Report - cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0

Report Overview

Visited public
2025-01-03 03:26:12
Tags
URL
cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0
Finishing URL
cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0
IP / ASN
104.21.14.92
#13335 CLOUDFLARENET
Title
Vipbox

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
qd.myosoteruins.com	unknown	2024-09-30	2024-10-20	2024-12-22	424 B	1.5 kB	23.109.170.189
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-01-01	420 B	111 kB	142.250.74.168
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-01-01	976 B	166 kB	151.101.1.229
gutockeewhargo.net	unknown	2024-11-14	2024-11-14	2024-12-30	1.7 kB	6.2 kB	139.45.197.107
pndax.love	unknown	2024-11-12	2024-11-12	2024-12-29	414 B	68 kB	104.21.7.205
ts.yowdenfalcial.com	unknown	2024-09-30	2024-10-20	2024-12-15	423 B	1.5 kB	23.109.170.222
ptaixout.net	unknown	2023-12-29	2023-12-29	2024-12-22	855 B	32 kB	139.45.197.107
ptelsudsew.net	unknown	2024-10-24	2024-12-29	2024-12-29	397 B	28 kB	139.45.197.107
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-01-01	997 B	2.8 kB	188.114.97.1
youradexchange.com	273384	2012-11-09	2013-02-04	2024-12-28	792 B	1.9 kB	172.67.177.214
cdn.totalsportek.space	unknown	2024-09-04	2024-11-10	2024-12-22	1.2 kB	2.3 kB	172.67.158.139
streambtw.com	unknown	2023-10-06	2023-10-07	2024-12-31	3.6 kB	14 kB	188.114.96.1
js.contentprotectforce.com	unknown	2022-05-20	2024-10-02	2024-12-31	412 B	174 kB	188.114.96.1
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2025-01-01	492 B	20 kB	104.16.79.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-03	medium	ptaixout.net	Sinkholed
2025-01-03	medium	ptaixout.net	Sinkholed
2025-01-02	medium	gutockeewhargo.net	Sinkholed
2025-01-02	medium	gutockeewhargo.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (30)

	URL	From	Size	First Seen	Last Seen
	streambtw.com/iframe/nhl7.php	ScriptElement	55 B	2024-09-28	2025-03-12
Pretty URL streambtw.com/iframe/nhl7.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-28 15:31 Last Seen2025-03-12 20:09 Times Seen47 Hash d5447f7a460468217bf36bdd1506360b 6ded99982f60927416b8f59062525741f709640e 141ad5eb5bd766833cbf8c3aab5d4f24d04055cfc83d5a7c6a5564b5dcd0f3d5 Loading...

	pndax.love/script/ut.js?cb=1735874752879	ScriptElement	66 kB	2024-12-02	2025-04-23
Pretty URL pndax.love/script/ut.js?cb=1735874752879 IP 104.21.7.205 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-02 13:05 Last Seen2025-04-23 06:17 Times Seen1612 Hash 4afa2ac99f97331dc98263d49022a958 60bb7c7c45ff14e8df86ef9e0b9a7a55a7d2baca a4beaec54247a9a3cb97821ecdb68d39cacdcdcc62ae872c13c2cca2d3d88e32 Loading...

	cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0	ScriptElement	538 B	2023-03-12	2025-05-30
Pretty URL cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0 IP 172.67.158.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 20:58 Last Seen2025-05-30 00:34 Times Seen228 Hash 23f14ae712b847828254481b2c5a0069 0a7c5d70eacdb3e6f896855847bc1ab49656e466 6e28a139e5cde2bd01006e4ed5ef2f3c88b2fa2b2b2519a5f6a5714f205ffeed Loading...

	js.contentprotectforce.com/js/aclib.js	ScriptElement	173 kB	2024-11-13	2025-02-26
Pretty URL js.contentprotectforce.com/js/aclib.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-13 07:08 Last Seen2025-02-26 03:52 Times Seen28 Hash 6cc4b40c632a970cedff5994479d3eaf a5db07b05e1c268583046658d596e85dfd05ae27 09257e13aabeb902c1c975de25bfa82ecb1776f9574e59227c3d370b56e3d08b Loading...

	streambtw.com/microtemplates/source[1]	Function	790 B	2023-04-13	2025-06-09
Pretty URL streambtw.com/microtemplates/source[1] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 17:29 Last Seen2025-06-09 00:27 Times Seen953 Hash e22017c2e9c001bce109bfe2fe68c380 e5a75a55df382896aa8aff43bc37e72566edf401 0852bba61d02a2d08e06f623e1934f3c17d6d1e84b53d9ffcdc4524402733a54 Loading...

	streambtw.com/microtemplates/source[6]	Function	790 B	2023-04-18	2025-06-09
Pretty URL streambtw.com/microtemplates/source[6] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-09 00:27 Times Seen433 Hash b63c45532b29dca149e58059c4dda9d0 7c69772c55d148df85b03490653828e77f093d81 831e3aa44d50fb5073e06ce9c960e5d6dad6753c3201e5ba1f41671f3fc3f082 Loading...

	streambtw.com/iframe/nhl7.php	ScriptElement	152 B	2023-11-20	2025-05-25
Pretty URL streambtw.com/iframe/nhl7.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-20 19:55 Last Seen2025-05-25 13:30 Times Seen129 Hash c960aa2b990a2f32a6515fd993ef8d9d 42aceea1497268b63f6db17ef5b6f36233c590a4 4e0c1a7d7371e788eeb96742b5815122fd314a396fc7233fac83ed89d6f03016 Loading...

	static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015	ScriptElement	20 kB	2024-06-07	2025-06-09
Pretty URL static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 IP 104.16.79.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-07 09:21 Last Seen2025-06-09 03:09 Times Seen57463 Hash ec18af6d41f6f278b6aed3bdabffa7bc 62c9e2cab76b888829f3c5335e91c320b22329ae 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f Loading...

	unknown	EventHandler	8 B	2025-01-03	2025-02-22
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2025-01-03 03:26 Last Seen2025-02-22 23:55 Times Seen20 Hash 7b980f4979d4b3314587881343faebea af3eef7fd12ca7e540866152916cf7fe858794c3 ca17bac7268792722f90840762c2e3935af2b02675fc700615aa5c166d7fae8a Loading...

	www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF	ScriptElement	331 kB	2025-01-03	2025-01-03
Pretty URL www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-03 03:26 Last Seen2025-01-03 03:26 Times Seen1 Hash 49978329a4afb557120adacf3b9195e9 df6de03b39130da5a307782c7d99f0057d1ccb48 f645f221f686cc893694216ad484b2a6bc8649bbba0b93dd9edd1b2c32cd597c Loading...

	cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0	ScriptElement	58 kB	2024-03-02	2025-05-30
Pretty URL cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0 IP 172.67.158.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-02 18:33 Last Seen2025-05-30 00:34 Times Seen151 Hash 442bbf420891666ab1ddf289fa9f00f4 6a68254c2ee844425bb535798fe4e959f3fed8d3 9ac456bebae6c065dffb8c8a2a798070000c248f081dfab9b2bdb66e7ac77b37 Loading...

	streambtw.com/iframe/nhl7.php	ScriptElement	28 kB	2025-01-03	2025-02-22
Pretty URL streambtw.com/iframe/nhl7.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-03 03:26 Last Seen2025-02-22 23:55 Times Seen20 Hash 994aacf3b4588b5f64475972d26df7bc b1dfed2ee416bf9fad0a962a1d5be31fbc973cd1 310b9c3cdd5f4764c5171e9b4e2a9a64d9d4d711787b610187fd7c90e1402640 Loading...

	streambtw.com/iframe/nhl7.php	ScriptElement	429 B	2024-11-10	2025-02-17
Pretty URL streambtw.com/iframe/nhl7.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-11-10 01:52 Last Seen2025-02-17 15:20 Times Seen23 Hash cede47f34564c6812179d3b0fc41ff44 65deb1d29eb937b4a37b487c27a82be97b91294d b0ef96846ab499760d8f6c502b329a29bc424e4c64708c5893eeca1f0d8f0d85 Loading...

	cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js	ScriptElement	525 kB	2023-03-07	2025-06-09
Pretty URL cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js IP 151.101.1.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-06-09 01:04 Times Seen956 Hash f55c6c796275a41ce7d97bd160e648ff 936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89 db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c Loading...

	streambtw.com/microtemplates/source[2]	Function	264 B	2023-04-18	2025-06-09
Pretty URL streambtw.com/microtemplates/source[2] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-09 00:27 Times Seen458 Hash d0be615cc98992c1be964cba7259830c c36a0d0080b96b43402f1004e112c6837e79d002 8a5de118b8985eaa80e287cffd27683a2817c2e09cf527d4166bded9ca58bb13 Loading...

	streambtw.com/microtemplates/source[7]	Function	264 B	2023-04-18	2025-06-09
Pretty URL streambtw.com/microtemplates/source[7] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-09 00:27 Times Seen375 Hash de4890d682457ece9d1231bf901a4b7b 7c1582ab0daae07f3bb8f11882e5987dae1eea03 662854444f6dd02beb0a7952e7f26532dee54687e942572180d753d14844c2cc Loading...

	unknown	ScriptElement	236 B	2025-01-03	2025-01-03
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-03 03:26 Last Seen2025-01-03 03:26 Times Seen1 Hash c9b1459d2af13e0608220825074a6085 f23fd492185a2e7d2a7e00212ebb24cadf548fad 034373661a20d29d5db583e05d418d9ca12c2e665f90a3d80f7fc39a374ef669 Loading...

	ptelsudsew.net/tag.min.js	ScriptElement	72 kB	2025-01-02	2025-01-07
Pretty URL ptelsudsew.net/tag.min.js IP 139.45.197.107 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-02 15:41 Last Seen2025-01-07 09:51 Times Seen275 Hash 443043bc342113f6ca021beb32c4ae3e 33c78cf39e7f318d87db644ac7055c6e56ba9c56 26dc0d50175ac92ce7d288ab6fd34e6baaf66e82ddd9d8be2b3a57daa24d8b33 Loading...

	cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0	ScriptElement	444 B	2024-03-02	2025-05-30
Pretty URL cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0 IP 172.67.158.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-02 18:33 Last Seen2025-05-30 00:34 Times Seen151 Hash f022889803b87a9b11191e64f3b015ff 68b93d2eb3a9a660180f7420394d0c95a3163c29 f987cddb8c432a94c404efd65b7deba5216bae496ab375859f5e317860893298 Loading...

	unknown	EventHandler	9 B	2025-01-03	2025-02-22
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2025-01-03 03:26 Last Seen2025-02-22 23:55 Times Seen20 Hash 59047067c1ed55439b0158bf71376579 e5af4745b060917f0c046f3ff9d7449d1cdfb8c9 c439476c76c0d011b6a9357fc1fc7b87268917e0c7a2d09dec13c273ed37f56f Loading...

	cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0	ScriptElement	1.4 kB	2023-05-21	2025-05-30
Pretty URL cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0 IP 172.67.158.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-21 19:45 Last Seen2025-05-30 00:34 Times Seen228 Hash 9dc26956b3af9c5c1d866267c7b2eb8d 497c98086b37e029f85b9969b54a3c497f2c88d7 7be6becfe5575e1849b8ac25b05b1a6e3e3afc0b9adeeef521a5bd0a17fa154c Loading...

	ts.yowdenfalcial.com/rDwQTpfoIlIeWcu/71505	ScriptElement	0 B	0001-01-01	2025-06-09
Pretty URL ts.yowdenfalcial.com/rDwQTpfoIlIeWcu/71505 IP 23.109.170.222 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-06-09 03:13 Times Seen4893955 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	streambtw.com/microtemplates/source[0]	Function	420 B	2023-04-18	2025-06-09
Pretty URL streambtw.com/microtemplates/source[0] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-09 00:27 Times Seen438 Hash fed5d9c2aa8ce1ca9b2cdcc1bf78a76f 2be2268e87842e1b71bc636c59fd3501a2962e9d e466342e29693b661bdbb77424388fff4779ea4abccba3fcdc1789877580b65a Loading...

	streambtw.com/iframe/nhl7.php	ScriptElement	295 B	2025-01-03	2025-01-03
Pretty URL streambtw.com/iframe/nhl7.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-03 03:26 Last Seen2025-01-03 03:26 Times Seen1 Hash f75cb0508ceba7747ed3269e92c74e99 94fb5d6d0b28cb7a6f2f886f4824ecd3e6f1b619 23833d8f51728955a2cc6a7dba9db7426d413557b4d207828501e78a2de6a8c9 Loading...

	streambtw.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	8.7 kB	2025-01-03	2025-01-03
Pretty URL streambtw.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-03 03:26 Last Seen2025-01-03 03:26 Times Seen1 Hash 6d4bce30fb5cec1ab190999b2aa68709 7c955612039235b01a77716c67d1b6e1e44e5030 452bbcc55e5af6d18ba368da325216f78687579743ab950d1f3286b3c188685f Loading...

	streambtw.com/iframe/nhl7.php	ScriptElement	921 B	2025-01-03	2025-01-03
Pretty URL streambtw.com/iframe/nhl7.php IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-03 03:26 Last Seen2025-01-03 03:26 Times Seen1 Hash 3d88ee07c5acfecdaf8b7ace00b0bd2d c4e1bd65acf783eb0f67b4f416478ce5c6daa0c4 bb9f626cb4145454d9a8ecd1779cf505d3b34705f3075bbef1349a17fdcfbfa6 Loading...

	streambtw.com/microtemplates/source[4]	Function	251 B	2023-04-18	2025-06-09
Pretty URL streambtw.com/microtemplates/source[4] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-09 00:27 Times Seen375 Hash 486158165321d921fb388101d2bf4483 ba156a31e28d86c1c0ef9b1f008ba80af1452eda ea765f553d9d9b3240448ba6c80400cb77eb5b84c79561b25fdc9220b019d9d1 Loading...

	streambtw.com/microtemplates/source[3]	Function	279 B	2023-04-18	2025-06-09
Pretty URL streambtw.com/microtemplates/source[3] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-09 00:27 Times Seen436 Hash 6613c8a697a118f65bf3d9f380907d97 6efc80326892c7d5ea9749164eff813359f58964 61e2bbf236de13c2adb732aabea5f58d614a8d85d9e8c8750e846b26e4d05aa2 Loading...

	streambtw.com/microtemplates/source[5]	Function	3.5 kB	2023-04-18	2025-06-09
Pretty URL streambtw.com/microtemplates/source[5] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-09 00:27 Times Seen389 Hash b6669abaec2c9816a30d51ba97928d1f b5fcc05b4a39f1e7629415f02c437353c99c3bca d9694562bb2b5918188cfaabeb9f5407029bf9f6efcc4b64e8ad20eb0efb16c3 Loading...

	streambtw.com/microtemplates/source[8]	Function	411 B	2023-04-18	2025-06-09
Pretty URL streambtw.com/microtemplates/source[8] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-09 00:27 Times Seen369 Hash df3a4f57bdb52c4a269eb2b59377f3cb 0db84a9e9f9e82efeb2681989399ab6573d77c6b 53af7b7da0dfacca9fe8e5ef9527deb979b62a14e7dd88f3f76ea0fca83592a9 Loading...

HTTP Transactions (24)

URL IP Response Size

qd.myosoteruins.com/rUdcK8qZZxyOOpBmq/77025

23.109.170.189

200 OK

20 B

URL GET HTTP/1.1
qd.myosoteruins.com/rUdcK8qZZxyOOpBmq/77025
IP
23.109.170.189:443
ASN
#7979 SERVERS-COM

Requested by
https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0
Certificate
IssuerLet's Encrypt
Subjectqd.myosoteruins.com
Fingerprint5D:05:70:C1:65:21:AB:59:D3:3A:94:F7:7E:AA:81:F9:4D:31:13:51
ValidityThu, 05 Dec 2024 14:26:41 GMT - Wed, 05 Mar 2025 14:26:40 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /rUdcK8qZZxyOOpBmq/77025 HTTP/1.1
Host: qd.myosoteruins.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2025 03:25:47 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://cdn.totalsportek.space
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 04-Jan-2025 03:25:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Sat, 04-Jan-2025 03:25:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0

172.67.158.139

200 OK

0 B

URL HEAD HTTP/3
cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0
IP
172.67.158.139:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0
Certificate
IssuerGoogle Trust Services
Subjecttotalsportek.space
Fingerprint0D:35:D1:41:A9:1D:E9:79:0F:B4:68:C8:BA:01:3C:70:8C:19:5A:84
ValidityTue, 31 Dec 2024 08:29:00 GMT - Mon, 31 Mar 2025 09:27:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0 HTTP/1.1
Host: cdn.totalsportek.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 Jan 2025 03:25:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cscdW2%2FfDePeWsERz1F79SZ89HgorTVr%2FYdTrqupEhkOTyqW%2FiLGAl1UxojGYfH6ujy4VThnAlCdUzjR3pVhg6CEJmPV4JPx3pyQxAriB%2BiYsnin2bQg1Z3C7edcYpoN8MtcXBBaGDkH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fbfe230bcdc56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4675&min_rtt=2725&rtt_var=2414&sent=12&recv=8&lost=0&retrans=0&sent_bytes=4112&recv_bytes=1334&delivery_rate=217931&cwnd=12000&unsent_bytes=0&cid=e6a0fb4e171e5bf1&ts=570&x=1", cfExtPri, cfHdrFlush;dur=0

ts.yowdenfalcial.com/rDwQTpfoIlIeWcu/71505

23.109.170.222

200 OK

20 B

URL GET HTTP/1.1
ts.yowdenfalcial.com/rDwQTpfoIlIeWcu/71505
IP
23.109.170.222:443
ASN
#7979 SERVERS-COM

Requested by
https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0
Certificate
IssuerLet's Encrypt
Subjectts.yowdenfalcial.com
Fingerprint7D:09:A8:57:48:21:46:7A:81:9A:D9:C3:46:F6:23:DA:5D:29:ED:90
ValidityThu, 05 Dec 2024 14:30:28 GMT - Wed, 05 Mar 2025 14:30:27 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /rDwQTpfoIlIeWcu/71505 HTTP/1.1
Host: ts.yowdenfalcial.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 03 Jan 2025 03:25:47 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://cdn.totalsportek.space
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sat, 04-Jan-2025 03:25:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Sat, 04-Jan-2025 03:25:47 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

ptaixout.net/tag.min.js

139.45.197.107

200 OK

27 kB

URL GET HTTP/2
ptaixout.net/tag.min.js
IP
139.45.197.107:443
ASN
#9002 RETN Limited

Requested by
https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0
Certificate
IssuerLet's Encrypt
Subjectptaixout.net
FingerprintEE:B7:7A:A3:2E:F5:C1:DE:27:FC:A2:64:11:D8:AE:DF:54:E0:65:D4
ValidityWed, 13 Nov 2024 05:13:26 GMT - Tue, 11 Feb 2025 05:13:25 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
27 kB (27332 bytes)
Hash
443043bc342113f6ca021beb32c4ae3e
33c78cf39e7f318d87db644ac7055c6e56ba9c56
26dc0d50175ac92ce7d288ab6fd34e6baaf66e82ddd9d8be2b3a57daa24d8b33

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: ptaixout.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 Jan 2025 03:25:47 GMT
content-type: text/javascript; charset=utf-8
content-length: 27332
content-encoding: br
x-trace-id: 7fe4f9a0a1e4288e36233c06cb3e169c
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Thu, 02 Jan 2025 15:28:27 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF

142.250.74.168

200 OK

110 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintFA:A6:D6:5C:A6:DC:BE:D1:9A:34:42:70:3B:66:13:21:40:A4:C9:E4
ValidityMon, 02 Dec 2024 08:35:56 GMT - Mon, 24 Feb 2025 08:35:55 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
110 kB (109872 bytes)
Hash
49978329a4afb557120adacf3b9195e9
df6de03b39130da5a307782c7d99f0057d1ccb48
f645f221f686cc893694216ad484b2a6bc8649bbba0b93dd9edd1b2c32cd597c

HTTP Headers

GET /gtag/js?id=G-PQ1PJ56MMF HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 03 Jan 2025 03:25:47 GMT
expires: Fri, 03 Jan 2025 03:25:47 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 109872
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ptaixout.net/5/6320745/?oo=1&aab=1

139.45.197.107

200 OK

2.2 kB

URL GET HTTP/2
ptaixout.net/5/6320745/?oo=1&aab=1
IP
139.45.197.107:443
ASN
#9002 RETN Limited

Requested by
https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0
Certificate
IssuerLet's Encrypt
Subjectptaixout.net
FingerprintEE:B7:7A:A3:2E:F5:C1:DE:27:FC:A2:64:11:D8:AE:DF:54:E0:65:D4
ValidityWed, 13 Nov 2024 05:13:26 GMT - Tue, 11 Feb 2025 05:13:25 GMT

File type
gzip compressed data, max speed, from Unix
Size
2.2 kB (2188 bytes)
Hash
44a769b12293668933351bd8d0e0fbcc
fe80d9db708a1d81a190a7f2a4c36ef3fa462c30
814515619c6c86d8f1fe94f1b0beed429afa0d848e30553d483d749f99966222

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6320745/?oo=1&aab=1 HTTP/1.1
Host: ptaixout.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.totalsportek.space
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 Jan 2025 03:25:47 GMT
content-type: application/json
x-trace-id: 5aeca1ebd9a61c6b180d14e5b33aa43b
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://cdn.totalsportek.space
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081468969e14beaffa3084a7a05911b; expires=Sat, 03 Jan 2026 03:25:47 GMT; path=/; secure; SameSite=None
oaidts=1735874747; expires=Sat, 03 Jan 2026 03:25:47 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js

151.101.1.229

200 OK

145 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
145 kB (145133 bytes)
Hash
f55c6c796275a41ce7d97bd160e648ff
936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89
db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c

HTTP Headers

GET /npm/clappr@latest/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.3.13
x-jsd-version-type: version
etag: W/"80319-k2KF+cjIWnSaHvjPxNXoS36ivIk"
content-encoding: br
accept-ranges: bytes
date: Fri, 03 Jan 2025 03:25:49 GMT
age: 44
x-served-by: cache-fra-etou8220029-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 145133
X-Firefox-Spdy: h2

ptelsudsew.net/tag.min.js

139.45.197.107

200 OK

27 kB

URL GET HTTP/2
ptelsudsew.net/tag.min.js
IP
139.45.197.107:443
ASN
#9002 RETN Limited

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerLet's Encrypt
Subjectptelsudsew.net
Fingerprint88:ED:1F:F3:28:FE:3D:E7:92:58:D0:B1:EC:2A:B6:9C:94:87:13:BC
ValidityThu, 24 Oct 2024 14:32:44 GMT - Wed, 22 Jan 2025 14:32:43 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
27 kB (27332 bytes)
Hash
443043bc342113f6ca021beb32c4ae3e
33c78cf39e7f318d87db644ac7055c6e56ba9c56
26dc0d50175ac92ce7d288ab6fd34e6baaf66e82ddd9d8be2b3a57daa24d8b33

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: ptelsudsew.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 Jan 2025 03:25:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 27332
content-encoding: br
x-trace-id: 1019ccc9b2c464928c13c3ca825a25c6
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Thu, 02 Jan 2025 15:28:27 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

streambtw.com/iframe/nhl7.php

188.114.96.1

200 OK

0 B

URL HEAD HTTP/3
streambtw.com/iframe/nhl7.php
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint5A:65:C2:B5:FD:84:93:DB:C9:9D:3B:8B:D9:ED:14:58:7C:9E:DE:A8
ValiditySat, 23 Nov 2024 09:55:53 GMT - Fri, 21 Feb 2025 09:55:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /iframe/nhl7.php HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/nhl7.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 Jan 2025 03:25:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YqQoPuZF9cbGBlApKnAGQksV0RhgSE%2BJxzUglQy3MPcVQGWtNQIcMI3Waols2cPaDAjQYfJ9Gx8VnckVvwGnjwed5qoPzxJUpO5IPnbRgDRWKNT4aH4VLDuWPK1onwqV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fbfe2540e8656ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5069&min_rtt=1305&rtt_var=3178&sent=13&recv=8&lost=0&retrans=0&sent_bytes=4198&recv_bytes=1168&delivery_rate=491774&cwnd=12000&unsent_bytes=0&cid=60f3b47579244d89&ts=5304&x=1", cfExtPri, cfHdrFlush;dur=0

streambtw.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

188.114.96.1

302 Found

0 B

URL GET HTTP/3
streambtw.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint5A:65:C2:B5:FD:84:93:DB:C9:9D:3B:8B:D9:ED:14:58:7C:9E:DE:A8
ValiditySat, 23 Nov 2024 09:55:53 GMT - Fri, 21 Feb 2025 09:55:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Fri, 03 Jan 2025 03:25:52 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/787bc399e22f/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pOj9VLRvDJhy5cZ1m503j0LyAJTGQTnr9hma1m%2BXXNq%2BZ%2BVFycuTnR4flIQacfbHp9gN01AJnc9ZVtT8keLOiz%2Faciq%2Fp%2Bc4FiHRubC30S1yemHstIiXonN4yWbU8QdC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fbfe2555f1056ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4712&min_rtt=1305&rtt_var=3097&sent=15&recv=10&lost=0&retrans=0&sent_bytes=4913&recv_bytes=1455&delivery_rate=129&cwnd=12000&unsent_bytes=0&cid=60f3b47579244d89&ts=5420&x=1", cfExtPri, cfHdrFlush;dur=0

cdn.jsdelivr.net/npm/clappr@latest/dist/38861cba61c66739c1452c3a71e39852.ttf

151.101.1.229

200 OK

20 kB

URL GET HTTP/3
cdn.jsdelivr.net/npm/clappr@latest/dist/38861cba61c66739c1452c3a71e39852.ttf
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
TrueType Font data, 18 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, RobotoRegularVersion 2.001101; 2014Roboto-Regularhttp://www.apache.org/licenses/LICENSE-2.0
Size
20 kB (19464 bytes)
Hash
38861cba61c66739c1452c3a71e39852
4b1ef58e476b789c97521834abdf7a2fd66d6caf
967e5cecfbfbf64099c3c1232273482dd7436f05714266953c4d2c8ee9c28af5

HTTP Headers

GET /npm/clappr@latest/dist/38861cba61c66739c1452c3a71e39852.ttf HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 19464
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/ttf
x-jsd-version: 0.3.13
x-jsd-version-type: version
etag: W/"7f8c-Sx71jkdreJyXUhg0q996L9ZtbK8"
content-encoding: br
accept-ranges: bytes
date: Fri, 03 Jan 2025 03:25:52 GMT
age: 10038
x-served-by: cache-fra-eddf8230027-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

streambtw.com/cdn-cgi/challenge-platform/h/b/jsd/r/8fbfe2309d15b529

188.114.96.1

200 OK

0 B

URL POST HTTP/3
streambtw.com/cdn-cgi/challenge-platform/h/b/jsd/r/8fbfe2309d15b529
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint5A:65:C2:B5:FD:84:93:DB:C9:9D:3B:8B:D9:ED:14:58:7C:9E:DE:A8
ValiditySat, 23 Nov 2024 09:55:53 GMT - Fri, 21 Feb 2025 09:55:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/8fbfe2309d15b529 HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12157
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/nhl7.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 Jan 2025 03:25:53 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
priority: u=3,i=?0
set-cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.streambtw.com; Priority=High; HttpOnly; Secure; SameSite=None
cf_clearance=.dVEnorSuApXK6cH4wEspsQODXDk9AZPXHMBpl7CQvY-1735874753-1.2.1.1-2hdC00REqiRA.u35feQ4ghEjOF9Gx5Uon1HMyIpwfYIZ8sP82PAfOj608phftLshfoYraYUPF3jT2WMyEM5dZSPw0FrtoBVfTsbXqksbQSp_wS3BT7MUhywVfCeUgepDD.KfzjsHUGL8RfTbji_C0VShQ5aMzNMA2XcpmlUB1Yv3kFNW8_fgcvZH9NGPiqBwuiP87W9To_Co7Nwo7C66GneQ67s6mw2uifeoSLauIfCQXo21Wunagj3QKJUo9Y5dbMgkaIgH0n0i9FVNdV9mzzUX4G5ymR8UbIJ3x9MlijwGJbk12Nhoza0BeJShgE4.1KW_3UomZF6bfHzNTZj2jg; Path=/; Expires=Sat, 03-Jan-26 03:25:53 GMT; Domain=.streambtw.com; Priority=High; HttpOnly; Secure; SameSite=None; Partitioned
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o2jjQVViaQHz35K2EhTKUp4qBxSYcsLLrvQ6JWgZW2F4FDxaVwgWOVIXqOmsfjCLX71jE7Ll7%2Bu5XC0OEXjMsxeKL3gECWTeWG9UIcCu8xsPLq%2F0vT7l3rfUBb9BJY7L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fbfe256cfa156ca-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3939&min_rtt=1305&rtt_var=3079&sent=22&recv=23&lost=0&retrans=0&sent_bytes=10481&recv_bytes=14636&delivery_rate=650000&cwnd=12000&unsent_bytes=0&cid=60f3b47579244d89&ts=5652&x=1", cfExtPri, cfHdrFlush;dur=0

streambtw.com/cdn-cgi/rum?

188.114.96.1

204 No Content

0 B

URL POST HTTP/3
streambtw.com/cdn-cgi/rum?
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint5A:65:C2:B5:FD:84:93:DB:C9:9D:3B:8B:D9:ED:14:58:7C:9E:DE:A8
ValiditySat, 23 Nov 2024 09:55:53 GMT - Fri, 21 Feb 2025 09:55:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1072
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/nhl7.php
Cookie: cf_clearance=.dVEnorSuApXK6cH4wEspsQODXDk9AZPXHMBpl7CQvY-1735874753-1.2.1.1-2hdC00REqiRA.u35feQ4ghEjOF9Gx5Uon1HMyIpwfYIZ8sP82PAfOj608phftLshfoYraYUPF3jT2WMyEM5dZSPw0FrtoBVfTsbXqksbQSp_wS3BT7MUhywVfCeUgepDD.KfzjsHUGL8RfTbji_C0VShQ5aMzNMA2XcpmlUB1Yv3kFNW8_fgcvZH9NGPiqBwuiP87W9To_Co7Nwo7C66GneQ67s6mw2uifeoSLauIfCQXo21Wunagj3QKJUo9Y5dbMgkaIgH0n0i9FVNdV9mzzUX4G5ymR8UbIJ3x9MlijwGJbk12Nhoza0BeJShgE4.1KW_3UomZF6bfHzNTZj2jg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 03 Jan 2025 03:25:53 GMT
access-control-allow-origin: https://streambtw.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8fbfe257082056ca-OSL
x-frame-options: DENY
x-content-type-options: nosniff

my.rtmark.net/gid.js?userId=0081466361af4acef575326d16b0ac55

188.114.97.1

200 OK

66 B

URL GET HTTP/3
my.rtmark.net/gid.js?userId=0081466361af4acef575326d16b0ac55
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint8A:B7:CD:87:FA:39:07:A8:88:41:1C:9E:2D:0E:97:51:61:75:C1:34
ValidityWed, 06 Nov 2024 10:31:42 GMT - Tue, 04 Feb 2025 10:31:41 GMT

File type
JSON text data
Size
66 B (66 bytes)
Hash
ed6e311f5d1d0814246bb1171ba42920
148ce2be3c01f11f495958ee1b259f29a7426cf4
249d7212abe317f2b5220c2bbd9747e9db46e31ba92686a441833c16316b3b95

HTTP Headers

GET /gid.js?userId=0081466361af4acef575326d16b0ac55 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Cookie: ID=0081468969e14beaffa3084a7a05911b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 03 Jan 2025 03:25:53 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://streambtw.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
set-cookie: ID=0081468969e14beaffa3084a7a05911b; expires=Sat, 03 Jan 2026 03:25:53 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bf3hkTVbAK18lN%2BqXOrOO%2F4Qn8aEd8wICLwJ8fmrDvHSWAeF3hamP0m2HEx2bjR19rrs7HzhDlbPI2JgDAIRYWQDEdYSroMFgFS1HPwm1E8Q9rltqc99r%2BVFewLX6AOv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fbfe258ad4e56cc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3150&min_rtt=2574&rtt_var=1376&sent=12&recv=8&lost=0&retrans=0&sent_bytes=4100&recv_bytes=1227&delivery_rate=230697&cwnd=12000&unsent_bytes=0&cid=b49efe1b4e893297&ts=6024&x=1", cfExtPri, cfHdrFlush;dur=0

streambtw.com/cdn-cgi/rum?

188.114.96.1

204 No Content

0 B

URL POST HTTP/3
streambtw.com/cdn-cgi/rum?
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint5A:65:C2:B5:FD:84:93:DB:C9:9D:3B:8B:D9:ED:14:58:7C:9E:DE:A8
ValiditySat, 23 Nov 2024 09:55:53 GMT - Fri, 21 Feb 2025 09:55:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 515
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/nhl7.php
Cookie: cf_clearance=.dVEnorSuApXK6cH4wEspsQODXDk9AZPXHMBpl7CQvY-1735874753-1.2.1.1-2hdC00REqiRA.u35feQ4ghEjOF9Gx5Uon1HMyIpwfYIZ8sP82PAfOj608phftLshfoYraYUPF3jT2WMyEM5dZSPw0FrtoBVfTsbXqksbQSp_wS3BT7MUhywVfCeUgepDD.KfzjsHUGL8RfTbji_C0VShQ5aMzNMA2XcpmlUB1Yv3kFNW8_fgcvZH9NGPiqBwuiP87W9To_Co7Nwo7C66GneQ67s6mw2uifeoSLauIfCQXo21Wunagj3QKJUo9Y5dbMgkaIgH0n0i9FVNdV9mzzUX4G5ymR8UbIJ3x9MlijwGJbk12Nhoza0BeJShgE4.1KW_3UomZF6bfHzNTZj2jg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Fri, 03 Jan 2025 03:26:10 GMT
access-control-allow-origin: https://streambtw.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 8fbfe2c3f9a456ca-OSL
x-frame-options: DENY
x-content-type-options: nosniff

js.contentprotectforce.com/js/aclib.js

188.114.96.1

200 OK

173 kB

URL GET HTTP/2
js.contentprotectforce.com/js/aclib.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGoogle Trust Services
Subjectcontentprotectforce.com
Fingerprint80:9D:A6:C5:EA:87:A3:D9:D3:35:35:82:60:E6:83:CD:23:B7:16:21
ValiditySun, 08 Dec 2024 18:21:06 GMT - Sat, 08 Mar 2025 18:21:05 GMT

File type

Size
173 kB (172869 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/aclib.js HTTP/1.1
Host: js.contentprotectforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 Jan 2025 03:25:52 GMT
content-type: application/javascript
last-modified: Wed, 13 Nov 2024 19:00:01 GMT
etag: W/"6734f731-2a345"
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-cache-status: STALE
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ltAug%2BgbG4KPW5gndtwnS38cwfSRX2DOKoPInY77%2FWt2%2FWxk4QOxZhEyu1%2F8rDWi%2F5nHq9O3ta6iM%2BDYJmrjIP5PCRuKRMPwlXdsDkjzlFsDNCv0uXjyOf4kakVRxUt8X5J%2FTQQJCSFz9AZvIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fbfe23489fc568d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6891&min_rtt=1670&rtt_var=10447&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3235&recv_bytes=1064&delivery_rate=2581105&cwnd=254&unsent_bytes=0&cid=ae40fc60009d3dff&ts=4905&x=0"
X-Firefox-Spdy: h2

gutockeewhargo.net/5/6869446/?oo=1&js_build=iclick-v1.1028.2-auto&dmn=ptelsudsew.net&tt=2&ix=1

139.45.197.107

200 OK

3.9 kB

URL GET HTTP/2
gutockeewhargo.net/5/6869446/?oo=1&js_build=iclick-v1.1028.2-auto&dmn=ptelsudsew.net&tt=2&ix=1
IP
139.45.197.107:443
ASN
#9002 RETN Limited

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerLet's Encrypt
Subjectgutockeewhargo.net
Fingerprint4F:98:FA:E6:1A:26:CF:55:06:DD:89:00:FE:C9:0F:12:AA:11:21:0C
ValidityThu, 14 Nov 2024 02:44:55 GMT - Wed, 12 Feb 2025 02:44:54 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3923), with no line terminators
Size
3.9 kB (3919 bytes)
Hash
7ea106a6240fe6ef484ef3937182102e
9d3474e211f5f6f9960d87ae0a36e9999e7977fd
e574d60956fd1ebd3233438fcfd9f106efc9c997e123fb9d22926b1905f04752

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6869446/?oo=1&js_build=iclick-v1.1028.2-auto&dmn=ptelsudsew.net&tt=2&ix=1 HTTP/1.1
Host: gutockeewhargo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 03 Jan 2025 03:25:53 GMT
content-type: application/json
x-trace-id: 723222aa7c46abd7e441805ad7026442
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://streambtw.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081466361af4acef575326d16b0ac55; expires=Sat, 03 Jan 2026 03:25:53 GMT; path=/; secure; SameSite=None
oaidts=1735874753; expires=Sat, 03 Jan 2026 03:25:53 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=0081468969e14beaffa3084a7a05911b

188.114.97.1

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0081468969e14beaffa3084a7a05911b
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint8A:B7:CD:87:FA:39:07:A8:88:41:1C:9E:2D:0E:97:51:61:75:C1:34
ValidityWed, 06 Nov 2024 10:31:42 GMT - Tue, 04 Feb 2025 10:31:41 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
6814ddd1e445a7b59a7e708010516e33
1f6ffb94f9d8559565dfd65e1fb29f24f7a21f39
bdb5100442a20ecd7d412c95c876840a52882518c4812a6305b3d8c239311b0d

HTTP Headers

GET /gid.js?userId=0081468969e14beaffa3084a7a05911b HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.totalsportek.space
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 Jan 2025 03:25:47 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdn.totalsportek.space
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
set-cookie: ID=0081468969e14beaffa3084a7a05911b; expires=Sat, 03 Jan 2026 03:25:47 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d4ncRK%2FDFKa0PtLpFdjejzLJ6CY2TfE8yDI%2BGKV32yw0RYSWdSmf08NYrB1aMKXtMR3EBPfb1TmJksOlsITFEdR4yNYe3fb7q7bPwr%2FQPkm6Rss89fl6JwUEDQzkLZ6D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fbfe232fd7856af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=499&min_rtt=439&rtt_var=133&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3277&recv_bytes=1240&delivery_rate=7325463&cwnd=253&unsent_bytes=0&cid=895d163091d38e41&ts=52&x=0"
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

104.16.79.73

200 OK

20 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
IP
104.16.79.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGoogle Trust Services
Subjectcloudflareinsights.com
Fingerprint68:D3:62:56:06:F9:32:39:3B:2D:19:7E:B1:45:4B:2C:76:5F:73:C6
ValidityMon, 30 Dec 2024 10:58:15 GMT - Sun, 30 Mar 2025 11:58:10 GMT

File type
JavaScript source, ASCII text, with very long lines (19948), with no line terminators
Size
20 kB (19948 bytes)
Hash
ec18af6d41f6f278b6aed3bdabffa7bc
62c9e2cab76b888829f3c5335e91c320b22329ae
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

HTTP Headers

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 Jan 2025 03:25:49 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fbfe2407d131bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

pndax.love/script/ut.js?cb=1735874752879

104.21.7.205

200 OK

66 kB

URL GET HTTP/2
pndax.love/script/ut.js?cb=1735874752879
IP
104.21.7.205:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGoogle Trust Services
Subjectpndax.love
Fingerprint25:CC:C1:D4:E6:08:7B:DE:B3:AE:08:D3:85:81:9F:EE:C5:29:B2:7C
ValidityTue, 12 Nov 2024 02:37:45 GMT - Mon, 10 Feb 2025 02:37:44 GMT

File type

Size
66 kB (66473 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/ut.js?cb=1735874752879 HTTP/1.1
Host: pndax.love
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 Jan 2025 03:25:52 GMT
content-type: text/javascript
x-goog-generation: 1733127707295818
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 66473
x-goog-hash: crc32c=VBET1w==, md5=SvoqyZ+XMx3JgmPUkCKpWA==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
x-guploader-uploadid: AFiumC4FPeuhCzbBUZp5_LiZrZEel4pg5kiQmoLo2CosLIqi-SlryHxgtY7OIWI9VTPw6TitQ7u_NyHrNg
expires: Fri, 03 Jan 2025 03:33:09 GMT
cache-control: public, max-age=14400
age: 2319
last-modified: Mon, 02 Dec 2024 08:21:47 GMT
etag: W/"4afa2ac99f97331dc98263d49022a958"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3i6Z6xLhrmJEBw3euvsqeHOtd8GCk7InkywHO%2F9oQFWhLYXu%2B1WsUfz5LtMGpAjWMxx2jxQzSScjSCUI7BShNgEJo8TjezFBOW8SF75oW6dnV%2B%2FBYUe30CBR3Tf4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fbfe2561fc35690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=572&min_rtt=494&rtt_var=205&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3196&recv_bytes=1067&delivery_rate=8196226&cwnd=254&unsent_bytes=0&cid=776c6793af0f10a6&ts=25&x=0"
X-Firefox-Spdy: h2

cdn.totalsportek.space/favicon.ico

172.67.158.139

404 Not Found

555 B

URL GET HTTP/3
cdn.totalsportek.space/favicon.ico
IP
172.67.158.139:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0
Certificate
IssuerGoogle Trust Services
Subjecttotalsportek.space
Fingerprint0D:35:D1:41:A9:1D:E9:79:0F:B4:68:C8:BA:01:3C:70:8C:19:5A:84
ValidityTue, 31 Dec 2024 08:29:00 GMT - Mon, 31 Mar 2025 09:27:15 GMT

File type
HTML document, ASCII text, with very long lines (581), with no line terminators
Size
555 B (555 bytes)
Hash
e9e4f9c9480bb14ad8343f37e3fb9b99
628fcbc6080fd3e684d1def2e5f67e98133ffa3b
85e4b614933e56b4531289e0bc3d2665db1f2b9d04d2c756a4a72b867c059594

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cdn.totalsportek.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/nhl7.php&ask=1735869600&lgt=4&noplayer=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 03 Jan 2025 03:25:47 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 19
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KvBx%2BjWJkA6ET%2F%2BzXPbL2lRL68ECrOd7yJ9%2Bxa5H4jmy4Aa8LXVws83BePFkr8YMtPjAAteTwNJbO5GkSdfsVJBhxOcYpC%2BXCOwGw7WZVWSRDAM3nFSfa0gz9xcrytXiRogJvnUoANkt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fbfe2325e5956b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6881&min_rtt=2725&rtt_var=6222&sent=14&recv=10&lost=0&retrans=0&sent_bytes=4837&recv_bytes=1743&delivery_rate=1208&cwnd=12000&unsent_bytes=0&cid=e6a0fb4e171e5bf1&ts=733&x=1", cfExtPri, cfHdrFlush;dur=0

youradexchange.com/script/suurl5.php?r=7102142&cbur=0.026589183387948023&cbiframe=1&cbWidth=1100&cbHeight=619&cbtitle=&cbpage=https%3A%2F%2Fcdn.totalsportek.space%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=pndax.love&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1735874752572&srs=0964338757f8054ca0a80133e70a343a&atv=56.0&abtg=1&adbv=3-cdn-js

172.67.177.214

200 OK

910 B

URL GET HTTP/2
youradexchange.com/script/suurl5.php?r=7102142&cbur=0.026589183387948023&cbiframe=1&cbWidth=1100&cbHeight=619&cbtitle=&cbpage=https%3A%2F%2Fcdn.totalsportek.space%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=pndax.love&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1735874752572&srs=0964338757f8054ca0a80133e70a343a&atv=56.0&abtg=1&adbv=3-cdn-js
IP
172.67.177.214:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGoogle Trust Services
Subjectyouradexchange.com
Fingerprint8B:14:37:06:AD:3B:34:24:D2:1C:2E:8F:85:18:45:17:CE:7A:8F:77
ValidityFri, 06 Dec 2024 14:16:45 GMT - Thu, 06 Mar 2025 14:16:44 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (939), with no line terminators
Size
910 B (910 bytes)
Hash
2fd2b06ccef22b13913331c1b539ad14
d54ea498df6f68b8b3835a3631320e92e14e1089
94ca79400f554c75f8ad6c2615c1800278bab72e53a4e50700ae65d08798ce3b

HTTP Headers

GET /script/suurl5.php?r=7102142&cbur=0.026589183387948023&cbiframe=1&cbWidth=1100&cbHeight=619&cbtitle=&cbpage=https%3A%2F%2Fcdn.totalsportek.space%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=pndax.love&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1735874752572&srs=0964338757f8054ca0a80133e70a343a&atv=56.0&abtg=1&adbv=3-cdn-js HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://streambtw.com/
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 Jan 2025 03:25:52 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GcB5xuIFho0i8PsIbyymvI61CC%2FOPM0FG5h1N0S78A8bCSEtjGekIS9VMlTl8tciuIFDOUT2%2BSMNGPRm1%2FgIMjdGXJtx15HBShM%2B8OSMqaxj%2BtSx5Bf7n06Q%2Bb0GLC5dGd5HySI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8fbfe253feda568d-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=727&min_rtt=475&rtt_var=362&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3222&recv_bytes=1343&delivery_rate=5027777&cwnd=254&unsent_bytes=0&cid=b1f04af8e9e8a524&ts=185&x=0"
X-Firefox-Spdy: h2

streambtw.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/787bc399e22f/main.js?

188.114.96.1

200 OK

8.7 kB

URL GET HTTP/3
streambtw.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/787bc399e22f/main.js?
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint5A:65:C2:B5:FD:84:93:DB:C9:9D:3B:8B:D9:ED:14:58:7C:9E:DE:A8
ValiditySat, 23 Nov 2024 09:55:53 GMT - Fri, 21 Feb 2025 09:55:52 GMT

File type
JavaScript source, ASCII text, with very long lines (8687), with no line terminators
Size
8.7 kB (8687 bytes)
Hash
6d4bce30fb5cec1ab190999b2aa68709
7c955612039235b01a77716c67d1b6e1e44e5030
452bbcc55e5af6d18ba368da325216f78687579743ab950d1f3286b3c188685f

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/787bc399e22f/main.js? HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 03 Jan 2025 03:25:52 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
x-content-type-options: nosniff
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FUqTGdIdib7Qmq2Id2XOEFWX4v%2BlkKlAKcRNc%2BVRmCiwJ%2B4Lr3%2F%2F2CFrErPs%2B34DGhBfIA5%2FKRkceEAfFckPDLUr0KEieBMt51rdVZOA%2F6cLbnxkIwCn6VVYGF9sfouw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8fbfe2558f2256ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4293&min_rtt=1305&rtt_var=3162&sent=17&recv=12&lost=0&retrans=0&sent_bytes=5658&recv_bytes=1755&delivery_rate=26881&cwnd=12000&unsent_bytes=0&cid=60f3b47579244d89&ts=5447&x=1", cfExtPri, cfHdrFlush;dur=0

gutockeewhargo.net/?rb=1Ks5AKWDZNH-4QVrIMKI_OBbCV6w200Lsz3q1yRjXQd-ttIOcnij5J7KkdlhTZ-idRbXhESYlp2aYH3TNejj71eEyw_C94Vno_o83Le1w31f0o_YOIRiqGZHMiavvDhTX746wpEeLn0vFi5ULksLW_86Iu8Atu-r5jLFvnNpHVtSUBJOsuBPkDW6Pcg08f-dG_Ay15SqQHBF6hcCQqldou_j_EuNdTZD_Mil62vTe6JY5teFsaT1N5veIrE2TM7rkTMaEHxvzFyEIVvF-GFRx-eS4I0%3D&request_ab2=0&zoneid=6869446&js_build=iclick-v1.1028.2-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=619&wiw=1100&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1100&wfc=3&pl=https%3A%2F%2Fstreambtw.com%2Fiframe%2Fnhl7.php&drf=https%3A%2F%2Fcdn.totalsportek.space%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=3&wgl=&js_build=iclick-v1.1028.2-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=65598765-91e6-40e4-9ceb-1b8f040ae60f&wasm=1&userId=0081468969e14beaffa3084a7a05911b&m=link

139.45.197.107

202 Accepted

0 B

URL GET HTTP/2
gutockeewhargo.net/?rb=1Ks5AKWDZNH-4QVrIMKI_OBbCV6w200Lsz3q1yRjXQd-ttIOcnij5J7KkdlhTZ-idRbXhESYlp2aYH3TNejj71eEyw_C94Vno_o83Le1w31f0o_YOIRiqGZHMiavvDhTX746wpEeLn0vFi5ULksLW_86Iu8Atu-r5jLFvnNpHVtSUBJOsuBPkDW6Pcg08f-dG_Ay15SqQHBF6hcCQqldou_j_EuNdTZD_Mil62vTe6JY5teFsaT1N5veIrE2TM7rkTMaEHxvzFyEIVvF-GFRx-eS4I0%3D&request_ab2=0&zoneid=6869446&js_build=iclick-v1.1028.2-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=619&wiw=1100&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1100&wfc=3&pl=https%3A%2F%2Fstreambtw.com%2Fiframe%2Fnhl7.php&drf=https%3A%2F%2Fcdn.totalsportek.space%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=3&wgl=&js_build=iclick-v1.1028.2-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=65598765-91e6-40e4-9ceb-1b8f040ae60f&wasm=1&userId=0081468969e14beaffa3084a7a05911b&m=link
IP
139.45.197.107:443
ASN
#9002 RETN Limited

Requested by
https://streambtw.com/iframe/nhl7.php
Certificate
IssuerLet's Encrypt
Subjectgutockeewhargo.net
Fingerprint4F:98:FA:E6:1A:26:CF:55:06:DD:89:00:FE:C9:0F:12:AA:11:21:0C
ValidityThu, 14 Nov 2024 02:44:55 GMT - Wed, 12 Feb 2025 02:44:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=1Ks5AKWDZNH-4QVrIMKI_OBbCV6w200Lsz3q1yRjXQd-ttIOcnij5J7KkdlhTZ-idRbXhESYlp2aYH3TNejj71eEyw_C94Vno_o83Le1w31f0o_YOIRiqGZHMiavvDhTX746wpEeLn0vFi5ULksLW_86Iu8Atu-r5jLFvnNpHVtSUBJOsuBPkDW6Pcg08f-dG_Ay15SqQHBF6hcCQqldou_j_EuNdTZD_Mil62vTe6JY5teFsaT1N5veIrE2TM7rkTMaEHxvzFyEIVvF-GFRx-eS4I0%3D&request_ab2=0&zoneid=6869446&js_build=iclick-v1.1028.2-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=619&wiw=1100&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1100&wfc=3&pl=https%3A%2F%2Fstreambtw.com%2Fiframe%2Fnhl7.php&drf=https%3A%2F%2Fcdn.totalsportek.space%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=3&wgl=&js_build=iclick-v1.1028.2-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=65598765-91e6-40e4-9ceb-1b8f040ae60f&wasm=1&userId=0081468969e14beaffa3084a7a05911b&m=link HTTP/1.1
Host: gutockeewhargo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://streambtw.com/
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Cookie: OAID=0081466361af4acef575326d16b0ac55; oaidts=1735874753
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 202 Accepted
server: nginx
date: Fri, 03 Jan 2025 03:25:53 GMT
content-length: 0
x-trace-id: 88ff50d2b83f55e55c7dd0214690b832
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://streambtw.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=0081468969e14beaffa3084a7a05911b; expires=Sat, 03 Jan 2026 03:25:53 GMT; path=/; secure; SameSite=None
oaidts=1735874753; expires=Sat, 03 Jan 2026 03:25:53 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 10 Jan 2025 03:25:53 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (30)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL