Report - cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0

Report Overview

Visited public
2025-01-15 20:05:00
Tags
URL
cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0
Finishing URL
cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0
IP / ASN
172.67.158.139
#13335 CLOUDFLARENET
Title
Vipbox

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
qd.myosoteruins.com	unknown	2024-09-30	2024-10-20	2025-01-14	424 B	1.5 kB	23.109.170.209
ptaixout.net	unknown	2023-12-29	2023-12-29	2025-01-14	855 B	42 kB	139.45.197.107
streambtw.com	unknown	2023-10-06	2023-10-07	2025-01-14	4.0 kB	186 kB	104.21.112.1
pndax.love	unknown	2024-11-12	2024-11-12	2025-01-14	412 B	27 kB	172.67.130.90
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2025-01-15	492 B	20 kB	104.16.80.73
youradexchange.com	273384	2012-11-09	2013-02-04	2025-01-11	791 B	1.9 kB	172.67.177.214
doanaudabu.net	unknown	2024-11-14	2024-12-06	2025-01-13	1.7 kB	8.6 kB	139.45.197.118
ts.yowdenfalcial.com	unknown	2024-09-30	2024-10-20	2025-01-14	423 B	1.5 kB	23.109.170.59
cdn.totalsportek.space	unknown	2024-09-04	2024-11-10	2025-01-14	1.2 kB	2.3 kB	172.67.158.139
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-01-15	420 B	113 kB	142.250.74.136
ptelsudsew.net	unknown	2024-10-24	2024-12-29	2025-01-14	397 B	28 kB	139.45.197.107
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-01-15	976 B	166 kB	151.101.129.229
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-01-15	985 B	1.7 kB	104.18.19.184

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-15	medium	yowdenfalcial.com	Sinkholed
2025-01-15	medium	myosoteruins.com	Sinkholed
2025-01-15	medium	ptaixout.net	Sinkholed
2025-01-15	medium	ptelsudsew.net	Sinkholed
2025-01-15	medium	ptaixout.net	Sinkholed
2025-01-15	medium	doanaudabu.net	Sinkholed
2025-01-15	medium	doanaudabu.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (30)

	URL	From	Size	First Seen	Last Seen
	cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js	ScriptElement	525 kB	2023-03-07	2025-06-23
Pretty URL cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-06-23 00:17 Times Seen984 Hash f55c6c796275a41ce7d97bd160e648ff 936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89 db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c Loading...

	streambtw.com/microtemplates/source[1]	Function	790 B	2023-04-13	2025-06-23
Pretty URL streambtw.com/microtemplates/source[1] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 17:29 Last Seen2025-06-23 00:17 Times Seen971 Hash e22017c2e9c001bce109bfe2fe68c380 e5a75a55df382896aa8aff43bc37e72566edf401 0852bba61d02a2d08e06f623e1934f3c17d6d1e84b53d9ffcdc4524402733a54 Loading...

	streambtw.com/microtemplates/source[2]	Function	264 B	2023-04-18	2025-06-23
Pretty URL streambtw.com/microtemplates/source[2] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-23 00:17 Times Seen466 Hash d0be615cc98992c1be964cba7259830c c36a0d0080b96b43402f1004e112c6837e79d002 8a5de118b8985eaa80e287cffd27683a2817c2e09cf527d4166bded9ca58bb13 Loading...

	streambtw.com/iframe/ch6.php	ScriptElement	55 B	2024-09-28	2025-03-12
Pretty URL streambtw.com/iframe/ch6.php IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-28 15:31 Last Seen2025-03-12 20:09 Times Seen47 Hash d5447f7a460468217bf36bdd1506360b 6ded99982f60927416b8f59062525741f709640e 141ad5eb5bd766833cbf8c3aab5d4f24d04055cfc83d5a7c6a5564b5dcd0f3d5 Loading...

	ts.yowdenfalcial.com/rDwQTpfoIlIeWcu/71505	ScriptElement	0 B	0001-01-01	2025-06-23
Pretty URL ts.yowdenfalcial.com/rDwQTpfoIlIeWcu/71505 IP 23.109.170.59 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-06-23 03:23 Times Seen5077155 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	unknown	EventHandler	8 B	2025-01-03	2025-02-22
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2025-01-03 03:26 Last Seen2025-02-22 23:55 Times Seen20 Hash 7b980f4979d4b3314587881343faebea af3eef7fd12ca7e540866152916cf7fe858794c3 ca17bac7268792722f90840762c2e3935af2b02675fc700615aa5c166d7fae8a Loading...

	streambtw.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	ScriptElement	8.7 kB	2025-01-15	2025-01-15
Pretty URL streambtw.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-15 20:05 Last Seen2025-01-15 20:05 Times Seen1 Hash 002197df3c2d1d9e43a75afc6ec8ca00 7e5bae3caba852c9606fedf4ee435f1f126fa8fd 8b31f9b588ef80ec930f3bd97d766f06b7d456738f6324ec6fa38914eb6e9e43 Loading...

	cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0	ScriptElement	538 B	2023-03-12	2025-05-30
Pretty URL cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0 IP 172.67.158.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 20:58 Last Seen2025-05-30 00:34 Times Seen228 Hash 23f14ae712b847828254481b2c5a0069 0a7c5d70eacdb3e6f896855847bc1ab49656e466 6e28a139e5cde2bd01006e4ed5ef2f3c88b2fa2b2b2519a5f6a5714f205ffeed Loading...

	streambtw.com/js/aclib.js	ScriptElement	173 kB	2024-11-13	2025-02-26
Pretty URL streambtw.com/js/aclib.js IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-13 07:08 Last Seen2025-02-26 03:52 Times Seen28 Hash 6cc4b40c632a970cedff5994479d3eaf a5db07b05e1c268583046658d596e85dfd05ae27 09257e13aabeb902c1c975de25bfa82ecb1776f9574e59227c3d370b56e3d08b Loading...

	streambtw.com/iframe/ch6.php	ScriptElement	152 B	2023-11-20	2025-05-25
Pretty URL streambtw.com/iframe/ch6.php IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-20 19:55 Last Seen2025-05-25 13:30 Times Seen129 Hash c960aa2b990a2f32a6515fd993ef8d9d 42aceea1497268b63f6db17ef5b6f36233c590a4 4e0c1a7d7371e788eeb96742b5815122fd314a396fc7233fac83ed89d6f03016 Loading...

	unknown	EventHandler	9 B	2025-01-03	2025-02-22
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2025-01-03 03:26 Last Seen2025-02-22 23:55 Times Seen20 Hash 59047067c1ed55439b0158bf71376579 e5af4745b060917f0c046f3ff9d7449d1cdfb8c9 c439476c76c0d011b6a9357fc1fc7b87268917e0c7a2d09dec13c273ed37f56f Loading...

	ptaixout.net/tag.min.js	ScriptElement	72 kB	2025-01-15	2025-01-16
Pretty URL ptaixout.net/tag.min.js IP 139.45.197.107 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-15 19:25 Last Seen2025-01-16 04:36 Times Seen15 Hash ad52d5bb09d2068220fcdf07c91efad0 2088cdffd98a21c305a63c895eadbcbfd9c78487 463efaad6691975a46bf3a80cf8321ab36919995546fe987e17a2a9a5e9d04d9 Loading...

	streambtw.com/iframe/ch6.php	ScriptElement	28 kB	2025-01-03	2025-02-22
Pretty URL streambtw.com/iframe/ch6.php IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-03 03:26 Last Seen2025-02-22 23:55 Times Seen20 Hash 994aacf3b4588b5f64475972d26df7bc b1dfed2ee416bf9fad0a962a1d5be31fbc973cd1 310b9c3cdd5f4764c5171e9b4e2a9a64d9d4d711787b610187fd7c90e1402640 Loading...

	streambtw.com/microtemplates/source[0]	Function	420 B	2023-04-18	2025-06-23
Pretty URL streambtw.com/microtemplates/source[0] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-23 00:17 Times Seen446 Hash fed5d9c2aa8ce1ca9b2cdcc1bf78a76f 2be2268e87842e1b71bc636c59fd3501a2962e9d e466342e29693b661bdbb77424388fff4779ea4abccba3fcdc1789877580b65a Loading...

	streambtw.com/microtemplates/source[8]	Function	411 B	2023-04-18	2025-06-23
Pretty URL streambtw.com/microtemplates/source[8] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-23 00:17 Times Seen376 Hash df3a4f57bdb52c4a269eb2b59377f3cb 0db84a9e9f9e82efeb2681989399ab6573d77c6b 53af7b7da0dfacca9fe8e5ef9527deb979b62a14e7dd88f3f76ea0fca83592a9 Loading...

	streambtw.com/microtemplates/source[6]	Function	790 B	2023-04-18	2025-06-23
Pretty URL streambtw.com/microtemplates/source[6] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-23 00:17 Times Seen440 Hash b63c45532b29dca149e58059c4dda9d0 7c69772c55d148df85b03490653828e77f093d81 831e3aa44d50fb5073e06ce9c960e5d6dad6753c3201e5ba1f41671f3fc3f082 Loading...

	www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF	ScriptElement	336 kB	2025-01-15	2025-01-15
Pretty URL www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-15 20:05 Last Seen2025-01-15 20:05 Times Seen1 Hash 9e69ed7b81beb4b1a844372ef81e63cc 6557f468b847d99ff702c969a5b81d73f5480ad5 b9d3377da3d2300df3fad0c45f55fd68af8c99eacd34726475a9e5b1b33b0f22 Loading...

	cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0	ScriptElement	58 kB	2024-03-02	2025-05-30
Pretty URL cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0 IP 172.67.158.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-02 18:33 Last Seen2025-05-30 00:34 Times Seen151 Hash 442bbf420891666ab1ddf289fa9f00f4 6a68254c2ee844425bb535798fe4e959f3fed8d3 9ac456bebae6c065dffb8c8a2a798070000c248f081dfab9b2bdb66e7ac77b37 Loading...

	cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0	ScriptElement	444 B	2024-03-02	2025-05-30
Pretty URL cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0 IP 172.67.158.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-02 18:33 Last Seen2025-05-30 00:34 Times Seen151 Hash f022889803b87a9b11191e64f3b015ff 68b93d2eb3a9a660180f7420394d0c95a3163c29 f987cddb8c432a94c404efd65b7deba5216bae496ab375859f5e317860893298 Loading...

	streambtw.com/microtemplates/source[3]	Function	279 B	2023-04-18	2025-06-23
Pretty URL streambtw.com/microtemplates/source[3] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-23 00:17 Times Seen444 Hash 6613c8a697a118f65bf3d9f380907d97 6efc80326892c7d5ea9749164eff813359f58964 61e2bbf236de13c2adb732aabea5f58d614a8d85d9e8c8750e846b26e4d05aa2 Loading...

	streambtw.com/microtemplates/source[7]	Function	264 B	2023-04-18	2025-06-23
Pretty URL streambtw.com/microtemplates/source[7] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-23 00:17 Times Seen382 Hash de4890d682457ece9d1231bf901a4b7b 7c1582ab0daae07f3bb8f11882e5987dae1eea03 662854444f6dd02beb0a7952e7f26532dee54687e942572180d753d14844c2cc Loading...

	streambtw.com/iframe/ch6.php	ScriptElement	429 B	2024-11-10	2025-02-17
Pretty URL streambtw.com/iframe/ch6.php IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-11-10 01:52 Last Seen2025-02-17 15:20 Times Seen23 Hash cede47f34564c6812179d3b0fc41ff44 65deb1d29eb937b4a37b487c27a82be97b91294d b0ef96846ab499760d8f6c502b329a29bc424e4c64708c5893eeca1f0d8f0d85 Loading...

	static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015	ScriptElement	20 kB	2024-06-07	2025-06-23
Pretty URL static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 IP 104.16.80.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-07 09:21 Last Seen2025-06-23 03:22 Times Seen66283 Hash ec18af6d41f6f278b6aed3bdabffa7bc 62c9e2cab76b888829f3c5335e91c320b22329ae 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f Loading...

	streambtw.com/iframe/ch6.php	ScriptElement	292 B	2025-01-15	2025-01-15
Pretty URL streambtw.com/iframe/ch6.php IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-15 20:05 Last Seen2025-01-15 20:05 Times Seen1 Hash 14494af36e119075f4bd8e63c3e8fc25 00a5d90f9e20655a317788c535ad313003655d76 cbd631eed15d9f7bdac42d5fd104ec0c8c5484d2f8cb580d37b8d3bf5e2c5ccf Loading...

	streambtw.com/iframe/ch6.php	ScriptElement	921 B	2025-01-15	2025-01-15
Pretty URL streambtw.com/iframe/ch6.php IP 104.21.112.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-15 20:05 Last Seen2025-01-15 20:05 Times Seen1 Hash a95194214d621c5bc54f5f5fa0e25693 964921eb18568e9524fd34816b801c5d3d89039d 57e9e65a38ba5beaaa443ba4f4a021463844d0b3c4314a7d0516bb17f009de14 Loading...

	streambtw.com/microtemplates/source[4]	Function	251 B	2023-04-18	2025-06-23
Pretty URL streambtw.com/microtemplates/source[4] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-23 00:17 Times Seen382 Hash 486158165321d921fb388101d2bf4483 ba156a31e28d86c1c0ef9b1f008ba80af1452eda ea765f553d9d9b3240448ba6c80400cb77eb5b84c79561b25fdc9220b019d9d1 Loading...

	streambtw.com/microtemplates/source[5]	Function	3.5 kB	2023-04-18	2025-06-23
Pretty URL streambtw.com/microtemplates/source[5] IP 0.0.0.0 ASN #0 Introduced by Function Embedded in HTML false Observations First Seen2023-04-18 02:32 Last Seen2025-06-23 00:17 Times Seen396 Hash b6669abaec2c9816a30d51ba97928d1f b5fcc05b4a39f1e7629415f02c437353c99c3bca d9694562bb2b5918188cfaabeb9f5407029bf9f6efcc4b64e8ad20eb0efb16c3 Loading...

	pndax.love/script/ut.js?cb=1736971484969	ScriptElement	66 kB	2024-12-02	2025-04-23
Pretty URL pndax.love/script/ut.js?cb=1736971484969 IP 172.67.130.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-02 13:05 Last Seen2025-04-23 06:17 Times Seen1612 Hash 4afa2ac99f97331dc98263d49022a958 60bb7c7c45ff14e8df86ef9e0b9a7a55a7d2baca a4beaec54247a9a3cb97821ecdb68d39cacdcdcc62ae872c13c2cca2d3d88e32 Loading...

	cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0	ScriptElement	1.4 kB	2023-05-21	2025-05-30
Pretty URL cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0 IP 172.67.158.139 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-21 19:45 Last Seen2025-05-30 00:34 Times Seen228 Hash 9dc26956b3af9c5c1d866267c7b2eb8d 497c98086b37e029f85b9969b54a3c497f2c88d7 7be6becfe5575e1849b8ac25b05b1a6e3e3afc0b9adeeef521a5bd0a17fa154c Loading...

	unknown	ScriptElement	236 B	2025-01-15	2025-01-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-15 20:05 Last Seen2025-01-15 20:05 Times Seen1 Hash 803b2d3d7e941abf740df4011f212929 666b13fad61e9b0e8ad1ebb521f085b8864b1e98 33560514a6470ee40f4b3857379cc6e3ab405ca6486f6cf10ddc9455eb0e7deb Loading...

HTTP Transactions (24)

URL IP Response Size

GET ts.yowdenfalcial.com/rDwQTpfoIlIeWcu/71505

23.109.170.59

200 OK

20 B

URL GET HTTP/1.1
ts.yowdenfalcial.com/rDwQTpfoIlIeWcu/71505
IP
23.109.170.59:443
ASN
#7979 SERVERS-COM

Requested by
https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0
Certificate
IssuerLet's Encrypt
Subjectts.yowdenfalcial.com
Fingerprint7D:09:A8:57:48:21:46:7A:81:9A:D9:C3:46:F6:23:DA:5D:29:ED:90
ValidityThu, 05 Dec 2024 14:30:28 GMT - Wed, 05 Mar 2025 14:30:27 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rDwQTpfoIlIeWcu/71505 HTTP/1.1
Host: ts.yowdenfalcial.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 15 Jan 2025 20:04:34 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://cdn.totalsportek.space
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Thu, 16-Jan-2025 20:04:34 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Thu, 16-Jan-2025 20:04:34 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET qd.myosoteruins.com/rUdcK8qZZxyOOpBmq/77025

23.109.170.209

200 OK

20 B

URL GET HTTP/1.1
qd.myosoteruins.com/rUdcK8qZZxyOOpBmq/77025
IP
23.109.170.209:443
ASN
#7979 SERVERS-COM

Requested by
https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0
Certificate
IssuerLet's Encrypt
Subjectqd.myosoteruins.com
Fingerprint5D:05:70:C1:65:21:AB:59:D3:3A:94:F7:7E:AA:81:F9:4D:31:13:51
ValidityThu, 05 Dec 2024 14:26:41 GMT - Wed, 05 Mar 2025 14:26:40 GMT

File type
gzip compressed data, from Unix
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rUdcK8qZZxyOOpBmq/77025 HTTP/1.1
Host: qd.myosoteruins.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 15 Jan 2025 20:04:34 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://cdn.totalsportek.space
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtug0AQRPljJ4akJQ7gIxgUjL3MJivfAQ0zDZ4Ypq1mjJ3bZxIp2dUrPVV5nhcUL%2BAvyRrCm6hhe1R9s5dYojyUVVW%2BHSrZ151o%2BlJVTVnvYK3n1opuRBvBap4E29YuEWwGNMhatpIUZvDqrL%2FmYuhuIog7FkZlEE%2FOGDNIO6b7jFyEEBkxIaQfmrGnhzPEJzEEx72L2rjo7yCguQjzJ4hP2twe%2BSbx8jzx4Pk6CtsTT61WDuOBhULw32ElhcWB%2BAtShfPF0hWARtX%2B%2B7%2Bf8fizBonCRUuHZM%2FI38wATrY%3D; expires=Thu, 16-Jan-2025 20:04:34 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwViE0KgzAUBvMeJVAqhY96AE%2BQamsXbmuXRReewGopgZBIEvtz%2B%2BpiBmaEEJwmYD0hqQpV5ao8qeJSgl7gpgUPFrJx%2FtP%2FQB6cn8HeYtcG47LazTYuf8BmbZDG%2Fmr0N%2BucmaN2NoAXtnX%2FMM%2FjrbuDJkng6FaHMRWgtzz8AV7hHdE%3D; expires=Thu, 16-Jan-2025 20:04:34 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

GET cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0

172.67.158.139

200 OK

0 B

URL User Request GET HTTP/2
cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0
IP
172.67.158.139:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecttotalsportek.space
Fingerprint0D:35:D1:41:A9:1D:E9:79:0F:B4:68:C8:BA:01:3C:70:8C:19:5A:84
ValidityTue, 31 Dec 2024 08:29:00 GMT - Mon, 31 Mar 2025 09:27:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0 HTTP/1.1
Host: cdn.totalsportek.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Jan 2025 20:04:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NgYi8Ocp%2BkxxgCYX5fwEZQ%2F4oQ5yi5gwI8GHyvxCfRxcn%2Bk5cAGYZy%2B3dMOMyF6%2FcZUQhU5Vy99qnrdY6t63QiN%2Fbp1NGU8OjbCrTuPiGkLtJbAU2vNuIcH8UGHv9TH7grEd%2FG2tuovS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 902879c6183eb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14074&min_rtt=4148&rtt_var=8645&sent=13&recv=8&lost=0&retrans=0&sent_bytes=4175&recv_bytes=1332&delivery_rate=143167&cwnd=12000&unsent_bytes=0&cid=d221c151d98f6303&ts=531&x=1", cfExtPri, cfHdrFlush;dur=0

GET ptaixout.net/tag.min.js

139.45.197.107

200 OK

27 kB

URL GET HTTP/2
ptaixout.net/tag.min.js
IP
139.45.197.107:443
ASN
#9002 RETN Limited

Requested by
https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0
Certificate
IssuerLet's Encrypt
Subjectptaixout.net
FingerprintEE:B7:7A:A3:2E:F5:C1:DE:27:FC:A2:64:11:D8:AE:DF:54:E0:65:D4
ValidityWed, 13 Nov 2024 05:13:26 GMT - Tue, 11 Feb 2025 05:13:25 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
27 kB (27356 bytes)
Hash
ad52d5bb09d2068220fcdf07c91efad0
2088cdffd98a21c305a63c895eadbcbfd9c78487
463efaad6691975a46bf3a80cf8321ab36919995546fe987e17a2a9a5e9d04d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: ptaixout.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Jan 2025 20:04:35 GMT
content-type: text/javascript; charset=utf-8
content-length: 27356
content-encoding: br
x-trace-id: 08fc2ecef786a16c9a285c3ec77d3482
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 15 Jan 2025 18:10:49 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF

142.250.74.136

200 OK

112 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-PQ1PJ56MMF
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintBB:2E:7E:AD:26:E1:69:CA:59:9D:25:40:5F:20:4A:82:34:E8:D2:04
ValidityMon, 09 Dec 2024 08:36:18 GMT - Mon, 03 Mar 2025 08:36:17 GMT

File type
JavaScript source, ASCII text, with very long lines (5960)
Size
112 kB (111815 bytes)
Hash
9e69ed7b81beb4b1a844372ef81e63cc
6557f468b847d99ff702c969a5b81d73f5480ad5
b9d3377da3d2300df3fad0c45f55fd68af8c99eacd34726475a9e5b1b33b0f22

HTTP Headers

GET /gtag/js?id=G-PQ1PJ56MMF HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 15 Jan 2025 20:04:35 GMT
expires: Wed, 15 Jan 2025 20:04:35 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 111815
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET ptelsudsew.net/tag.min.js

139.45.197.107

200 OK

27 kB

URL GET HTTP/2
ptelsudsew.net/tag.min.js
IP
139.45.197.107:443
ASN
#9002 RETN Limited

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerLet's Encrypt
Subjectptelsudsew.net
Fingerprint92:06:FF:0A:F3:47:94:18:6A:0F:B2:F6:AA:42:96:34:1B:FC:72:AA
ValiditySun, 12 Jan 2025 05:36:33 GMT - Sat, 12 Apr 2025 05:36:32 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
27 kB (27356 bytes)
Hash
ad52d5bb09d2068220fcdf07c91efad0
2088cdffd98a21c305a63c895eadbcbfd9c78487
463efaad6691975a46bf3a80cf8321ab36919995546fe987e17a2a9a5e9d04d9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: ptelsudsew.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Jan 2025 20:04:37 GMT
content-type: text/javascript; charset=utf-8
content-length: 27356
content-encoding: br
x-trace-id: 18da08e9ad4912e79e7f9b96f0e2e408
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 15 Jan 2025 18:10:49 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js

151.101.129.229

200 OK

145 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
145 kB (145133 bytes)
Hash
f55c6c796275a41ce7d97bd160e648ff
936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89
db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c

HTTP Headers

GET /npm/clappr@latest/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.3.13
x-jsd-version-type: version
etag: W/"80319-k2KF+cjIWnSaHvjPxNXoS36ivIk"
content-encoding: br
accept-ranges: bytes
date: Wed, 15 Jan 2025 20:04:37 GMT
age: 18766
x-served-by: cache-fra-etou8220029-FRA, cache-hel1410022-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 145133
X-Firefox-Spdy: h2

GET ptaixout.net/5/6320745/?oo=1&aab=1

139.45.197.107

200 OK

12 kB

URL GET HTTP/2
ptaixout.net/5/6320745/?oo=1&aab=1
IP
139.45.197.107:443
ASN
#9002 RETN Limited

Requested by
https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0
Certificate
IssuerLet's Encrypt
Subjectptaixout.net
FingerprintEE:B7:7A:A3:2E:F5:C1:DE:27:FC:A2:64:11:D8:AE:DF:54:E0:65:D4
ValidityWed, 13 Nov 2024 05:13:26 GMT - Tue, 11 Feb 2025 05:13:25 GMT

File type
gzip compressed data, max speed, from Unix
Size
12 kB (12348 bytes)
Hash
29fda8b1a2912835055781c50a4f747c
c38cf48ee49894567e861e437965fc81e410f47e
ba62f7b92f98b4c629835cb129a059b533ae4c4e4f08d3f5c6b0179b8a53a639

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6320745/?oo=1&aab=1 HTTP/1.1
Host: ptaixout.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.totalsportek.space
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Jan 2025 20:04:35 GMT
content-type: application/json
x-trace-id: 6b009dd16def8032739d70d207b928a2
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://cdn.totalsportek.space
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081527f7229446cfef17345f21e2a17; expires=Thu, 15 Jan 2026 20:04:35 GMT; path=/; secure; SameSite=None
oaidts=1736971475; expires=Thu, 15 Jan 2026 20:04:35 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

HEAD streambtw.com/iframe/ch6.php

104.21.112.1

200 OK

0 B

URL HEAD HTTP/3
streambtw.com/iframe/ch6.php
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint5A:65:C2:B5:FD:84:93:DB:C9:9D:3B:8B:D9:ED:14:58:7C:9E:DE:A8
ValiditySat, 23 Nov 2024 09:55:53 GMT - Fri, 21 Feb 2025 09:55:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /iframe/ch6.php HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/ch6.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 15 Jan 2025 20:04:44 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E5Gs2XHGRIKpVQkpCHgYXY1eCXElPicKnYl8rostm2YZOZYl9h93tDA2Duk9%2FhOWYJT4HUaW0WAn2M7%2FfwfukbEsiBG9FCfDxIPMJrO9c0YqpW3obiYqU4%2BXyGztZib0"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 90287a03495b56aa-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET cdn.jsdelivr.net/npm/clappr@latest/dist/38861cba61c66739c1452c3a71e39852.ttf

151.101.129.229

200 OK

20 kB

URL GET HTTP/3
cdn.jsdelivr.net/npm/clappr@latest/dist/38861cba61c66739c1452c3a71e39852.ttf
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
TrueType Font data, 18 tables, 1st "GDEF", 7 names, Microsoft, language 0x409, type 1 string, RobotoRegularVersion 2.001101; 2014Roboto-Regularhttp://www.apache.org/licenses/LICENSE-2.0
Size
20 kB (19464 bytes)
Hash
38861cba61c66739c1452c3a71e39852
4b1ef58e476b789c97521834abdf7a2fd66d6caf
967e5cecfbfbf64099c3c1232273482dd7436f05714266953c4d2c8ee9c28af5

HTTP Headers

GET /npm/clappr@latest/dist/38861cba61c66739c1452c3a71e39852.ttf HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 19464
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/ttf
x-jsd-version: 0.3.13
x-jsd-version-type: version
etag: W/"7f8c-Sx71jkdreJyXUhg0q996L9ZtbK8"
content-encoding: br
accept-ranges: bytes
date: Wed, 15 Jan 2025 20:04:44 GMT
age: 15515
x-served-by: cache-fra-eddf8230027-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

GET streambtw.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.112.1

302 Found

0 B

URL GET HTTP/3
streambtw.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint5A:65:C2:B5:FD:84:93:DB:C9:9D:3B:8B:D9:ED:14:58:7C:9E:DE:A8
ValiditySat, 23 Nov 2024 09:55:53 GMT - Fri, 21 Feb 2025 09:55:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Wed, 15 Jan 2025 20:04:44 GMT
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5y4x2FJEY2byYxga%2BfVMsyFJhGzkquz22ljRiXTDzJhIOJwhYxLu5vMBwg5Q1dQwWlt%2BwyapGgFPX4dFWKrW%2BIMrSivhO8WZ9%2FiA0jq5SPV%2FONPCa2LJqTLZeiNB8X%2Bi"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js?
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
access-control-allow-origin: *
cf-ray: 90287a05296656aa-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET pndax.love/script/ut.js?cb=1736971484969

172.67.130.90

200 OK

25 kB

URL GET HTTP/2
pndax.love/script/ut.js?cb=1736971484969
IP
172.67.130.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGoogle Trust Services
Subjectpndax.love
Fingerprint41:64:E6:45:0A:52:65:D1:35:F1:C9:32:0F:F5:66:35:19:06:F1:B6
ValidityFri, 10 Jan 2025 02:03:13 GMT - Thu, 10 Apr 2025 03:00:16 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65493), with no line terminators
Size
25 kB (25438 bytes)
Hash
4afa2ac99f97331dc98263d49022a958
60bb7c7c45ff14e8df86ef9e0b9a7a55a7d2baca
a4beaec54247a9a3cb97821ecdb68d39cacdcdcc62ae872c13c2cca2d3d88e32

HTTP Headers

GET /script/ut.js?cb=1736971484969 HTTP/1.1
Host: pndax.love
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 15 Jan 2025 20:04:45 GMT
content-type: text/javascript
x-goog-generation: 1733127707295818
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 66473
x-goog-hash: crc32c=VBET1w==, md5=SvoqyZ+XMx3JgmPUkCKpWA==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
x-guploader-uploadid: AFiumC4WFvuppx86DNaqI0RKRpwx1DI-f9KejUf0cMVbkaHqWLV9x2qnvnkNKX-VDndMwUQ
access-control-expose-headers: Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
expires: Wed, 15 Jan 2025 20:25:59 GMT
cache-control: public, max-age=14400
age: 1506
last-modified: Mon, 02 Dec 2024 08:21:47 GMT
etag: W/"4afa2ac99f97331dc98263d49022a958"
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aEnBJ2lePf69mNF1j7TphpWVl50mMJdFP2JyErZxYUJmMM1kLqNSw916Kqt%2F5lIGV9X3XadmP6XqFr4ysQF%2B%2BADK7%2BOHmRZgdMqPULBceMXLA3sQ6yEUAr2TpoRh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90287a057aa50b45-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=638&min_rtt=576&rtt_var=155&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3197&recv_bytes=1067&delivery_rate=6067039&cwnd=254&unsent_bytes=0&cid=6c908e921c1f301f&ts=33&x=0"
X-Firefox-Spdy: h2

POST streambtw.com/cdn-cgi/rum?

104.21.112.1

204 No Content

0 B

URL POST HTTP/3
streambtw.com/cdn-cgi/rum?
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint5A:65:C2:B5:FD:84:93:DB:C9:9D:3B:8B:D9:ED:14:58:7C:9E:DE:A8
ValiditySat, 23 Nov 2024 09:55:53 GMT - Fri, 21 Feb 2025 09:55:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1077
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/ch6.php
Cookie: cf_clearance=VdYaxsixr0xEHUYURp3QEWiuLZnXhQrzeuAjpW5CQr0-1736971485-1.2.1.1-ppPpVxM_8IbXGvXgW_VimqgEymwaW_J0yB2qD8JAfrTFjRAYdfQfzNL9e8xYYZNz1IjCarBUqZp8BkVq5DV_OK5HjACEAGjKmUrvZwslclQEpiGvaRnI92xgqrJQDMUkpy9ZgNJlqO1KxL4BAqPga1EkEjJWSFy46thi954FA1QyFMhL5m3z6IaODr6N5Fhlk3UTm2.Qk1bJFYGl.1ZEsVrUovDibbgNZzxrucW6CQMCIYwkDTdg_lqUrt_Oa6wJd4bSlgbyEseDHnGfj5KPvDlUenRHkyPelAWLkJpmT00
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Wed, 15 Jan 2025 20:04:45 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://streambtw.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 90287a07596c56aa-OSL
x-frame-options: DENY

POST streambtw.com/cdn-cgi/rum?

104.21.112.1

204 No Content

0 B

URL POST HTTP/3
streambtw.com/cdn-cgi/rum?
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint5A:65:C2:B5:FD:84:93:DB:C9:9D:3B:8B:D9:ED:14:58:7C:9E:DE:A8
ValiditySat, 23 Nov 2024 09:55:53 GMT - Fri, 21 Feb 2025 09:55:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 512
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/ch6.php
Cookie: cf_clearance=VdYaxsixr0xEHUYURp3QEWiuLZnXhQrzeuAjpW5CQr0-1736971485-1.2.1.1-ppPpVxM_8IbXGvXgW_VimqgEymwaW_J0yB2qD8JAfrTFjRAYdfQfzNL9e8xYYZNz1IjCarBUqZp8BkVq5DV_OK5HjACEAGjKmUrvZwslclQEpiGvaRnI92xgqrJQDMUkpy9ZgNJlqO1KxL4BAqPga1EkEjJWSFy46thi954FA1QyFMhL5m3z6IaODr6N5Fhlk3UTm2.Qk1bJFYGl.1ZEsVrUovDibbgNZzxrucW6CQMCIYwkDTdg_lqUrt_Oa6wJd4bSlgbyEseDHnGfj5KPvDlUenRHkyPelAWLkJpmT00
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Wed, 15 Jan 2025 20:04:58 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://streambtw.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 90287a58daf456aa-OSL
x-frame-options: DENY

POST streambtw.com/cdn-cgi/challenge-platform/h/b/jsd/r/902879c5986e5684

104.21.112.1

200 OK

0 B

URL POST HTTP/3
streambtw.com/cdn-cgi/challenge-platform/h/b/jsd/r/902879c5986e5684
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint5A:65:C2:B5:FD:84:93:DB:C9:9D:3B:8B:D9:ED:14:58:7C:9E:DE:A8
ValiditySat, 23 Nov 2024 09:55:53 GMT - Fri, 21 Feb 2025 09:55:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/902879c5986e5684 HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12150
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/ch6.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Jan 2025 20:04:45 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=; Path=/; Expires=Thu, 01-Jan-70 00:00:00 GMT; Domain=.streambtw.com; Priority=High; HttpOnly; Secure; SameSite=None
cf_clearance=VdYaxsixr0xEHUYURp3QEWiuLZnXhQrzeuAjpW5CQr0-1736971485-1.2.1.1-ppPpVxM_8IbXGvXgW_VimqgEymwaW_J0yB2qD8JAfrTFjRAYdfQfzNL9e8xYYZNz1IjCarBUqZp8BkVq5DV_OK5HjACEAGjKmUrvZwslclQEpiGvaRnI92xgqrJQDMUkpy9ZgNJlqO1KxL4BAqPga1EkEjJWSFy46thi954FA1QyFMhL5m3z6IaODr6N5Fhlk3UTm2.Qk1bJFYGl.1ZEsVrUovDibbgNZzxrucW6CQMCIYwkDTdg_lqUrt_Oa6wJd4bSlgbyEseDHnGfj5KPvDlUenRHkyPelAWLkJpmT00; Path=/; Expires=Thu, 15-Jan-26 20:04:45 GMT; Domain=.streambtw.com; Priority=High; HttpOnly; Secure; SameSite=None; Partitioned
cf-ray: 90287a06f96a56aa-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZEdMYfptg2iUs%2BmJBEKt%2F2MyhhPuqO%2FpX0%2F3Wm4rn8kdTlA3Wcmqwll9xpjhzs9PltIoCcsGUh%2FHR2rObKvsQfH9RSd%2BLNIFlG0ZciD6Rqo8lLllTleJlGXIrcbvUugl"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET my.rtmark.net/gid.js?userId=0081525958fd4f90fb0df62a46cf7743

104.18.19.184

200 OK

65 B

URL GET HTTP/3
my.rtmark.net/gid.js?userId=0081525958fd4f90fb0df62a46cf7743
IP
104.18.19.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint56:7F:53:10:57:2F:C3:F4:06:8B:DB:2F:C1:F7:6A:1D:68:59:14:3F
ValiditySat, 04 Jan 2025 10:02:11 GMT - Fri, 04 Apr 2025 11:00:33 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
2bafca23b0103dc5410d17b6e888df24
60ace1ea305e4d58df7f6bc9f38e3ff8ae454e13
f819b11551c48b707fc333f5292d2b885e8ec7865099cf885c01f410fe93b8cc

HTTP Headers

GET /gid.js?userId=0081525958fd4f90fb0df62a46cf7743 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Cookie: ID=0081527f7229446cfef17345f21e2a17
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Jan 2025 20:04:45 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://streambtw.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
set-cookie: ID=0081527f7229446cfef17345f21e2a17; expires=Thu, 15 Jan 2026 20:04:45 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 90287a073a400b3d-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET my.rtmark.net/gid.js?userId=0081527f7229446cfef17345f21e2a17

104.18.19.184

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0081527f7229446cfef17345f21e2a17
IP
104.18.19.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint56:7F:53:10:57:2F:C3:F4:06:8B:DB:2F:C1:F7:6A:1D:68:59:14:3F
ValiditySat, 04 Jan 2025 10:02:11 GMT - Fri, 04 Apr 2025 11:00:33 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
2bafca23b0103dc5410d17b6e888df24
60ace1ea305e4d58df7f6bc9f38e3ff8ae454e13
f819b11551c48b707fc333f5292d2b885e8ec7865099cf885c01f410fe93b8cc

HTTP Headers

GET /gid.js?userId=0081527f7229446cfef17345f21e2a17 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cdn.totalsportek.space
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 15 Jan 2025 20:04:35 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cdn.totalsportek.space
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
set-cookie: ID=0081527f7229446cfef17345f21e2a17; expires=Thu, 15 Jan 2026 20:04:35 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 902879c89e370b69-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

104.16.80.73

200 OK

20 kB

URL GET HTTP/2
static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
IP
104.16.80.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGoogle Trust Services
Subjectcloudflareinsights.com
Fingerprint68:D3:62:56:06:F9:32:39:3B:2D:19:7E:B1:45:4B:2C:76:5F:73:C6
ValidityMon, 30 Dec 2024 10:58:15 GMT - Sun, 30 Mar 2025 11:58:10 GMT

File type
JavaScript source, ASCII text, with very long lines (19948), with no line terminators
Size
20 kB (19948 bytes)
Hash
ec18af6d41f6f278b6aed3bdabffa7bc
62c9e2cab76b888829f3c5335e91c320b22329ae
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

HTTP Headers

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 15 Jan 2025 20:04:37 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 902879d84fb20b45-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

GET streambtw.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js?

104.21.112.1

200 OK

8.7 kB

URL GET HTTP/3
streambtw.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js?
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint5A:65:C2:B5:FD:84:93:DB:C9:9D:3B:8B:D9:ED:14:58:7C:9E:DE:A8
ValiditySat, 23 Nov 2024 09:55:53 GMT - Fri, 21 Feb 2025 09:55:52 GMT

File type
JavaScript source, ASCII text, with very long lines (8699), with no line terminators
Size
8.7 kB (8699 bytes)
Hash
002197df3c2d1d9e43a75afc6ec8ca00
7e5bae3caba852c9606fedf4ee435f1f126fa8fd
8b31f9b588ef80ec930f3bd97d766f06b7d456738f6324ec6fa38914eb6e9e43

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/e0c90b6a3ed1/main.js? HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Jan 2025 20:04:45 GMT
content-type: application/javascript; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2HuBvl6TQEf4TEn6SUHcpu6mFliQofQgEArkYgxHYCm18w02hgmh%2B4sZ3xNkGsuD6sllGJttEABzIkKziZMp4GO1YexcHXMPc%2FEqBNdWP%2BRsRLeNpZgcKAKmt0eaFRre"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
x-content-type-options: nosniff
content-encoding: br
cf-ray: 90287a05d96856aa-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET cdn.totalsportek.space/favicon.ico

172.67.158.139

404 Not Found

555 B

URL GET HTTP/3
cdn.totalsportek.space/favicon.ico
IP
172.67.158.139:443
ASN
#13335 CLOUDFLARENET

Requested by
https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0
Certificate
IssuerGoogle Trust Services
Subjecttotalsportek.space
Fingerprint0D:35:D1:41:A9:1D:E9:79:0F:B4:68:C8:BA:01:3C:70:8C:19:5A:84
ValidityTue, 31 Dec 2024 08:29:00 GMT - Mon, 31 Mar 2025 09:27:15 GMT

File type
HTML document, ASCII text, with very long lines (581), with no line terminators
Size
555 B (555 bytes)
Hash
e9e4f9c9480bb14ad8343f37e3fb9b99
628fcbc6080fd3e684d1def2e5f67e98133ffa3b
85e4b614933e56b4531289e0bc3d2665db1f2b9d04d2c756a4a72b867c059594

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cdn.totalsportek.space
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn.totalsportek.space/embed77/?event=stack.html&link=1&domain=&force=https://streambtw.com/iframe/ch6.php&ask=1736974800&lgt=3&noplayer=0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 15 Jan 2025 20:04:35 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 51
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KyRBzPPEazCSg4H20RE4DkxTq82IUEy5ZnWNTn626ZI40wXkYHseC9IC839AAw%2Fkvm9Y22DXxe6MC9rFLDKFAJjr1hJqARGIOY1EWS%2B6iiYvMIWmLwHco02vAlBffpWu8HSiSuYBgdyK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 902879c7dab6b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=15006&min_rtt=4148&rtt_var=8348&sent=15&recv=10&lost=0&retrans=0&sent_bytes=4907&recv_bytes=1740&delivery_rate=1336&cwnd=12000&unsent_bytes=0&cid=d221c151d98f6303&ts=785&x=1", cfExtPri, cfHdrFlush;dur=0

GET youradexchange.com/script/suurl5.php?r=7102142&cbur=0.45231298994275515&cbiframe=1&cbWidth=1100&cbHeight=619&cbtitle=&cbpage=https%3A%2F%2Fcdn.totalsportek.space%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=pndax.love&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1736971484621&srs=e9baeb3baaf9134fb6b87e253da31769&atv=56.0&abtg=1&adbv=3-cdn-js

172.67.177.214

200 OK

910 B

URL GET HTTP/2
youradexchange.com/script/suurl5.php?r=7102142&cbur=0.45231298994275515&cbiframe=1&cbWidth=1100&cbHeight=619&cbtitle=&cbpage=https%3A%2F%2Fcdn.totalsportek.space%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=pndax.love&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1736971484621&srs=e9baeb3baaf9134fb6b87e253da31769&atv=56.0&abtg=1&adbv=3-cdn-js
IP
172.67.177.214:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGoogle Trust Services
Subjectyouradexchange.com
Fingerprint8B:14:37:06:AD:3B:34:24:D2:1C:2E:8F:85:18:45:17:CE:7A:8F:77
ValidityFri, 06 Dec 2024 14:16:45 GMT - Thu, 06 Mar 2025 14:16:44 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (939), with no line terminators
Size
910 B (910 bytes)
Hash
052d8b77da7d2fab837cc84ae2b3eed6
0de13605f315dc5baf506276d3ac02da4824e678
7538ce164d410d941a9fbf1438a442395ed410986961b18fa7b0ccf21570cf4b

HTTP Headers

GET /script/suurl5.php?r=7102142&cbur=0.45231298994275515&cbiframe=1&cbWidth=1100&cbHeight=619&cbtitle=&cbpage=https%3A%2F%2Fcdn.totalsportek.space%2F&cbref=&cbdescription=&cbkeywords=&cbcdn=pndax.love&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1736971484621&srs=e9baeb3baaf9134fb6b87e253da31769&atv=56.0&abtg=1&adbv=3-cdn-js HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://streambtw.com/
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 15 Jan 2025 20:04:44 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zqXMTCZM75OwJlmbyDPpNQWfxL6%2FDI0MLFQZEHjS3a938ndmdBtMWCsy0DzI7gS2Oq%2BTGDwmbd5h5Nbefl6pqCFx8OPHNYtEbi5b5gdKzzv%2Fb6IJTAjM0BCjpbVRNaCMEV8TZBI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90287a031ee856c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=528&min_rtt=468&rtt_var=139&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3295&recv_bytes=1474&delivery_rate=6552036&cwnd=254&unsent_bytes=0&cid=aa4ee56952d5727f&ts=223&x=0"
X-Firefox-Spdy: h2

GET doanaudabu.net/?rb=dOHWZS0bO6xITrbJ6ytHmw1hKext2UpEdTtBlpshyli071v4mfiH-47YdW8GXuuSGoS8e7_tNCxCe9hj26fde3zKfAIXk4mt0ZGFNpO5-FCW7kU-jXxRMlhiM-YSywfGJFlTS8hWM8D0LrPeva7SqNxj8HjOWyXWWAw34adaz70ZbsJQyqe5QgollJGr2VEjPj_FV2Et8HR3o7zycJ89TfdgBmVzs868cbamMy0MV9bCr8H-_PO4VunhBrRkKj0InM1TV3jg1gCQo4GRRGYDmWZ3QUU%3D&request_ab2=0&zoneid=6869446&js_build=iclick-v1.1039.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=619&wiw=1100&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1100&wfc=3&pl=https%3A%2F%2Fstreambtw.com%2Fiframe%2Fch6.php&drf=https%3A%2F%2Fcdn.totalsportek.space%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=3&wgl=&js_build=iclick-v1.1039.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=681ab9bb-b556-490e-9024-06328fa3930a&wasm=1&userId=0081527f7229446cfef17345f21e2a17&m=link

139.45.197.118

200 OK

2.3 kB

URL GET HTTP/2
doanaudabu.net/?rb=dOHWZS0bO6xITrbJ6ytHmw1hKext2UpEdTtBlpshyli071v4mfiH-47YdW8GXuuSGoS8e7_tNCxCe9hj26fde3zKfAIXk4mt0ZGFNpO5-FCW7kU-jXxRMlhiM-YSywfGJFlTS8hWM8D0LrPeva7SqNxj8HjOWyXWWAw34adaz70ZbsJQyqe5QgollJGr2VEjPj_FV2Et8HR3o7zycJ89TfdgBmVzs868cbamMy0MV9bCr8H-_PO4VunhBrRkKj0InM1TV3jg1gCQo4GRRGYDmWZ3QUU%3D&request_ab2=0&zoneid=6869446&js_build=iclick-v1.1039.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=619&wiw=1100&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1100&wfc=3&pl=https%3A%2F%2Fstreambtw.com%2Fiframe%2Fch6.php&drf=https%3A%2F%2Fcdn.totalsportek.space%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=3&wgl=&js_build=iclick-v1.1039.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=681ab9bb-b556-490e-9024-06328fa3930a&wasm=1&userId=0081527f7229446cfef17345f21e2a17&m=link
IP
139.45.197.118:443
ASN
#9002 RETN Limited

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerLet's Encrypt
Subjectdoanaudabu.net
Fingerprint1B:0F:F1:E3:1C:B1:36:D1:8B:FB:04:EC:8F:DA:FD:51:EE:E1:4B:E3
ValidityThu, 14 Nov 2024 02:46:14 GMT - Wed, 12 Feb 2025 02:46:13 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2284), with no line terminators
Size
2.3 kB (2265 bytes)
Hash
2e808ae8ec572dfa04b34ff433fafcdc
1424f1bb8fe7583316cc623747ecabf9e866d407
902e8f8e20f804e554d4df9b02520432a126bd9e996f2e65bae8d6d3e050e143

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=dOHWZS0bO6xITrbJ6ytHmw1hKext2UpEdTtBlpshyli071v4mfiH-47YdW8GXuuSGoS8e7_tNCxCe9hj26fde3zKfAIXk4mt0ZGFNpO5-FCW7kU-jXxRMlhiM-YSywfGJFlTS8hWM8D0LrPeva7SqNxj8HjOWyXWWAw34adaz70ZbsJQyqe5QgollJGr2VEjPj_FV2Et8HR3o7zycJ89TfdgBmVzs868cbamMy0MV9bCr8H-_PO4VunhBrRkKj0InM1TV3jg1gCQo4GRRGYDmWZ3QUU%3D&request_ab2=0&zoneid=6869446&js_build=iclick-v1.1039.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=619&wiw=1100&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1100&wfc=3&pl=https%3A%2F%2Fstreambtw.com%2Fiframe%2Fch6.php&drf=https%3A%2F%2Fcdn.totalsportek.space%2F&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&tt=3&wgl=&js_build=iclick-v1.1039.0&navlng=en-US&vsbl=true&pnt=0&pnrc=0&bs=681ab9bb-b556-490e-9024-06328fa3930a&wasm=1&userId=0081527f7229446cfef17345f21e2a17&m=link HTTP/1.1
Host: doanaudabu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://streambtw.com/
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Cookie: OAID=0081525958fd4f90fb0df62a46cf7743; oaidts=1736971485
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Jan 2025 20:04:45 GMT
content-type: application/json
x-trace-id: 21bcc1f74a6f843eaa9586c19df87a46
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://streambtw.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0081527f7229446cfef17345f21e2a17; expires=Thu, 15 Jan 2026 20:04:45 GMT; path=/; secure; SameSite=None
oaidts=1736971485; expires=Thu, 15 Jan 2026 20:04:45 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 22 Jan 2025 20:04:45 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET streambtw.com/js/aclib.js

104.21.112.1

200 OK

173 kB

URL GET HTTP/3
streambtw.com/js/aclib.js
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerGoogle Trust Services
Subjectstreambtw.com
Fingerprint5A:65:C2:B5:FD:84:93:DB:C9:9D:3B:8B:D9:ED:14:58:7C:9E:DE:A8
ValiditySat, 23 Nov 2024 09:55:53 GMT - Fri, 21 Feb 2025 09:55:52 GMT

File type

Size
173 kB (172869 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/aclib.js HTTP/1.1
Host: streambtw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/iframe/ch6.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 15 Jan 2025 20:04:35 GMT
content-type: application/javascript; charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ODc%2B8hFoBIZTbxTV6x1CeqN1Rmj791bScXzgphycFrJBA4PO6WirNIHORjJXefCmgPJT2CexQI%2FSfVeBCkNGNrcgF%2FAeAgZrM0hlSgFd4HtgIxTQkEDGp%2BPnl718peqW"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 21 Dec 2024 06:54:50 GMT
vary: Accept-Encoding
etag: W/"6766663a-2a345"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
cf-cache-status: HIT
age: 97662
cf-ray: 902879ca184356aa-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400

GET doanaudabu.net/5/6869446/?oo=1&js_build=iclick-v1.1039.0&dmn=ptelsudsew.net&tt=2&ix=1

139.45.197.118

200 OK

3.9 kB

URL GET HTTP/2
doanaudabu.net/5/6869446/?oo=1&js_build=iclick-v1.1039.0&dmn=ptelsudsew.net&tt=2&ix=1
IP
139.45.197.118:443
ASN
#9002 RETN Limited

Requested by
https://streambtw.com/iframe/ch6.php
Certificate
IssuerLet's Encrypt
Subjectdoanaudabu.net
Fingerprint1B:0F:F1:E3:1C:B1:36:D1:8B:FB:04:EC:8F:DA:FD:51:EE:E1:4B:E3
ValidityThu, 14 Nov 2024 02:46:14 GMT - Wed, 12 Feb 2025 02:46:13 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3905), with no line terminators
Size
3.9 kB (3901 bytes)
Hash
98429d12b918e32507a0cd7be2526a7c
6ca1794dc97aa9ba34de6cc2550776baca03fe8c
53e4bcdc92f6ddbe51a167dbb775a2a89caca7a8354228aea05dfe927a37a91d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6869446/?oo=1&js_build=iclick-v1.1039.0&dmn=ptelsudsew.net&tt=2&ix=1 HTTP/1.1
Host: doanaudabu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://streambtw.com
DNT: 1
Connection: keep-alive
Referer: https://streambtw.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 15 Jan 2025 20:04:45 GMT
content-type: application/json
x-trace-id: 64b450972df962a1a991f94d35bfc02a
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://streambtw.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081525958fd4f90fb0df62a46cf7743; expires=Thu, 15 Jan 2026 20:04:45 GMT; path=/; secure; SameSite=None
oaidts=1736971485; expires=Thu, 15 Jan 2026 20:04:45 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (30)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by