{"report_id":"6c73c28b-acc8-40c1-a9e5-ce6d8e38e635","version":6,"status":"done","tags":[],"date":"2026-01-03T21:24:01Z","url":{"schema":"http","addr":"sportmargin.cfd/stream/stream-20.php","fqdn":"sportmargin.cfd","domain":"sportmargin.cfd","tld":"cfd"},"ip":{"addr":"172.67.204.129","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"sportmargin.cfd/stream/stream-20.php","fqdn":"sportmargin.cfd","domain":"sportmargin.cfd","tld":"cfd"},"title":"sportmargin.cfd/stream/stream-20.php","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"sportmargin.cfd/stream/stream-20.php","fqdn":"sportmargin.cfd","domain":"sportmargin.cfd","tld":"cfd"},"ip":{"addr":"172.67.204.129","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-07T21:24:01Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":21}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"kzt2afc1rp52.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"kzt2afc1rp52.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"uf.pegboxrebozo.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"uf.pegboxrebozo.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"uf.pegboxrebozo.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"waust.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"waust.at","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"kzt2afc1rp52.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2020-04-27","domain_rank":1699334,"first_seen":"2020-04-27T04:28:17Z","last_seen":"2025-12-27T15:25:00.542704Z","alert_count":2,"request_count":1,"received_data":107666,"sent_data":449,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"uf.pegboxrebozo.com","ip":{"addr":"172.255.106.134","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-10-24","domain_rank":0,"first_seen":"2025-10-27T23:48:01.119592Z","last_seen":"2025-12-28T20:02:24.409374Z","alert_count":3,"request_count":1,"received_data":1415,"sent_data":428,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2026-01-01T07:47:27.133157Z","alert_count":6,"request_count":2,"received_data":754,"sent_data":837,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"waust.at","ip":{"addr":"104.26.4.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":36042,"first_seen":"2016-01-28T18:24:33Z","last_seen":"2025-12-30T13:10:43.150086Z","alert_count":2,"request_count":1,"received_data":12436,"sent_data":402,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-12-31T21:55:03.360474Z","alert_count":6,"request_count":2,"received_data":171912,"sent_data":827,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"my.rtmark.net","ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":43911,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-12-29T14:32:54.672001Z","alert_count":0,"request_count":1,"received_data":838,"sent_data":437,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2025-12-28T22:27:44.219613Z","alert_count":0,"request_count":1,"received_data":90137,"sent_data":424,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"oyo4d.com","ip":{"addr":"139.45.197.118","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2019-03-26","domain_rank":201644,"first_seen":"2025-06-02T17:08:26.404235Z","last_seen":"2026-01-01T23:25:21.765552Z","alert_count":0,"request_count":1,"received_data":830,"sent_data":594,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sportmargin.cfd","ip":{"addr":"172.67.204.129","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":3,"received_data":652374,"sent_data":1534,"comment":"","tags":null,"fingerprints":[{"name":"C3.js","description":"D3 based reusable chart library","website":"https://c3js.org/","common_platform_enumeration":"","icon":"C3.js.png","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"sourshaped.com","ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-06T14:35:38.581947Z","last_seen":"2026-01-03T09:56:38.479224Z","alert_count":4,"request_count":2,"received_data":1026,"sent_data":989,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-12-28T22:26:34.892336Z","alert_count":0,"request_count":1,"received_data":18456,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"adexchangeclear.com","ip":{"addr":"172.67.223.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2015-04-27","domain_rank":24943,"first_seen":"2025-07-16T08:40:02.47428Z","last_seen":"2025-12-30T12:40:20.855851Z","alert_count":2,"request_count":2,"received_data":3775,"sent_data":1544,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"x7i0.com","ip":{"addr":"139.45.195.12","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2021-06-30","domain_rank":0,"first_seen":"2025-09-22T01:01:11.695894Z","last_seen":"2026-01-02T16:38:27.55657Z","alert_count":0,"request_count":1,"received_data":113318,"sent_data":407,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"usrpubtrk.com","ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-16","domain_rank":6824,"first_seen":"2025-06-17T13:34:00.105327Z","last_seen":"2026-01-01T07:24:01.334994Z","alert_count":5,"request_count":1,"received_data":522,"sent_data":491,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"chevy.giokko.ru","ip":{"addr":"104.21.29.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-01-15","domain_rank":0,"first_seen":"2025-12-20T01:30:46.335351Z","last_seen":"2025-12-27T15:25:01.455046Z","alert_count":0,"request_count":1,"received_data":814,"sent_data":469,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"quasicurrant.com","ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2026-01-02","domain_rank":0,"first_seen":"2026-01-03T16:45:38.927075Z","last_seen":"2026-01-03T16:45:42.531784Z","alert_count":0,"request_count":1,"received_data":107670,"sent_data":450,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"epicplayplay.cfd","ip":{"addr":"104.21.0.173","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-03-11","domain_rank":0,"first_seen":"2025-11-04T19:50:04.315105Z","last_seen":"2025-12-27T14:47:15.980351Z","alert_count":0,"request_count":4,"received_data":1305656,"sent_data":1929,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}]},{"fqdn":"upload.wikimedia.org","ip":{"addr":"185.15.59.240","port":443,"asn":14907,"as":"WIKIMEDIA","country":"United States","country_code":"US"},"domain_registered":"2003-03-16","domain_rank":4329,"first_seen":"2012-05-21T09:39:45Z","last_seen":"2025-12-29T04:54:49.804781Z","alert_count":0,"request_count":1,"received_data":1854,"sent_data":470,"comment":"","tags":null,"fingerprints":[{"name":"Apache Traffic Server:9.2.11","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"protrafficinspector.com","ip":{"addr":"35.156.32.205","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-12-30T21:57:49.11287Z","alert_count":0,"request_count":2,"received_data":725,"sent_data":952,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","fqdn":"epicplayplay.cfd","domain":"epicplayplay.cfd","tld":"cfd"},"ip":{"addr":"104.21.0.173","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"78a6702d966a64ed29eca96bfefed3de","sha1":"cc38ab49fb9cf0b5dfe3639378bd12af22ef1c0c","sha256":"00f32959faf141840611a9e3f434a6924cbcd843de990bb5df8ad037b9f8d095","sha512":"2b6c83fa444ad44b55fcced6f581d11b7a8e1e4339769b78b124e257de6526d0e1f7f2a974311d2a5e92633a22ff4846ee52276703d73de4dca305a5eba4be29","ssdeep":"","tlshash":"8d9002e65045d01019e61142772273497932159931451002821a4115301192fcb51594","size":52,"data":"","first_seen":"2024-07-11T01:38:35Z","last_seen":"2026-04-18T20:00:46.983312Z","times_seen":874,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","fqdn":"epicplayplay.cfd","domain":"epicplayplay.cfd","tld":"cfd"},"ip":{"addr":"104.21.0.173","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5a774e3f3f50d990ee426b47a7a5e033","sha1":"9aa8984d60feb823b28791881bf02f3a0e9caf1c","sha256":"b869dcaa9146835641bfdf2eb8f89a7333dfb5b3e3acb61cf77f5bdc1488c281","sha512":"bc13482b39099c513154042ebb239bbd84fae0b144176f3a294fb46cf1734bcf7add238bc70c416bbc3332e8ef6a36236b3570f6c9c8ad65a1aef2b805f1356a","ssdeep":"","tlshash":"0ae026283db7e161012734eb2b3ec0526226c01dad24d78298feca989dd0ff00926dd0","size":332,"data":"","first_seen":"2025-04-16T10:55:46.992611Z","last_seen":"2026-04-13T18:50:49.556345Z","times_seen":481,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sportmargin.cfd/stream/stream-20.php","fqdn":"sportmargin.cfd","domain":"sportmargin.cfd","tld":"cfd"},"ip":{"addr":"172.67.204.129","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f6ca01bb0ca3ebde821544f18ec83583","sha1":"2e8cbf747f80c79ae8c12b8685556757e813b9db","sha256":"a1d2b03b3b1269adbdcbda20f64807bc730335783a9a90e9fbd743f898fb675c","sha512":"abe6913529a7c6d57112e1fd7e8705144a557783b8b7e957c00e9d2a1cb5b05c00411e04d1c84a5df1032558a0151b396099d0582dbc944944f6040dad241573","ssdeep":"","tlshash":"cbf05c2a98e707384cfa7a441034ca7534fc38a0a9a3d067625cc82ccd39fc54c14bec","size":467,"data":"","first_seen":"2023-03-09T01:35:27Z","last_seen":"2026-05-20T18:02:49.29317Z","times_seen":931,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sportmargin.cfd/stream/stream-20.php","fqdn":"sportmargin.cfd","domain":"sportmargin.cfd","tld":"cfd"},"ip":{"addr":"172.67.204.129","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d09df5f459de00e5cd4e67c5af5d2801","sha1":"3879581b5991afcc68ff65a1fb28c17230f3d8a1","sha256":"e713f3153dad10e9d9339b71e239843eb17aca79068b1564d9233027934a4408","sha512":"31bd7fdcad80c396f1a93e13fcdbc7023dfff049fc25eb1b65e871b650348a86d5b7f48f5b69a297bb580586f3cef787f39b47b6ba72ec0cf1a6615cb11984e7","ssdeep":"12288:SdqeHntKnhYZiahM40lN0R5Jr9OnaYuqFFObnpe9AUTpKWZVfmuenM5xkx:SHtbhM40/0RRIZDFObnpe9AUTpKWZVax","tlshash":"fed4501837844587371b4ebb773ba5d1e40b38da7609488ff6087c65a1965a3fbe8332","size":612094,"data":"","first_seen":"2026-01-02T20:35:19.711582Z","last_seen":"2026-01-05T02:42:04.916837Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","fqdn":"epicplayplay.cfd","domain":"epicplayplay.cfd","tld":"cfd"},"ip":{"addr":"104.21.0.173","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"671444b18b3cc3e70701e1183d62160b","sha1":"a30c8b7a7723916e44d14ba3ea0729257ee9b07a","sha256":"d5725ea1e17d2b1090598bb1251d4c715418c9a3be04dabbc83fb77bf1de0f29","sha512":"5bef3b2071b8ced17eeceb3dc7e1bcc4071594cea23767db79ed1f42569aaac1fd8ceef808354a03c4f63e9c2b7a7109ecac108d2eefe8b01df68ca9cebcf093","ssdeep":"","tlshash":"cfc04c0a6b8037a5126b06fd166625d3d065b91339f9c253160478a6fc6f604d4d3e79","size":155,"data":"","first_seen":"2026-01-03T12:54:16.411469Z","last_seen":"2026-01-03T23:06:58.150712Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"87c725e214683adf9b74663ff14946ab","sha1":"ccbe1b6c564d65ad51f1488627d8ea8d1e97e131","sha256":"93e773869f7f7e03ab47466b60c2b9113b1da6b969d5963c03678e5a4c0e0807","sha512":"1e58750aa931cbda42301559e3502f01877a49aa3dd6384fc9146e4ea9e24bc11fa94db7a17ddb522aa2b4ccdf51c65f21329abb1c5cd8edc69bc22fb90f980c","ssdeep":"","tlshash":"fe1121ad306572be1ba315e4a137974bf271117c605c04324b5dc8f5ac75caf8623ac8","size":1000,"data":"","first_seen":"2023-05-26T08:35:46Z","last_seen":"2026-05-21T10:11:38.820688Z","times_seen":5697,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sportmargin.cfd/stream/stream-20.php","fqdn":"sportmargin.cfd","domain":"sportmargin.cfd","tld":"cfd"},"ip":{"addr":"172.67.204.129","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"29d0d2a526315b4e7e07b271e854d4f8","sha1":"eeb7e97f6e92e28c24301c005acacef709c7542c","sha256":"af2bd964aa5b004c72d28e26e1bd64813703bafbf733338c2851080de87a3389","sha512":"cc04df1b30b557128bd46101efc35c1444e064401264de687ee1d766cd8271a9347a2e12d24142ee0a35b24e93646592e7a20aa45e165530fb14699000c71bdb","ssdeep":"","tlshash":"8a5000c00000000000330c00030c300c000303000000000003003c00000000c0000303","size":11,"data":"","first_seen":"2025-10-27T23:48:11.648342Z","last_seen":"2026-01-25T13:01:16.959903Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sportmargin.cfd/stream/stream-20.php","fqdn":"sportmargin.cfd","domain":"sportmargin.cfd","tld":"cfd"},"ip":{"addr":"172.67.204.129","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"60f1798bac26472658ff588720760829","sha1":"9929b26eeb812be15261ac5aee076e468bf4764f","sha256":"acf1662d0ddc764da1a0a9ca8c14ce6d6a937aecef80b4b0e0426698a24b765d","sha512":"9d0a619d6ac5f0516ddca9675f3eb2f0f58b6f2277e3e5925fa3ef9609f51fd08ab1826a609edf62cc1eb9d5c6543e459c205ffab10ef6cd4973caf62803f07e","ssdeep":"","tlshash":"aac08ca60128d1aae0a94c05270242006cf5bc6fdb8fea060840c20fae27216c798698","size":157,"data":"","first_seen":"2023-03-11T19:15:55Z","last_seen":"2026-05-20T18:02:49.302422Z","times_seen":731,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"quasicurrant.com/3d/71/24/3d712439b634feba69e3e22374c27420.js","fqdn":"quasicurrant.com","domain":"quasicurrant.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2460589873cab50273ab78d53ef9b559","sha1":"c45497d2b3302e4a6213d03a39086a9eff850be7","sha256":"499049d3e08fa46c4454ebe2ca8f0666e1ed49ad9afe2956e28bba2f115f75cd","sha512":"0f0e9c978c8869a0ca27169cfccc386828f0aab0f0f92239286113a02e701cab09276f3d6d8273aa62f9ddc701d918868e34184ec6bad9fb145933cce717fd7e","ssdeep":"","tlshash":"321154de32549f8eaae53d3f7427550422354c0e1461ece0da47cf7d918491521b7a5a","size":1000,"data":"","first_seen":"2026-01-03T18:05:38.95763Z","last_seen":"2026-01-03T21:24:09.720166Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-05-21T09:54:42.834421Z","times_seen":16623,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","fqdn":"epicplayplay.cfd","domain":"epicplayplay.cfd","tld":"cfd"},"ip":{"addr":"104.21.0.173","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-05-21T17:06:49.708135Z","times_seen":663723,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"javascriptURL","is_inline":false,"md5":"68934a3e9455fa72420237eb05902327","sha1":"7cb6efb98ba5972a9b5090dc2e517fe14d12cb04","sha256":"fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa","sha512":"719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d","ssdeep":"","tlshash":"aa3000000000000c000000000000000000000000000000000000000030000000000000","size":5,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-05-21T14:14:11.229785Z","times_seen":73852,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","fqdn":"epicplayplay.cfd","domain":"epicplayplay.cfd","tld":"cfd"},"ip":{"addr":"104.21.0.173","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8f1caa9d00584207cc7b2a526fe54b02","sha1":"d84b214abd64bdb31f7a5ac80a578cef40629f5a","sha256":"5ffb98cac73a86aa2a57057c03edb66d258e29c38c805d58ff40e7dfc4f0e37a","sha512":"a0d3b5d17fa0fed7063d292c9232716709073916e9b929aa0ad585a082051f687fd046e77d5e419e59f0e4e5913dd504ab41dcd75d23773f20c4f750ed8a42da","ssdeep":"","tlshash":"ac41ae0ab1f62117956e60ed8a5fb007b0765007f71cc944be1d53502f9a33d869a7cf","size":1986,"data":"","first_seen":"2025-11-22T19:35:09.386728Z","last_seen":"2026-04-09T00:43:56.002895Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"epicplayplay.cfd/clappr/clappr.min.js?ssss","fqdn":"epicplayplay.cfd","domain":"epicplayplay.cfd","tld":"cfd"},"ip":{"addr":"104.21.0.173","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4692d44b1860b33e430a87c56b6cdc22","sha1":"ab49192fc1912cab78a1b6cfe12e00afafca8100","sha256":"c7c3cddd2d4c88819bed5b3ce8964a258534be4a2ad17cba9587424a7a10cc42","sha512":"3505c267c6c73d7542c7eba477cdede26e08cda2a63e960409c7e8ac15da7e898887429e4e1cdf1443de7285da1ff80c7964e1f636221a07e83d63ed49ed17f5","ssdeep":"","tlshash":"2811ab087050f486125f20b5823b450ba1a3c87f624878d0abadc8faaf7449e1c53f6d","size":1000,"data":"","first_seen":"2025-04-08T02:16:43.330327Z","last_seen":"2026-05-13T13:06:37.977868Z","times_seen":429,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sportmargin.cfd/stream/stream-20.php","fqdn":"sportmargin.cfd","domain":"sportmargin.cfd","tld":"cfd"},"ip":{"addr":"172.67.204.129","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"490f73baec202b48fd9a35252819dc02","sha1":"4aada026fea72262d673ff961b762aa76c18d328","sha256":"2f266622acc555e7fae41ee841bd4407dcb144c633097914ac22a3716944564c","sha512":"a5382d51192284fdc13472d72436e61e40ac34444f13d801fed8718fc39519b2df3d841afbe72c5d7a930761cfc0fc2c6e18d22c99f45c151bf3bf3fa6a59ea8","ssdeep":"","tlshash":"7a50000000303c0c000000000330000000000300c0000c00c00000030000c00000c000","size":9,"data":"","first_seen":"2025-10-27T23:48:11.649745Z","last_seen":"2026-01-25T13:01:16.962154Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sportmargin.cfd/stream/stream-20.php","fqdn":"sportmargin.cfd","domain":"sportmargin.cfd","tld":"cfd"},"ip":{"addr":"172.67.204.129","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ff656e6bdffbea98da4df97ff7ae3d21","sha1":"f742e8d729409184fdaf152c2d2b670d6db7e9ec","sha256":"9e6e95d6fa2ce522e900a6eb22ef91ae4fa930a9e39e2ca913742d48d0484b68","sha512":"6d33c580d8b244ba6a4268947d576a1633f299fa43cc01e6f492e69b3245b277b9ead9597d20e953f5af78c8b9caa3c2fd80fc92a259de307b4461ccd71b63a0","ssdeep":"192:M4CrN2ip9brETbWI/Yum+RyXePI06HGwBJk4W1x:MjH9brETbP/Yum+RyXePI06mrX1x","tlshash":"2802c9bb7b49359061f10c7e625b7225753604baaa0f9512a262c8513c1cd0fc3afbee","size":8477,"data":"","first_seen":"2023-07-23T19:35:27Z","last_seen":"2026-05-20T18:02:49.314265Z","times_seen":666,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","fqdn":"epicplayplay.cfd","domain":"epicplayplay.cfd","tld":"cfd"},"ip":{"addr":"104.21.0.173","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-05-21T16:22:38.201461Z","times_seen":220232,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"epicplayplay.cfd/clappr/hlsjs-playback.min.js?ssss","fqdn":"epicplayplay.cfd","domain":"epicplayplay.cfd","tld":"cfd"},"ip":{"addr":"104.21.0.173","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b52463c3aa304e62a3ab0c7c614d680c","sha1":"6aa264eb195ede145039c6d3055c50095869ece4","sha256":"1604a8a0e163875f0e8db22dd86553817f7b175a49924bb7faf158dc81f38147","sha512":"54df86e9c86021fc5262e69f44777c6f8a95c54a6e1740f53b97df7d0c32c7a79dce42094c21c8b79fca28a151be76f631983602e6f5ff4bfc996f11e956685f","ssdeep":"","tlshash":"9211efc43170f9a292e7e6f1442b460bf224e877685e58804264d8f4fdf84fe46abd1a","size":1000,"data":"","first_seen":"2025-10-31T13:27:14.483116Z","last_seen":"2026-04-18T20:00:47.008559Z","times_seen":110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sportmargin.cfd/stream/stream-20.php","fqdn":"sportmargin.cfd","domain":"sportmargin.cfd","tld":"cfd"},"ip":{"addr":"172.67.204.129","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c6ff27e0fcc138fdb8128e2553c96114","sha1":"85cf4a2f6ec3a49eac4314468333e673942b1d0a","sha256":"6313904bb40e22818aa7eada26cb643c394a1ec31aa831cac5248276cb30b60a","sha512":"a2e64780dfe1c700156c487e7ff8ccbf9717b74f41eee020e0ccc4f47da3cadb22c411a35963ad8f587eb2c54d7bb817341fbb99084c09767ff24be052dc3765","ssdeep":"384:+v0a/K7iYFRdYtnz0Qen9tO69aI8tAUeNDaUGRQ2t4PpBahqoo+KXnS7YhfGMOIf:+K72noQ80GaIoQPzahq/AMOY","tlshash":"c5c2d4a7321eb91a8719626150ef2ec5a2cc48c4718f1b78e724e53634d763485ebef8","size":28000,"data":"","first_seen":"2025-11-14T02:13:36.159412Z","last_seen":"2026-01-03T21:24:09.72566Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/disable-devtool@latest/disable-devtool.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"be2d0eed5eded93d8440b1dae0f30960","sha1":"36e7177a4932c42e56d3e3f7b0580e4c88df96d5","sha256":"8368de6b02128e66831895a77f280482d7ed841a61c42d2304966f12a4efd46d","sha512":"185f6d9ce439ce4ddf557c13303790f74031c221e1578c98aee9a8b10e5ee6cca66c207b04686510faa128ccf19ea5f3c71d3494157709f5a7e984079c6c1ad7","ssdeep":"","tlshash":"8b110209b920b49661ab53fe811f000fb33098b7d89d58e057244cf59ef10ad05d7f0d","size":1000,"data":"","first_seen":"2025-08-02T17:09:38.072547Z","last_seen":"2026-05-17T09:05:36.293286Z","times_seen":530,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x7i0.com/tag.min.js","fqdn":"x7i0.com","domain":"x7i0.com","tld":"com"},"ip":{"addr":"139.45.195.12","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"b105ae11aaf0b47395b2000405b0c592","sha1":"3c1e064f7f5914d976f4a81aea09018b88252773","sha256":"59f1a5a724edcb7907d7734c94ea7893e3c0153854847a1dde214f8c71339e9a","sha512":"3e3a9f1b04582013f15fe140f1aeee984bf74299ec944c6d5752bcd8a14db371f03a7f7f3002eee365d2b98a80791f2a0dc2b380001c80928295458d02be6190","ssdeep":"3072:tXki1TG8YlAVCzIqwL76WJHpYx85/MVzUL:6WTGvlwqw5JJdQza","tlshash":"3ab3295673a277d21a6e60d42d57d60573fd8c80488f8867e3c8787972d081cd3abbea","size":112425,"data":"","first_seen":"2025-12-18T15:53:40.958967Z","last_seen":"2026-01-08T02:23:09.116351Z","times_seen":241,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kzt2afc1rp52.com/9f/f3/5b/9ff35b0cd63b95f2925204c4dd0a79c3.js","fqdn":"kzt2afc1rp52.com","domain":"kzt2afc1rp52.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"364c3a7c2ee385c62b62d1eb0d1a2bac","sha1":"aec36616a986bbddf4922bb3b0e772c06605f2de","sha256":"c68ccf6fea4c7ca129a1a67d56d514a3749dbef0d56adee206e73105209e0c13","sha512":"6deb4fb96483a992477ee5f8824cd96c9884e94e93a672aaa2c8623db8532273eed81d2f526f029a2ed9b99fee1c8e32f26ec925db94ad14f8b806cf8731e0af","ssdeep":"3072:EDR17aMWZ44SXdVY4lDKVVbZ4i3/9j9y1UglGews5:EDRw194Lws5","tlshash":"c0a3c788bfd0f06d129a6473223f950ff11a4e42505ce558e907f8e66abc32af47db64","size":106824,"data":"","first_seen":"2025-12-28T16:33:02.089637Z","last_seen":"2026-01-25T20:17:55.561254Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uf.pegboxrebozo.com/rRO6j2xLzB2XgW/69521","fqdn":"uf.pegboxrebozo.com","domain":"pegboxrebozo.com","tld":"com"},"ip":{"addr":"172.255.106.134","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"848667c49f5d3aef59cd65ed276cd7ae","sha1":"bd12c0ca2dfaa249586f1b9b8d48b02a1b9e3763","sha256":"cc5a5851251dd8052292557ba0231c51363ff1474f60b7a4af3be144cb1327c8","sha512":"4248ad0e684224ba8503b1e73517aae6ffe4431cd16b7633d2ccbf4b96f845e318dbee175d19cd4676ca37353f53add2231ed167ad6c4aa0d9fe185f7359238c","ssdeep":"","tlshash":"f23000000000000000cc00000000000000000000c000000000000000000000003c0000","size":5,"data":"","first_seen":"2025-04-24T10:17:49.831301Z","last_seen":"2026-05-21T14:45:22.526226Z","times_seen":16636,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"usrpubtrk.com/ut/hb.php?cb=0.06704342415863618\u0026v=1","fqdn":"usrpubtrk.com","domain":"usrpubtrk.com","tld":"com"},"ip":{"addr":"104.21.92.33","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:37.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usrpubtrk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Dec 2025 12:57:52 GMT","end":"Tue, 10 Mar 2026 13:56:16 GMT"},"fingerprint":{"sha1":"77:2A:71:0C:1C:F9:2B:14:04:DB:13:5F:A6:57:67:6D:B3:A9:A0:95","sha256":"E0:53:FF:DF:EC:31:75:79:08:DF:B9:B1:56:18:5A:48:15:62:EF:8B:BB:4C:1B:05:1C:E8:DD:3F:0C:A4:80:41"}}},"request":{"raw":"POST /ut/hb.php?cb=0.06704342415863618\u0026v=1 HTTP/1.1\r\nHost: usrpubtrk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 1413\r\nOrigin: https://sportmargin.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sportmargin.cfd/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1413,"data":"{\"clientHints\":{},\"isScrollable\":0,\"totalClicks\":0,\"sessionLength\":1,\"ippMissclicks\":0,\"visible\":1,\"caught\":0,\"lastevent\":0,\"isFullscreen\":0,\"isTabFocused\":1,\"eventImps\":0,\"retryCounts\":0,\"isScrolled\":1,\"isMouseMoved\":0,\"pagePercentageSeen\":99,\"belowTheFoldSeen\":0,\"touchEnd\":0,\"touchMove\":0,\"clicksByType\":{\"idle\":0,\"input\":0,\"video\":0,\"button\":0,\"link\":0,\"img\":0},\"browsingTopics\":[],\"ufp\":\"Win32/Mozilla/Netscape/true/false/1280x10240en-USunknown4824 bits\",\"sessionStartTime\":1767475417,\"sessionId\":\"f9ee2f8fe3aa634ed39b9888afc11a3f\",\"timeZoneOffset\":0,\"zones\":[],\"pUrl\":\"https%3A%2F%2Fsportmargin.cfd%2Fstream%2Fstream-20.php\",\"pReferrer\":\"\",\"pTitle\":\"\",\"pDescription\":\"\",\"pKeywords\":\"\",\"pHasIframes\":4,\"pWidth\":1280,\"pHeight\":1035,\"vWidth\":1280,\"vHeight\":1024,\"inIframe\":0,\"bsd\":\"eyJwcm9iYWJpbGl0eSI6MC4wMSwicGVyU2lnbmFsIjp7ImlzV2ViRHJpdmVyUHJlc2VudCI6MCwiaXNDRFBEZXRlY3RlZCI6MCwiYXV0b21hdGVkQnJvd3Nlckdsb2JhbHMiOjAsImlzV2luZG93Q0RDIjowLCJkb2VzVUFDb250YWluSGVhZGxlc3NLZXl3b3JkIjowLCJpc0ZpcmVmb3hNaXNtYXRjaCI6MCwiaW5jb25zaXN0ZW5jaWVzIjowLCJpc0Nocm9tZUZvclRlc3RpbmciOjAsImRldGVjdENTU0Fub21hbGllcyI6MCwiaXNIZWFkbGVzc1Blcm1pc3Npb25NYXRjaGVkIjowLCJkZXRlY3RMb2NhbFN0b3JhZ2UiOjAsIm5vUGx1Z2luc1ByZXNlbnQiOjAsIm1pc3NpbmdXZWJSVEMiOjAsIm1pc3NpbmdBdWRpb1ZpZGVvIjowLCJtaXNzaW5nQ2FudmFzIjowLCJtb3VzZU1vdmVTY29yZSI6MCwiY2VudGVyZWRDbGlja1BlcmNlbnRhZ2UiOjAsInNjcm9sbFN1c3BpY2lvdXNTY29yZSI6MH19\",\"sentTimestamp\":1767475417602}"}},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 03 Jan 2026 21:23:37 GMT\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DlN0Mt5s6YAvgkEQoa7hp1zZ3f7nGsemdSW7fQmBIc3Y2pSDHOqNROV9LZSfF4yZbSUN%2BsNgFmJBhLzjzPdEXqlqNlAyg2tX0aHm\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b858ef0eb17712e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":347,"timings":{"blocked":88,"dns":3,"connect":5,"send":0,"wait":168,"receive":0,"ssl":76},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"usrpubtrk.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"35.156.32.205","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","date":"2026-01-03T21:23:38.244Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://epicplayplay.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://epicplayplay.cfd/\r\nCookie: uid_id2=ceab49ad-cb78-4924-b35c-44b460089c75:2:1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 21:23:38 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://epicplayplay.cfd\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"de2ff8acf64dd07b295f24b0cb1bcebf","sha1":"ddfc154dd7578352ca551a80b25f51fc2cd37cf7","sha256":"dfadbc8e40d984d530ca5da7670185f8076f198157a5932523d6db66a971dd58","sha512":"d114390a07ccb7b20799707d4c70d494baddb12ec20009f93ac66929576dd861c321649a69dbebad783bed6e6a0bce06f0effac06ac8d2aba4fd5672ab4b6805","ssdeep":"","tlshash":"f2900400177430d0071410d11150554f50c7170c44d5c1071c00c404515dc551444d74","first_seen":"2026-01-03T21:24:09.680758Z","last_seen":"2026-01-03T21:24:09.680758Z","times_seen":1,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oyo4d.com/5/6712285/?oo=1\u0026js_build=iclick-v1.1670.0\u0026userId=0802b3aa41d24e22f962f6fc07cb5ba7\u0026dmn=x7i0.com\u0026tt=2\u0026ix=0","fqdn":"oyo4d.com","domain":"oyo4d.com","tld":"com"},"ip":{"addr":"139.45.197.118","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:38.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oyo4d.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Oct 2025 05:07:35 GMT","end":"Sun, 18 Jan 2026 05:07:34 GMT"},"fingerprint":{"sha1":"7E:66:A3:16:7D:47:BC:6E:0F:31:AE:FA:65:A3:03:19:9B:0B:42:93","sha256":"49:F7:10:A4:75:B7:7C:34:65:80:9D:77:29:42:C6:F5:F9:80:CA:7B:2B:A7:5B:D6:12:3A:D7:1C:39:16:7F:65"}}},"request":{"raw":"POST /5/6712285/?oo=1\u0026js_build=iclick-v1.1670.0\u0026userId=0802b3aa41d24e22f962f6fc07cb5ba7\u0026dmn=x7i0.com\u0026tt=2\u0026ix=0 HTTP/1.1\r\nHost: oyo4d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 3424\r\nOrigin: https://sportmargin.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sportmargin.cfd/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":3424,"data":"{\"sync\":\"TBtSUh8cJhwUBWcfHEsSAwEFUA5MXwMBbAIlKz9KWUBcHAtKQ1AVSQZbGgxbGwkFVkYLASoQTktDClFGTBkCRExXBA0fFA4eFkpPUhRLDk4+HQY0BV0ZMkBQW2kNHCYfDD1RESZOBwkxGBNcMR5fZkBBJRcYHyoBTzYaUUNQXEdQQB0yU1xHUxkQHAxXWAlFW1MSHw9JSARCT1lJbEYeRkNaWUBQABUbW1hCSQddCk8NCR8UHhYfSk9TFEsJVUNQXkdQWglPDQkfFA4eW1JHUxRLF1tDUF5HUFoPHRUDAxpYFA1KT1MUSxxPAAZMUUIYTAVUGwkGVkYdBVdYCUVbSxUeTFFCGEwOX2ZcVBBGQ1lZQFYeJk4FSFRbXhYBHlRJRhRAVFVKHQtcDRxXQ1BeR1BXBjJYW1lpEwodDQ1AAlhVGxYDADQZURceaFVWWB0QEUpPUhRLGlYNBRw0FlEeGV8bCQdWRg8NGwZXG1sDUUZMDBNZCx1WXUAUQFRVShsOZwcVSkNQXkdQVwEBWEtsURsJDBxXWApFW0kHBkxRQxhMDkRQEQxKSFsLGRYaU0gVQwAdG1AOXkEVSV1CWF5IRFcSVhsaG1tbQkkCWA8ZUVZBWyUAHBwQAUwGCxtbW15HUFoLHhUDAAMHSFsaHEACSxVVFwceAgJRTEEVS0UUQEY0DQYDGkVbSxEaTFFBGEwZTVYRDEpIWx8CQAJYSwFRRkwcGhZUXAcLBxpYExAfV1gJW0EJTUgZAhoWVFwHCwcaWBMBSk9SFEsOQENQXkdQXRZPDQkfFA0CGkpPVhRLClgJSFRaQgZaQRVKWxRAVUlaQU4aGg4bW1tcU0IYTB5WThEMS1ZBWFlATBomXQQeCwgGUQpPDQkfFBAXDAlXWBokFkMIBgIKXQFAXRcRZF8UABYfBkJ2PVkIUUReUFJjBwMBDQgWAlJNU1UQTlNIClVEXkJScwsOXFYcBEpVSVhEUglJP1ATDwgEChtfXgMXAxRWRhcYV1gJRVtJBUhUSRtaGghFV1JaVxQdDlgUUQwOXBNQBxgifVUEWU1WRBQFFUUFBl5ED1AEHQsZSF0dPX4CWlgOAQsGFA4VGR1fTBwHDgVRHFdeSmN/QQ0XHBAQVggVFBEOCEYEXQsaUksJXwk0MFMcDEwMC1cABkMbFlJDG15cRFMIXhAbJSsDS1UbCQMCSUgFQk9CUFcUQAoMBBlOGg0LX0NQTEleFh4BFQMRXg4QCRtPTRcaCVYTHgMKAFMHAxlaVVJVFw0aEANVRgpNEw8PBl8GXkNHUUMUVkYXD1dYCEVbTRtIVEknYC1PGxtdVFheSERXDFkZWwNDPQcFQQZMQRVJRxRAVFVKEBRZBVsDUl1CSRpXTFcDAR8UHglbUlhTFEsLTRVIVEZDGEwOX2ZcVBBGQ1hZQFYeWwNQRkwcFhZUC1ZVQFNWRhYbFhJNS0MbLQMAHgoUFlUBZgUCWEhbABwGXAwXG1sMDwcBUUJPVFFsWRgOJgEbBl0RWwNMW0JJBV0AMlxcSkUlCBwGEhZQS0MLVV9CSRFbAgJFZldTChARSk9QDEVbTwQECgQAFlRPFRURURsJHBgUBktLQwlNSAAHUA5MCFkUZmVYSFsGGREaU1tcD0c7OF5RAE8bG1BZFgsLNxIDVRwNG1tIHRkVVkxBFUlVWlheW0pZQFsFDRtbERNHUF4dHRUDAhpYFBccV1gIRVtJDxgNSUgEQk9HVVJCHAsLBSoGXR0cWhUFHElIT0wERGZSWB4WFgERQAIPGFUSD0JJG0cxGUVQV1MUEFtSEwNUGhwVQwMdNBFcHAJaUEZbJVxPNxoQZwccTgQYTFEUVQIeUhURXwk7GgAHDVUADFRDUAgKHkcLQRVQQGkfAB4NV1heCBVKBEZMAgFrCQhUUlwUQBALHRBOGgAKZhYPDDQZXRpPDV9SWgkBVUocEWceHFs+AQcfLQJeW2hWQWkUAQ4NB0ACDxhVEg9CSRtHMQlSSlhCFRQmGxQEWRsQG1sMDwcBUUJPXkpsVRIWFgUcF1U2FkkEGA9JSFIPAURcThpYChwbV1gaW00AVVhYX0EHX08bG1BaEwEXHCoLXEtDGxQEBQUdQwBPGxtSUBwNFQEUFl02EF1DUExJXhYaH1ZfVV8ZOwoHABBbDCZQBUhUSVAYTAxTT1ZEDg0KDQc9UQ1bA0NIQkkRVQMdVlBUWCUNHUpPQBpFW1oUGRoEH2sHCWgIEQxYRlVKFhdLHRZUPgMKNEAWVE8VFRFVFg0aAyoLXEtDG0NGTAgdRxpPDRsRGlgJHBwdDVxLQxsLGRoKFRZCT0VmRl8eRkNKV04aBhhmCA5MUVAWQk9WXVdfDg0WBhQOZwAdSkNQNTYP\",\"async\":\"TBtXQwgXW1IOQFoIDRtbWEJJGl0AGUQbCQRWRhsEAQoaU0gVQwIHDxZRADJeX0FXFwFbUkRWFEsNVhULAklIBVsQGxtRVw5GQxNXC0s2G1gVSFRbXhYNBVZLVF8UA1tSRU4aChFYEw0HBRVrGgRaXBEMSkhbDBwRWwEYSwYDAAwtQAcAUhsJBlZGFQ0DB1RLQwkcRkwDG1oaHhUDSEtWRhsEAQoaUwIbEh8eGx1GGghTGwlQGwgKDVlAWR8YUA0LDAcXFlQLVlVAU1ZGCw0UEVcHWwNDBAFGHFUYBFBYR1kISRsEAAdMBhZNCUgTR1BcBwlTXF1pEwILCRgHGlNJFUMJAgIXWhoyXl0RDFgRFwMbDU8HWxVDCwgNG1gHDENcbF8eRkNKV04aHQtYBwwHCC1HARhFWlZpEwBbUldAFEsYXRcPHB8bRwsfaFBXFEBGW0RXAVkECVgIDQA0G1BMVxUbHxQZEQocGg9nAB1mUEhUSVAYTA5CSkdZFzsQDCpQGlNbG01IDQcbVwUyXl0RDFhGVUoWDUsdWwNDSEJJH1EaBVhdEQxYDgocFAUaRVtLPh8HD1AOTE8bG1xXJQ0dSk9AGkVbWAUOBx8bWwAMW2ZaUglGQzMoHw==\",\"quality_options\":{\"hil\":1,\"jsp\":1,\"ng\":false,\"ix\":false,\"pt\":false,\"np\":false,\"nw\":true,\"nb\":true,\"sw\":1280,\"sh\":1024,\"pl\":\"https://sportmargin.cfd/stream/stream-20.php\",\"wy\":0,\"wx\":0,\"ww\":1280,\"wh\":1024,\"cw\":1280,\"wiw\":1280,\"wih\":1024,\"wfc\":4,\"sah\":1024,\"navlng\":\"en-US\",\"drf\":\"\",\"wgl\":\"llvmpipe\",\"tb\":false,\"btz\":\"UTC\",\"bto\":0,\"pnt\":0,\"pnrc\":0,\"bml\":0,\"bmi\":false,\"vsbl\":true},\"client_hints\":{}}"}},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 21:23:38 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://sportmargin.cfd\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":185,"timings":{"blocked":77,"dns":15,"connect":26,"send":0,"wait":29,"receive":1,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sportmargin.cfd/stream/stream-20.php","fqdn":"sportmargin.cfd","domain":"sportmargin.cfd","tld":"cfd"},"ip":{"addr":"172.67.204.129","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-03T21:23:35.670Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sportmargin.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 28 Nov 2025 18:56:38 GMT","end":"Thu, 26 Feb 2026 19:54:24 GMT"},"fingerprint":{"sha1":"4D:09:CB:FC:06:69:D6:58:95:4A:93:96:67:B8:07:60:9C:84:1D:A1","sha256":"4E:E6:AB:EC:97:48:E3:5E:01:D6:84:23:43:42:11:F1:6C:A1:3B:CF:1F:BD:50:52:52:D8:0E:75:2F:E6:8A:2F"}}},"request":{"raw":"GET /stream/stream-20.php HTTP/1.1\r\nHost: sportmargin.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 21:23:36 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q95cUQJ0w%2FOzpQYDYnSL%2BxDgNVaJgbO%2BjOJrY7SSLsnEzkaywpOdJRXxqDlv1AFIK3IRoBGZ3DOgTrd7VLCk%2FgW9fZvlRhjgp7NVU5c6KA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b858ee42b0e23eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"C3.js","description":"D3 based reusable chart library","website":"https://c3js.org/","common_platform_enumeration":"","icon":"C3.js.png","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":650469,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (64503)","md5":"7841d1712448c8656546cc7f17d394e9","sha1":"be2c2fb0c827c7f835788de74b6190f95df0cb64","sha256":"a20e7d541e61d2eec9d0ee185de61e0445d99e908da06b1be54ca938f8368cbd","sha512":"4b6081c46d88d9f2b01192963200abe0db3789cd2f3de05815b1d66513782be37da380f34d5ca58eaa7cebb75bedd7dd231dd5e48d663425d49623e4233b610e","ssdeep":"12288:LdqeHntKnhYZiahM40lN0R5Jr9OnaYuqFFObnpe9AUTpKWZVfmuenM5xkw:LHtbhM40/0RRIZDFObnpe9AUTpKWZVaw","tlshash":"62d4611837845986371b4ebb733fa5d1e40b38da7609488ff6087c65a1965a3fbe8331","first_seen":"2026-01-03T21:24:09.683468Z","last_seen":"2026-01-03T21:24:09.683468Z","times_seen":1,"resource_available":false,"data":null}},"time_used":484,"timings":{"blocked":29,"dns":7,"connect":1,"send":0,"wait":426,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kzt2afc1rp52.com/9f/f3/5b/9ff35b0cd63b95f2925204c4dd0a79c3.js","fqdn":"kzt2afc1rp52.com","domain":"kzt2afc1rp52.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:36.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kzt2afc1rp52.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Dec 2025 22:13:37 GMT","end":"Mon, 02 Mar 2026 22:13:36 GMT"},"fingerprint":{"sha1":"50:C7:67:7D:BA:F1:12:EB:1F:AA:1B:F8:B9:E8:03:5A:12:3C:84:D2","sha256":"CD:CB:DE:73:B2:E7:C9:1D:5C:9E:A3:37:51:9B:9D:45:00:A0:0B:BE:29:AD:B7:58:98:90:1B:63:E7:39:40:EC"}}},"request":{"raw":"GET /9f/f3/5b/9ff35b0cd63b95f2925204c4dd0a79c3.js HTTP/1.1\r\nHost: kzt2afc1rp52.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sportmargin.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 21:23:36 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 38056\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: kzt2afc1rp52.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9a228ce6d2df9e0905bece372197425f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":106824,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"364c3a7c2ee385c62b62d1eb0d1a2bac","sha1":"aec36616a986bbddf4922bb3b0e772c06605f2de","sha256":"c68ccf6fea4c7ca129a1a67d56d514a3749dbef0d56adee206e73105209e0c13","sha512":"6deb4fb96483a992477ee5f8824cd96c9884e94e93a672aaa2c8623db8532273eed81d2f526f029a2ed9b99fee1c8e32f26ec925db94ad14f8b806cf8731e0af","ssdeep":"3072:EDR17aMWZ44SXdVY4lDKVVbZ4i3/9j9y1UglGews5:EDRw194Lws5","tlshash":"c0a3c788bfd0f06d129a6473223f950ff11a4e42505ce558e907f8e66abc32af47db64","first_seen":"2025-12-28T16:33:02.089637Z","last_seen":"2026-01-25T20:17:55.561254Z","times_seen":7,"resource_available":true,"data":null}},"time_used":840,"timings":{"blocked":324,"dns":40,"connect":92,"send":0,"wait":98,"receive":93,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"kzt2afc1rp52.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"kzt2afc1rp52.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uf.pegboxrebozo.com/rRO6j2xLzB2XgW/69521","fqdn":"uf.pegboxrebozo.com","domain":"pegboxrebozo.com","tld":"com"},"ip":{"addr":"172.255.106.134","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:36.446Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uf.pegboxrebozo.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 06:24:20 GMT","end":"Sun, 29 Mar 2026 06:24:19 GMT"},"fingerprint":{"sha1":"B6:DC:17:44:51:D8:39:E0:53:98:B3:7F:93:1B:DE:7D:A3:73:A6:E7","sha256":"A6:55:4B:61:FE:73:14:62:3F:ED:10:88:2B:5C:B3:F5:81:20:2C:DD:19:E7:8A:2D:5A:D5:74:EA:1F:1D:F5:83"}}},"request":{"raw":"GET /rRO6j2xLzB2XgW/69521 HTTP/1.1\r\nHost: uf.pegboxrebozo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sportmargin.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 21:23:36 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://sportmargin.cfd\r\naccess-control-allow-headers: content-type, gyfr29qt4j80vdr0zhsj, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9jc1OhDAcB%2FkGddnkl%2FAA%2BwgtUtKrF1%2FBI2npn7UKdFMqq28v8eBtDjOZKIqSpka8FyekX0rgwrnsZSdaybpRqlZr2feCaSEZb8U0CTzYbQhKzxQyVNuifBjCniHXXq2mRr44Q3ONUnt338g3KbJVLYTy1Xqa3PdhqA%2FnkfLn7mC7HhwzJG5r0nOF8s2u5ijPj0g4O5%2BKCE%2B3WYXJ%2BWWwpoiRX70yhPgF1agCXZ3%2FQWlo%2BwzuBrjZDP%2F%2B3zi9c4bC0G5HQu7CO%2FlfoWNCFg%3D%3D; expires=Sun, 04-Jan-2026 21:23:36 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJxjYGBgEuEXZMosEOSxNNSzNNAzMdIzNDURZEwXZPLzF2RKzhNk88svKk%2BsFGQsEmQyMBZkKsoT5PYvzslXcM4vzSsBiicLsoD4goyZgnxOOZkVCsH5OaUlmfl5xYJMQMzpnJiUk6rvEuwjyFjAxijIVJIPIotTRBgEGcvYJASZchJ5HHw%2Fv9qcvuAnkJPP46BavzE63G61IFNBsSCLgaGpIQCHOyne; expires=Sun, 04-Jan-2026 21:23:36 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"848667c49f5d3aef59cd65ed276cd7ae","sha1":"bd12c0ca2dfaa249586f1b9b8d48b02a1b9e3763","sha256":"cc5a5851251dd8052292557ba0231c51363ff1474f60b7a4af3be144cb1327c8","sha512":"4248ad0e684224ba8503b1e73517aae6ffe4431cd16b7633d2ccbf4b96f845e318dbee175d19cd4676ca37353f53add2231ed167ad6c4aa0d9fe185f7359238c","ssdeep":"","tlshash":"f23000000000000000cc00000000000000000000c000000000000000000000003c0000","first_seen":"2025-04-24T10:17:49.831301Z","last_seen":"2026-05-21T14:45:22.526226Z","times_seen":16636,"resource_available":true,"data":null}},"time_used":303,"timings":{"blocked":139,"dns":94,"connect":18,"send":0,"wait":23,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"uf.pegboxrebozo.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"uf.pegboxrebozo.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"uf.pegboxrebozo.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1223\u0026rd=1223\u0026fd=539\u0026bv=25.12.4806\u0026tmpl=70","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:36.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=1223\u0026rd=1223\u0026fd=539\u0026bv=25.12.4806\u0026tmpl=70 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sportmargin.cfd/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 21:23:37 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":677,"timings":{"blocked":289,"dns":13,"connect":91,"send":0,"wait":95,"receive":1,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/disable-devtool@latest/disable-devtool.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","date":"2026-01-03T21:23:37.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/disable-devtool@latest/disable-devtool.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://epicplayplay.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 0.3.9\r\nx-jsd-version-type: version\r\netag: W/\"4514-YJEJ2C3rDH3T2dISgI3LoFSM49E\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Sat, 03 Jan 2026 21:23:37 GMT\r\nage: 41065\r\nx-served-by: cache-fra-eddf8230057-FRA, cache-hel1410030-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 6646\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17684,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17663)","md5":"7fa174926682313cc5a067077b0bb22d","sha1":"609109d82deb0c7dd3d9d212808dcba0548ce3d1","sha256":"5a7b9b2c807f85575c9ebc1f508e849b53430870b2d0fb6c02b2de3df661cb63","sha512":"83a593d4b8648b78031259becd96b4c33226e9462c2e26013ee0746ff58a7b710159d0d380d001d7740e9485ee346491c16e3fdb0d334f5b6cfabe6f90cda9b6","ssdeep":"192:m+5ekRvDLCpBK+BpP78nPk6O9ShgzsqcSYV0GtI+uwicvsbIUiJE2KmnyKU:mLiPCvRvT8nPk6cSCzsqGVJeZcsb8S9","tlshash":"0582c4ccb48270715b77a9e9507f454ab23aae96888c8040f13ed8e42c7c56ec267f7d","first_seen":"2025-08-02T03:49:54.562881Z","last_seen":"2026-05-21T05:01:14.140702Z","times_seen":4093,"resource_available":true,"data":null}},"time_used":277,"timings":{"blocked":120,"dns":1,"connect":30,"send":0,"wait":27,"receive":1,"ssl":88},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","date":"2026-01-03T21:23:38.238Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:36:36 GMT","end":"Sat, 28 Mar 2026 23:36:35 GMT"},"fingerprint":{"sha1":"0E:EE:1D:ED:80:5A:CA:0C:1E:93:89:94:78:B7:34:91:38:D4:89:51","sha256":"CF:77:1B:FB:04:67:32:02:DF:D9:38:24:27:3D:A5:98:54:0C:4D:BA:C5:1B:62:FD:C1:E1:17:57:6F:63:B3:BF"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://epicplayplay.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 21:23:38 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 089375510ddf92cbc2f4e38ab03074db\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-05-21T09:54:42.834421Z","times_seen":16623,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"chevy.giokko.ru/server_lookup?channel_id=premium20","fqdn":"chevy.giokko.ru","domain":"giokko.ru","tld":"ru"},"ip":{"addr":"104.21.29.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","date":"2026-01-03T21:23:38.376Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"giokko.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 26 Nov 2025 06:24:12 GMT","end":"Tue, 24 Feb 2026 07:24:09 GMT"},"fingerprint":{"sha1":"40:B1:8F:04:2E:18:63:CA:98:EC:4F:15:A1:16:1E:F4:DF:45:06:10","sha256":"83:3A:67:C1:1C:10:D3:BC:07:1C:FB:86:E8:FA:74:FF:C2:CE:B1:E9:49:88:AF:B2:7F:F9:20:EB:36:D3:BB:EF"}}},"request":{"raw":"GET /server_lookup?channel_id=premium20 HTTP/1.1\r\nHost: chevy.giokko.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://epicplayplay.cfd/\r\nOrigin: https://epicplayplay.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 21:23:38 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, no-store, must-revalidate\r\nx-cache: HIT\r\nvary: origin, access-control-request-method, access-control-request-headers, accept-encoding\r\naccess-control-allow-origin: *\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 03 Jan 2026 19:00:20 GMT\r\nno-cache: no-cache\r\nage: 8598\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=heX9dYDKXoQRrX%2Bn0SGdLySWI9dqrzKrqfSkV4KWHx%2BDad1Qj%2FgTgq3KEi2u1r0ILYH9GsGrXaRFA8v63uofMgOCQJOGHWMLF68deh0%3D\"}]}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9b858ef53aee5693-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f77abd456c5238d9fa1a54609c9c7b43","sha1":"edb2a397d8f21aea258da763431c5b51383b4b74","sha256":"9f3f430c088271e6bce6e9e1ca098db5a7583a1c96851127ae62529984041c41","sha512":"1df7bf0913ab1d35748646fe39b1422762a3d89afcd4fd09466e9bb79b4c4fe90cdf924237ceb46fd760c7a8a86d0ca88374480e28bd552cad55f1808aa7ff05","ssdeep":"","tlshash":"8870000c28a020aa088808380880200223082030808c2a8002000c0280032000000000","first_seen":"2025-04-08T02:16:43.282011Z","last_seen":"2026-03-04T20:20:55.805147Z","times_seen":46,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":46,"dns":23,"connect":3,"send":0,"wait":10,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"quasicurrant.com/3d/71/24/3d712439b634feba69e3e22374c27420.js","fqdn":"quasicurrant.com","domain":"quasicurrant.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","date":"2026-01-03T21:23:37.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"quasicurrant.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 02 Jan 2026 09:40:13 GMT","end":"Thu, 02 Apr 2026 09:40:12 GMT"},"fingerprint":{"sha1":"2F:55:33:9E:B7:18:08:E8:DD:34:F9:41:1A:36:62:BA:B9:5A:DE:9C","sha256":"79:58:0A:7A:06:B3:B3:E9:7A:CC:18:B5:BF:1B:CA:9C:18:70:58:1A:48:ED:0A:5C:CB:66:4B:5C:A9:FD:99:FE"}}},"request":{"raw":"GET /3d/71/24/3d712439b634feba69e3e22374c27420.js HTTP/1.1\r\nHost: quasicurrant.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://epicplayplay.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 21:23:38 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 38054\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: quasicurrant.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 80655f252e85e4aa44284c672fff67ac\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":106828,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"7bef584cc1d9347de41cc3bc075ff6c8","sha1":"976be5ee953bb0d2d321751ca55e63a86d36e1bb","sha256":"c48a08b9ea6da64c40a628974a2fbd5f795a2a9e027435cdf8322beb7132ad73","sha512":"181bcfe7b11877f77f537b6df0546ad89e7c22091ae89695275f3678d61e95306f1684a3e18e751e870603b251462a9f8efec378a791f6005764a15ddc2becad","ssdeep":"3072:Ede17aMWZ44SXdVY4lDKVVbZ4i3/9j9y1UglGewsO:Edew194LwsO","tlshash":"36a3c788bfd0f06d129a6473223f950ff11a4e42505ce558e907f8e66abc32af47db64","first_seen":"2026-01-03T18:05:38.836255Z","last_seen":"2026-01-03T21:24:09.691745Z","times_seen":2,"resource_available":false,"data":null}},"time_used":943,"timings":{"blocked":373,"dns":14,"connect":94,"send":0,"wait":97,"receive":93,"ssl":261},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"epicplayplay.cfd/clappr/clappr.min.js?ssss","fqdn":"epicplayplay.cfd","domain":"epicplayplay.cfd","tld":"cfd"},"ip":{"addr":"104.21.0.173","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","date":"2026-01-03T21:23:37.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"epicplayplay.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 31 Dec 2025 15:01:18 GMT","end":"Tue, 31 Mar 2026 15:59:53 GMT"},"fingerprint":{"sha1":"7E:97:56:F0:47:2F:8F:51:78:6E:38:ED:A0:72:AA:10:A1:6A:5E:96","sha256":"BB:3F:24:90:54:1B:10:56:FE:CC:4A:D6:3A:8A:2A:38:23:8F:F3:C5:D2:0C:D9:92:B1:8B:51:25:A8:DA:0F:F1"}}},"request":{"raw":"GET /clappr/clappr.min.js?ssss HTTP/1.1\r\nHost: epicplayplay.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 03 Jan 2026 21:23:37 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 29 Nov 2025 17:16:36 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"692b2a74-80319\"\r\nexpires: Sun, 27 Dec 2026 15:13:17 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nage: 627020\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Mrry0d%2BOY1hheBLYyacVL7LCwowxD3IiUOqAs4fm8WPZfoSpvWmc3%2F72ryRqV0tm5KFDDmCaXttPkIiDyUhswfd7G%2B5wmrL6M9kiuGtVFxw%3D\"}]}\r\ncf-ray: 9b858ef028001525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":525081,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f55c6c796275a41ce7d97bd160e648ff","sha1":"936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89","sha256":"db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c","sha512":"3b01da86fa5b757041d7c03a186faad290c34f12fea78cc5ec53e4396491b16393c03e794bbead5a726f21c49f80894824eb65a87122c68a22cb2043ec6eda0e","ssdeep":"6144:q2ffwZI3wKqMSxeUKn5+q4Qc7vije4RDgv7VTG:qSoKqM9Upbz6R","tlshash":"c5b41b9876e5b0654393a0b8503f020b723bad6e7005a1ecf76de9e95db884d6037f78","first_seen":"2023-03-07T01:14:45Z","last_seen":"2026-05-20T18:02:49.219679Z","times_seen":2411,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/gid.js","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"104.18.41.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:37.671Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 24 Dec 2025 17:37:04 GMT","end":"Tue, 24 Mar 2026 18:37:01 GMT"},"fingerprint":{"sha1":"05:4F:CA:93:1E:46:6C:B4:A4:49:3A:2A:0C:AD:DB:CA:8C:CF:BC:9C","sha256":"81:B0:0B:B9:30:D8:5D:FE:11:36:CE:28:36:04:4F:41:74:05:00:57:EE:04:F0:1D:44:B3:B4:6F:A6:4F:D8:FD"}}},"request":{"raw":"GET /gid.js HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://sportmargin.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sportmargin.cfd/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 21:23:37 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: https://sportmargin.cfd\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=0802b3aa41d24e22f962f6fc07cb5ba7; expires=Sun, 03 Jan 2027 21:23:37 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9b858ef11f2f5699-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ad53d01e570e38a88b183a3045805ca6","sha1":"1f8ae0ceeb62a0141d53b84f18d2329322301f94","sha256":"4bcd6f453124c59ac04ae59596202b7e17e5846350ec941a4cdf9985e1980e4e","sha512":"541a56280555141ba5d44b3316ba696fe4e75002597dc54bee53865666b404a2a96b511ccb78a861cf6a0366eac819df1a371de5e93870c239045729851532ee","ssdeep":"","tlshash":"c7a002850c2967d491949e176b8786b6486250825c98a60fd6d8c04a268a54d47e6a41","first_seen":"2026-01-03T21:24:09.694417Z","last_seen":"2026-01-03T21:24:09.694417Z","times_seen":1,"resource_available":false,"data":null}},"time_used":195,"timings":{"blocked":91,"dns":8,"connect":7,"send":0,"wait":38,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=861\u0026rd=861\u0026fd=653\u0026bv=25.12.4806\u0026tmpl=70","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","date":"2026-01-03T21:23:38.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=861\u0026rd=861\u0026fd=653\u0026bv=25.12.4806\u0026tmpl=70 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://epicplayplay.cfd/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 21:23:38 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"epicplayplay.cfd/blast.js","fqdn":"epicplayplay.cfd","domain":"epicplayplay.cfd","tld":"cfd"},"ip":{"addr":"104.21.0.173","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","date":"2026-01-03T21:23:38.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"epicplayplay.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 31 Dec 2025 15:01:18 GMT","end":"Tue, 31 Mar 2026 15:59:53 GMT"},"fingerprint":{"sha1":"7E:97:56:F0:47:2F:8F:51:78:6E:38:ED:A0:72:AA:10:A1:6A:5E:96","sha256":"BB:3F:24:90:54:1B:10:56:FE:CC:4A:D6:3A:8A:2A:38:23:8F:F3:C5:D2:0C:D9:92:B1:8B:51:25:A8:DA:0F:F1"}}},"request":{"raw":"GET /blast.js HTTP/1.1\r\nHost: epicplayplay.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 03 Jan 2026 21:23:38 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Thu, 17 Oct 2024 06:47:40 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncontent-encoding: br\r\ncache-control: public, max-age=31536000, immutable\r\nexpires: Thu, 17 Dec 2026 18:33:20 GMT\r\nage: 1479017\r\ncf-cache-status: HIT\r\netag: W/\"6710b30c-13040\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=99w2d1HQpgqDBC40VKTnIBky2YP2Xmg8InhyHT%2BBYegKWJ5iKm7G696Nl4cJSWY2SVlK5I%2Fyj1cwKGl8Y%2B9Dkcuptrdp%2B2JYV%2BDB%2BVUnoyY%3D\"}]}\r\ncf-ray: 9b858ef418721525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77888,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"091faec928970e76d37a3601c19fcf8a","sha1":"6441e8eebe90eb8d4a40e7c25440ff99caba3520","sha256":"eb06375118b1eb73f43b8f1851472008f84999a1b27359c075bf5da6feef9a12","sha512":"0065b4e5167b85abb85d4af6be22853d1ea16e9c0d5420173f356dd7a980374487405d8561a4a5df32dd68d2956af6c7a3f099776994e2cf6a3b0eb8df1c3277","ssdeep":"1536:HnyiwA6dLK4I7T8IVCJ0Xiyu/lpvd7TN8+Prp2s:HnyiwFLzI7AeSymrpTNZrpN","tlshash":"16732ec177d5bc8212872b77731bb1e6e82a9dd87188488ef104bc90f4bda12fae4575","first_seen":"2023-03-08T14:53:38Z","last_seen":"2026-04-19T15:29:45.106059Z","times_seen":1592,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sportmargin.cfd/stream/stream-20.php","fqdn":"sportmargin.cfd","domain":"sportmargin.cfd","tld":"cfd"},"ip":{"addr":"172.67.204.129","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:37.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sportmargin.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 28 Nov 2025 18:56:38 GMT","end":"Thu, 26 Feb 2026 19:54:24 GMT"},"fingerprint":{"sha1":"4D:09:CB:FC:06:69:D6:58:95:4A:93:96:67:B8:07:60:9C:84:1D:A1","sha256":"4E:E6:AB:EC:97:48:E3:5E:01:D6:84:23:43:42:11:F1:6C:A1:3B:CF:1F:BD:50:52:52:D8:0E:75:2F:E6:8A:2F"}}},"request":{"raw":"HEAD /stream/stream-20.php HTTP/1.1\r\nHost: sportmargin.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sportmargin.cfd/stream/stream-20.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 03 Jan 2026 21:23:38 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\npriority: u=3,i=?0\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=p89sfqZl8TC2%2BP3QXFeZD%2BybSILuhRizfxCoeeasTjTAZ%2BlPEiqP5Gi%2By0ghEzYjvJRgU0sO8DwZm4v7IzRDP9cRLjlQk4ySWXzYIlc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b858eeebce30b69-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":711,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":711,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","date":"2026-01-03T21:23:37.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.6.0.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://epicplayplay.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-15d9d\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Sat, 03 Jan 2026 21:23:37 GMT\r\nage: 2204471\r\nx-served-by: cache-lga21931-LGA, cache-hel1410023-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 71, 614389\r\nx-timer: S1767475418.782270,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30875\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89501,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-05-21T16:08:31.296544Z","times_seen":471638,"resource_available":true,"data":null}},"time_used":307,"timings":{"blocked":132,"dns":20,"connect":30,"send":0,"wait":27,"receive":9,"ssl":85},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"35.156.32.205","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:36.941Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://sportmargin.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sportmargin.cfd/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 21:23:37 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://sportmargin.cfd\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=ceab49ad-cb78-4924-b35c-44b460089c75:2:1; expires=Tue, 01 Jan 2036 21:23:37 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"de2ff8acf64dd07b295f24b0cb1bcebf","sha1":"ddfc154dd7578352ca551a80b25f51fc2cd37cf7","sha256":"dfadbc8e40d984d530ca5da7670185f8076f198157a5932523d6db66a971dd58","sha512":"d114390a07ccb7b20799707d4c70d494baddb12ec20009f93ac66929576dd861c321649a69dbebad783bed6e6a0bce06f0effac06ac8d2aba4fd5672ab4b6805","ssdeep":"","tlshash":"f2900400177430d0071410d11150554f50c7170c44d5c1071c00c404515dc551444d74","first_seen":"2026-01-03T21:24:09.680758Z","last_seen":"2026-01-03T21:24:09.680758Z","times_seen":1,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":108,"dns":23,"connect":21,"send":0,"wait":21,"receive":0,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"adexchangeclear.com/script/suurl5.php?r=6707202\u0026cbur=0.873085783925703\u0026cbiframe=0\u0026cbWidth=1280\u0026cbHeight=1024\u0026cbtitle=\u0026cbpage=https%3A%2F%2Fsportmargin.cfd%2Fstream%2Fstream-20.php\u0026cbref=\u0026cbdescription=\u0026cbkeywords=\u0026cbcdn=bklihaatruags.website\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026ts=1767475417065\u0026srs=f9ee2f8fe3aa634ed39b9888afc11a3f\u0026atv=74.0\u0026btp=0.01\u0026abtg=1\u0026adbv=3-cdn-js","fqdn":"adexchangeclear.com","domain":"adexchangeclear.com","tld":"com"},"ip":{"addr":"172.67.223.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:37.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adexchangeclear.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 23:08:46 GMT","end":"Sat, 07 Mar 2026 00:07:30 GMT"},"fingerprint":{"sha1":"D5:B9:71:11:A1:C5:BD:EA:60:68:49:87:01:4B:0B:CB:81:8B:FA:6C","sha256":"66:19:A7:E1:FD:B7:41:C7:AE:CB:33:20:81:70:04:52:48:C8:D0:0E:66:96:B3:F7:FE:B5:FC:10:FE:48:0A:44"}}},"request":{"raw":"GET /script/suurl5.php?r=6707202\u0026cbur=0.873085783925703\u0026cbiframe=0\u0026cbWidth=1280\u0026cbHeight=1024\u0026cbtitle=\u0026cbpage=https%3A%2F%2Fsportmargin.cfd%2Fstream%2Fstream-20.php\u0026cbref=\u0026cbdescription=\u0026cbkeywords=\u0026cbcdn=bklihaatruags.website\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026ts=1767475417065\u0026srs=f9ee2f8fe3aa634ed39b9888afc11a3f\u0026atv=74.0\u0026btp=0.01\u0026abtg=1\u0026adbv=3-cdn-js HTTP/1.1\r\nHost: adexchangeclear.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://sportmargin.cfd/\r\nOrigin: https://sportmargin.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 21:23:37 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jUz4PZXcLryu2QjwFNORgsLbsdE1PtkdwN%2FYYIl0C4vAkqpxerkKOg8C%2FSp9Cl2vpX7RgICKS%2BBWxaj7%2BplIXWUtFz0O5Oq92vywSFkQLF%2Be\"}]}\r\ncf-ray: 9b858ef0aaac56a3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":966,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"1c87b8dd28284eca60daa5dd998df4a6","sha1":"9613c9de0a75414a2acee5274ca52d6949a8525c","sha256":"b1ea2f1d21fd5aaa55fd312c3cefc88ca7f1930f3f817c418ccc3fabb40f35e1","sha512":"2e78003877eb71c91cda530981f7b16d0595e50cd418356142e2fe485e383f609d6e0b3edc67f2c0462e10f3e3bedc4efb1ed3a5145ee9c946d7d819a80a1af3","ssdeep":"","tlshash":"311198d3155c0958954545d09c71582b249053dfd5e817df800f7c8651955406aedaeb","first_seen":"2026-01-03T21:24:09.697847Z","last_seen":"2026-01-03T21:24:09.697847Z","times_seen":1,"resource_available":false,"data":null}},"time_used":330,"timings":{"blocked":55,"dns":1,"connect":2,"send":0,"wait":211,"receive":0,"ssl":57},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","date":"2026-01-03T21:23:38.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:51:40 GMT","end":"Sun, 29 Mar 2026 00:51:39 GMT"},"fingerprint":{"sha1":"F3:CE:FF:C9:F8:70:23:18:40:13:70:96:1A:D1:FD:34:D3:CD:66:FC","sha256":"07:8C:A3:3F:1D:F1:E0:75:3D:26:20:F5:D5:75:64:CE:F7:40:6E:B7:BB:B9:EC:79:33:27:5F:51:2E:B0:12:E7"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://epicplayplay.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 21:23:38 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 33fd47f9e8c263834008fdd50f5a8e44\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:37.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:51:40 GMT","end":"Sun, 29 Mar 2026 00:51:39 GMT"},"fingerprint":{"sha1":"F3:CE:FF:C9:F8:70:23:18:40:13:70:96:1A:D1:FD:34:D3:CD:66:FC","sha256":"07:8C:A3:3F:1D:F1:E0:75:3D:26:20:F5:D5:75:64:CE:F7:40:6E:B7:BB:B9:EC:79:33:27:5F:51:2E:B0:12:E7"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sportmargin.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 21:23:37 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3fd9432f28b87e30bd4dddbb79c7636d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-21T17:23:37.112312Z","times_seen":15507115,"resource_available":true,"data":null}},"time_used":141,"timings":{"blocked":61,"dns":1,"connect":19,"send":0,"wait":19,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"epicplayplay.cfd/clappr/hlsjs-playback.min.js?ssss","fqdn":"epicplayplay.cfd","domain":"epicplayplay.cfd","tld":"cfd"},"ip":{"addr":"104.21.0.173","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","date":"2026-01-03T21:23:37.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"epicplayplay.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 31 Dec 2025 15:01:18 GMT","end":"Tue, 31 Mar 2026 15:59:53 GMT"},"fingerprint":{"sha1":"7E:97:56:F0:47:2F:8F:51:78:6E:38:ED:A0:72:AA:10:A1:6A:5E:96","sha256":"BB:3F:24:90:54:1B:10:56:FE:CC:4A:D6:3A:8A:2A:38:23:8F:F3:C5:D2:0C:D9:92:B1:8B:51:25:A8:DA:0F:F1"}}},"request":{"raw":"GET /clappr/hlsjs-playback.min.js?ssss HTTP/1.1\r\nHost: epicplayplay.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 03 Jan 2026 21:23:37 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 29 Nov 2025 17:16:41 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"692b2a79-9ec9b\"\r\nexpires: Sun, 27 Dec 2026 15:13:17 GMT\r\ncache-control: public, max-age=31536000, immutable\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nage: 627020\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EO3%2F0PsdSUbUxBV2oP%2BUAFvZNLpbUDC%2B2fGEhmOfaUSozVRpMa07jfNRjeFapv9o%2BSsnL4xBhN2GXhLgQCiGBneuMAKwD9xJcoVXIL6WhhQ%3D\"}]}\r\ncf-ray: 9b858ef028011525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":650395,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"df4f7c3429df55166fb49a1671742521","sha1":"370ef8807736dcc58cf5d79d4cbac1ee02df4cd8","sha256":"488713d3fc944220c9e8bd61bf84e5e41324045a6b86ef356e46bf0729021fdd","sha512":"4dee10ccd94be4f2ef4834186f6283459950407eb348c9c60ce8cb4ef9e028caaa5d74918eafdf7d386e3c285c589b1629be1d4adc923ab55a4748b3363fa14f","ssdeep":"12288:1cYa6S5MfGwtvhtnmuQNkLf0gKD0sPJCLAqKs9:1cj6S5WGwtvhtnmuukLf0gKDNQLA3s9","tlshash":"c3d44ce932d6a02687d1a5da543a4212b3397d0b3408c09cf93efddb2d69949b07bf74","first_seen":"2025-10-24T18:53:04.551122Z","last_seen":"2026-05-20T18:02:49.141549Z","times_seen":311,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"adexchangeclear.com/script/interstitial.php?r=9830542\u0026srs=f9ee2f8fe3aa634ed39b9888afc11a3f\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026cbpage=https%3A%2F%2Fsportmargin.cfd%2Fstream%2Fstream-20.php\u0026atv=74.0\u0026cbref=\u0026btp=0.01\u0026pblcz=6707202\u0026abtg=1\u0026adbv=3-cdn-js","fqdn":"adexchangeclear.com","domain":"adexchangeclear.com","tld":"com"},"ip":{"addr":"172.67.223.87","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:38.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adexchangeclear.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 06 Dec 2025 23:08:46 GMT","end":"Sat, 07 Mar 2026 00:07:30 GMT"},"fingerprint":{"sha1":"D5:B9:71:11:A1:C5:BD:EA:60:68:49:87:01:4B:0B:CB:81:8B:FA:6C","sha256":"66:19:A7:E1:FD:B7:41:C7:AE:CB:33:20:81:70:04:52:48:C8:D0:0E:66:96:B3:F7:FE:B5:FC:10:FE:48:0A:44"}}},"request":{"raw":"GET /script/interstitial.php?r=9830542\u0026srs=f9ee2f8fe3aa634ed39b9888afc11a3f\u0026ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits\u0026cbpage=https%3A%2F%2Fsportmargin.cfd%2Fstream%2Fstream-20.php\u0026atv=74.0\u0026cbref=\u0026btp=0.01\u0026pblcz=6707202\u0026abtg=1\u0026adbv=3-cdn-js HTTP/1.1\r\nHost: adexchangeclear.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://sportmargin.cfd/\r\nOrigin: https://sportmargin.cfd\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 21:23:38 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvia: 1.1 google\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t30oowgWgj%2Foa1QRY4joKL6XsvU1J52G%2FnG6ZGJaG0a%2B1%2BRpAtXB3irLovwWCLvKRLsfDLxbt6QLX4N%2FWrvxrQGhZjb3xg8zELKG3ckyIQkR\"}]}\r\ncf-ray: 9b858ef6488456a3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":1373,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d853d1031d920484b108750a17bf425d","sha1":"f005111cae71d54bd8efa4df7afa746ea07cae2d","sha256":"f67b9003aee2228e56a3f38c9617c32212aeb8090b4f6f1379ac79a5c2802c47","sha512":"ef14001abb432f28c57076c7a7f835e1d6b2eb782c243477baf5ca1ed6d2cdff055c9c6ca75fc3b56af386dbb572a70279f32d9870cf09e46e6e41a924a8b172","ssdeep":"","tlshash":"5421d8ee886c855f110450f8c09fba2827530653fd847d2968afed69246ad54815c8b3","first_seen":"2026-01-03T21:24:09.709376Z","last_seen":"2026-01-03T21:24:09.709376Z","times_seen":1,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"adexchangeclear.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"upload.wikimedia.org/wikipedia/commons/2/21/Speaker_Icon.svg","fqdn":"upload.wikimedia.org","domain":"wikimedia.org","tld":"org"},"ip":{"addr":"185.15.59.240","port":443,"asn":14907,"as":"WIKIMEDIA","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","date":"2026-01-03T21:23:37.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.wikimedia.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sun, 14 Dec 2025 07:10:52 GMT","end":"Sat, 14 Mar 2026 07:10:51 GMT"},"fingerprint":{"sha1":"2F:5C:84:59:D5:30:00:E0:37:A2:1D:EB:D0:9C:0C:C7:A4:17:88:77","sha256":"F5:68:C5:ED:48:C7:A4:1A:86:BA:C6:95:8C:B8:7B:F5:F6:0D:EE:3E:CF:94:35:A3:03:3F:5B:20:B8:51:8B:33"}}},"request":{"raw":"GET /wikipedia/commons/2/21/Speaker_Icon.svg HTTP/1.1\r\nHost: upload.wikimedia.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://epicplayplay.cfd/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 13:06:15 GMT\r\nserver: ATS/9.2.11\r\netag: W/1e965f9ca6bac55c4bfece8dabe6fa47\r\ncontent-type: image/svg+xml\r\nx-object-meta-sha1base36: rcosig5pk1fefnugtbiewl19zhtt86j\r\nlast-modified: Wed, 28 Aug 2019 18:11:18 GMT\r\ncontent-encoding: gzip\r\nage: 29841\r\naccept-ranges: bytes\r\nx-cache: cp3076 hit, cp3076 hit/16118\r\nx-cache-status: hit-front\r\nserver-timing: cache;desc=\"hit-front\", host;desc=\"cp3076\"\r\nstrict-transport-security: max-age=106384710; includeSubDomains; preload\r\nreport-to: { \"group\": \"wm_nel\", \"max_age\": 604800, \"endpoints\": [{ \"url\": \"https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error\u0026schema_uri=/w3c/reportingapi/network_error/1.0.0\" }] }\r\nnel: { \"report_to\": \"wm_nel\", \"max_age\": 604800, \"failure_fraction\": 0.05, \"success_fraction\": 0.0}\r\nx-client-ip: 91.90.42.154\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache\r\ntiming-allow-origin: *\r\nset-cookie: WMF-Uniq=EK62aSHvhkoo3C67irF1AALdAAAAAFvd-fMgobnk0haqN0-WXO3Vf2MYJtti4Wd7;Domain=upload.wikimedia.org;Path=/;HttpOnly;secure;SameSite=None;Expires=Sun, 03 Jan 2027 00:00:00 GMT\r\ncontent-length: 328\r\nx-request-id: 71dcea7b-608a-44a4-8008-5b3a5640bec8\r\nx-analytics: \r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache Traffic Server:9.2.11","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":514,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1e965f9ca6bac55c4bfece8dabe6fa47","sha1":"ea28e0f6d1a42bd7f2ab416bcf2a9fd0dde55fab","sha256":"70e589ae4b79586ddd4eadd1ac8b501d64ab0433c2038c92e945fbb6195ad7a9","sha512":"ac5cba3ff4bd990c24695203c88c8b444051059398c8d7b53c8dd87bbe4d2693000a2b2e502bcfc0dee7b745b01a580c9dba3cf362337003626f9e18394fed75","ssdeep":"","tlshash":"53f0591d83865c3ea0628b148750f90963bb5552a672f394cebd1b7325171d450bbaec","first_seen":"2024-06-21T01:55:05Z","last_seen":"2026-04-19T15:29:45.160483Z","times_seen":1036,"resource_available":false,"data":null}},"time_used":378,"timings":{"blocked":157,"dns":66,"connect":36,"send":0,"wait":26,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x7i0.com/tag.min.js","fqdn":"x7i0.com","domain":"x7i0.com","tld":"com"},"ip":{"addr":"139.45.195.12","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:36.447Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"x7i0.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 04 Dec 2025 05:11:27 GMT","end":"Wed, 04 Mar 2026 05:11:26 GMT"},"fingerprint":{"sha1":"14:77:2C:D5:C8:69:E2:EA:97:D1:53:2B:C9:3D:84:C5:41:25:53:E0","sha256":"FD:43:E2:10:79:04:11:D2:A4:2E:C6:D9:FC:A2:35:7E:62:29:C6:EF:AE:E8:17:F6:03:BB:46:5F:31:D8:6E:6C"}}},"request":{"raw":"GET /tag.min.js HTTP/1.1\r\nHost: x7i0.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sportmargin.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 03 Jan 2026 21:23:36 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: 816435a6561d68e4b292b9efe8aef08d\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":112425,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b105ae11aaf0b47395b2000405b0c592","sha1":"3c1e064f7f5914d976f4a81aea09018b88252773","sha256":"59f1a5a724edcb7907d7734c94ea7893e3c0153854847a1dde214f8c71339e9a","sha512":"3e3a9f1b04582013f15fe140f1aeee984bf74299ec944c6d5752bcd8a14db371f03a7f7f3002eee365d2b98a80791f2a0dc2b380001c80928295458d02be6190","ssdeep":"3072:tXki1TG8YlAVCzIqwL76WJHpYx85/MVzUL:6WTGvlwqw5JJdQza","tlshash":"3ab3295673a277d21a6e60d42d57d60573fd8c80488f8867e3c8787972d081cd3abbea","first_seen":"2025-12-18T15:53:40.958967Z","last_seen":"2026-01-08T02:23:09.116351Z","times_seen":241,"resource_available":true,"data":null}},"time_used":228,"timings":{"blocked":87,"dns":26,"connect":26,"send":0,"wait":52,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","fqdn":"epicplayplay.cfd","domain":"epicplayplay.cfd","tld":"cfd"},"ip":{"addr":"104.21.0.173","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:37.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"epicplayplay.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 31 Dec 2025 15:01:18 GMT","end":"Tue, 31 Mar 2026 15:59:53 GMT"},"fingerprint":{"sha1":"7E:97:56:F0:47:2F:8F:51:78:6E:38:ED:A0:72:AA:10:A1:6A:5E:96","sha256":"BB:3F:24:90:54:1B:10:56:FE:CC:4A:D6:3A:8A:2A:38:23:8F:F3:C5:D2:0C:D9:92:B1:8B:51:25:A8:DA:0F:F1"}}},"request":{"raw":"GET /premiumtv/cyclinsport.php?id=20 HTTP/1.1\r\nHost: epicplayplay.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sportmargin.cfd/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 21:23:37 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-cacheable: YES, YES\r\nx-cache-status: MISS\r\nvideocdnx: NO\r\nnode: PHP\r\nservedby: PHPVX\r\ncache-control: public, max-age=30, immutable, no-transform\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xlxg2K6sCOS4Wx%2BDAgqTU8OlJZ0vfVCTVFs4VpQi6mbPNPAyulrOI91pILCObrZpZfXoU0hys%2BpECrOo8A1n60RhsjyTxbykTn1sIImN\"}]}\r\ncf-ray: 9b858eeedc9056c3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]}],"data":{"size":49197,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (8595), with CRLF line terminators","md5":"5aa48445f73fba3f0f1d42a5a3dfd30f","sha1":"1b835cb4a4a615722af2edb91a0a519cb537e500","sha256":"6ae23bd8f4b03d7b17eb396ef00783b629dcdf559a0133e90d213ddc53f87a9b","sha512":"061297a43182082e6766d5e5352ae1593ef1496ad748dc34cc2565ec4c8040d25cb3a6183d4b09cac01215e7f01241152088f9b79b8fdedebdd6479347a2981b","ssdeep":"768:44P1UiULcuYlKi/IC0zF5IiXp/ppN34D5oVLgPrK8zw7pNTBCV1Xt+vDs+SC7JVu:TKif45f/ppN34ggPGplo3+XflVlPlA/n","tlshash":"d423190168916436413792a49b33a119f4361d2f7342c2e6be9cda53aff5a68c472ffc","first_seen":"2026-01-03T21:24:09.711347Z","last_seen":"2026-01-03T21:24:09.711347Z","times_seen":1,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":39,"dns":21,"connect":1,"send":0,"wait":37,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sportmargin.cfd/favicon.ico","fqdn":"sportmargin.cfd","domain":"sportmargin.cfd","tld":"cfd"},"ip":{"addr":"172.67.204.129","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:38.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sportmargin.cfd","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 28 Nov 2025 18:56:38 GMT","end":"Thu, 26 Feb 2026 19:54:24 GMT"},"fingerprint":{"sha1":"4D:09:CB:FC:06:69:D6:58:95:4A:93:96:67:B8:07:60:9C:84:1D:A1","sha256":"4E:E6:AB:EC:97:48:E3:5E:01:D6:84:23:43:42:11:F1:6C:A1:3B:CF:1F:BD:50:52:52:D8:0E:75:2F:E6:8A:2F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: sportmargin.cfd\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sportmargin.cfd/stream/stream-20.php\r\nCookie: pp_main_9ff35b0cd63b95f2925204c4dd0a79c3=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=ceab49ad-cb78-4924-b35c-44b460089c75%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sat, 03 Jan 2026 21:23:38 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7sHkG9yx%2Fdh%2BUrVcsGiysWIdggEBFmj5GsuwQJVhfvkf4rqazjSkMn8k5Uu57HgsXLZCz3BloobHR%2FnOSxFTHscYS0mkKclQeRZFCCs%3D\"}]}\r\npriority: u=6,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9b858ef2dd0c0b69-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-05-21T17:07:04.901033Z","times_seen":513914,"resource_available":true,"data":null}},"time_used":90,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":90,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sportmargin.cfd/stream/stream-20.php","date":"2026-01-03T21:23:36.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:36:36 GMT","end":"Sat, 28 Mar 2026 23:36:35 GMT"},"fingerprint":{"sha1":"0E:EE:1D:ED:80:5A:CA:0C:1E:93:89:94:78:B7:34:91:38:D4:89:51","sha256":"CF:77:1B:FB:04:67:32:02:DF:D9:38:24:27:3D:A5:98:54:0C:4D:BA:C5:1B:62:FD:C1:E1:17:57:6F:63:B3:BF"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sportmargin.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sat, 03 Jan 2026 21:23:37 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d7ff91c3109bd5ee4d111b749aa35df2\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-05-21T09:54:42.834421Z","times_seen":16623,"resource_available":true,"data":null}},"time_used":146,"timings":{"blocked":48,"dns":0,"connect":17,"send":0,"wait":19,"receive":18,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"waust.at/c.js","fqdn":"waust.at","domain":"waust.at","tld":"at"},"ip":{"addr":"104.26.4.7","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://epicplayplay.cfd/premiumtv/cyclinsport.php?id=20","date":"2026-01-03T21:23:37.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"waust.at","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Dec 2025 19:37:15 GMT","end":"Sun, 15 Mar 2026 20:37:11 GMT"},"fingerprint":{"sha1":"65:98:57:1D:D0:E1:C6:FD:D4:EA:FE:DC:DD:B7:64:B6:6F:BC:2D:3E","sha256":"73:94:A9:0B:3C:AC:A5:A2:4B:D1:6F:F3:A7:32:53:C1:6F:62:A5:D7:51:1D:50:84:CB:3B:AB:DB:1B:B3:78:23"}}},"request":{"raw":"GET /c.js HTTP/1.1\r\nHost: waust.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://epicplayplay.cfd/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 03 Jan 2026 21:23:37 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Wed, 17 Dec 2025 22:03:14 GMT\r\netag: W/\"694328a2-2db8\"\r\nexpires: Sun, 04 Jan 2026 20:59:15 GMT\r\ncache-control: max-age=86400\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nage: 1461\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4NT1EfJbnspliVM2Za8PLHrkQhD0Y60NSzIIun0AYXrv6B40g0Dy52CnGlkCbT%2BVTdunpLq8w1uJ9%2F1BTqUlAYakwjAdMso%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9b858ef0bdb85a0f-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11704,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (11704), with no line terminators","md5":"530782c5a9f2e54753e0bc231ae9d46c","sha1":"75cd71ba9148c556f6e216ee9f8a1cedc03c154b","sha256":"95b4c9194652bc6107784e7198a02d381e630eb404accc3ef2ee0ac2c81c38cc","sha512":"09d2b567dff41a0f2b6555e3c48ab2bcc835ac514364b4263f80e3c30abd92ec78041284b7b9804e98c42c885a3e20836ac9063f1b588970472443ff049011b1","ssdeep":"192:l7pBK4BQM5iClA7y1w65jqc4izncX9HVvW2kdjxWybsmm29NBm2/MVpd:l7pBK4BQB9W1wC4bN1wdjxWybsmm2420","tlshash":"f3323d55221b18b6a7ff50d9252f73067030953aaf4a91519066c0bc367de0f50fbeb6","first_seen":"2025-11-29T06:12:12.624589Z","last_seen":"2026-05-21T15:19:40.651014Z","times_seen":506,"resource_available":true,"data":null}},"time_used":174,"timings":{"blocked":81,"dns":20,"connect":6,"send":0,"wait":5,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"waust.at","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-03","alert":"Sinkholed","trigger":"waust.at","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}