Report - shazysport.xyz/livehd5.html

Report Overview

Visited public
2025-01-18 20:56:09
Tags
URL
shazysport.xyz/livehd5.html
Finishing URL
shazysport.xyz/livehd5.html
IP / ASN
104.21.66.249
#13335 CLOUDFLARENET
Title
Shazysport

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
shazysport.xyz	unknown	2025-01-15	2025-01-18	2025-01-18	930 B	12 kB	104.21.66.249
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-01-15	2.2 kB	715 kB	104.18.187.31
code.jquery.com	634	2005-12-10	2012-05-21	2025-01-15	408 B	32 kB	151.101.194.137
waust.at	38137	unknown	2016-01-28	2025-01-12	386 B	16 kB	104.26.4.7
quest4play.xyz	unknown	2024-08-03	2024-08-03	2025-01-05	1.9 kB	294 kB	172.67.160.91
naupsithizeekee.com	unknown	2024-12-03	2025-01-03	2025-01-12	405 B	73 kB	172.67.181.252
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-01-15	421 B	113 kB	142.250.74.136
ptichoolsougn.net	unknown	2024-11-26	2024-12-10	2024-12-10	402 B	43 kB	139.45.197.107
coohaiwhoonol.net	unknown	2024-11-01	2024-12-01	2025-01-02	401 B	28 kB	139.45.197.119

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-01-18	medium	quest4play.xyz/setupp2p.js?cl?cl?cl?cacheccnull?call?cachenull?Ss	Unique code from Jetriz, Swid & Jeniva of the Tetris framework

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-01-18	medium	ptichoolsougn.net	Sinkholed
2025-01-18	medium	coohaiwhoonol.net	Sinkholed
2025-01-18	medium	quest4play.xyz	Sinkholed
2025-01-18	medium	quest4play.xyz	Sinkholed
2025-01-18	medium	quest4play.xyz	Sinkholed
2025-01-18	medium	naupsithizeekee.com	Sinkholed
2025-01-18	medium	quest4play.xyz	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	From	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=G-K6HYY1TJH3	ScriptElement	338 kB	2025-01-18	2025-01-18
Pretty URL www.googletagmanager.com/gtag/js?id=G-K6HYY1TJH3 IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-18 20:56 Last Seen2025-01-18 20:56 Times Seen1 Hash 676409708065966b4748b9a99998b410 bac79351a7d36d2e8f1137305fe56a6128e690a3 da5e293df0a9e711a4d4497e9092d097590bbc0022ff88398f06aa1cf0a0ace9 Loading...

	ptichoolsougn.net/401/8808395	ScriptElement	109 kB	2025-01-18	2025-01-18
Pretty URL ptichoolsougn.net/401/8808395 IP 139.45.197.107 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-18 20:56 Last Seen2025-01-18 20:56 Times Seen1 Hash f9474b057b8a5b5673a7663e688d07e4 ae151c57fb66fd77b6572a8ad6bc3e6d26056286 8a1292e43ef3ec8b8c1f07db6b8dd244c0411634c4c7473e54162eac02bf0c34 Loading...

	quest4play.xyz/embedlivetv.php?id=boUZqydiRl	ScriptElement	46 B	2023-07-23	2025-04-20
Pretty URL quest4play.xyz/embedlivetv.php?id=boUZqydiRl IP 172.67.160.91 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-23 19:35 Last Seen2025-04-20 01:13 Times Seen152 Hash 4e1e753f543ab69894b98c449e10234d 8ed53684f57e4c1e60ef3de40bf48d9e692fd3f1 1a0a20c8c7ace362f60bd79417d8bd1d5ab34fecd8bd335e7aa1bd3952d84db9 Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/bootstrap.bundle.min.js	ScriptElement	80 kB	2023-03-07	2025-05-02
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/bootstrap.bundle.min.js IP 104.18.187.31 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27 Last Seen2025-05-02 15:29 Times Seen840 Hash 2faceb2d3db75ced808545e78fab94ed c663baa051856b64d746629a961e23bbf0fbaf8c c0c09020adb6f602b16d48374166b9e38ca92383a81650b6a9097c43cc43f31f Loading...

	shazysport.xyz/livehd5.html	ScriptElement	0 B	0001-01-01	2025-05-03
Pretty URL shazysport.xyz/livehd5.html IP 104.21.66.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-03 03:31 Times Seen4599518 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	quest4play.xyz/embedlivetv.php?id=boUZqydiRl	ScriptElement	926 B	2025-01-18	2025-01-18
Pretty URL quest4play.xyz/embedlivetv.php?id=boUZqydiRl IP 172.67.160.91 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-18 20:56 Last Seen2025-01-18 20:56 Times Seen1 Hash e4c4cf77651acab6986b6d8ed01bd6aa 2accd55e775f517ae53ba5a191ddab5a1816cd3d 3121e612c3a16d9b10e7dc51c1a0a853715f15e1fb4e26edbdd06b54c1ef6f8c Loading...

	naupsithizeekee.com/tag.min.js	ScriptElement	72 kB	2025-01-18	2025-01-20
Pretty URL naupsithizeekee.com/tag.min.js IP 172.67.181.252 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-18 12:00 Last Seen2025-01-20 09:05 Times Seen86 Hash 92d615111d6bc45ae50303fcf145b19b 0c7695eb5badb5f92a37c1548760f943926dab74 79601b2822291d6565d3bf07f60dfa9f4479af1f47bf7fdb2687b4af050155bd Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-05-03
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-03 00:46 Times Seen204262 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	shazysport.xyz/livehd5.html	ScriptElement	181 B	2025-01-18	2025-01-18
Pretty URL shazysport.xyz/livehd5.html IP 104.21.66.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-18 20:56 Last Seen2025-01-18 20:56 Times Seen1 Hash ee0f660c421729e21dcd4c81ecf606bd 32cc4d9a7fbfeaddd86152ecf321c9f026a8f8e7 438ea5235f78be4fe4d333de0d36fc0f7393b17f1fb67fcb4243dd3c2d7c5382 Loading...

	shazysport.xyz/livehd5.html	ScriptElement	199 B	2025-01-18	2025-01-18
Pretty URL shazysport.xyz/livehd5.html IP 104.21.66.249 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-01-18 20:56 Last Seen2025-01-18 20:56 Times Seen1 Hash 9e994dd63417c17617c0d177ae32a01c d88b25b9118e8a134a9b6173afeafd409cbcf2a9 6e239100368c88b19a0e97f360154208dbf256fc28f286cd6041acb092dd4bbd Loading...

	quest4play.xyz/blast.js	ScriptElement	78 kB	2023-03-08	2025-04-27
Pretty URL quest4play.xyz/blast.js IP 172.67.160.91 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:53 Last Seen2025-04-27 22:29 Times Seen507 Hash 091faec928970e76d37a3601c19fcf8a 6441e8eebe90eb8d4a40e7c25440ff99caba3520 eb06375118b1eb73f43b8f1851472008f84999a1b27359c075bf5da6feef9a12 Loading...

	cdn.jsdelivr.net/npm/clappr@0.3.13/dist/clappr.min.js	ScriptElement	525 kB	2023-03-07	2025-05-02
Pretty URL cdn.jsdelivr.net/npm/clappr@0.3.13/dist/clappr.min.js IP 104.18.187.31 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2025-05-02 13:15 Times Seen908 Hash f55c6c796275a41ce7d97bd160e648ff 936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89 db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c Loading...

	unknown	Function	34 B	2023-04-11	2025-05-02
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:16 Last Seen2025-05-02 13:15 Times Seen67010 Hash 572cb94037fffc2a0a53b465972e15f1 0d679b041a7c1ca45cc99e2d229fc2b86762838d 6487e4bdd0f51bbfd9105810a41755847fdae2c274e2fc325cd22356d7707e35 Loading...

