Report - evfancy.link/flash31

Report Overview

Visited public
2025-01-20 21:10:46
Tags
Submit Tags
URL
evfancy.link/flash31
Finishing URL
evfancy.link/flash31
IP / ASN
104.21.80.1
#13335 CLOUDFLARENET
Title
Live Footbal Streaming - Live Premier League

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gavearsonistclever.com	unknown	2024-11-04	2024-11-23	2025-01-19	438 B	573 B	192.243.61.227
sheegiwo.com	unknown	2024-01-08	2024-01-08	2025-01-05	825 B	36 kB	139.45.197.119
evfancy.link	unknown	2024-12-28	2025-01-20	2025-01-20	1.7 kB	47 kB	104.21.16.1
code.jquery.com	634	2005-12-10	2012-05-21	2025-01-15	1.2 kB	122 kB	151.101.2.137
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-01-15	457 B	30 kB	104.18.18.184
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-01-15	1.3 kB	694 kB	151.101.65.229
ajax.googleapis.com	12905	2005-01-25	2012-05-22	2025-01-15	431 B	31 kB	142.250.74.138
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2025-01-15	436 B	38 kB	104.18.11.207
smartermuver.com	unknown	2024-05-28	2024-11-16	2025-01-05	2.3 kB	250 kB	172.67.176.62

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-20	medium	evfancy.link	Sinkholed
2025-01-20	medium	evfancy.link	Sinkholed
2025-01-20	medium	sheegiwo.com	Sinkholed
2025-01-20	medium	sheegiwo.com	Sinkholed
2025-01-20	medium	evfancy.link	Sinkholed
2025-01-20	medium	evfancy.link	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-1.11.0.min.js	ScriptElement	96 kB	2023-03-07	2025-07-16
Pretty URL code.jquery.com/jquery-1.11.0.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-16 09:52 Times Seen11807 Hash 8fc25e27d42774aeae6edbc0a18b72aa b66ed708717bf0b4a005a4d0113af8843ef3b8ff b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682 Loading...

	evfancy.link/flash31	ScriptElement	59 kB	2024-01-27	2025-05-30
Pretty URL evfancy.link/flash31 IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-27 21:44 Last Seen2025-05-30 18:57 Times Seen30 Hash 595c7731e589c775c67f377a365d78bd 0e9e39e24c7d918b5bea4da1efb5e2313f5dc239 ec4987c8fe94dff63a47d8fbbb8a27492009571c634157fcaa725da66a36821c Loading...

	maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js	ScriptElement	37 kB	2023-03-07	2025-07-16
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-16 09:40 Times Seen35150 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	code.jquery.com/jquery-latest.js	ScriptElement	283 kB	2023-03-07	2025-07-15
Pretty URL code.jquery.com/jquery-latest.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:25 Last Seen2025-07-15 14:52 Times Seen3864 Hash 3d93b072d14f2bd1ede58f4847f537fd 73e5d044bd153dd912930e8be433059454ce19cd 3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc Loading...

	code.jquery.com/jquery-migrate-1.2.1.min.js	ScriptElement	7.2 kB	2023-03-07	2025-07-16
Pretty URL code.jquery.com/jquery-migrate-1.2.1.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-16 08:43 Times Seen7315 Hash eb05d8d73b5b13d8d84308a4751ece96 743052320809514fb788fe1d3df37fc87ce90452 1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d Loading...

	smartermuver.com/blast.js	ScriptElement	78 kB	2023-03-08	2025-07-16
Pretty URL smartermuver.com/blast.js IP 172.67.176.62 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53 Last Seen2025-07-16 02:42 Times Seen602 Hash 091faec928970e76d37a3601c19fcf8a 6441e8eebe90eb8d4a40e7c25440ff99caba3520 eb06375118b1eb73f43b8f1851472008f84999a1b27359c075bf5da6feef9a12 Loading...

	evfancy.link/flash31	ScriptElement	446 B	2024-01-27	2025-05-30
Pretty URL evfancy.link/flash31 IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-27 21:44 Last Seen2025-05-30 18:57 Times Seen31 Hash 135c1f9eab561dbb06da18b91ce20a1e c6d8f6c2f8614832711ea71bd372ded179a332e4 c30303d3e868361d59cfe3dae546adf9b4ccc5433d33e32b2a0fcc462bcd8471 Loading...

	evfancy.link/flash31	ScriptElement	44 B	2024-10-20	2025-01-20
Pretty URL evfancy.link/flash31 IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-10-20 18:17 Last Seen2025-01-20 21:10 Times Seen3 Hash fde6275275234af3c8984e3cf21ba649 9bcf145894a8786f5f125885caedb8cd5305f675 1ed15762ca35e737de628f13bab8efaeccbe1b860859bb9bda09de675a623b59 Loading...

	evfancy.link/flash31	ScriptElement	424 B	2023-10-14	2025-04-19
Pretty URL evfancy.link/flash31 IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-14 00:01 Last Seen2025-04-19 23:49 Times Seen43 Hash 78d4a79be8bf864ca01f6ff9461f734c 62409f60069e3838a32063b9bc88b16b62a99fd6 68f8ea1fb246b66fcbad56b4ab2b408b82eb9f5add4725fa12ccdb5c91570255 Loading...

	evfancy.link/flash31	ScriptElement	203 B	2023-10-14	2025-04-18
Pretty URL evfancy.link/flash31 IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-14 00:01 Last Seen2025-04-18 23:29 Times Seen42 Hash aa4f4a5741080d94388479d1d4a46be5 414aeacf3e00ac56ac7611eff1469d0b684d9f32 f22fb5e0d39d796c9f46b6e1671ead6ec179002c7c0174055268bf5ccc316fa9 Loading...

	sheegiwo.com/tag.min.js	ScriptElement	72 kB	2025-01-20	2025-01-21
Pretty URL sheegiwo.com/tag.min.js IP 139.45.197.119 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-20 14:37 Last Seen2025-01-21 10:05 Times Seen17 Hash 7ca076d7043e72ef0f05b38bc2b5db2c 1ce78857e07b6e94b73851f50ac5bbb8ae35fc35 b8cca709abcadc1b6f00b390b5a1b72171ba81933a516a4e0bcd6573ea458426 Loading...

	unknown	ScriptElement	170 B	2025-01-20	2025-01-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-20 21:10 Last Seen2025-01-20 21:10 Times Seen1 Hash db2f9564c29de47613c197046c5d7bab 2fe563e7261ddabb5bd265329fb91e845b5c810f 588f3306c6a88bcf39d08eecc66f5c69c4aac857934c493bd61c2115ae463404 Loading...

	evfancy.link/flash31	ScriptElement	241 B	2023-03-07	2025-01-26
Pretty URL evfancy.link/flash31 IP 104.21.16.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2025-01-26 15:24 Times Seen31 Hash 42ddcfd8c21bcc43db1f10e29c2cef82 87957a9cfbc455b58a7fb2278a44ea464783fac5 9df470ba682ae5e4b0cb137d9384c953f0bc8a196b720f6c07b1a630fa1defad Loading...

	smartermuver.com/embed.js	ScriptElement	1.3 kB	2025-01-05	2025-01-20
Pretty URL smartermuver.com/embed.js IP 172.67.176.62 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-05 14:19 Last Seen2025-01-20 21:10 Times Seen2 Hash 116122618726cf1d3f38b94531264105 53c60feae4d864816adc21ad98ca6a23f2cd8e77 d6a7eca6414517a884e7d5937e8b0d1e8609ccff9dc3f67425835f2a0bf05395 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.2.0/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-07-16
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.2.0/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01 Last Seen2025-07-16 07:23 Times Seen1221 Hash d4162c9d7e520a5de05001be6e741899 0baf29230047c9cd896f14c59618c9948ea79451 2405bdf4c255a4904671bcc4b97938033d39b3f5f20dd068985a8d94cde273e2 Loading...

	unknown	Function	34 B	2023-04-11	2025-07-16
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:16 Last Seen2025-07-16 02:47 Times Seen67623 Hash 572cb94037fffc2a0a53b465972e15f1 0d679b041a7c1ca45cc99e2d229fc2b86762838d 6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35 Loading...

		Size	First Seen	Last Seen
	#1 Write - 0e4853cd276eb0d4b3d0d39bd1b5cc20	297 B	2025-01-20 21:10	2025-01-20 21:10
Pretty Observations First Seen2025-01-20 21:10 Last Seen2025-01-20 21:10 Times Seen1 Hash 0e4853cd276eb0d4b3d0d39bd1b5cc20 1383a34677faa8896aa9c7b69a14267678bd4023 50b540dcb58cf4a241691a435098ad3ed2095804446fa07208cbdc2407bfb1c8 Loading...

HTTP Transactions (21)

URL IP Response Size

GET evfancy.link/css/style.css

104.21.16.1

200 OK

33 kB

URL GET HTTP/3
evfancy.link/css/style.css
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://evfancy.link/flash31
Certificate
IssuerGoogle Trust Services
Subjectevfancy.link
Fingerprint42:7C:39:76:18:75:51:78:CD:A7:9D:09:D7:9B:13:49:33:7A:78:9E
ValiditySat, 28 Dec 2024 11:54:42 GMT - Fri, 28 Mar 2025 12:43:18 GMT

File type
ASCII text, with CRLF line terminators
Size
33 kB (32747 bytes)
Hash
a29e5d2a8c93666a486213ac4e2a6d0c
0cba329fadd3a2ce4b006825fe20c4878ea0f9d5
122105fe95e1d552188ed71ca8b38d6dbf550f0fd9021f369186b69d0bb0c3ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/style.css HTTP/1.1
Host: evfancy.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://evfancy.link/flash31
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 20 Jan 2025 21:10:19 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1K3x9Kn9cl9iftY%2BFohdP7wmpQkCJwypNKFf4m%2FGPrKPCoKchnpPylLFhvMxIK20eTO7LeMYh8NIraMeySWSweldeMOkqVL1S4%2B%2BhPPIJk81We5qXrLE8bJIuiKMeyg%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 05 Jan 2022 10:27:00 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4200
content-encoding: br
cf-ray: 90520cf4acbb1c12-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET smartermuver.com/embed.js

172.67.176.62

200 OK

1.0 kB

URL GET HTTP/2
smartermuver.com/embed.js
IP
172.67.176.62:443
ASN
#13335 CLOUDFLARENET

Requested by
https://evfancy.link/flash31
Certificate
IssuerGoogle Trust Services
Subjectsmartermuver.com
Fingerprint43:C3:D1:59:9B:F3:A7:32:4D:4F:CB:0F:F9:9A:A4:60:03:E3:DE:2B
ValiditySat, 28 Dec 2024 19:37:36 GMT - Fri, 28 Mar 2025 20:34:29 GMT

File type
gzip compressed data, from Unix
Size
1.0 kB (1047 bytes)
Hash
fecbca352457915f92a7f18095181b80
168daff761ae3e67d0630ea1dc0a8ac82900293e
633d3f16ee73ed1f4c259f735289425141a42d2ff9ec72b17b72bf595c628f6e

HTTP Headers

GET /embed.js HTTP/1.1
Host: smartermuver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://evfancy.link/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 20 Jan 2025 21:10:19 GMT
content-type: application/javascript
last-modified: Wed, 30 Oct 2024 20:16:03 GMT
vary: Accept-Encoding
etag: W/"67229403-4e2"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 4199
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=83gwJmJLojrK%2BbDeJwyNk5Cg8PzhH3xhQ%2FJdCtCc%2F8mzdho9HjL2Vcx0IHBcnJ1g7A6eyxmhyHeHUm8gCl3grotgFOpiOhABPk%2BjIGHbVzG6ULSis5uDMQpY0cs5qhUfVMIq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90520cf50d2256ae-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1036&min_rtt=620&rtt_var=286&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3212&recv_bytes=1056&delivery_rate=4078873&cwnd=253&unsent_bytes=0&cid=085f57e80f4de584&ts=42&x=0"
X-Firefox-Spdy: h2

GET gavearsonistclever.com/b5/d5/e2/b5d5e2cbaa884029b13637009b94e342.js

192.243.61.227

403 Forbidden

0 B

URL GET HTTP/1.1
gavearsonistclever.com/b5/d5/e2/b5d5e2cbaa884029b13637009b94e342.js
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://evfancy.link/flash31
Certificate
IssuerLet's Encrypt
Subjectgavearsonistclever.com
FingerprintCF:79:23:70:6F:A5:89:9E:DE:74:50:07:B9:BC:22:0A:A3:08:45:39
ValidityFri, 03 Jan 2025 21:55:12 GMT - Thu, 03 Apr 2025 21:55:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b5/d5/e2/b5d5e2cbaa884029b13637009b94e342.js HTTP/1.1
Host: gavearsonistclever.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://evfancy.link/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: nginx/1.21.6
Date: Mon, 20 Jan 2025 21:10:20 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: gavearsonistclever.com

HEAD evfancy.link/flash31

104.21.16.1

200 OK

0 B

URL HEAD HTTP/3
evfancy.link/flash31
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://evfancy.link/flash31
Certificate
IssuerGoogle Trust Services
Subjectevfancy.link
Fingerprint42:7C:39:76:18:75:51:78:CD:A7:9D:09:D7:9B:13:49:33:7A:78:9E
ValiditySat, 28 Dec 2024 11:54:42 GMT - Fri, 28 Mar 2025 12:43:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

HEAD /flash31 HTTP/1.1
Host: evfancy.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://evfancy.link/flash31
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 20 Jan 2025 21:10:20 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MHWYqCnXwidNrSsNeq4mrVKO%2FhTnf3zQAIZsZRG%2Bh3LDb%2BKtfy5xvRglc7uzxCHA2WXEvebJBg%2Ff2IsOKAoD0sPo2djSC7VxNyOh0M%2Fn35MwjrbsSD63qGTOKnUfmpE%3D"}],"group":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 90520cf83d1d1c12-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400

GET sheegiwo.com/tag.min.js

139.45.197.119

200 OK

27 kB

URL GET HTTP/2
sheegiwo.com/tag.min.js
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://evfancy.link/flash31
Certificate
IssuerLet's Encrypt
Subjectsheegiwo.com
Fingerprint14:C1:9D:2F:5F:71:12:93:F0:9F:45:71:4C:4D:B5:1E:DC:C6:03:AB
ValiditySat, 23 Nov 2024 06:28:38 GMT - Fri, 21 Feb 2025 06:28:37 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
27 kB (27356 bytes)
Hash
7ca076d7043e72ef0f05b38bc2b5db2c
1ce78857e07b6e94b73851f50ac5bbb8ae35fc35
b8cca709abcadc1b6f00b390b5a1b72171ba81933a516a4e0bcd6573ea458426

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: sheegiwo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://evfancy.link/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Jan 2025 21:10:20 GMT
content-type: text/javascript; charset=utf-8
content-length: 27356
content-encoding: br
x-trace-id: 68b431ea4fb404563075ec649ac93b1d
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Mon, 20 Jan 2025 13:30:23 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-migrate-1.2.1.min.js

151.101.2.137

200 OK

3.1 kB

URL GET HTTP/2
code.jquery.com/jquery-migrate-1.2.1.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://smartermuver.com/embed.php?player=desktop&live=do31
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (7085)
Size
3.1 kB (3063 bytes)
Hash
eb05d8d73b5b13d8d84308a4751ece96
743052320809514fb788fe1d3df37fc87ce90452
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d

HTTP Headers

GET /jquery-migrate-1.2.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smartermuver.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1c1f"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 20 Jan 2025 21:10:20 GMT
age: 2892715
x-served-by: cache-lga21931-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 5, 197766
x-timer: S1737407421.682735,VS0,VE0
vary: Accept-Encoding
content-length: 3063
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-1.11.0.min.js

151.101.2.137

200 OK

33 kB

URL GET HTTP/2
code.jquery.com/jquery-1.11.0.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://smartermuver.com/embed.php?player=desktop&live=do31
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32341)
Size
33 kB (33357 bytes)
Hash
8fc25e27d42774aeae6edbc0a18b72aa
b66ed708717bf0b4a005a4d0113af8843ef3b8ff
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

HTTP Headers

GET /jquery-1.11.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smartermuver.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1787d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 20 Jan 2025 21:10:20 GMT
age: 2892747
x-served-by: cache-lga21931-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 7961, 133055
x-timer: S1737407421.694419,VS0,VE0
vary: Accept-Encoding
content-length: 33357
X-Firefox-Spdy: h2

GET my.rtmark.net/gid.js?userId=0081576897de4f2afe1b4569c043b969

104.18.18.184

200 OK

29 kB

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0081576897de4f2afe1b4569c043b969
IP
104.18.18.184:443
ASN
#13335 CLOUDFLARENET

Requested by
https://evfancy.link/flash31
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint56:7F:53:10:57:2F:C3:F4:06:8B:DB:2F:C1:F7:6A:1D:68:59:14:3F
ValiditySat, 04 Jan 2025 10:02:11 GMT - Fri, 04 Apr 2025 11:00:33 GMT

File type
gzip compressed data, from Unix
Size
29 kB (28774 bytes)
Hash
a8337eecf402e483dd745b2e3548466c
b474a5b0bfca4f953697077f2127c066029a345d
ae9e8cdd52090f0d1dcc86ed0243891048fbe68dd0d6008197ba81a58b2898bb

HTTP Headers

GET /gid.js?userId=0081576897de4f2afe1b4569c043b969 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://evfancy.link
DNT: 1
Connection: keep-alive
Referer: https://evfancy.link/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 20 Jan 2025 21:10:20 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://evfancy.link
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
set-cookie: ID=0081576897de4f2afe1b4569c043b969; expires=Tue, 20 Jan 2026 21:10:20 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 90520cfa3bd31c16-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-latest.js

151.101.2.137

200 OK

84 kB

URL GET HTTP/2
code.jquery.com/jquery-latest.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://smartermuver.com/embed.php?player=desktop&live=do31
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
84 kB (83875 bytes)
Hash
3d93b072d14f2bd1ede58f4847f537fd
73e5d044bd153dd912930e8be433059454ce19cd
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc

HTTP Headers

GET /jquery-latest.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smartermuver.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-4508e"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 20 Jan 2025 21:10:20 GMT
age: 4112157
x-served-by: cache-lga21958-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 757, 1419630
x-timer: S1737407421.704319,VS0,VE0
vary: Accept-Encoding
content-length: 83875
X-Firefox-Spdy: h2

GET smartermuver.com/embed.php?player=desktop&live=do31

172.67.176.62

200 OK

166 kB

URL GET HTTP/3
smartermuver.com/embed.php?player=desktop&live=do31
IP
172.67.176.62:443
ASN
#13335 CLOUDFLARENET

Requested by
https://evfancy.link/flash31
Certificate
IssuerGoogle Trust Services
Subjectsmartermuver.com
Fingerprint43:C3:D1:59:9B:F3:A7:32:4D:4F:CB:0F:F9:9A:A4:60:03:E3:DE:2B
ValiditySat, 28 Dec 2024 19:37:36 GMT - Fri, 28 Mar 2025 20:34:29 GMT

File type
JavaScript source, ASCII text, with very long lines (1596)
Size
166 kB (165504 bytes)
Hash
fffa5f5c58684826b0407c559990ae95
0a60e2ad21948a712171e1ec1cb934ad5ec07c3b
f36877f8e3bd078afe93262451d8afb1681487b16ba624f4d8a26ef9feae9937

HTTP Headers

GET /embed.php?player=desktop&live=do31 HTTP/1.1
Host: smartermuver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://evfancy.link/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 20 Jan 2025 21:10:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/8.1.30
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3k5U2mPn5hsgJU3d%2F%2BhZrI70kwGYQzBSil%2ByKRsHeufbpLyDdgGfg9ye3uWNcHGFx6azHmqpp%2BB7%2B1nDcCoscRvH128P1ejHIzNPz%2FIXOxnJTU9oC9QEToSNfrd5Bj7DyTae"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90520cf84a37b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4907&min_rtt=3072&rtt_var=2463&sent=13&recv=8&lost=0&retrans=0&sent_bytes=4168&recv_bytes=1265&delivery_rate=193332&cwnd=12000&unsent_bytes=0&cid=8de833a2a399066b&ts=729&x=1", cfExtPri, cfHdrFlush;dur=0

GET cdn.jsdelivr.net/clappr.level-selector/latest/level-selector.min.js

151.101.65.229

200 OK

3.2 kB

URL GET HTTP/2
cdn.jsdelivr.net/clappr.level-selector/latest/level-selector.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://smartermuver.com/embed.php?player=desktop&live=do31
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (6153)
Size
3.2 kB (3219 bytes)
Hash
166bbe11bb8dd332f6fbcf8fe9ec30cf
f42c73e6e89201ccf5ad513915bb4182ec3a410c
23a715a6d8a35921f8c02eab19a93b6c9c42271ecfccbde0005476959e2edff9

HTTP Headers

GET /clappr.level-selector/latest/level-selector.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smartermuver.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"2524-9Cxz5uiSAcz1rVE5FbtBguw6QQw"
content-encoding: br
accept-ranges: bytes
date: Mon, 20 Jan 2025 21:10:20 GMT
age: 1200146
x-served-by: cache-fra-eddf8230115-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3219
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js

151.101.65.229

200 OK

58 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/@swarmcloud/hls/p2p-engine.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://smartermuver.com/embed.php?player=desktop&live=do31
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
58 kB (57600 bytes)
Hash
4593f23186f4e73944c170932868f5b4
885ee60b169f37ea2b86d15b4d03d384fed9d0f5
fd8d90453ae0354fb5c07d58294267d4b5d180f95db941b0bfec91013094fc99

HTTP Headers

GET /npm/@swarmcloud/hls/p2p-engine.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smartermuver.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.13.8
x-jsd-version-type: version
etag: W/"312a6-iF7mCxafN+orhtFbTQPThP7Z0PU"
content-encoding: br
accept-ranges: bytes
date: Mon, 20 Jan 2025 21:10:20 GMT
age: 23506
x-served-by: cache-fra-eddf8230149-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 57600
X-Firefox-Spdy: h2

GET ajax.googleapis.com/ajax/libs/jquery/3.2.0/jquery.min.js

142.250.74.138

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.2.0/jquery.min.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://smartermuver.com/embed.php?player=desktop&live=do31
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint40:E7:4C:FA:6D:23:B6:A9:19:0C:67:77:3A:43:22:D0:A4:CE:49:24
ValidityMon, 09 Dec 2024 08:37:20 GMT - Mon, 03 Mar 2025 08:37:19 GMT

File type
JavaScript source, ASCII text, with very long lines (32033)
Size
30 kB (30281 bytes)
Hash
d4162c9d7e520a5de05001be6e741899
0baf29230047c9cd896f14c59618c9948ea79451
2405bdf4c255a4904671bcc4b97938033d39b3f5f20dd068985a8d94cde273e2

HTTP Headers

GET /ajax/libs/jquery/3.2.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smartermuver.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30281
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 Jan 2025 14:07:02 GMT
expires: Fri, 16 Jan 2026 14:07:02 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 370998
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET sheegiwo.com/5/6837565/?oo=1&aab=1

139.45.197.119

200 OK

7.0 kB

URL GET HTTP/2
sheegiwo.com/5/6837565/?oo=1&aab=1
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://evfancy.link/flash31
Certificate
IssuerLet's Encrypt
Subjectsheegiwo.com
Fingerprint14:C1:9D:2F:5F:71:12:93:F0:9F:45:71:4C:4D:B5:1E:DC:C6:03:AB
ValiditySat, 23 Nov 2024 06:28:38 GMT - Fri, 21 Feb 2025 06:28:37 GMT

File type
gzip compressed data, max speed, from Unix
Size
7.0 kB (6963 bytes)
Hash
babd631f45d8babc8220ae244135cabe
7bf0210efc95d487f2896bc3a9bc21e1b5bc23f3
bec244f85d696b5fbc13710dbace98aaf8cb49a4e3463573d567bf29bc8dc39c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6837565/?oo=1&aab=1 HTTP/1.1
Host: sheegiwo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://evfancy.link
DNT: 1
Connection: keep-alive
Referer: https://evfancy.link/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Jan 2025 21:10:20 GMT
content-type: application/json
x-trace-id: 1eb7f929fcf103d02e183f4dd42f58af
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://evfancy.link
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081576897de4f2afe1b4569c043b969; expires=Tue, 20 Jan 2026 21:10:20 GMT; path=/; secure; SameSite=None
oaidts=1737407420; expires=Tue, 20 Jan 2026 21:10:20 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

GET smartermuver.com/css/site.css

172.67.176.62

200 OK

199 B

URL GET HTTP/3
smartermuver.com/css/site.css
IP
172.67.176.62:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smartermuver.com/embed.php?player=desktop&live=do31
Certificate
IssuerGoogle Trust Services
Subjectsmartermuver.com
Fingerprint43:C3:D1:59:9B:F3:A7:32:4D:4F:CB:0F:F9:9A:A4:60:03:E3:DE:2B
ValiditySat, 28 Dec 2024 19:37:36 GMT - Fri, 28 Mar 2025 20:34:29 GMT

File type
ASCII text, with no line terminators
Size
199 B (199 bytes)
Hash
1c0354d5d809202b32e2767fd752d997
3ae81b6a2f708ebb1baa145d25dc061ebd93be57
bb217a86ff30bcaa4bb0d0dabc9809fe4da66226cb9dc7f5b3bc16fa0e781ad0

HTTP Headers

GET /css/site.css HTTP/1.1
Host: smartermuver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smartermuver.com/embed.php?player=desktop&live=do31
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Jan 2025 21:10:20 GMT
content-type: text/css
last-modified: Fri, 29 Oct 2021 09:54:42 GMT
etag: W/"617bc4e2-c7"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5795
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xt4YovmnneDR5kISVwKsRPtKMGxVby0dcyjRMlECkAtlzpXkTDqBMWDN%2FD8rHLhVaECyxpNkx0ZnoBtI7ey4XFkeiJCkvZDtkEn%2Bap4ZpaaKY8xgMcoc61m%2FkOwgjifHchnV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90520cfa8d71b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4543&min_rtt=1989&rtt_var=2577&sent=21&recv=11&lost=0&retrans=0&sent_bytes=8963&recv_bytes=1903&delivery_rate=5278&cwnd=12000&unsent_bytes=0&cid=8de833a2a399066b&ts=855&x=1", cfExtPri, cfHdrFlush;dur=0

GET smartermuver.com/css/embed.css?ver=1.4.4

172.67.176.62

200 OK

537 B

URL GET HTTP/3
smartermuver.com/css/embed.css?ver=1.4.4
IP
172.67.176.62:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smartermuver.com/embed.php?player=desktop&live=do31
Certificate
IssuerGoogle Trust Services
Subjectsmartermuver.com
Fingerprint43:C3:D1:59:9B:F3:A7:32:4D:4F:CB:0F:F9:9A:A4:60:03:E3:DE:2B
ValiditySat, 28 Dec 2024 19:37:36 GMT - Fri, 28 Mar 2025 20:34:29 GMT

File type
ASCII text, with very long lines (621), with no line terminators
Size
537 B (537 bytes)
Hash
de49beed17d930d6791cb4a9baa192d6
94f2019b48859afa1f1db4d4406c5db18c9b2072
92162c0c70fd45b51166adea046978d8fe827db144946385d2c5cf6dc2603462

HTTP Headers

GET /css/embed.css?ver=1.4.4 HTTP/1.1
Host: smartermuver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smartermuver.com/embed.php?player=desktop&live=do31
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Jan 2025 21:10:20 GMT
content-type: text/css
last-modified: Fri, 29 Oct 2021 09:08:53 GMT
vary: Accept-Encoding
etag: W/"617bba25-219"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 5795
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jfVVaAx6UPrKGIxsqUjNPOax%2Fec8VFjuwUCngW73DKim5%2BQKZ3MZx%2FDxeL2%2BjK4B2RI97xnNuJsh3WWO2Zu8x1wUoKjVkCdcPF74Q%2Flag1L9GBNso2y%2B01GfRlqXU6JNm92K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90520cfa7d67b515-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4543&min_rtt=1989&rtt_var=2577&sent=20&recv=11&lost=0&retrans=0&sent_bytes=7996&recv_bytes=1903&delivery_rate=5278&cwnd=12000&unsent_bytes=0&cid=8de833a2a399066b&ts=848&x=1", cfExtPri, cfHdrFlush;dur=0

GET smartermuver.com/blast.js

172.67.176.62

200 OK

78 kB

URL GET HTTP/3
smartermuver.com/blast.js
IP
172.67.176.62:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smartermuver.com/embed.php?player=desktop&live=do31
Certificate
IssuerGoogle Trust Services
Subjectsmartermuver.com
Fingerprint43:C3:D1:59:9B:F3:A7:32:4D:4F:CB:0F:F9:9A:A4:60:03:E3:DE:2B
ValiditySat, 28 Dec 2024 19:37:36 GMT - Fri, 28 Mar 2025 20:34:29 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77888 bytes)
Hash
091faec928970e76d37a3601c19fcf8a
6441e8eebe90eb8d4a40e7c25440ff99caba3520
eb06375118b1eb73f43b8f1851472008f84999a1b27359c075bf5da6feef9a12

HTTP Headers

GET /blast.js HTTP/1.1
Host: smartermuver.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smartermuver.com/embed.php?player=desktop&live=do31
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Jan 2025 21:10:20 GMT
content-type: application/javascript
last-modified: Sat, 08 Oct 2022 23:56:20 GMT
vary: Accept-Encoding
etag: W/"63420e24-13040"
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 5795
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DRJYLbNoJOiGa%2BDMqZOugndGcEj8%2BgKsXvnTOIRpDyiR214HJvK2D0goJ%2B7NJYrqrSjgcW9vd5lVweLGT9wv7dol01fJvWE1UmM5V2cEWnwF8qJ%2FSqcVpDZIUVp52k7pH66K"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90520cfabdafb515-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4125&min_rtt=1204&rtt_var=2767&sent=23&recv=13&lost=0&retrans=0&sent_bytes=9797&recv_bytes=2211&delivery_rate=103572&cwnd=12000&unsent_bytes=0&cid=8de833a2a399066b&ts=891&x=1", cfExtPri, cfHdrFlush;dur=0

GET cdn.jsdelivr.net/npm/@clappr/player@0.8/dist/clappr.min.js

151.101.65.229

200 OK

631 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/@clappr/player@0.8/dist/clappr.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://smartermuver.com/embed.php?player=desktop&live=do31
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C
ValidityTue, 30 Jul 2024 15:36:05 GMT - Sun, 31 Aug 2025 15:36:04 GMT

File type

Size
631 kB (630856 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npm/@clappr/player@0.8/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smartermuver.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.8.0
x-jsd-version-type: version
etag: W/"9a048-VUE4kN104YCisqBJlMQIdr2LF2k"
content-encoding: br
accept-ranges: bytes
date: Mon, 20 Jan 2025 21:10:20 GMT
age: 31039
x-served-by: cache-fra-eddf8230058-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 162561
X-Firefox-Spdy: h2

GET maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

104.18.11.207

200 OK

37 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://smartermuver.com/embed.php?player=desktop&live=do31
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint53:78:04:46:B4:48:0A:28:30:67:23:9B:D5:25:73:FE:FA:81:58:19
ValidityThu, 16 Jan 2025 00:27:53 GMT - Wed, 16 Apr 2025 01:27:34 GMT

File type
JavaScript source, ASCII text, with very long lines (32033)
Size
37 kB (37045 bytes)
Hash
5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

HTTP Headers

GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://smartermuver.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 20 Jan 2025 21:10:20 GMT
content-type: application/javascript; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"5869c96cc8f19086aee625d670d741f9"
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 03/18/2024 12:13:26
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1047
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requesttime: 0
cdn-requestid: f51db51e1812ec3681add6a3dbbf5420
cdn-cache: HIT
cf-cache-status: HIT
age: 232526
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 90520cfaadc7712a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET evfancy.link/favicon.ico

104.21.16.1

200 OK

11 kB

URL GET HTTP/3
evfancy.link/favicon.ico
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://evfancy.link/flash31
Certificate
IssuerGoogle Trust Services
Subjectevfancy.link
Fingerprint42:7C:39:76:18:75:51:78:CD:A7:9D:09:D7:9B:13:49:33:7A:78:9E
ValiditySat, 28 Dec 2024 11:54:42 GMT - Fri, 28 Mar 2025 12:43:18 GMT

File type
MS Windows icon resource - 2 icons, 48x48, 32 bits/pixel, 16x16, 32 bits/pixel
Size
11 kB (10806 bytes)
Hash
da4a74faee57944047548a93c4836df6
da5f7d9c492faa88bfd2be9b84e649de4818d2d2
a33f7d76e43eef7580ed1a6e8ebec87c8e64e2fd815e21a66d1345dfc01122d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: evfancy.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://evfancy.link/flash31
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Jan 2025 21:10:20 GMT
content-type: image/x-icon
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vA1r4W%2B543MTIkOywtqYmYXLm%2FBU6gNs7JpKTt2jx3t9KyGvWf3%2F2t6QZ3blYDddZEIgk%2BsbXL6sFB9z8tQjFYeScZK7ijnx8viPU0OGvl8kcJlHYafMK%2FoYnPBLMhA%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sun, 05 Jan 2020 10:58:29 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4196
content-encoding: br
cf-ray: 90520cf9ad2c1c12-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET evfancy.link/css/custom.css

104.21.16.1

200 OK

1.3 kB

URL GET HTTP/3
evfancy.link/css/custom.css
IP
104.21.16.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://evfancy.link/flash31
Certificate
IssuerGoogle Trust Services
Subjectevfancy.link
Fingerprint42:7C:39:76:18:75:51:78:CD:A7:9D:09:D7:9B:13:49:33:7A:78:9E
ValiditySat, 28 Dec 2024 11:54:42 GMT - Fri, 28 Mar 2025 12:43:18 GMT

File type
ASCII text, with very long lines (1523), with no line terminators
Size
1.3 kB (1324 bytes)
Hash
f8fde5d8fb5eb6b12b20df3c3f557a21
44627888cec6ccf7d868b45cb428a43a54a71abf
7b24243bf4caf577c7a276d19793316debabf17d3504a96ccc5d4841ca525f3b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/custom.css HTTP/1.1
Host: evfancy.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://evfancy.link/flash31
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Jan 2025 21:10:19 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B8osZlXICQmG18Dcm3Cxg1q5BzXGyq1v4zXyuhWPnZ6IGjKwn%2Bj7LbbJLq5VglpSg2att4gybaWrzTi8jMm9ZNJeeJHPN6chjZVp%2F8iEbw7yeyKesx773DYP5AGH480%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Mon, 28 Aug 2023 18:10:52 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4200
content-encoding: br
cf-ray: 90520cf4acbc1c12-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML