409768.327310,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

GET waust.at/c.js

172.67.71.57

200 OK

12 kB

URL GET
waust.at/c.js
IP
172.67.71.57:443
ASN
#13335 CLOUDFLARENET

Requested by
https://topembed.pw/channel/ITV1[UK]
Certificate
IssuerGoogle Trust Services
Subjectwaust.at
Fingerprint28:34:9D:B0:BC:21:BB:62:84:CA:E8:DB:72:58:B1:08:CA:F0:42:A2
ValidityWed, 23 Apr 2025 12:21:57 GMT - Tue, 22 Jul 2025 13:21:56 GMT

File type
JavaScript source, ASCII text, with very long lines (12117), with no line terminators
Size
12 kB (12117 bytes)
Hash
7f167017c3edca98e152e2ad7e547032
cbcbd0f11bd2f552cdd87cf1947fadc2b7371681
52784de24aa1b312200cd6262ccecb5983c443290f1fe8d01790199be351b02d

HTTP Headers

GET /c.js HTTP/1.1
Host: waust.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://topembed.pw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 19:09:28 GMT
content-type: application/x-javascript
cf-ray: 94caaf0bfdbfb517-OSL
last-modified: Tue, 15 Apr 2025 23:21:24 GMT
etag: W/"67fee9f4-2f55"
expires: Mon, 09 Jun 2025 18:52:08 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 1039
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=inQ2JPAZM%2FyMz3R3jtluGI%2BKckxSd8C%2FKl%2F0hJvrTLnzjxdU1%2FKnsJehW3NgycBz%2FYqLbGgdmzt3XX4nnptnuZvbfzYpC28S%2Fw8WLlHVl6NOFCNjMgy8TF18"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=500&min_rtt=357&rtt_var=121&sent=7&recv=12&lost=0&retrans=0&sent_bytes=3190&recv_bytes=1054&delivery_rate=7240000&cwnd=254&unsent_bytes=0&cid=69711798f8830710&ts=68&x=0"
X-Firefox-Spdy: h2

HEAD topembed.pw/channel/ITV1[UK]

188.114.96.1

200 OK

0 B

URL HEAD
topembed.pw/channel/ITV1[UK]
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://topembed.pw/channel/ITV1[UK]
Certificate
IssuerGoogle Trust Services
Subjecttopembed.pw
Fingerprint4D:4A:73:BA:44:EB:4D:40:8A:F6:36:F1:92:92:6A:97:88:C9:EF:0F
ValidityFri, 30 May 2025 16:10:04 GMT - Thu, 28 Aug 2025 17:07:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /channel/ITV1[UK] HTTP/1.1
Host: topembed.pw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://topembed.pw/channel/ITV1[UK]
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Jun 2025 19:09:28 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
cache-control: no-cache, no-store, must-revalidate
x-cacheable: YES
expires: Sun, 08 Jun 2025 19:10:18 GMT
videocdn: HIT
videocdnx: NO
node: PHP
x-cache: HIT
age: 0
cf-cache-status: HIT
last-modified: Sun, 08 Jun 2025 19:09:28 GMT
priority: u=3,i=?0
vary: accept-encoding
max-age: 0
pragma: no-cache
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7QjIlXDBG7OobteJjPGdFdsFQPZaL7EuBASW5aRFR5QmeIyYx1y4iOLSyJWAmm1nl2gK9QTW65jmHceeTCKZTbup1HQDcG1brQ%3D%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 94caaf0b8b4056a5-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET daddylivehd.site/favicon.ico

104.21.80.1

301 Moved Permanently

0 B

URL GET
daddylivehd.site/favicon.ico
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerGoogle Trust Services
Subjectdaddylivehd.site
FingerprintC0:9D:FD:69:CA:5F:CC:E2:13:16:72:E7:EE:45:CD:9B:C3:30:FB:F5
ValidityThu, 15 May 2025 22:55:25 GMT - Wed, 13 Aug 2025 23:54:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: daddylivehd.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/stream/stream-350.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Sun, 08 Jun 2025 19:09:25 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VgMAjkXIFLv7zvxt81KDufdaf2AM%2Bk%2FEh0%2BGyD51Wv85g%2BmbjNNpBnz8u2ZH8ztYdr%2BOVkNK9nW%2FMtmjRiWoruMOYFWDoFnxufhIUYpPa0dvOC1jwb1TSjmP7Oz%2Fa97IPjPx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PHP/7.4.33
x-redirect-by: Simple Website Redirect 1.3.2
location: https://daddylivehd.click/favicon.ico
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
cache-control: max-age=31536000
cf-cache-status: HIT
cf-ray: 94caaefa984a5699-OSL
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
x-content-type-options: nosniff
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=QUIC&rtt=5920&min_rtt=2585&rtt_var=5091&sent=74&recv=104&lost=0&retrans=0&sent_bytes=13170&recv_bytes=6598&delivery_rate=2187206&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=1610556658bb9e23&ts=1399&inflight_dur=56&x=80"

GET daddylivehd.click/favicon.ico

188.114.96.1

403 Forbidden

0 B

URL GET
daddylivehd.click/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerGoogle Trust Services
Subjectdaddylivehd.click
Fingerprint82:91:6C:0A:EF:D6:B8:B7:EA:1A:B2:F8:39:C3:6A:ED:B3:4A:AE:9A
ValiditySat, 31 May 2025 15:13:04 GMT - Fri, 29 Aug 2025 16:10:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: daddylivehd.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://daddylivehd.site/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Sun, 08 Jun 2025 19:09:25 GMT
content-type: text/html; charset=UTF-8
vary: Referer, Accept-Encoding
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TNdghGyhVeRpjOq3NBVZn2OfclPv1mulxfPIrf7EBQPI9YH3d0irIqtDWOLtaN9td3H%2FRuwzDdFiksZzDGTFH7jx1xGRI1Wiy68ao7VtLuUb8XiJl7cHwM5l33Gj9vfzhBJ9cA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 94caaefc68857131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=592&min_rtt=496&rtt_var=243&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3292&recv_bytes=1215&delivery_rate=7203980&cwnd=254&unsent_bytes=0&cid=705ff2d16799021b&ts=42&x=0"
X-Firefox-Spdy: h2

POST nannyirrationalacquainted.com/pixel/pure

172.240.108.76

200 OK

0 B

URL POST
nannyirrationalacquainted.com/pixel/pure
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerLet's Encrypt
Subjectnannyirrationalacquainted.com
Fingerprint02:A2:15:3C:6C:15:16:0E:78:8F:56:09:21:EA:27:04:2D:EC:D5:E2
ValiditySun, 20 Apr 2025 00:43:48 GMT - Sat, 19 Jul 2025 00:43:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /pixel/pure HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://daddylivehd.site
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 08 Jun 2025 19:09:26 GMT
Content-Length: 0
Connection: keep-alive
Host: nannyirrationalacquainted.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET daddylivehd1.online/tv/wp-content/plugins/AlbaPlayer//assets/css/style.css?v=11.1

104.21.50.105

200 OK

13 kB

URL GET
daddylivehd1.online/tv/wp-content/plugins/AlbaPlayer//assets/css/style.css?v=11.1
IP
104.21.50.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/
Certificate
IssuerGoogle Trust Services
Subjectdaddylivehd1.online
Fingerprint3A:8E:F4:7E:F9:D0:02:01:99:C9:79:5E:62:5F:71:92:85:9D:20:2F
ValidityWed, 07 May 2025 12:53:28 GMT - Tue, 05 Aug 2025 13:51:41 GMT

File type
ASCII text, with very long lines (13175), with no line terminators
Size
13 kB (13175 bytes)
Hash
e9db16bb849107eb004b009f260dccd6
163592714dcee8286a6447ef54263e4e5e9e2776
4ee01e78ab6cadd86f788733494642492a7c72f6dce53d6eb022a847472ff7a9

HTTP Headers

GET /tv/wp-content/plugins/AlbaPlayer//assets/css/style.css?v=11.1 HTTP/1.1
Host: daddylivehd1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Jun 2025 19:09:27 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zjgJEkJMyFM47Hm437dH32yXI0ctORy8tbjwY%2BgBrKZuG3VhzqcPTfWUZZUCEIPUNJrxI%2FkxFwATS8LNzJhnZ2vhFBKP0g57tVY0PDP7tMmnv%2F5IwMcsoPrOkjqhkq6otv%2FnNNbu"}],"group":"cf-nel","max_age":604800}
last-modified: Mon, 28 Apr 2025 20:34:55 GMT
etag: "680fe66f-3377"
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
content-encoding: gzip
vary: accept-encoding
age: 6289
cache-control: max-age=31536000
cf-cache-status: HIT
cf-ray: 94caaf08cb7f56a2-OSL
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=QUIC&rtt=5935&min_rtt=1964&rtt_var=2884&sent=20&recv=20&lost=0&retrans=0&sent_bytes=4170&recv_bytes=1869&delivery_rate=424766&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=e934b2b36aff8033&ts=118&inflight_dur=30&x=80"

GET daddylivehd1.online/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.50.105

302 Found

10 kB

URL GET
daddylivehd1.online/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.50.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/
Certificate
IssuerGoogle Trust Services
Subjectdaddylivehd1.online
Fingerprint3A:8E:F4:7E:F9:D0:02:01:99:C9:79:5E:62:5F:71:92:85:9D:20:2F
ValidityWed, 07 May 2025 12:53:28 GMT - Tue, 05 Aug 2025 13:51:41 GMT

File type

Size
10 kB (10036 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: daddylivehd1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Sun, 08 Jun 2025 19:09:27 GMT
content-length: 0
vary: Accept-Encoding
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/f9574c83b4d7/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
cf-ray: 94caaf097b8556a2-OSL
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qTIMBOyeipioohUFtLbVRDE9dUM5QFidM2DdC6LIacGJ%2BDRsj1kuYzT0VcPJmSiDIwhSZp%2Fnb%2FEVb030bRTPStfSY%2FBxiyo4SluiJ%2BCs%2FRsuDPFCiB3j686RR89cIIs2oAsvu0D2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5445&min_rtt=1964&rtt_var=3144&sent=26&recv=22&lost=0&retrans=0&sent_bytes=9254&recv_bytes=2169&delivery_rate=2513074&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=e934b2b36aff8033&ts=213&inflight_dur=32&x=80"

POST daddylivehd1.online/cdn-cgi/challenge-platform/h/b/jsd/r/0.8489790648555644:1749406395:AOOzD-iFVKsOR56ESbva40I69Ey2T5eRY-0MG5tNHzM/94caaef81aa70b55

104.21.50.105

200 OK

0 B

URL POST
daddylivehd1.online/cdn-cgi/challenge-platform/h/b/jsd/r/0.8489790648555644:1749406395:AOOzD-iFVKsOR56ESbva40I69Ey2T5eRY-0MG5tNHzM/94caaef81aa70b55
IP
104.21.50.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/
Certificate
IssuerGoogle Trust Services
Subjectdaddylivehd1.online
Fingerprint3A:8E:F4:7E:F9:D0:02:01:99:C9:79:5E:62:5F:71:92:85:9D:20:2F
ValidityWed, 07 May 2025 12:53:28 GMT - Tue, 05 Aug 2025 13:51:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.8489790648555644:1749406395:AOOzD-iFVKsOR56ESbva40I69Ey2T5eRY-0MG5tNHzM/94caaef81aa70b55 HTTP/1.1
Host: daddylivehd1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 12127
Origin: https://daddylivehd1.online
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Jun 2025 19:09:28 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SquxZTAmwCVbEZpJ%2BrWvAfrc8LYSwou6x0CqCTb8RYDzvMuYoHwSD%2Fs4ciZ4FmoeUviBvAS2Mxtk%2B%2FEB3eIxYFfYNvzNlaMJCnpHK22o%2FSdH5yMwz6DHJlK%2FvPiZiFEhRQepVBWM"}],"group":"cf-nel","max_age":604800}
set-cookie: cf_clearance=qoAZJZOFg65kg94jTQvIwXiuKBlJv6E319Nj_3ovlFM-1749409768-1.2.1.1-gYSY984.NUHj7Z0PJcv_qf7T0lMPlLlqHFF2Yq1BGZSFFR1PnD1j5zwBJ6B8V6CZTHh.teI9VVggPRAhNPxKzMnLadzTqELsmFa16Yx2MEPaaFCAt7JYlY5O5oJE9fpYRvx7nh9iXpxQSnmVBEbv1wWnxPqVxcWu2Tqjp51DSNpQaSrTeIXBKlbZUtGHXo2hv2bQmPayfyorh_gell5J9Pb_2XZwRhKj5PPOl0AEzmTJsEa9IkvQboYcO9HYcm5Iz6isKri9TA_J27Cf23_GTZSE4TwklM.dOJ0u8NKQ19PZeePo50K8bv.l6sl1YhMuGVzdtLCP4UHm0wOhc4rxtyxwX0UMYW1TPihyIU4evZI; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=daddylivehd1.online; Expires=Mon, 08 Jun 2026 19:09:28 GMT
cf-ray: 94caaf0b5b9656a2-OSL
server: cloudflare
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5128&min_rtt=1923&rtt_var=2896&sent=39&recv=35&lost=0&retrans=0&sent_bytes=15776&recv_bytes=15446&delivery_rate=2908458&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=e934b2b36aff8033&ts=515&inflight_dur=60&x=80"

GET daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/

104.21.50.105

200 OK

41 kB

URL GET
daddylivehd1.online/tv/albaplayer/stream-350/?serv=1/
IP
104.21.50.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerGoogle Trust Services
Subjectdaddylivehd1.online
Fingerprint3A:8E:F4:7E:F9:D0:02:01:99:C9:79:5E:62:5F:71:92:85:9D:20:2F
ValidityWed, 07 May 2025 12:53:28 GMT - Tue, 05 Aug 2025 13:51:41 GMT

File type
HTML document, ASCII text, with very long lines (29788), with CRLF, LF line terminators
Size
41 kB (41202 bytes)
Hash
77f810ff99fbc8a16e3513481d59c624
842e6d19b8bd6dfc5eb12c84aee54d81423150c4
82f0b1fbc3706841381dec414e24ca208b31586cf2299b1e05c97822db17f638

HTTP Headers

GET /tv/albaplayer/stream-350/?serv=1/ HTTP/1.1
Host: daddylivehd1.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 19:09:27 GMT
content-type: text/html; charset=UTF-8
content-encoding: br
x-powered-by: PHP/7.4.33
x-powered-cache: MISS
link: <https://daddylivehd1.online/tv/wp-json/>; rel="https://api.w.org/", <https://daddylivehd1.online/tv/?p=144464>; rel=shortlink
set-cookie: pvc_visits[0]=1749496167b144464; expires=Mon, 09-Jun-2025 19:09:27 GMT; Max-Age=86400; path=/tv/; secure; SameSite=LAX
eo3wr3h1=1qtinz3hdgre; expires=Fri, 13-Jun-2025 19:09:27 GMT; Max-Age=432000; path=/; secure; HttpOnly
8ql0k72o=2j7pypi6tp0r; expires=Fri, 13-Jun-2025 19:09:27 GMT; Max-Age=432000; path=/; secure; HttpOnly
n8yr8kra=lrymlqv72nte; expires=Fri, 13-Jun-2025 19:09:27 GMT; Max-Age=432000; path=/; secure; HttpOnly
vary: Accept-Encoding
cache-control: max-age=0
expires: Sun, 08 Jun 2025 19:09:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b2%2FVdx5f9hYgWdDc4JP5wRekgy9eKgg1jg1HzG8p6FI0bKsH7yMaxaZZqOiPY2KQTc4plWONwzCOh%2BK8BEqMt6VMz3wOxrMkukMe5bAIFwwECBzAkF1mrhUjz30db9mo3%2Fj1jZur"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 94caaef81aa70b55-OSL
server-timing: cfCacheStatus;desc="BYPASS", cfL4;desc="?proto=TCP&rtt=496&min_rtt=443&rtt_var=117&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3219&recv_bytes=1171&delivery_rate=7144736&cwnd=254&unsent_bytes=0&cid=8ee023f63255c900&ts=2607&x=0"
X-Firefox-Spdy: h2

GET recordedthereby.com/sfp.js

185.196.197.72

200 OK

85 kB

URL GET
recordedthereby.com/sfp.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerLet's Encrypt
Subjectrecordedthereby.com
Fingerprint43:76:D8:56:43:66:8A:49:51:DC:E6:8E:5A:E9:35:93:29:07:37:C1
ValidityMon, 05 May 2025 21:20:39 GMT - Sun, 03 Aug 2025 21:20:38 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
85 kB (85380 bytes)
Hash
108625937affa4b38bb17cea65510d72
2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee
c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 08 Jun 2025 19:09:25 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28255
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: a98e6d82ae0ef23eac5d9b87b973f241
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET capaciousdrewreligion.com/advertisers.js

185.196.197.72

200 OK

0 B

URL GET
capaciousdrewreligion.com/advertisers.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint4C:9A:D1:39:AD:B4:C8:D5:6E:A1:5A:54:6F:88:D5:0F:D1:C6:5A:06
ValidityFri, 02 May 2025 21:09:09 GMT - Thu, 31 Jul 2025 21:09:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 08 Jun 2025 19:09:25 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 73daa2d45dfd191d9ad7824050b2ecc3
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET daddylivehd.site/cdn-cgi/challenge-platform/h/b/scripts/jsd/f9574c83b4d7/main.js?

104.21.80.1

200 OK

10 kB

URL GET
daddylivehd.site/cdn-cgi/challenge-platform/h/b/scripts/jsd/f9574c83b4d7/main.js?
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerGoogle Trust Services
Subjectdaddylivehd.site
FingerprintC0:9D:FD:69:CA:5F:CC:E2:13:16:72:E7:EE:45:CD:9B:C3:30:FB:F5
ValidityThu, 15 May 2025 22:55:25 GMT - Wed, 13 Aug 2025 23:54:07 GMT

File type
JavaScript source, ASCII text, with very long lines (10119), with no line terminators
Size
10 kB (10119 bytes)
Hash
d93ee493d8b3eea197241a9528ae3a57
ef2b6ec9fee513ec49554bdbba0498770abae241
ef6ae14ec885f77703b1ddfba2bf39e9faca32fa84463eda1e1c92efcc77d246

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/f9574c83b4d7/main.js? HTTP/1.1
Host: daddylivehd.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 08 Jun 2025 19:09:25 GMT
content-type: application/javascript; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
x-content-type-options: nosniff
content-encoding: br
cf-ray: 94caaef9f8345699-OSL
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eeTZ36J1fpozmlZo%2BbzrT4lKK1gn%2Bbz5De1iiDUUR7EVHaxHkBQuadXJrYq6WpQ5f4ff3a7uDOEdyeY36AvN2023MsYFyBCUnCGn3if1%2B8JdSVmM3msGD%2F4Ir%2BFG1uSk4zeh"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6396&min_rtt=2585&rtt_var=5519&sent=68&recv=102&lost=0&retrans=0&sent_bytes=7485&recv_bytes=6257&delivery_rate=574465&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=1610556658bb9e23&ts=1244&inflight_dur=54&x=80"

GET experttrafficcounter.com/stats

18.192.242.105

200 OK

40 B

URL GET
experttrafficcounter.com/stats
IP
18.192.242.105:443
ASN
#16509 AMAZON-02

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerAmazon
Subjectexperttrafficcounter.com
FingerprintCE:93:F6:82:20:C2:20:51:6E:53:85:EC:03:9C:48:F0:13:0B:67:D7
ValidityTue, 29 Apr 2025 00:00:00 GMT - Thu, 28 May 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
3128b2cf4ebb8a1e5e380fb113c46d20
8a6e11afc4c89017177e16faa7e75e8df58d0641
42e54b3c17c4d72cdb6ad454dd2da1949b397d6f7a222317a19d5cd6f5dcc86c

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://daddylivehd.site
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/
Cookie: uid_id2=93f702fa-a1c4-42e8-9945-1d28a3700cae:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 08 Jun 2025 19:09:28 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://daddylivehd.site
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

GET sabotagesophisticatedfragile.com/9f/45/99/9f4599940e2778b83b86ab9f9df533ae.js

192.243.59.13

200 OK

104 kB

URL GET
sabotagesophisticatedfragile.com/9f/45/99/9f4599940e2778b83b86ab9f9df533ae.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://daddylivehd.site/stream/stream-350.php
Certificate
IssuerLet's Encrypt
Subjectsabotagesophisticatedfragile.com
Fingerprint71:63:82:A0:20:51:4F:01:E0:D2:4F:3B:2C:1E:CD:A7:82:1C:2E:96
ValidityMon, 26 May 2025 15:21:57 GMT - Sun, 24 Aug 2025 15:21:56 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
104 kB (104496 bytes)
Hash
253eda3ad93ee53f8ef8803fda89102d
838224613f914fc4adb19be42520b9c1e0fe58de
cf003ee53f20ea43c0fadee810142c418710b8f92475a8deea8bab1c6bfaf851

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /9f/45/99/9f4599940e2778b83b86ab9f9df533ae.js HTTP/1.1
Host: sabotagesophisticatedfragile.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://daddylivehd.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 08 Jun 2025 19:09:24 GMT
Content-Type: application/javascript
Content-Length: 32777
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: sabotagesophisticatedfragile.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: bbc48e832a564b5dc36e09f335da232f
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML