Report - thedaddy.to/embed/stream-749.php

Report Overview

Visited public
2025-07-08 08:06:43
Tags
Submit Tags
URL
thedaddy.to/embed/stream-749.php
Finishing URL
thedaddy.click/embed/stream-749.php
IP / ASN
104.21.29.32
#13335 CLOUDFLARENET
Title
thedaddy.click/embed/stream-749.php

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
usrpubtrk.com	unknown	2025-06-16	2025-06-17	2025-07-01	487 B	522 B	104.21.92.33
code.jquery.com	634	2005-12-10	2012-05-21	2025-07-02	419 B	90 kB	151.101.66.137
oamsedsaiph.net	unknown	2025-04-25	2025-05-15	2025-07-02	562 B	829 B	139.45.195.9
daddylive.mp	unknown	unknown	2025-03-11	2025-04-22	501 B	238 kB	104.21.48.143
waust.at	38137	unknown	2016-01-28	2025-07-04	397 B	13 kB	104.26.4.7
yoxplay.xyz	unknown	2025-06-13	2025-07-08	2025-07-08	1.4 kB	127 kB	104.21.80.1
youradexchange.com	273384	2012-11-09	2013-02-04	2025-07-04	1.5 kB	3.1 kB	104.18.24.98
thedaddy.click	unknown	2024-11-24	2025-07-08	2025-07-08	1.4 kB	240 kB	104.21.53.22
99cmz4xjv7a9.n4.adsco.re	unknown	2017-02-14	2025-07-08	2025-07-08	460 B	463 B	38.132.109.126
c.adsco.re	16577	2017-02-14	2017-11-29	2025-07-03	511 B	80 kB	104.17.166.186
thedaddy.to	unknown	unknown	2024-10-27	2025-04-08	500 B	237 kB	172.67.171.72
adsco.re	8541	2017-02-14	2017-04-03	2025-07-04	448 B	1.8 kB	162.252.214.5
t.dtscout.com	11951	2013-11-01	2017-01-30	2025-07-04	499 B	2.9 kB	172.67.70.180
www.xadsmart.com	151441	2020-04-18	2020-04-18	2025-07-08	455 B	41 kB	95.173.205.15
6.adsco.re	17812	2017-02-14	2018-01-15	2025-07-03	857 B	997 B	104.17.167.186
top2new.newkso.ru	unknown	2025-04-01	2025-05-02	2025-07-04	553 B	764 B	104.21.45.220
99cmz4xjv7a9.s4.adsco.re	unknown	2017-02-14	2025-07-08	2025-07-08	460 B	463 B	185.200.116.60
za.instrvinea.com	unknown	2025-05-07	2025-06-18	2025-06-18	423 B	1.4 kB	23.109.170.72
99cmz4xjv7a9.l4.adsco.re	unknown	2017-02-14	2025-07-08	2025-07-08	460 B	463 B	185.200.118.62
madurird.com	unknown	2023-10-06	2023-10-07	2025-07-05	817 B	219 kB	139.45.197.106
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-07-02	887 B	544 kB	151.101.65.229
upload.wikimedia.org	2215	2003-03-16	2012-05-21	2025-07-03	465 B	1.8 kB	185.15.59.240
xadsmart.com	85874	2020-04-18	2020-04-19	2025-07-08	1.7 kB	257 B	104.153.197.251
4.adsco.re	19179	2017-02-14	2021-01-04	2025-07-04	857 B	864 B	162.252.214.5

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-07-08 08:06:25	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:25	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:25	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:26	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:26	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:26	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:26	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:26	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:26	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:26	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:26	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:26	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:27	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:27	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:27	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:29	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:29	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:29	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:32	low	Client IP	185.200.118.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:32	low	Client IP	38.132.109.186	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2025-07-08 08:06:32	low	Client IP	185.200.116.90	ET INFO Session Traversal Utilities for NAT (STUN Binding Request)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-07-08	medium	madurird.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (28)

	URL	From	Size	First Seen	Last Seen
	yoxplay.xyz/premiumtv/daddyhd.php?id=749	ScriptElement	52 B	2024-07-11	2025-07-14
Pretty URL yoxplay.xyz/premiumtv/daddyhd.php?id=749 IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-11 01:38 Last Seen2025-07-14 05:55 Times Seen183 Hash 78a6702d966a64ed29eca96bfefed3de cc38ab49fb9cf0b5dfe3639378bd12af22ef1c0c 00f32959faf141840611a9e3f434a6924cbcd843de990bb5df8ad037b9f8d095 Loading...

	yoxplay.xyz/premiumtv/daddyhd.php?id=749	ScriptElement	45 B	2024-07-20	2025-07-14
Pretty URL yoxplay.xyz/premiumtv/daddyhd.php?id=749 IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-20 17:31 Last Seen2025-07-14 05:55 Times Seen172 Hash b50a7599a1cd871d2b379f9ef0b04aa4 66783a5680bbf18a422b0ebf586f787abb91f56f 94ba1e39aa22b534544bd907ddee33191396ded56a47cabf861e12ed65780385 Loading...

	thedaddy.click/embed/stream-749.php	ScriptElement	467 B	2023-03-09	2025-07-14
Pretty URL thedaddy.click/embed/stream-749.php IP 104.21.53.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 01:35 Last Seen2025-07-14 05:57 Times Seen261 Hash f6ca01bb0ca3ebde821544f18ec83583 2e8cbf747f80c79ae8c12b8685556757e813b9db a1d2b03b3b1269adbdcbda20f64807bc730335783a9a90e9fbd743f898fb675c Loading...

	yoxplay.xyz/premiumtv/daddyhd.php?id=749	EventHandler	8 B	2025-07-08	2025-07-08
Pretty URL yoxplay.xyz/premiumtv/daddyhd.php?id=749 IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by eventHandler Embedded in HTML false Observations First Seen2025-07-08 08:06 Last Seen2025-07-08 08:06 Times Seen1 Hash 36f6a1b4d8c35c2ff75a376f6359e350 6c027595c8aca24e868dac9d47d5f1ff258c0b54 28f8364096db7192798cf01edbfc98b228756785b047c017ada0747403758b5e Loading...

	thedaddy.click/embed/stream-749.php	EventHandler	9 B	2025-07-08	2025-07-14
Pretty URL thedaddy.click/embed/stream-749.php IP 104.21.53.22 ASN #13335 CLOUDFLARENET Introduced by eventHandler Embedded in HTML false Observations First Seen2025-07-08 08:06 Last Seen2025-07-14 05:55 Times Seen4 Hash e0a1c0fffd54a51adc01d83b01abc47c 3679a2b04ad12fcabf55dbbfd43b5d6f7a2f7a5f 9604536382ce48ce59397c4a9ffdf06d534c5239bef334130b5da9dcc6dbb500 Loading...

	waust.at/c.js	ScriptElement	1.0 kB	2025-04-16	2025-07-16
Pretty URL waust.at/c.js IP 104.26.4.7 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-16 10:55 Last Seen2025-07-16 02:42 Times Seen37 Hash 1da4c7bb0f7222312108bf4c5a68c022 14ee17f842582996cd4fdea2c5186efbfa30bf1b 8b68a03f3760c4285d41df81b4d452578dd8d10ba8858bb3addf94e58b94467f Loading...

	thedaddy.click/embed/stream-749.php	ScriptElement	197 kB	2025-07-08	2025-07-08
Pretty URL thedaddy.click/embed/stream-749.php IP 104.21.53.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-08 08:06 Last Seen2025-07-08 08:06 Times Seen1 Hash 300ede82f38310f4a91f40dce016aebd f9eb23e376edf5dba83914e7ca020694edb97cf3 08a1e9d2557be4e05c7e4015efcbf0496632855c35f385360d71bd2cafd380fb Loading...

	www.xadsmart.com/gdDaI/Tv/rgmail.min.js	ScriptElement	40 kB	2025-07-08	2025-07-08
Pretty URL www.xadsmart.com/gdDaI/Tv/rgmail.min.js IP 95.173.205.15 ASN #60068 Datacamp Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-08 08:06 Last Seen2025-07-08 08:06 Times Seen1 Hash 98a9692e7dac35e093e1ee7630bfcf37 f8df5e0307592de1d7fdbeba4700d824e2f4d340 e0f9a45beb76772f6568796939258577b939e7339b9fba2d83faf192b84777de Loading...

	madurird.com/tag.min.js	ScriptElement	1.0 kB	2025-07-08	2025-07-14
Pretty URL madurird.com/tag.min.js IP 139.45.197.106 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-08 05:17 Last Seen2025-07-14 05:55 Times Seen16 Hash 96e8032622a9619ab498c1762cc2faaa bb242b6ddc577af9b7104c313131c797d2424c50 676ffa606a0bad4bf3630ac3fd34d5f9716dbb2cf129587c66f4b038698dfdd7 Loading...

	thedaddy.click/embed/stream-749.php	ScriptElement	157 B	2023-03-11	2025-07-14
Pretty URL thedaddy.click/embed/stream-749.php IP 104.21.53.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-11 19:15 Last Seen2025-07-14 05:55 Times Seen214 Hash 60f1798bac26472658ff588720760829 9929b26eeb812be15261ac5aee076e468bf4764f acf1662d0ddc764da1a0a9ca8c14ce6d6a937aecef80b4b0e0426698a24b765d Loading...

	yoxplay.xyz/premiumtv/daddyhd.php?id=749	ScriptElement	2.9 kB	2025-07-04	2025-07-08
Pretty URL yoxplay.xyz/premiumtv/daddyhd.php?id=749 IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-04 15:00 Last Seen2025-07-08 10:55 Times Seen4 Hash e9bca9e882126c77fe8881cbfc25117c f2c69d19fc20dbf0d5a14d904e4815e2ae84501f e8cf2f1f96f53beb2bcc771279f2afe8f9a511e4790ad2372993b51fcd5e19b8 Loading...

	xadsmart.com/wigqajikwswtkhin?KBfbZLaI=BQNyAAAAAAAACZUAAm-hjYOKlTYMoYPt1RZ21mR6MkcUUfSnGVs2_lb_8Raqzz9CugTRgJJprtTNDDdoFm4SnTek45j4Hhc_tgchkkuwZpPAIBjOJmArlvDAAIt3pvZGoT0UWGNvaGoeLThaVj_ahSHj8ECfoQJZaMWdUU920QetEU1ospwP6F-F-fi083sKLUbBN3Ge0yYcYWSpfKFCiaLlXxWwYAieWiuMb01M6el5cCijXxYNcUKRLApWDG8kzEsXge07W2k4ImIRbml62gC72wcem67HIMVCbS8qwbABcgoXPRKFYbFGGtPdM1AsjFcVFTnl_8kbc8Aa7BEWKRu2Q_zOHcgDHTPVc6bEqJz2KOA-A7O-xEyTXNdxwQGK42WStzeTV_-liRQ75JGlxjOdBf0DwSkSuc7tN1l5UynrYwLPAUj0qG-qEIwrMiPSTSviXV7ixaToKRE8ZyJx6yQczLAh_Del-x5mM3JBggi65-nD55CgoaRbcAKdXQqq1DN75Acc1qwkvn8GA7KRpVryusY2epCaPBkEfxfEYI2YqEJnqmdAodLipE6Lc1L1u4C14bCjlGvTJhWr9qYKDDbTK07cELp3i9OjZzld2bQ6eF1mvNnOOpeuvBzJjD2rk720FTUgFEtiREAnuvVoyExC-NMPxjIdqJ1ofhCNd5aaa1yJKBfOEHAti2GjpcTIoTUhKG-w0ZGtUYXQRwqFSMa93_6WjFzSZD8dFXnO7z_vb9W-KtCU053qE1Ez3UcbBAn4V-YI19FQNr1DYsJzmL19VvukDq3IQ384Hp4F7KVSY9GSb7fldT2Bt2mD_kLAqDgHwEe3XWECsDgec3gqhXc4fvJsErK1cLS9MMtEOHwg7RC0kCmMXQ7Jyx_n-trMgQE4RyuexskHvjvfQ27y9qRo45yKqyLJvbEUz5LP7v2oA-9pb4Bi1x8WcammZuEhg43c1uFncPU875hetXWrchWZxs1daiFlG9V2G1f42-HBRhjmSHsyERRNAlJLBdolkwXYeM7XjL9rlwW6XF0rAFiW5F8oP9PufTwQNCwNZZ6LQOVmwHTOSjnjXUVItMkYx0pOPJy1wvO7fuX4HOBlyZc0KGoUizz3yg0ZT1BOzSF-VuLMJlF76q6m361yMWiiw003S-6KRt5-hpN9T4XWT3iTEoCZGjub4bodQbc&pQfEbOSo=4&lNMHAxwq=5153504&snWBMjPr=&qYrcOBEP=0,0&FLerojZI=&DWJUXaHC=&MHmaWDxb=1280,1024,1,1280,1024,0	ScriptElement	44 B	2023-03-07	2025-07-16
Pretty URL xadsmart.com/wigqajikwswtkhin?KBfbZLaI=BQNyAAAAAAAACZUAAm-hjYOKlTYMoYPt1RZ21mR6MkcUUfSnGVs2_lb_8Raqzz9CugTRgJJprtTNDDdoFm4SnTek45j4Hhc_tgchkkuwZpPAIBjOJmArlvDAAIt3pvZGoT0UWGNvaGoeLThaVj_ahSHj8ECfoQJZaMWdUU920QetEU1ospwP6F-F-fi083sKLUbBN3Ge0yYcYWSpfKFCiaLlXxWwYAieWiuMb01M6el5cCijXxYNcUKRLApWDG8kzEsXge07W2k4ImIRbml62gC72wcem67HIMVCbS8qwbABcgoXPRKFYbFGGtPdM1AsjFcVFTnl_8kbc8Aa7BEWKRu2Q_zOHcgDHTPVc6bEqJz2KOA-A7O-xEyTXNdxwQGK42WStzeTV_-liRQ75JGlxjOdBf0DwSkSuc7tN1l5UynrYwLPAUj0qG-qEIwrMiPSTSviXV7ixaToKRE8ZyJx6yQczLAh_Del-x5mM3JBggi65-nD55CgoaRbcAKdXQqq1DN75Acc1qwkvn8GA7KRpVryusY2epCaPBkEfxfEYI2YqEJnqmdAodLipE6Lc1L1u4C14bCjlGvTJhWr9qYKDDbTK07cELp3i9OjZzld2bQ6eF1mvNnOOpeuvBzJjD2rk720FTUgFEtiREAnuvVoyExC-NMPxjIdqJ1ofhCNd5aaa1yJKBfOEHAti2GjpcTIoTUhKG-w0ZGtUYXQRwqFSMa93_6WjFzSZD8dFXnO7z_vb9W-KtCU053qE1Ez3UcbBAn4V-YI19FQNr1DYsJzmL19VvukDq3IQ384Hp4F7KVSY9GSb7fldT2Bt2mD_kLAqDgHwEe3XWECsDgec3gqhXc4fvJsErK1cLS9MMtEOHwg7RC0kCmMXQ7Jyx_n-trMgQE4RyuexskHvjvfQ27y9qRo45yKqyLJvbEUz5LP7v2oA-9pb4Bi1x8WcammZuEhg43c1uFncPU875hetXWrchWZxs1daiFlG9V2G1f42-HBRhjmSHsyERRNAlJLBdolkwXYeM7XjL9rlwW6XF0rAFiW5F8oP9PufTwQNCwNZZ6LQOVmwHTOSjnjXUVItMkYx0pOPJy1wvO7fuX4HOBlyZc0KGoUizz3yg0ZT1BOzSF-VuLMJlF76q6m361yMWiiw003S-6KRt5-hpN9T4XWT3iTEoCZGjub4bodQbc&pQfEbOSo=4&lNMHAxwq=5153504&snWBMjPr=&qYrcOBEP=0,0&FLerojZI=&DWJUXaHC=&MHmaWDxb=1280,1024,1,1280,1024,0 IP 104.153.197.251 ASN #53334 TUT-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17 Last Seen2025-07-16 09:18 Times Seen10894 Hash d5f0a25e4d3522d56d48ce7bc3e518fb 86794caff58f7fee6e684c2ba7195f970a8d6f4c 9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5 Loading...

	madurird.com/tag.min.js	ScriptElement	109 kB	2025-07-07	2025-07-08
Pretty URL madurird.com/tag.min.js IP 139.45.197.106 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-07-07 18:37 Last Seen2025-07-08 10:55 Times Seen16 Hash c307a9c42db8a68bc6ecd5d3415ad0e4 fb4a7b38f81a9143752a8ab2d179f8385f28659b de279915b43e4182a0b000596e56a16f98f8607009db8add1894afff31baeb13 Loading...

	thedaddy.click/embed/stream-749.php	ScriptElement	8.5 kB	2023-07-23	2025-07-14
Pretty URL thedaddy.click/embed/stream-749.php IP 104.21.53.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-23 19:35 Last Seen2025-07-14 05:55 Times Seen161 Hash ff656e6bdffbea98da4df97ff7ae3d21 f742e8d729409184fdaf152c2d2b670d6db7e9ec 9e6e95d6fa2ce522e900a6eb22ef91ae4fa930a9e39e2ca913742d48d0484b68 Loading...

	about:blank	JavascriptURL	5 B	2023-03-07	2025-07-16
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by javascriptURL Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-16 09:18 Times Seen31334 Hash 68934a3e9455fa72420237eb05902327 7cb6efb98ba5972a9b5090dc2e517fe14d12cb04 fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa Loading...

	thedaddy.click/embed/stream-749.php	ScriptElement	950 B	2025-07-08	2025-07-08
Pretty URL thedaddy.click/embed/stream-749.php IP 104.21.53.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-08 08:06 Last Seen2025-07-08 08:06 Times Seen1 Hash 65a5f7b0cfa2c13da9883436bbe8659c ed482e772350a1ed1dee51e14326e888ba5d8a17 340b41482557e64efd5c03c05538f032624d481a4270528504d4070497e61b98 Loading...

	za.instrvinea.com/rItVnbE7Xeat/69521	ScriptElement	5 B	2025-04-24	2025-07-16
Pretty URL za.instrvinea.com/rItVnbE7Xeat/69521 IP 23.109.170.72 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-24 10:17 Last Seen2025-07-16 09:18 Times Seen1489 Hash 848667c49f5d3aef59cd65ed276cd7ae bd12c0ca2dfaa249586f1b9b8d48b02a1b9e3763 cc5a5851251dd8052292557ba0231c51363ff1474f60b7a4af3be144cb1327c8 Loading...

