Report - cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0

Report Overview

Visited public
2024-08-31 21:07:17
Tags
Submit Tags
URL
cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
Finishing URL
cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
Vipbox

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
chulhawakened.com	unknown	2023-07-20	2023-07-20 12:43:03	2024-08-20 19:13:23	413 B	1.5 kB	23.109.170.28
streambtw.com	unknown	2023-10-06	2023-10-08 00:21:16	2024-08-24 17:35:18	895 B	14 kB	172.67.154.191
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2024-08-31 17:44:28	425 B	146 kB	151.101.65.229
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-08-31 17:13:16	650 B	1.4 kB	142.250.74.131
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2024-08-31 12:49:10	989 B	1.5 kB	139.45.195.8
cdn.buffshub.stream	unknown	2023-11-08	2024-08-24 20:23:10	2024-08-24 20:23:10	1.2 kB	1.7 kB	188.114.97.1
tuskhautein.com	unknown	2024-02-17	2024-02-17 13:46:58	2024-08-17 15:58:22	417 B	1.5 kB	23.109.170.28
iszjwxqpyxjg.com	unknown	2024-06-03	2024-06-08 19:34:55	2024-08-24 17:35:19	953 B	31 kB	172.67.192.99
phomoach.net	unknown	2023-07-18	2023-07-19 14:45:05	2024-08-24 17:35:19	2.1 kB	42 kB	139.45.197.245
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-08-31 17:40:44	2.0 kB	5.3 kB	23.36.76.226
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-08-31 17:39:09	2.0 kB	5.3 kB	23.36.77.32
youradexchange.com	273384	2012-11-09	2013-02-04 17:25:46	2024-08-31 17:40:43	794 B	1.7 kB	104.21.91.188
ptaixout.net	unknown	2023-12-29	2023-12-29 16:56:09	2024-08-17 15:58:22	2.2 kB	47 kB	139.45.197.244
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-08-31 17:39:19	420 B	105 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-08-31	medium	ptaixout.net	Sinkholed
2024-08-31	medium	phomoach.net	Sinkholed
2024-08-31	medium	phomoach.net	Sinkholed
2024-08-31	medium	ptaixout.net	Sinkholed
2024-08-31	medium	phomoach.net	Sinkholed
2024-08-31	medium	ptaixout.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (25)

	URL	From	Size	First Seen	Last Seen
	streambtw.com/microtemplates/source[8]	Function	411 B	2023-04-18	2025-07-07
Pretty URL streambtw.com/microtemplates/source[8] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-07-07 23:10 Times Seen385 Hash df3a4f57bdb52c4a269eb2b59377f3cb 0db84a9e9f9e82efeb2681989399ab6573d77c6b 53af7b7da0dfacca9fe8e5ef9527deb979b62a14e7dd88f3f76ea0fca83592a9 Loading...

	cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0	ScriptElement	538 B	2023-03-12	2025-05-30
Pretty URL cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 20:58 Last Seen2025-05-30 00:34 Times Seen228 Hash 23f14ae712b847828254481b2c5a0069 0a7c5d70eacdb3e6f896855847bc1ab49656e466 6e28a139e5cde2bd01006e4ed5ef2f3c88b2fa2b2b2519a5f6a5714f205ffeed Loading...

	ptaixout.net/tag.min.js	ScriptElement	70 kB	2024-09-20	2024-09-20
Pretty URL ptaixout.net/tag.min.js IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-20 20:10 Last Seen2024-09-20 20:10 Times Seen5 Hash 3b70acb550686fdb2f5b46751c84127f 6fd7f4d8b6f4a669c2b0d4d15f200feae3c94479 2139c206afffe7369959a0a4d4f53d6c87357c438f13579f3ca3d469397c7c27 Loading...

	streambtw.com/microtemplates/source[1]	Function	790 B	2023-04-13	2025-07-07
Pretty URL streambtw.com/microtemplates/source[1] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 17:29 Last Seen2025-07-07 23:10 Times Seen992 Hash e22017c2e9c001bce109bfe2fe68c380 e5a75a55df382896aa8aff43bc37e72566edf401 0852bba61d02a2d08e06f623e1934f3c17d6d1e84b53d9ffcdc4524402733a54 Loading...

	cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0	ScriptElement	58 kB	2024-03-02	2025-05-30
Pretty URL cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-02 18:33 Last Seen2025-05-30 00:34 Times Seen151 Hash 442bbf420891666ab1ddf289fa9f00f4 6a68254c2ee844425bb535798fe4e959f3fed8d3 9ac456bebae6c065dffb8c8a2a798070000c248f081dfab9b2bdb66e7ac77b37 Loading...

	cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0	ScriptElement	444 B	2024-03-02	2025-05-30
Pretty URL cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-02 18:33 Last Seen2025-05-30 00:34 Times Seen151 Hash f022889803b87a9b11191e64f3b015ff 68b93d2eb3a9a660180f7420394d0c95a3163c29 f987cddb8c432a94c404efd65b7deba5216bae496ab375859f5e317860893298 Loading...

	streambtw.com/microtemplates/source[2]	Function	264 B	2023-04-18	2025-07-07
Pretty URL streambtw.com/microtemplates/source[2] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-07-07 23:10 Times Seen475 Hash d0be615cc98992c1be964cba7259830c c36a0d0080b96b43402f1004e112c6837e79d002 8a5de118b8985eaa80e287cffd27683a2817c2e09cf527d4166bded9ca58bb13 Loading...

	www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF	ScriptElement	316 kB	2024-09-20	2024-09-20
Pretty URL www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-20 20:10 Last Seen2024-09-20 20:10 Times Seen1 Hash e88cba410070a5750405ecf41268bd7c 48f61e3fe54b95f004fd5688be51057547617121 ca1309534c4a40d3e2d22224338233d626243b6ce2e4fb86990a4f58589b5258 Loading...

	cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0	ScriptElement	1.4 kB	2023-05-21	2025-05-30
Pretty URL cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0 IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-21 19:45 Last Seen2025-05-30 00:34 Times Seen228 Hash 9dc26956b3af9c5c1d866267c7b2eb8d 497c98086b37e029f85b9969b54a3c497f2c88d7 7be6becfe5575e1849b8ac25b05b1a6e3e3afc0b9adeeef521a5bd0a17fa154c Loading...

	cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js	ScriptElement	525 kB	2023-03-07	2025-07-09
Pretty URL cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js IP 151.101.65.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-07-09 09:50 Times Seen1021 Hash f55c6c796275a41ce7d97bd160e648ff 936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89 db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c Loading...

	streambtw.com/microtemplates/source[5]	Function	3.5 kB	2023-04-18	2025-07-07
Pretty URL streambtw.com/microtemplates/source[5] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-07-07 23:10 Times Seen405 Hash b6669abaec2c9816a30d51ba97928d1f b5fcc05b4a39f1e7629415f02c437353c99c3bca d9694562bb2b5918188cfaabeb9f5407029bf9f6efcc4b64e8ad20eb0efb16c3 Loading...

	streambtw.com/microtemplates/source[6]	Function	790 B	2023-04-18	2025-07-07
Pretty URL streambtw.com/microtemplates/source[6] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-07-07 23:10 Times Seen455 Hash b63c45532b29dca149e58059c4dda9d0 7c69772c55d148df85b03490653828e77f093d81 831e3aa44d50fb5073e06ce9c960e5d6dad6753c3201e5ba1f41671f3fc3f082 Loading...

	streambtw.com/microtemplates/source[7]	Function	264 B	2023-04-18	2025-07-07
Pretty URL streambtw.com/microtemplates/source[7] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-07-07 23:10 Times Seen391 Hash de4890d682457ece9d1231bf901a4b7b 7c1582ab0daae07f3bb8f11882e5987dae1eea03 662854444f6dd02beb0a7952e7f26532dee54687e942572180d753d14844c2cc Loading...

	chulhawakened.com/rmxWWDcqKHA/71505	ScriptElement	0 B	0001-01-01	2025-07-09
Pretty URL chulhawakened.com/rmxWWDcqKHA/71505 IP 23.109.170.28 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-07-09 10:09 Times Seen5357491 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	streambtw.com/microtemplates/source[0]	Function	420 B	2023-04-18	2025-07-07
Pretty URL streambtw.com/microtemplates/source[0] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-07-07 23:10 Times Seen455 Hash fed5d9c2aa8ce1ca9b2cdcc1bf78a76f 2be2268e87842e1b71bc636c59fd3501a2962e9d e466342e29693b661bdbb77424388fff4779ea4abccba3fcdc1789877580b65a Loading...

	unknown	ScriptElement	17 kB	2024-06-20	2024-09-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-20 16:10 Last Seen2024-09-20 20:14 Times Seen16 Hash f8c2dcfb4733f175720b5f8aec7ef5e9 f7f61035bd8d67479424bfa0aecae4330893a513 80117e3d95c54014d7ce88d9bf1a9b1c8f6b2041be8b8696142189bc1efbe376 Loading...

	unknown	ScriptElement	152 B	2023-11-20	2025-05-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 19:55 Last Seen2025-05-25 13:30 Times Seen129 Hash c960aa2b990a2f32a6515fd993ef8d9d 42aceea1497268b63f6db17ef5b6f36233c590a4 4e0c1a7d7371e788eeb96742b5815122fd314a396fc7233fac83ed89d6f03016 Loading...

	streambtw.com/iframe/box1.php	ScriptElement	170 kB	2024-06-20	2024-09-28
Pretty URL streambtw.com/iframe/box1.php IP 172.67.154.191 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-20 16:10 Last Seen2024-09-28 08:43 Times Seen23 Hash 444410fabb51017688916dc69d6516ae 2ab18bc2c3ce0ee44050ebec589b01bff93d06b2 15b292b7dda19ddce4e7df376c6a172cddb45e2c80d558e94c8571e1c1ae75a8 Loading...

	streambtw.com/microtemplates/source[4]	Function	251 B	2023-04-18	2025-07-07
Pretty URL streambtw.com/microtemplates/source[4] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-07-07 23:10 Times Seen391 Hash 486158165321d921fb388101d2bf4483 ba156a31e28d86c1c0ef9b1f008ba80af1452eda ea765f553d9d9b3240448ba6c80400cb77eb5b84c79561b25fdc9220b019d9d1 Loading...

	iszjwxqpyxjg.com/script/ut.js?cb=1725138411725	ScriptElement	63 kB	2024-07-24	2024-10-11
Pretty URL iszjwxqpyxjg.com/script/ut.js?cb=1725138411725 IP 172.67.192.99 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-07-24 18:59 Last Seen2024-10-11 09:16 Times Seen946 Hash e7bb8a3e002fb7cbc1b3ca32b73e6ac5 3620ea4939ad23830f716bfd94d4cb5e106cda89 0deb5082ddbcd905a8d9fff21cf5dfd1afdac4744f149a4db2801af971850390 Loading...

	unknown	ScriptElement	446 B	2024-01-31	2024-09-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-31 02:32 Last Seen2024-09-28 08:43 Times Seen57 Hash 1f33491e2717ff422bff1fe662a18299 7234981326e13a07dc22d9ceb6ee7cf1f43d14b5 38f08c3cb9cf0d38463b43739ae6e24d43a036ef1697d2608bfaad98d03d1b20 Loading...

	streambtw.com/microtemplates/source[3]	Function	279 B	2023-04-18	2025-07-07
Pretty URL streambtw.com/microtemplates/source[3] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-07-07 23:10 Times Seen453 Hash 6613c8a697a118f65bf3d9f380907d97 6efc80326892c7d5ea9749164eff813359f58964 61e2bbf236de13c2adb732aabea5f58d614a8d85d9e8c8750e846b26e4d05aa2 Loading...

	unknown	ScriptElement	489 B	2024-09-20	2024-09-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-20 20:10 Last Seen2024-09-20 20:10 Times Seen1 Hash fb381696149d46dd4a83d94b877dedd7 6ce0c2c3580f89193774acb108a2a423adb19379 cc6a949d57003829b68cbab1e6199dba19a0303b83f9f7971affb48fa2c91768 Loading...

	streambtw.com/iframe/box1.php	ScriptElement	59 kB	2024-01-31	2024-09-28
Pretty URL streambtw.com/iframe/box1.php IP 172.67.154.191 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-31 02:32 Last Seen2024-09-28 08:43 Times Seen57 Hash fa2b6cd49b36afbd85248ad398e01b61 cf5e578276c64be74e866de3aa49198da83201b9 e88f1563b20a74ee7182114b3355a1eadb948fd21ec6384a9fecd30ff267e233 Loading...

	streambtw.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	ScriptElement	12 kB	2023-03-07	2025-07-09
Pretty URL streambtw.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 172.67.154.191 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-09 10:04 Times Seen40382 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

HTTP Transactions (33)

URL IP Response Size

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c3d1bfb12515d2f23214f980f7a18b8c
24cc3d9048888cc7e1f4ff42b8fdc1c16c9feb46
35a446cea345dbdb2c297726a3d6cc5f1088f4f9a3f65904c3b9655056efda06

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "35A446CEA345DBDB2C297726A3D6CC5F1088F4F9A3F65904C3B9655056EFDA06"
Last-Modified: Thu, 29 Aug 2024 09:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7808
Expires: Sat, 31 Aug 2024 23:16:58 GMT
Date: Sat, 31 Aug 2024 21:06:50 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
404e3e4520c09fcce1358b1a21f6b171
040aa03460f3d7ec6f75cae0bf5a462a4bb9798d
f6fc34acb6b2d60bb37dd5caf92b0988cdd52927d80d1f5e7bc23b7db9e8209a

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F6FC34ACB6B2D60BB37DD5CAF92B0988CDD52927D80D1F5E7BC23B7DB9E8209A"
Last-Modified: Sat, 31 Aug 2024 00:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5156
Expires: Sat, 31 Aug 2024 22:32:46 GMT
Date: Sat, 31 Aug 2024 21:06:50 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
231aa156f55dd8497dca6a2066312be3
741432c8275492eb38bba5d0841685dc4f864fee
f348affacf8e814c579ff56d592287275dcf79e2f55f1d041921833d730d2349

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "F348AFFACF8E814C579FF56D592287275DCF79E2F55F1D041921833D730D2349"
Last-Modified: Sat, 31 Aug 2024 02:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9860
Expires: Sat, 31 Aug 2024 23:51:10 GMT
Date: Sat, 31 Aug 2024 21:06:50 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.226

504 B

URL
r10.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
9d2c063731a46a7e1548540195080de0
dd1924ebf7697509a10f3f07604f28f96b4fc498
0d414ed4850119c53fae9ddd19ee1dd95783fd08f7389c3e8ec95215023e298e

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0D414ED4850119C53FAE9DDD19EE1DD95783FD08F7389C3E8EC95215023E298E"
Last-Modified: Sat, 31 Aug 2024 02:33:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6683
Expires: Sat, 31 Aug 2024 22:58:13 GMT
Date: Sat, 31 Aug 2024 21:06:50 GMT
Connection: keep-alive

HEAD cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0

188.114.97.1

200 OK

0 B

URL HEAD HTTP/3
cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
Certificate
IssuerGoogle Trust Services
Subjectbuffshub.stream
FingerprintCA:7C:E4:7F:A8:ED:CF:1D:86:B6:6A:64:17:A2:8D:C9:EF:3A:A6:71
ValidityThu, 29 Aug 2024 23:43:18 GMT - Wed, 27 Nov 2024 23:43:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0 HTTP/1.1
Host: cdn.buffshub.stream
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 31 Aug 2024 21:06:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KqlDoCb19l52EwUP4Mvnbb4DiDjpyUNQNYE4yKo0%2Fm4UCofKFnLwpoth7jAgBEXPVsd%2BiHI2l1fY0uqZt7yGdMRQBaf%2Feugk7kswSQxeMULRYGhEsc2vqOnl1dr1%2B0NegLCDgRUa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bbffc9ef986b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
6d17ce9cdbf3fb46d0aff63ad5cfda08
ac4d74b7cc704f9326890ab25b36fcabbcfca64b
90e1c9be75b699818f1fabfc0a63ca40424eb1fdc70e3e5eb7cd8d551b93c3eb

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "90E1C9BE75B699818F1FABFC0A63CA40424EB1FDC70E3E5EB7CD8D551B93C3EB"
Last-Modified: Sat, 31 Aug 2024 05:23:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3376
Expires: Sat, 31 Aug 2024 22:03:07 GMT
Date: Sat, 31 Aug 2024 21:06:51 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
61f1c8b20327dbe26cfb529273bbae4e
4b35c99833e22b4830f1afbc52c7196622436347
0a53125bc4e09e88edafc802a4692e088dab9ff510ec04edb19d345192b2d508

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "0A53125BC4E09E88EDAFC802A4692E088DAB9FF510EC04EDB19D345192B2D508"
Last-Modified: Sat, 31 Aug 2024 03:29:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11751
Expires: Sun, 01 Sep 2024 00:22:42 GMT
Date: Sat, 31 Aug 2024 21:06:51 GMT
Connection: keep-alive

GET tuskhautein.com/r7838fFXOj9CwcDJw/77025

23.109.170.28

200 OK

20 B

URL GET HTTP/1.1
tuskhautein.com/r7838fFXOj9CwcDJw/77025
IP
23.109.170.28:443
ASN
#7979 SERVERS-COM

Requested by
https://cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
Certificate
IssuerLet's Encrypt
Subjecttuskhautein.com
Fingerprint85:C3:9C:79:04:52:5D:85:D1:6D:27:08:FF:90:F2:14:B5:D3:4A:6A
ValidityThu, 04 Jul 2024 22:34:47 GMT - Wed, 02 Oct 2024 22:34:46 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /r7838fFXOj9CwcDJw/77025 HTTP/1.1
Host: tuskhautein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.buffshub.stream/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 Aug 2024 21:06:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://cdn.buffshub.stream
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 01-Sep-2024 21:06:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwNwz0OgjAYBuB%2B39BoJCZv5ACcAIHgwOjP4GBw4ASARBualrSAejN3L6ZP8gghOAzAakBQpHGRxHkWp7scdAeXV3BrIEvrnvUb5MBJBnYGi33fOf%2BYPKjF6vz9zKqP5s71IIX1QatXVFk9jcoaD%2F5fHutGd9tTdQENksCjlQz2t1CAZrn5ASyhICQ%3D; expires=Sun, 01-Sep-2024 21:06:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET chulhawakened.com/rmxWWDcqKHA/71505

23.109.170.28

200 OK

20 B

URL GET HTTP/1.1
chulhawakened.com/rmxWWDcqKHA/71505
IP
23.109.170.28:443
ASN
#7979 SERVERS-COM

Requested by
https://cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
Certificate
IssuerLet's Encrypt
Subjectchulhawakened.com
Fingerprint39:A4:65:61:F7:FF:B6:2A:3B:EE:28:C0:B3:9E:89:F3:E5:2B:9B:58
ValiditySat, 29 Jun 2024 22:20:53 GMT - Fri, 27 Sep 2024 22:20:52 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /rmxWWDcqKHA/71505 HTTP/1.1
Host: chulhawakened.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.buffshub.stream/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 Aug 2024 21:06:51 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://cdn.buffshub.stream
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Sun, 01-Sep-2024 21:06:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwNwz0OgjAYBuB%2B39BoJCZv5ACcAIHgwOjP4GBw4ASARBualrSAejN3L6ZP8gghOAzAakBQpHGRxHkWp7scdAeXV3BrIEvrnvUb5MBJBnYGi33fOf%2BYPKjF6vz9zKqP5s71IIX1QatXVFk9jcoaD%2F5fHutGd9tTdQENksCjlQz2t1CAZrn5ASyhICQ%3D; expires=Sun, 01-Sep-2024 21:06:51 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
1c5e25f84406e96c369b486eb8811885
f18b2c54f7af13771c3d79a686a2069c2f261e42
a0d30aef8fac6dfb96cbcb7d3fd674075728deb8e6643e8c370f4e257dc3bebd

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A0D30AEF8FAC6DFB96CBCB7D3FD674075728DEB8E6643E8C370F4E257DC3BEBD"
Last-Modified: Fri, 30 Aug 2024 06:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21382
Expires: Sun, 01 Sep 2024 03:03:13 GMT
Date: Sat, 31 Aug 2024 21:06:51 GMT
Connection: keep-alive

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
1c5e25f84406e96c369b486eb8811885
f18b2c54f7af13771c3d79a686a2069c2f261e42
a0d30aef8fac6dfb96cbcb7d3fd674075728deb8e6643e8c370f4e257dc3bebd

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A0D30AEF8FAC6DFB96CBCB7D3FD674075728DEB8E6643E8C370F4E257DC3BEBD"
Last-Modified: Fri, 30 Aug 2024 06:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21404
Expires: Sun, 01 Sep 2024 03:03:35 GMT
Date: Sat, 31 Aug 2024 21:06:51 GMT
Connection: keep-alive

GET ptaixout.net/tag.min.js

139.45.197.244

200 OK

27 kB

URL GET HTTP/2
ptaixout.net/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
Certificate
IssuerLet's Encrypt
Subjectptaixout.net
FingerprintDC:C1:4B:ED:63:0A:C4:6E:F4:FA:5B:E0:B5:13:BF:DB:0E:B7:96:B9
ValiditySun, 25 Aug 2024 05:11:34 GMT - Sat, 23 Nov 2024 05:11:33 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
27 kB (26710 bytes)
Hash
3b70acb550686fdb2f5b46751c84127f
6fd7f4d8b6f4a669c2b0d4d15f200feae3c94479
2139c206afffe7369959a0a4d4f53d6c87357c438f13579f3ca3d469397c7c27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: ptaixout.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.buffshub.stream/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 31 Aug 2024 21:06:51 GMT
content-type: text/javascript; charset=utf-8
content-length: 26710
content-encoding: br
x-trace-id: 78c3fe91f3466bdd94aa2feda675a9aa
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Sat, 31 Aug 2024 19:02:08 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET streambtw.com/iframe/box1.php

172.67.154.191

200 OK

0 B

URL GET HTTP/2
streambtw.com/iframe/box1.php
IP
172.67.154.191:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint2E:14:BC:E5:6A:EE:3A:34:FE:CF:E4:49:E7:DA:38:DA:89:BC:E6:D8
ValiditySun, 28 Jul 2024 04:18:47 GMT - Sat, 26 Oct 2024 04:18:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /iframe/box1.php HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/box1.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 31 Aug 2024 21:06:51 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dbRV4WzdlCFWZQHqcOiKPHpFI39vp5U4geUxMJYWFiHzDuriI%2FVZMf152WwOiiSpwnWEnthbuX2Kv1gQeSyoLgkQw%2Bdrz0vE79h2TJdHDHV6UCmmvMBDmppi%2Fh6TUZ%2Br"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bbffca199655690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js

151.101.65.229

200 OK

145 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://streambtw.com/iframe/box1.php
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
145 kB (145133 bytes)
Hash
f55c6c796275a41ce7d97bd160e648ff
936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89
db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c

HTTP Headers

GET /npm/clappr@latest/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.3.13
x-jsd-version-type: version
etag: W/"80319-k2KF+cjIWnSaHvjPxNXoS36ivIk"
content-encoding: br
accept-ranges: bytes
date: Sat, 31 Aug 2024 21:06:51 GMT
age: 22861
x-served-by: cache-fra-etou8220029-FRA, cache-hel1410028-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 145133
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e1e7985af6edd96afb839671a7502393
2aad8aee9a66fee00955b574a159d0367815e4d7
e86ec88c1fddbccacedbc85768047d0cde32064580298b6c9e6ee05f937ddb57

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 31 Aug 2024 21:06:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
f03b428e413316fd944e35ffc3c0390e
14e85e80fd0148e06bd44df939036d960c71e544
8702d9e2de258eef3749d93018016ae6a811a73c190eb402c400e0522dd713c1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8702D9E2DE258EEF3749D93018016AE6A811A73C190EB402C400E0522DD713C1"
Last-Modified: Sat, 31 Aug 2024 04:12:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9488
Expires: Sat, 31 Aug 2024 23:44:59 GMT
Date: Sat, 31 Aug 2024 21:06:51 GMT
Connection: keep-alive

GET iszjwxqpyxjg.com/script/ut.js?cb=1725138411725

172.67.192.99

200 OK

24 kB

URL GET HTTP/2
iszjwxqpyxjg.com/script/ut.js?cb=1725138411725
IP
172.67.192.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/box1.php
Certificate
IssuerGoogle Trust Services
Subjectiszjwxqpyxjg.com
Fingerprint8F:D4:3C:21:C2:3F:83:FB:72:CD:F4:25:64:DA:1C:24:95:C1:0D:6E
ValidityThu, 01 Aug 2024 08:53:38 GMT - Wed, 30 Oct 2024 08:53:37 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (63243), with no line terminators
Size
24 kB (23954 bytes)
Hash
e7bb8a3e002fb7cbc1b3ca32b73e6ac5
3620ea4939ad23830f716bfd94d4cb5e106cda89
0deb5082ddbcd905a8d9fff21cf5dfd1afdac4744f149a4db2801af971850390

HTTP Headers

GET /script/ut.js?cb=1725138411725 HTTP/1.1
Host: iszjwxqpyxjg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 31 Aug 2024 21:06:51 GMT
content-type: text/javascript
x-goog-generation: 1721821314858390
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 63280
x-goog-hash: crc32c=IaaDjg==, md5=57uKPgAvt8vBs8oytz5qxQ==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
x-guploader-uploadid: AHxI1nNq_VTmW5oFB7oSWTMBVP3tiHiG00ZK_PDFqXbB5DG8oQ56u7PJ84qBCgq3sMkIKIgoVb8
expires: Sat, 31 Aug 2024 21:14:19 GMT
cache-control: public, max-age=14400
age: 2891
last-modified: Wed, 24 Jul 2024 11:41:54 GMT
etag: W/"e7bb8a3e002fb7cbc1b3ca32b73e6ac5"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q7waZb8rPP2qM7NLdbsN1xz26lyZNxvcoIyQfCXzMK6aJK9ntYEhXPyCf1y10E6SXzOq2EvUdOLKUdoOXIbc4VPE5WGRWZ%2BNAyRcKrMWr3tJE3zJJZ0tVWVhRtXL1t5jipWw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bbffca229c556c9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
527229ce8163ea0c1a4a938296823491
15e43bcd3c66beaa4cdd4369cb119b1f60f8f84c
72cf614a6f1a20a436db3130f0fbbef00c128e5b7f1ae42ae4fb58dffbe2ba62

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "72CF614A6F1A20A436DB3130F0FBBEF00C128E5B7F1AE42AE4FB58DFFBE2BA62"
Last-Modified: Fri, 30 Aug 2024 02:04:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2787
Expires: Sat, 31 Aug 2024 21:53:19 GMT
Date: Sat, 31 Aug 2024 21:06:52 GMT
Connection: keep-alive

GET www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF

142.250.74.168

200 OK

105 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://streambtw.com/iframe/box1.php
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint6F:61:E4:8D:EC:1C:CD:28:E6:08:5A:59:AA:A1:D3:6D:7E:95:B9:28
ValidityMon, 05 Aug 2024 06:37:21 GMT - Mon, 28 Oct 2024 06:37:20 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
105 kB (104774 bytes)
Hash
e88cba410070a5750405ecf41268bd7c
48f61e3fe54b95f004fd5688be51057547617121
ca1309534c4a40d3e2d22224338233d626243b6ce2e4fb86990a4f58589b5258

HTTP Headers

GET /gtag/js?id=G-PQ1PJ56MMF HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 31 Aug 2024 21:06:51 GMT
expires: Sat, 31 Aug 2024 21:06:51 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104774
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.77.32

504 B

URL
r10.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
f03b428e413316fd944e35ffc3c0390e
14e85e80fd0148e06bd44df939036d960c71e544
8702d9e2de258eef3749d93018016ae6a811a73c190eb402c400e0522dd713c1

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "8702D9E2DE258EEF3749D93018016AE6A811A73C190EB402C400E0522DD713C1"
Last-Modified: Sat, 31 Aug 2024 04:12:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9487
Expires: Sat, 31 Aug 2024 23:44:59 GMT
Date: Sat, 31 Aug 2024 21:06:52 GMT
Connection: keep-alive

GET my.rtmark.net/gid.js?userId=0080c9a6faaa4eb7f09381f9725fe7cd

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0080c9a6faaa4eb7f09381f9725fe7cd
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint59:49:A1:C9:C3:99:98:FC:2D:E7:4A:9E:86:83:A6:DE:2E:C3:8A:B6
ValidityFri, 30 Aug 2024 01:00:45 GMT - Thu, 28 Nov 2024 01:00:44 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
48ed58fef50d7849f363f8039b1a3b83
a34f320e6590751e68fe72520d7cbc8a5c8fe9b1
fab96c326b4e39f47a5a70076d3cf68326090542b6d62fbc54739db8638ae6cb

HTTP Headers

GET /gid.js?userId=0080c9a6faaa4eb7f09381f9725fe7cd HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.buffshub.stream
DNT: 1
Connection: keep-alive
Referer: https://cdn.buffshub.stream/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 31 Aug 2024 21:06:52 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://cdn.buffshub.stream
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080c9a6faaa4eb7f09381f9725fe7cd; expires=Sun, 31 Aug 2025 21:06:52 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET phomoach.net/tag.min.js

139.45.197.245

200 OK

27 kB

URL GET HTTP/2
phomoach.net/tag.min.js
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://streambtw.com/iframe/box1.php
Certificate
IssuerLet's Encrypt
Subjectphomoach.net
FingerprintBC:35:2A:2E:18:5E:C3:9B:07:C1:AA:7F:94:38:42:49:6B:22:AB:8A
ValidityThu, 22 Aug 2024 05:34:23 GMT - Wed, 20 Nov 2024 05:34:22 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
27 kB (26710 bytes)
Hash
3b70acb550686fdb2f5b46751c84127f
6fd7f4d8b6f4a669c2b0d4d15f200feae3c94479
2139c206afffe7369959a0a4d4f53d6c87357c438f13579f3ca3d469397c7c27

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: phomoach.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 31 Aug 2024 21:06:52 GMT
content-type: text/javascript; charset=utf-8
content-length: 26710
content-encoding: br
x-trace-id: 6728852b225777619e78325468d890e4
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Sat, 31 Aug 2024 19:02:08 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e1e7985af6edd96afb839671a7502393
2aad8aee9a66fee00955b574a159d0367815e4d7
e86ec88c1fddbccacedbc85768047d0cde32064580298b6c9e6ee05f937ddb57

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 31 Aug 2024 21:06:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

GET my.rtmark.net/gid.js?userId=0080c9ed704f4f30f571f703a8ecd0d7

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0080c9ed704f4f30f571f703a8ecd0d7
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://streambtw.com/iframe/box1.php
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint59:49:A1:C9:C3:99:98:FC:2D:E7:4A:9E:86:83:A6:DE:2E:C3:8A:B6
ValidityFri, 30 Aug 2024 01:00:45 GMT - Thu, 28 Nov 2024 01:00:44 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
48ed58fef50d7849f363f8039b1a3b83
a34f320e6590751e68fe72520d7cbc8a5c8fe9b1
fab96c326b4e39f47a5a70076d3cf68326090542b6d62fbc54739db8638ae6cb

HTTP Headers

GET /gid.js?userId=0080c9ed704f4f30f571f703a8ecd0d7 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Cookie: ID=0080c9a6faaa4eb7f09381f9725fe7cd
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 31 Aug 2024 21:06:52 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://streambtw.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080c9a6faaa4eb7f09381f9725fe7cd; expires=Sun, 31 Aug 2025 21:06:52 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

r11.o.lencr.org/

23.36.77.32

504 B

URL
r11.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
cd17cb634dff900a1abd17dd730b0151
1c8c3d220db108bce3fa89adf307e60dedb6d1f8
258b4750ae88b4ec55c156020ceae77b64bc5042990ac9502780b59faa8f3779

HTTP Headers

POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "258B4750AE88B4EC55C156020CEAE77B64BC5042990AC9502780B59FAA8F3779"
Last-Modified: Sat, 31 Aug 2024 02:38:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6447
Expires: Sat, 31 Aug 2024 22:54:20 GMT
Date: Sat, 31 Aug 2024 21:06:53 GMT
Connection: keep-alive

GET phomoach.net/?rb=3S7a352y1KfIzaFsym9rw8O1zRmEFyvjRiMa0YOwaC-ty7y2FR6X22n2WKkxjctDe4H7vA08cBMonBObVXghb6II_KnMX2fhPPdHk4nh-qQpzVIYXzKKDRLxw3wiPMbZF0H_rBM07C6e1bD1RCXIKe8W7xPE74sF7f_OBDfFkcXGeLZ15Jw-4dH6SNsayhnFc9LfVImViakIs8lSVHV05V5AjiP5gW54swscUMcqK-RcxTXmo-FAbw85xxmajM0-qirWMgSf4iwdebFB&request_ab2=0&zoneid=6869446&js_build=iclick-v1.916.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=619&wiw=1100&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1100&wfc=2&pl=https%3A%2F%2Fstreambtw.com%2Fiframe%2Fbox1.php&drf=https%3A%2F%2Fcdn.buffshub.stream%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.916.9-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=6b31c49d-c4ab-42ea-8703-212a7c8af89a&wasm=1&userId=0080c9a6faaa4eb7f09381f9725fe7cd&m=link

139.45.197.245

200 OK

7.7 kB

URL GET HTTP/2
phomoach.net/?rb=3S7a352y1KfIzaFsym9rw8O1zRmEFyvjRiMa0YOwaC-ty7y2FR6X22n2WKkxjctDe4H7vA08cBMonBObVXghb6II_KnMX2fhPPdHk4nh-qQpzVIYXzKKDRLxw3wiPMbZF0H_rBM07C6e1bD1RCXIKe8W7xPE74sF7f_OBDfFkcXGeLZ15Jw-4dH6SNsayhnFc9LfVImViakIs8lSVHV05V5AjiP5gW54swscUMcqK-RcxTXmo-FAbw85xxmajM0-qirWMgSf4iwdebFB&request_ab2=0&zoneid=6869446&js_build=iclick-v1.916.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=619&wiw=1100&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1100&wfc=2&pl=https%3A%2F%2Fstreambtw.com%2Fiframe%2Fbox1.php&drf=https%3A%2F%2Fcdn.buffshub.stream%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.916.9-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=6b31c49d-c4ab-42ea-8703-212a7c8af89a&wasm=1&userId=0080c9a6faaa4eb7f09381f9725fe7cd&m=link
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://streambtw.com/iframe/box1.php
Certificate
IssuerLet's Encrypt
Subjectphomoach.net
FingerprintBC:35:2A:2E:18:5E:C3:9B:07:C1:AA:7F:94:38:42:49:6B:22:AB:8A
ValidityThu, 22 Aug 2024 05:34:23 GMT - Wed, 20 Nov 2024 05:34:22 GMT

File type
gzip compressed data, max speed, from Unix
Size
7.7 kB (7688 bytes)
Hash
3b18b8389fcebc4fce5f4dba9bec007d
f01a63fee64b06ab697b643c655594dc5f0b1dca
6cfb3168b08925967438ee03b975346623acd79a29b5bedb7b51eeb512934650

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=3S7a352y1KfIzaFsym9rw8O1zRmEFyvjRiMa0YOwaC-ty7y2FR6X22n2WKkxjctDe4H7vA08cBMonBObVXghb6II_KnMX2fhPPdHk4nh-qQpzVIYXzKKDRLxw3wiPMbZF0H_rBM07C6e1bD1RCXIKe8W7xPE74sF7f_OBDfFkcXGeLZ15Jw-4dH6SNsayhnFc9LfVImViakIs8lSVHV05V5AjiP5gW54swscUMcqK-RcxTXmo-FAbw85xxmajM0-qirWMgSf4iwdebFB&request_ab2=0&zoneid=6869446&js_build=iclick-v1.916.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=619&wiw=1100&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1100&wfc=2&pl=https%3A%2F%2Fstreambtw.com%2Fiframe%2Fbox1.php&drf=https%3A%2F%2Fcdn.buffshub.stream%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.916.9-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=6b31c49d-c4ab-42ea-8703-212a7c8af89a&wasm=1&userId=0080c9a6faaa4eb7f09381f9725fe7cd&m=link HTTP/1.1
Host: phomoach.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://streambtw.com/
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Cookie: OAID=0080c9ed704f4f30f571f703a8ecd0d7; oaidts=1725138412
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 31 Aug 2024 21:06:52 GMT
content-type: application/json
x-trace-id: bcc27e3e75f64f4653576735b1c0adc0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://streambtw.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080c9a6faaa4eb7f09381f9725fe7cd; expires=Sun, 31 Aug 2025 21:06:52 GMT; path=/; secure; SameSite=None
oaidts=1725138412; expires=Sun, 31 Aug 2025 21:06:52 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 07 Sep 2024 21:06:52 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET ptaixout.net/?rb=lDafWwuWp6IkXl0Q1A_t5OwWQq9M-TnQuYX3qx-0DF4TMwQivGcuncNQgETlTx_nsiP0JiQOZTCaL2kLGRxFr9yMhQf0dod_VgoU_KD1azk_dyeIfRXiLbUCNcU_7MfGJfwu68h-O64qMihOfIiwFR1dGBTqQOlTxs3KU321WD0irPKudU5d8SuejcackJzIwop2v82UIWy3z8nsURUjC4yq3Ae6xUvGEyxj7MzP52Q4vdtGMiuselNcglOS69o-WhNYAWsXqVmA9H_OTtcOEjCXcGw%3D&request_ab2=0&zoneid=6320745&js_build=iclick-v1.916.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=2&pl=https%3A%2F%2Fcdn.buffshub.stream%2Fembed77%2F%3Fevent%3Dstack.html%26link%3D1%26domain%3D%26force%3Dhttps%3A%2F%2Fstreambtw.com%2Fiframe%2Fbox1.php%26ask%3D1725156000%26lgt%3D12%26noplayer%3D0&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.916.9-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=0f116875-270d-4fd3-a89f-ed2671b7baf5&wasm=1&userId=0080c9a6faaa4eb7f09381f9725fe7cd&m=link

139.45.197.244

200 OK

13 kB

URL GET HTTP/2
ptaixout.net/?rb=lDafWwuWp6IkXl0Q1A_t5OwWQq9M-TnQuYX3qx-0DF4TMwQivGcuncNQgETlTx_nsiP0JiQOZTCaL2kLGRxFr9yMhQf0dod_VgoU_KD1azk_dyeIfRXiLbUCNcU_7MfGJfwu68h-O64qMihOfIiwFR1dGBTqQOlTxs3KU321WD0irPKudU5d8SuejcackJzIwop2v82UIWy3z8nsURUjC4yq3Ae6xUvGEyxj7MzP52Q4vdtGMiuselNcglOS69o-WhNYAWsXqVmA9H_OTtcOEjCXcGw%3D&request_ab2=0&zoneid=6320745&js_build=iclick-v1.916.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=2&pl=https%3A%2F%2Fcdn.buffshub.stream%2Fembed77%2F%3Fevent%3Dstack.html%26link%3D1%26domain%3D%26force%3Dhttps%3A%2F%2Fstreambtw.com%2Fiframe%2Fbox1.php%26ask%3D1725156000%26lgt%3D12%26noplayer%3D0&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.916.9-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=0f116875-270d-4fd3-a89f-ed2671b7baf5&wasm=1&userId=0080c9a6faaa4eb7f09381f9725fe7cd&m=link
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
Certificate
IssuerLet's Encrypt
Subjectptaixout.net
FingerprintDC:C1:4B:ED:63:0A:C4:6E:F4:FA:5B:E0:B5:13:BF:DB:0E:B7:96:B9
ValiditySun, 25 Aug 2024 05:11:34 GMT - Sat, 23 Nov 2024 05:11:33 GMT

File type
gzip compressed data, max speed, from Unix
Size
13 kB (12799 bytes)
Hash
8246700ae24e9bfdf745f481e5888eed
f6f9d6744f3df8120cbb3df4a3505b36529944c1
588105e34fdaf21a3baaed18d31f630494e27294c1bf63eac53b6eabb6552e23

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=lDafWwuWp6IkXl0Q1A_t5OwWQq9M-TnQuYX3qx-0DF4TMwQivGcuncNQgETlTx_nsiP0JiQOZTCaL2kLGRxFr9yMhQf0dod_VgoU_KD1azk_dyeIfRXiLbUCNcU_7MfGJfwu68h-O64qMihOfIiwFR1dGBTqQOlTxs3KU321WD0irPKudU5d8SuejcackJzIwop2v82UIWy3z8nsURUjC4yq3Ae6xUvGEyxj7MzP52Q4vdtGMiuselNcglOS69o-WhNYAWsXqVmA9H_OTtcOEjCXcGw%3D&request_ab2=0&zoneid=6320745&js_build=iclick-v1.916.9-auto&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=2&pl=https%3A%2F%2Fcdn.buffshub.stream%2Fembed77%2F%3Fevent%3Dstack.html%26link%3D1%26domain%3D%26force%3Dhttps%3A%2F%2Fstreambtw.com%2Fiframe%2Fbox1.php%26ask%3D1725156000%26lgt%3D12%26noplayer%3D0&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.916.9-auto&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=0f116875-270d-4fd3-a89f-ed2671b7baf5&wasm=1&userId=0080c9a6faaa4eb7f09381f9725fe7cd&m=link HTTP/1.1
Host: ptaixout.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cdn.buffshub.stream/
Origin: https://cdn.buffshub.stream
DNT: 1
Connection: keep-alive
Cookie: OAID=0080c9a6faaa4eb7f09381f9725fe7cd; oaidts=1725138411
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 31 Aug 2024 21:06:52 GMT
content-type: application/json
x-trace-id: 3f3654420cbb764e81dce58311466f94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://cdn.buffshub.stream
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080c9a6faaa4eb7f09381f9725fe7cd; expires=Sun, 31 Aug 2025 21:06:52 GMT; path=/; secure; SameSite=None
oaidts=1725138412; expires=Sun, 31 Aug 2025 21:06:52 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 07 Sep 2024 21:06:52 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET iszjwxqpyxjg.com/script/38861cba61c66739c1452c3a71e39852.ttf

172.67.192.99

403 Forbidden

4.9 kB

URL GET HTTP/3
iszjwxqpyxjg.com/script/38861cba61c66739c1452c3a71e39852.ttf
IP
172.67.192.99:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/box1.php
Certificate
IssuerGoogle Trust Services
Subjectiszjwxqpyxjg.com
Fingerprint8F:D4:3C:21:C2:3F:83:FB:72:CD:F4:25:64:DA:1C:24:95:C1:0D:6E
ValidityThu, 01 Aug 2024 08:53:38 GMT - Wed, 30 Oct 2024 08:53:37 GMT

File type
XML 1.0 document, ASCII text, with no line terminators
Size
4.9 kB (4892 bytes)
Hash
e7a9350210b4dba641f6020447c96045
581accef4a8b7fbed97291fe7dd4e113f794ec80
08142330655deb1526dcc56795c92eb5c13012f75b599d5ac68db4027953ed80

HTTP Headers

GET /script/38861cba61c66739c1452c3a71e39852.ttf HTTP/1.1
Host: iszjwxqpyxjg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 403 Forbidden
date: Sat, 31 Aug 2024 21:06:52 GMT
content-type: application/xml; charset=UTF-8
access-control-allow-origin: *
x-guploader-uploadid: AD-8ljul3En2u-49erVj7FluIGZDX_7lt9pYGCGRqfucksF4xfCKmX1JX1iCu6bYv06-vtgXVMU
expires: Sat, 31 Aug 2024 21:06:52 GMT
cache-control: private, max-age=0
access-control-expose-headers: Cache-Control, Content-Length, Date, Expires, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hjCiio1yx5TlwY%2FPv3IbpSSK%2BHbg313xKLMmGRv4gl9Wd23HIKGl2rz7AFVVptYkZqSYL10Wd9S1%2FecfWsVnP%2BWVCIkdNsPM%2FCA6vKUlNuSyndPHwlARMqrdbVP%2BpdKquVPK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bbffca43fdbb51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET streambtw.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

172.67.154.191

200 OK

12 kB

URL GET HTTP/3
streambtw.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
172.67.154.191:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/box1.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint2E:14:BC:E5:6A:EE:3A:34:FE:CF:E4:49:E7:DA:38:DA:89:BC:E6:D8
ValiditySun, 28 Jul 2024 04:18:47 GMT - Sat, 26 Oct 2024 04:18:46 GMT

File type
JavaScript source, ASCII text, with very long lines (12331)
Size
12 kB (12332 bytes)
Hash
88a769d2fe35899fd45a332a0a032cc0
514c6c1d8475d17e412849a4c90159517d0fa10a
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/box1.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 31 Aug 2024 21:06:51 GMT
content-type: application/javascript
last-modified: Tue, 27 Aug 2024 19:10:54 GMT
etag: W/"66ce24be-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1C4ye7oYNB6BMz3gzaETCXzkiLre5UiGDoL%2FGPuhgb9L6Eig%2Fw5xJl3rG9ci6pmGeKnKObVf9id7vdAqRHy9OPG9XOLGR%2B2jZrkufVJkCqOe8G8iphkVZ9ntU7SxPLgZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8bbffca0afac5690-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Mon, 02 Sep 2024 21:06:51 GMT
cache-control: max-age=172800, public
content-encoding: gzip

GET youradexchange.com/script/suurl5.php?r=7102142&cbur=0.6305622634894605&cbiframe=1&cbWidth=1100&cbHeight=619&cbtitle=&cbpage=https%3A%2F%2Fcdn.buffshub.stream%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=iszjwxqpyxjg.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1725138411595&srs=52858e4dc01b11427809d5ecd00d0d33&atv=50.3&abtg=1&adbv=3-swat3-swf2

104.21.91.188

200 OK

974 B

URL GET HTTP/2
youradexchange.com/script/suurl5.php?r=7102142&cbur=0.6305622634894605&cbiframe=1&cbWidth=1100&cbHeight=619&cbtitle=&cbpage=https%3A%2F%2Fcdn.buffshub.stream%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=iszjwxqpyxjg.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1725138411595&srs=52858e4dc01b11427809d5ecd00d0d33&atv=50.3&abtg=1&adbv=3-swat3-swf2
IP
104.21.91.188:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/box1.php
Certificate
IssuerGoogle Trust Services
Subjectyouradexchange.com
FingerprintD8:46:E9:FF:F1:AB:26:FE:28:F8:83:F8:5A:BB:5D:CD:C2:07:55:71
ValiditySat, 10 Aug 2024 07:49:27 GMT - Fri, 08 Nov 2024 07:49:26 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1001), with no line terminators
Size
974 B (974 bytes)
Hash
c3dcd9fc1a0384c1fab795f16c2190de
663286a293899167725de8efe242f79938184c0f
c24252b93ee7dea33fae51680174c90978f3ffb0cd7d620320e7be9f8572c3b0

HTTP Headers

GET /script/suurl5.php?r=7102142&cbur=0.6305622634894605&cbiframe=1&cbWidth=1100&cbHeight=619&cbtitle=&cbpage=https%3A%2F%2Fcdn.buffshub.stream%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=iszjwxqpyxjg.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1725138411595&srs=52858e4dc01b11427809d5ecd00d0d33&atv=50.3&abtg=1&adbv=3-swat3-swf2 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://streambtw.com/
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 31 Aug 2024 21:06:51 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WgC0q7sSURBN2mgOrchH11BitA3CRSaMi5WYPSG8X2sEX3mrqiExEgQl0uFVZfkO12CchKl7jNCvN0ZNYNbEMXngMhdYVAk8M5iapnsQmTeIPnoVaT7epC4g4q3YJx%2FtKC15YXE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bbffca12c79b4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET phomoach.net/5/6869446/?oo=1&aab=1

139.45.197.245

200 OK

3.8 kB

URL GET HTTP/2
phomoach.net/5/6869446/?oo=1&aab=1
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://streambtw.com/iframe/box1.php
Certificate
IssuerLet's Encrypt
Subjectphomoach.net
FingerprintBC:35:2A:2E:18:5E:C3:9B:07:C1:AA:7F:94:38:42:49:6B:22:AB:8A
ValidityThu, 22 Aug 2024 05:34:23 GMT - Wed, 20 Nov 2024 05:34:22 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3839), with no line terminators
Size
3.8 kB (3835 bytes)
Hash
475a06e43d10bb234023289e99e62516
6703d8c28af20690ccc1b58e51b8012cac2c9853
3803bafd71efd9941e4dd76e50fbb8455863dc7bfd0e2062ed25951004b44061

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6869446/?oo=1&aab=1 HTTP/1.1
Host: phomoach.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 31 Aug 2024 21:06:52 GMT
content-type: application/json
x-trace-id: de408dea7efd684a2342fc8cb455c65c
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://streambtw.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080c9ed704f4f30f571f703a8ecd0d7; expires=Sun, 31 Aug 2025 21:06:52 GMT; path=/; secure; SameSite=None
oaidts=1725138412; expires=Sun, 31 Aug 2025 21:06:52 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET ptaixout.net/5/6320745/?oo=1&aab=1

139.45.197.244

200 OK

3.8 kB

URL GET HTTP/2
ptaixout.net/5/6320745/?oo=1&aab=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
Certificate
IssuerLet's Encrypt
Subjectptaixout.net
FingerprintDC:C1:4B:ED:63:0A:C4:6E:F4:FA:5B:E0:B5:13:BF:DB:0E:B7:96:B9
ValiditySun, 25 Aug 2024 05:11:34 GMT - Sat, 23 Nov 2024 05:11:33 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3838), with no line terminators
Size
3.8 kB (3834 bytes)
Hash
4584044656ed0b29a9949992b9328586
baecbfd997e38bc4bc8a8c58c5e301e451c2a9a5
701331df0727a473087eb8cce317227772c3227854412eee5e4c2d52934cd944

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6320745/?oo=1&aab=1 HTTP/1.1
Host: ptaixout.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.buffshub.stream
DNT: 1
Connection: keep-alive
Referer: https://cdn.buffshub.stream/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 31 Aug 2024 21:06:51 GMT
content-type: application/json
x-trace-id: edfa5294434b786a11948db820df87a2
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://cdn.buffshub.stream
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0080c9a6faaa4eb7f09381f9725fe7cd; expires=Sun, 31 Aug 2025 21:06:51 GMT; path=/; secure; SameSite=None
oaidts=1725138411; expires=Sun, 31 Aug 2025 21:06:51 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET cdn.buffshub.stream/favicon.ico

188.114.97.1

404 Not Found

555 B

URL GET HTTP/3
cdn.buffshub.stream/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
Certificate
IssuerGoogle Trust Services
Subjectbuffshub.stream
FingerprintCA:7C:E4:7F:A8:ED:CF:1D:86:B6:6A:64:17:A2:8D:C9:EF:3A:A6:71
ValidityThu, 29 Aug 2024 23:43:18 GMT - Wed, 27 Nov 2024 23:43:17 GMT

File type
HTML document, ASCII text, with very long lines (581), with no line terminators
Size
555 B (555 bytes)
Hash
e9e4f9c9480bb14ad8343f37e3fb9b99
628fcbc6080fd3e684d1def2e5f67e98133ffa3b
85e4b614933e56b4531289e0bc3d2665db1f2b9d04d2c756a4a72b867c059594

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cdn.buffshub.stream
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.buffshub.stream/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/box1.php&ask=1725156000&lgt=12&noplayer=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 31 Aug 2024 21:06:51 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 20
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C3KdKhIM1sUgshxqkEX%2BvNGfZUXDeCTLXkfVC5cdwzPZ0tH9bRuE3%2FWSGaPc53SmRba2Er2qSRBOAnJIgifh6cz84vB1v3Qs1Rfr5vPWfD04wj6CL4Ufs7F9f9EIpkRTCneas7nl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8bbffca1af13b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (25)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by