HTTP Transactions (17)

URL IP Response Size

cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/bootstrap.bundle.min.js

104.18.187.31

200 OK

24 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.2.0/dist/js/bootstrap.bundle.min.js
IP
104.18.187.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shazysport.xyz/livehd5.html
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65299)
Size
24 kB (24474 bytes)
Hash
2faceb2d3db75ced808545e78fab94ed
c663baa051856b64d746629a961e23bbf0fbaf8c
c0c09020adb6f602b16d48374166b9e38ca92383a81650b6a9097c43cc43f31f

HTTP Headers

GET /npm/bootstrap@5.2.0/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shazysport.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 18 Jan 2025 20:55:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 24474
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 5.2.0
x-jsd-version-type: version
etag: W/"137ae-xmO6oFGFa2TXRmKalh4ju/D7r4w"
content-encoding: br
x-served-by: cache-fra-eddf8230139-FRA, cache-lga21956-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 224915
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ormM7DUcbJhS73NBYqsXSUY6ejwWJIJaXnf3Yx9LNKUhtiQ9%2BzOoNm%2Bjnl7pdc6LPvHmtRB5MCD9RXNCCmz7jqwAnG0gbFmkMRmQZ7VWUoJayAH7f1K7%2FxuBs22E4BzqooE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90417cd03bd2b523-OSL
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-K6HYY1TJH3

142.250.74.136

200 OK

112 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-K6HYY1TJH3
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://shazysport.xyz/livehd5.html
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintBB:2E:7E:AD:26:E1:69:CA:59:9D:25:40:5F:20:4A:82:34:E8:D2:04
ValidityMon, 09 Dec 2024 08:36:18 GMT - Mon, 03 Mar 2025 08:36:17 GMT

File type
JavaScript source, ASCII text, with very long lines (5960)
Size
112 kB (112329 bytes)
Hash
676409708065966b4748b9a99998b410
bac79351a7d36d2e8f1137305fe56a6128e690a3
da5e293df0a9e711a4d4497e9092d097590bbc0022ff88398f06aa1cf0a0ace9

HTTP Headers

GET /gtag/js?id=G-K6HYY1TJH3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shazysport.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 18 Jan 2025 20:55:43 GMT
expires: Sat, 18 Jan 2025 20:55:43 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
server: Google Tag Manager
content-length: 112329
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/disable-devtool@latest/disable-devtool.min.js

104.18.187.31

200 OK

6.2 kB

URL GET HTTP/3
cdn.jsdelivr.net/npm/disable-devtool@latest/disable-devtool.min.js
IP
104.18.187.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://quest4play.xyz/embedlivetv.php?id=boUZqydiRl
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (17245)
Size
6.2 kB (6161 bytes)
Hash
226c2fa3f39c0bb35bb5f1d9d120f9ec
7134ea62cdb655c2a423b1662365c99ba645c2bd
8a23f92a25922d13437d67f25ba2269b64080b5ec030f5cba982e0261abbfe04

HTTP Headers

GET /npm/disable-devtool@latest/disable-devtool.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://quest4play.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 18 Jan 2025 20:55:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 6161
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 0.3.8
x-jsd-version-type: version
etag: W/"4372-cTTqYs22VcKkI7FmI2XJm6ZFwr0"
content-encoding: br
x-served-by: cache-fra-etou8220123-FRA, cache-lga21961-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 30161
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WjO1QQ%2B5H40LuHBDk8XMf4niVQzJshbPHqjKKwL2779tp9BV6EuAUdJi%2BzWk1K7e4OKzhCI8%2B5tVPR2hNIrLhlwoiWhHTphJOIDCxZ2TwWubwso22qot0rHm%2BIOnBEoLT40%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90417cd40d6e56bf-OSL
server-timing: cfExtPri

cdn.jsdelivr.net/npm/clappr@0.3.13/dist/clappr.min.js

104.18.187.31

200 OK

145 kB

URL GET HTTP/3
cdn.jsdelivr.net/npm/clappr@0.3.13/dist/clappr.min.js
IP
104.18.187.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://quest4play.xyz/embedlivetv.php?id=boUZqydiRl
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
145 kB (145133 bytes)
Hash
f55c6c796275a41ce7d97bd160e648ff
936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89
db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c

HTTP Headers

GET /npm/clappr@0.3.13/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://quest4play.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 18 Jan 2025 20:55:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 145133
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 0.3.13
x-jsd-version-type: version
etag: W/"80319-k2KF+cjIWnSaHvjPxNXoS36ivIk"
content-encoding: br
x-served-by: cache-fra-etou8220051-FRA, cache-lga21978-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 18913262
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=owUqpezCvW0B9qXvhiuDMU7uGtVPR8cwVZg3IjVKkQcPLmc6RVChgzoMlTcwtXBh%2F0OolgvzHRFd4ZhiUEuawfduj62NIdGL9TZlNbF%2B9lERGPQaS57iBGneykifYOFXcD4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90417cd3fd5b56bf-OSL
server-timing: cfExtPri

cdn.jsdelivr.net/npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js

104.18.187.31

200 OK

8.1 kB

URL GET HTTP/3
cdn.jsdelivr.net/npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js
IP
104.18.187.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://quest4play.xyz/embedlivetv.php?id=boUZqydiRl
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (26814)
Size
8.1 kB (8149 bytes)
Hash
835f1f7feab838f171c6334abc3d14da
68b97b433d37600647338e57f4344e5e1faf6246
189334d0a898e2aa16794cdd1ea47a0e7c1750578173b25033049fafdf55f2a4

HTTP Headers

GET /npm/p2p-media-loader-hlsjs@latest/build/p2p-media-loader-hlsjs.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://quest4play.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 18 Jan 2025 20:55:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 8149
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 0.6.2
x-jsd-version-type: version
etag: W/"68bf-aLl7Qz03YAZHM45X9DROXh+vYkY"
content-encoding: br
x-served-by: cache-fra-eddf8230045-FRA, cache-lga21945-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 33475
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SG5lNReWSUR4MWTCvcK%2F55BgUAc2RLIXpbTlgQP%2FIOpawtjFSSXV8cMGH7sE5jjFh6Fb6IET8NIGuLTTjyI8%2FyW1aulCRPybIWe1DbdQZVtzi5PDGCxLcy%2BH7ndSQi4Y3Uo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90417cd41d8156bf-OSL
server-timing: cfExtPri

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://quest4play.xyz/embedlivetv.php?id=boUZqydiRl
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://quest4play.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 18 Jan 2025 20:55:44 GMT
age: 987278
x-served-by: cache-lga21931-LGA, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 243947
x-timer: S1737233744.316721,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

ptichoolsougn.net/401/8808395

139.45.197.107

200 OK

42 kB

URL GET HTTP/2
ptichoolsougn.net/401/8808395
IP
139.45.197.107:443
ASN
#9002 RETN Limited

Requested by
https://shazysport.xyz/livehd5.html
Certificate
IssuerLet's Encrypt
Subjectptichoolsougn.net
Fingerprint8B:23:0C:24:5C:8E:60:08:8A:8F:8E:C1:5F:FC:F7:FB:77:B8:91:31
ValidityTue, 26 Nov 2024 15:38:47 GMT - Mon, 24 Feb 2025 15:38:46 GMT

File type
gzip compressed data, max speed, from Unix
Size
42 kB (41958 bytes)
Hash
a03429dd2edc2707c63bcd934c37071b
77fc79c399df0e9eb7735659a99a21f5fcbd76b7
0084c61333af161e8624366d2af05ac9fb6da21922d6d4ed1d7d92165ea4c8df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/8808395 HTTP/1.1
Host: ptichoolsougn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shazysport.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 18 Jan 2025 20:55:43 GMT
content-type: application/javascript
x-trace-id: ebaffe9fad27b4c3c4f707cc07c4b530
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
set-cookie: OAID=03015567b9f74eddf53a75a36c00bbfe; expires=Sun, 18 Jan 2026 20:55:43 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

coohaiwhoonol.net/tag.min.js

139.45.197.119

200 OK

27 kB

URL GET HTTP/2
coohaiwhoonol.net/tag.min.js
IP
139.45.197.119:443
ASN
#9002 RETN Limited

Requested by
https://quest4play.xyz/embedlivetv.php?id=boUZqydiRl
Certificate
IssuerLet's Encrypt
Subjectcoohaiwhoonol.net
Fingerprint49:5F:A3:32:E2:F1:F9:FB:96:32:4D:EF:45:4A:27:A6:25:99:87:79
ValidityFri, 01 Nov 2024 08:44:45 GMT - Thu, 30 Jan 2025 08:44:44 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
27 kB (27356 bytes)
Hash
92d615111d6bc45ae50303fcf145b19b
0c7695eb5badb5f92a37c1548760f943926dab74
79601b2822291d6565d3bf07f60dfa9f4479af1f47bf7fdb2687b4af050155bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: coohaiwhoonol.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://quest4play.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 18 Jan 2025 20:55:44 GMT
content-type: text/javascript; charset=utf-8
content-length: 27356
content-encoding: br
x-trace-id: f5d6febe1ef18c0ccd81428dbf252422
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Sat, 18 Jan 2025 10:51:45 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

quest4play.xyz/embedlivetv.php?id=boUZqydiRl

172.67.160.91

200 OK

0 B

URL GET HTTP/2
quest4play.xyz/embedlivetv.php?id=boUZqydiRl
IP
172.67.160.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shazysport.xyz/livehd5.html
Certificate
IssuerGoogle Trust Services
Subjectquest4play.xyz
Fingerprint76:B2:70:DA:85:6F:4F:01:00:E1:5E:F3:0D:3C:B1:E8:2D:C2:96:E1
ValidityFri, 29 Nov 2024 14:01:14 GMT - Thu, 27 Feb 2025 14:01:13 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

HEAD /embedlivetv.php?id=boUZqydiRl HTTP/1.1
Host: quest4play.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://quest4play.xyz/embedlivetv.php?id=boUZqydiRl
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 18 Jan 2025 20:55:44 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
videocdn: HIT
videocdnx: NO
node: PHP
x-cache: HIT
cf-cache-status: DYNAMIC
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=84chBN1KGJ5hc7XuYWSifrbxdy32AbX45RaCyt4WrGiDrcAr4yuQogxshhOdq%2F5TVUqrr0fndfGTvLSEY%2BokDPZeIxx7okK%2B4VP0nsV%2FhtyAnxZG42uiCijHzqvn%2BrpVog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90417cd7791f5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=13869&min_rtt=1871&rtt_var=13081&sent=174&recv=13&lost=0&retrans=3&sent_bytes=195844&recv_bytes=1869&delivery_rate=2395493&cwnd=73800&unsent_bytes=0&cid=aa7f36da1c425f4d&ts=1050&x=1", cfExtPri, cfHdrFlush;dur=0

waust.at/c.js

104.26.4.7

200 OK

15 kB

URL GET HTTP/2
waust.at/c.js
IP
104.26.4.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://quest4play.xyz/embedlivetv.php?id=boUZqydiRl
Certificate
IssuerGoogle Trust Services
Subjectwaust.at
FingerprintF8:FD:9C:DC:A3:BE:F5:EA:38:7D:BB:BB:E6:23:02:5A:83:9C:DB:FB
ValidityThu, 26 Dec 2024 08:20:07 GMT - Wed, 26 Mar 2025 09:20:04 GMT

File type
gzip compressed data, max speed, from Unix
Size
15 kB (15069 bytes)
Hash
d491e205125c47b50deb2d2c0ce96eac
65b5ab265e89e7d81bb4cb375736dfb8240c3832
eb1a2be0072092bd3e3bd69cedc5c4111a73e68cd103522c089242064acfd3f3

HTTP Headers

GET /c.js HTTP/1.1
Host: waust.at
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://quest4play.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 18 Jan 2025 20:55:44 GMT
content-type: application/x-javascript
last-modified: Thu, 26 Dec 2024 22:59:25 GMT
etag: W/"676ddfcd-32c5"
expires: Sun, 19 Jan 2025 20:55:44 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AxPmdAdbD7qPue1gfbTnzXtgniWBYqDiNl7ZDLJPpUwOUpPJJHqaTHaOFlzafC0ZAz3jZ3ViTgyhrp4lDYbmfjLoYRENbP%2Bs4TwJJI4VJAd2Q1PH0a88YRqC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90417cd5ab2e56ca-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=652&min_rtt=537&rtt_var=181&sent=7&recv=12&lost=0&retrans=0&sent_bytes=3187&recv_bytes=1049&delivery_rate=7702127&cwnd=254&unsent_bytes=0&cid=0f0e48ae7f268c78&ts=609&x=0"
X-Firefox-Spdy: h2

quest4play.xyz/setupp2p.js?cl?cl?cl?cacheccnull?call?cachenull?Ss

172.67.160.91

200 OK

159 kB

URL GET HTTP/3
quest4play.xyz/setupp2p.js?cl?cl?cl?cacheccnull?call?cachenull?Ss
IP
172.67.160.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://quest4play.xyz/embedlivetv.php?id=boUZqydiRl
Certificate
IssuerGoogle Trust Services
Subjectquest4play.xyz
Fingerprint76:B2:70:DA:85:6F:4F:01:00:E1:5E:F3:0D:3C:B1:E8:2D:C2:96:E1
ValidityFri, 29 Nov 2024 14:01:14 GMT - Thu, 27 Feb 2025 14:01:13 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (37084), with CRLF line terminators
Size
159 kB (158802 bytes)
Hash
5a2c1544c74f3c628a965d3d64134465
45fca4d9361fcf0ebc9e2537b34c8d46fc4dd68f
0e55310e9ab0581000640622f701b026dd19f19ed5f4d57697dee61b2c08ed60

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Unique code from Jetriz, Swid & Jeniva of the Tetris framework
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /setupp2p.js?cl?cl?cl?cacheccnull?call?cachenull?Ss HTTP/1.1
Host: quest4play.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://quest4play.xyz/embedlivetv.php?id=boUZqydiRl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 18 Jan 2025 20:55:44 GMT
content-type: application/javascript
last-modified: Wed, 15 Jan 2025 14:58:52 GMT
etag: W/"6787cd2c-b7d22"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: HIT
age: 6572
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8TtKzqrlunD16T%2FA0Guzxb6Y3WSdM4NoQwCrtzCnJy0L77CTpMg0oAsmdg78CXg27c9OSgD0obHll3JO3S0a%2BlZpr69YoFHHt3kWraHc7UoBmVYs4Ae%2FSEb1AC3lk2EErg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90417cd41dda5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6320&min_rtt=1871&rtt_var=3560&sent=37&recv=8&lost=0&retrans=0&sent_bytes=34056&recv_bytes=1416&delivery_rate=27026&cwnd=24000&unsent_bytes=0&cid=aa7f36da1c425f4d&ts=482&x=1", cfExtPri, cfHdrFlush;dur=0

quest4play.xyz/embedlivetv.php?id=boUZqydiRl

172.67.160.91

200 OK

53 kB

URL GET HTTP/2
quest4play.xyz/embedlivetv.php?id=boUZqydiRl
IP
172.67.160.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shazysport.xyz/livehd5.html
Certificate
IssuerGoogle Trust Services
Subjectquest4play.xyz
Fingerprint76:B2:70:DA:85:6F:4F:01:00:E1:5E:F3:0D:3C:B1:E8:2D:C2:96:E1
ValidityFri, 29 Nov 2024 14:01:14 GMT - Thu, 27 Feb 2025 14:01:13 GMT

File type
JavaScript source, ASCII text, with very long lines (28209), with CRLF line terminators
Size
53 kB (53434 bytes)
Hash
b750a3362e1b64f8084038763aae9430
ef6b8ef3b613e650da1d7902d42a40ae6bf582a8
64dcc1c593ddb168334747d14e589ea93ed9c3303d6e5853cccfbe414750ab61

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /embedlivetv.php?id=boUZqydiRl HTTP/1.1
Host: quest4play.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shazysport.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 18 Jan 2025 20:55:43 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
videocdn: EXPIRED
videocdnx: NO
node: PHP
x-cache: EXPIRED
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NrUQB7gMIwX%2FrJIqBW2ujUgKkpnt8i%2BS9ZOrxGlPz%2FrX%2B12vQYq1koWJpUpnPdrLfuZ3IenaDBumtY0I1WN%2FYM1mQiKinoN%2FNem%2FEs6CuHmYpgHKFWt2k5Eka2nVHcyzyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90417cd02a425699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1228&min_rtt=467&rtt_var=1503&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3205&recv_bytes=1157&delivery_rate=8274285&cwnd=254&unsent_bytes=0&cid=ce39e2c84729bb2e&ts=127&x=0"
X-Firefox-Spdy: h2

shazysport.xyz/favicon.ico

104.21.66.249

404 Not Found

7.9 kB

URL GET HTTP/3
shazysport.xyz/favicon.ico
IP
104.21.66.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shazysport.xyz/livehd5.html
Certificate
IssuerGoogle Trust Services
Subjectshazysport.xyz
FingerprintFB:57:CA:43:81:E2:DA:83:51:07:E8:5A:4C:AC:CE:E4:25:2F:8F:A1
ValidityThu, 16 Jan 2025 22:15:43 GMT - Wed, 16 Apr 2025 23:14:33 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
7.9 kB (7894 bytes)
Hash
1b7c22a214949975556626d7217e9a39
d01c97e2944166ed23e47e4a62ff471ab8fa031f
340c8464c2007ce3f80682e15dfafa4180b641d53c14201b929906b7b0284d87

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: shazysport.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shazysport.xyz/livehd5.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Sat, 18 Jan 2025 20:55:44 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: EXPIRED
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uzWhU7OXk1gBI%2B%2B4gEODVyW0JgDrxPlCEl9cXqrl15P0hBN0jyYIbGv9APkWRh27CL8F3E90GYo1aTP4A%2BS7GzLGNLvP7Y6qcekY1%2FWS1l8dK9d%2FGsI0kiZFaF8Wzt8ZhA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90417cd58ca3b517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7248&min_rtt=1974&rtt_var=4507&sent=14&recv=10&lost=0&retrans=0&sent_bytes=4215&recv_bytes=1311&delivery_rate=300870&cwnd=12000&unsent_bytes=0&cid=83f5831c2a778c42&ts=1283&x=1", cfExtPri, cfHdrFlush;dur=0

shazysport.xyz/livehd5.html

104.21.66.249

200 OK

2.0 kB

URL User Request GET HTTP/2
shazysport.xyz/livehd5.html
IP
104.21.66.249:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectshazysport.xyz
FingerprintFB:57:CA:43:81:E2:DA:83:51:07:E8:5A:4C:AC:CE:E4:25:2F:8F:A1
ValidityThu, 16 Jan 2025 22:15:43 GMT - Wed, 16 Apr 2025 23:14:33 GMT

File type
HTML document, ASCII text, with very long lines (2233), with no line terminators
Size
2.0 kB (2049 bytes)
Hash
859102b035605eb44886d71d13d94b34
f022ce42f90b5e178f6507073b871aa266e0f898
2a96e5f421fe560dc675529c7ffa7b0fccbc11e33e6f8e6e52c7643f66aef072

HTTP Headers

GET /livehd5.html HTTP/1.1
Host: shazysport.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 18 Jan 2025 20:55:42 GMT
content-type: text/html
last-modified: Fri, 17 Jan 2025 15:33:51 GMT
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r3%2FG5uQ7FCi35A39%2BGK2w2fE1ZlIbs5cg4w%2BhYMCwKGIkvyq9IAT6v5DrDnELNOijvVfLd49NzpSwJr3r3XVgZ%2BA887M2xRJ94uL0lYfrJPqnmxdoOJ9Pj42YSM9QRbOqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90417cccfaffb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6021&min_rtt=471&rtt_var=11096&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3281&recv_bytes=1253&delivery_rate=6830188&cwnd=254&unsent_bytes=0&cid=d379bf0f24dcf601&ts=79&x=0"
X-Firefox-Spdy: h2

naupsithizeekee.com/tag.min.js

172.67.181.252

200 OK

72 kB

URL GET HTTP/2
naupsithizeekee.com/tag.min.js
IP
172.67.181.252:443
ASN
#13335 CLOUDFLARENET

Requested by
https://shazysport.xyz/livehd5.html
Certificate
IssuerGoogle Trust Services
Subjectnaupsithizeekee.com
FingerprintCC:36:AF:19:73:7A:22:EB:5D:4A:58:2E:08:39:B0:1B:C6:5B:D9:16
ValidityTue, 03 Dec 2024 14:01:07 GMT - Mon, 03 Mar 2025 14:01:06 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
72 kB (71744 bytes)
Hash
92d615111d6bc45ae50303fcf145b19b
0c7695eb5badb5f92a37c1548760f943926dab74
79601b2822291d6565d3bf07f60dfa9f4479af1f47bf7fdb2687b4af050155bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: naupsithizeekee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://shazysport.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 18 Jan 2025 20:55:43 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 2564bdcc4d82454570b7a70e5c8180a5
cache-control: max-age=86400
last-modified: Sat, 18 Jan 2025 10:57:07 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Sun, 19 Jan 2025 11:03:08 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 35555
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lYMje%2BL%2FFtoUVb%2BmrhhWiCdVaexh64vZIl%2FJIYgizF3cRr2zlgxi0cGUgl1QcfQOTRslIqVc1yFqG2SlQvkNvo6a%2FO6I%2Fe1zI02knC0DUoCkNGrAnyyEPhAnzJigJOW5DZ67%2B0C4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90417cd279475694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=578&min_rtt=450&rtt_var=149&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3295&recv_bytes=1192&delivery_rate=6464285&cwnd=252&unsent_bytes=0&cid=22eff4cd22c1e4fc&ts=123&x=0"
X-Firefox-Spdy: h2

quest4play.xyz/blast.js

172.67.160.91

200 OK

78 kB

URL GET HTTP/3
quest4play.xyz/blast.js
IP
172.67.160.91:443
ASN
#13335 CLOUDFLARENET

Requested by
https://quest4play.xyz/embedlivetv.php?id=boUZqydiRl
Certificate
IssuerGoogle Trust Services
Subjectquest4play.xyz
Fingerprint76:B2:70:DA:85:6F:4F:01:00:E1:5E:F3:0D:3C:B1:E8:2D:C2:96:E1
ValidityFri, 29 Nov 2024 14:01:14 GMT - Thu, 27 Feb 2025 14:01:13 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77888 bytes)
Hash
091faec928970e76d37a3601c19fcf8a
6441e8eebe90eb8d4a40e7c25440ff99caba3520
eb06375118b1eb73f43b8f1851472008f84999a1b27359c075bf5da6feef9a12

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /blast.js HTTP/1.1
Host: quest4play.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://quest4play.xyz/embedlivetv.php?id=boUZqydiRl
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 18 Jan 2025 20:55:44 GMT
content-type: application/javascript
last-modified: Thu, 17 Oct 2024 06:47:40 GMT
etag: W/"6710b30c-13040"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: HIT
age: 5312
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RdXCvJ0qpAplDJbsuz6ARGQACH93K2VlM%2BXKk85vTJt0AmXCUuXD5hX7JMyQ6YmuPJKiT%2BqzjyDPuudZtSFdcIjQdTPKS8yd0JSiKrg0KO%2F1rEnBIQYExgyaFnWDM5WiuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 90417cd40dba5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6576&min_rtt=1871&rtt_var=4062&sent=12&recv=7&lost=0&retrans=0&sent_bytes=4075&recv_bytes=1373&delivery_rate=317328&cwnd=12000&unsent_bytes=0&cid=aa7f36da1c425f4d&ts=471&x=1", cfExtPri, cfHdrFlush;dur=0

cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js

104.18.187.31

200 OK

525 kB

URL GET HTTP/3
cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js
IP
104.18.187.31:443
ASN
#13335 CLOUDFLARENET

Requested by
https://quest4play.xyz/embedlivetv.php?id=boUZqydiRl
Certificate
IssuerSectigo Limited
Subject*.jsdelivr.net
Fingerprint74:7A:63:DF:06:27:1E:52:8C:E8:0D:AD:1F:89:98:B5:EB:2D:49:EE
ValiditySat, 04 May 2024 00:00:00 GMT - Sun, 04 May 2025 23:59:59 GMT

File type

Size
525 kB (525081 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /npm/clappr@latest/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://quest4play.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 18 Jan 2025 20:55:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 145133
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 0.3.13
x-jsd-version-type: version
etag: W/"80319-k2KF+cjIWnSaHvjPxNXoS36ivIk"
content-encoding: br
x-served-by: cache-fra-eddf8230067-FRA, cache-lga21958-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 12776
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wlp0qudtw3QpHTbvRuvrvJJcN8rSiB5QPjrB3jLXFQcGs5a70rG9UngddVstgWa5f44ysZjuXSvTnIvvlcVT9N0l80zHQ4Mb%2BhAY2jgdHrvYXukOqobZ2HqgKWdGxwnuayI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 90417cd41d8056bf-OSL
server-timing: cfExtPri

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML