Report - tntsports.store/TNT08/D40.php

Report Overview

Submitted URL
tntsports.store/TNT08/D40.php
IP
198.54.126.239
ASN
#22612 NAMECHEAP-NET
Submitted
2024-05-05 18:52:25
Access
public
Website Title
tntsports.store/TNT08/D40.php
Final URL
tntsports.store/TNT08/D40.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.xadsmart.com	151441	2020-04-18	2020-04-18	2024-04-28	422 B	38 kB	185.76.9.23
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-04	1.8 kB	1.4 kB	52.29.105.35
youradexchange.com	273384	2012-11-09	2013-02-04	2024-05-04	794 B	1.6 kB	172.67.177.214
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-05-04	881 B	16 kB	151.101.193.229
italianexpecting.com	unknown	unknown	No data	No data	913 B	17 kB	172.240.108.84
d.daddylivehd.sx	unknown	unknown	2023-07-13	2023-11-21	523 B	852 B	172.67.171.101
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-04	676 B	1.9 kB	143.204.53.97
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-05-04	822 B	654 B	192.243.59.20
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-04	735 B	423 B	192.243.61.225
www.topcreativeformat.com	unknown	2023-11-21	2023-11-22	2024-05-03	442 B	13 kB	192.243.59.12
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12	2024-05-04	441 B	24 kB	45.133.44.10
c.adsco.re	16577	2017-02-14	2017-11-29	2024-05-04	381 B	1.3 kB	0.0.0.0
weblivehdplay.ru	unknown	2023-10-05	2023-10-05	2024-01-15	525 B	862 B	104.21.94.34
zeekaihu.net	unknown	2023-07-04	2023-07-04	2024-04-27	818 B	34 kB	139.45.197.245
dlhd.sx	unknown	unknown	2023-08-24	2024-02-03	514 B	832 B	104.21.64.182
skinssailing.com	unknown	unknown	No data	No data	2.3 kB	5.5 kB	172.240.127.234
claplivehdplay.ru	unknown	2024-01-19	2024-01-19	2024-04-25	1.9 kB	857 kB	172.67.178.79
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-04	1.2 kB	260 kB	104.21.35.227
tntsports.store	unknown	unknown	No data	No data	1.1 kB	2.7 kB	198.54.126.239
quartaherbist.com	unknown	unknown	No data	No data	407 B	1.5 kB	23.109.170.77
precariousgrumpy.com	unknown	unknown	No data	No data	486 B	467 B	192.243.59.12
code.jquery.com	634	2005-12-10	2012-05-21	2024-05-04	411 B	32 kB	151.101.194.137
pl23103817.profitablegatecpm.com	unknown	unknown	No data	No data	451 B	31 kB	172.240.253.132
kzt2afc1rp52.com	unknown	2020-04-27	2020-04-27	2024-04-25	429 B	31 kB	172.240.108.68
1.dlhd.sx	unknown	unknown	No data	No data	1.4 kB	242 kB	104.21.64.182
wocwibkfutrj.com	unknown	unknown	No data	No data	416 B	64 kB	172.67.187.202

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-05	medium	quartaherbist.com	Sinkholed
2024-05-05	medium	zeekaihu.net	Sinkholed
2024-05-05	medium	unseenreport.com	Sinkholed
2024-05-05	medium	zeekaihu.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (26)

	URL	Size	First Seen	Last Seen
	wocwibkfutrj.com/script/ut.js?cb=1714935119931	63 kB	2024-04-25	2024-05-18
Pretty URL wocwibkfutrj.com/script/ut.js?cb=1714935119931 IP 172.67.187.202 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-25 17:58:25 Last Seen2024-05-18 22:05:39 Times Seen326 Hash bc481e345c04b4534e0a4e54a0f2c1c6 2be428035dd37b2722891c200f35449c5893df33 04d8cc0aacc3f172f638e608d3f08e8457d849290ae553090cb951d4b3f1b97b Loading...

	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-18
Pretty URL capaciousdrewreligion.com/advertisers.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 22:19:30 Times Seen37803000 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.topcreativeformat.com/01f41091eb2ca0d891aebc59938ddc36/invoke.js	31 kB	2024-05-05	2024-05-05
Pretty URL www.topcreativeformat.com/01f41091eb2ca0d891aebc59938ddc36/invoke.js IP 192.243.59.12 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 20:52:32 Last Seen2024-05-05 20:52:33 Times Seen2 Hash 1be3d35da51d7d6ee49bdabfdbe4d7b7 a0ad69883453d5ab9d62c0155b79bc21e1bfeb94 5f7b9ec897ebed3f36cb038ec3dedc7fc868cbf71bf1c2340225549156bd780d Loading...

	unknown	5 B	2023-03-07	2024-05-18
Pretty Introduced by javascriptURL Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-05-18 22:18:01 Times Seen15204 Hash 68934a3e9455fa72420237eb05902327 7cb6efb98ba5972a9b5090dc2e517fe14d12cb04 fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 104.21.35.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 14:49:08 Times Seen3553 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	claplivehdplay.ru/premiumtv/daddyhd.php?id=40	46 B	2023-07-23	2024-05-18
Pretty URL claplivehdplay.ru/premiumtv/daddyhd.php?id=40 IP 172.67.178.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-23 19:35:27 Last Seen2024-05-18 15:12:42 Times Seen56 Hash 4e1e753f543ab69894b98c449e10234d 8ed53684f57e4c1e60ef3de40bf48d9e692fd3f1 1a0a20c8c7ace362f60bd79417d8bd1d5ab34fecd8bd335e7aa1bd3952d84db9 Loading...

	unknown	34 B	2023-04-11	2024-05-18
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:16:40 Last Seen2024-05-18 22:06:35 Times Seen77580 Hash 572cb94037fffc2a0a53b465972e15f1 0d679b041a7c1ca45cc99e2d229fc2b86762838d 6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35 Loading...

	italianexpecting.com/18/43/01/1843019bf263f39accf339e8c46780a9.js	44 kB	2024-05-05	2024-05-05
Pretty URL italianexpecting.com/18/43/01/1843019bf263f39accf339e8c46780a9.js IP 172.240.108.84 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 20:52:33 Last Seen2024-05-05 20:52:33 Times Seen2 Hash e4271f5fa2338b0e682c06887c710123 1f716867da2cf4968abb414ca954aa15eff36c7b ba2570db5e3b707f5b8c35ad1a8084c312d197117fb401f4735d92afa6f28e92 Loading...

	pl23103817.profitablegatecpm.com/db/4d/98/db4d9866e9d9e4d2569524cb36da9c30.js	84 kB	2024-05-05	2024-05-05
Pretty URL pl23103817.profitablegatecpm.com/db/4d/98/db4d9866e9d9e4d2569524cb36da9c30.js IP 172.240.253.132 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 20:52:33 Last Seen2024-05-05 20:52:33 Times Seen2 Hash 409e2893e2c7807324474bbc168568fe 651d3648a59d22c2f0757b512ec707afe9c00bf6 10d283c44575dd40ffadaaca6f477bbea324b5eedb5cf305051016ac12d064e0 Loading...

	1.dlhd.sx/embed/stream-40.php	467 B	2023-03-09	2024-05-18
Pretty URL 1.dlhd.sx/embed/stream-40.php IP 104.21.64.182 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 01:35:27 Last Seen2024-05-18 22:00:35 Times Seen73 Hash f6ca01bb0ca3ebde821544f18ec83583 2e8cbf747f80c79ae8c12b8685556757e813b9db a1d2b03b3b1269adbdcbda20f64807bc730335783a9a90e9fbd743f898fb675c Loading...

	unknown	145 B	2024-04-26	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 21:01:19 Last Seen2024-05-05 20:52:33 Times Seen2 Hash 4fc8240e8e24c76442ad680d9de988be b61123b4ef5412668623427a89c954f17c7b3b57 d3c3eb896a9e4d252490ce368a3296ebbce073b72e2bd15df6a1c5dc4d565833 Loading...

	1.dlhd.sx/embed/stream-40.php	157 B	2023-03-11	2024-05-18
Pretty URL 1.dlhd.sx/embed/stream-40.php IP 104.21.64.182 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 19:15:55 Last Seen2024-05-18 15:12:42 Times Seen62 Hash 60f1798bac26472658ff588720760829 9929b26eeb812be15261ac5aee076e468bf4764f acf1662d0ddc764da1a0a9ca8c14ce6d6a937aecef80b4b0e0426698a24b765d Loading...

	claplivehdplay.ru/premiumtv/daddyhd.php?id=40	82 kB	2024-04-26	2024-05-18
Pretty URL claplivehdplay.ru/premiumtv/daddyhd.php?id=40 IP 172.67.178.79 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 01:43:46 Last Seen2024-05-18 15:12:42 Times Seen19 Hash 7173872d985b3515c5997342838528f8 d7f7f0e91674b4cf0c9972058e6137f2eaf10367 1d5e36529f31b56eebb0438d876e2bd5a1c05ecd23ab9443829614ddd609fd75 Loading...

	tntsports.store/TNT08/D40.php	0 B	2023-03-07	2024-05-18
Pretty URL tntsports.store/TNT08/D40.php IP 198.54.126.239 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-18 22:19:30 Times Seen37803000 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	kzt2afc1rp52.com/dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js	84 kB	2024-05-05	2024-05-05
Pretty URL kzt2afc1rp52.com/dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 20:52:33 Last Seen2024-05-05 20:52:33 Times Seen2 Hash 741315e68dff0c17415a4f628cb2c0ea 7d88c3da87e8a1e6be9115175316984e881cf047 eed4d9c843ee86024faa567dd9c783f69dfd6f344bf8347f9be1b804084b373a Loading...

	1.dlhd.sx/embed/stream-40.php	8.5 kB	2023-07-23	2024-05-18
Pretty URL 1.dlhd.sx/embed/stream-40.php IP 104.21.64.182 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-23 19:35:27 Last Seen2024-05-18 15:12:42 Times Seen25 Hash ff656e6bdffbea98da4df97ff7ae3d21 f742e8d729409184fdaf152c2d2b670d6db7e9ec 9e6e95d6fa2ce522e900a6eb22ef91ae4fa930a9e39e2ca913742d48d0484b68 Loading...

	1.dlhd.sx/embed/adblock.php	162 kB	2024-05-05	2024-05-05
Pretty URL 1.dlhd.sx/embed/adblock.php IP 104.21.64.182 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 19:17:26 Last Seen2024-05-05 20:52:33 Times Seen2 Hash d006bfc1865863ff43a8c5d44622334a 6bc361d9992646d5fa9839284a576df216b78bee 1bce30de0f8518fa6c9ce847a7c647100166c35e8d96f0478428e6c86a2f1ce9 Loading...

	1.dlhd.sx/embed/stream-40.php	930 B	2024-05-05	2024-05-05
Pretty URL 1.dlhd.sx/embed/stream-40.php IP 104.21.64.182 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-05 20:52:33 Last Seen2024-05-05 20:52:33 Times Seen1 Hash a09734494d5e1c5b45a9987e4c00fbe8 a8b542d388afb139ee5a0a9939df6b43d9281009 8e6623a2550140a66df17184332dba4db35bb1fe398f9aed8f5c57fbae32c991 Loading...

	1.dlhd.sx/embed/stream-40.php	424 B	2023-03-09	2024-05-15
Pretty URL 1.dlhd.sx/embed/stream-40.php IP 104.21.64.182 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 16:51:34 Last Seen2024-05-15 21:18:09 Times Seen33 Hash 0d76eb8dc02861ed102d5d2586f0d82b 55f9121e69e32deb1d9248bd692cdf06e3e76267 81471189f19f3e6d41e33d4f12ba8a5e03b70522fc6c9b0715ec63fdacf35076 Loading...

	unknown	3.3 kB	2024-05-05	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 20:52:33 Last Seen2024-05-05 20:52:33 Times Seen1 Hash 634c27fe5db67595b2a53b95c4e509f2 13b75754ef27e9f9ad89d8003a897a80df1dc688 9558063ea73c9b0f17978afea69234d6841ebed056bb8a52db68ae7e2f10b456 Loading...

	www.xadsmart.com/ldc.min.css	37 kB	2024-05-05	2024-05-05
Pretty URL www.xadsmart.com/ldc.min.css IP 185.76.9.23 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 20:52:33 Last Seen2024-05-05 20:52:33 Times Seen2 Hash 2df3381f08900d6466dfe86b1a86ec0c cb1875d6416182db3891977fe05655c5cb68e391 49f71aa70d60a781935e725cb35c173a1d3be94291dfd908fb6dccf0dbbeb28c Loading...

	zeekaihu.net/tag.min.js	90 kB	2024-05-05	2024-05-08
Pretty URL zeekaihu.net/tag.min.js IP 139.45.197.245 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 20:08:02 Last Seen2024-05-08 04:20:45 Times Seen75 Hash 7573260aff69fe8406b0115ab4bcefaa f7f5c31f2481bd176a9b79deff1b7c0d4878f87c 280186476a1f8103793e2139d4654b16f61a2a1d393966388f55b8ed795ebba3 Loading...

	1.dlhd.sx/embed/stream-40.php	66 kB	2024-04-26	2024-05-17
Pretty URL 1.dlhd.sx/embed/stream-40.php IP 104.21.64.182 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 01:43:46 Last Seen2024-05-17 09:52:55 Times Seen13 Hash 90d869580af15a27c3d2f6952ac58f5e e637748d02703d0ee04761324c1cbd3d3c5926c5 dbe5a09254083876039612cb8cb1433841735dea201ec3cc7887181c13893e8f Loading...

	1.dlhd.sx/embed/stream-40.php	445 B	2024-04-26	2024-05-17
Pretty URL 1.dlhd.sx/embed/stream-40.php IP 104.21.64.182 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 01:43:47 Last Seen2024-05-17 09:52:55 Times Seen13 Hash 6d7cf20ca66176842303cf97bdf26bde 0cf10c1cf2ee995c05bae4735c0a2e42084b315a 21a1d3c6d41098beebbc7b4f829384b3b530ef7bcfc81e1e1e48e9e6a6b42160 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 73497a37c3561adbd8ce84e4f017b368	9 B	2023-03-07	2024-05-18
Pretty Observations First Seen2023-03-07 01:03:23 Last Seen2024-05-18 20:50:12 Times Seen2455 Hash 73497a37c3561adbd8ce84e4f017b368 9193ae73cb3dd2833be8c942714d5544bfb628c9 9312a1adbbf0a4c05fc296d158ec3bd39acfe50e9e98ff02688139aad6fc3351 Loading...

	#2 Eval - 1e4e5c53559f08fba26a230989b7b7cf	2.1 kB	2024-05-05	2024-05-05
Pretty Observations First Seen2024-05-05 20:52:33 Last Seen2024-05-05 20:52:33 Times Seen1 Hash 1e4e5c53559f08fba26a230989b7b7cf 7b3285526e1235c17ee2e48232786f649eaa4fb7 969e0825360d19ff5015674111a3721d4c30f5b40822435ef2cc7e8000411800 Loading...

HTTP Transactions (43)

URL IP Response Size

tntsports.store/TNT08/D40.php

198.54.126.239

200 OK

909 B

URL User Request GET HTTP/2
tntsports.store/TNT08/D40.php
IP
198.54.126.239:443
ASN
#22612 NAMECHEAP-NET

Certificate
IssuerSectigo Limited
Subjecttntsports.store
Fingerprint1A:F9:F4:65:E2:4F:AF:49:3C:0F:D9:4B:AF:AA:CB:C4:93:1D:A0:D5
ValidityFri, 19 Apr 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
HTML document, ASCII text
Size
909 B (909 bytes)
Hash
54c0f8c0012e049408212a430abb2cc8
ea15399a2375ce12fcdcec8e35adaf331c2f555f
e2e66f634fd74f6077f677621d55ee5627c19d055665541c516078c4ba6b52d0

HTTP Headers

GET /TNT08/D40.php HTTP/1.1
Host: tntsports.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-powered-by: PHP/8.0.30
content-type: text/html; charset=UTF-8
content-length: 909
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 May 2024 18:51:58 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

d.daddylivehd.sx/embed/stream-40.php

172.67.171.101

301 Moved Permanently

167 B

URL GET HTTP/2
d.daddylivehd.sx/embed/stream-40.php
IP
172.67.171.101:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerGoogle Trust Services LLC
Subjectdaddylivehd.sx
Fingerprint6E:00:BE:2A:59:A9:01:45:61:43:68:84:31:FD:7D:3C:B8:B4:25:13
ValiditySat, 16 Mar 2024 20:29:45 GMT - Fri, 14 Jun 2024 20:29:44 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /embed/stream-40.php HTTP/1.1
Host: d.daddylivehd.sx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tntsports.store/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sun, 05 May 2024 18:51:58 GMT
content-type: text/html
content-length: 167
location: https://dlhd.sx/embed/stream-40.php
cache-control: max-age=3600
expires: Sun, 05 May 2024 19:51:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yccktdB6A%2Bchz6smRfVd%2FsbvnN3mCjY3qgXbh2PMzZEiDnX4W3D1GBESILazXno%2Fh%2FT4VYwGKuumgIRQtuJOC8%2BhaQ5Qg%2Fi4OpmRtuMa5ymqTStP%2FzlKxQrg5%2FFH03F2GhLw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f2eccc688eb4f7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

dlhd.sx/embed/stream-40.php

104.21.64.182

301 Moved Permanently

167 B

URL GET HTTP/2
dlhd.sx/embed/stream-40.php
IP
104.21.64.182:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerGoogle Trust Services LLC
Subjectdlhd.sx
Fingerprint21:F0:36:94:DA:BA:26:45:27:88:C8:87:52:83:9C:DF:F9:B0:A5:7E
ValiditySat, 13 Apr 2024 22:56:35 GMT - Fri, 12 Jul 2024 22:56:34 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /embed/stream-40.php HTTP/1.1
Host: dlhd.sx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tntsports.store/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sun, 05 May 2024 18:51:58 GMT
content-type: text/html
content-length: 167
location: https://1.dlhd.sx/embed/stream-40.php
cache-control: max-age=3600
expires: Sun, 05 May 2024 19:51:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ecZXk7zbA%2FbDGAtsARWBeABbCgHOQBrhpxrZX9GxJKqHSQVAPW%2FZSnSWJ%2BIjO6YmXeBhAcmbW0vRp5zD18pDKS7g4ruVon5nXuYuIDTHKTb4zcprdSMuPhU4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f2ecccb81d5691-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

quartaherbist.com/rajJs8QOI9CknaS/69521

23.109.170.77

200 OK

20 B

URL GET HTTP/1.1
quartaherbist.com/rajJs8QOI9CknaS/69521
IP
23.109.170.77:443
ASN
#7979 SERVERS-COM

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerLet's Encrypt
Subjectquartaherbist.com
Fingerprint09:ED:0D:10:E1:38:44:BB:04:D8:BA:98:84:E3:F0:2F:50:D6:75:FC
ValidityWed, 17 Apr 2024 23:14:14 GMT - Tue, 16 Jul 2024 23:14:13 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rajJs8QOI9CknaS/69521 HTTP/1.1
Host: quartaherbist.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 May 2024 18:51:59 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://1.dlhd.sx
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Mon, 06-May-2024 18:51:59 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Mon, 06-May-2024 18:51:59 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

www.topcreativeformat.com/01f41091eb2ca0d891aebc59938ddc36/invoke.js

192.243.59.12

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/01f41091eb2ca0d891aebc59938ddc36/invoke.js
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31289), with no line terminators
Size
12 kB (11842 bytes)
Hash
1be3d35da51d7d6ee49bdabfdbe4d7b7
a0ad69883453d5ab9d62c0155b79bc21e1bfeb94
5f7b9ec897ebed3f36cb038ec3dedc7fc868cbf71bf1c2340225549156bd780d

HTTP Headers

GET /01f41091eb2ca0d891aebc59938ddc36/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tntsports.store/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 May 2024 18:51:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 05a1f77b28590b91f790afac026e0a93
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

pl23103817.profitablegatecpm.com/db/4d/98/db4d9866e9d9e4d2569524cb36da9c30.js

172.240.253.132

200 OK

31 kB

URL GET HTTP/1.1
pl23103817.profitablegatecpm.com/db/4d/98/db4d9866e9d9e4d2569524cb36da9c30.js
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerLet's Encrypt
Subjectprofitablegatecpm.com
Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30
ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30627 bytes)
Hash
409e2893e2c7807324474bbc168568fe
651d3648a59d22c2f0757b512ec707afe9c00bf6
10d283c44575dd40ffadaaca6f477bbea324b5eedb5cf305051016ac12d064e0

HTTP Headers

GET /db/4d/98/db4d9866e9d9e4d2569524cb36da9c30.js HTTP/1.1
Host: pl23103817.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tntsports.store/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 18:51:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 662b727f06bf7de070f9e904ec64c985
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
2d2f26a2aaa28f97be5971550adb0be2
1585771b0df4eb8a44575755268dd0731cb16f46
e4e5349847d97c0b04bc635bf68b56f4a4e5f4fd1f54408a5120929b2b224824

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 05 May 2024 18:51:59 GMT
Last-Modified: Sun, 05 May 2024 18:15:19 GMT
Server: ECAcc (ska/F7B0)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: gRiQoKH0zNBbbd4lsINOPa2mmD1yndW6qF13TUiN1qamc1Ls9YQiPg==
Age: 2200

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
1e55caca39863d407167ede25dbf9b81
d3e21321f43aca6141ccb7cecee0ede3905c7684
058e4b851273181e8f2fb9d92fc000d6a45b0f15b13e33725d8e84a8e316499d

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tntsports.store
DNT: 1
Connection: keep-alive
Referer: https://tntsports.store/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 18:51:59 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://tntsports.store
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=0c96df48-8da0-4463-99f1-243d8428cb68:3:1; expires=Wed, 03 May 2034 18:51:59 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
2d2f26a2aaa28f97be5971550adb0be2
1585771b0df4eb8a44575755268dd0731cb16f46
e4e5349847d97c0b04bc635bf68b56f4a4e5f4fd1f54408a5120929b2b224824

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sun, 05 May 2024 18:51:59 GMT
Last-Modified: Sun, 05 May 2024 18:16:03 GMT
Server: ECAcc (ska/F75B)
X-Cache: Miss from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: YbJdybL0MN_Kgi02MJHebNnIdUQtfoT5ERKxEq7EYfoi05PYN6GbRg==
Age: 2156

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ffe7f326166473e5704febb6a3d654a4
ce65b609413f95c7007e8a90d5c1ac67782ad73c
0a54d6a189f50a170fcec9fcac138ba6ccd11777471a0888fc1d4b30fd6db283

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tntsports.store
DNT: 1
Connection: keep-alive
Referer: https://tntsports.store/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 18:51:59 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://tntsports.store
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=08afc904-0180-4849-ba69-de1eae703d39:2:1; expires=Wed, 03 May 2034 18:51:59 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

kzt2afc1rp52.com/dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js

172.240.108.68

200 OK

31 kB

URL GET HTTP/1.1
kzt2afc1rp52.com/dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerLet's Encrypt
Subjectkzt2afc1rp52.com
Fingerprint9A:52:7D:FA:48:7E:A0:17:19:03:F5:A9:DF:9C:A1:0B:F6:F5:5A:51
ValidityWed, 10 Apr 2024 07:14:41 GMT - Tue, 09 Jul 2024 07:14:40 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30615 bytes)
Hash
741315e68dff0c17415a4f628cb2c0ea
7d88c3da87e8a1e6be9115175316984e881cf047
eed4d9c843ee86024faa567dd9c783f69dfd6f344bf8347f9be1b804084b373a

HTTP Headers

GET /dd/d4/30/ddd430767cdbddd8ac0726a842abd6c0.js HTTP/1.1
Host: kzt2afc1rp52.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 18:51:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b600e4ef33f45a0abd8398005c5ad27d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ffe7f326166473e5704febb6a3d654a4
ce65b609413f95c7007e8a90d5c1ac67782ad73c
0a54d6a189f50a170fcec9fcac138ba6ccd11777471a0888fc1d4b30fd6db283

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1.dlhd.sx
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Cookie: uid_id2=08afc904-0180-4849-ba69-de1eae703d39:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 18:51:59 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://1.dlhd.sx
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

weblivehdplay.ru/premiumtv/daddyhd.php?id=40

104.21.94.34

301 Moved Permanently

167 B

URL GET HTTP/2
weblivehdplay.ru/premiumtv/daddyhd.php?id=40
IP
104.21.94.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerLet's Encrypt
Subjectweblivehdplay.ru
FingerprintED:9B:86:DD:E4:DC:86:62:24:8F:5D:F0:F6:69:70:DC:54:A0:21:81
ValiditySat, 30 Mar 2024 19:37:25 GMT - Fri, 28 Jun 2024 19:37:24 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
0104c301c5e02bd6148b8703d19b3a73
7436e0b4b1f8c222c38069890b75fa2baf9ca620
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

HTTP Headers

GET /premiumtv/daddyhd.php?id=40 HTTP/1.1
Host: weblivehdplay.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sun, 05 May 2024 18:51:59 GMT
content-type: text/html
content-length: 167
location: https://claplivehdplay.ru/premiumtv/daddyhd.php?id=40
cache-control: max-age=3600
expires: Sun, 05 May 2024 19:51:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vRsdIa235J%2FnPrNdNL4WzcojpBwzTbPzS0Bh4zDhyBgCcPjXtoL5Utjuf9y%2BaQa9rDO5KOYzRI5yfg%2BLSiX%2Fbjd8Rc0m9a0iTeZrqilc44MVkCE6mQpvg1dFNqx1jEO9qLHG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f2ecd3090856bf-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

youradexchange.com/script/suurl5.php?r=6707202&cbur=0.19967844006367386&cbiframe=1&cbWidth=720&cbHeight=480&cbtitle=&cbpage=https%3A%2F%2Ftntsports.store%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=wocwibkfutrj.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1714935119358&srs=d5b1925eb6ee474c65183954d98e7b37&atv=48.1&abtg=1&adbv=3-swat3-swf2

172.67.177.214

200 OK

862 B

URL GET HTTP/2
youradexchange.com/script/suurl5.php?r=6707202&cbur=0.19967844006367386&cbiframe=1&cbWidth=720&cbHeight=480&cbtitle=&cbpage=https%3A%2F%2Ftntsports.store%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=wocwibkfutrj.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1714935119358&srs=d5b1925eb6ee474c65183954d98e7b37&atv=48.1&abtg=1&adbv=3-swat3-swf2
IP
172.67.177.214:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerGoogle Trust Services LLC
Subjectyouradexchange.com
FingerprintD5:0B:42:43:E8:69:FA:76:AA:C8:B3:28:9A:EB:33:C4:6F:62:7A:2B
ValiditySun, 14 Apr 2024 01:48:20 GMT - Sat, 13 Jul 2024 01:48:19 GMT

File type
JSON text data
Size
862 B (862 bytes)
Hash
750513a55c061002442d5ad933b7d85c
b614e6bb3bf8b9e2a07d363f02f8b049fada0b40
7fe80e0586c74ab35c155d5db4339939e0e433c42e9fd847e372df64f53afae9

HTTP Headers

GET /script/suurl5.php?r=6707202&cbur=0.19967844006367386&cbiframe=1&cbWidth=720&cbHeight=480&cbtitle=&cbpage=https%3A%2F%2Ftntsports.store%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=wocwibkfutrj.com&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse1280x10240en-USunknown4824%20bits&ts=1714935119358&srs=d5b1925eb6ee474c65183954d98e7b37&atv=48.1&abtg=1&adbv=3-swat3-swf2 HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1.dlhd.sx/
Origin: https://1.dlhd.sx
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 18:51:59 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BZY7OkCw90aaOVnJVu5s4ivRncwk1ORTtfmdvVUtV1SNDkftGUbX7pxcBr0fTOuP9%2BrxrKO%2Bd8Ds1bT2f4QLwW6i4SCsECo6Bsq0Q0MSoV6TkCIVH8UX3vwOjtXP2A4YTp8dbw8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f2ecd01fa0569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

precariousgrumpy.com/pixel/purst?dl=0&th=0&sc=0&rs=1505&rd=1505&fd=758&bv=24.5.6485&tmpl=70

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
precariousgrumpy.com/pixel/purst?dl=0&th=0&sc=0&rs=1505&rd=1505&fd=758&bv=24.5.6485&tmpl=70
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerLet's Encrypt
Subjectprecariousgrumpy.com
Fingerprint9F:BE:67:FC:9D:57:97:74:C8:7B:34:A7:BD:C0:93:C6:D8:35:3F:B4
ValidityMon, 29 Apr 2024 12:46:37 GMT - Sun, 28 Jul 2024 12:46:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1505&rd=1505&fd=758&bv=24.5.6485&tmpl=70 HTTP/1.1
Host: precariousgrumpy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tntsports.store/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 May 2024 18:52:00 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://claplivehdplay.ru/premiumtv/daddyhd.php?id=40
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://claplivehdplay.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 05 May 2024 18:52:00 GMT
age: 791301
x-served-by: cache-lga21931-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 3, 588502
x-timer: S1714935120.169503,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/disable-devtool@latest

151.101.193.229

200 OK

6.7 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/disable-devtool@latest
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://claplivehdplay.ru/premiumtv/daddyhd.php?id=40
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (17245)
Size
6.7 kB (6741 bytes)
Hash
f71da0117b47fe056c382d44f7c1af53
c384c695d7a74e1e4272b13f9d5942d0f24d099d
2a741550c18b132b0ef573f818fc79d6c09169be71d538b968ceac551c178ad3

HTTP Headers

GET /npm/disable-devtool@latest HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://claplivehdplay.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.3.7
x-jsd-version-type: version
etag: W/"4372-w4TGldenTh5CcrE/nVlC0PJNCZ0"
content-encoding: br
accept-ranges: bytes
date: Sun, 05 May 2024 18:52:00 GMT
age: 5124
x-served-by: cache-fra-eddf8230055-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6741
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js

151.101.193.229

200 OK

8.1 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://claplivehdplay.ru/premiumtv/daddyhd.php?id=40
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (26814)
Size
8.1 kB (8149 bytes)
Hash
835f1f7feab838f171c6334abc3d14da
68b97b433d37600647338e57f4344e5e1faf6246
189334d0a898e2aa16794cdd1ea47a0e7c1750578173b25033049fafdf55f2a4

HTTP Headers

GET /npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://claplivehdplay.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.6.2
x-jsd-version-type: version
etag: W/"68bf-aLl7Qz03YAZHM45X9DROXh+vYkY"
content-encoding: br
accept-ranges: bytes
date: Sun, 05 May 2024 18:52:00 GMT
age: 18607
x-served-by: cache-fra-eddf8230045-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 8149
X-Firefox-Spdy: h2

italianexpecting.com/pixel/purst?dl=0&th=0&sc=0&rs=1015&rd=1015&fd=687&bv=24.5.6485&tmpl=70

172.240.108.84

200 OK

0 B

URL GET HTTP/1.1
italianexpecting.com/pixel/purst?dl=0&th=0&sc=0&rs=1015&rd=1015&fd=687&bv=24.5.6485&tmpl=70
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerLet's Encrypt
Subjectitalianexpecting.com
FingerprintCD:95:D4:B6:6B:59:6E:B9:1D:3E:9B:88:9E:33:E0:CE:FA:AD:C9:A6
ValidityFri, 03 May 2024 08:55:41 GMT - Thu, 01 Aug 2024 08:55:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1015&rd=1015&fd=687&bv=24.5.6485&tmpl=70 HTTP/1.1
Host: italianexpecting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 18:52:00 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

capaciousdrewreligion.com/advertisers.js

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC
ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tntsports.store/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 May 2024 18:52:00 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 64033e76bda023c50ebadb31d62bddb0
Strict-Transport-Security: max-age=0; includeSubdomains

tntsports.store/favicon.ico

198.54.126.239

404 Not Found

1.3 kB

URL GET HTTP/2
tntsports.store/favicon.ico
IP
198.54.126.239:443
ASN
#22612 NAMECHEAP-NET

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerSectigo Limited
Subjecttntsports.store
Fingerprint1A:F9:F4:65:E2:4F:AF:49:3C:0F:D9:4B:AF:AA:CB:C4:93:1D:A0:D5
ValidityFri, 19 Apr 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.3 kB (1251 bytes)
Hash
8150f458ed6fb9b1db4e5cfa57a1a281
6e5726854d28687b560d7fdcb5c782c425c7dfb9
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: tntsports.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tntsports.store/TNT08/D40.php
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=08afc904-0180-4849-ba69-de1eae703d39%3A2%3A1; pp_main_db4d9866e9d9e4d2569524cb36da9c30=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1251
date: Sun, 05 May 2024 18:52:00 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

italianexpecting.com/18/43/01/1843019bf263f39accf339e8c46780a9.js

172.240.108.84

200 OK

16 kB

URL GET HTTP/1.1
italianexpecting.com/18/43/01/1843019bf263f39accf339e8c46780a9.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerLet's Encrypt
Subjectitalianexpecting.com
FingerprintCD:95:D4:B6:6B:59:6E:B9:1D:3E:9B:88:9E:33:E0:CE:FA:AD:C9:A6
ValidityFri, 03 May 2024 08:55:41 GMT - Thu, 01 Aug 2024 08:55:40 GMT

File type
JavaScript source, ASCII text, with very long lines (44069), with no line terminators
Size
16 kB (15811 bytes)
Hash
e4271f5fa2338b0e682c06887c710123
1f716867da2cf4968abb414ca954aa15eff36c7b
ba2570db5e3b707f5b8c35ad1a8084c312d197117fb401f4735d92afa6f28e92

HTTP Headers

GET /18/43/01/1843019bf263f39accf339e8c46780a9.js HTTP/1.1
Host: italianexpecting.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 18:52:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-3448=0; expires=Wed, 08 May 2024 21:52:00 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 90c5c8a8136a8b613ffc2c289bba7075
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

capaciousdrewreligion.com/advertisers.js

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC
ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 May 2024 18:52:00 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f4d65f5145c2222409dbea3898162eab
Strict-Transport-Security: max-age=0; includeSubdomains

zeekaihu.net/tag.min.js

139.45.197.245

200 OK

28 kB

URL GET HTTP/2
zeekaihu.net/tag.min.js
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerLet's Encrypt
Subjectzeekaihu.net
FingerprintDC:33:58:08:9D:AE:91:96:52:5E:8F:EF:D8:4F:DD:E8:87:D4:36:4F
ValidityThu, 29 Feb 2024 05:53:35 GMT - Wed, 29 May 2024 05:53:34 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
28 kB (28332 bytes)
Hash
7573260aff69fe8406b0115ab4bcefaa
f7f5c31f2481bd176a9b79deff1b7c0d4878f87c
280186476a1f8103793e2139d4654b16f61a2a1d393966388f55b8ed795ebba3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: zeekaihu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 18:52:00 GMT
content-type: text/javascript; charset=utf-8
content-length: 28332
content-encoding: br
x-trace-id: 4c6bba69a751f97b7d001967c7d8e9bd
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Sun, 05 May 2024 17:56:06 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

skinssailing.com/watch.278565908298.js?key=01f41091eb2ca0d891aebc59938ddc36&kw=%5B%5D&refer=https%3A%2F%2Ftntsports.store%2FTNT08%2FD40.php&tz=0&dev=e&res=14.2071&uuid=0c96df48-8da0-4463-99f1-243d8428cb68%3A3%3A1

172.240.127.234

307 Temporary Redirect

0 B

URL GET HTTP/1.1
skinssailing.com/watch.278565908298.js?key=01f41091eb2ca0d891aebc59938ddc36&kw=%5B%5D&refer=https%3A%2F%2Ftntsports.store%2FTNT08%2FD40.php&tz=0&dev=e&res=14.2071&uuid=0c96df48-8da0-4463-99f1-243d8428cb68%3A3%3A1
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerLet's Encrypt
Subjectskinssailing.com
FingerprintCA:15:20:E3:B0:DD:52:E8:B3:46:F4:47:2F:93:A5:44:51:0D:2C:6C
ValidityMon, 29 Apr 2024 12:32:59 GMT - Sun, 28 Jul 2024 12:32:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.278565908298.js?key=01f41091eb2ca0d891aebc59938ddc36&kw=%5B%5D&refer=https%3A%2F%2Ftntsports.store%2FTNT08%2FD40.php&tz=0&dev=e&res=14.2071&uuid=0c96df48-8da0-4463-99f1-243d8428cb68%3A3%3A1 HTTP/1.1
Host: skinssailing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tntsports.store
DNT: 1
Connection: keep-alive
Referer: https://tntsports.store/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Sun, 05 May 2024 18:52:00 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://tntsports.store
Access-Control-Allow-Origin: https://tntsports.store
Access-Control-Allow-Credentials: true
Location: https://skinssailing.com/watch.278565908298.js?dev=e&key=01f41091eb2ca0d891aebc59938ddc36&kw=%5B%5D&pst=1714935180&refer=https%3A%2F%2Ftntsports.store%2FTNT08%2FD40.php&res=14.2071&rmtc=t&shu=967c8669a159a78437b78f81e1ea7cd6c3f6429c314ef76fdd4329b0418e5cf8a0944c53d367ba972555db32460a9cc98473feab743038d6f1014d5952129c511ea6f2aacbc0e7c9304d5e349a4f92806167325a2b5b1f0b716b22b73bb6&tz=0&uuid=0c96df48-8da0-4463-99f1-243d8428cb68%3A3%3A1
Set-Cookie: u_pl=23003364; expires=Mon, 06 May 2024 18:52:00 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzAwMzM2NCwiayI6IjAxZjQxMDkxZWIyY2EwZDg5MWFlYmM1OTkzOGRkYzM2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNzczMjkyLCJwaWQiOjM5MjgzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyMywicHQiOjQsInBrIjoidjVjMnF1eDZkdSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3RudHNwb3J0cy5zdG9yZS9UTlQwOC9ENDAucGhwIiwiYXIiOltdfX0.jsUhuohhtKdpaTrPHLsvo8FRQGmUEF9IhZB0TXQc-Vo; expires=Sun, 05 May 2024 18:53:00 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 64a1bf8426f58640a6770c4726f75472
Strict-Transport-Security: max-age=0; includeSubdomains

proftrafficcounter.com/stats

52.29.105.35

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.29.105.35:443
ASN
#16509 AMAZON-02

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ffe7f326166473e5704febb6a3d654a4
ce65b609413f95c7007e8a90d5c1ac67782ad73c
0a54d6a189f50a170fcec9fcac138ba6ccd11777471a0888fc1d4b30fd6db283

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1.dlhd.sx
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Cookie: uid_id2=08afc904-0180-4849-ba69-de1eae703d39:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 18:52:00 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://1.dlhd.sx
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

skinssailing.com/watch.278565908298.js?dev=e&key=01f41091eb2ca0d891aebc59938ddc36&kw=%5B%5D&pst=1714935180&refer=https%3A%2F%2Ftntsports.store%2FTNT08%2FD40.php&res=14.2071&rmtc=t&shu=967c8669a159a78437b78f81e1ea7cd6c3f6429c314ef76fdd4329b0418e5cf8a0944c53d367ba972555db32460a9cc98473feab743038d6f1014d5952129c511ea6f2aacbc0e7c9304d5e349a4f92806167325a2b5b1f0b716b22b73bb6&tz=0&uuid=0c96df48-8da0-4463-99f1-243d8428cb68%3A3%3A1

172.240.127.234

200 OK

2.0 kB

URL GET HTTP/1.1
skinssailing.com/watch.278565908298.js?dev=e&key=01f41091eb2ca0d891aebc59938ddc36&kw=%5B%5D&pst=1714935180&refer=https%3A%2F%2Ftntsports.store%2FTNT08%2FD40.php&res=14.2071&rmtc=t&shu=967c8669a159a78437b78f81e1ea7cd6c3f6429c314ef76fdd4329b0418e5cf8a0944c53d367ba972555db32460a9cc98473feab743038d6f1014d5952129c511ea6f2aacbc0e7c9304d5e349a4f92806167325a2b5b1f0b716b22b73bb6&tz=0&uuid=0c96df48-8da0-4463-99f1-243d8428cb68%3A3%3A1
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerLet's Encrypt
Subjectskinssailing.com
FingerprintCA:15:20:E3:B0:DD:52:E8:B3:46:F4:47:2F:93:A5:44:51:0D:2C:6C
ValidityMon, 29 Apr 2024 12:32:59 GMT - Sun, 28 Jul 2024 12:32:58 GMT

File type
JavaScript source, ASCII text, with very long lines (2442)
Size
2.0 kB (1974 bytes)
Hash
e0f9326c3b39a807a8b3ebd7dfaee88e
0295c178d94409c25dd02825f2743bd126f5b663
9998030b203c6b03a6a913a713bc44cbb3ef75c05595293a86634724d485e5b2

HTTP Headers

GET /watch.278565908298.js?dev=e&key=01f41091eb2ca0d891aebc59938ddc36&kw=%5B%5D&pst=1714935180&refer=https%3A%2F%2Ftntsports.store%2FTNT08%2FD40.php&res=14.2071&rmtc=t&shu=967c8669a159a78437b78f81e1ea7cd6c3f6429c314ef76fdd4329b0418e5cf8a0944c53d367ba972555db32460a9cc98473feab743038d6f1014d5952129c511ea6f2aacbc0e7c9304d5e349a4f92806167325a2b5b1f0b716b22b73bb6&tz=0&uuid=0c96df48-8da0-4463-99f1-243d8428cb68%3A3%3A1 HTTP/1.1
Host: skinssailing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tntsports.store
Referer: https://tntsports.store/
DNT: 1
Connection: keep-alive
Cookie: u_pl=23003364; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMzAwMzM2NCwiayI6IjAxZjQxMDkxZWIyY2EwZDg5MWFlYmM1OTkzOGRkYzM2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNzczMjkyLCJwaWQiOjM5MjgzNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyMywicHQiOjQsInBrIjoidjVjMnF1eDZkdSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3RudHNwb3J0cy5zdG9yZS9UTlQwOC9ENDAucGhwIiwiYXIiOltdfX0.jsUhuohhtKdpaTrPHLsvo8FRQGmUEF9IhZB0TXQc-Vo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 18:52:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://tntsports.store
Access-Control-Allow-Origin: https://tntsports.store
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=0c96df48-8da0-4463-99f1-243d8428cb68:3:1; expires=Sun, 12 May 2024 18:52:00 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 06 May 2024 18:52:00 GMT; secure; SameSite=None
uncs=1; expires=Mon, 06 May 2024 18:52:00 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 06 May 2024 18:52:00 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 06 May 2024 18:52:00 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 894d16aad31167ab37a4432b45b40331
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

claplivehdplay.ru/clappr.min.js

172.67.178.79

200 OK

142 kB

URL GET HTTP/2
claplivehdplay.ru/clappr.min.js
IP
172.67.178.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://claplivehdplay.ru/premiumtv/daddyhd.php?id=40
Certificate
IssuerLet's Encrypt
Subjectclaplivehdplay.ru
Fingerprint37:8C:3F:7E:2F:FA:77:B9:0B:C9:55:E0:E5:4E:A3:31:FE:F9:F8:47
ValidityMon, 18 Mar 2024 08:20:21 GMT - Sun, 16 Jun 2024 08:20:20 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
142 kB (142096 bytes)
Hash
f55c6c796275a41ce7d97bd160e648ff
936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89
db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c

HTTP Headers

GET /clappr.min.js HTTP/1.1
Host: claplivehdplay.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://claplivehdplay.ru/premiumtv/daddyhd.php?id=40
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 05 May 2024 18:52:00 GMT
content-type: application/javascript
last-modified: Sun, 03 Mar 2024 13:23:49 GMT
etag: W/"65e479e5-80319"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6329
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IbSLbXuaFuH1GhdNY4FumfsbOaQIQJ7Mlzg4iy8piVvbfakXAtPy3J909lFxEWFYYJ81IXtimg7QahragsigBqfs5grkMcXvn8WdK6wMbgFnt4tHa5YRSusrOGMJZ3X%2F3c%2BsXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f2ecd49d3256ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/f8/cf/34/f8cf34992a4cdb8e940a343451a1ed51/1708071320.png

45.133.44.10

200 OK

24 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/f8/cf/34/f8cf34992a4cdb8e940a343451a1ed51/1708071320.png
IP
45.133.44.10:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced
Size
24 kB (24090 bytes)
Hash
c4bca8de40bb4c19865d0dce9a561571
fbb310ca5a02b526153b0aaa542e23c81d9c3365
806a9e3d152ae4ea092a6c500ac4578627b6302a3b77bf9f4884b0916bd29265

HTTP Headers

GET /cti/f8/cf/34/f8cf34992a4cdb8e940a343451a1ed51/1708071320.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 18:52:00 GMT
content-type: image/png
content-length: 24090
server: nginx/1.21.6
last-modified: Fri, 16 Feb 2024 08:15:29 GMT
etag: "65cf19a1-5e1a"
expires: Tue, 07 May 2024 18:52:00 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=08afc904-0180-4849-ba69-de1eae703d39&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=db4d9866e9d9e4d2569524cb36da9c30&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18

192.243.61.225

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=08afc904-0180-4849-ba69-de1eae703d39&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=db4d9866e9d9e4d2569524cb36da9c30&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=08afc904-0180-4849-ba69-de1eae703d39&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=db4d9866e9d9e4d2569524cb36da9c30&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=18 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tntsports.store/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 05 May 2024 18:52:01 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4195d8aff7c5bdf4bcedfdcddd301654
Strict-Transport-Security: max-age=0; includeSubdomains

claplivehdplay.ru/premiumtv/daddyhd.php?id=40

172.67.178.79

200 OK

284 kB

URL GET HTTP/2
claplivehdplay.ru/premiumtv/daddyhd.php?id=40
IP
172.67.178.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerLet's Encrypt
Subjectclaplivehdplay.ru
Fingerprint37:8C:3F:7E:2F:FA:77:B9:0B:C9:55:E0:E5:4E:A3:31:FE:F9:F8:47
ValidityMon, 18 Mar 2024 08:20:21 GMT - Sun, 16 Jun 2024 08:20:20 GMT

File type
JavaScript source, ASCII text, with very long lines (61137), with CRLF line terminators
Size
284 kB (283625 bytes)
Hash
2018c5e0d26b514fa85a2db25370d086
79837622a333fc120e57472c4ba208156bc79244
1fda02461adca28b09682c445f0fbe2e070896dc1d99e93e188875bb920dc53d

HTTP Headers

GET /premiumtv/daddyhd.php?id=40 HTTP/1.1
Host: claplivehdplay.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://1.dlhd.sx/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 18:51:59 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=14400, immutable, no-transform
expires: Mon, 06 May 2024 07:45:22 GMT
videocdn: HIT
node: PHP
x-cache: HIT
cf-cache-status: HIT
age: 3597
last-modified: Sun, 05 May 2024 17:52:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L95qLDmjswI3%2BOqZVVnD8rzmx0iPLENqbcH42H%2BQyd4PFmoFelcj6lKqvP1K%2FbuoxyxuTki3wlNRCt0%2FYsdz7%2F3vkR63idxjEtHWvn5uhsr3vZbLSKuTnFfOlh5ULXFArND1Tw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f2ecd3ac5856ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1.dlhd.sx/embed/adblock.php

104.21.64.182

200 OK

162 kB

URL GET HTTP/3
1.dlhd.sx/embed/adblock.php
IP
104.21.64.182:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerGoogle Trust Services LLC
Subjectdlhd.sx
Fingerprint21:F0:36:94:DA:BA:26:45:27:88:C8:87:52:83:9C:DF:F9:B0:A5:7E
ValiditySat, 13 Apr 2024 22:56:35 GMT - Fri, 12 Jul 2024 22:56:34 GMT

File type

Size
162 kB (161595 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /embed/adblock.php HTTP/1.1
Host: 1.dlhd.sx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/embed/stream-40.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 18:51:59 GMT
content-type: application/javascript
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bwlf%2FyThMMsbhKLBRNxFdDgOqOE5cZStNu91Sk5CDyzj2AcoK9uJx%2F4fsXNqLXX0LrCjXvf6P%2F%2Fm5ATPJ2J%2BTISJ6A5LqdWqJYFiWBYkNmIRVppqn5%2Bf5ty0f%2F0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f2ecce0f47b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.xadsmart.com/ldc.min.css

185.76.9.23

200 OK

37 kB

URL GET HTTP/2
www.xadsmart.com/ldc.min.css
IP
185.76.9.23:443
ASN
#60068 Datacamp Limited

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerLet's Encrypt
Subject1376341044.rsc.cdn77.org
Fingerprint68:8B:ED:E2:67:C5:82:02:7F:17:31:6A:4A:5F:F4:34:D3:AB:57:CF
ValidityTue, 30 Apr 2024 06:35:29 GMT - Mon, 29 Jul 2024 06:35:28 GMT

File type
JavaScript source, ASCII text, with very long lines (1568)
Size
37 kB (37168 bytes)
Hash
2df3381f08900d6466dfe86b1a86ec0c
cb1875d6416182db3891977fe05655c5cb68e391
49f71aa70d60a781935e725cb35c173a1d3be94291dfd908fb6dccf0dbbeb28c

HTTP Headers

GET /ldc.min.css HTTP/1.1
Host: www.xadsmart.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1.dlhd.sx
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 18:51:59 GMT
content-type: application/x-javascript
vary: Accept-Encoding, Origin
popads-node: wb10
expires: Mon, 06 May 2024 01:55:30 GMT
access-control-allow-origin: https://1.dlhd.sx
link: <https://xadsmart.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-77-nzt: EwwBuUwJFAH34NYAAAwBuUwKCQH3IQAIAAwBJRPCLgH3PAAAAA
x-77-nzt-ray: af58563048471fc04fd53766ddf6a037
x-accel-expires: @1714960530
x-accel-date: 1714880111
x-77-cache: HIT
x-77-age: 55008
content-encoding: gzip
server: CDN77-Turbo
x-cache: HIT
x-age: 55008
x-77-pop: stockholmSE
X-Firefox-Spdy: h2

zeekaihu.net/5/6712285/?oo=1&aab=1

139.45.197.245

200 OK

2.9 kB

URL GET HTTP/2
zeekaihu.net/5/6712285/?oo=1&aab=1
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerLet's Encrypt
Subjectzeekaihu.net
FingerprintDC:33:58:08:9D:AE:91:96:52:5E:8F:EF:D8:4F:DD:E8:87:D4:36:4F
ValidityThu, 29 Feb 2024 05:53:35 GMT - Wed, 29 May 2024 05:53:34 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3139), with no line terminators
Size
2.9 kB (2891 bytes)
Hash
db8394fd798a65de56de9400e252ea7b
69224617b6ac57390e26986b9cff3f0c41e370e2
c08d7bb758a47a57528ffd05420bea1ba5ec5a5e89d6bf1be6dfaa6dabd796e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6712285/?oo=1&aab=1 HTTP/1.1
Host: zeekaihu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1.dlhd.sx
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 05 May 2024 18:52:00 GMT
content-type: application/json
x-trace-id: 196c4f79eb9f55aed953998be1b6cb70
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://1.dlhd.sx
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00805397c8814f4be02c84720cac1c6e; expires=Mon, 05 May 2025 18:52:00 GMT; path=/; secure; SameSite=None
oaidts=1714935120; expires=Mon, 05 May 2025 18:52:00 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

1.dlhd.sx/embed/stream-40.php

104.21.64.182

200 OK

78 kB

URL GET HTTP/2
1.dlhd.sx/embed/stream-40.php
IP
104.21.64.182:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerGoogle Trust Services LLC
Subjectdlhd.sx
Fingerprint21:F0:36:94:DA:BA:26:45:27:88:C8:87:52:83:9C:DF:F9:B0:A5:7E
ValiditySat, 13 Apr 2024 22:56:35 GMT - Fri, 12 Jul 2024 22:56:34 GMT

File type
HTML document, ASCII text, with very long lines (53741), with CRLF, LF line terminators
Size
78 kB (78353 bytes)
Hash
b807bbcad6e796a282d49b6d52a6ed4f
6cb62520854fe4800a0ff82a6534ed4f1058bf0d
c6c185ab0c36791e276baed52764333189ced8431a6aa259d09b9fd9ea360f04

HTTP Headers

GET /embed/stream-40.php HTTP/1.1
Host: 1.dlhd.sx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tntsports.store/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 18:51:58 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4%2B9f0RoqOCk2%2B8aPcNAFwEHg78VxMZV0jftL25St33YHvLIK3205Oy5KqULjRH2TO6QXD%2F84TMe2ZX3M7HHtqF5fgd%2F2NV9hJaccrrhZSQ%2BKggg20U8y3AT3ojk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f2ecccd8415691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

c.adsco.re/

0.0.0.0

0 B

URL GET
c.adsco.re/
IP
0.0.0.0:0
ASN
#0

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerSectigo Limited
Subject*.adsco.re
Fingerprint40:64:05:9C:99:0A:1E:9F:A7:49:61:8E:86:4C:4B:06:9C:73:83:73
ValiditySat, 23 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 18:52:00 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Wed, 05 Jun 2024 18:52:00 GMT
etag: W/"oLR1xl/tMSq6jXxDoMvJKA=="
cf-cache-status: HIT
age: 2118
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f2ecd5b8595689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

claplivehdplay.ru/p2p-media-loader-core.min.js

172.67.178.79

200 OK

350 kB

URL GET HTTP/3
claplivehdplay.ru/p2p-media-loader-core.min.js
IP
172.67.178.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://claplivehdplay.ru/premiumtv/daddyhd.php?id=40
Certificate
IssuerLet's Encrypt
Subjectclaplivehdplay.ru
Fingerprint37:8C:3F:7E:2F:FA:77:B9:0B:C9:55:E0:E5:4E:A3:31:FE:F9:F8:47
ValidityMon, 18 Mar 2024 08:20:21 GMT - Sun, 16 Jun 2024 08:20:20 GMT

File type
JavaScript source, ASCII text, with very long lines (505), with CRLF line terminators
Size
350 kB (350181 bytes)
Hash
456780886716e31a2c5031869a56024d
9ddf91b9e4e6321fbb0d0160f386203d326092fb
97ba329694ba923bc5d7d93e051cf0ecdc8121d4488adb52b682a646b3721511

HTTP Headers

GET /p2p-media-loader-core.min.js HTTP/1.1
Host: claplivehdplay.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://claplivehdplay.ru/premiumtv/daddyhd.php?id=40
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 18:52:00 GMT
content-type: application/javascript
last-modified: Mon, 18 Mar 2024 17:15:39 GMT
etag: W/"65f876bb-557e5"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6327
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fy3d6J9AJgI%2F1a8TYGj38acnht5hm7G98RnB6wAsiPWUW9KDX%2F%2BJO8%2B4IWL9Hpgpy5oKsm1fLRHaw%2FJz1ZzjylfLM%2FjPpPSGAuw0UDT19wxkjN%2FbCcBuSb8VjCZYKzfuc9%2FEqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f2ecd4b8cab4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

downstairsnegotiatebarren.com/sfp.js

104.21.35.227

200 OK

86 kB

URL GET HTTP/3
downstairsnegotiatebarren.com/sfp.js
IP
104.21.35.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 18:52:00 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 6cfdf2e8b0e3e187f89044f7d0b2f692
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 05 May 2024 18:52:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IJjB0wguuo8OVrS7T2zNir4ew%2B35MtW2MC3l3141W08tffok37aDm8rc5IjRHDb0VFmq8jMYtEHxetCnac08ghqxVxLY%2Fv9LHJ4IIwDU8%2BnxydmPIHR7BDldyBhW01Fs6LXdY8bGzydOO3zgoQZHyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f2ecd70a84b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

wocwibkfutrj.com/script/ut.js?cb=1714935119931

172.67.187.202

200 OK

63 kB

URL GET HTTP/2
wocwibkfutrj.com/script/ut.js?cb=1714935119931
IP
172.67.187.202:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerGoogle Trust Services LLC
Subjectwocwibkfutrj.com
FingerprintC9:77:98:0C:91:42:74:73:1C:3D:35:B7:C1:B1:CA:97:2E:32:1E:DA
ValidityTue, 30 Apr 2024 15:35:12 GMT - Mon, 29 Jul 2024 15:35:11 GMT

File type

Size
63 kB (62975 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/ut.js?cb=1714935119931 HTTP/1.1
Host: wocwibkfutrj.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 18:52:00 GMT
content-type: text/javascript
x-guploader-uploadid: ABPtcPpkxy6EvrA52rF-mbXfuLN_DlGMNQKyA4pda50EjY2hX5GixSyPQsEzK-GTv_1GeSpPubMFQj5y2A
x-goog-generation: 1714053300452258
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 62975
x-goog-hash: crc32c=f8d0YQ==, md5=vEgeNFwEtFNOCk5UoPLBxg==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Sun, 05 May 2024 18:29:34 GMT
cache-control: public, max-age=14400
age: 2213
last-modified: Thu, 25 Apr 2024 13:55:00 GMT
etag: W/"bc481e345c04b4534e0a4e54a0f2c1c6"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q7MJSP2PW3tzpTH0CMfVaeWBBKNMXjDdssPLNxMo%2Bv4gk%2FJE9gLouKtvRSkZMRgMAxFZYJ08eeMawZhB04os5W0h9ntuNswhvt9AkfUMamCEaHFjloglsevBnbXXmKOtMNai"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f2ecd49e7f56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

104.21.35.227

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
104.21.35.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tntsports.store/TNT08/D40.php
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tntsports.store/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 18:51:59 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 4c522198e8ff1882e64f7536aebdeddb
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 05 May 2024 18:51:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GhEbtw6aIU%2B%2BpzqvFXYrR9WsK%2FYLbSmsBFvdjOapVjopeQ7gEjieE4%2FJw%2BZNJ9c5ECUY%2Fty18Gav0u18UwnmcpXWIdCIUztHA%2FLmVgGE0QnsSzgFQ9CTnoom9NxDHH%2BSCZEjMTaRpQIKHMcwhKJUNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f2ecd11dcc56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

104.21.35.227

200 OK

86 kB

URL GET HTTP/3
downstairsnegotiatebarren.com/sfp.js
IP
104.21.35.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 18:51:59 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 01f4ed00cb59f481c4b5724ad95008a6
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Sun, 05 May 2024 18:51:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QjL8fks6SvQnuy8KDRTK%2F6IS7L%2BiGGQvpLQBp7fuYX8c2y2I%2BUjPfVUPWmKpLXrmu1PnSxeG2%2BZf29GvQZv87ubb5vfqPx%2BKwMQGGWpia9kdppiSQPR7PuotciUmAyO%2Bgk73cNrBhv1sJVJ3gxZ%2BxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f2ecd2ccbeb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

claplivehdplay.ru/blast.js

172.67.178.79

200 OK

78 kB

URL GET HTTP/2
claplivehdplay.ru/blast.js
IP
172.67.178.79:443
ASN
#13335 CLOUDFLARENET

Requested by
https://claplivehdplay.ru/premiumtv/daddyhd.php?id=40
Certificate
IssuerLet's Encrypt
Subjectclaplivehdplay.ru
Fingerprint37:8C:3F:7E:2F:FA:77:B9:0B:C9:55:E0:E5:4E:A3:31:FE:F9:F8:47
ValidityMon, 18 Mar 2024 08:20:21 GMT - Sun, 16 Jun 2024 08:20:20 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77888 bytes)
Hash
091faec928970e76d37a3601c19fcf8a
6441e8eebe90eb8d4a40e7c25440ff99caba3520
eb06375118b1eb73f43b8f1851472008f84999a1b27359c075bf5da6feef9a12

HTTP Headers

GET /blast.js HTTP/1.1
Host: claplivehdplay.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://claplivehdplay.ru/premiumtv/daddyhd.php?id=40
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 18:52:00 GMT
content-type: application/javascript
last-modified: Sun, 03 Mar 2024 13:23:46 GMT
etag: W/"65e479e2-13040"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6329
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r99drLb1gZanoML%2FP5YKD6FeBavTrzC4efdXGREKxpYRwqrUyzNo6oKKA9DR7E8dVrAOCm6b%2Bfx4x5e2ap7pPHTzewt2EoOjw5%2FdzxnzM2MQjb77468wBhL7R8QfGDPPDmT%2F2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87f2ecd4ad3e56ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

1.dlhd.sx/embed/stream-40.php

104.21.64.182

200 OK

0 B

URL HEAD HTTP/3
1.dlhd.sx/embed/stream-40.php
IP
104.21.64.182:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1.dlhd.sx/embed/stream-40.php
Certificate
IssuerGoogle Trust Services LLC
Subjectdlhd.sx
Fingerprint21:F0:36:94:DA:BA:26:45:27:88:C8:87:52:83:9C:DF:F9:B0:A5:7E
ValiditySat, 13 Apr 2024 22:56:35 GMT - Fri, 12 Jul 2024 22:56:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /embed/stream-40.php HTTP/1.1
Host: 1.dlhd.sx
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1.dlhd.sx/embed/stream-40.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 05 May 2024 18:51:59 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wnSPlxZD4XSpDBCugwqga5gsLAqWwG7F3y0OOwsbpnesHyYJTlG7wrAompIAcCUOh3%2FWfMjSjos%2FWPBViQUAtEC24lVStCzcK1Ey8mzYpdZkndjFDmR2bk9o%2F7Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87f2ecd36d86b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (26)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by