	yoxplay.xyz/premiumtv/daddyhd.php?id=749	EventHandler	11 B	2025-07-08	2025-07-08
Pretty URL yoxplay.xyz/premiumtv/daddyhd.php?id=749 IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by eventHandler Embedded in HTML false Observations First Seen2025-07-08 08:06 Last Seen2025-07-08 08:06 Times Seen1 Hash b16413acaab444daf99a1e8acda550ea 880f4ad2cc388a3a3affca70a965304e06b4853f e52416e23635b98e0f378579f2064eb53c30fda5d66792f13184d34a440a63ac Loading...

	thedaddy.click/embed/stream-749.php	ScriptElement	424 B	2023-03-09	2025-07-14
Pretty URL thedaddy.click/embed/stream-749.php IP 104.21.53.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-09 16:51 Last Seen2025-07-14 05:55 Times Seen76 Hash 0d76eb8dc02861ed102d5d2586f0d82b 55f9121e69e32deb1d9248bd692cdf06e3e76267 81471189f19f3e6d41e33d4f12ba8a5e03b70522fc6c9b0715ec63fdacf35076 Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	1.0 kB	2023-05-26	2025-07-16
Pretty URL code.jquery.com/jquery-3.6.0.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-26 08:35 Last Seen2025-07-16 07:52 Times Seen1689 Hash 87c725e214683adf9b74663ff14946ab ccbe1b6c564d65ad51f1488627d8ea8d1e97e131 93e773869f7f7e03ab47466b60c2b9113b1da6b969d5963c03678e5a4c0e0807 Loading...

	cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js	ScriptElement	1.0 kB	2025-04-08	2025-07-13
Pretty URL cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js IP 151.101.65.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-08 02:16 Last Seen2025-07-13 23:10 Times Seen61 Hash 4692d44b1860b33e430a87c56b6cdc22 ab49192fc1912cab78a1b6cfe12e00afafca8100 c7c3cddd2d4c88819bed5b3ce8964a258534be4a2ad17cba9587424a7a10cc42 Loading...

	thedaddy.click/embed/stream-749.php	ScriptElement	28 kB	2025-07-08	2025-07-14
Pretty URL thedaddy.click/embed/stream-749.php IP 104.21.53.22 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-08 08:06 Last Seen2025-07-14 05:55 Times Seen4 Hash e214a7584bd935442f48a4b2d3b4249b 3b147f379d15bfcb949e36cbcdfc7d29942db2bb 1bc558bf6c75e531782bf6d8ceff79c5f405b843a194fbe4309a29f8802e2148 Loading...

	yoxplay.xyz/premiumtv/daddyhd.php?id=749	ScriptElement	28 kB	2025-07-08	2025-07-08
Pretty URL yoxplay.xyz/premiumtv/daddyhd.php?id=749 IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-07-08 08:06 Last Seen2025-07-08 08:06 Times Seen1 Hash 5ed1aa5af68964aea9814cd0ccff74bd c07a48f31e1ac61c4eabbe42284e52fd80e6333f 280218dbe46beb29463624ad7b5b615dce77c5a8313e070cdfd3bda589ee22ff Loading...

	c.adsco.re/#0.8813272294364329	ScriptElement	486 B	2023-03-07	2025-07-16
Pretty URL c.adsco.re/#0.8813272294364329 IP 104.17.166.186 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-07-16 09:18 Times Seen2029 Hash 77c8287be10ff4b66a8490ca4d999917 7fccb364c5e22958503bcd8b92cdb648d5c4c96e c2d43195d015b5856873b3b0c6e717ee21599ca3f03f820b7c325f27b9b6a31d Loading...

	cdn.jsdelivr.net/npm/disable-devtool@latest/disable-devtool.min.js	ScriptElement	1.0 kB	2024-08-20	2025-07-13
Pretty URL cdn.jsdelivr.net/npm/disable-devtool@latest/disable-devtool.min.js IP 151.101.65.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 17:58 Last Seen2025-07-13 23:10 Times Seen88 Hash e12fedc7e315e996fa3cbee1c5ade178 ef1e6d083fc24f4fabf59b63d86a703b5af4b7aa 6ec537d8fa199eb276afac7ea46845f4192c7707958617fb0cced4503e730216 Loading...

	about:blank	JavascriptURL	5 B	2023-03-07	2025-07-16
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by javascriptURL Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-16 09:18 Times Seen31334 Hash 68934a3e9455fa72420237eb05902327 7cb6efb98ba5972a9b5090dc2e517fe14d12cb04 fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa Loading...

	thedaddy.click/embed/stream-749.php	EventHandler	9 B	2025-05-31	2025-07-14
Pretty URL thedaddy.click/embed/stream-749.php IP 104.21.53.22 ASN #13335 CLOUDFLARENET Introduced by eventHandler Embedded in HTML false Observations First Seen2025-05-31 20:41 Last Seen2025-07-14 05:55 Times Seen5 Hash 175286414dd8b9b41ed8253795c165a6 4794ba3180f1cdcc7e4d5c0067b8062387cbd422 e792f04ee4ea814167ae4d72b80f493d57a2a2c49e4307365c993896dfbb7fe8 Loading...

	yoxplay.xyz/premiumtv/daddyhd.php?id=749	ScriptElement	332 B	2025-04-16	2025-07-16
Pretty URL yoxplay.xyz/premiumtv/daddyhd.php?id=749 IP 104.21.80.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-16 10:55 Last Seen2025-07-16 02:42 Times Seen53 Hash 5a774e3f3f50d990ee426b47a7a5e033 9aa8984d60feb823b28791881bf02f3a0e9caf1c b869dcaa9146835641bfdf2eb8f89a7333dfb5b3e3acb61cf77f5bdc1488c281 Loading...

HTTP Transactions (33)

URL IP Response Size

GET daddylive.mp/embed/stream-749.php

104.21.48.143

301 Moved Permanently

237 kB

URL User Request GET
daddylive.mp/embed/stream-749.php
IP
104.21.48.143:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectdaddylive.mp
FingerprintA1:2D:99:12:A7:F9:C1:87:18:38:82:7B:63:0D:28:46:F4:AB:A8:00
ValidityThu, 29 May 2025 22:27:26 GMT - Wed, 27 Aug 2025 23:25:12 GMT

File type

Size
237 kB (236890 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /embed/stream-749.php HTTP/1.1
Host: daddylive.mp
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 08 Jul 2025 08:06:21 GMT
content-type: text/html
content-length: 167
location: https://thedaddy.click/embed/stream-749.php
cache-control: max-age=3600
expires: Tue, 08 Jul 2025 09:06:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H2pZJtc6D2FJO%2BGv7WumBSGcP%2BFo8uOuea2lX4ykMB9W2o66FNiR2T2wBsOWbyisU8xW5Paz1HUWc2TSoxtl55v7dq3yqy2OBIXpCaZPtAjzZgv%2BN5%2Bxj2gcT5%2BYsuY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
speculation-rules: "/cdn-cgi/speculation"
server: cloudflare
cf-ray: 95be14ed6d6856c7-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfOrigin;dur=0,cfEdge;dur=30, cfL4;desc="?proto=TCP&rtt=969&min_rtt=454&rtt_var=732&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3276&recv_bytes=1262&delivery_rate=2637522&cwnd=254&unsent_bytes=0&cid=a06b6d24603d7d3c&ts=57&x=0"
X-Firefox-Spdy: h2

GET madurird.com/tag.min.js

139.45.197.106

200 OK

109 kB

URL GET
madurird.com/tag.min.js
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerLet's Encrypt
Subjectmadurird.com
Fingerprint09:91:C5:C7:5D:1D:EE:65:92:6D:A8:CB:EF:8C:E0:02:50:27:22:09
ValidityTue, 08 Jul 2025 05:31:00 GMT - Mon, 06 Oct 2025 05:30:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
109 kB (108595 bytes)
Hash
c307a9c42db8a68bc6ecd5d3415ad0e4
fb4a7b38f81a9143752a8ab2d179f8385f28659b
de279915b43e4182a0b000596e56a16f98f8607009db8add1894afff31baeb13

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: madurird.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 08 Jul 2025 08:06:22 GMT
content-type: application/javascript
x-trace-id: 73c87a60d807553c406a235f1755c7ec
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET waust.at/c.js

104.26.4.7

200 OK

12 kB

URL GET
waust.at/c.js
IP
104.26.4.7:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yoxplay.xyz/premiumtv/daddyhd.php?id=749
Certificate
IssuerGoogle Trust Services
Subjectwaust.at
Fingerprint83:0A:BB:EA:89:E1:09:05:05:D3:44:92:81:62:75:4B:35:61:DA:4D
ValiditySat, 21 Jun 2025 14:12:03 GMT - Fri, 19 Sep 2025 15:11:40 GMT

File type
JavaScript source, ASCII text, with very long lines (12117), with no line terminators
Size
12 kB (12117 bytes)
Hash
7f167017c3edca98e152e2ad7e547032
cbcbd0f11bd2f552cdd87cf1947fadc2b7371681
52784de24aa1b312200cd6262ccecb5983c443290f1fe8d01790199be351b02d

HTTP Headers

GET /c.js HTTP/1.1
Host: waust.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yoxplay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 08:06:22 GMT
content-type: application/x-javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Thu, 12 Jun 2025 10:31:47 GMT
etag: W/"684aac93-2f55"
expires: Wed, 09 Jul 2025 07:24:25 GMT
cache-control: max-age=86400
access-control-allow-origin: *
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 2517
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Pk85gw528URTPJU6HRhdTQVSGGQxW9iR5ECBXLVI3k1pQdfWDsIoU%2FxmPrL8Uk0rSuMYqYPnGiVe4L%2Bb1y4M2tcLHSEZ"}]}
cf-ray: 95be14f81fcc0b02-OSL
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js

151.101.65.229

200 OK

525 kB

URL GET
cdn.jsdelivr.net/npm/clappr@latest/dist/clappr.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://yoxplay.xyz/premiumtv/daddyhd.php?id=749
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4
ValidityMon, 02 Jun 2025 15:43:52 GMT - Sat, 04 Jul 2026 15:43:51 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
525 kB (525081 bytes)
Hash
f55c6c796275a41ce7d97bd160e648ff
936285f9c8c85a749a1ef8cfc4d5e84b7ea2bc89
db7ce4b1edd2c3701c3f2585f7cbd70857173195489a99703ab39de16fa45b6c

HTTP Headers

GET /npm/clappr@latest/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yoxplay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.3.13
x-jsd-version-type: version
etag: W/"80319-k2KF+cjIWnSaHvjPxNXoS36ivIk"
content-encoding: br
accept-ranges: bytes
age: 31875
date: Tue, 08 Jul 2025 08:06:22 GMT
x-served-by: cache-fra-etou8220029-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 145133
X-Firefox-Spdy: h2

GET yoxplay.xyz/blast.js

104.21.80.1

200 OK

78 kB

URL GET
yoxplay.xyz/blast.js
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yoxplay.xyz/premiumtv/daddyhd.php?id=749
Certificate
IssuerGoogle Trust Services
Subjectyoxplay.xyz
Fingerprint34:09:C9:63:C8:15:81:12:94:D6:7B:DB:77:32:01:78:AD:EA:57:A6
ValidityFri, 13 Jun 2025 14:09:17 GMT - Thu, 11 Sep 2025 15:06:32 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
78 kB (77888 bytes)
Hash
091faec928970e76d37a3601c19fcf8a
6441e8eebe90eb8d4a40e7c25440ff99caba3520
eb06375118b1eb73f43b8f1851472008f84999a1b27359c075bf5da6feef9a12

HTTP Headers

GET /blast.js HTTP/1.1
Host: yoxplay.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yoxplay.xyz/premiumtv/daddyhd.php?id=749
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 08 Jul 2025 08:06:23 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ZL17w4vViLJcMWWBHg6O36bw%2B3%2FrwHyfGqH41kvduqCvICs94d3wKhQDbQsOB3tVSFZ4CDhLjewJ7%2FJo%2FNyn0v2GNSL8ZR%2F3%2FjQN4pu%2BykcVe5ABTqDYDw8KN0B%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Thu, 17 Oct 2024 06:47:40 GMT
etag: W/"6710b30c-13040"
access-control-allow-origin: *
age: 1898
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 95be14fa0c9456c9-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8984&min_rtt=4261&rtt_var=8302&sent=30&recv=34&lost=0&retrans=0&sent_bytes=6672&recv_bytes=2731&delivery_rate=389169&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=18779&unsent_bytes=0&cid=4d14ea798dea95ed&ts=654&inflight_dur=64&x=40"

GET youradexchange.com/script/interstitial.php?r=9830542&srs=fcded8a2cb180546b1cb1d0635f31562&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2Fthedaddy.click%2Fembed%2Fstream-749.php&atv=62.4&cbref=&pblcz=6707202&abtg=1&adbv=3-cdn-js

104.18.24.98

200 OK

1.4 kB

URL GET
youradexchange.com/script/interstitial.php?r=9830542&srs=fcded8a2cb180546b1cb1d0635f31562&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2Fthedaddy.click%2Fembed%2Fstream-749.php&atv=62.4&cbref=&pblcz=6707202&abtg=1&adbv=3-cdn-js
IP
104.18.24.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerGoogle Trust Services
Subjectyouradexchange.com
Fingerprint5D:6F:35:ED:36:A9:D9:F7:69:BE:71:FD:6E:3A:C4:28:3D:88:9D:58
ValiditySun, 01 Jun 2025 20:52:12 GMT - Sat, 30 Aug 2025 21:51:56 GMT

File type
JSON text data
Size
1.4 kB (1388 bytes)
Hash
56b4dded9150bf3f02fc9b4767f4db82
9bc9fdbc000e11a8a356d99fef6eaae1cfc043db
b39d8736d25e412d46c37cbd7a5139167ce0b862a705cdccf0d42afeb64d613e

HTTP Headers

GET /script/interstitial.php?r=9830542&srs=fcded8a2cb180546b1cb1d0635f31562&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&cbpage=https%3A%2F%2Fthedaddy.click%2Fembed%2Fstream-749.php&atv=62.4&cbref=&pblcz=6707202&abtg=1&adbv=3-cdn-js HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thedaddy.click/
Origin: https://thedaddy.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 08:06:26 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
vary: accept-encoding
server: cloudflare
cf-ray: 95be150c7c3f56a9-OSL
X-Firefox-Spdy: h2

GET yoxplay.xyz/premiumtv/daddyhd.php?id=749

104.21.80.1

200 OK

47 kB

URL GET
yoxplay.xyz/premiumtv/daddyhd.php?id=749
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerGoogle Trust Services
Subjectyoxplay.xyz
Fingerprint34:09:C9:63:C8:15:81:12:94:D6:7B:DB:77:32:01:78:AD:EA:57:A6
ValidityFri, 13 Jun 2025 14:09:17 GMT - Thu, 11 Sep 2025 15:06:32 GMT

File type
JavaScript source, ASCII text, with very long lines (28183), with CRLF, LF line terminators
Size
47 kB (46714 bytes)
Hash
e7a454010fc0d2bc736696a234dd5d03
1c5bbc2df6dad076601c22dd0b2ad0ce66dd520e
2c05f03691b5ab0c3137e661ed88f623565889c4ff1256cee8cad0ad0122baa8

HTTP Headers

GET /premiumtv/daddyhd.php?id=749 HTTP/1.1
Host: yoxplay.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 08:06:22 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-cache: BYPASS
videocdnx: NO
node: PHP
cache-control: public, max-age=30, immutable, no-transform
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=O5SGLIwfQ%2BzfyYPrM4c%2BbWONghjtA8AJ4Aa9iRDx%2BgAJu%2Fxb2kNwLAzVEMnSxfQfjNwmRryqRqC%2FqTdYQ4bQYNXanm6dsIldqQ%3D%3D"}]}
cf-ray: 95be14f4bf480b59-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET madurird.com/tag.min.js

139.45.197.106

200 OK

109 kB

URL GET
madurird.com/tag.min.js
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://yoxplay.xyz/premiumtv/daddyhd.php?id=749
Certificate
IssuerLet's Encrypt
Subjectmadurird.com
Fingerprint09:91:C5:C7:5D:1D:EE:65:92:6D:A8:CB:EF:8C:E0:02:50:27:22:09
ValidityTue, 08 Jul 2025 05:31:00 GMT - Mon, 06 Oct 2025 05:30:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
109 kB (108595 bytes)
Hash
c307a9c42db8a68bc6ecd5d3415ad0e4
fb4a7b38f81a9143752a8ab2d179f8385f28659b
de279915b43e4182a0b000596e56a16f98f8607009db8add1894afff31baeb13

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: madurird.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yoxplay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 08 Jul 2025 08:06:22 GMT
content-type: application/javascript
x-trace-id: 323be2797f3ae94cbf219f59d7b8ffc0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

GET upload.wikimedia.org/wikipedia/commons/2/21/Speaker_Icon.svg

185.15.59.240

200 OK

514 B

URL GET
upload.wikimedia.org/wikipedia/commons/2/21/Speaker_Icon.svg
IP
185.15.59.240:443
ASN
#14907 WIKIMEDIA

Requested by
https://yoxplay.xyz/premiumtv/daddyhd.php?id=749
Certificate
IssuerGoogle Trust Services
Subject*.wikipedia.org
Fingerprint50:9E:CB:72:63:95:4B:01:E2:0D:8D:FF:06:CE:45:8D:C1:F0:38:C7
ValidityFri, 23 May 2025 12:35:52 GMT - Thu, 21 Aug 2025 12:35:51 GMT

File type
SVG Scalable Vector Graphics image
Size
514 B (514 bytes)
Hash
1e965f9ca6bac55c4bfece8dabe6fa47
ea28e0f6d1a42bd7f2ab416bcf2a9fd0dde55fab
70e589ae4b79586ddd4eadd1ac8b501d64ab0433c2038c92e945fbb6195ad7a9

HTTP Headers

GET /wikipedia/commons/2/21/Speaker_Icon.svg HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yoxplay.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 07 Jul 2025 09:22:49 GMT
server: ATS/9.2.11
etag: W/1e965f9ca6bac55c4bfece8dabe6fa47
content-type: image/svg+xml
x-object-meta-sha1base36: rcosig5pk1fefnugtbiewl19zhtt86j
last-modified: Wed, 28 Aug 2019 18:11:18 GMT
content-encoding: gzip
age: 81813
accept-ranges: bytes
x-cache: cp3076 hit, cp3076 hit/13990
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3076"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
set-cookie: WMF-Uniq=nAOinL7t7BWRG1clRvjTxgIqAAAAAFvd3LqOc3TEGoc-T-W7WMffBi-Son5aJFsg;Domain=upload.wikimedia.org;Path=/;HttpOnly;secure;SameSite=None;Expires=Wed, 08 Jul 2026 00:00:00 GMT
content-length: 328
X-Firefox-Spdy: h2

HEAD yoxplay.xyz/premiumtv/daddyhd.php?id=749

104.21.80.1

200 OK

0 B

URL HEAD
yoxplay.xyz/premiumtv/daddyhd.php?id=749
IP
104.21.80.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yoxplay.xyz/premiumtv/daddyhd.php?id=749
Certificate
IssuerGoogle Trust Services
Subjectyoxplay.xyz
Fingerprint34:09:C9:63:C8:15:81:12:94:D6:7B:DB:77:32:01:78:AD:EA:57:A6
ValidityFri, 13 Jun 2025 14:09:17 GMT - Thu, 11 Sep 2025 15:06:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /premiumtv/daddyhd.php?id=749 HTTP/1.1
Host: yoxplay.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yoxplay.xyz/premiumtv/daddyhd.php?id=749
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 08 Jul 2025 08:06:22 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ahpPj9FDCg6w1x8xJqZII60C4q4c5fO1I%2BW%2BcRrSIrLQDWVOxJABBLxq7IGzxre8JT9EEOnlyLPLIp64CT3HTsoSoSiFTauLTGoBwWu0NHV17y%2B%2FHnm7dMPyTzJbiw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache: BYPASS
videocdnx: NO
node: PHP
cache-control: public, max-age=30, immutable, no-transform
cf-cache-status: DYNAMIC
cf-ray: 95be14f84c7056c9-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6854&min_rtt=4261&rtt_var=5389&sent=28&recv=32&lost=0&retrans=0&sent_bytes=5920&recv_bytes=2424&delivery_rate=389169&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=18053&unsent_bytes=0&cid=4d14ea798dea95ed&ts=501&inflight_dur=40&x=40"

GET 4.adsco.re:2087/

162.252.214.5

200 OK

45 B

URL GET
4.adsco.re:2087/
IP
162.252.214.5:2087
ASN
#53334 TUT-AS

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerSectigo Limited
Subject*.adsco.re
Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
45 B (45 bytes)
Hash
5b41cb22f84f645a103acc7bfbf084ff
bac3967b26d5ec4a0d09a580714e8219796816bd
709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc

HTTP Headers

GET / HTTP/1.1
Host: 4.adsco.re:2087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thedaddy.click
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 08 Jul 2025 08:06:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://thedaddy.click
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip

GET 6.adsco.re/

104.17.167.186

200 OK

45 B

URL GET
6.adsco.re/
IP
104.17.167.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerSectigo Limited
Subject*.adsco.re
Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
45 B (45 bytes)
Hash
5b41cb22f84f645a103acc7bfbf084ff
bac3967b26d5ec4a0d09a580714e8219796816bd
709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc

HTTP Headers

GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thedaddy.click
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 08:06:25 GMT
content-type: text/plain;charset=UTF-8
content-length: 45
access-control-allow-origin: https://thedaddy.click
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 95be1507ead1b4ee-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET top2new.newkso.ru/auth.php?channel_id=premium749&ts=1751961982&rnd=2c7fa6d6&sig=3304cd794327d4efc4bf546308784301169fa465869ae366838e686aa85e5cd1

104.21.45.220

200 OK

15 B

URL GET
top2new.newkso.ru/auth.php?channel_id=premium749&ts=1751961982&rnd=2c7fa6d6&sig=3304cd794327d4efc4bf546308784301169fa465869ae366838e686aa85e5cd1
IP
104.21.45.220:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yoxplay.xyz/premiumtv/daddyhd.php?id=749
Certificate
IssuerGoogle Trust Services
Subjectnewkso.ru
Fingerprint78:B2:4A:4F:8C:08:64:EB:8E:09:91:88:03:A6:48:32:B4:4C:06:29
ValidityFri, 30 May 2025 17:30:46 GMT - Thu, 28 Aug 2025 18:29:06 GMT

File type
JSON text data
Size
15 B (15 bytes)
Hash
0f0479874bf6f4a7281099b15df27c27
55a490e280d48996e564d00492437eb17faadd28
a29ee2b15c494311c52521766e44af56a3ad2248e7a8ab465e5206463c13d288

HTTP Headers

GET /auth.php?channel_id=premium749&ts=1751961982&rnd=2c7fa6d6&sig=3304cd794327d4efc4bf546308784301169fa465869ae366838e686aa85e5cd1 HTTP/1.1
Host: top2new.newkso.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://yoxplay.xyz/
Origin: https://yoxplay.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 08:06:23 GMT
content-type: application/json
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, no-store, must-revalidate
a-php-lb-cache: MISS
x-lb-cache: MISS
cf-cache-status: MISS
last-modified: Tue, 08 Jul 2025 08:06:23 GMT
vary: accept-encoding
access-control-allow-origin: *
no-cache: no-cache
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=3cOr8mlJriv6OvwOQ4pmav9HzQKrdX8qBTwZS4qrdAgRPb%2BFJgA%2BJVwVY6peiW7dPBwCUAyq%2BTk2baL6cY8MeWe6T%2FZrAQQ%2Fx4daZ8PhaA%3D%3D"}]}
content-encoding: br
cf-ray: 95be14fb59795699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET 4.adsco.re/

162.252.214.5

200 OK

45 B

URL GET
4.adsco.re/
IP
162.252.214.5:443
ASN
#53334 TUT-AS

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerSectigo Limited
Subject*.adsco.re
Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
45 B (45 bytes)
Hash
5b41cb22f84f645a103acc7bfbf084ff
bac3967b26d5ec4a0d09a580714e8219796816bd
709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc

HTTP Headers

GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thedaddy.click
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 08 Jul 2025 08:06:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://thedaddy.click
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip

POST 99cmz4xjv7a9.s4.adsco.re/

185.200.116.60

200 OK

0 B

URL POST
99cmz4xjv7a9.s4.adsco.re/
IP
185.200.116.60:443
ASN
#9009 M247 Europe SRL

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerLet's Encrypt
Subject*.s4.adsco.re
FingerprintCD:E3:30:8E:24:D4:56:97:9B:37:D3:2E:69:DE:B3:63:95:43:9A:83
ValidityThu, 19 Jun 2025 09:14:19 GMT - Wed, 17 Sep 2025 09:14:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST / HTTP/1.1
Host: 99cmz4xjv7a9.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://thedaddy.click
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 08 Jul 2025 08:06:26 GMT
content-type: text/html
content-length: 0
last-modified: Tue, 03 Oct 2023 13:29:59 GMT
etag: "651c1757-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2

GET thedaddy.click/embed/stream-749.php

104.21.53.22

200 OK

237 kB

URL User Request GET
thedaddy.click/embed/stream-749.php
IP
104.21.53.22:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectthedaddy.click
FingerprintA8:F5:D2:AC:F8:EF:6A:46:75:D4:FB:B5:99:68:3A:48:C0:80:76:6E
ValidityTue, 20 May 2025 18:03:21 GMT - Mon, 18 Aug 2025 19:00:39 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (47505), with LF, NEL line terminators
Size
237 kB (236890 bytes)
Hash
d37b929e6ec0e580bf25cc5a3a5564dc
12ade9bf4bffbb640d57d6dc067e7b57b642ce09
710085e496500af5470273f50f1f6d005f3acce3e339e8981ce708ab9c889cbd

HTTP Headers

GET /embed/stream-749.php HTTP/1.1
Host: thedaddy.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 08:06:21 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Accept-Encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qdBJmSP6bW8vKYXA6d%2FZhZme8o5a1DXoFJEB2jM31iAFucWufLqVLo827FGS8kiRKv5Jskm6R3kJAydkKJ6hrFU6O0tXP4vR3TrFWg%3D%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 95be14ee0c8656ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET za.instrvinea.com/rItVnbE7Xeat/69521

23.109.170.72

200 OK

5 B

URL GET
za.instrvinea.com/rItVnbE7Xeat/69521
IP
23.109.170.72:443
ASN
#7979 SERVERS-COM

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerLet's Encrypt
Subjectza.instrvinea.com
FingerprintB3:A8:89:58:8D:28:0E:0A:43:C9:37:3F:68:6D:AD:84:38:A2:63:6E
ValidityWed, 07 May 2025 07:31:43 GMT - Tue, 05 Aug 2025 07:31:42 GMT

File type
ASCII text, with no line terminators
Size
5 B (5 bytes)
Hash
848667c49f5d3aef59cd65ed276cd7ae
bd12c0ca2dfaa249586f1b9b8d48b02a1b9e3763
cc5a5851251dd8052292557ba0231c51363ff1474f60b7a4af3be144cb1327c8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rItVnbE7Xeat/69521 HTTP/1.1
Host: za.instrvinea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 08 Jul 2025 08:06:22 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://thedaddy.click
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Wed, 09-Jul-2025 08:06:22 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Wed, 09-Jul-2025 08:06:22 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

POST usrpubtrk.com/ut/hb.php?cb=0.8017995653945955&v=1

104.21.92.33

204 No Content

0 B

URL POST
usrpubtrk.com/ut/hb.php?cb=0.8017995653945955&v=1
IP
104.21.92.33:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerGoogle Trust Services
Subjectusrpubtrk.com
Fingerprint73:D3:CF:85:0F:63:93:DD:FC:EC:C6:A5:AD:25:E8:9F:46:71:26:ED
ValidityMon, 16 Jun 2025 11:32:07 GMT - Sun, 14 Sep 2025 12:30:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /ut/hb.php?cb=0.8017995653945955&v=1 HTTP/1.1
Host: usrpubtrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 817
Origin: https://thedaddy.click
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Tue, 08 Jul 2025 08:06:22 GMT
server: cloudflare
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zQDpGQ8l6ve4U%2FZ7rqv8Qpp0DQfCBe1KxTovBBvK496KRUQQNEwNSJ7wRTGQKPos0jLLFz4pMwPE922yrany9U11L2j8nHnvnxBw"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-ray: 95be14f6afb656a3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

POST 99cmz4xjv7a9.l4.adsco.re/

185.200.118.62

200 OK

0 B

URL POST
99cmz4xjv7a9.l4.adsco.re/
IP
185.200.118.62:443
ASN
#9009 M247 Europe SRL

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerLet's Encrypt
Subject*.l4.adsco.re
Fingerprint76:AD:98:EA:A8:8F:6F:6D:58:92:36:07:6D:91:B6:67:41:97:C1:4E
ValiditySat, 19 Apr 2025 09:14:33 GMT - Fri, 18 Jul 2025 09:14:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST / HTTP/1.1
Host: 99cmz4xjv7a9.l4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://thedaddy.click
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 08 Jul 2025 08:06:25 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 02 Jun 2023 14:03:32 GMT
etag: "6479f6b4-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2

POST adsco.re/p

162.252.214.5

200 OK

1.2 kB

URL POST
adsco.re/p
IP
162.252.214.5:443
ASN
#53334 TUT-AS

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerSectigo Limited
Subject*.adsco.re
Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT

File type
ASCII text, with very long lines (1191), with no line terminators
Size
1.2 kB (1191 bytes)
Hash
813b698b5e0b06b3ebab3c1ffe1d7410
10fc5f4594a694c83cb34e72ebe6e55101c6fdd5
6b8df894ad7335b492712905e020fad4b811b7434f0950a77f0f58b0c0bbb669

HTTP Headers

POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1517
Origin: https://thedaddy.click
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 08 Jul 2025 08:06:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK nyc123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Accept-CH: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
Access-Control-Allow-Origin: https://thedaddy.click
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

GET code.jquery.com/jquery-3.6.0.min.js

151.101.66.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://yoxplay.xyz/premiumtv/daddyhd.php?id=749
Certificate
IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yoxplay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 08 Jul 2025 08:06:22 GMT
age: 1278984
x-served-by: cache-lga21931-LGA, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 9622
x-timer: S1751961983.778207,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

POST oamsedsaiph.net/5/6712285/?oo=1&js_build=iclick-v1.1482.0&dmn=madurird.com&tt=2&ix=0

139.45.195.9

204 No Content

0 B

URL POST
oamsedsaiph.net/5/6712285/?oo=1&js_build=iclick-v1.1482.0&dmn=madurird.com&tt=2&ix=0
IP
139.45.195.9:443
ASN
#9002 RETN Limited

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerLet's Encrypt
Subjectoamsedsaiph.net
FingerprintDE:D8:F0:3D:9C:E8:22:B5:A9:2B:DB:CF:ED:EB:34:A7:81:7E:67:CE
ValidityFri, 25 Apr 2025 09:17:16 GMT - Thu, 24 Jul 2025 09:17:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /5/6712285/?oo=1&js_build=iclick-v1.1482.0&dmn=madurird.com&tt=2&ix=0 HTTP/1.1
Host: oamsedsaiph.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2623
Origin: https://thedaddy.click
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Tue, 08 Jul 2025 08:06:24 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://thedaddy.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

GET 6.adsco.re:2087/

104.17.167.186

200 OK

45 B

URL GET
6.adsco.re:2087/
IP
104.17.167.186:2087
ASN
#13335 CLOUDFLARENET

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerSectigo Limited
Subject*.adsco.re
Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
45 B (45 bytes)
Hash
5b41cb22f84f645a103acc7bfbf084ff
bac3967b26d5ec4a0d09a580714e8219796816bd
709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc

HTTP Headers

GET / HTTP/1.1
Host: 6.adsco.re:2087
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thedaddy.click
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 08:06:25 GMT
content-type: text/plain;charset=UTF-8
content-length: 45
access-control-allow-origin: https://thedaddy.click
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 95be1507ec5956ca-OSL
alt-svc: h3=":2087"; ma=86400
X-Firefox-Spdy: h2

GET youradexchange.com/script/suurl5.php?r=6707202&cbur=0.7913877975452187&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Fthedaddy.click%2Fembed%2Fstream-749.php&cbref=&cbdescription=&cbkeywords=&cbcdn=ocpydtjcvcxug.site&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1751961982090&srs=fcded8a2cb180546b1cb1d0635f31562&atv=62.4&abtg=1&adbv=3-cdn-js

104.18.24.98

200 OK

973 B

URL GET
youradexchange.com/script/suurl5.php?r=6707202&cbur=0.7913877975452187&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Fthedaddy.click%2Fembed%2Fstream-749.php&cbref=&cbdescription=&cbkeywords=&cbcdn=ocpydtjcvcxug.site&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1751961982090&srs=fcded8a2cb180546b1cb1d0635f31562&atv=62.4&abtg=1&adbv=3-cdn-js
IP
104.18.24.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerGoogle Trust Services
Subjectyouradexchange.com
Fingerprint5D:6F:35:ED:36:A9:D9:F7:69:BE:71:FD:6E:3A:C4:28:3D:88:9D:58
ValiditySun, 01 Jun 2025 20:52:12 GMT - Sat, 30 Aug 2025 21:51:56 GMT

File type
JSON text data
Size
973 B (973 bytes)
Hash
83f176bb76c4efcc571c0ee8ed6ae006
ccbfbec050e13870bde01532d247db19cabe5e61
dc92669472f28e4a2320459fe441e1254dc58e807fa804114f784c5c29d4bb57

HTTP Headers

GET /script/suurl5.php?r=6707202&cbur=0.7913877975452187&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Fthedaddy.click%2Fembed%2Fstream-749.php&cbref=&cbdescription=&cbkeywords=&cbcdn=ocpydtjcvcxug.site&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1751961982090&srs=fcded8a2cb180546b1cb1d0635f31562&atv=62.4&abtg=1&adbv=3-cdn-js HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://thedaddy.click/
Origin: https://thedaddy.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 08:06:22 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, OPTIONS
content-encoding: gzip
via: 1.1 google
cf-cache-status: DYNAMIC
vary: accept-encoding
server: cloudflare
cf-ray: 95be14f45c6456a9-OSL
X-Firefox-Spdy: h2

POST 99cmz4xjv7a9.n4.adsco.re/

38.132.109.126

200 OK

0 B

URL POST
99cmz4xjv7a9.n4.adsco.re/
IP
38.132.109.126:443
ASN
#9009 M247 Europe SRL

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerLet's Encrypt
Subject*.n4.adsco.re
Fingerprint4D:DD:91:35:47:42:EC:48:83:34:7C:65:94:27:32:74:C7:40:5B:5E
ValidityThu, 19 Jun 2025 09:14:20 GMT - Wed, 17 Sep 2025 09:14:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST / HTTP/1.1
Host: 99cmz4xjv7a9.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://thedaddy.click
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 08 Jul 2025 08:06:25 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 16 Jun 2023 08:37:42 GMT
etag: "648c1f56-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2

GET xadsmart.com/wigqajikwswtkhin?KBfbZLaI=BQNyAAAAAAAACZUAAm-hjYOKlTYMoYPt1RZ21mR6MkcUUfSnGVs2_lb_8Raqzz9CugTRgJJprtTNDDdoFm4SnTek45j4Hhc_tgchkkuwZpPAIBjOJmArlvDAAIt3pvZGoT0UWGNvaGoeLThaVj_ahSHj8ECfoQJZaMWdUU920QetEU1ospwP6F-F-fi083sKLUbBN3Ge0yYcYWSpfKFCiaLlXxWwYAieWiuMb01M6el5cCijXxYNcUKRLApWDG8kzEsXge07W2k4ImIRbml62gC72wcem67HIMVCbS8qwbABcgoXPRKFYbFGGtPdM1AsjFcVFTnl_8kbc8Aa7BEWKRu2Q_zOHcgDHTPVc6bEqJz2KOA-A7O-xEyTXNdxwQGK42WStzeTV_-liRQ75JGlxjOdBf0DwSkSuc7tN1l5UynrYwLPAUj0qG-qEIwrMiPSTSviXV7ixaToKRE8ZyJx6yQczLAh_Del-x5mM3JBggi65-nD55CgoaRbcAKdXQqq1DN75Acc1qwkvn8GA7KRpVryusY2epCaPBkEfxfEYI2YqEJnqmdAodLipE6Lc1L1u4C14bCjlGvTJhWr9qYKDDbTK07cELp3i9OjZzld2bQ6eF1mvNnOOpeuvBzJjD2rk720FTUgFEtiREAnuvVoyExC-NMPxjIdqJ1ofhCNd5aaa1yJKBfOEHAti2GjpcTIoTUhKG-w0ZGtUYXQRwqFSMa93_6WjFzSZD8dFXnO7z_vb9W-KtCU053qE1Ez3UcbBAn4V-YI19FQNr1DYsJzmL19VvukDq3IQ384Hp4F7KVSY9GSb7fldT2Bt2mD_kLAqDgHwEe3XWECsDgec3gqhXc4fvJsErK1cLS9MMtEOHwg7RC0kCmMXQ7Jyx_n-trMgQE4RyuexskHvjvfQ27y9qRo45yKqyLJvbEUz5LP7v2oA-9pb4Bi1x8WcammZuEhg43c1uFncPU875hetXWrchWZxs1daiFlG9V2G1f42-HBRhjmSHsyERRNAlJLBdolkwXYeM7XjL9rlwW6XF0rAFiW5F8oP9PufTwQNCwNZZ6LQOVmwHTOSjnjXUVItMkYx0pOPJy1wvO7fuX4HOBlyZc0KGoUizz3yg0ZT1BOzSF-VuLMJlF76q6m361yMWiiw003S-6KRt5-hpN9T4XWT3iTEoCZGjub4bodQbc&pQfEbOSo=4&lNMHAxwq=5153504&snWBMjPr=&qYrcOBEP=0,0&FLerojZI=&DWJUXaHC=&MHmaWDxb=1280,1024,1,1280,1024,0

104.153.197.251

200 OK

44 B

URL GET
xadsmart.com/wigqajikwswtkhin?KBfbZLaI=BQNyAAAAAAAACZUAAm-hjYOKlTYMoYPt1RZ21mR6MkcUUfSnGVs2_lb_8Raqzz9CugTRgJJprtTNDDdoFm4SnTek45j4Hhc_tgchkkuwZpPAIBjOJmArlvDAAIt3pvZGoT0UWGNvaGoeLThaVj_ahSHj8ECfoQJZaMWdUU920QetEU1ospwP6F-F-fi083sKLUbBN3Ge0yYcYWSpfKFCiaLlXxWwYAieWiuMb01M6el5cCijXxYNcUKRLApWDG8kzEsXge07W2k4ImIRbml62gC72wcem67HIMVCbS8qwbABcgoXPRKFYbFGGtPdM1AsjFcVFTnl_8kbc8Aa7BEWKRu2Q_zOHcgDHTPVc6bEqJz2KOA-A7O-xEyTXNdxwQGK42WStzeTV_-liRQ75JGlxjOdBf0DwSkSuc7tN1l5UynrYwLPAUj0qG-qEIwrMiPSTSviXV7ixaToKRE8ZyJx6yQczLAh_Del-x5mM3JBggi65-nD55CgoaRbcAKdXQqq1DN75Acc1qwkvn8GA7KRpVryusY2epCaPBkEfxfEYI2YqEJnqmdAodLipE6Lc1L1u4C14bCjlGvTJhWr9qYKDDbTK07cELp3i9OjZzld2bQ6eF1mvNnOOpeuvBzJjD2rk720FTUgFEtiREAnuvVoyExC-NMPxjIdqJ1ofhCNd5aaa1yJKBfOEHAti2GjpcTIoTUhKG-w0ZGtUYXQRwqFSMa93_6WjFzSZD8dFXnO7z_vb9W-KtCU053qE1Ez3UcbBAn4V-YI19FQNr1DYsJzmL19VvukDq3IQ384Hp4F7KVSY9GSb7fldT2Bt2mD_kLAqDgHwEe3XWECsDgec3gqhXc4fvJsErK1cLS9MMtEOHwg7RC0kCmMXQ7Jyx_n-trMgQE4RyuexskHvjvfQ27y9qRo45yKqyLJvbEUz5LP7v2oA-9pb4Bi1x8WcammZuEhg43c1uFncPU875hetXWrchWZxs1daiFlG9V2G1f42-HBRhjmSHsyERRNAlJLBdolkwXYeM7XjL9rlwW6XF0rAFiW5F8oP9PufTwQNCwNZZ6LQOVmwHTOSjnjXUVItMkYx0pOPJy1wvO7fuX4HOBlyZc0KGoUizz3yg0ZT1BOzSF-VuLMJlF76q6m361yMWiiw003S-6KRt5-hpN9T4XWT3iTEoCZGjub4bodQbc&pQfEbOSo=4&lNMHAxwq=5153504&snWBMjPr=&qYrcOBEP=0,0&FLerojZI=&DWJUXaHC=&MHmaWDxb=1280,1024,1,1280,1024,0
IP
104.153.197.251:443
ASN
#53334 TUT-AS

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerSectigo Limited
Subjectxadsmart.com
Fingerprint57:60:97:0C:DC:E6:0F:0D:1B:04:5B:46:03:77:64:46:88:C5:CF:87
ValidityFri, 04 Apr 2025 00:00:00 GMT - Tue, 05 May 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
44 B (44 bytes)
Hash
d5f0a25e4d3522d56d48ce7bc3e518fb
86794caff58f7fee6e684c2ba7195f970a8d6f4c
9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5

HTTP Headers

GET /wigqajikwswtkhin?KBfbZLaI=BQNyAAAAAAAACZUAAm-hjYOKlTYMoYPt1RZ21mR6MkcUUfSnGVs2_lb_8Raqzz9CugTRgJJprtTNDDdoFm4SnTek45j4Hhc_tgchkkuwZpPAIBjOJmArlvDAAIt3pvZGoT0UWGNvaGoeLThaVj_ahSHj8ECfoQJZaMWdUU920QetEU1ospwP6F-F-fi083sKLUbBN3Ge0yYcYWSpfKFCiaLlXxWwYAieWiuMb01M6el5cCijXxYNcUKRLApWDG8kzEsXge07W2k4ImIRbml62gC72wcem67HIMVCbS8qwbABcgoXPRKFYbFGGtPdM1AsjFcVFTnl_8kbc8Aa7BEWKRu2Q_zOHcgDHTPVc6bEqJz2KOA-A7O-xEyTXNdxwQGK42WStzeTV_-liRQ75JGlxjOdBf0DwSkSuc7tN1l5UynrYwLPAUj0qG-qEIwrMiPSTSviXV7ixaToKRE8ZyJx6yQczLAh_Del-x5mM3JBggi65-nD55CgoaRbcAKdXQqq1DN75Acc1qwkvn8GA7KRpVryusY2epCaPBkEfxfEYI2YqEJnqmdAodLipE6Lc1L1u4C14bCjlGvTJhWr9qYKDDbTK07cELp3i9OjZzld2bQ6eF1mvNnOOpeuvBzJjD2rk720FTUgFEtiREAnuvVoyExC-NMPxjIdqJ1ofhCNd5aaa1yJKBfOEHAti2GjpcTIoTUhKG-w0ZGtUYXQRwqFSMa93_6WjFzSZD8dFXnO7z_vb9W-KtCU053qE1Ez3UcbBAn4V-YI19FQNr1DYsJzmL19VvukDq3IQ384Hp4F7KVSY9GSb7fldT2Bt2mD_kLAqDgHwEe3XWECsDgec3gqhXc4fvJsErK1cLS9MMtEOHwg7RC0kCmMXQ7Jyx_n-trMgQE4RyuexskHvjvfQ27y9qRo45yKqyLJvbEUz5LP7v2oA-9pb4Bi1x8WcammZuEhg43c1uFncPU875hetXWrchWZxs1daiFlG9V2G1f42-HBRhjmSHsyERRNAlJLBdolkwXYeM7XjL9rlwW6XF0rAFiW5F8oP9PufTwQNCwNZZ6LQOVmwHTOSjnjXUVItMkYx0pOPJy1wvO7fuX4HOBlyZc0KGoUizz3yg0ZT1BOzSF-VuLMJlF76q6m361yMWiiw003S-6KRt5-hpN9T4XWT3iTEoCZGjub4bodQbc&pQfEbOSo=4&lNMHAxwq=5153504&snWBMjPr=&qYrcOBEP=0,0&FLerojZI=&DWJUXaHC=&MHmaWDxb=1280,1024,1,1280,1024,0 HTTP/1.1
Host: xadsmart.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
popads-node: wb9
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Tue, 08 Jul 2025 08:06:26 GMT
X-Firefox-Spdy: h2

GET thedaddy.click/favicon.ico

104.21.53.22

404 Not Found

548 B

URL GET
thedaddy.click/favicon.ico
IP
104.21.53.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerGoogle Trust Services
Subjectthedaddy.click
FingerprintA8:F5:D2:AC:F8:EF:6A:46:75:D4:FB:B5:99:68:3A:48:C0:80:76:6E
ValidityTue, 20 May 2025 18:03:21 GMT - Mon, 18 Aug 2025 19:00:39 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
548 B (548 bytes)
Hash
370e16c3b7dba286cff055f93b9a94d8
65f3537c3c798f7da146c55aef536f7b5d0cb943
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: thedaddy.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/embed/stream-749.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 08 Jul 2025 08:06:22 GMT
content-type: text/html
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nCyFpve%2FYVuxeQtqeNM9LigfJWLrJZHRNdm17H1%2BKVZZqCXJqpvgs1kZfLGTX%2BSyM4tUiWw8LBDC0KKrbYjyhz2Vv%2FpYzOi0%2FzcoWvmJ3lPNGexrDdoTHUJj0eELhzxuxA%3D%3D"}],"group":"cf-nel","max_age":604800}
age: 175
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 95be14f83d055697-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5010&min_rtt=645&rtt_var=4684&sent=67&recv=96&lost=0&retrans=0&sent_bytes=8642&recv_bytes=5977&delivery_rate=388066&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=18740&unsent_bytes=0&cid=4e478a96687233f3&ts=1123&inflight_dur=64&x=40"

GET cdn.jsdelivr.net/npm/disable-devtool@latest/disable-devtool.min.js

151.101.65.229

200 OK

17 kB

URL GET
cdn.jsdelivr.net/npm/disable-devtool@latest/disable-devtool.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://yoxplay.xyz/premiumtv/daddyhd.php?id=749
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4
ValidityMon, 02 Jun 2025 15:43:52 GMT - Sat, 04 Jul 2026 15:43:51 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (17245)
Size
17 kB (17266 bytes)
Hash
226c2fa3f39c0bb35bb5f1d9d120f9ec
7134ea62cdb655c2a423b1662365c99ba645c2bd
8a23f92a25922d13437d67f25ba2269b64080b5ec030f5cba982e0261abbfe04

HTTP Headers

GET /npm/disable-devtool@latest/disable-devtool.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yoxplay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.3.8
x-jsd-version-type: version
etag: W/"4372-cTTqYs22VcKkI7FmI2XJm6ZFwr0"
content-encoding: br
accept-ranges: bytes
age: 8181
date: Tue, 08 Jul 2025 08:06:22 GMT
x-served-by: cache-fra-etou8220123-FRA, cache-hel1410025-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6161
X-Firefox-Spdy: h2

GET t.dtscout.com/i/?l=https%3A%2F%2Fyoxplay.xyz%2Fpremiumtv%2Fdaddyhd.php%3Fid%3D749&j=https%3A%2F%2Fthedaddy.click%2F

172.67.70.180

200 OK

2.1 kB

URL GET
t.dtscout.com/i/?l=https%3A%2F%2Fyoxplay.xyz%2Fpremiumtv%2Fdaddyhd.php%3Fid%3D749&j=https%3A%2F%2Fthedaddy.click%2F
IP
172.67.70.180:443
ASN
#13335 CLOUDFLARENET

Requested by
https://yoxplay.xyz/premiumtv/daddyhd.php?id=749
Certificate
IssuerGoogle Trust Services
Subjectdtscout.com
Fingerprint84:74:81:B9:DA:1E:0B:90:B3:A6:4C:78:8F:C5:C8:AA:3A:19:C6:C9
ValidityThu, 03 Jul 2025 06:07:16 GMT - Wed, 01 Oct 2025 07:06:51 GMT

File type
ASCII text, with very long lines (2077)
Size
2.1 kB (2079 bytes)
Hash
51bd741af3fcc4984d1a753eebfa1141
534664acf69cbbb5c9b97c96b63dd37bdc580da2
3e9c8e5dcf3cbff9e1b7211551a31fe388f1b8e607fd78a0a34855be65da721c

HTTP Headers

GET /i/?l=https%3A%2F%2Fyoxplay.xyz%2Fpremiumtv%2Fdaddyhd.php%3Fid%3D749&j=https%3A%2F%2Fthedaddy.click%2F HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://yoxplay.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 08:06:23 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-s: mtl2
x-t: 0.315
expires: Tue, 08 Jul 2025 08:06:22 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=yHa2osJjDF51PRV5U31WoDwfYzRqU3u8m%2B6YVY7DyO%2BKZrCMKC3KyeCFpuwT1xQTnN%2Ff39hZXCLqjrMwfutCeWfq2QGdaS1qv%2FA%3D"}]}
content-encoding: br
set-cookie: m=1; SameSite=None; Secure; Path=/; Domain=dtscout.com; Max-Age=5000; Expires=Tue, 08 Jul 2025 09:29:43 GMT
df=1751961983; SameSite=None; Secure; Path=/; Domain=dtscout.com; Max-Age=8640000; Expires=Thu, 16 Oct 2025 08:06:23 GMT
cf-ray: 95be14fa8f7b0b45-OSL
X-Firefox-Spdy: h2

GET c.adsco.re/#0.8813272294364329

104.17.166.186

200 OK

78 kB

URL GET
c.adsco.re/#0.8813272294364329
IP
104.17.166.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerSectigo Limited
Subject*.adsco.re
Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (689)
Size
78 kB (78356 bytes)
Hash
0baa53ba8a5ba5ee6833a629c3000d4e
d5de057adc1eaa7888ca975199cf0a116b923aa0
0679a036a8577f9592e070f780d06c6bb427a8f15f58008bdeaae2277ce607b4

HTTP Headers

GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 08 Jul 2025 08:06:25 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Fri, 08 Aug 2025 08:06:25 GMT
etag: W/"C6pTuopbpe5oM6YpwwANTg=="
cf-cache-status: HIT
age: 366266
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 95be150a7b8356b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET thedaddy.to/embed/stream-749.php

172.67.171.72

301 Moved Permanently

237 kB

URL User Request GET
thedaddy.to/embed/stream-749.php
IP
172.67.171.72:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectthedaddy.to
FingerprintD0:4A:10:CE:BF:53:1D:FB:A0:42:D0:50:25:49:81:12:02:6C:41:DC
ValidityFri, 06 Jun 2025 22:45:48 GMT - Thu, 04 Sep 2025 23:43:34 GMT

File type

Size
237 kB (236890 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /embed/stream-749.php HTTP/1.1
Host: thedaddy.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 08 Jul 2025 08:06:20 GMT
location: https://daddylive.mp/embed/stream-749.php
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=V%2BAvp2wPbfSdSwYolggToQWeYK%2BjvLdnkM3%2ByKcuh3m5FowDVKnq%2BLObZyUI4J8fXveLxLCLmV6TkI10FsDc8IWMjrog9Df3tw%3D%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
server: cloudflare
cf-ray: 95be14ecadc356a4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET www.xadsmart.com/gdDaI/Tv/rgmail.min.js

95.173.205.15

200 OK

40 kB

URL GET
www.xadsmart.com/gdDaI/Tv/rgmail.min.js
IP
95.173.205.15:443
ASN
#60068 Datacamp Limited

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerLet's Encrypt
Subject1376341044.rsc.cdn77.org
FingerprintA6:BD:44:5B:F6:EB:AE:48:79:85:5D:6B:31:98:F2:AA:06:FD:47:6D
ValidityWed, 25 Jun 2025 06:29:51 GMT - Tue, 23 Sep 2025 06:29:50 GMT

File type
JavaScript source, ASCII text, with very long lines (1568)
Size
40 kB (40406 bytes)
Hash
98a9692e7dac35e093e1ee7630bfcf37
f8df5e0307592de1d7fdbeba4700d824e2f4d340
e0f9a45beb76772f6568796939258577b939e7339b9fba2d83faf192b84777de

HTTP Headers

GET /gdDaI/Tv/rgmail.min.js HTTP/1.1
Host: www.xadsmart.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://thedaddy.click
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 08 Jul 2025 08:06:22 GMT
content-type: application/x-javascript
popads-node: wb12
expires: Tue, 15 Jul 2025 07:57:31 GMT
access-control-allow-origin: https://thedaddy.click
link: <https://xadsmart.com/>;rel=preconnect
cache-control: public, max-age=604800
x-77-nzt: EwgBX63NDQFBDAG5TAoJAfcJAgAADAHDta8CAbcKAAAA
x-77-nzt-ray: 2a494a15ae84e382a3d16c68fe1e870a
x-77-cache: HIT
x-77-age: 521
vary: Accept-Encoding, Origin
content-encoding: gzip
server: CDN77-Turbo
x-77-pop: osloNO
X-Firefox-Spdy: h2

HEAD thedaddy.click/embed/stream-749.php

104.21.53.22

200 OK

0 B

URL HEAD
thedaddy.click/embed/stream-749.php
IP
104.21.53.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://thedaddy.click/embed/stream-749.php
Certificate
IssuerGoogle Trust Services
Subjectthedaddy.click
FingerprintA8:F5:D2:AC:F8:EF:6A:46:75:D4:FB:B5:99:68:3A:48:C0:80:76:6E
ValidityTue, 20 May 2025 18:03:21 GMT - Mon, 18 Aug 2025 19:00:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /embed/stream-749.php HTTP/1.1
Host: thedaddy.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thedaddy.click/embed/stream-749.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 08 Jul 2025 08:06:22 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BYzOYcKO9qY13d4LqkyCuoJFKQ%2FxkiMTItghlrxSK1uxFC9cFFoKLyEB0m8nlS24iiLvBoPNaeQyF3mOmQ1DwxjPMuoMgZeH7G45q1hmGsC2TC1X4Y3iS109dP2L%2BJ1doQ%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 95be14f53ce25697-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4064&min_rtt=645&rtt_var=3723&sent=65&recv=94&lost=0&retrans=0&sent_bytes=7943&recv_bytes=5640&delivery_rate=388066&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=18067&unsent_bytes=0&cid=4e478a96687233f3&ts=1083&inflight_dur=33&x=40"

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (28)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML