Report - nowagoal.lol/my/stream-66.php

Report Overview

Visited public
2024-10-20 00:25:52
Tags
URL
nowagoal.lol/my/stream-66.php
Finishing URL
nowagoal.lol/my/stream-66.php
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
nowagoal.lol/my/stream-66.php

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-10-16	411 B	375 B	185.196.197.71
ilovetoplay.xyz	unknown	2024-08-03	2024-10-13	2024-10-13	890 B	80 kB	104.21.27.34
kzt2afc1rp52.com	unknown	2020-04-27	2020-04-27	2024-07-27	432 B	34 kB	192.243.59.20
braadroit.com	unknown	2024-08-12	2024-10-19	2024-10-19	905 B	17 kB	192.243.59.12
ts.getherelf.com	unknown	2024-08-16	2024-10-20	2024-10-20	409 B	1.5 kB	23.109.170.209
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-10-16	425 B	419 B	52.29.88.45
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-10-16	457 B	741 B	139.45.195.8
youradexchange.com	273384	2012-11-09	2013-02-04	2024-10-16	795 B	33 kB	172.67.177.214
pubtrky.com	unknown	2023-11-21	2023-11-21	2024-10-16	468 B	750 B	172.67.188.110
upload.wikimedia.org	2215	2003-03-16	2012-05-21	2024-10-16	455 B	1.4 kB	185.15.59.240
code.jquery.com	634	2005-12-10	2012-05-21	2024-10-16	411 B	90 kB	151.101.130.137
koocawhaido.net	unknown	2024-07-18	2024-10-20	2024-10-20	2.0 kB	54 kB	139.45.197.243
nowagoal.lol	unknown	2024-09-09	2024-10-20	2024-10-20	1.2 kB	10 kB	188.114.96.1
chaidroorsoustu.net	unknown	2024-10-19	2024-10-20	2024-10-20	404 B	28 kB	139.45.197.244
blissfulmass.com	unknown	2024-08-12	2024-10-19	2024-10-19	535 B	1.1 kB	192.243.61.225
hrwbr.life	unknown	2024-10-18	2024-10-19	2024-10-19	413 B	64 kB	188.114.96.1
recordedthereby.com	unknown	2024-05-08	2024-05-14	2024-10-16	794 B	172 kB	185.196.197.72
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-10-16	427 B	146 kB	151.101.129.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-20	medium	koocawhaido.net	Sinkholed
2024-10-20	medium	koocawhaido.net	Sinkholed
2024-10-20	medium	koocawhaido.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	From	Size	First Seen	Last Seen
	nowagoal.lol/my/stream-66.php	ScriptElement	467 B	2023-03-09	2025-04-27
Pretty URL nowagoal.lol/my/stream-66.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 01:35 Last Seen2025-04-27 22:29 Times Seen217 Hash f6ca01bb0ca3ebde821544f18ec83583 2e8cbf747f80c79ae8c12b8685556757e813b9db a1d2b03b3b1269adbdcbda20f64807bc730335783a9a90e9fbd743f898fb675c Loading...

	hrwbr.life/script/ut.js?cb=1729383928174	ScriptElement	63 kB	2024-10-10	2024-12-02
Pretty URL hrwbr.life/script/ut.js?cb=1729383928174 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-10 16:50 Last Seen2024-12-02 08:53 Times Seen438 Hash 8c24b56eda595fd9b563b16eb92087d6 61a384a63a0f3179ca7318084e768119eb67157a 35ec1d1b03ab4ffa697084f162cf49b979f7d27c84b8771f8f591fad95feb757 Loading...

	ilovetoplay.xyz/premiumtv/daddylive.php?id=66	ScriptElement	52 B	2024-07-11	2025-04-27
Pretty URL ilovetoplay.xyz/premiumtv/daddylive.php?id=66 IP 104.21.27.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-11 01:38 Last Seen2025-04-27 22:29 Times Seen133 Hash 78a6702d966a64ed29eca96bfefed3de cc38ab49fb9cf0b5dfe3639378bd12af22ef1c0c 00f32959faf141840611a9e3f434a6924cbcd843de990bb5df8ad037b9f8d095 Loading...

	recordedthereby.com/sfp.js	ScriptElement	85 kB	2024-05-17	2025-01-21
Pretty URL recordedthereby.com/sfp.js IP 185.196.197.72 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-17 16:43 Last Seen2025-01-21 11:22 Times Seen13574 Hash 7e3e44049654b6e244c1777e68ffb8e7 8f2a8298666d607afd92a0baa362ef4dc9ccd039 4acac8b8ff23671d365150818f3c39bbbfa08b1a1842d73de5933e0fea26454b Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-04-30
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-04-30 03:12 Times Seen203496 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	kzt2afc1rp52.com/dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js	ScriptElement	95 kB	2024-10-20	2024-10-20
Pretty URL kzt2afc1rp52.com/dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-20 00:25 Last Seen2024-10-20 00:25 Times Seen1 Hash 92819b1d680cca5aa60019e8e862ddee 3ab0cd36100e0d7829f35a31b3e7fe29b989b6a9 c7dc28f63bcd5e6d63bb33b721dd607c31892eacf7592017a84b5100b88329da Loading...

	nowagoal.lol/my/stream-66.php	ScriptElement	172 kB	2024-10-20	2024-10-20
Pretty URL nowagoal.lol/my/stream-66.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-20 00:25 Last Seen2024-10-20 13:47 Times Seen2 Hash 6c2480bb1d8e33d7bd1ef82d6c31a377 f01d8c1962bcd8f242993c0326e3cd9288a3cdf8 c6fbfce1df649d399f990987ea025eb4b94ee7f68fe5a1eb5c4b1bab15cb2060 Loading...

	koocawhaido.net/tag.min.js	ScriptElement	71 kB	2024-10-20	2024-10-20
Pretty URL koocawhaido.net/tag.min.js IP 139.45.197.243 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-20 00:25 Last Seen2024-10-20 03:52 Times Seen5 Hash 9fdeb573ce1b32651c53be374bb81353 0148c00e8673b157a44495495460895b0f3e49fb cc834b231fd2415851e09d7858e0a1e4c391e2d47acb81e81e0aea8d8b9f7599 Loading...

	ilovetoplay.xyz/blast.js	ScriptElement	78 kB	2023-03-08	2025-04-27
Pretty URL ilovetoplay.xyz/blast.js IP 104.21.27.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53 Last Seen2025-04-27 22:29 Times Seen507 Hash 091faec928970e76d37a3601c19fcf8a 6441e8eebe90eb8d4a40e7c25440ff99caba3520 eb06375118b1eb73f43b8f1851472008f84999a1b27359c075bf5da6feef9a12 Loading...

	braadroit.com/18/43/01/1843019bf263f39accf339e8c46780a9.js	ScriptElement	44 kB	2024-10-20	2024-10-20
Pretty URL braadroit.com/18/43/01/1843019bf263f39accf339e8c46780a9.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-20 00:25 Last Seen2024-10-20 00:25 Times Seen1 Hash 6f5eab4e90312b11758cbf78bd71a68e e560186132ad57a33cce06c3b6c077f9ee22dc16 b84357104d069147d06a5991455ce434d33949fce1050c53f08fbe4b0cdb12d2 Loading...

	nowagoal.lol/my/stream-66.php	ScriptElement	157 B	2023-03-11	2025-04-27
Pretty URL nowagoal.lol/my/stream-66.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 19:15 Last Seen2025-04-27 22:29 Times Seen182 Hash 60f1798bac26472658ff588720760829 9929b26eeb812be15261ac5aee076e468bf4764f acf1662d0ddc764da1a0a9ca8c14ce6d6a937aecef80b4b0e0426698a24b765d Loading...

	nowagoal.lol/my/stream-66.php	ScriptElement	8.5 kB	2023-07-23	2025-04-27
Pretty URL nowagoal.lol/my/stream-66.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-23 19:35 Last Seen2025-04-27 22:29 Times Seen132 Hash ff656e6bdffbea98da4df97ff7ae3d21 f742e8d729409184fdaf152c2d2b670d6db7e9ec 9e6e95d6fa2ce522e900a6eb22ef91ae4fa930a9e39e2ca913742d48d0484b68 Loading...

	unknown	JavascriptURL	5 B	2023-03-07	2025-04-29
Pretty Introduced by javascriptURL Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-04-29 19:55 Times Seen25059 Hash 68934a3e9455fa72420237eb05902327 7cb6efb98ba5972a9b5090dc2e517fe14d12cb04 fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa Loading...

	unknown	Function	34 B	2023-04-11	2025-04-29
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:16 Last Seen2025-04-29 15:25 Times Seen67005 Hash 572cb94037fffc2a0a53b465972e15f1 0d679b041a7c1ca45cc99e2d229fc2b86762838d 6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35 Loading...

	nowagoal.lol/my/stream-66.php	ScriptElement	28 kB	2024-08-13	2024-10-26
Pretty URL nowagoal.lol/my/stream-66.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-13 20:22 Last Seen2024-10-26 16:50 Times Seen37 Hash 91eb82f0279ba0b351bdc31b2f356933 fef4193f8c85dfecc941941a6f73392fc7b940a7 65e9f109816c22303ef3bd3f975e659a74f5298babd95cc74cc66f8be6763d60 Loading...

	ilovetoplay.xyz/premiumtv/daddylive.php?id=66	ScriptElement	45 B	2024-07-20	2025-04-27
Pretty URL ilovetoplay.xyz/premiumtv/daddylive.php?id=66 IP 104.21.27.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-20 17:31 Last Seen2025-04-27 22:29 Times Seen126 Hash b50a7599a1cd871d2b379f9ef0b04aa4 66783a5680bbf18a422b0ebf586f787abb91f56f 94ba1e39aa22b534544bd907ddee33191396ded56a47cabf861e12ed65780385 Loading...

	unknown	ScriptElement	172 B	2024-10-20	2024-10-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-10-20 00:25 Last Seen2024-10-20 00:25 Times Seen1 Hash 33a70e163e6809bce8b19217e0c10c68 35f6dfb7fc907b3cad9c6763988e786564553558 c0b38936b8357e3dacf7649a4ea7384a4cd666b91f32390912c0c08fde7f511e Loading...

	capaciousdrewreligion.com/advertisers.js	ScriptElement	0 B	0001-01-01	2025-04-30
Pretty URL capaciousdrewreligion.com/advertisers.js IP 185.196.197.71 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-04-30 04:32 Times Seen4579420 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ilovetoplay.xyz/premiumtv/daddylive.php?id=66	ScriptElement	2.3 kB	2024-10-20	2024-10-20
Pretty URL ilovetoplay.xyz/premiumtv/daddylive.php?id=66 IP 104.21.27.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-20 00:25 Last Seen2024-10-20 14:25 Times Seen3 Hash d5f452584c4456170856f7eef114b0db 6b2a95a34f484691ba9cfde2f8fc6f894acebba3 d1eca5412842e11c213465b1547846b9123198cc4dee8023f77e332f5184ce96 Loading...

	ilovetoplay.xyz/premiumtv/daddylive.php?id=66	ScriptElement	28 kB	2024-10-20	2024-10-20
Pretty URL ilovetoplay.xyz/premiumtv/daddylive.php?id=66 IP 104.21.27.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-20 00:25 Last Seen2024-10-20 00:25 Times Seen1 Hash 6a14068a32bf15323ca48b7afd8105fa 4ef7959e162fdbe80d7394b9b68f1d8e70e0686d 4ec6a76feff8986d82ffe8cec5cdfeb85ce881f8e7b66f2ca2a3a7c965c46b18 Loading...

	nowagoal.lol/my/stream-66.php	ScriptElement	448 B	2024-08-13	2024-10-26
Pretty URL nowagoal.lol/my/stream-66.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-13 20:22 Last Seen2024-10-26 16:50 Times Seen37 Hash 1bb8c164dd8675e3aa55b3e94c64eff2 2b29816e9013d15f27a6271e6237a6fb132187a5 f1a4432c41bd82dfa01d26ec3db78be92bfb8fc06dca3783cc829b9131ca4af3 Loading...

HTTP Transactions (24)

URL IP Response Size

ts.getherelf.com/rlK8sbuOhrALEvV/69521

23.109.170.209

200 OK

20 B

URL GET HTTP/1.1
ts.getherelf.com/rlK8sbuOhrALEvV/69521
IP
23.109.170.209:443
ASN
#7979 SERVERS-COM

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerLet's Encrypt
Subjectts.getherelf.com
Fingerprint36:62:67:15:5A:C7:B4:1C:11:C7:8A:FA:FC:78:01:21:B6:D2:85:31
ValidityFri, 16 Aug 2024 06:36:10 GMT - Thu, 14 Nov 2024 06:36:09 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /rlK8sbuOhrALEvV/69521 HTTP/1.1
Host: ts.getherelf.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 20 Oct 2024 00:25:27 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://nowagoal.lol
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Mon, 21-Oct-2024 00:25:27 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Mon, 21-Oct-2024 00:25:27 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

kzt2afc1rp52.com/dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js

192.243.59.20

200 OK

34 kB

URL GET HTTP/1.1
kzt2afc1rp52.com/dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerLet's Encrypt
Subjectkzt2afc1rp52.com
FingerprintCE:6C:01:A7:59:51:35:7E:C8:E8:8D:92:1D:01:05:18:3F:E3:A4:F2
ValidityTue, 08 Oct 2024 06:55:21 GMT - Mon, 06 Jan 2025 06:55:20 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
34 kB (33632 bytes)
Hash
92819b1d680cca5aa60019e8e862ddee
3ab0cd36100e0d7829f35a31b3e7fe29b989b6a9
c7dc28f63bcd5e6d63bb33b721dd607c31892eacf7592017a84b5100b88329da

HTTP Headers

GET /dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js HTTP/1.1
Host: kzt2afc1rp52.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Oct 2024 00:25:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: kzt2afc1rp52.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: daec4ef6cdeb12c2a001acc60b2c2758
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

recordedthereby.com/sfp.js

185.196.197.72

200 OK

85 kB

URL GET HTTP/1.1
recordedthereby.com/sfp.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerLet's Encrypt
Subjectrecordedthereby.com
FingerprintA6:94:B5:48:61:24:04:47:02:E8:CB:06:9D:21:58:9B:28:B3:E2:F3
ValidityFri, 06 Sep 2024 22:52:34 GMT - Thu, 05 Dec 2024 22:52:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
85 kB (85378 bytes)
Hash
7e3e44049654b6e244c1777e68ffb8e7
8f2a8298666d607afd92a0baa362ef4dc9ccd039
4acac8b8ff23671d365150818f3c39bbbfa08b1a1842d73de5933e0fea26454b

HTTP Headers

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Oct 2024 00:25:28 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 85378
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 44793e9eeaffcb44e646990d5394bab1
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

proftrafficcounter.com/stats

52.29.88.45

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.88.45:443
ASN
#16509 AMAZON-02

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
bac064ce63cd95f5898b0176761d4a7f
17ae34a52a4a2ab33660e09d2b72e289bb367b64
67802cafe385248073267f06e00ea65ef569684fd9a9e7f41133414597fe109d

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nowagoal.lol
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Oct 2024 00:25:28 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://nowagoal.lol
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=da53db97-4fa0-4af5-9f8b-a8569e325cb1:3:1; expires=Wed, 18 Oct 2034 00:25:28 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

koocawhaido.net/tag.min.js

139.45.197.243

200 OK

27 kB

URL GET HTTP/2
koocawhaido.net/tag.min.js
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerLet's Encrypt
Subjectkoocawhaido.net
Fingerprint38:35:55:CB:59:E0:B9:00:14:3B:B1:96:95:B0:3F:3E:80:59:23:84
ValiditySun, 06 Oct 2024 06:04:04 GMT - Sat, 04 Jan 2025 06:04:03 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
27 kB (27246 bytes)
Hash
9fdeb573ce1b32651c53be374bb81353
0148c00e8673b157a44495495460895b0f3e49fb
cc834b231fd2415851e09d7858e0a1e4c391e2d47acb81e81e0aea8d8b9f7599

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: koocawhaido.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 20 Oct 2024 00:25:28 GMT
content-type: text/javascript; charset=utf-8
content-length: 27246
content-encoding: br
x-trace-id: e9d163a0ef74cc660d4a12039d067c69
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Sat, 19 Oct 2024 23:49:59 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

nowagoal.lol/my/stream-66.php

188.114.96.1

200 OK

0 B

URL HEAD HTTP/3
nowagoal.lol/my/stream-66.php
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerGoogle Trust Services
Subjectnowagoal.lol
FingerprintA6:CB:B9:EC:19:12:46:A3:AD:C4:96:8C:8A:35:48:F0:27:CD:DD:C2
ValidityMon, 09 Sep 2024 18:48:52 GMT - Sun, 08 Dec 2024 18:48:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /my/stream-66.php HTTP/1.1
Host: nowagoal.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/my/stream-66.php
Cookie: pp_show_on_ddd430767cdbddd8ac0726a842abd6c0=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 20 Oct 2024 00:25:28 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ft3IZCe%2BLFrIoaV0QZ7nJR1uqY4HpdaFZhzwovMdVlcnhnxXo7Oj21%2FA2mnfDQLsDgXdG%2FZNRpPbB%2B7qrJSgrXIBOwFT3buM4%2FcDKzzZtn6PVVKq6i4jbUxa5qn0M0k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d54deee9a09b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=27511&sent=12&recv=6&lost=0&retrans=0&sent_bytes=4066&recv_bytes=1104&delivery_rate=23545&cwnd=12000&unsent_bytes=0&cid=3abe6a7ebe9638bc&ts=1471&x=1", cfExtPri, cfHdrFlush;dur=0

braadroit.com/pixel/purst?dl=0&th=0&sc=0&rs=1418&rd=1418&fd=698&bv=24.8.8162&tmpl=70

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
braadroit.com/pixel/purst?dl=0&th=0&sc=0&rs=1418&rd=1418&fd=698&bv=24.8.8162&tmpl=70
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerLet's Encrypt
Subjectbraadroit.com
Fingerprint20:37:C1:B9:D6:66:4C:D9:E2:D5:8E:23:86:6D:89:56:06:3F:BB:A6
ValiditySat, 12 Oct 2024 00:26:05 GMT - Fri, 10 Jan 2025 00:26:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1418&rd=1418&fd=698&bv=24.8.8162&tmpl=70 HTTP/1.1
Host: braadroit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Oct 2024 00:25:28 GMT
Content-Length: 0
Connection: keep-alive
Host: braadroit.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

braadroit.com/18/43/01/1843019bf263f39accf339e8c46780a9.js

192.243.59.12

200 OK

16 kB

URL GET HTTP/1.1
braadroit.com/18/43/01/1843019bf263f39accf339e8c46780a9.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerLet's Encrypt
Subjectbraadroit.com
Fingerprint20:37:C1:B9:D6:66:4C:D9:E2:D5:8E:23:86:6D:89:56:06:3F:BB:A6
ValiditySat, 12 Oct 2024 00:26:05 GMT - Fri, 10 Jan 2025 00:26:04 GMT

File type
JavaScript source, ASCII text, with very long lines (44101), with no line terminators
Size
16 kB (15942 bytes)
Hash
6f5eab4e90312b11758cbf78bd71a68e
e560186132ad57a33cce06c3b6c077f9ee22dc16
b84357104d069147d06a5991455ce434d33949fce1050c53f08fbe4b0cdb12d2

HTTP Headers

GET /18/43/01/1843019bf263f39accf339e8c46780a9.js HTTP/1.1
Host: braadroit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 20 Oct 2024 00:25:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_BS-125-20-general=0; expires=Sun, 20 Oct 2024 00:25:28 GMT; secure; SameSite=None
Host: braadroit.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 1273db6de4b44f9b9ef683ffbd4873f8
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

capaciousdrewreligion.com/advertisers.js

185.196.197.71

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
185.196.197.71:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
FingerprintE3:36:E7:35:50:1D:3D:F0:47:9F:E5:94:90:B5:48:C0:67:A2:2B:8A
ValidityTue, 03 Sep 2024 21:28:57 GMT - Mon, 02 Dec 2024 21:28:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Oct 2024 00:25:28 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: aa6e36affa7344f36219159688ba2f38
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

recordedthereby.com/sfp.js

185.196.197.72

200 OK

85 kB

URL GET HTTP/1.1
recordedthereby.com/sfp.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerLet's Encrypt
Subjectrecordedthereby.com
FingerprintA6:94:B5:48:61:24:04:47:02:E8:CB:06:9D:21:58:9B:28:B3:E2:F3
ValidityFri, 06 Sep 2024 22:52:34 GMT - Thu, 05 Dec 2024 22:52:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
85 kB (85378 bytes)
Hash
7e3e44049654b6e244c1777e68ffb8e7
8f2a8298666d607afd92a0baa362ef4dc9ccd039
4acac8b8ff23671d365150818f3c39bbbfa08b1a1842d73de5933e0fea26454b

HTTP Headers

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Oct 2024 00:25:28 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 85378
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: f2a6fda61ed9df5e536844694a32f865
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

my.rtmark.net/gid.js?userId=0080fbc2032740d6e2dc6a14c7ec71af

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0080fbc2032740d6e2dc6a14c7ec71af
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint59:49:A1:C9:C3:99:98:FC:2D:E7:4A:9E:86:83:A6:DE:2E:C3:8A:B6
ValidityFri, 30 Aug 2024 01:00:45 GMT - Thu, 28 Nov 2024 01:00:44 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
866bdcfc00d25bcdb85f2dcef2446933
cab002a42ca069cf2070aa33459acea8b05de53a
611afed39bcb02a18060ae923f68ceb16c4f67999961c3b69ef22a95aced0c96

HTTP Headers

GET /gid.js?userId=0080fbc2032740d6e2dc6a14c7ec71af HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nowagoal.lol
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 20 Oct 2024 00:25:28 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://nowagoal.lol
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080fbc2032740d6e2dc6a14c7ec71af; expires=Mon, 20 Oct 2025 00:25:28 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

youradexchange.com/script/suurl5.php?r=6707202&cbur=0.4616642550278234&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Fnowagoal.lol%2Fmy%2Fstream-66.php&cbref=&cbdescription=&cbkeywords=&cbcdn=hrwbr.life&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1729383928005&srs=47f4f84877aa5647da5a3db80a924888&atv=55.0&abtg=1&adbv=3-cdn-js

172.67.177.214

200 OK

32 kB

URL
youradexchange.com/script/suurl5.php?r=6707202&cbur=0.4616642550278234&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Fnowagoal.lol%2Fmy%2Fstream-66.php&cbref=&cbdescription=&cbkeywords=&cbcdn=hrwbr.life&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1729383928005&srs=47f4f84877aa5647da5a3db80a924888&atv=55.0&abtg=1&adbv=3-cdn-js
IP
172.67.177.214:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (64489)
Size
32 kB (31656 bytes)
Hash
417a32d1cb5be75e95a9f27dce92c1be
310f65c801a8cf73d77c107f801beb8efb3a0290
d1446361789172392e5da33be708da64c1a91f479d1591afcc30dfe8d4756853

HTTP Headers

GET /script/suurl5.php?r=6707202&cbur=0.4616642550278234&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Fnowagoal.lol%2Fmy%2Fstream-66.php&cbref=&cbdescription=&cbkeywords=&cbcdn=hrwbr.life&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1729383928005&srs=47f4f84877aa5647da5a3db80a924888&atv=55.0&abtg=1&adbv=3-cdn-js HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowagoal.lol/
Origin: https://nowagoal.lol
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Oct 2024 00:25:28 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7URk5MCYeyv14OtwSmE%2FEzFOn%2FVLnLkfUaH19ag6T9ohf2Ch14VOmCle1ZogjD5O4sCsxGa1zk4VnJ7ekYltv7QTJTG6XI8JIW%2BsW6dHF9AGbsU33vZrRNDUNQkI5k%2Fz4oVLOcM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d54deee8bcc7131-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16788&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3292&recv_bytes=1480&delivery_rate=263017&cwnd=254&unsent_bytes=0&cid=b07eb7f4697f70fe&ts=207&x=0"
X-Firefox-Spdy: h2

pubtrky.com/ut/hb.php?cb=0.39683930924289457&v=1

172.67.188.110

204 No Content

0 B

URL POST HTTP/2
pubtrky.com/ut/hb.php?cb=0.39683930924289457&v=1
IP
172.67.188.110:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerGoogle Trust Services
Subjectpubtrky.com
Fingerprint1C:AA:FC:FF:38:D8:EF:73:88:D2:C1:25:B4:81:1C:94:2A:06:07:C3
ValidityWed, 11 Sep 2024 07:35:33 GMT - Tue, 10 Dec 2024 07:35:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ut/hb.php?cb=0.39683930924289457&v=1 HTTP/1.1
Host: pubtrky.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 820
Origin: https://nowagoal.lol
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sun, 20 Oct 2024 00:25:28 GMT
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mfn0Gwlt9Q3FUbnpqBdob%2FrlRzFtR%2FO9ovEPDw2sGxJydXw8hAaGIS62IWn9aCUkiqvtSSQmlYno7MS1j6kZY7H0d%2Fo2AOx2nJNz8d4XQU0TLfZTKSPdG%2Fn98iB9WQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d54def1cf3256cc-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=22251&sent=8&recv=12&lost=0&retrans=0&sent_bytes=3198&recv_bytes=1949&delivery_rate=262509&cwnd=254&unsent_bytes=0&cid=83da080b64344b63&ts=209&x=0"
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js

151.101.129.229

200 OK

145 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://ilovetoplay.xyz/premiumtv/daddylive.php?id=66
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
145 kB (145133 bytes)
Hash
f55c6c796275a41ce7d97bd160e648ff
936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89
db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c

HTTP Headers

GET /npm/clappr@latest/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilovetoplay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.3.13
x-jsd-version-type: version
etag: W/"80319-k2KF+cjIWnSaHvjPxNXoS36ivIk"
content-encoding: br
accept-ranges: bytes
date: Sun, 20 Oct 2024 00:25:28 GMT
age: 38466
x-served-by: cache-fra-etou8220029-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 145133
X-Firefox-Spdy: h2

upload.wikimedia.org/wikipedia/commons/2/21/Speaker_Icon.svg

185.15.59.240

200 OK

328 B

URL GET HTTP/2
upload.wikimedia.org/wikipedia/commons/2/21/Speaker_Icon.svg
IP
185.15.59.240:443
ASN
#14907 WIKIMEDIA

Requested by
https://ilovetoplay.xyz/premiumtv/daddylive.php?id=66
Certificate
IssuerDigiCert Inc
Subject*.wikipedia.org
Fingerprint0B:3A:AB:D4:5E:55:A4:08:2B:F7:C1:DA:63:37:75:F1:EB:04:6E:A5
ValidityThu, 26 Sep 2024 00:00:00 GMT - Fri, 17 Oct 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
328 B (328 bytes)
Hash
1e965f9ca6bac55c4bfece8dabe6fa47
ea28e0f6d1a42bd7f2ab416bcf2a9fd0dde55fab
70e589ae4b79586ddd4eadd1ac8b501d64ab0433c2038c92e945fbb6195ad7a9

HTTP Headers

GET /wikipedia/commons/2/21/Speaker_Icon.svg HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilovetoplay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Oct 2024 00:13:02 GMT
server: ATS/9.2.5
etag: W/1e965f9ca6bac55c4bfece8dabe6fa47
content-type: image/svg+xml
x-object-meta-sha1base36: rcosig5pk1fefnugtbiewl19zhtt86j
last-modified: Wed, 28 Aug 2019 18:11:18 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 745
x-cache: cp3078 hit, cp3078 hit/303
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3078"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
content-length: 328
X-Firefox-Spdy: h2

chaidroorsoustu.net/tag.min.js

139.45.197.244

200 OK

27 kB

URL GET HTTP/2
chaidroorsoustu.net/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://ilovetoplay.xyz/premiumtv/daddylive.php?id=66
Certificate
IssuerLet's Encrypt
Subjectchaidroorsoustu.net
FingerprintFC:B0:53:9E:A7:42:26:44:F6:F3:B1:6C:BF:46:BD:4E:B1:26:7A:65
ValiditySat, 19 Oct 2024 15:39:25 GMT - Fri, 17 Jan 2025 15:39:24 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
27 kB (27246 bytes)
Hash
9fdeb573ce1b32651c53be374bb81353
0148c00e8673b157a44495495460895b0f3e49fb
cc834b231fd2415851e09d7858e0a1e4c391e2d47acb81e81e0aea8d8b9f7599

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: chaidroorsoustu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilovetoplay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 20 Oct 2024 00:25:28 GMT
content-type: text/javascript; charset=utf-8
content-length: 27246
content-encoding: br
x-trace-id: 994d873426f7b7d984d509481c61a5db
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Sat, 19 Oct 2024 23:49:59 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ilovetoplay.xyz/premiumtv/daddylive.php?id=66

104.21.27.34

200 OK

0 B

URL HEAD HTTP/3
ilovetoplay.xyz/premiumtv/daddylive.php?id=66
IP
104.21.27.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ilovetoplay.xyz/premiumtv/daddylive.php?id=66
Certificate
IssuerGoogle Trust Services
Subjectilovetoplay.xyz
FingerprintDD:D9:2A:96:31:7E:93:2D:BD:B3:E6:68:09:E0:90:C7:11:FC:E9:01
ValidityTue, 01 Oct 2024 19:10:15 GMT - Mon, 30 Dec 2024 19:10:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /premiumtv/daddylive.php?id=66 HTTP/1.1
Host: ilovetoplay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilovetoplay.xyz/premiumtv/daddylive.php?id=66
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 20 Oct 2024 00:25:28 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
videocdn: HIT
videocdnx: NO
node: PHP
x-cache: HIT
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8kxJecb9qlJ7ImrgWJ6EkIdcentGvtOHgBbpD8Eo%2BbjVqAxwmYdLe3tg62BuNmDqAX7MnB5miRkg7otV3qokliJfxx8JypAgdRUt%2Bp3qyTUUp18jXuXtmRA2cwzoHpFY%2FGQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8d54def28fefb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21110&sent=37&recv=9&lost=0&retrans=0&sent_bytes=34033&recv_bytes=1449&delivery_rate=1025813&cwnd=24000&unsent_bytes=0&cid=753db459fddd0c23&ts=601&x=1", cfExtPri, cfHdrFlush;dur=0

nowagoal.lol/favicon.ico

188.114.96.1

404 Not Found

8.6 kB

URL GET HTTP/3
nowagoal.lol/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerGoogle Trust Services
Subjectnowagoal.lol
FingerprintA6:CB:B9:EC:19:12:46:A3:AD:C4:96:8C:8A:35:48:F0:27:CD:DD:C2
ValidityMon, 09 Sep 2024 18:48:52 GMT - Sun, 08 Dec 2024 18:48:51 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
8.6 kB (8594 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: nowagoal.lol
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/my/stream-66.php
Cookie: pp_show_on_ddd430767cdbddd8ac0726a842abd6c0=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=da53db97-4fa0-4af5-9f8b-a8569e325cb1%3A3%3A1; pp_main_ddd430767cdbddd8ac0726a842abd6c0=1; pp_exp_ddd430767cdbddd8ac0726a842abd6c0=1729391128429
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Sun, 20 Oct 2024 00:25:28 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=om8U7YxbSJTw419apjwhydjyhXkRTwwT4W7KSYCh7vkcGNdxDSqtVrzCAkwx1oCeowAe%2FdsYreJ01IzgccUS4%2FqxFz00qXUG3baabSKy%2F1bxPcZrF4qoOD49Y5qFbIQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d54def26ccbb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=28781&sent=14&recv=8&lost=0&retrans=0&sent_bytes=4754&recv_bytes=1591&delivery_rate=460&cwnd=12000&unsent_bytes=0&cid=3abe6a7ebe9638bc&ts=1970&x=1", cfExtPri, cfHdrFlush;dur=0

koocawhaido.net/5/6712285/?oo=1&aab=1

139.45.197.243

200 OK

11 kB

URL GET HTTP/2
koocawhaido.net/5/6712285/?oo=1&aab=1
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerLet's Encrypt
Subjectkoocawhaido.net
Fingerprint38:35:55:CB:59:E0:B9:00:14:3B:B1:96:95:B0:3F:3E:80:59:23:84
ValiditySun, 06 Oct 2024 06:04:04 GMT - Sat, 04 Jan 2025 06:04:03 GMT

File type
gzip compressed data, max speed, from Unix
Size
11 kB (11059 bytes)
Hash
45b6ac75d440d5a27c0f8758bacbb05e
598bb53b46c982e472a0145fa0df4c6c170ad3d9
64cecd477949c7f02d20d121cb627df78d10eb65dd4a2ebdfb939cf2906b0d1d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6712285/?oo=1&aab=1 HTTP/1.1
Host: koocawhaido.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nowagoal.lol
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 20 Oct 2024 00:25:28 GMT
content-type: application/json
x-trace-id: ad241235b82053f30ed68f8c509052a0
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://nowagoal.lol
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080fbc2032740d6e2dc6a14c7ec71af; expires=Mon, 20 Oct 2025 00:25:28 GMT; path=/; secure; SameSite=None
oaidts=1729383928; expires=Mon, 20 Oct 2025 00:25:28 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

koocawhaido.net/?rb=gRnPqUyPJK2x9MPp1sTYfshok-npTNrx9YDphD6gtaRC0dmQkDjxrEZ1CBZ7_KwpjNnQHTGrOGLUhLTBIrakidth7bTDuLc-nGiKYSgiIbX1RNEIk2PlV2fLARE--S10TS753-6fDFG5LbPXVOksV7Ng5i57Ew_M3lQIVeeIRIFlh5AipFhvlRRV_M7n0V8uARqxd4lLS29CeXPNihyGECgu3BNfx5z-lrpC6VoSS0s5qX2oKcjYelCNka-akWEp1_QAE2xKRI1ZH7kJ&request_ab2=0&zoneid=6712285&js_build=iclick-v1.978.13-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=4&pl=https%3A%2F%2Fnowagoal.lol%2Fmy%2Fstream-66.php&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=3&wgl=&js_build=iclick-v1.978.13-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=3ca46e5b-e994-4154-8f76-b221316965f2&wasm=1&userId=0080fbc2032740d6e2dc6a14c7ec71af&m=link

139.45.197.243

200 OK

12 kB

URL GET HTTP/2
koocawhaido.net/?rb=gRnPqUyPJK2x9MPp1sTYfshok-npTNrx9YDphD6gtaRC0dmQkDjxrEZ1CBZ7_KwpjNnQHTGrOGLUhLTBIrakidth7bTDuLc-nGiKYSgiIbX1RNEIk2PlV2fLARE--S10TS753-6fDFG5LbPXVOksV7Ng5i57Ew_M3lQIVeeIRIFlh5AipFhvlRRV_M7n0V8uARqxd4lLS29CeXPNihyGECgu3BNfx5z-lrpC6VoSS0s5qX2oKcjYelCNka-akWEp1_QAE2xKRI1ZH7kJ&request_ab2=0&zoneid=6712285&js_build=iclick-v1.978.13-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=4&pl=https%3A%2F%2Fnowagoal.lol%2Fmy%2Fstream-66.php&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=3&wgl=&js_build=iclick-v1.978.13-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=3ca46e5b-e994-4154-8f76-b221316965f2&wasm=1&userId=0080fbc2032740d6e2dc6a14c7ec71af&m=link
IP
139.45.197.243:443
ASN
#9002 RETN Limited

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerLet's Encrypt
Subjectkoocawhaido.net
Fingerprint38:35:55:CB:59:E0:B9:00:14:3B:B1:96:95:B0:3F:3E:80:59:23:84
ValiditySun, 06 Oct 2024 06:04:04 GMT - Sat, 04 Jan 2025 06:04:03 GMT

File type
gzip compressed data, max speed, from Unix
Size
12 kB (12446 bytes)
Hash
c68c4bff9541ddaa67a9c2a3a5f0aee1
2e451115cd8b256282847389b68a6dd2066f36c6
049b6cf016d5f92c8bf94b03aac82774075ed02bad089ae490519346ba911c42

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=gRnPqUyPJK2x9MPp1sTYfshok-npTNrx9YDphD6gtaRC0dmQkDjxrEZ1CBZ7_KwpjNnQHTGrOGLUhLTBIrakidth7bTDuLc-nGiKYSgiIbX1RNEIk2PlV2fLARE--S10TS753-6fDFG5LbPXVOksV7Ng5i57Ew_M3lQIVeeIRIFlh5AipFhvlRRV_M7n0V8uARqxd4lLS29CeXPNihyGECgu3BNfx5z-lrpC6VoSS0s5qX2oKcjYelCNka-akWEp1_QAE2xKRI1ZH7kJ&request_ab2=0&zoneid=6712285&js_build=iclick-v1.978.13-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=4&pl=https%3A%2F%2Fnowagoal.lol%2Fmy%2Fstream-66.php&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&tt=3&wgl=&js_build=iclick-v1.978.13-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=3ca46e5b-e994-4154-8f76-b221316965f2&wasm=1&userId=0080fbc2032740d6e2dc6a14c7ec71af&m=link HTTP/1.1
Host: koocawhaido.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nowagoal.lol/
Origin: https://nowagoal.lol
DNT: 1
Connection: keep-alive
Cookie: OAID=0080fbc2032740d6e2dc6a14c7ec71af; oaidts=1729383928
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 20 Oct 2024 00:25:28 GMT
content-type: application/json
x-trace-id: 9efe1371541d140b53d83f72d126ea75
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://nowagoal.lol
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080fbc2032740d6e2dc6a14c7ec71af; expires=Mon, 20 Oct 2025 00:25:28 GMT; path=/; secure; SameSite=None
oaidts=1729383928; expires=Mon, 20 Oct 2025 00:25:28 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 27 Oct 2024 00:25:28 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

blissfulmass.com/sbar.json?key=1843019bf263f39accf339e8c46780a9&psid=BS-125-20-general_0&uuid=da53db97-4fa0-4af5-9f8b-a8569e325cb1%3A3%3A1

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
blissfulmass.com/sbar.json?key=1843019bf263f39accf339e8c46780a9&psid=BS-125-20-general_0&uuid=da53db97-4fa0-4af5-9f8b-a8569e325cb1%3A3%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerLet's Encrypt
Subjectblissfulmass.com
Fingerprint55:55:75:09:A2:D9:2F:45:FB:9F:C4:C0:B1:EF:15:1F:31:F9:F2:53
ValiditySat, 12 Oct 2024 00:07:28 GMT - Fri, 10 Jan 2025 00:07:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sbar.json?key=1843019bf263f39accf339e8c46780a9&psid=BS-125-20-general_0&uuid=da53db97-4fa0-4af5-9f8b-a8569e325cb1%3A3%3A1 HTTP/1.1
Host: blissfulmass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nowagoal.lol
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 20 Oct 2024 00:25:39 GMT
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://nowagoal.lol
Access-Control-Allow-Origin: https://nowagoal.lol
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl16749046=1; expires=Mon, 21 Oct 2024 00:25:39 GMT; path=/; secure; SameSite=None
uid_id2=da53db97-4fa0-4af5-9f8b-a8569e325cb1:3:1; expires=Sun, 27 Oct 2024 00:25:39 GMT; path=/; secure; SameSite=None
Host: blissfulmass.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 2ab35f22f873dcb0bc8dfd1ac072af14
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

ilovetoplay.xyz/blast.js

104.21.27.34

200 OK

78 kB

URL GET HTTP/3
ilovetoplay.xyz/blast.js
IP
104.21.27.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ilovetoplay.xyz/premiumtv/daddylive.php?id=66
Certificate
IssuerGoogle Trust Services
Subjectilovetoplay.xyz
FingerprintDD:D9:2A:96:31:7E:93:2D:BD:B3:E6:68:09:E0:90:C7:11:FC:E9:01
ValidityTue, 01 Oct 2024 19:10:15 GMT - Mon, 30 Dec 2024 19:10:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77888 bytes)
Hash
091faec928970e76d37a3601c19fcf8a
6441e8eebe90eb8d4a40e7c25440ff99caba3520
eb06375118b1eb73f43b8f1851472008f84999a1b27359c075bf5da6feef9a12

HTTP Headers

GET /blast.js HTTP/1.1
Host: ilovetoplay.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilovetoplay.xyz/premiumtv/daddylive.php?id=66
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 20 Oct 2024 00:25:28 GMT
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 06:47:40 GMT
etag: W/"6710b30c-13040"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: HIT
age: 2551
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KU3Kp%2ByWWB0twaFLBdcS0Mcv3mF6RJrnfMuGFH3VHDIx2LQp1FPsWho0j3CZB%2F4zlBiDXcsmzwFyGIs3NpRJnMSO8UuxFaObuVSQNPCZ9Tq0vpM6BfE4c0VgNVeia2hbSmg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d54def1ff85b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20340&sent=11&recv=6&lost=0&retrans=0&sent_bytes=4049&recv_bytes=1088&delivery_rate=32110&cwnd=12000&unsent_bytes=0&cid=753db459fddd0c23&ts=409&x=1", cfExtPri, cfHdrFlush;dur=0

code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

90 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://ilovetoplay.xyz/premiumtv/daddylive.php?id=66
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ilovetoplay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 20 Oct 2024 00:25:28 GMT
age: 3335386
x-served-by: cache-lga21931-LGA, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1974610
x-timer: S1729383929.730713,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

hrwbr.life/script/ut.js?cb=1729383928174

188.114.96.1

200 OK

63 kB

URL GET HTTP/2
hrwbr.life/script/ut.js?cb=1729383928174
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nowagoal.lol/my/stream-66.php
Certificate
IssuerGoogle Trust Services
Subjecthrwbr.life
Fingerprint11:80:DE:65:39:80:96:B4:F9:B8:3A:FA:9B:CE:F4:8E:A7:D5:36:3C
ValidityFri, 18 Oct 2024 15:55:40 GMT - Thu, 16 Jan 2025 15:55:39 GMT

File type

Size
63 kB (63065 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/ut.js?cb=1729383928174 HTTP/1.1
Host: hrwbr.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nowagoal.lol/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 20 Oct 2024 00:25:28 GMT
content-type: text/javascript
x-goog-generation: 1728560515014783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 63065
x-goog-hash: crc32c=8dV6jg==, md5=jCS1btpZX9m1Y7FuuSCH1g==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
x-guploader-uploadid: AHmUCY0HxY-jjTODLsdrO5R7BZSXCaRfRsMbfhBWPiBf3qhssE5RhmqRzUaMJoujlIRpchw919r8LBkLjA
expires: Sun, 20 Oct 2024 00:48:43 GMT
cache-control: public, max-age=14400
age: 579
last-modified: Thu, 10 Oct 2024 11:41:55 GMT
etag: W/"8c24b56eda595fd9b563b16eb92087d6"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AO%2FnGs5WPlrjWARhvtukUUUihf1EIyD14H2EqabUIPg8VAeRhPHde02X3p0%2FNavrCvJ9RYUQsVZKYydq3fsmlZAahWhAhAcv3hq7OqNRg%2FS0LqGxVUpL7FyODLSj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8d54deefa8b07127-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16485&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3196&recv_bytes=1035&delivery_rate=263208&cwnd=252&unsent_bytes=0&cid=e14c9e53a6ae7580&ts=44&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by