Report - flixxlive.pro/live/daznlaliga

Report Overview

Visited public
2025-04-19 11:15:48
Tags
URL
flixxlive.pro/live/daznlaliga_spain.php
Finishing URL
livestreams.click/live/daznlaliga_spain.php
IP / ASN
104.21.34.182
#13335 CLOUDFLARENET
Title
livestreams.click/live/daznlaliga_spain.php

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
livestreams.click	unknown	2024-12-29	2025-04-16	2025-04-16	6.0 kB	466 kB	172.67.207.222
a27.azplay5.me	unknown	2025-04-11	2025-04-19	2025-04-19	3.1 kB	970 kB	45.141.56.198
cdn.creative-stat1.com	unknown	2024-08-20	2024-08-27	2025-04-13	2.4 kB	176 kB	172.67.133.15
rlsredirect.com	unknown	2024-05-31	2024-08-14	2025-02-26	473 B	586 B	172.67.207.37
experttrafficcounter.com	unknown	2025-01-23	2025-01-24	2025-04-17	451 B	426 B	3.126.4.163
a73.azplay5.me	unknown	2025-04-11	2025-04-19	2025-04-19	945 B	1.4 MB	45.178.7.155
flixxlive.pro	unknown	2025-02-24	2025-04-17	2025-04-17	507 B	212 kB	172.67.163.183
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-04-16	481 B	840 B	172.64.146.234
ad.apl375.me	unknown	2024-07-21	2025-04-03	2025-04-16	6.3 kB	13 kB	104.21.82.118
ajax.googleapis.com	12905	2005-01-25	2012-05-22	2025-04-16	884 B	106 kB	142.250.74.138
shotgunchancecruel.com	unknown	2024-08-20	2025-01-25	2025-04-18	7.7 kB	18 kB	192.243.59.12
cdn.livetv852.me	unknown	2025-04-02	2025-04-03	2025-04-16	415 B	44 kB	104.21.55.60
vjs.zencdn.net	4968	2011-12-27	2012-05-21	2025-04-18	854 B	631 kB	151.101.130.217
dycauosplp.com	unknown	2025-04-18	2025-04-19	2025-04-19	973 B	1.2 kB	139.45.197.155
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-16	1.7 kB	123 kB	142.250.74.35
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2025-04-12	430 B	377 B	185.196.197.72
pdavbtkidyyra.click	unknown	2025-04-17	2025-04-19	2025-04-19	878 B	135 kB	172.67.199.177
cdn.show-sb.com	unknown	2024-08-20	2024-08-31	2025-04-13	500 B	2.0 kB	172.67.170.115
affordedseasick.com	unknown	2023-11-27	2023-11-28	2025-04-16	454 B	98 kB	172.240.253.132
pubtrky.com	unknown	2023-11-21	2023-11-21	2025-04-13	982 B	994 B	104.21.8.108
recordedthereby.com	unknown	2024-05-08	2024-05-08	2025-04-12	832 B	172 kB	185.196.197.72
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-16	444 B	29 kB	142.250.178.106
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-04-16	1.5 kB	665 kB	142.250.178.72
code.jquery.com	634	2005-12-10	2012-05-21	2025-04-16	462 B	73 kB	151.101.66.137
unseenreport.com	unknown	2022-03-30	2022-03-30	2025-04-12	1.5 kB	992 B	192.243.59.12
oudebsaucmoaftu.com	unknown	unknown	No data	No data	2.3 kB	111 kB	139.45.197.105
youradexchange.com	273384	2012-11-09	2013-02-04	2025-04-15	4.0 kB	7.0 kB	172.67.177.214
ouphushoomauh.net	unknown	2025-04-18	2025-04-19	2025-04-19	1.2 kB	3.6 kB	139.45.197.118
goosebomb.com	96435	2020-11-06	2015-10-24	2025-04-17	486 B	2.5 kB	104.21.112.1
t.dtscout.com	11951	2013-11-01	2017-01-30	2025-04-17	2.1 kB	7.9 kB	172.67.70.180
wearychallengeraise.com	unknown	2024-08-19	2025-01-23	2025-04-16	505 B	500 B	192.243.61.227
madurird.com	unknown	2023-10-06	2023-10-07	2025-04-16	2.3 kB	110 kB	139.45.197.106
cdn.storageimagedisplay.com	unknown	2024-09-13	2024-09-13	2025-04-12	964 B	70 kB	45.133.44.1
uydyqlnebqlwe.global	unknown	2025-04-16	2025-04-19	2025-04-19	4.3 kB	3.8 kB	104.21.0.224
ii.apl375.me	unknown	2024-07-21	2025-04-03	2025-04-16	2.1 kB	14 kB	104.21.82.118
agencytroops.com	unknown	2024-09-12	2024-10-22	2025-04-16	451 B	43 kB	172.240.108.84
emb.apl373.me	unknown	2024-07-21	2024-09-22	2025-04-16	557 B	6.6 kB	188.114.96.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-19 11:15:21	medium	45.141.56.198	Client IP	ET DROP Spamhaus DROP Listed Traffic Inbound group 4

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-19	medium	madurird.com	Sinkholed
2025-04-18	medium	shotgunchancecruel.com	Sinkholed
2025-04-18	medium	recordedthereby.com	Sinkholed
2025-04-18	medium	recordedthereby.com	Sinkholed
2025-04-19	medium	unseenreport.com	Sinkholed
2025-04-18	medium	shotgunchancecruel.com	Sinkholed
2025-04-19	medium	agencytroops.com	Sinkholed
2025-04-18	medium	shotgunchancecruel.com	Sinkholed
2025-04-18	medium	shotgunchancecruel.com	Sinkholed
2025-04-19	medium	madurird.com	Sinkholed
2025-04-19	medium	madurird.com	Sinkholed
2025-04-18	medium	capaciousdrewreligion.com	Sinkholed
2025-04-18	medium	shotgunchancecruel.com	Sinkholed
2025-04-18	medium	shotgunchancecruel.com	Sinkholed
2025-04-19	medium	oudebsaucmoaftu.com	Sinkholed
2025-04-18	medium	shotgunchancecruel.com	Sinkholed
2025-04-19	medium	affordedseasick.com	Sinkholed
2025-04-18	medium	shotgunchancecruel.com	Sinkholed
2025-04-19	medium	unseenreport.com	Sinkholed
2025-04-19	medium	oudebsaucmoaftu.com	Sinkholed
2025-04-19	medium	oudebsaucmoaftu.com	Sinkholed
2025-04-19	medium	wearychallengeraise.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (38)

	URL	From	Size	First Seen	Last Seen
	livestreams.click/live/daznlaliga_spain.php	ScriptElement	281 B	2025-04-16	2025-05-11
Pretty URL livestreams.click/live/daznlaliga_spain.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-16 17:48 Last Seen2025-05-11 07:54 Times Seen4 Hash 87db1df38b7e18dcaec06488c4b60437 82d4577715807f4dd3da7ffae9b0bb7c6011b34c 363c8a4516b1e6a5cf5955b2f8ba225af859a86d2bb6bead063cddad0bb1b4fa Loading...

	livestreams.click/embed01/daznliga.php	ScriptElement	50 kB	2025-04-16	2025-04-19
Pretty URL livestreams.click/embed01/daznliga.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-16 17:48 Last Seen2025-04-19 11:15 Times Seen4 Hash fc02e2505adafe04c9b21a1de5044a8d c6564316c907c91093f945607347c03c30fd060b b86161ad3a038db14e210e0e15ae2246c5cd4376680ec9f337ce2004291bee53 Loading...

	livestreams.click/live/sandbox%20eval%20code		147 B	2023-04-11	2025-05-16
Pretty URL livestreams.click/live/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-16 03:35 Times Seen343191 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.googletagmanager.com/gtag/js?id=UA-64986161-11	ScriptElement	274 kB	2025-04-19	2025-04-19
Pretty URL www.googletagmanager.com/gtag/js?id=UA-64986161-11 IP 142.250.178.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-19 11:15 Last Seen2025-04-19 11:15 Times Seen1 Hash ff1d2dabe60a74bfb0721eaa253d06a9 c69cfef984af7dcfe529ca85f0bf0c35d2a33bc6 7bbfd6dccb47da8704999946a5c530923042544ee8b53bf94e2da5f8d1b1f689 Loading...

	livestreams.click/embed01/daznliga.php	ScriptElement	57 B	2025-04-05	2025-05-11
Pretty URL livestreams.click/embed01/daznliga.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-05 08:29 Last Seen2025-05-11 07:54 Times Seen6 Hash 218476a3d2d19edc783e8255df4a8de7 b84d578850453a25c81d022b74696430db2fb0f8 c3664c59e7096e409424f074e33f4d0c28b6d8dd69eb0c6ba5c4406a5727e005 Loading...

	livestreams.click/embed01/daznliga.php	ScriptElement	28 kB	2025-04-16	2025-05-11
Pretty URL livestreams.click/embed01/daznliga.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-16 17:48 Last Seen2025-05-11 07:54 Times Seen5 Hash b6bec417010eb13622176408b52854c0 5a6123043bfbfa40ae883e4f4437c083d92b6433 9a252bb1052f9193dc36c9547b96270951a094887e94d8e857af4287496bd6b4 Loading...

	oudebsaucmoaftu.com/5/8635392	ScriptElement	108 kB	2025-04-19	2025-04-19
Pretty URL oudebsaucmoaftu.com/5/8635392 IP 139.45.197.105 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-19 11:15 Last Seen2025-04-19 11:15 Times Seen1 Hash 391ef056c21b1e1b2a0ffe46bfeb6fb6 c4ed02b44aaefdd2b0f650d8864f95d5ee24ff24 3d607da667402cd10dfb461c7769ee52eeb0bb9f4277af9a005e5d47e3ff06a8 Loading...

	pdavbtkidyyra.click/script/ut.js?cb=1745061318019	ScriptElement	66 kB	2024-12-02	2025-04-23
Pretty URL pdavbtkidyyra.click/script/ut.js?cb=1745061318019 IP 172.67.199.177 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-02 13:05 Last Seen2025-04-23 06:17 Times Seen1612 Hash 4afa2ac99f97331dc98263d49022a958 60bb7c7c45ff14e8df86ef9e0b9a7a55a7d2baca a4beaec54247a9a3cb97821ecdb68d39cacdcdcc62ae872c13c2cca2d3d88e32 Loading...

	t.dtscout.com/i/?l=https%3A%2F%2Flivestreams.click%2Fembed01%2Fdaznliga.php&j=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php	ScriptElement	2.1 kB	2023-03-07	2025-05-15
Pretty URL t.dtscout.com/i/?l=https%3A%2F%2Flivestreams.click%2Fembed01%2Fdaznliga.php&j=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php IP 172.67.70.180 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-15 17:39 Times Seen3917 Hash 51bd741af3fcc4984d1a753eebfa1141 534664acf69cbbb5c9b97c96b63dd37bdc580da2 3e9c8e5dcf3cbff9e1b7211551a31fe388f1b8e607fd78a0a34855be65da721c Loading...

	about:blank	ScriptElement	1.3 kB	2025-04-17	2025-04-19
Pretty URL about:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-17 18:37 Last Seen2025-04-19 11:15 Times Seen3 Hash bac147f1ffd02a942488d5742e551a8a 7dedaf335089aee19fac152644276bd9856e3fdb 5d27db962a8c207454150eb52c60a7f5adbe041a092cc0e8cd9c06b28fb4a27c Loading...

	livestreams.click/embed01/daznliga.php	ScriptElement	655 B	2025-04-19	2025-04-19
Pretty URL livestreams.click/embed01/daznliga.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-19 11:15 Last Seen2025-04-19 11:15 Times Seen1 Hash c0a9d4d8940b62247fa78259a6e09804 bbb64a71fc1eacb7f649d766840e378d8757b066 7d7a977a1b7d207e2c3f183f007178b7b90ec294be99ef98529e6ad0f73e1b25 Loading...

	livestreams.click/live/daznlaliga_spain.php	ScriptElement	182 kB	2025-04-19	2025-04-19
Pretty URL livestreams.click/live/daznlaliga_spain.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-19 11:15 Last Seen2025-04-19 11:15 Times Seen1 Hash e59745fd9f0d871490e68598fc333cba 43c0897666c601fa9e9812f57abb74d253d2c389 cc54961b98f541ecd541ab61ba59f4cbbd82e3d51eee9fbd7c92ccb649b9ca93 Loading...

	livestreams.click/embed01/daznliga.php	ScriptElement	67 B	2023-11-25	2025-05-11
Pretty URL livestreams.click/embed01/daznliga.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-25 14:31 Last Seen2025-05-11 07:54 Times Seen70 Hash ec409b17b57da3a39f60c972617a4ec7 168aef173a8b3ea9c0a0cb75659d319d00560da7 cb09e809dbc15b8b82358de0a46e488efd25fd5754ed0f1ded847619fe4fb048 Loading...

	madurird.com/5/8635392	ScriptElement	1.0 kB	2025-04-13	2025-05-10
Pretty URL madurird.com/5/8635392 IP 139.45.197.106 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-13 03:46 Last Seen2025-05-10 04:53 Times Seen7 Hash 36b00b7d3d3f97147e09610a396f577a 1a33094f988a59f1e439e828de18bd3a44f24537 2471a4d6df85615899b2f61397c9f37f14c968d6e66f7f10e4eea2033b296069 Loading...

	livestreams.click/live/daznlaliga_spain.php	EventHandler	6 B	2023-05-07	2025-05-11
Pretty URL livestreams.click/live/daznlaliga_spain.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by eventHandler Embedded in HTML false Observations First Seen2023-05-07 17:38 Last Seen2025-05-11 07:54 Times Seen60 Hash 2384cc185983daf7d6acb22d876b1229 bc6b03d36749751faa3b31f4b8e7b5c078aa026a 7571f6e133f73a7d9a5d3844dd68346fcf5701dc8ea984047866058e86e34322 Loading...

	livestreams.click/live/daznlaliga_spain.php	ScriptElement	57 B	2025-04-05	2025-05-11
Pretty URL livestreams.click/live/daznlaliga_spain.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-05 08:29 Last Seen2025-05-11 07:54 Times Seen6 Hash 23f683aafd278987646345a01921445a 533df8bb5f3b89b463fb400869ba4d7c364294ad c92686f67e3a146e786b33f71a4cabe1f6f71fa7ffd40e415a7ea4d561355ac2 Loading...

	agencytroops.com/6b/46/6c/6b466ce658b57288a4638a60e8c97a17.js	ScriptElement	42 kB	2025-04-19	2025-04-19
Pretty URL agencytroops.com/6b/46/6c/6b466ce658b57288a4638a60e8c97a17.js IP 172.240.108.84 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-19 11:15 Last Seen2025-04-19 11:15 Times Seen1 Hash 7e3078ced47974846012b8f22a90332f 01c1bfffda488055a97da7d37c689c8d7dd62a94 5e7260d743f9a0691c53b9f11e50451d31b89675a89a23a77637e2dcc07b27ab Loading...

	livestreams.click/dss.js	ScriptElement	13 kB	2023-03-08	2025-04-19
Pretty URL livestreams.click/dss.js IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:33 Last Seen2025-04-19 11:15 Times Seen420 Hash 45bfa6dedd6f7a9ce980b168e0350ad0 82c6b381da9abd8cb3db22ba4868287fe4e976f1 856420e1f59d0096185cdaac909fa54a9f596f52255d7a5f1ac502403f61d3ab Loading...

	code.jquery.com/jquery-3.5.1.slim.min.js	ScriptElement	72 kB	2023-03-07	2025-05-15
Pretty URL code.jquery.com/jquery-3.5.1.slim.min.js IP 151.101.66.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-15 10:28 Times Seen2388 Hash fb8409a092adc6e8be17e87d59e0595e cf8d9821552d51bb50ce572e696aba1309065800 e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db Loading...

	recordedthereby.com/sfp.js	ScriptElement	85 kB	2025-01-25	2025-05-16
Pretty URL recordedthereby.com/sfp.js IP 185.196.197.72 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-25 09:25 Last Seen2025-05-16 00:35 Times Seen495 Hash 108625937affa4b38bb17cea65510d72 2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0 Loading...

	livestreams.click/ds.js	ScriptElement	8.6 kB	2023-03-08	2025-05-15
Pretty URL livestreams.click/ds.js IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:29 Last Seen2025-05-15 10:19 Times Seen1792 Hash a41caf5294227669425cd5135a26b2a0 a26a13f88c51c37b58fbd8a6b444e9b9150fae16 2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1 Loading...

	t.dtscout.com/pv/?_a=v&_h=livestreams.click&_ss=15q489r762&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=2xj2&_cb=_dtspv.c	ScriptElement	52 B	2025-04-19	2025-04-19
Pretty URL t.dtscout.com/pv/?_a=v&_h=livestreams.click&_ss=15q489r762&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=2xj2&_cb=_dtspv.c IP 172.67.70.180 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-19 11:15 Last Seen2025-04-19 11:15 Times Seen1 Hash b0cd874b24c62c773aa86e6b01d16fa2 47b9c3f051b5d272799b36c92d973643fbb905a2 b6706cf0782aa60939db03698485d409124b896ef190b8e21d3e49d7004153aa Loading...

	livestreams.click/embed01/daznliga.php	ScriptElement	172 B	2025-04-19	2025-04-19
Pretty URL livestreams.click/embed01/daznliga.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-19 11:15 Last Seen2025-04-19 11:15 Times Seen1 Hash 68d2b320166d5352862b9123610fb1a7 7c6242a8daf0d5544d3f44487577593724a9f4bc aaafa17483a397c23102b84c98e4b3057ce1410e728158b9ddbe89180c3740bb Loading...

	www.googletagmanager.com/gtag/js?id=G-4X3D1TSXCP&l=dataLayer&cx=c&gtm=457e54g3za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316	ScriptElement	336 kB	2025-04-19	2025-04-19
Pretty URL www.googletagmanager.com/gtag/js?id=G-4X3D1TSXCP&l=dataLayer&cx=c&gtm=457e54g3za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316 IP 142.250.178.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-19 11:15 Last Seen2025-04-19 11:15 Times Seen1 Hash 2b9f7c287e4edec2d7f61cae6bddeaf8 4d5f075b213562949752a1a2989e4f59e6379a46 77b1b5610038d54ed61eef29260e104db70cc5a63e579b0e81a3cd32a5180232 Loading...

	livestreams.click/live/daznlaliga_spain.php	ScriptElement	28 kB	2025-04-16	2025-05-11
Pretty URL livestreams.click/live/daznlaliga_spain.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-16 17:48 Last Seen2025-05-11 07:54 Times Seen5 Hash b6bec417010eb13622176408b52854c0 5a6123043bfbfa40ae883e4f4437c083d92b6433 9a252bb1052f9193dc36c9547b96270951a094887e94d8e857af4287496bd6b4 Loading...

	affordedseasick.com/bc/0c/ea/bc0cea2cc67474235512f64ed7476bf4.js	ScriptElement	97 kB	2025-04-19	2025-04-19
Pretty URL affordedseasick.com/bc/0c/ea/bc0cea2cc67474235512f64ed7476bf4.js IP 172.240.253.132 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-19 11:15 Last Seen2025-04-19 11:15 Times Seen1 Hash e101265bcc1c68d75c718636b8d6766b 543eaffe0578712a2d5955dc81934b9c8beea1e2 b8177199d3faf95a68f92acfd6776928e3266211b7f4969e8c0041fef76e2abb Loading...

	livestreams.click/live/daznlaliga_spain.php	ScriptElement	65 B	2023-08-25	2025-05-11
Pretty URL livestreams.click/live/daznlaliga_spain.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-25 14:54 Last Seen2025-05-11 07:54 Times Seen19 Hash 9cfc105b886f841a89f0d814aaa4dcdd 63f1d8299ea16519df732a34e6e4d59451e5858a fb0db07f915216e0f50b67a6783508ee580c11c0aeddfc02269009c799dc1980 Loading...

	t.dtscout.com/i/?l=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&j=	ScriptElement	2.1 kB	2023-03-07	2025-05-15
Pretty URL t.dtscout.com/i/?l=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&j= IP 172.67.70.180 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-15 17:39 Times Seen3917 Hash 51bd741af3fcc4984d1a753eebfa1141 534664acf69cbbb5c9b97c96b63dd37bdc580da2 3e9c8e5dcf3cbff9e1b7211551a31fe388f1b8e607fd78a0a34855be65da721c Loading...

	recordedthereby.com/sfp.js	ScriptElement	85 kB	2025-01-25	2025-05-16
Pretty URL recordedthereby.com/sfp.js IP 185.196.197.72 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-25 09:25 Last Seen2025-05-16 00:35 Times Seen495 Hash 108625937affa4b38bb17cea65510d72 2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0 Loading...

	livestreams.click/live/daznlaliga_spain.php	ScriptElement	172 B	2025-04-19	2025-04-19
Pretty URL livestreams.click/live/daznlaliga_spain.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-19 11:15 Last Seen2025-04-19 11:15 Times Seen1 Hash 65f4ab433b840af6fd3934c90f21f288 099c60cdbecddeada97e9b2af42e4711fe29dfa2 0650490ee8fc2f599eff9549352ee22989aea2c8fecfbd46fa038dc1221ae735 Loading...

	livestreams.click/live/daznlaliga_spain.php	ScriptElement	175 B	2023-03-12	2025-05-11
Pretty URL livestreams.click/live/daznlaliga_spain.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 07:49 Last Seen2025-05-11 07:54 Times Seen20 Hash a470dbe69ab85e5584c543e6c1cc9153 6215380daa2665470d1d2e0674434774732852f2 e8595976cd2e057a134cae54a3a0db34fe4066b4ae05e37131a17615469b908c Loading...

	livestreams.click/live/daznlaliga_spain.php	ScriptElement	175 B	2023-03-12	2025-05-11
Pretty URL livestreams.click/live/daznlaliga_spain.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 07:49 Last Seen2025-05-11 07:54 Times Seen20 Hash a470dbe69ab85e5584c543e6c1cc9153 6215380daa2665470d1d2e0674434774732852f2 e8595976cd2e057a134cae54a3a0db34fe4066b4ae05e37131a17615469b908c Loading...

	livestreams.click/live/daznlaliga_spain.php	ScriptElement	155 B	2023-08-25	2025-05-11
Pretty URL livestreams.click/live/daznlaliga_spain.php IP 172.67.207.222 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-25 14:54 Last Seen2025-05-11 07:54 Times Seen19 Hash 0d231f06542f482b17840dd62dfc6cda 1218a162ac50c240d38847c987cc867d5aba5a42 72b523cdca004b93ebf62b5f82fe85d2a17e59f7ed7240d911891da451707475 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-16
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-16 03:35 Times Seen342374 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	pdavbtkidyyra.click/script/ut.js?cb=1745061319297	ScriptElement	66 kB	2024-12-02	2025-04-23
Pretty URL pdavbtkidyyra.click/script/ut.js?cb=1745061319297 IP 172.67.199.177 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-12-02 13:05 Last Seen2025-04-23 06:17 Times Seen1612 Hash 4afa2ac99f97331dc98263d49022a958 60bb7c7c45ff14e8df86ef9e0b9a7a55a7d2baca a4beaec54247a9a3cb97821ecdb68d39cacdcdcc62ae872c13c2cca2d3d88e32 Loading...

	emb.apl373.me//player/live.php?id=235852&w=100%&h=100%	ScriptElement	153 B	2024-08-29	2025-04-19
Pretty URL emb.apl373.me//player/live.php?id=235852&w=100%&h=100% IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-29 17:49 Last Seen2025-04-19 11:15 Times Seen8 Hash c27fe89728c3918cd0c3179e77efc0c1 68ca13bb65b176d4b8bc0be933c5b15c0e2f637b 8be93eb045a4eb2b35e180961c31be264374e759312e75a162963f605e02ee2a Loading...

		Size	First Seen	Last Seen
	#1 Write - 2e7d90e45ae0d5787b98b173180f1dbf	205 B	2025-04-19 11:15	2025-04-19 11:15
Pretty Observations First Seen2025-04-19 11:15 Last Seen2025-04-19 11:15 Times Seen1 Hash 2e7d90e45ae0d5787b98b173180f1dbf 038262fa405de6a59c60e36237e6544aa1fe9c90 ecbe29c8141a793a69f847c2dd9a1c1d7f2e9e5d7e9198029dcd447a4f9a9bf9 Loading...

	#2 Write - ea32f822aad715e73b02bca7763ef2c1	203 B	2025-04-19 11:15	2025-04-19 11:15
Pretty Observations First Seen2025-04-19 11:15 Last Seen2025-04-19 11:15 Times Seen1 Hash ea32f822aad715e73b02bca7763ef2c1 27091fc407664bf93717192628f2f003b8c6df2d 3d94a4f00aaf9fcaa2bc0354f1d498bfe7c6dbdfbc00eef12dd3a9f75697e69a Loading...

HTTP Transactions (104)

URL IP Response Size

madurird.com/wrr?z=8635392&p_rid=00ea447b-69e6-49a1-8b73-0662519d4235&rb=7uSL55PjvxoLLCEQYULjwFYSzbqU_ZucV03NaPn-FyeCQCN7OLyp0hh1Wn7L3rgeb1f5Ncgx1TNQu46T9MZ5OQbOZMuLCOSYnsK3qxbEzz-8JTPxEtByUTQ2SRDbRQfsXQPX5tHoCsZKURReI13uRZf4WCScQ_v9VUFSN3GBl5GVsUw6GHoplPIFBBTAa8tY7SfzMfLopa1fUMXAvzpOZSPCCQ08SvpCgD_JOGDO_3V8TwrNTiYwx-kgrgbsH8kxsj20J7GODT6YFEL7NEAyLp0l0uTgDlfIRB1j-Cv_KJs=&dmn=madurird.com&userId=0081b056f1f24340f3f05c3639def639

139.45.197.106

204 No Content

0 B

URL POST
madurird.com/wrr?z=8635392&p_rid=00ea447b-69e6-49a1-8b73-0662519d4235&rb=7uSL55PjvxoLLCEQYULjwFYSzbqU_ZucV03NaPn-FyeCQCN7OLyp0hh1Wn7L3rgeb1f5Ncgx1TNQu46T9MZ5OQbOZMuLCOSYnsK3qxbEzz-8JTPxEtByUTQ2SRDbRQfsXQPX5tHoCsZKURReI13uRZf4WCScQ_v9VUFSN3GBl5GVsUw6GHoplPIFBBTAa8tY7SfzMfLopa1fUMXAvzpOZSPCCQ08SvpCgD_JOGDO_3V8TwrNTiYwx-kgrgbsH8kxsj20J7GODT6YFEL7NEAyLp0l0uTgDlfIRB1j-Cv_KJs=&dmn=madurird.com&userId=0081b056f1f24340f3f05c3639def639
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectmadurird.com
Fingerprint91:68:A5:03:A0:08:C3:71:EB:3A:29:4C:CC:F9:5B:B6:92:51:DA:AE
ValidityWed, 29 Jan 2025 05:40:30 GMT - Tue, 29 Apr 2025 05:40:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wrr?z=8635392&p_rid=00ea447b-69e6-49a1-8b73-0662519d4235&rb=7uSL55PjvxoLLCEQYULjwFYSzbqU_ZucV03NaPn-FyeCQCN7OLyp0hh1Wn7L3rgeb1f5Ncgx1TNQu46T9MZ5OQbOZMuLCOSYnsK3qxbEzz-8JTPxEtByUTQ2SRDbRQfsXQPX5tHoCsZKURReI13uRZf4WCScQ_v9VUFSN3GBl5GVsUw6GHoplPIFBBTAa8tY7SfzMfLopa1fUMXAvzpOZSPCCQ08SvpCgD_JOGDO_3V8TwrNTiYwx-kgrgbsH8kxsj20J7GODT6YFEL7NEAyLp0l0uTgDlfIRB1j-Cv_KJs=&dmn=madurird.com&userId=0081b056f1f24340f3f05c3639def639 HTTP/1.1
Host: madurird.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://livestreams.click/
content-type: application/json
Content-Length: 2692
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 19 Apr 2025 11:15:29 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://livestreams.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

livestreams.click/embed01/online.php?c=NO

172.67.207.222

404 Not Found

488 B

URL GET
livestreams.click/embed01/online.php?c=NO
IP
172.67.207.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectlivestreams.click
FingerprintFA:D0:0A:0E:8C:C9:F2:2A:14:63:DB:79:A7:A1:33:B1:5B:73:AD:1E
ValidityWed, 26 Feb 2025 14:55:45 GMT - Tue, 27 May 2025 15:54:24 GMT

File type
HTML document, ASCII text
Size
488 B (488 bytes)
Hash
6a426d3fd82d288fd77471782eceacd0
c5d4a0c8f2d4ca88e4ff5415e1395287ba354a15
9aae24d9ad67a6b0be8497d575be899e80272745b8ec706655d1c87ee78535bd

HTTP Headers

GET /embed01/online.php?c=NO HTTP/1.1
Host: livestreams.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/embed01/daznliga.php
Cookie: pp_main_bc0cea2cc67474235512f64ed7476bf4=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=44390a89-4f9c-46f4-8015-eee4888576c9%3A3%3A1; _ga_4X3D1TSXCP=GS1.1.1745061318.1.0.1745061318.0.0.0; _ga=GA1.1.634031272.1745061319
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 19 Apr 2025 11:15:19 GMT
content-type: text/html
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uuyFIo0NE0%2Bu6ju2TeCDYhNUAaris03dnT%2BlWx6qZQQpNCz7SMz514DB7GOslsRlRoJQi78L9LPJxI7ojnoLv76K0c6OkASrsO8LLOQ8GQoaS3EQryOoYWXjlV6OSvNwf5wJvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 932bfbc02e4456c7-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3773&min_rtt=776&rtt_var=2097&sent=175&recv=141&lost=0&retrans=0&sent_bytes=98968&recv_bytes=10834&delivery_rate=5060&cwnd=24000&unsent_bytes=0&cid=634670089be2888f&ts=3589&x=16"

ad.apl375.me/counter.php?bid=9284&timestamp=1745061323&hash=3534449325

104.21.82.118

201 Created

0 B

URL GET
ad.apl375.me/counter.php?bid=9284&timestamp=1745061323&hash=3534449325
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ad.apl375.me/getbanner.php?zone_id=204
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /counter.php?bid=9284&timestamp=1745061323&hash=3534449325 HTTP/1.1
Host: ad.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.apl375.me/getbanner.php?zone_id=204
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 201 Created
date: Sat, 19 Apr 2025 11:15:25 GMT
content-type: application/octet-stream
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zU8%2FOfVyU3hnoKvb33OmGaUIXjhqimiEO4O8exXFxuP6d61GabLA8O93kOGivh8Tus9gxu0uvgsa1jcdN%2FqY1JOCph2ayK0QuW%2BIy%2FyZC15tYgbg3gkV6xohrQyyzN4%3D"}],"group":"cf-nel","max_age":604800}
expires: Sat, 19 Apr 2025 11:15:24 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 932bfbe73af05690-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9166&min_rtt=719&rtt_var=8094&sent=168&recv=219&lost=0&retrans=0&sent_bytes=17097&recv_bytes=14211&delivery_rate=26585&cwnd=12000&unsent_bytes=0&cid=58df4fa86fb0878f&ts=4262&x=16"

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.35

200 OK

40 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Apr 2025 10:03:46 GMT
expires: Fri, 17 Apr 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 177103
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pubtrky.com/ut/hb.php?cb=0.7149685697694494&v=1

104.21.8.108

204 No Content

0 B

URL POST
pubtrky.com/ut/hb.php?cb=0.7149685697694494&v=1
IP
104.21.8.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectpubtrky.com
FingerprintE5:4C:CF:74:BF:B8:D7:8B:39:F8:13:97:6C:AE:46:2B:E5:A8:E7:0B
ValidityFri, 07 Mar 2025 10:09:06 GMT - Thu, 05 Jun 2025 11:07:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ut/hb.php?cb=0.7149685697694494&v=1 HTTP/1.1
Host: pubtrky.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 893
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/3 204 No Content
date: Sat, 19 Apr 2025 11:15:20 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LDEObYwUh8xX2PpMIZ86SLKzqJbBb1zcyvAC8OjTgiEqRmdMLBw96Txv%2BbMdf61ppXc%2BP2YtTuEmTpbRcFO0YvA0VbT5HpANfI2BX1Lqa4Ix213ZZzsuF42N1u7c1A%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
cf-ray: 932bfbc16f290b55-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8473&min_rtt=2466&rtt_var=4329&sent=16&recv=16&lost=0&retrans=0&sent_bytes=3937&recv_bytes=2529&delivery_rate=1903&cwnd=12000&unsent_bytes=0&cid=2a3b8cd4e824e316&ts=1385&x=16"

ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js

142.250.74.138

200 OK

94 kB

URL GET
ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint06:13:4C:49:F4:23:BB:58:C3:31:41:0E:F9:E0:C5:EF:74:A9:0C:67
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (32769)
Size
94 kB (93868 bytes)
Hash
ddb84c1587287b2df08966081ef063bf
9eb9ac595e9b5544e2dc79fff7cd2d0b4b5ef71f
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd

HTTP Headers

GET /ajax/libs/jquery/1.7.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33333
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Apr 2025 17:51:50 GMT
expires: Fri, 17 Apr 2026 17:51:50 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 149012
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ad.apl375.me/getbanner.php?zone_id=197

104.21.82.118

200 OK

440 B

URL GET
ad.apl375.me/getbanner.php?zone_id=197
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
440 B (440 bytes)
Hash
3b68c9e0c75b0677a621469981821976
ade72a120d19f66da0032e60ae514875e6c95bee
c0c69e9c1414a52f35bd4a0058fbf91e41bd871d8861d7894a684952f87f05ca

HTTP Headers

GET /getbanner.php?zone_id=197 HTTP/1.1
Host: ad.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:25 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SzLtuf98%2BZZ0MLm7o84WwNk7Vy7EwXybVQJjFi7gcW1S5k%2Fj5QczqhdYY9f2xan7H8ocRr9mUcNUe0sFqwxiU4nbN9eVG39cCOmq%2BAJti%2BzcfjPg4%2BfkKOCZjzYJ0MA%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 932bfbe12aad5690-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9661&min_rtt=719&rtt_var=9436&sent=164&recv=216&lost=0&retrans=0&sent_bytes=14416&recv_bytes=13793&delivery_rate=609756&cwnd=12000&unsent_bytes=0&cid=58df4fa86fb0878f&ts=3293&x=16"

cdn.storageimagedisplay.com/si/60/3f/91/603f91173713a91903969684a0fc202aac8fec2ad2f0ae163ffa378d91bb419c.png

45.133.44.1

200 OK

15 kB

URL GET
cdn.storageimagedisplay.com/si/60/3f/91/603f91173713a91903969684a0fc202aac8fec2ad2f0ae163ffa378d91bb419c.png
IP
45.133.44.1:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectcdn.storageimagedisplay.com
Fingerprint44:32:60:54:16:79:8E:ED:60:B9:DD:B2:36:7C:B0:DC:CC:F5:B5:5C
ValidityWed, 12 Mar 2025 02:33:05 GMT - Tue, 10 Jun 2025 02:33:04 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
15 kB (15151 bytes)
Hash
a35cb578e3c8889f9d2d8e3a9e520bbc
f390ccf18911be8210267a1fb27529da10081347
554a79788b15330de1e48f1c482acaed20d1e3998e4daed2175530e89ac5e48a

HTTP Headers

GET /si/60/3f/91/603f91173713a91903969684a0fc202aac8fec2ad2f0ae163ffa378d91bb419c.png HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:26 GMT
content-type: image/png
content-length: 15151
server: nginx/1.21.6
last-modified: Sun, 16 Mar 2025 03:11:56 GMT
etag: "67d6417c-3b2f"
expires: Mon, 21 Apr 2025 11:15:26 GMT
cache-control: max-age=172800
x-cdn-host-id: ah0543
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

a27.azplay5.me/media/86486022.gif

45.141.56.198

200 OK

441 kB

URL GET
a27.azplay5.me/media/86486022.gif
IP
45.141.56.198:443
ASN
#213373 IP Connect Inc

Requested by
https://ad.apl375.me/getbanner.php?zone_id=183&0.3791217036339496
Certificate
IssuerLet's Encrypt
Subjecta27.azplay5.me
Fingerprint4B:47:0D:C9:39:E9:4B:DF:B1:31:6C:CD:04:1B:0B:C6:E3:35:BE:3E
ValidityFri, 18 Apr 2025 18:43:43 GMT - Thu, 17 Jul 2025 18:43:42 GMT

File type
GIF image data, version 89a, 300 x 250
Size
441 kB (441080 bytes)
Hash
898c81959a92d8d48f6a56b833d26be2
c4d9520722e33d29a6024dbe36a65970a57c1e5b
70d46c7c5244f49b5d38283ef7bf2ffd3f0843817c17316383cf7fca1fd43119

HTTP Headers

GET /media/86486022.gif HTTP/1.1
Host: a27.azplay5.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.apl375.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 19 Apr 2025 11:15:26 GMT
Content-Type: image/gif
Content-Length: 441080
Connection: keep-alive
Last-Modified: Mon, 14 Apr 2025 11:53:30 GMT
ETag: "67fcf73a-6baf8"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

shotgunchancecruel.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fstyle.css&l=3487&fd=1068

192.243.59.12

200 OK

0 B

URL GET
shotgunchancecruel.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fstyle.css&l=3487&fd=1068
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectshotgunchancecruel.com
Fingerprint0C:D3:F1:8B:BC:8A:18:C0:64:49:9C:C1:D7:F5:0C:C7:24:2B:06:04
ValidityWed, 19 Feb 2025 02:30:57 GMT - Tue, 20 May 2025 02:30:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fstyle.css&l=3487&fd=1068 HTTP/1.1
Host: shotgunchancecruel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Cookie: uid_id2=44390a89-4f9c-46f4-8015-eee4888576c9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25298571=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 19 Apr 2025 11:15:27 GMT
Content-Length: 0
Connection: keep-alive
Host: shotgunchancecruel.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

recordedthereby.com/sfp.js

185.196.197.72

200 OK

85 kB

URL GET
recordedthereby.com/sfp.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerLet's Encrypt
Subjectrecordedthereby.com
Fingerprint19:45:8B:8A:1B:43:8F:CB:7D:D5:AA:7C:FF:FA:04:93:35:CA:9D:47
ValidityThu, 06 Mar 2025 21:25:47 GMT - Wed, 04 Jun 2025 21:25:46 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
85 kB (85380 bytes)
Hash
108625937affa4b38bb17cea65510d72
2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee
c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 19 Apr 2025 11:15:17 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28255
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 3ed52019807c04474608c0ea892f8557
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

uydyqlnebqlwe.global/54p15ljo1lp200m?t=1&c=23931904&stamat=m%257C%252C%252CA2Omd2KqtGU3BP-GH0dEdHP3xP.833%252CraJ87ApJRUaIl6p3Fp5MJ1M-D7dg05JafCNU1Kx2-BwUY0RwbrdFOWXScCP8pk54hYQPxaNzgTKDzyVk9qv3V_TI-TIIog199weD3J0Un4d1hvsDnv8ukctuWo95Fa2buc-t8hoJvMUR3BANsPXYs6ggVOcZ2ZGkd2CVnaKgiBTbQlWLGQXEXNK11AiTVlI9gIiIM4aoyI62KkBF2CtMDqvVJjVTPzqoIoywQjnYhGLzw-r_VOAkaLZWStxuneiRbt9ghDu_VhIGk1EIirAvySqmBXyXu0vUicx3Ui8FQYjncwupZQVn3e7pkA1keXpD0Ao3VbV6FVwdoHj2RsA-2GAoMP6RHBXwOaSF37AzXXUassJlb9yxzQ7d_wZjb7S4yrW17T5GEcGWc6Sne3sepS-WE_-Hl_Yvw7UoYUTjOp5llyO0eBxST94AzXoQsTcGTbymbAg1kNu0u3FFTVBXBNWCSWSHBqKmNxZ-SPDkxRtKFR3yzyJ41leBpIZ0kNjoU7lj3UQgeCxgf8giQK38kwA-vPNPQe4e6SiI9U5CpE-U4iBURWW35tgD5DLBxNpg3r5XNZsH90JnC1sXqSePOwfL6XcBo7iadCJfIZOwzWofbkbqI3W_YHIC0kXCb9qm

104.21.0.224

204 No Content

0 B

URL GET
uydyqlnebqlwe.global/54p15ljo1lp200m?t=1&c=23931904&stamat=m%257C%252C%252CA2Omd2KqtGU3BP-GH0dEdHP3xP.833%252CraJ87ApJRUaIl6p3Fp5MJ1M-D7dg05JafCNU1Kx2-BwUY0RwbrdFOWXScCP8pk54hYQPxaNzgTKDzyVk9qv3V_TI-TIIog199weD3J0Un4d1hvsDnv8ukctuWo95Fa2buc-t8hoJvMUR3BANsPXYs6ggVOcZ2ZGkd2CVnaKgiBTbQlWLGQXEXNK11AiTVlI9gIiIM4aoyI62KkBF2CtMDqvVJjVTPzqoIoywQjnYhGLzw-r_VOAkaLZWStxuneiRbt9ghDu_VhIGk1EIirAvySqmBXyXu0vUicx3Ui8FQYjncwupZQVn3e7pkA1keXpD0Ao3VbV6FVwdoHj2RsA-2GAoMP6RHBXwOaSF37AzXXUassJlb9yxzQ7d_wZjb7S4yrW17T5GEcGWc6Sne3sepS-WE_-Hl_Yvw7UoYUTjOp5llyO0eBxST94AzXoQsTcGTbymbAg1kNu0u3FFTVBXBNWCSWSHBqKmNxZ-SPDkxRtKFR3yzyJ41leBpIZ0kNjoU7lj3UQgeCxgf8giQK38kwA-vPNPQe4e6SiI9U5CpE-U4iBURWW35tgD5DLBxNpg3r5XNZsH90JnC1sXqSePOwfL6XcBo7iadCJfIZOwzWofbkbqI3W_YHIC0kXCb9qm
IP
104.21.0.224:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectuydyqlnebqlwe.global
Fingerprint6A:48:82:BB:C3:29:4A:75:48:9F:B7:54:FC:1B:3F:45:F6:5E:16:9A
ValidityWed, 16 Apr 2025 01:24:38 GMT - Tue, 15 Jul 2025 02:23:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /54p15ljo1lp200m?t=1&c=23931904&stamat=m%257C%252C%252CA2Omd2KqtGU3BP-GH0dEdHP3xP.833%252CraJ87ApJRUaIl6p3Fp5MJ1M-D7dg05JafCNU1Kx2-BwUY0RwbrdFOWXScCP8pk54hYQPxaNzgTKDzyVk9qv3V_TI-TIIog199weD3J0Un4d1hvsDnv8ukctuWo95Fa2buc-t8hoJvMUR3BANsPXYs6ggVOcZ2ZGkd2CVnaKgiBTbQlWLGQXEXNK11AiTVlI9gIiIM4aoyI62KkBF2CtMDqvVJjVTPzqoIoywQjnYhGLzw-r_VOAkaLZWStxuneiRbt9ghDu_VhIGk1EIirAvySqmBXyXu0vUicx3Ui8FQYjncwupZQVn3e7pkA1keXpD0Ao3VbV6FVwdoHj2RsA-2GAoMP6RHBXwOaSF37AzXXUassJlb9yxzQ7d_wZjb7S4yrW17T5GEcGWc6Sne3sepS-WE_-Hl_Yvw7UoYUTjOp5llyO0eBxST94AzXoQsTcGTbymbAg1kNu0u3FFTVBXBNWCSWSHBqKmNxZ-SPDkxRtKFR3yzyJ41leBpIZ0kNjoU7lj3UQgeCxgf8giQK38kwA-vPNPQe4e6SiI9U5CpE-U4iBURWW35tgD5DLBxNpg3r5XNZsH90JnC1sXqSePOwfL6XcBo7iadCJfIZOwzWofbkbqI3W_YHIC0kXCb9qm HTTP/1.1
Host: uydyqlnebqlwe.global
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://livestreams.click
Referer: https://livestreams.click/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sat, 19 Apr 2025 11:15:20 GMT
server: cloudflare
access-control-allow-origin: *
via: 2.2 apache
cf-cache-status: DYNAMIC
cf-ray: 932bfbc53be9712e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ii.apl375.me/img/x.gif

104.21.82.118

200 OK

1.1 kB

URL GET
ii.apl375.me/img/x.gif
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type
GIF image data, version 89a, 9 x 9
Size
1.1 kB (1134 bytes)
Hash
57525cd79c5aee81d293688ac50c562a
32514d7cd9e82408277c45f4d7fe9bc3918ae3b5
05dac44372e5293843b38f0ed8e730cad36a6498fa0df4b0cc90df45ddb39075

HTTP Headers

GET /img/x.gif HTTP/1.1
Host: ii.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:21 GMT
content-type: image/gif
content-length: 1134
server: cloudflare
accept-ranges: bytes
last-modified: Sat, 14 Apr 2012 17:59:19 GMT
etag: "4f89baf7-46e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 1563274
cf-ray: 932bfbcc3fd30b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

uydyqlnebqlwe.global/jni22?t=1&c=23956500&stamat=m%257C%252C%252CA2Iu4iYzoGU3BP-GH0dEdHP3xP.9cc%252CspebBOrUFP4Ij4xgGpwPvsIx0ivTzktAPz2FtnyZBf8wk_48rVa77S5ld-iavySSr9PeW5T0FVg9Iug3zl4S4R-UbzqMs9N1oYKjj2I6oBjLMx-O90PwSZdM3U5qSILqmqgQeDfStlxkv3tXizq9fMIDf9P2RTkRmczQx1Z1m6GyCWFUStTZSnYmjsoee-jW5c_fN_zi5caXKF6b0twUvTjYXTcSWi3z1ReYDT4aoUSUtHz95POJCHQkbFMXk4pHKaFl30LizcBkorOKrXdDiv4Na7Zl21fFSpYMooe__I8TviBfVxlYRSaEDXoLt39x3F-AhDM540DpEvxOE35KaAKyRWCqCgBoaDL_EEeqdVdGhcM3GUiZ8bDgca28gNNrujdCEWUXCivraXGRYOUSRPRzlSqFB-RifolbDJn_OoWB3B1tH1CxsvFYYAK1_7O4LpxBV02JW92PmvevWEefUqVWEllXl3qBYRBmUi-vJ3YifEfmrBC-twGipMtmMSgOF_nNJwRYcMmDJDstkP_ywBCTtKSt5AdpElKx70w6om2HM_zkdEjlnLH4gtrkJjSrtBSKHm0JkzhffYsK5OE-CNQcTvPYxBNtr1tkv027vhAICq00Y5fAGduBGPJX00Av

104.21.0.224

204 No Content

0 B

URL GET
uydyqlnebqlwe.global/jni22?t=1&c=23956500&stamat=m%257C%252C%252CA2Iu4iYzoGU3BP-GH0dEdHP3xP.9cc%252CspebBOrUFP4Ij4xgGpwPvsIx0ivTzktAPz2FtnyZBf8wk_48rVa77S5ld-iavySSr9PeW5T0FVg9Iug3zl4S4R-UbzqMs9N1oYKjj2I6oBjLMx-O90PwSZdM3U5qSILqmqgQeDfStlxkv3tXizq9fMIDf9P2RTkRmczQx1Z1m6GyCWFUStTZSnYmjsoee-jW5c_fN_zi5caXKF6b0twUvTjYXTcSWi3z1ReYDT4aoUSUtHz95POJCHQkbFMXk4pHKaFl30LizcBkorOKrXdDiv4Na7Zl21fFSpYMooe__I8TviBfVxlYRSaEDXoLt39x3F-AhDM540DpEvxOE35KaAKyRWCqCgBoaDL_EEeqdVdGhcM3GUiZ8bDgca28gNNrujdCEWUXCivraXGRYOUSRPRzlSqFB-RifolbDJn_OoWB3B1tH1CxsvFYYAK1_7O4LpxBV02JW92PmvevWEefUqVWEllXl3qBYRBmUi-vJ3YifEfmrBC-twGipMtmMSgOF_nNJwRYcMmDJDstkP_ywBCTtKSt5AdpElKx70w6om2HM_zkdEjlnLH4gtrkJjSrtBSKHm0JkzhffYsK5OE-CNQcTvPYxBNtr1tkv027vhAICq00Y5fAGduBGPJX00Av
IP
104.21.0.224:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectuydyqlnebqlwe.global
Fingerprint6A:48:82:BB:C3:29:4A:75:48:9F:B7:54:FC:1B:3F:45:F6:5E:16:9A
ValidityWed, 16 Apr 2025 01:24:38 GMT - Tue, 15 Jul 2025 02:23:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /jni22?t=1&c=23956500&stamat=m%257C%252C%252CA2Iu4iYzoGU3BP-GH0dEdHP3xP.9cc%252CspebBOrUFP4Ij4xgGpwPvsIx0ivTzktAPz2FtnyZBf8wk_48rVa77S5ld-iavySSr9PeW5T0FVg9Iug3zl4S4R-UbzqMs9N1oYKjj2I6oBjLMx-O90PwSZdM3U5qSILqmqgQeDfStlxkv3tXizq9fMIDf9P2RTkRmczQx1Z1m6GyCWFUStTZSnYmjsoee-jW5c_fN_zi5caXKF6b0twUvTjYXTcSWi3z1ReYDT4aoUSUtHz95POJCHQkbFMXk4pHKaFl30LizcBkorOKrXdDiv4Na7Zl21fFSpYMooe__I8TviBfVxlYRSaEDXoLt39x3F-AhDM540DpEvxOE35KaAKyRWCqCgBoaDL_EEeqdVdGhcM3GUiZ8bDgca28gNNrujdCEWUXCivraXGRYOUSRPRzlSqFB-RifolbDJn_OoWB3B1tH1CxsvFYYAK1_7O4LpxBV02JW92PmvevWEefUqVWEllXl3qBYRBmUi-vJ3YifEfmrBC-twGipMtmMSgOF_nNJwRYcMmDJDstkP_ywBCTtKSt5AdpElKx70w6om2HM_zkdEjlnLH4gtrkJjSrtBSKHm0JkzhffYsK5OE-CNQcTvPYxBNtr1tkv027vhAICq00Y5fAGduBGPJX00Av HTTP/1.1
Host: uydyqlnebqlwe.global
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://livestreams.click
Referer: https://livestreams.click/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 204 No Content
date: Sat, 19 Apr 2025 11:15:26 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NsL8G%2BnSLGQX%2FeJAcaVaLs33Ei8dtVJ3EX%2B5J1GVCHsOQKpV9LfRZQtSIy%2FRwcX6i93G93TwkQpSDl%2Be2tKk6Qfs6I%2BSufndv4OZ14TkcpuScBdC3%2FXLI7BfzqHRQjTYP%2FeLwJpkTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
via: 2.2 apache
cf-cache-status: DYNAMIC
cf-ray: 932bfbe6ffda712f-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7339&min_rtt=3205&rtt_var=3845&sent=15&recv=10&lost=0&retrans=0&sent_bytes=5052&recv_bytes=2537&delivery_rate=6401&cwnd=12000&unsent_bytes=0&cid=aa40052cfec2920d&ts=5547&x=16"

youradexchange.com/script/iprp.php?t=1&c=23598160&stamat=m%257C%252C%252CQjF-o3E-oGU3BP-GH0dEdHP3xP.f65%252Cj03dyx5YWAoVgmoUE_JY3wxF69aYfrCf6DMXwuGEi4IQfN2FbM78m1TpjoVFHgv7w8NR1DzrNEDEAzuk8gQQvPwHOVDhtVp4kX8gKIxyF6-SsMdJHDrwrSre21-DHlIXTI2MYf1RLG8OAhjmlXA-Y5LXhPZV4mHuRuQWZmRNI9dbHhjF-JhUehiQFqnNLhzMgcozL9k8p7svHa51sfWbizMRUNQTMNna6PcxXbaCi3BMU0q7V4WVhHFRPIEa1nlaXnxD18XEZ-e7bwDcReEvjEOXa6o40eQlYgfAuF_rVsoVhCcuDDYdp642OQvJxqn5GNmcwJusJRWLlGEsR2Qk8_9cjQm0bTei61XjQ-e1zADuo5cKB9CnVOiyEktnAHJRde88I4WU66amLi4zb_1jAC-tmFD_eFuTaoAeRFHrFWoCTdV7mScF9HHtVDQMMnqbSsrLqp-3ZkNBBHhUfDf_d1efZtwOH1U3kcHWdecv4T_vsZ73lzOZoAEHV8xs5WiRCxRJ8K_IO4SRyBr1XTDgsQ0sggYQhxl4FKQo7YFLmPB9HFNgsPh1K-mOIFToqzxfgPQlYIi4WeaFIbpu6J3pawuml7gMymuFZ1KzXw7CFgz3ff1ska3DyJ79wWCvns2O

172.67.177.214

302 Found

1.7 kB

URL GET
youradexchange.com/script/iprp.php?t=1&c=23598160&stamat=m%257C%252C%252CQjF-o3E-oGU3BP-GH0dEdHP3xP.f65%252Cj03dyx5YWAoVgmoUE_JY3wxF69aYfrCf6DMXwuGEi4IQfN2FbM78m1TpjoVFHgv7w8NR1DzrNEDEAzuk8gQQvPwHOVDhtVp4kX8gKIxyF6-SsMdJHDrwrSre21-DHlIXTI2MYf1RLG8OAhjmlXA-Y5LXhPZV4mHuRuQWZmRNI9dbHhjF-JhUehiQFqnNLhzMgcozL9k8p7svHa51sfWbizMRUNQTMNna6PcxXbaCi3BMU0q7V4WVhHFRPIEa1nlaXnxD18XEZ-e7bwDcReEvjEOXa6o40eQlYgfAuF_rVsoVhCcuDDYdp642OQvJxqn5GNmcwJusJRWLlGEsR2Qk8_9cjQm0bTei61XjQ-e1zADuo5cKB9CnVOiyEktnAHJRde88I4WU66amLi4zb_1jAC-tmFD_eFuTaoAeRFHrFWoCTdV7mScF9HHtVDQMMnqbSsrLqp-3ZkNBBHhUfDf_d1efZtwOH1U3kcHWdecv4T_vsZ73lzOZoAEHV8xs5WiRCxRJ8K_IO4SRyBr1XTDgsQ0sggYQhxl4FKQo7YFLmPB9HFNgsPh1K-mOIFToqzxfgPQlYIi4WeaFIbpu6J3pawuml7gMymuFZ1KzXw7CFgz3ff1ska3DyJ79wWCvns2O
IP
172.67.177.214:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectyouradexchange.com
Fingerprint15:B3:64:96:16:B0:F4:77:6F:50:C1:66:99:8E:A6:A8:90:64:AD:7E
ValidityThu, 03 Apr 2025 15:59:56 GMT - Wed, 02 Jul 2025 16:56:55 GMT

File type

Size
1.7 kB (1744 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/iprp.php?t=1&c=23598160&stamat=m%257C%252C%252CQjF-o3E-oGU3BP-GH0dEdHP3xP.f65%252Cj03dyx5YWAoVgmoUE_JY3wxF69aYfrCf6DMXwuGEi4IQfN2FbM78m1TpjoVFHgv7w8NR1DzrNEDEAzuk8gQQvPwHOVDhtVp4kX8gKIxyF6-SsMdJHDrwrSre21-DHlIXTI2MYf1RLG8OAhjmlXA-Y5LXhPZV4mHuRuQWZmRNI9dbHhjF-JhUehiQFqnNLhzMgcozL9k8p7svHa51sfWbizMRUNQTMNna6PcxXbaCi3BMU0q7V4WVhHFRPIEa1nlaXnxD18XEZ-e7bwDcReEvjEOXa6o40eQlYgfAuF_rVsoVhCcuDDYdp642OQvJxqn5GNmcwJusJRWLlGEsR2Qk8_9cjQm0bTei61XjQ-e1zADuo5cKB9CnVOiyEktnAHJRde88I4WU66amLi4zb_1jAC-tmFD_eFuTaoAeRFHrFWoCTdV7mScF9HHtVDQMMnqbSsrLqp-3ZkNBBHhUfDf_d1efZtwOH1U3kcHWdecv4T_vsZ73lzOZoAEHV8xs5WiRCxRJ8K_IO4SRyBr1XTDgsQ0sggYQhxl4FKQo7YFLmPB9HFNgsPh1K-mOIFToqzxfgPQlYIi4WeaFIbpu6J3pawuml7gMymuFZ1KzXw7CFgz3ff1ska3DyJ79wWCvns2O HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://livestreams.click
Referer: https://livestreams.click/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 19 Apr 2025 11:15:18 GMT
content-type: text/html; charset=utf-8
location: https://goosebomb.com/gogate/etoro/55/index.html?action=174506131710000TNOTV415326358024Va64a4
server: cloudflare
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
cf-ray: 932bfbb78bd056c4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-VW5C1V36SP

142.250.178.72

200 OK

388 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-VW5C1V36SP
IP
142.250.178.72:443
ASN
#15169 GOOGLE

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintB7:82:F3:C7:93:B0:60:B0:83:49:F8:74:0D:49:78:23:65:0B:37:01
ValidityMon, 31 Mar 2025 08:54:29 GMT - Mon, 23 Jun 2025 08:54:28 GMT

File type
JavaScript source, ASCII text, with very long lines (6129)
Size
388 kB (388465 bytes)
Hash
02dfb672f42e7df4e1f3297c4c7a0ac7
d35c728783b80c1dc9dfc49c4578c0c0d81b5a0b
777853bef6ce76ba975ba42d11d7d688861d785eb8d78b887d7bcfc6bb7d9f7f

HTTP Headers

GET /gtag/js?id=G-VW5C1V36SP HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 19 Apr 2025 11:15:21 GMT
expires: Sat, 19 Apr 2025 11:15:21 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1055:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1055:0
report-to: {"group":"ascgcycc:1055:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1055:0"}],}
server: Google Tag Manager
content-length: 127843
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

code.jquery.com/jquery-3.5.1.slim.min.js

151.101.66.137

200 OK

72 kB

URL GET
code.jquery.com/jquery-3.5.1.slim.min.js
IP
151.101.66.137:443
ASN
#54113 FASTLY

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65245)
Size
72 kB (72380 bytes)
Hash
fb8409a092adc6e8be17e87d59e0595e
cf8d9821552d51bb50ce572e696aba1309065800
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db

HTTP Headers

GET /jquery-3.5.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-11abc"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sat, 19 Apr 2025 11:15:18 GMT
age: 4576632
x-served-by: cache-lga21954-LGA, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 22, 28140
x-timer: S1745061319.534519,VS0,VE0
vary: Accept-Encoding
content-length: 24606
X-Firefox-Spdy: h2

livestreams.click/favicon.ico

172.67.207.222

200 OK

1.2 kB

URL GET
livestreams.click/favicon.ico
IP
172.67.207.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectlivestreams.click
FingerprintFA:D0:0A:0E:8C:C9:F2:2A:14:63:DB:79:A7:A1:33:B1:5B:73:AD:1E
ValidityWed, 26 Feb 2025 14:55:45 GMT - Tue, 27 May 2025 15:54:24 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
1.2 kB (1150 bytes)
Hash
23261e46992bce7414da5aa4166d6510
8eec5ff9dc55803de4dc934e6e86a2fb47d67e7a
e91347e65981d6f8e73ac32f15972729ff6c8e0d6a352843f175ca3cf9cdbe25

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: livestreams.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/live/daznlaliga_spain.php
Cookie: pp_main_bc0cea2cc67474235512f64ed7476bf4=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=44390a89-4f9c-46f4-8015-eee4888576c9%3A3%3A1; _ga_4X3D1TSXCP=GS1.1.1745061318.1.0.1745061318.0.0.0; _ga=GA1.1.634031272.1745061319
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:19 GMT
content-type: image/x-icon
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uwMplOaFsKt%2F6qLIAgSDZ2y6f29ySDfgi6cbZYCGz5Ljtjh0y9JNTefxOoLICcKozTJnnX0tktmApxlfERQ%2FX9Q0UWk5rDiO96gQmZI3tTKMmxG4cskWyk7%2B4QI1%2BJRmAXE5tg%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 26 Feb 2025 15:47:22 GMT
etag: W/"67bf378a-47e"
strict-transport-security: max-age=31536000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
content-encoding: br
cf-ray: 932bfbbc2e2a56c7-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3345&min_rtt=776&rtt_var=2188&sent=170&recv=137&lost=0&retrans=0&sent_bytes=97203&recv_bytes=9404&delivery_rate=2365320&cwnd=24000&unsent_bytes=0&cid=634670089be2888f&ts=2996&x=16"

livestreams.click/live/daznlaliga_spain.php

172.67.207.222

200 OK

0 B

URL HEAD
livestreams.click/live/daznlaliga_spain.php
IP
172.67.207.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectlivestreams.click
FingerprintFA:D0:0A:0E:8C:C9:F2:2A:14:63:DB:79:A7:A1:33:B1:5B:73:AD:1E
ValidityWed, 26 Feb 2025 14:55:45 GMT - Tue, 27 May 2025 15:54:24 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /live/daznlaliga_spain.php HTTP/1.1
Host: livestreams.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/live/daznlaliga_spain.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:18 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7nTY4JwNiu6501KakjdhVMv%2BBQlitiow0%2FdNpDofc2helc8otGjeR29JIX80aayuf2kCAyumpvcjf%2FiR2puHXY1uZqBerv5giyP%2Fy6NVLy5WQ77zVRsJ%2FEAFyVOnUiTwepqcMA%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 932bfbb53dee56c7-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3891&min_rtt=776&rtt_var=3464&sent=150&recv=131&lost=0&retrans=0&sent_bytes=79723&recv_bytes=8064&delivery_rate=3431390&cwnd=24000&unsent_bytes=0&cid=634670089be2888f&ts=2124&x=16"

a27.azplay5.me/media/49625414.gif

45.141.56.198

200 OK

42 kB

URL GET
a27.azplay5.me/media/49625414.gif
IP
45.141.56.198:443
ASN
#213373 IP Connect Inc

Requested by
https://ad.apl375.me/getbanner.php?zone_id=196
Certificate
IssuerLet's Encrypt
Subjecta27.azplay5.me
Fingerprint4B:47:0D:C9:39:E9:4B:DF:B1:31:6C:CD:04:1B:0B:C6:E3:35:BE:3E
ValidityFri, 18 Apr 2025 18:43:43 GMT - Thu, 17 Jul 2025 18:43:42 GMT

File type
GIF image data, version 89a, 160 x 40
Size
42 kB (42038 bytes)
Hash
f0a4d933df77500fa713706148f91ea9
f971d40e28e086c604a0be4d7843d3dd4b85fd32
0f5a146737b821163c9c2ad888f4bd32f268ae408f44668d6e78324fcb832056

HTTP Headers

GET /media/49625414.gif HTTP/1.1
Host: a27.azplay5.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.apl375.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 19 Apr 2025 11:15:26 GMT
Content-Type: image/gif
Content-Length: 42038
Connection: keep-alive
Last-Modified: Wed, 06 Nov 2024 22:44:47 GMT
ETag: "672bf15f-a436"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700&display=swap

142.250.178.106

200 OK

28 kB

URL GET
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700&display=swap
IP
142.250.178.106:443
ASN
#15169 GOOGLE

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint06:13:4C:49:F4:23:BB:58:C3:31:41:0E:F9:E0:C5:EF:74:A9:0C:67
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
ASCII text, with very long lines (1572)
Size
28 kB (27925 bytes)
Hash
213822b07ad94930bbfc93e2bc9bad9a
96a9f6c67d810ee92a922abd207f9995238cffdc
6b6274a784ea45cd9dfbab668bcc96a4efd208181ddec235958770fbb52b6fc9

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 19 Apr 2025 11:15:25 GMT
date: Sat, 19 Apr 2025 11:15:25 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ad.apl375.me/getbanner.php?zone_id=183&0.3791217036339496

104.21.82.118

200 OK

463 B

URL GET
ad.apl375.me/getbanner.php?zone_id=183&0.3791217036339496
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
463 B (463 bytes)
Hash
26b9a996e817db69d512a6d64638a1a3
86ed9b9a6b6a65588b91a902eebe8d4cdcc7c1d6
2291d1a89bd8868a6afced1ce5555ad801decffd69e45fd728c90586a1b5ab65

HTTP Headers

GET /getbanner.php?zone_id=183&0.3791217036339496 HTTP/1.1
Host: ad.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:24 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ksrvB4f1XQEk%2FuJIn4dBySmWTDBXVCb38AhsUbzuZJ8HtUvRkj1EkoAi7K5pd4exuNOfjVpWLHs5DtXYlfh07T7QRmb9DczpMumPYrsWQ88H1%2FGO9ClcHCOwaYWR1l4%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 932bfbdaca675690-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=10874&min_rtt=719&rtt_var=9349&sent=159&recv=212&lost=0&retrans=0&sent_bytes=13412&recv_bytes=12744&delivery_rate=13468&cwnd=12000&unsent_bytes=0&cid=58df4fa86fb0878f&ts=2330&x=16"

cdn.creative-stat1.com/sb/ssp/interstitial/bottom_banner/1/js/script.js

172.67.133.15

200 OK

957 B

URL GET
cdn.creative-stat1.com/sb/ssp/interstitial/bottom_banner/1/js/script.js
IP
172.67.133.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectcreative-stat1.com
Fingerprint0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB
ValiditySun, 13 Apr 2025 21:34:38 GMT - Sat, 12 Jul 2025 22:33:20 GMT

File type
ASCII text
Size
957 B (957 bytes)
Hash
41051a33fb99370ee2aeae5227abec51
f1b81c1d24d27bea43a09f308ae28668453704fb
67f07ddfdc4a81dc7ae4f83c332eb76107442caf0230e307d6398bae7663aa0d

HTTP Headers

GET /sb/ssp/interstitial/bottom_banner/1/js/script.js HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:27 GMT
content-type: application/javascript
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:45 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 139097
etag: W/"65aa8501-3bd"
content-encoding: br
cf-ray: 932bfbef2d2c56c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

livestreams.click/embed01/daznliga.php

172.67.207.222

200 OK

214 kB

URL GET
livestreams.click/embed01/daznliga.php
IP
172.67.207.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectlivestreams.click
FingerprintFA:D0:0A:0E:8C:C9:F2:2A:14:63:DB:79:A7:A1:33:B1:5B:73:AD:1E
ValidityWed, 26 Feb 2025 14:55:45 GMT - Tue, 27 May 2025 15:54:24 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (46410), with LF, NEL line terminators
Size
214 kB (213856 bytes)
Hash
11b8bcc4c087713e232525ad0436def6
696e2e28f00c3cc2d8e84f2c5fd71e5a9a860f61
8dcd89323d28ce4d5fb3fe125b60033e4ac1fdc5d7ab951cdc3d9e9a002b1ae1

HTTP Headers

GET /embed01/daznliga.php HTTP/1.1
Host: livestreams.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/live/daznlaliga_spain.php
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

recordedthereby.com/sfp.js

185.196.197.72

200 OK

85 kB

URL GET
recordedthereby.com/sfp.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectrecordedthereby.com
Fingerprint19:45:8B:8A:1B:43:8F:CB:7D:D5:AA:7C:FF:FA:04:93:35:CA:9D:47
ValidityThu, 06 Mar 2025 21:25:47 GMT - Wed, 04 Jun 2025 21:25:46 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
85 kB (85380 bytes)
Hash
108625937affa4b38bb17cea65510d72
2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee
c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 19 Apr 2025 11:15:19 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28255
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 3c30ab638046a2f4104b891a9002518c
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js

142.250.74.138

200 OK

10 kB

URL GET
ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint06:13:4C:49:F4:23:BB:58:C3:31:41:0E:F9:E0:C5:EF:74:A9:0C:67
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
JavaScript source, ASCII text, with very long lines (10071)
Size
10 kB (10220 bytes)
Hash
892a543f3abb54e8ec1ada55be3b0649
5847ed101f55d51c53538a7078971e7de8fb6762
8677971b119ccdb82af697ff0e08f218490d15116f221d44301f1cc8797e67d4

HTTP Headers

GET /ajax/libs/swfobject/2.2/swfobject.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 3974
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 18 Apr 2025 01:55:19 GMT
expires: Sat, 18 Apr 2026 01:55:19 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 120003
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=44390a89-4f9c-46f4-8015-eee4888576c9&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=1&pk=6b466ce658b57288a4638a60e8c97a17&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11

192.243.59.12

200 OK

0 B

URL GET
unseenreport.com/pxf.gif?uuid=44390a89-4f9c-46f4-8015-eee4888576c9&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=1&pk=6b466ce658b57288a4638a60e8c97a17&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintE0:4C:2E:29:FF:E3:0A:E7:2C:96:4B:AD:13:1B:9D:AB:A0:91:35:A7
ValidityTue, 18 Mar 2025 22:26:47 GMT - Mon, 16 Jun 2025 22:26:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=44390a89-4f9c-46f4-8015-eee4888576c9&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=1&pk=6b466ce658b57288a4638a60e8c97a17&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 19 Apr 2025 11:15:30 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: unseenreport.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: caaad58ced14c532241fceacd311f0f0
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

www.googletagmanager.com/gtag/js?id=UA-64986161-11

142.250.178.72

200 OK

274 kB

URL GET
www.googletagmanager.com/gtag/js?id=UA-64986161-11
IP
142.250.178.72:443
ASN
#15169 GOOGLE

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintB7:82:F3:C7:93:B0:60:B0:83:49:F8:74:0D:49:78:23:65:0B:37:01
ValidityMon, 31 Mar 2025 08:54:29 GMT - Mon, 23 Jun 2025 08:54:28 GMT

File type
JavaScript source, ASCII text, with very long lines (5436)
Size
274 kB (273947 bytes)
Hash
ff1d2dabe60a74bfb0721eaa253d06a9
c69cfef984af7dcfe529ca85f0bf0c35d2a33bc6
7bbfd6dccb47da8704999946a5c530923042544ee8b53bf94e2da5f8d1b1f689

HTTP Headers

GET /gtag/js?id=UA-64986161-11 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 19 Apr 2025 11:15:16 GMT
expires: Sat, 19 Apr 2025 11:15:16 GMT
cache-control: private, max-age=900
last-modified: Sat, 19 Apr 2025 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1055:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1055:0
report-to: {"group":"ascgcycc:1055:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1055:0"}],}
server: Google Tag Manager
content-length: 95513
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ad.apl375.me/counter.php?bid=7810&timestamp=1745061325&hash=146265307

104.21.82.118

201 Created

0 B

URL GET
ad.apl375.me/counter.php?bid=7810&timestamp=1745061325&hash=146265307
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ad.apl375.me/getbanner.php?zone_id=198
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /counter.php?bid=7810&timestamp=1745061325&hash=146265307 HTTP/1.1
Host: ad.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.apl375.me/getbanner.php?zone_id=198
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 201 Created
date: Sat, 19 Apr 2025 11:15:26 GMT
content-type: application/octet-stream
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JKZtDmZXhdztid0nJERE9lI1p%2BY5shXP3XDBkH7khTPg0kzYcaykKzKfosB%2BPNvRZ6jbdErsZJQTkklEczc25ZIc6XbzfzIO1WqZIYc0AqLlLRTZft%2BWC7rUeqmiHJU%3D"}],"group":"cf-nel","max_age":604800}
expires: Sat, 19 Apr 2025 11:15:25 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 932bfbebeb245690-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9328&min_rtt=719&rtt_var=9233&sent=174&recv=225&lost=0&retrans=0&sent_bytes=19183&recv_bytes=15354&delivery_rate=29918&cwnd=12000&unsent_bytes=0&cid=58df4fa86fb0878f&ts=5009&x=16"

ad.apl375.me/getbanner.php?zone_id=204

104.21.82.118

200 OK

524 B

URL GET
ad.apl375.me/getbanner.php?zone_id=204
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
524 B (524 bytes)
Hash
90d78710d2934dc64c378a4d6e9986f5
92713fb33c8b1f917dcfa8087e088018e6a8ed12
29ab9b273d0b0f723d80d96e4e7f5c1374a8ef971d411f208fb7edb385415421

HTTP Headers

GET /getbanner.php?zone_id=204 HTTP/1.1
Host: ad.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:23 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mRw%2BoIWsa5CzwNS4%2BPuturCW9iNdYuNY2GvYFqFQgv3bNgLgfFFCMAslOouHfRlPTRqwti0InPmW70O9CUx4MGJi%2F79dXNjYWk%2Bce%2BsM1A7ixs8P1%2FVV%2BxiIKfclMi0%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 932bfbda1a615690-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=13042&min_rtt=719&rtt_var=9661&sent=153&recv=208&lost=0&retrans=0&sent_bytes=11383&recv_bytes=11954&delivery_rate=32593&cwnd=12000&unsent_bytes=0&cid=58df4fa86fb0878f&ts=2220&x=16"

shotgunchancecruel.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F78%2F74%2Ffd%2F7874fd62186fc577273fa59756d17076%2F1744381737.html&l=1544&fd=1368

192.243.59.12

200 OK

0 B

URL GET
shotgunchancecruel.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F78%2F74%2Ffd%2F7874fd62186fc577273fa59756d17076%2F1744381737.html&l=1544&fd=1368
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectshotgunchancecruel.com
Fingerprint0C:D3:F1:8B:BC:8A:18:C0:64:49:9C:C1:D7:F5:0C:C7:24:2B:06:04
ValidityWed, 19 Feb 2025 02:30:57 GMT - Tue, 20 May 2025 02:30:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2F78%2F74%2Ffd%2F7874fd62186fc577273fa59756d17076%2F1744381737.html&l=1544&fd=1368 HTTP/1.1
Host: shotgunchancecruel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Cookie: uid_id2=44390a89-4f9c-46f4-8015-eee4888576c9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25298571=1; slec6b466ce658b57288a4638a60e8c97a17=[5857915,5846723]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 19 Apr 2025 11:15:25 GMT
Content-Length: 0
Connection: keep-alive
Host: shotgunchancecruel.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.livetv852.me/img/ads/ltv-aliez-ru.gif

104.21.55.60

200 OK

43 kB

URL GET
cdn.livetv852.me/img/ads/ltv-aliez-ru.gif
IP
104.21.55.60:443
ASN
#13335 CLOUDFLARENET

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectlivetv852.me
Fingerprint4F:E0:52:69:C9:91:AA:16:F0:6F:91:6C:4F:AC:D7:58:8D:BF:85:CE
ValidityWed, 02 Apr 2025 15:19:59 GMT - Tue, 01 Jul 2025 16:17:13 GMT

File type
GIF image data, version 89a, 300 x 250
Size
43 kB (43101 bytes)
Hash
5947c6995beb08c534b2b13850abc1f6
eadc3f9f30f31f7dda023dd1d229ca957b5aefb3
baa3dda88de68c5ca0f2ac76649cc8e11e106966222d7c787150271eb850d467

HTTP Headers

GET /img/ads/ltv-aliez-ru.gif HTTP/1.1
Host: cdn.livetv852.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:21 GMT
content-type: image/gif
content-length: 43101
server: cloudflare
accept-ranges: bytes
last-modified: Wed, 01 May 2013 14:52:11 GMT
etag: "51812c1b-a85d"
access-control-allow-origin: *
x-origin: cdn
cache-control: max-age=14400
cf-cache-status: HIT
age: 3961
cf-ray: 932bfbcd48d9b500-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

t.dtscout.com/pv/?_a=v&_h=livestreams.click&_ss=15q489r762&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=2xj2&_cb=_dtspv.c

172.67.70.180

200 OK

52 B

URL GET
t.dtscout.com/pv/?_a=v&_h=livestreams.click&_ss=15q489r762&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=2xj2&_cb=_dtspv.c
IP
172.67.70.180:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectdtscout.com
Fingerprint4B:34:25:C3:56:75:F4:5A:B8:45:F5:43:DE:C9:89:43:D2:87:85:48
ValidityFri, 07 Mar 2025 01:14:02 GMT - Thu, 05 Jun 2025 02:13:46 GMT

File type
ASCII text, with no line terminators
Size
52 B (52 bytes)
Hash
b0cd874b24c62c773aa86e6b01d16fa2
47b9c3f051b5d272799b36c92d973643fbb905a2
b6706cf0782aa60939db03698485d409124b896ef190b8e21d3e49d7004153aa

HTTP Headers

GET /pv/?_a=v&_h=livestreams.click&_ss=15q489r762&_pv=1&_ls=0&_u1=1&_u3=1&_cc=no&_pl=d&_cbid=2xj2&_cb=_dtspv.c HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Cookie: m=1; df=1745061318
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:18 GMT
content-type: application/javascript
content-encoding: br
cf-ray: 932bfbb94a9d712b-OSL
x-t: 0.153
x-c: 0
expires: Sat, 19 Apr 2025 11:15:17 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iw18TFtmrK5BHQ2v3SVO2CqzSdkXQM0KbTO1SEoO7WjsiPPbrM7utLtl11ZwXEUwgbYPTkHkIdwbUeUJZ2wyCLA0uG2TPFn2GdWCuxayyYrdgC%2B7l1hMaALCYHWfS80%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=509&min_rtt=418&rtt_var=179&sent=10&recv=12&lost=0&retrans=0&sent_bytes=4811&recv_bytes=1273&delivery_rate=6917197&cwnd=255&unsent_bytes=0&cid=57a082d62bc0afe8&ts=776&x=0"
X-Firefox-Spdy: h2

vjs.zencdn.net/7.20.3/video-js.css

151.101.130.217

200 OK

47 kB

URL GET
vjs.zencdn.net/7.20.3/video-js.css
IP
151.101.130.217:443
ASN
#54113 FASTLY

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGlobalSign nv-sa
Subjectvjs.zencdn.net
Fingerprint22:88:1F:07:1F:92:14:54:4B:E7:66:41:59:BF:5D:37:AF:C0:31:C7
ValidityTue, 07 Jan 2025 21:56:05 GMT - Sun, 08 Feb 2026 21:56:04 GMT

File type
Unicode text, UTF-8 text, with very long lines (5844)
Size
47 kB (46607 bytes)
Hash
92c4f5bba6e24134f07a508819300d2e
841175d1130307583f18e7bba0cdf133782ba72b
a600e503fc0dcb171bd2ce6b639bbb5cf35b91ccc3c045324a7a4e2603683a0f

HTTP Headers

GET /7.20.3/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Fri, 09 Sep 2022 18:11:04 GMT
etag: "92c4f5bba6e24134f07a508819300d2e"
content-type: text/css
content-encoding: gzip
date: Sat, 19 Apr 2025 11:15:21 GMT
x-served-by: cache-hel1410029-HEL
x-cache: HIT
x-cache-hits: 4462
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10964
X-Firefox-Spdy: h2

a27.azplay5.me/media/49625414.gif

45.141.56.198

200 OK

42 kB

URL GET
a27.azplay5.me/media/49625414.gif
IP
45.141.56.198:443
ASN
#213373 IP Connect Inc

Requested by
https://ad.apl375.me/getbanner.php?zone_id=197
Certificate
IssuerLet's Encrypt
Subjecta27.azplay5.me
Fingerprint4B:47:0D:C9:39:E9:4B:DF:B1:31:6C:CD:04:1B:0B:C6:E3:35:BE:3E
ValidityFri, 18 Apr 2025 18:43:43 GMT - Thu, 17 Jul 2025 18:43:42 GMT

File type
GIF image data, version 89a, 160 x 40
Size
42 kB (42038 bytes)
Hash
f0a4d933df77500fa713706148f91ea9
f971d40e28e086c604a0be4d7843d3dd4b85fd32
0f5a146737b821163c9c2ad888f4bd32f268ae408f44668d6e78324fcb832056

HTTP Headers

GET /media/49625414.gif HTTP/1.1
Host: a27.azplay5.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.apl375.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 19 Apr 2025 11:15:27 GMT
Content-Type: image/gif
Content-Length: 42038
Connection: keep-alive
Last-Modified: Wed, 06 Nov 2024 22:44:47 GMT
ETag: "672bf15f-a436"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

agencytroops.com/6b/46/6c/6b466ce658b57288a4638a60e8c97a17.js

172.240.108.84

200 OK

42 kB

URL GET
agencytroops.com/6b/46/6c/6b466ce658b57288a4638a60e8c97a17.js
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectagencytroops.com
Fingerprint60:45:BA:ED:AE:78:A6:D4:8F:6D:8B:9D:A9:BD:44:04:3A:90:39:F4
ValidityWed, 12 Mar 2025 20:38:58 GMT - Tue, 10 Jun 2025 20:38:57 GMT

File type
JavaScript source, ASCII text, with very long lines (42407), with no line terminators
Size
42 kB (42407 bytes)
Hash
7e3078ced47974846012b8f22a90332f
01c1bfffda488055a97da7d37c689c8d7dd62a94
5e7260d743f9a0691c53b9f11e50451d31b89675a89a23a77637e2dcc07b27ab

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /6b/46/6c/6b466ce658b57288a4638a60e8c97a17.js HTTP/1.1
Host: agencytroops.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 19 Apr 2025 11:15:18 GMT
Content-Type: application/javascript
Content-Length: 15392
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
set-cookie: 4b4e7ab587d59b22ad7bcd2439afc363_BS-684-4=1; expires=Sat, 19 Apr 2025 11:15:18 GMT; secure; SameSite=None
x-envoy-upstream-service-time: 3
Host: agencytroops.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 43b2da6a2e166e33cf45cb822de8c079
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

shotgunchancecruel.com/sbar.json?key=6b466ce658b57288a4638a60e8c97a17&abt=BS-684-4_1&uuid=44390a89-4f9c-46f4-8015-eee4888576c9%3A3%3A1

192.243.59.12

200 OK

13 kB

URL GET
shotgunchancecruel.com/sbar.json?key=6b466ce658b57288a4638a60e8c97a17&abt=BS-684-4_1&uuid=44390a89-4f9c-46f4-8015-eee4888576c9%3A3%3A1
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectshotgunchancecruel.com
Fingerprint0C:D3:F1:8B:BC:8A:18:C0:64:49:9C:C1:D7:F5:0C:C7:24:2B:06:04
ValidityWed, 19 Feb 2025 02:30:57 GMT - Tue, 20 May 2025 02:30:56 GMT

File type
JSON text data
Size
13 kB (12646 bytes)
Hash
5013aff00657af835917435d954b68b6
68473c1ccd1faff7434d12a3cb17875495b3557a
3be8740be5bd32b4eea22124d7becb0ae6b6c79aabdca375e5b136434a644237

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=6b466ce658b57288a4638a60e8c97a17&abt=BS-684-4_1&uuid=44390a89-4f9c-46f4-8015-eee4888576c9%3A3%3A1 HTTP/1.1
Host: shotgunchancecruel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 19 Apr 2025 11:15:21 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://livestreams.click
Access-Control-Allow-Origin: https://livestreams.click
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=44390a89-4f9c-46f4-8015-eee4888576c9:3:1; expires=Sat, 26 Apr 2025 11:15:20 GMT; path=/; secure; SameSite=None
pdhtkv=true; expires=Sun, 20 Apr 2025 11:15:21 GMT; path=/; secure; SameSite=None
uncs=1; expires=Sun, 20 Apr 2025 11:15:21 GMT; path=/; secure; SameSite=None
pdhtkv29=true; expires=Sun, 20 Apr 2025 11:15:21 GMT; path=/; secure; SameSite=None
uncs29=1; expires=Sun, 20 Apr 2025 11:15:21 GMT; path=/; secure; SameSite=None
u_pl25298571=1; expires=Sun, 20 Apr 2025 11:15:21 GMT; path=/; secure; SameSite=None
slec6b466ce658b57288a4638a60e8c97a17=[5857915,5846723]; expires=Sat, 19 Apr 2025 11:15:26 GMT; path=/; secure; SameSite=None
Host: shotgunchancecruel.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: b46d0b6412b1125340f629a6df909899
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

shotgunchancecruel.com/impr.gif?sid=H4sIAAAAAAAC_1RSMYwbRRee9UV_8VMgAqIBJBcUIGHfrr1er0kRcQlBp4QkSoKiiALNzsz6hhvvLDO7Xsc0p5xAkWisVEC19_kuJ44IQUmBhGwadBJSnOqKXENLh5Qa2bFkeMV779vvrfS9782Xe_kp8ZHTk-sf6qFUiq636m71rdsy4bqw1au3qp5bd89Vb8sk8M9VB_Nk-u96Tb_uvl39QLBtvd5wPdf1XK96SRoR68H6goVMH3W8eset-4261_IxMP_FNndgqQPePyVnIfnsxT_jjyHZBEnvx4vCbmc6fef9Xq5opg36_PCjZDvRRYLeqo2Ngzg5XE5D2xkhX1egk8PlBtD9_fkGiOSMVF59iig5XMpE1D94rjRSEAki_gKK_gRCTSDpBEzvQvLHBGAcV68h6T28qk1B7z5n6ZydkTPP_oYsZuTM01eQ9H7YUHJQvalVnkmdWAziEnIwgexOkOZTZMMKZDEFy-5B8j_I-rMrSHr716zSkPzkTd9vdlwadmp-3GE1P4j9Wuh6rZoQwg_DsNUOWGdhkYwnUGIEateQWwe5dJDHDvLUQY-fVH039JlHm0Hc4azt-tT3uYjcTthwXdphbeRsrn-ELB2BqRGY2UFqdrAtRzD5r7BbJSx3YDOCPi9RCILCEhSUoJAERUZQ9MsDrmzDlg-5snnkLWtjWZvlWGfdPXqgs65ICKgZwfByX6af2V2wbG08jO3lsZ4nGmVHGzdrQejX_E-8MY14uZeekpfmJjv3_vcVtsVJNYj8IGAiaIVRq90IQ-oHzZAGrghZp029NqwsIW0F1DoYyhm58NcTpPJx-gARncKqKZh8GTR_A7QoQbdKDJOjrmbUZvXUaHBdIs3OILvr7KlT8trixHeizyHY8fmfv5nHt2CmRGpKfCp_I-iq--MbuiD7N3RhyU_X0kz25JDOz38zo5lYO7os7hba8M2LdvTde2xOzNtHt4TNrtCEy6RryfcbknNhLmnDBPll094W0fXcbm3kJsnTK9cvXNrspUZYK3UyAZUz8v_ydTA5I2cHtcXTbuxsQpoJTF6ilx-TZUDqKVi6A5uu9FtNYNRqJkodFHk5No1o9VFJAiVWmEYl7L9wtOrHhs7_prLcs_fRNRXQbBdJr0TflOirElSNYPO1cZaa4_NPmotApCrjSJnKfqSMerCweUbuBFNYeVKNm6LBXDdsB14zjIXX9DmLW6Hf4QF1m02BzM621r74_Z8AAAD__zHuQ97BBAAA

192.243.59.12

200 OK

0 B

URL GET
shotgunchancecruel.com/impr.gif?sid=H4sIAAAAAAAC_1RSMYwbRRee9UV_8VMgAqIBJBcUIGHfrr1er0kRcQlBp4QkSoKiiALNzsz6hhvvLDO7Xsc0p5xAkWisVEC19_kuJ44IQUmBhGwadBJSnOqKXENLh5Qa2bFkeMV779vvrfS9782Xe_kp8ZHTk-sf6qFUiq636m71rdsy4bqw1au3qp5bd89Vb8sk8M9VB_Nk-u96Tb_uvl39QLBtvd5wPdf1XK96SRoR68H6goVMH3W8eset-4261_IxMP_FNndgqQPePyVnIfnsxT_jjyHZBEnvx4vCbmc6fef9Xq5opg36_PCjZDvRRYLeqo2Ngzg5XE5D2xkhX1egk8PlBtD9_fkGiOSMVF59iig5XMpE1D94rjRSEAki_gKK_gRCTSDpBEzvQvLHBGAcV68h6T28qk1B7z5n6ZydkTPP_oYsZuTM01eQ9H7YUHJQvalVnkmdWAziEnIwgexOkOZTZMMKZDEFy-5B8j_I-rMrSHr716zSkPzkTd9vdlwadmp-3GE1P4j9Wuh6rZoQwg_DsNUOWGdhkYwnUGIEateQWwe5dJDHDvLUQY-fVH039JlHm0Hc4azt-tT3uYjcTthwXdphbeRsrn-ELB2BqRGY2UFqdrAtRzD5r7BbJSx3YDOCPi9RCILCEhSUoJAERUZQ9MsDrmzDlg-5snnkLWtjWZvlWGfdPXqgs65ICKgZwfByX6af2V2wbG08jO3lsZ4nGmVHGzdrQejX_E-8MY14uZeekpfmJjv3_vcVtsVJNYj8IGAiaIVRq90IQ-oHzZAGrghZp029NqwsIW0F1DoYyhm58NcTpPJx-gARncKqKZh8GTR_A7QoQbdKDJOjrmbUZvXUaHBdIs3OILvr7KlT8trixHeizyHY8fmfv5nHt2CmRGpKfCp_I-iq--MbuiD7N3RhyU_X0kz25JDOz38zo5lYO7os7hba8M2LdvTde2xOzNtHt4TNrtCEy6RryfcbknNhLmnDBPll094W0fXcbm3kJsnTK9cvXNrspUZYK3UyAZUz8v_ydTA5I2cHtcXTbuxsQpoJTF6ilx-TZUDqKVi6A5uu9FtNYNRqJkodFHk5No1o9VFJAiVWmEYl7L9wtOrHhs7_prLcs_fRNRXQbBdJr0TflOirElSNYPO1cZaa4_NPmotApCrjSJnKfqSMerCweUbuBFNYeVKNm6LBXDdsB14zjIXX9DmLW6Hf4QF1m02BzM621r74_Z8AAAD__zHuQ97BBAAA
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectshotgunchancecruel.com
Fingerprint0C:D3:F1:8B:BC:8A:18:C0:64:49:9C:C1:D7:F5:0C:C7:24:2B:06:04
ValidityWed, 19 Feb 2025 02:30:57 GMT - Tue, 20 May 2025 02:30:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC_1RSMYwbRRee9UV_8VMgAqIBJBcUIGHfrr1er0kRcQlBp4QkSoKiiALNzsz6hhvvLDO7Xsc0p5xAkWisVEC19_kuJ44IQUmBhGwadBJSnOqKXENLh5Qa2bFkeMV779vvrfS9782Xe_kp8ZHTk-sf6qFUiq636m71rdsy4bqw1au3qp5bd89Vb8sk8M9VB_Nk-u96Tb_uvl39QLBtvd5wPdf1XK96SRoR68H6goVMH3W8eset-4261_IxMP_FNndgqQPePyVnIfnsxT_jjyHZBEnvx4vCbmc6fef9Xq5opg36_PCjZDvRRYLeqo2Ngzg5XE5D2xkhX1egk8PlBtD9_fkGiOSMVF59iig5XMpE1D94rjRSEAki_gKK_gRCTSDpBEzvQvLHBGAcV68h6T28qk1B7z5n6ZydkTPP_oYsZuTM01eQ9H7YUHJQvalVnkmdWAziEnIwgexOkOZTZMMKZDEFy-5B8j_I-rMrSHr716zSkPzkTd9vdlwadmp-3GE1P4j9Wuh6rZoQwg_DsNUOWGdhkYwnUGIEateQWwe5dJDHDvLUQY-fVH039JlHm0Hc4azt-tT3uYjcTthwXdphbeRsrn-ELB2BqRGY2UFqdrAtRzD5r7BbJSx3YDOCPi9RCILCEhSUoJAERUZQ9MsDrmzDlg-5snnkLWtjWZvlWGfdPXqgs65ICKgZwfByX6af2V2wbG08jO3lsZ4nGmVHGzdrQejX_E-8MY14uZeekpfmJjv3_vcVtsVJNYj8IGAiaIVRq90IQ-oHzZAGrghZp029NqwsIW0F1DoYyhm58NcTpPJx-gARncKqKZh8GTR_A7QoQbdKDJOjrmbUZvXUaHBdIs3OILvr7KlT8trixHeizyHY8fmfv5nHt2CmRGpKfCp_I-iq--MbuiD7N3RhyU_X0kz25JDOz38zo5lYO7os7hba8M2LdvTde2xOzNtHt4TNrtCEy6RryfcbknNhLmnDBPll094W0fXcbm3kJsnTK9cvXNrspUZYK3UyAZUz8v_ydTA5I2cHtcXTbuxsQpoJTF6ilx-TZUDqKVi6A5uu9FtNYNRqJkodFHk5No1o9VFJAiVWmEYl7L9wtOrHhs7_prLcs_fRNRXQbBdJr0TflOirElSNYPO1cZaa4_NPmotApCrjSJnKfqSMerCweUbuBFNYeVKNm6LBXDdsB14zjIXX9DmLW6Hf4QF1m02BzM621r74_Z8AAAD__zHuQ97BBAAA HTTP/1.1
Host: shotgunchancecruel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Cookie: uid_id2=44390a89-4f9c-46f4-8015-eee4888576c9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25298571=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 19 Apr 2025 11:15:29 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: shotgunchancecruel.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: e5bf3a82b92eec2dd0afd952c2ed79df
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

dycauosplp.com/

139.45.197.155

200 OK

0 B

URL OPTIONS
dycauosplp.com/
IP
139.45.197.155:443
ASN
#9002 RETN Limited

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerLet's Encrypt
Subjectdycauosplp.com
Fingerprint1A:87:63:C1:DB:42:B9:D0:A3:E4:F1:E6:6C:44:60:20:E9:60:3A:F6
ValidityFri, 18 Apr 2025 11:16:18 GMT - Thu, 17 Jul 2025 11:16:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS / HTTP/1.1
Host: dycauosplp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: HEAD
Access-Control-Request-Headers: content-type
Referer: https://livestreams.click/
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 19 Apr 2025 11:15:18 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://livestreams.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

t.dtscout.com/i/?l=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&j=

172.67.70.180

200 OK

2.1 kB

URL GET
t.dtscout.com/i/?l=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&j=
IP
172.67.70.180:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectdtscout.com
Fingerprint4B:34:25:C3:56:75:F4:5A:B8:45:F5:43:DE:C9:89:43:D2:87:85:48
ValidityFri, 07 Mar 2025 01:14:02 GMT - Thu, 05 Jun 2025 02:13:46 GMT

File type
ASCII text, with very long lines (2077)
Size
2.1 kB (2079 bytes)
Hash
51bd741af3fcc4984d1a753eebfa1141
534664acf69cbbb5c9b97c96b63dd37bdc580da2
3e9c8e5dcf3cbff9e1b7211551a31fe388f1b8e607fd78a0a34855be65da721c

HTTP Headers

GET /i/?l=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&j= HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:18 GMT
content-type: application/javascript
cf-ray: 932bfbb69cc6712b-OSL
server: cloudflare
x-s: mtl2
content-encoding: br
x-t: 0.241
expires: Sat, 19 Apr 2025 11:15:17 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=onny5%2FcfEJBBPzvI2WI5g9hbx9YwmF0ET%2FzvU%2B7%2BrkDApCqAS%2FnasrM2LAK69J4Pul94DQrfV1K1axlMIPyLEYxfxf3W7xK23x90pFSWWoXhRYQhQITILAqfhuCQuNo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: m=1; SameSite=None; Secure; Path=/; Domain=dtscout.com; Max-Age=5000; Expires=Sat, 19 Apr 2025 12:38:38 GMT
df=1745061318; SameSite=None; Secure; Path=/; Domain=dtscout.com; Max-Age=8640000; Expires=Mon, 28 Jul 2025 11:15:18 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=492&min_rtt=418&rtt_var=193&sent=6&recv=10&lost=0&retrans=0&sent_bytes=2890&recv_bytes=1108&delivery_rate=4107801&cwnd=252&unsent_bytes=0&cid=57a082d62bc0afe8&ts=361&x=0"
X-Firefox-Spdy: h2

ouphushoomauh.net/?rb=9kAba27QsrXrTZfnid0wA5gBc5a4r18FPBTiDsP7DwxMxUC3EFC0eR6P2AiZZ3ktXMadjdWeMFnyaZIYsWGdefHaHhI9Z-srW0a3vU8GYF2Jh9k9tL000-hWH_Js8C5CkGiigIxhpAb5PrA5M2Xe11Tg2acM8-FzYQPM7Ny5ibelOJrO-Dy8eOLuIDEZWFo7SLdVl3pUknq5DyqZ4NWVGpBmT-z3T3L5LI56KZ_JDSMTgaTxksodaVt75WK5DcgUvhXeTDb1e1jbEpG9w3nvom8VRYhs5DezdMFnY7BMii8%3D&vsbl=true&pnrc=0&id=8635392&pnt=0&jsp=1&js_build=iclick-v1.1126.0&wiw=1280&sw=1280&wih=1024&ww=1280&cf=0&wh=1024&sah=1024&fs=0&cw=1280&sh=1024&wx=0&wy=0&ix=0&pl=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&wfc=3&drf=&nb=1&np=1&ng=0&pt=0&tb=false&nw=1&bto=0&btz=UTC&wgl=llvmpipe&js_build=iclick-v1.1126.0&navlng=en-US&tt=4&bs=11b07125-2ef3-4bc7-843f-e7b3bc04cfe2&wasm=1&userId=0081b056f1f24340f3f05c3639def639&m=link

139.45.197.118

200 OK

2.4 kB

URL GET
ouphushoomauh.net/?rb=9kAba27QsrXrTZfnid0wA5gBc5a4r18FPBTiDsP7DwxMxUC3EFC0eR6P2AiZZ3ktXMadjdWeMFnyaZIYsWGdefHaHhI9Z-srW0a3vU8GYF2Jh9k9tL000-hWH_Js8C5CkGiigIxhpAb5PrA5M2Xe11Tg2acM8-FzYQPM7Ny5ibelOJrO-Dy8eOLuIDEZWFo7SLdVl3pUknq5DyqZ4NWVGpBmT-z3T3L5LI56KZ_JDSMTgaTxksodaVt75WK5DcgUvhXeTDb1e1jbEpG9w3nvom8VRYhs5DezdMFnY7BMii8%3D&vsbl=true&pnrc=0&id=8635392&pnt=0&jsp=1&js_build=iclick-v1.1126.0&wiw=1280&sw=1280&wih=1024&ww=1280&cf=0&wh=1024&sah=1024&fs=0&cw=1280&sh=1024&wx=0&wy=0&ix=0&pl=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&wfc=3&drf=&nb=1&np=1&ng=0&pt=0&tb=false&nw=1&bto=0&btz=UTC&wgl=llvmpipe&js_build=iclick-v1.1126.0&navlng=en-US&tt=4&bs=11b07125-2ef3-4bc7-843f-e7b3bc04cfe2&wasm=1&userId=0081b056f1f24340f3f05c3639def639&m=link
IP
139.45.197.118:443
ASN
#9002 RETN Limited

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerLet's Encrypt
Subjectouphushoomauh.net
FingerprintAE:1C:65:64:EC:9C:CB:9B:5E:D9:00:5F:B3:95:63:80:C1:9E:9E:EF
ValidityFri, 18 Apr 2025 02:29:56 GMT - Thu, 17 Jul 2025 02:29:55 GMT

File type
JSON text data
Size
2.4 kB (2445 bytes)
Hash
cbf77ee604015b7c7dedea0631c1612f
b3d3e0b64bbe07f5301b90cc63f984b6c0cbe598
84c3346a237b3216a4166d990fa56443d4ef5d7085d5a359616c64346e3d054e

HTTP Headers

GET /?rb=9kAba27QsrXrTZfnid0wA5gBc5a4r18FPBTiDsP7DwxMxUC3EFC0eR6P2AiZZ3ktXMadjdWeMFnyaZIYsWGdefHaHhI9Z-srW0a3vU8GYF2Jh9k9tL000-hWH_Js8C5CkGiigIxhpAb5PrA5M2Xe11Tg2acM8-FzYQPM7Ny5ibelOJrO-Dy8eOLuIDEZWFo7SLdVl3pUknq5DyqZ4NWVGpBmT-z3T3L5LI56KZ_JDSMTgaTxksodaVt75WK5DcgUvhXeTDb1e1jbEpG9w3nvom8VRYhs5DezdMFnY7BMii8%3D&vsbl=true&pnrc=0&id=8635392&pnt=0&jsp=1&js_build=iclick-v1.1126.0&wiw=1280&sw=1280&wih=1024&ww=1280&cf=0&wh=1024&sah=1024&fs=0&cw=1280&sh=1024&wx=0&wy=0&ix=0&pl=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&wfc=3&drf=&nb=1&np=1&ng=0&pt=0&tb=false&nw=1&bto=0&btz=UTC&wgl=llvmpipe&js_build=iclick-v1.1126.0&navlng=en-US&tt=4&bs=11b07125-2ef3-4bc7-843f-e7b3bc04cfe2&wasm=1&userId=0081b056f1f24340f3f05c3639def639&m=link HTTP/1.1
Host: ouphushoomauh.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://livestreams.click/
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 19 Apr 2025 11:15:24 GMT
content-type: application/json
x-trace-id: cbe700253bc1e0fff872c07f46040d08
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://livestreams.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0081b056f1f24340f3f05c3639def639; expires=Sun, 19 Apr 2026 11:15:24 GMT; path=/; secure; SameSite=None
oaidts=1745061324; expires=Sun, 19 Apr 2026 11:15:24 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 26 Apr 2025 11:15:24 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

flixxlive.pro/live/daznlaliga_spain.php

172.67.163.183

301 Moved Permanently

212 kB

URL User Request GET
flixxlive.pro/live/daznlaliga_spain.php
IP
172.67.163.183:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectflixxlive.pro
FingerprintC7:ED:77:A0:AF:BC:E6:A8:40:5A:1C:BB:50:F3:9B:0F:3D:2B:90:46
ValidityMon, 24 Feb 2025 23:05:43 GMT - Mon, 26 May 2025 00:01:07 GMT

File type

Size
212 kB (212252 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /live/daznlaliga_spain.php HTTP/1.1
Host: flixxlive.pro
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 19 Apr 2025 11:15:15 GMT
content-type: text/html
location: https://livestreams.click/live/daznlaliga_spain.php
server: cloudflare
cf-cache-status: DYNAMIC
cf-ray: 932bfba5fd510b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

madurird.com/5/8635392

139.45.197.106

200 OK

108 kB

URL GET
madurird.com/5/8635392
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectmadurird.com
Fingerprint91:68:A5:03:A0:08:C3:71:EB:3A:29:4C:CC:F9:5B:B6:92:51:DA:AE
ValidityWed, 29 Jan 2025 05:40:30 GMT - Tue, 29 Apr 2025 05:40:29 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107667 bytes)
Hash
3701593afc314b49bcaf455571498182
c54eb896d3aeac052b26a237c93de7686e8f02c9
f875cb4bc632fd1e08c09bd6832888e403d5dd8ca168725a5c16b90e27cc3560

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/8635392 HTTP/1.1
Host: madurird.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 19 Apr 2025 11:15:26 GMT
content-type: application/javascript
x-trace-id: df5d9af59149cf4271da53da2f91e05e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081b04cfa844381ffd6f6532c269bd9; expires=Sun, 19 Apr 2026 11:15:26 GMT; path=/; secure; SameSite=None
oaidts=1745061326; expires=Sun, 19 Apr 2026 11:15:26 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

a27.azplay5.me/media/39708232.gif

45.141.56.198

200 OK

243 kB

URL GET
a27.azplay5.me/media/39708232.gif
IP
45.141.56.198:443
ASN
#213373 IP Connect Inc

Requested by
https://ad.apl375.me/getbanner.php?zone_id=198
Certificate
IssuerLet's Encrypt
Subjecta27.azplay5.me
Fingerprint4B:47:0D:C9:39:E9:4B:DF:B1:31:6C:CD:04:1B:0B:C6:E3:35:BE:3E
ValidityFri, 18 Apr 2025 18:43:43 GMT - Thu, 17 Jul 2025 18:43:42 GMT

File type
GIF image data, version 89a, 468 x 60
Size
243 kB (242811 bytes)
Hash
644c44c362213bcdb69b56f7bf569c10
1aec2004731d77b62e385f3e54bbfba358a7a2de
7971298ed37fb3ec88815131e5017959af8c4d9af5a2c1618a31e4b62ea65cd9

HTTP Headers

GET /media/39708232.gif HTTP/1.1
Host: a27.azplay5.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.apl375.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 19 Apr 2025 11:15:26 GMT
Content-Type: image/gif
Content-Length: 242811
Connection: keep-alive
Last-Modified: Wed, 06 Nov 2024 22:55:47 GMT
ETag: "672bf3f3-3b47b"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

139.45.197.106

204 No Content

0 B

URL OPTIONS
madurird.com/wrr?z=8635392&p_rid=00ea447b-69e6-49a1-8b73-0662519d4235&rb=7uSL55PjvxoLLCEQYULjwFYSzbqU_ZucV03NaPn-FyeCQCN7OLyp0hh1Wn7L3rgeb1f5Ncgx1TNQu46T9MZ5OQbOZMuLCOSYnsK3qxbEzz-8JTPxEtByUTQ2SRDbRQfsXQPX5tHoCsZKURReI13uRZf4WCScQ_v9VUFSN3GBl5GVsUw6GHoplPIFBBTAa8tY7SfzMfLopa1fUMXAvzpOZSPCCQ08SvpCgD_JOGDO_3V8TwrNTiYwx-kgrgbsH8kxsj20J7GODT6YFEL7NEAyLp0l0uTgDlfIRB1j-Cv_KJs=&dmn=madurird.com&userId=0081b056f1f24340f3f05c3639def639
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectmadurird.com
Fingerprint91:68:A5:03:A0:08:C3:71:EB:3A:29:4C:CC:F9:5B:B6:92:51:DA:AE
ValidityWed, 29 Jan 2025 05:40:30 GMT - Tue, 29 Apr 2025 05:40:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /wrr?z=8635392&p_rid=00ea447b-69e6-49a1-8b73-0662519d4235&rb=7uSL55PjvxoLLCEQYULjwFYSzbqU_ZucV03NaPn-FyeCQCN7OLyp0hh1Wn7L3rgeb1f5Ncgx1TNQu46T9MZ5OQbOZMuLCOSYnsK3qxbEzz-8JTPxEtByUTQ2SRDbRQfsXQPX5tHoCsZKURReI13uRZf4WCScQ_v9VUFSN3GBl5GVsUw6GHoplPIFBBTAa8tY7SfzMfLopa1fUMXAvzpOZSPCCQ08SvpCgD_JOGDO_3V8TwrNTiYwx-kgrgbsH8kxsj20J7GODT6YFEL7NEAyLp0l0uTgDlfIRB1j-Cv_KJs=&dmn=madurird.com&userId=0081b056f1f24340f3f05c3639def639 HTTP/1.1
Host: madurird.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://livestreams.click/
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 19 Apr 2025 11:15:29 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://livestreams.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

capaciousdrewreligion.com/advertisers.js

185.196.197.72

200 OK

0 B

URL GET
capaciousdrewreligion.com/advertisers.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
FingerprintF2:06:B4:93:08:6A:C2:08:91:7D:7A:22:BE:44:FF:74:BE:CC:0C:2E
ValidityMon, 03 Mar 2025 21:07:24 GMT - Sun, 01 Jun 2025 21:07:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 19 Apr 2025 11:15:18 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 6e3da4ca27dbba09bbc590e0d2fdf173
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.creative-stat1.com/sb/ssp/interstitial/bottom_banner/1/css/style.css

172.67.133.15

200 OK

3.5 kB

URL GET
cdn.creative-stat1.com/sb/ssp/interstitial/bottom_banner/1/css/style.css
IP
172.67.133.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectcreative-stat1.com
Fingerprint0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB
ValiditySun, 13 Apr 2025 21:34:38 GMT - Sat, 12 Jul 2025 22:33:20 GMT

File type
ASCII text
Size
3.5 kB (3487 bytes)
Hash
f9f1955433320a3b43c5741f2bde9a3d
3b70c2a57fad02833bf227d8b6a0391ac8b98432
cbb99d697521db3b645225c1b50873e6aa8a39c91afcc7c8dd756746b8bf2645

HTTP Headers

GET /sb/ssp/interstitial/bottom_banner/1/css/style.css HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:25 GMT
content-type: text/css
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:45 GMT
etag: W/"65aa8501-d9f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: HIT
age: 139096
cf-ray: 932bfbe6cf5756c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

uydyqlnebqlwe.global/94184ce7ff0?tV1nIDvtks5y8rfvB4iTRgJ=YXR2PTU4LjMmY2JXaWR0aD0xMjY0JmNicmVmPSZjYmtleXdvcmRzPSZyPTk2NDQ3NDYmY2J1cj0wLjE3NzY4MDcyMzY2MDI3NDY1JmNiaWZyYW1lPTEmYWRidj0zLWNkbiZjYnRpdGxlPSZjYmNkbj1wZGF2YnRraWR5eXJhLmNsaWNrJmFidGc9MSZ0cz0xNzQ1MDYxMzIyNzAzJnNycz1kMzI3NjdlMDA0YmZjZjRkNzE4OTkxZGI0M2U1ZTFjZiZmbXQ9c3V2NSZjYmRlc2NyaXB0aW9uPSZjYkhlaWdodD0xMDA4JnNhZGJsPTImY2JwYWdlPWh0dHBzJTNBJTJGJTJGbGl2ZXN0cmVhbXMuY2xpY2slMkZsaXZlJTJGZGF6bmxhbGlnYV9zcGFpbi5waHAmdWZwPUxpbnV4JTIweDg2XzY0JTJGTW96aWxsYSUyRk5ldHNjYXBlJTJGdHJ1ZSUyRmZhbHNlJTJGMTI4MHgxMDI0MGVuLVVTdW5rbm93bjQ4MjQlMjBiaXRz

104.21.0.224

302 Found

0 B

URL GET
uydyqlnebqlwe.global/94184ce7ff0?tV1nIDvtks5y8rfvB4iTRgJ=YXR2PTU4LjMmY2JXaWR0aD0xMjY0JmNicmVmPSZjYmtleXdvcmRzPSZyPTk2NDQ3NDYmY2J1cj0wLjE3NzY4MDcyMzY2MDI3NDY1JmNiaWZyYW1lPTEmYWRidj0zLWNkbiZjYnRpdGxlPSZjYmNkbj1wZGF2YnRraWR5eXJhLmNsaWNrJmFidGc9MSZ0cz0xNzQ1MDYxMzIyNzAzJnNycz1kMzI3NjdlMDA0YmZjZjRkNzE4OTkxZGI0M2U1ZTFjZiZmbXQ9c3V2NSZjYmRlc2NyaXB0aW9uPSZjYkhlaWdodD0xMDA4JnNhZGJsPTImY2JwYWdlPWh0dHBzJTNBJTJGJTJGbGl2ZXN0cmVhbXMuY2xpY2slMkZsaXZlJTJGZGF6bmxhbGlnYV9zcGFpbi5waHAmdWZwPUxpbnV4JTIweDg2XzY0JTJGTW96aWxsYSUyRk5ldHNjYXBlJTJGdHJ1ZSUyRmZhbHNlJTJGMTI4MHgxMDI0MGVuLVVTdW5rbm93bjQ4MjQlMjBiaXRz
IP
104.21.0.224:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectuydyqlnebqlwe.global
Fingerprint6A:48:82:BB:C3:29:4A:75:48:9F:B7:54:FC:1B:3F:45:F6:5E:16:9A
ValidityWed, 16 Apr 2025 01:24:38 GMT - Tue, 15 Jul 2025 02:23:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /94184ce7ff0?tV1nIDvtks5y8rfvB4iTRgJ=YXR2PTU4LjMmY2JXaWR0aD0xMjY0JmNicmVmPSZjYmtleXdvcmRzPSZyPTk2NDQ3NDYmY2J1cj0wLjE3NzY4MDcyMzY2MDI3NDY1JmNiaWZyYW1lPTEmYWRidj0zLWNkbiZjYnRpdGxlPSZjYmNkbj1wZGF2YnRraWR5eXJhLmNsaWNrJmFidGc9MSZ0cz0xNzQ1MDYxMzIyNzAzJnNycz1kMzI3NjdlMDA0YmZjZjRkNzE4OTkxZGI0M2U1ZTFjZiZmbXQ9c3V2NSZjYmRlc2NyaXB0aW9uPSZjYkhlaWdodD0xMDA4JnNhZGJsPTImY2JwYWdlPWh0dHBzJTNBJTJGJTJGbGl2ZXN0cmVhbXMuY2xpY2slMkZsaXZlJTJGZGF6bmxhbGlnYV9zcGFpbi5waHAmdWZwPUxpbnV4JTIweDg2XzY0JTJGTW96aWxsYSUyRk5ldHNjYXBlJTJGdHJ1ZSUyRmZhbHNlJTJGMTI4MHgxMDI0MGVuLVVTdW5rbm93bjQ4MjQlMjBiaXRz HTTP/1.1
Host: uydyqlnebqlwe.global
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://livestreams.click/
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Sat, 19 Apr 2025 11:15:24 GMT
content-type: text/html; charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F78A9j7YmIEre18%2F2FRPavXftrL7bm9fxxPNaY8gB9ieySmEsRSqp2PB3NCnp4R1Z%2BpgmA3k%2FQDuqh9ufvVX28dQ60p9Asrj1Bj05QjFyU8VixwNARHeT8tQry%2BmtZZex0NV6SGOgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
location: https://uydyqlnebqlwe.global/jni22?t=1&c=23956500&stamat=m%257C%252C%252CA2Iu4iYzoGU3BP-GH0dEdHP3xP.9cc%252CspebBOrUFP4Ij4xgGpwPvsIx0ivTzktAPz2FtnyZBf8wk_48rVa77S5ld-iavySSr9PeW5T0FVg9Iug3zl4S4R-UbzqMs9N1oYKjj2I6oBjLMx-O90PwSZdM3U5qSILqmqgQeDfStlxkv3tXizq9fMIDf9P2RTkRmczQx1Z1m6GyCWFUStTZSnYmjsoee-jW5c_fN_zi5caXKF6b0twUvTjYXTcSWi3z1ReYDT4aoUSUtHz95POJCHQkbFMXk4pHKaFl30LizcBkorOKrXdDiv4Na7Zl21fFSpYMooe__I8TviBfVxlYRSaEDXoLt39x3F-AhDM540DpEvxOE35KaAKyRWCqCgBoaDL_EEeqdVdGhcM3GUiZ8bDgca28gNNrujdCEWUXCivraXGRYOUSRPRzlSqFB-RifolbDJn_OoWB3B1tH1CxsvFYYAK1_7O4LpxBV02JW92PmvevWEefUqVWEllXl3qBYRBmUi-vJ3YifEfmrBC-twGipMtmMSgOF_nNJwRYcMmDJDstkP_ywBCTtKSt5AdpElKx70w6om2HM_zkdEjlnLH4gtrkJjSrtBSKHm0JkzhffYsK5OE-CNQcTvPYxBNtr1tkv027vhAICq00Y5fAGduBGPJX00Av
via: 2.2 apache
cf-cache-status: DYNAMIC
cf-ray: 932bfbdabf59712f-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7711&min_rtt=3205&rtt_var=4137&sent=11&recv=8&lost=0&retrans=0&sent_bytes=3718&recv_bytes=1645&delivery_rate=2087&cwnd=12000&unsent_bytes=0&cid=aa40052cfec2920d&ts=3640&x=16"

pdavbtkidyyra.click/script/ut.js?cb=1745061319297

172.67.199.177

200 OK

66 kB

URL GET
pdavbtkidyyra.click/script/ut.js?cb=1745061319297
IP
172.67.199.177:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectpdavbtkidyyra.click
FingerprintB4:0C:16:99:34:F5:ED:C5:DE:8B:23:51:D9:E5:C2:73:53:F7:C3:3E
ValidityThu, 17 Apr 2025 11:19:18 GMT - Wed, 16 Jul 2025 12:17:49 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65493), with no line terminators
Size
66 kB (66473 bytes)
Hash
4afa2ac99f97331dc98263d49022a958
60bb7c7c45ff14e8df86ef9e0b9a7a55a7d2baca
a4beaec54247a9a3cb97821ecdb68d39cacdcdcc62ae872c13c2cca2d3d88e32

HTTP Headers

GET /script/ut.js?cb=1745061319297 HTTP/1.1
Host: pdavbtkidyyra.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:19 GMT
content-type: text/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4HJ5%2FN96TkVn3pNcokMjLyTlE%2FfxzNDuRgxr%2FWbp4i%2FPdclWpP9kfuHZ%2BDqHZt1fMgLfZocfN%2Bb%2FLLKqx1rZK%2BN6nfiY0gpQRMb7g2QZpfwLmwwjWQ0uOIi7%2FEELAZbZ%2Bbm2%2B9qs"}],"group":"cf-nel","max_age":604800}
x-guploader-uploadid: AKDAyIsPsIsj2hFNo70dx-DezTube6ZOgu18kbcp4WoHQ4PWwxr4YVmA9Zj684Sx6Sty3SnY1sA3RJU
x-goog-generation: 1733127707295818
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 66473
x-goog-hash: crc32c=VBET1w==, md5=SvoqyZ+XMx3JgmPUkCKpWA==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Sat, 19 Apr 2025 11:23:12 GMT
cache-control: public, max-age=14400
age: 2970
last-modified: Mon, 02 Dec 2024 08:21:47 GMT
etag: W/"4afa2ac99f97331dc98263d49022a958"
cf-cache-status: HIT
content-encoding: br
cf-ray: 932bfbbda9385684-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5033&min_rtt=2972&rtt_var=2683&sent=24&recv=28&lost=0&retrans=0&sent_bytes=4420&recv_bytes=2213&delivery_rate=1593&cwnd=12000&unsent_bytes=0&cid=831088e7fa234834&ts=1160&x=16"

my.rtmark.net/gid.js?userId=0081b056f1f24340f3f05c3639def639

172.64.146.234

200 OK

65 B

URL GET
my.rtmark.net/gid.js?userId=0081b056f1f24340f3f05c3639def639
IP
172.64.146.234:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint03:52:6A:BD:35:83:43:81:AF:25:BB:A3:26:97:D1:78:25:73:A4:C9
ValidityTue, 04 Mar 2025 10:39:32 GMT - Mon, 02 Jun 2025 11:39:29 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
e6d040973361774b69df28e6f233f972
0bbb0e579d9b3884886d51aad4ac6997e1092214
7fb9dd08a9638b93bb7f7725180115b387dd5f66549d5f017bbdbd880e6c29c6

HTTP Headers

GET /gid.js?userId=0081b056f1f24340f3f05c3639def639 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:20 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://livestreams.click
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0081b056f1f24340f3f05c3639def639; expires=Sun, 19 Apr 2026 11:15:20 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 932bfbc37c7ab527-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

dycauosplp.com/

139.45.197.155

200 OK

0 B

URL HEAD
dycauosplp.com/
IP
139.45.197.155:443
ASN
#9002 RETN Limited

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerLet's Encrypt
Subjectdycauosplp.com
Fingerprint1A:87:63:C1:DB:42:B9:D0:A3:E4:F1:E6:6C:44:60:20:E9:60:3A:F6
ValidityFri, 18 Apr 2025 11:16:18 GMT - Thu, 17 Jul 2025 11:16:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: dycauosplp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en
Accept-Encoding: gzip, deflate, br
Content-Type: text/html
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 19 Apr 2025 11:15:18 GMT
content-type: text/html
x-t53r56a10c0e15-94i97d42: 00000000000000000000000000000000
vary: Accept-Encoding, Origin
access-control-allow-origin: https://livestreams.click
access-control-expose-headers: Link, X-Application-Token, X-Application-Key, X-Tag, X-Auth-Token, X-DirectionPartner-Id, X-ZoneType-Id, X-Hostname
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
x-application-key: ybksm33dq2yrm75Im5tQ9f4a65mb56g
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

ii.apl375.me/css/emb.css?3

104.21.82.118

200 OK

492 B

URL GET
ii.apl375.me/css/emb.css?3
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type
ASCII text, with CRLF line terminators
Size
492 B (492 bytes)
Hash
3224f73e001338f2b3f429047725a0e1
53da708fbaa01418e98b80a9bafc068adc3b741f
1f4edcf28f677491a34df2f30cd5c697fcb453b6d866e3b33bd0011b179421ed

HTTP Headers

GET /css/emb.css?3 HTTP/1.1
Host: ii.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:21 GMT
content-type: text/css
server: cloudflare
last-modified: Wed, 08 Jul 2020 14:33:20 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 1563275
etag: W/"5f05d930-1ec"
content-encoding: br
cf-ray: 932bfbcc3fd10b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.show-sb.com/sb/au/78/74/fd/7874fd62186fc577273fa59756d17076/1744381737.html

172.67.170.115

200 OK

1.5 kB

URL GET
cdn.show-sb.com/sb/au/78/74/fd/7874fd62186fc577273fa59756d17076/1744381737.html
IP
172.67.170.115:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectshow-sb.com
Fingerprint1D:98:CF:D5:11:E1:60:97:76:85:27:F9:55:AF:5E:13:60:3F:67:B7
ValidityMon, 14 Apr 2025 03:51:48 GMT - Sun, 13 Jul 2025 04:50:09 GMT

File type
HTML document, ASCII text
Size
1.5 kB (1544 bytes)
Hash
972f68410d9349904f897739b33e12cc
e41130dbad60e81ad2665bb7407a50888aae8150
90c062931018d386488b555fd261405457f9744db31512ff5780d49769d7b0d0

HTTP Headers

GET /sb/au/78/74/fd/7874fd62186fc577273fa59756d17076/1744381737.html HTTP/1.1
Host: cdn.show-sb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:24 GMT
content-type: text/html
server: cloudflare
last-modified: Fri, 11 Apr 2025 14:28:57 GMT
vary: accept-encoding
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 932bfbdb5e1456b4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ad.apl375.me/getbanner.php?zone_id=179&0.47713225304923823

104.21.82.118

200 OK

523 B

URL GET
ad.apl375.me/getbanner.php?zone_id=179&0.47713225304923823
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
523 B (523 bytes)
Hash
ba5b50e51e0ba01d47a3cbe792757bec
cfff1271bccaa2ad3912cca6ca0a50045f1c299f
8699c29dca95b6aaa8e46d5a4716c7c01fc2c6b8098f3c73c6c3b5b521643e20

HTTP Headers

GET /getbanner.php?zone_id=179&0.47713225304923823 HTTP/1.1
Host: ad.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:24 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O%2BN2lPrSAYF%2BUp2fQDxuMS86xT%2BwQF3eq%2Bact2GAxdkSNwAKoDiukRjPKpm%2F7mflJok8P%2FjBoZcY5ZDae6BHO8PH23jFGr2IQrZJuXIqG%2F68A34alPk%2F0wwWYovMC%2B0%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 932bfbdaca685690-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=12197&min_rtt=719&rtt_var=8936&sent=157&recv=211&lost=0&retrans=0&sent_bytes=12442&recv_bytes=12699&delivery_rate=1094&cwnd=12000&unsent_bytes=0&cid=58df4fa86fb0878f&ts=2274&x=16"

shotgunchancecruel.com/pixel/sbs?c=1

192.243.59.20

200 OK

0 B

URL GET
shotgunchancecruel.com/pixel/sbs?c=1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectshotgunchancecruel.com
Fingerprint0C:D3:F1:8B:BC:8A:18:C0:64:49:9C:C1:D7:F5:0C:C7:24:2B:06:04
ValidityWed, 19 Feb 2025 02:30:57 GMT - Tue, 20 May 2025 02:30:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: shotgunchancecruel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Cookie: uid_id2=44390a89-4f9c-46f4-8015-eee4888576c9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25298571=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 19 Apr 2025 11:15:29 GMT
Content-Length: 0
Connection: keep-alive
Host: shotgunchancecruel.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

rlsredirect.com/d256a1be8?click_id=174506131910000TNOTV415326358024V582bc

172.67.207.37

302 Found

0 B

URL GET
rlsredirect.com/d256a1be8?click_id=174506131910000TNOTV415326358024V582bc
IP
172.67.207.37:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectrlsredirect.com
Fingerprint2B:C9:05:A9:61:44:3A:B0:F2:12:12:77:41:23:20:EF:C2:80:8F:4B
ValidityTue, 18 Mar 2025 08:37:41 GMT - Mon, 16 Jun 2025 09:37:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /d256a1be8?click_id=174506131910000TNOTV415326358024V582bc HTTP/1.1
Host: rlsredirect.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://livestreams.click/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 19 Apr 2025 11:15:20 GMT
content-type: text/html; charset=utf-8
location: https://rollingslots555.com/no?stag=134237_680385c830bf1da154beb980&click_id=174506131910000TNOTV415326358024V582bc&http_referrer=https%3A%2F%2Flivestreams.click%2F&tracking_link=http%3A%2F%2Frlsredirect.com%2Fd256a1be8
server: cloudflare
cf-ray: 932bfbc7aafc568a-OSL
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
set-cookie: 6b51d431df5d7f141cbe=680385c830bf1da154beb980; Expires=Mon, 19 May 2025 11:15:20 GMT
X-Firefox-Spdy: h2

uydyqlnebqlwe.global/ge3cb8?rz4bDFjGPDR5EXkoiISEYqM=YWRidj0zLWNkbiZjYmNkbj1wZGF2YnRraWR5eXJhLmNsaWNrJmNicGFnZT1odHRwcyUzQSUyRiUyRmxpdmVzdHJlYW1zLmNsaWNrJTJGbGl2ZSUyRmRhem5sYWxpZ2Ffc3BhaW4ucGhwJmZtdD1zdXY1JnRzPTE3NDUwNjEzMTg5MjgmY2JpZnJhbWU9MCZ1ZnA9TGludXglMjB4ODZfNjQlMkZNb3ppbGxhJTJGTmV0c2NhcGUlMkZ0cnVlJTJGZmFsc2UlMkYxMjgweDEwMjQwZW4tVVN1bmtub3duNDgyNCUyMGJpdHMmc3JzPWMzNDEwZjFhNDliOWIzNGU4OTU5MDcxM2YzZmU4OWI1JmF0dj01OC4zJmNicmVmPSZyPTk2NjQ5OTQmY2J0aXRsZT0mY2JIZWlnaHQ9MTAyNCZhYnRnPTEmY2JrZXl3b3Jkcz0mY2JXaWR0aD0xMjgwJmNiZGVzY3JpcHRpb249JnNhZGJsPTImY2J1cj0wLjQwMTMxMTQ0OTk2NzE3NjY%3D

104.21.0.224

302 Found

0 B

URL GET
uydyqlnebqlwe.global/ge3cb8?rz4bDFjGPDR5EXkoiISEYqM=YWRidj0zLWNkbiZjYmNkbj1wZGF2YnRraWR5eXJhLmNsaWNrJmNicGFnZT1odHRwcyUzQSUyRiUyRmxpdmVzdHJlYW1zLmNsaWNrJTJGbGl2ZSUyRmRhem5sYWxpZ2Ffc3BhaW4ucGhwJmZtdD1zdXY1JnRzPTE3NDUwNjEzMTg5MjgmY2JpZnJhbWU9MCZ1ZnA9TGludXglMjB4ODZfNjQlMkZNb3ppbGxhJTJGTmV0c2NhcGUlMkZ0cnVlJTJGZmFsc2UlMkYxMjgweDEwMjQwZW4tVVN1bmtub3duNDgyNCUyMGJpdHMmc3JzPWMzNDEwZjFhNDliOWIzNGU4OTU5MDcxM2YzZmU4OWI1JmF0dj01OC4zJmNicmVmPSZyPTk2NjQ5OTQmY2J0aXRsZT0mY2JIZWlnaHQ9MTAyNCZhYnRnPTEmY2JrZXl3b3Jkcz0mY2JXaWR0aD0xMjgwJmNiZGVzY3JpcHRpb249JnNhZGJsPTImY2J1cj0wLjQwMTMxMTQ0OTk2NzE3NjY%3D
IP
104.21.0.224:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectuydyqlnebqlwe.global
Fingerprint6A:48:82:BB:C3:29:4A:75:48:9F:B7:54:FC:1B:3F:45:F6:5E:16:9A
ValidityWed, 16 Apr 2025 01:24:38 GMT - Tue, 15 Jul 2025 02:23:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ge3cb8?rz4bDFjGPDR5EXkoiISEYqM=YWRidj0zLWNkbiZjYmNkbj1wZGF2YnRraWR5eXJhLmNsaWNrJmNicGFnZT1odHRwcyUzQSUyRiUyRmxpdmVzdHJlYW1zLmNsaWNrJTJGbGl2ZSUyRmRhem5sYWxpZ2Ffc3BhaW4ucGhwJmZtdD1zdXY1JnRzPTE3NDUwNjEzMTg5MjgmY2JpZnJhbWU9MCZ1ZnA9TGludXglMjB4ODZfNjQlMkZNb3ppbGxhJTJGTmV0c2NhcGUlMkZ0cnVlJTJGZmFsc2UlMkYxMjgweDEwMjQwZW4tVVN1bmtub3duNDgyNCUyMGJpdHMmc3JzPWMzNDEwZjFhNDliOWIzNGU4OTU5MDcxM2YzZmU4OWI1JmF0dj01OC4zJmNicmVmPSZyPTk2NjQ5OTQmY2J0aXRsZT0mY2JIZWlnaHQ9MTAyNCZhYnRnPTEmY2JrZXl3b3Jkcz0mY2JXaWR0aD0xMjgwJmNiZGVzY3JpcHRpb249JnNhZGJsPTImY2J1cj0wLjQwMTMxMTQ0OTk2NzE3NjY%3D HTTP/1.1
Host: uydyqlnebqlwe.global
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://livestreams.click/
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 19 Apr 2025 11:15:19 GMT
content-type: text/html; charset=utf-8
location: https://uydyqlnebqlwe.global/54p15ljo1lp200m?t=1&c=23931904&stamat=m%257C%252C%252CA2Omd2KqtGU3BP-GH0dEdHP3xP.833%252CraJ87ApJRUaIl6p3Fp5MJ1M-D7dg05JafCNU1Kx2-BwUY0RwbrdFOWXScCP8pk54hYQPxaNzgTKDzyVk9qv3V_TI-TIIog199weD3J0Un4d1hvsDnv8ukctuWo95Fa2buc-t8hoJvMUR3BANsPXYs6ggVOcZ2ZGkd2CVnaKgiBTbQlWLGQXEXNK11AiTVlI9gIiIM4aoyI62KkBF2CtMDqvVJjVTPzqoIoywQjnYhGLzw-r_VOAkaLZWStxuneiRbt9ghDu_VhIGk1EIirAvySqmBXyXu0vUicx3Ui8FQYjncwupZQVn3e7pkA1keXpD0Ao3VbV6FVwdoHj2RsA-2GAoMP6RHBXwOaSF37AzXXUassJlb9yxzQ7d_wZjb7S4yrW17T5GEcGWc6Sne3sepS-WE_-Hl_Yvw7UoYUTjOp5llyO0eBxST94AzXoQsTcGTbymbAg1kNu0u3FFTVBXBNWCSWSHBqKmNxZ-SPDkxRtKFR3yzyJ41leBpIZ0kNjoU7lj3UQgeCxgf8giQK38kwA-vPNPQe4e6SiI9U5CpE-U4iBURWW35tgD5DLBxNpg3r5XNZsH90JnC1sXqSePOwfL6XcBo7iadCJfIZOwzWofbkbqI3W_YHIC0kXCb9qm
server: cloudflare
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
via: 2.2 apache
cf-cache-status: DYNAMIC
cf-ray: 932bfbbcdfd0712e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

a27.azplay5.me//player2019/videojs-http-streaming.min.js

45.141.56.198

404 Not Found

0 B

URL GET
a27.azplay5.me//player2019/videojs-http-streaming.min.js
IP
45.141.56.198:443
ASN
#213373 IP Connect Inc

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerLet's Encrypt
Subjecta27.azplay5.me
Fingerprint4B:47:0D:C9:39:E9:4B:DF:B1:31:6C:CD:04:1B:0B:C6:E3:35:BE:3E
ValidityFri, 18 Apr 2025 18:43:43 GMT - Thu, 17 Jul 2025 18:43:42 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET //player2019/videojs-http-streaming.min.js HTTP/1.1
Host: a27.azplay5.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx/1.18.0
Date: Sat, 19 Apr 2025 11:15:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

shotgunchancecruel.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fjs%2Fscript.js&l=957&fd=809

192.243.59.12

200 OK

0 B

URL GET
shotgunchancecruel.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fjs%2Fscript.js&l=957&fd=809
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectshotgunchancecruel.com
Fingerprint0C:D3:F1:8B:BC:8A:18:C0:64:49:9C:C1:D7:F5:0C:C7:24:2B:06:04
ValidityWed, 19 Feb 2025 02:30:57 GMT - Tue, 20 May 2025 02:30:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fjs%2Fscript.js&l=957&fd=809 HTTP/1.1
Host: shotgunchancecruel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Cookie: uid_id2=44390a89-4f9c-46f4-8015-eee4888576c9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25298571=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 19 Apr 2025 11:15:29 GMT
Content-Length: 0
Connection: keep-alive
Host: shotgunchancecruel.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

livestreams.click/dss.js

172.67.207.222

200 OK

13 kB

URL GET
livestreams.click/dss.js
IP
172.67.207.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectlivestreams.click
FingerprintFA:D0:0A:0E:8C:C9:F2:2A:14:63:DB:79:A7:A1:33:B1:5B:73:AD:1E
ValidityWed, 26 Feb 2025 14:55:45 GMT - Tue, 27 May 2025 15:54:24 GMT

File type
JavaScript source, ASCII text, with very long lines (12997), with no line terminators
Size
13 kB (12997 bytes)
Hash
45bfa6dedd6f7a9ce980b168e0350ad0
82c6b381da9abd8cb3db22ba4868287fe4e976f1
856420e1f59d0096185cdaac909fa54a9f596f52255d7a5f1ac502403f61d3ab

HTTP Headers

GET /dss.js HTTP/1.1
Host: livestreams.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/embed01/daznliga.php
Cookie: pp_main_bc0cea2cc67474235512f64ed7476bf4=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=44390a89-4f9c-46f4-8015-eee4888576c9%3A3%3A1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:18 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xRt5vla1tF5%2FARdwwhzgDdjH3i8mT45ogen0HffaugAvYPuHdAKztG7%2BKd32QvRVGfUIkyl7lt8ewN9YRpqozHM4eROmnBSHN1MVZgkbdARF23f3xqjdo06fSqCIh5rW%2BgiwPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 26 Feb 2025 15:47:22 GMT
vary: Accept-Encoding
etag: W/"67bf378a-32c5"
expires: Sat, 19 Apr 2025 21:48:54 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
age: 5184
cf-ray: 932bfbb78dfa56c7-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3620&min_rtt=776&rtt_var=3141&sent=153&recv=134&lost=0&retrans=0&sent_bytes=80384&recv_bytes=8858&delivery_rate=28037&cwnd=24000&unsent_bytes=0&cid=634670089be2888f&ts=2175&x=16"

ad.apl375.me/counter.php?bid=9285&timestamp=1745061323&hash=2093218620

104.21.82.118

201 Created

0 B

URL GET
ad.apl375.me/counter.php?bid=9285&timestamp=1745061323&hash=2093218620
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ad.apl375.me/getbanner.php?zone_id=179&0.47713225304923823
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /counter.php?bid=9285&timestamp=1745061323&hash=2093218620 HTTP/1.1
Host: ad.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.apl375.me/getbanner.php?zone_id=179&0.47713225304923823
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 201 Created
date: Sat, 19 Apr 2025 11:15:26 GMT
content-type: application/octet-stream
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Dgm4OZA0Vpo4nhBTFwGt%2FDwOrw6eQA13JgAXPBtQd85JkKVUpgsztkkCXk%2Blw5c6qirRIFQP7dQiseRnRVmnyb9PPtW8rXCHCF%2B5RK%2Fw0G%2FnqFOTHaQ36fakkkr9Ag%3D"}],"group":"cf-nel","max_age":604800}
expires: Sat, 19 Apr 2025 11:15:25 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 932bfbe81aff5690-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=11287&min_rtt=719&rtt_var=10314&sent=170&recv=221&lost=0&retrans=0&sent_bytes=17790&recv_bytes=14597&delivery_rate=7534&cwnd=12000&unsent_bytes=0&cid=58df4fa86fb0878f&ts=4416&x=16"

goosebomb.com/gogate/etoro/55/index.html?action=174506131710000TNOTV415326358024Va64a4

104.21.112.1

200 OK

1.7 kB

URL GET
goosebomb.com/gogate/etoro/55/index.html?action=174506131710000TNOTV415326358024Va64a4
IP
104.21.112.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectgoosebomb.com
Fingerprint0F:2E:D4:94:2D:AD:19:D7:5F:D1:B6:79:58:A7:37:EA:82:41:68:FD
ValidityTue, 04 Mar 2025 10:23:52 GMT - Mon, 02 Jun 2025 11:23:45 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
1.7 kB (1744 bytes)
Hash
deddc989c0c114c60ef573d0cbcdf32f
d06f349e45e6645077df6a4170a3c57e5c40b41c
669f5bd67d711177f57f5f0306458ad15ba76c5345b7bc9feef328e8fc13cc13

HTTP Headers

GET /gogate/etoro/55/index.html?action=174506131710000TNOTV415326358024Va64a4 HTTP/1.1
Host: goosebomb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://livestreams.click/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:18 GMT
content-type: text/html
x-guploader-uploadid: AAO2Vwp46KVQvqR8k5eFxWBn1E75cuaz_HL4gfqvmqyNr8JrQFcrKDzo9D6lSD2M7Hd5-Ffi
expires: Sat, 19 Apr 2025 12:15:18 GMT
cache-control: public, max-age=3600
last-modified: Thu, 18 May 2023 11:30:29 GMT
x-goog-generation: 1684409429391866
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1744
x-goog-meta-goog-reserved-file-mtime: 1678727006
x-goog-hash: crc32c=DT2I8A==, md5=3t3JicDBFMYO9XPQy83zLw==
x-goog-storage-class: STANDARD
server: cloudflare
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 932bfbba0a290b55-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

youradexchange.com/script/iprp.php?t=1&c=23931904&stamat=m%257C%252C%252Cw3P-IjNqoGU3BP-GH0dEdHP3xP.8cc%252CkDw3wepnGwC5URjbgeeQt9oqPYgTI4bd--y84AmYb2yKkPd_fv5An5X53TWm3UrHppYa40cgEPaEs-bqeYEKcWVdf3aFqGJebeBNiUuvRbO8j20ZdmwaCB_f0HtqUrM2C9foSJE_Y432B2uJVtfwuRCv2LSIwrNJRgyKu-5iFZeQ_4yOvvqTbyBCkdVXZeZ_18o9-zKJAFUtwnqjJf2SmpJ4BjrPDuz3odUOkbEhB8DqXlbR7Y8dgpwo7cEOmfV5ZWOjLNwP0VBg7f-pA3J3lPvlmuwxs47jHI040CJp9EG5Gf0zidsOs18fcmz_VFlryIPH6_AeLv15f9iMb5VM2rDEDgeXdtOgnLC1f41G7F-YFtHi8sug1JDXeauzyW3ZSmoPLq_zPx2YXjhTQcDyQLrFhYsMxSaNhJHUtvaV4g2p2yNJFeTjNIin5MVZV_H4KzUKyWGOIdIGQVkuZVT5BYAeHRUi8fOLPfnyvZEyFrDlstwHY6V0mbU9RLr9kcIuPHJrtbgds5Ks38R9gyXOG4Yjc1wgUDGSkViEIPYgtVmZgunuTGsEDjzKLcLkYTS-toym_1ixtiMgrxEFx2hgArCeDT2XPab3WAoL4vSjlI-5gdEu2zsBep7ghcMbW4Wk

172.67.177.214

302 Found

0 B

URL GET
youradexchange.com/script/iprp.php?t=1&c=23931904&stamat=m%257C%252C%252Cw3P-IjNqoGU3BP-GH0dEdHP3xP.8cc%252CkDw3wepnGwC5URjbgeeQt9oqPYgTI4bd--y84AmYb2yKkPd_fv5An5X53TWm3UrHppYa40cgEPaEs-bqeYEKcWVdf3aFqGJebeBNiUuvRbO8j20ZdmwaCB_f0HtqUrM2C9foSJE_Y432B2uJVtfwuRCv2LSIwrNJRgyKu-5iFZeQ_4yOvvqTbyBCkdVXZeZ_18o9-zKJAFUtwnqjJf2SmpJ4BjrPDuz3odUOkbEhB8DqXlbR7Y8dgpwo7cEOmfV5ZWOjLNwP0VBg7f-pA3J3lPvlmuwxs47jHI040CJp9EG5Gf0zidsOs18fcmz_VFlryIPH6_AeLv15f9iMb5VM2rDEDgeXdtOgnLC1f41G7F-YFtHi8sug1JDXeauzyW3ZSmoPLq_zPx2YXjhTQcDyQLrFhYsMxSaNhJHUtvaV4g2p2yNJFeTjNIin5MVZV_H4KzUKyWGOIdIGQVkuZVT5BYAeHRUi8fOLPfnyvZEyFrDlstwHY6V0mbU9RLr9kcIuPHJrtbgds5Ks38R9gyXOG4Yjc1wgUDGSkViEIPYgtVmZgunuTGsEDjzKLcLkYTS-toym_1ixtiMgrxEFx2hgArCeDT2XPab3WAoL4vSjlI-5gdEu2zsBep7ghcMbW4Wk
IP
172.67.177.214:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectyouradexchange.com
Fingerprint15:B3:64:96:16:B0:F4:77:6F:50:C1:66:99:8E:A6:A8:90:64:AD:7E
ValidityThu, 03 Apr 2025 15:59:56 GMT - Wed, 02 Jul 2025 16:56:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/iprp.php?t=1&c=23931904&stamat=m%257C%252C%252Cw3P-IjNqoGU3BP-GH0dEdHP3xP.8cc%252CkDw3wepnGwC5URjbgeeQt9oqPYgTI4bd--y84AmYb2yKkPd_fv5An5X53TWm3UrHppYa40cgEPaEs-bqeYEKcWVdf3aFqGJebeBNiUuvRbO8j20ZdmwaCB_f0HtqUrM2C9foSJE_Y432B2uJVtfwuRCv2LSIwrNJRgyKu-5iFZeQ_4yOvvqTbyBCkdVXZeZ_18o9-zKJAFUtwnqjJf2SmpJ4BjrPDuz3odUOkbEhB8DqXlbR7Y8dgpwo7cEOmfV5ZWOjLNwP0VBg7f-pA3J3lPvlmuwxs47jHI040CJp9EG5Gf0zidsOs18fcmz_VFlryIPH6_AeLv15f9iMb5VM2rDEDgeXdtOgnLC1f41G7F-YFtHi8sug1JDXeauzyW3ZSmoPLq_zPx2YXjhTQcDyQLrFhYsMxSaNhJHUtvaV4g2p2yNJFeTjNIin5MVZV_H4KzUKyWGOIdIGQVkuZVT5BYAeHRUi8fOLPfnyvZEyFrDlstwHY6V0mbU9RLr9kcIuPHJrtbgds5Ks38R9gyXOG4Yjc1wgUDGSkViEIPYgtVmZgunuTGsEDjzKLcLkYTS-toym_1ixtiMgrxEFx2hgArCeDT2XPab3WAoL4vSjlI-5gdEu2zsBep7ghcMbW4Wk HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://livestreams.click
Referer: https://livestreams.click/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Sat, 19 Apr 2025 11:15:20 GMT
content-type: text/html; charset=utf-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GKPAekOyOrC6eIkORq70N6aY5E%2FcKKORTOFKAStMnYO45AcvQPFXIoDoQTTXsuUbATJP6bfsXH0M7jJ0%2Bzf44iwo8pIee0z5TCpxDpF4JSmgcDeigrud6js4QfyVQnNduwR%2BJNc%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
location: https://rlsredirect.com/d256a1be8?click_id=174506131910000TNOTV415326358024V582bc
via: 1.1 google
cf-cache-status: DYNAMIC
cf-ray: 932bfbc54830b4eb-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=29304&min_rtt=23930&rtt_var=12812&sent=15&recv=10&lost=0&retrans=0&sent_bytes=3927&recv_bytes=1879&delivery_rate=24361&cwnd=12000&unsent_bytes=0&cid=dffb08be9f7a1975&ts=1348&x=16"

ii.apl375.me/player2019/main.css?8

104.21.82.118

200 OK

944 B

URL GET
ii.apl375.me/player2019/main.css?8
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type
ASCII text
Size
944 B (944 bytes)
Hash
9764a5ce13b329e82ebcf3823cfc95ac
3cc5c0e57016ea6df0e1bf970981bc5d2b721a2e
25ef9b5fe2c5b74ffe554d57a5e9dbea92befeb606efc3267bd0428536467909

HTTP Headers

GET /player2019/main.css?8 HTTP/1.1
Host: ii.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:21 GMT
content-type: text/css
server: cloudflare
last-modified: Mon, 19 Aug 2019 19:09:58 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 620452
etag: W/"5d5af406-3b0"
content-encoding: br
cf-ray: 932bfbcd694d0b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ii.apl375.me/player2019/adv-player.js?8

104.21.82.118

200 OK

6.0 kB

URL GET
ii.apl375.me/player2019/adv-player.js?8
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
6.0 kB (6007 bytes)
Hash
2b6ecd98ff07c3893b974dddffa92567
49e83b0c9943a7d9503a681598a19a0f8bcf5404
243eb4a8fcd9c81c4c64cfb82bd8452208b1c8351ca9d45c92e20385d01a08ba

HTTP Headers

GET /player2019/adv-player.js?8 HTTP/1.1
Host: ii.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:21 GMT
content-type: application/javascript
server: cloudflare
last-modified: Mon, 19 Aug 2019 19:08:24 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 620451
etag: W/"5d5af3a8-1777"
content-encoding: br
cf-ray: 932bfbcd08cf0b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

oudebsaucmoaftu.com/wrr?z=8635392&p_rid=11b07125-2ef3-4bc7-843f-e7b3bc04cfe2&rb=9kAba27QsrXrTZfnid0wA5gBc5a4r18FPBTiDsP7DwxMxUC3EFC0eR6P2AiZZ3ktXMadjdWeMFnyaZIYsWGdefHaHhI9Z-srW0a3vU8GYF2Jh9k9tL000-hWH_Js8C5CkGiigIxhpAb5PrA5M2Xe11Tg2acM8-FzYQPM7Ny5ibelOJrO-Dy8eOLuIDEZWFo7SLdVl3pUknq5DyqZ4NWVGpBmT-z3T3L5LI56KZ_JDSMTgaTxksodaVt75WK5DcgUvhXeTDb1e1jbEpG9w3nvom8VRYhs5DezdMFnY7BMii8=&dmn=oudebsaucmoaftu.com&userId=0081b056f1f24340f3f05c3639def639

139.45.197.105

204 No Content

0 B

URL OPTIONS
oudebsaucmoaftu.com/wrr?z=8635392&p_rid=11b07125-2ef3-4bc7-843f-e7b3bc04cfe2&rb=9kAba27QsrXrTZfnid0wA5gBc5a4r18FPBTiDsP7DwxMxUC3EFC0eR6P2AiZZ3ktXMadjdWeMFnyaZIYsWGdefHaHhI9Z-srW0a3vU8GYF2Jh9k9tL000-hWH_Js8C5CkGiigIxhpAb5PrA5M2Xe11Tg2acM8-FzYQPM7Ny5ibelOJrO-Dy8eOLuIDEZWFo7SLdVl3pUknq5DyqZ4NWVGpBmT-z3T3L5LI56KZ_JDSMTgaTxksodaVt75WK5DcgUvhXeTDb1e1jbEpG9w3nvom8VRYhs5DezdMFnY7BMii8=&dmn=oudebsaucmoaftu.com&userId=0081b056f1f24340f3f05c3639def639
IP
139.45.197.105:443
ASN
#9002 RETN Limited

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerLet's Encrypt
Subjectoudebsaucmoaftu.com
Fingerprint3E:57:18:B8:CF:46:7E:C2:63:61:14:EA:FD:80:DC:19:61:B5:3E:F1
ValidityWed, 16 Apr 2025 23:38:15 GMT - Tue, 15 Jul 2025 23:38:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /wrr?z=8635392&p_rid=11b07125-2ef3-4bc7-843f-e7b3bc04cfe2&rb=9kAba27QsrXrTZfnid0wA5gBc5a4r18FPBTiDsP7DwxMxUC3EFC0eR6P2AiZZ3ktXMadjdWeMFnyaZIYsWGdefHaHhI9Z-srW0a3vU8GYF2Jh9k9tL000-hWH_Js8C5CkGiigIxhpAb5PrA5M2Xe11Tg2acM8-FzYQPM7Ny5ibelOJrO-Dy8eOLuIDEZWFo7SLdVl3pUknq5DyqZ4NWVGpBmT-z3T3L5LI56KZ_JDSMTgaTxksodaVt75WK5DcgUvhXeTDb1e1jbEpG9w3nvom8VRYhs5DezdMFnY7BMii8=&dmn=oudebsaucmoaftu.com&userId=0081b056f1f24340f3f05c3639def639 HTTP/1.1
Host: oudebsaucmoaftu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://livestreams.click/
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 19 Apr 2025 11:15:23 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://livestreams.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

a27.azplay5.me/media/80010413.gif

45.141.56.198

200 OK

54 kB

URL GET
a27.azplay5.me/media/80010413.gif
IP
45.141.56.198:443
ASN
#213373 IP Connect Inc

Requested by
https://ad.apl375.me/getbanner.php?zone_id=179&0.47713225304923823
Certificate
IssuerLet's Encrypt
Subjecta27.azplay5.me
Fingerprint4B:47:0D:C9:39:E9:4B:DF:B1:31:6C:CD:04:1B:0B:C6:E3:35:BE:3E
ValidityFri, 18 Apr 2025 18:43:43 GMT - Thu, 17 Jul 2025 18:43:42 GMT

File type
GIF image data, version 89a, 468 x 60
Size
54 kB (53562 bytes)
Hash
2b84795f2e371ca54edcd4b018e07a02
1684cfe0cfeea078583459297c896322ecfb6637
3e1391cafab63577d7cccb8bd16d48abad5c9f93fd51d64673992d96a2be9d75

HTTP Headers

GET /media/80010413.gif HTTP/1.1
Host: a27.azplay5.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.apl375.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 19 Apr 2025 11:15:26 GMT
Content-Type: image/gif
Content-Length: 53562
Connection: keep-alive
Last-Modified: Wed, 02 Apr 2025 10:42:12 GMT
ETag: "67ed1484-d13a"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

experttrafficcounter.com/stats

3.126.4.163

200 OK

40 B

URL GET
experttrafficcounter.com/stats
IP
3.126.4.163:443
ASN
#16509 AMAZON-02

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerAmazon
Subjectexperttrafficcounter.com
FingerprintEE:A0:89:D0:CF:A2:E2:EC:50:6D:6C:20:D2:5A:BB:B9:8C:6E:3F:CC
ValidityThu, 23 Jan 2025 00:00:00 GMT - Sat, 21 Feb 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
58dc7e677885f61627a30bcfe3f1ec34
e50ceafb229df3b3775eba503b5ede016076d4dc
24c250bcb095651004a36fd9cfec28aae9f61ff8202a26e4ef5d47fbcfe96d12

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:17 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://livestreams.click
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=44390a89-4f9c-46f4-8015-eee4888576c9:3:1; expires=Tue, 17 Apr 2035 11:15:17 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

shotgunchancecruel.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fanimate.css&l=78689&fd=999

192.243.59.12

200 OK

0 B

URL GET
shotgunchancecruel.com/pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fanimate.css&l=78689&fd=999
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectshotgunchancecruel.com
Fingerprint0C:D3:F1:8B:BC:8A:18:C0:64:49:9C:C1:D7:F5:0C:C7:24:2B:06:04
ValidityWed, 19 Feb 2025 02:30:57 GMT - Tue, 20 May 2025 02:30:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=&tmpl=482&u=https%3A%2F%2Fcdn.creative-stat1.com%2Fsb%2Fssp%2Finterstitial%2Fbottom_banner%2F1%2Fcss%2Fanimate.css&l=78689&fd=999 HTTP/1.1
Host: shotgunchancecruel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Cookie: uid_id2=44390a89-4f9c-46f4-8015-eee4888576c9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25298571=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 19 Apr 2025 11:15:26 GMT
Content-Length: 0
Connection: keep-alive
Host: shotgunchancecruel.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.35

200 OK

40 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Apr 2025 10:03:46 GMT
expires: Fri, 17 Apr 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 177103
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

livestreams.click/embed01/daznlaliga.json?1745061319000

172.67.207.222

200 OK

16 B

URL GET
livestreams.click/embed01/daznlaliga.json?1745061319000
IP
172.67.207.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectlivestreams.click
FingerprintFA:D0:0A:0E:8C:C9:F2:2A:14:63:DB:79:A7:A1:33:B1:5B:73:AD:1E
ValidityWed, 26 Feb 2025 14:55:45 GMT - Tue, 27 May 2025 15:54:24 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
eeeb3e4bced9067f0b445ecdaea1ab1d
293ab1fb6385b8870ad0d8386f02bf7b53d4521a
c763a041c18e9f4e879b88442c09b30703eab167f1c7c45edac49d70dacded3e

HTTP Headers

GET /embed01/daznlaliga.json?1745061319000 HTTP/1.1
Host: livestreams.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://livestreams.click/embed01/daznliga.php
DNT: 1
Connection: keep-alive
Cookie: pp_main_bc0cea2cc67474235512f64ed7476bf4=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=44390a89-4f9c-46f4-8015-eee4888576c9%3A3%3A1; _ga_4X3D1TSXCP=GS1.1.1745061318.1.0.1745061318.0.0.0; _ga=GA1.1.634031272.1745061319
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:19 GMT
content-type: application/json
content-length: 16
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Br%2FyOJGfywJDopcKyHkErzWpPiW7vFAI5ncftj8Mb%2B56vwYyuG1Hba0Cd4T2UWdxR5q9MWiZKnhNv32kO2JJADUQyzj9586QJxUow6ctGwi2Wb1zApyNPynZH8GthtWFHHvsAA%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sun, 06 Apr 2025 16:14:56 GMT
etag: "67f2a880-10"
strict-transport-security: max-age=31536000
accept-ranges: bytes
cf-cache-status: DYNAMIC
cf-ray: 932bfbc02e4556c7-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3773&min_rtt=776&rtt_var=2097&sent=176&recv=141&lost=0&retrans=0&sent_bytes=99808&recv_bytes=10834&delivery_rate=5060&cwnd=24000&unsent_bytes=0&cid=634670089be2888f&ts=3604&x=16"

t.dtscout.com/pv/?_a=v&_h=livestreams.click&_ss=15q489r762&_pv=2&_ls=2&_cc=no&_pl=d&_b=firefox%40134&_cbid=32ec&_cb=_dtspv.c

172.67.70.180

200 OK

0 B

URL GET
t.dtscout.com/pv/?_a=v&_h=livestreams.click&_ss=15q489r762&_pv=2&_ls=2&_cc=no&_pl=d&_b=firefox%40134&_cbid=32ec&_cb=_dtspv.c
IP
172.67.70.180:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectdtscout.com
Fingerprint4B:34:25:C3:56:75:F4:5A:B8:45:F5:43:DE:C9:89:43:D2:87:85:48
ValidityFri, 07 Mar 2025 01:14:02 GMT - Thu, 05 Jun 2025 02:13:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pv/?_a=v&_h=livestreams.click&_ss=15q489r762&_pv=2&_ls=2&_cc=no&_pl=d&_b=firefox%40134&_cbid=32ec&_cb=_dtspv.c HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Cookie: m=2; df=1745061318
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:20 GMT
content-type: application/javascript
content-encoding: br
cf-ray: 932bfbc52c38712b-OSL
x-t: 0.096
x-c: 0
expires: Sat, 19 Apr 2025 11:15:19 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vGQ%2BTNiuhJ4NubG2g64TpXYPpiWZm91VTm6jm%2F%2BdVQncZGZ5%2BuECMeDg%2BhvHkNUl1UKQ7HvHQKW7lde2Dp4vBdbuvA7qJqHK6TsSb4TkBCiQf6%2Bw0Ecr%2FbwOd%2BU8hNg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=975&min_rtt=418&rtt_var=991&sent=18&recv=16&lost=0&retrans=0&sent_bytes=7039&recv_bytes=1617&delivery_rate=6917197&cwnd=255&unsent_bytes=0&cid=57a082d62bc0afe8&ts=2702&x=0"
X-Firefox-Spdy: h2

a73.azplay5.me/hls/streama235852/index.m3u8?cst=3fb23283a94529b538eb5240b0209659

45.178.7.155

200 OK

185 B

URL GET
a73.azplay5.me/hls/streama235852/index.m3u8?cst=3fb23283a94529b538eb5240b0209659
IP
45.178.7.155:443
ASN
#64122 SWISS GLOBAL SERVICES S.A.S

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerLet's Encrypt
Subjecta73.azplay5.me
Fingerprint14:89:B4:21:5A:D6:68:72:1E:2C:AA:8B:27:40:16:6D:62:74:04:2E
ValidityFri, 18 Apr 2025 18:27:46 GMT - Thu, 17 Jul 2025 18:27:45 GMT

File type
M3U playlist, ASCII text
Size
185 B (185 bytes)
Hash
5586c76849f52c2e28e4e0bb2497cb39
6e7b87aa8cbcc264deeb719583a3675ea5acf3e0
5299b7345ad8fe592fbe9da3a080db333fcd8710852b22fee9a669911aebc8a5

HTTP Headers

GET /hls/streama235852/index.m3u8?cst=3fb23283a94529b538eb5240b0209659 HTTP/1.1
Host: a73.azplay5.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://emb.apl373.me
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Sat, 19 Apr 2025 11:15:26 GMT
Content-Type: application/text
Transfer-Encoding: chunked
Connection: keep-alive
Content-Disposition: attachment; filename=index.m3u8
Access-Control-Allow-Origin: *
Cache-Control: no-cache

cdn.creative-stat1.com/sb/ssp/interstitial/bottom_banner/1/css/animate.css

172.67.133.15

200 OK

79 kB

URL GET
cdn.creative-stat1.com/sb/ssp/interstitial/bottom_banner/1/css/animate.css
IP
172.67.133.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectcreative-stat1.com
Fingerprint0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB
ValiditySun, 13 Apr 2025 21:34:38 GMT - Sat, 12 Jul 2025 22:33:20 GMT

File type
ASCII text
Size
79 kB (78689 bytes)
Hash
3d4123dbfb33d27a5cfdfcfa91df6783
e7d0eeeec54b848f0bc3da8685fa3bc88429d660
cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887

HTTP Headers

GET /sb/ssp/interstitial/bottom_banner/1/css/animate.css HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:25 GMT
content-type: text/css
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:45 GMT
etag: W/"65aa8501-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: HIT
age: 139096
cf-ray: 932bfbe63ec156c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

affordedseasick.com/bc/0c/ea/bc0cea2cc67474235512f64ed7476bf4.js

172.240.253.132

200 OK

97 kB

URL GET
affordedseasick.com/bc/0c/ea/bc0cea2cc67474235512f64ed7476bf4.js
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerLet's Encrypt
Subjectaffordedseasick.com
Fingerprint43:A8:78:9D:F1:9C:96:DA:33:F8:36:CA:19:7E:76:7B:24:B4:65:4A
ValiditySat, 22 Mar 2025 20:39:24 GMT - Fri, 20 Jun 2025 20:39:23 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
97 kB (96670 bytes)
Hash
e101265bcc1c68d75c718636b8d6766b
543eaffe0578712a2d5955dc81934b9c8beea1e2
b8177199d3faf95a68f92acfd6776928e3266211b7f4969e8c0041fef76e2abb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /bc/0c/ea/bc0cea2cc67474235512f64ed7476bf4.js HTTP/1.1
Host: affordedseasick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 19 Apr 2025 11:15:17 GMT
Content-Type: application/javascript
Content-Length: 29942
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 4
Host: affordedseasick.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 9132f65935cfddf2be77e363a481a1d9
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

shotgunchancecruel.com/ren.gif?sid=H4sIAAAAAAAC_1RSMYwbRRee9UV_8VMgAqIBJBcUIGHfrr1e75Ii4hKCTglJlARFEQWanZn1DTfeWWZ2vY5pTolAkWisVEC19_mSEyFCUFIgIZsGRUKKU12Ra2jpkFIjO5YMr3jvffu9lb73vflyvzgmPgp6dPlDPZJK0c1O062_dV2mXJe2fvFa3XOb7qn6dZkG_qn6cJHM4F2v7Tfdt-sfCLarN1uu57qe69XPSSMSPdxcspDZw8hrRm7TbzW9jo-h-S-2hQNLHfDBMTkJyecv_pl8DMmmSPs_nhV2N9fZO-_3C0VzbTDghx-lu6kuU_TXbWIcJOnhahrazgn5ugadHq42gB4cLDZALOek9upTxOnhSibiwb3nSmMFkSLmL6AcTCHUFJJOwfRtSP6YAIzj4iWk_fsXtSnpzecsXbBzcuLZ35DlnJx4-grS_g9bSg7rV7UqcqlTi2FSQQ6nkL0psmKGfFSDLGdg-S1I_gfZfHYBaf_gklUakh-96fvtyKVh1PCTiDX8IPEboet1GkIIPwzDTjdg0dIimUyhxBjUbqCwDgrpoEgcFJmDPj-q-27oM4-2gyTirOv61Pe5iN0obLkujVgXBVvoHyPPxmBqDGb2kJk97MoxTPEr7E4Fyx3YnGDAK5SCoLQEJSUoJUGZE5SD6h5XtmWr-1zZIvZWtbWq7Wqi894-vafznkgJqBnD8OpAZp_Z22D5xmSU2PMTvUg0zh9sXW0Eod_wP_EmNObVfnZMXlqY7Nz631fYFUf1IPaDgImgE8adbisMqR-0Qxq4ImRRl3pdWFlB2hqodTCSc3LmryfI5OPsLmI6g1UzMPkyaPEGaFmB7lQYpQ96mlGbNzOjwXWFLD-B_Kazr47Ja8sT34g_h2CPTv_8zSK-BTMVMlPhU_kbQU_dmVzRJTm4oktLfrqU5bIvR3Rx_qs5zcXGg_PiZqkN3z5rx9-9xxbEon14Tdj8Ak25THuWfL8lORfmnDZMkF-27XURXy7szlZh0iK7cPnMue1-ZoS1UqdTUDkn_69eB5NzcnLYWD7t1t42pJnCFBX6xSOyCkg9A8v2YLO1fqsJjFrPxJmDsqgmphWvPypJoMQa07iC_ReO1_3E0MXfVFb79g56pgaa30barzAwFQaqAlVj2GJjkmfm0ekn7WUgVrVJrEztIFZG3V3aPCc3ghmsPKp3WnE7CMNAJAFP2rzdavOo44rIp1HgR34HuZ3vbHzx-z8BAAD__82G0wDBBAAA

192.243.59.12

200 OK

0 B

URL GET
shotgunchancecruel.com/ren.gif?sid=H4sIAAAAAAAC_1RSMYwbRRee9UV_8VMgAqIBJBcUIGHfrr1e75Ii4hKCTglJlARFEQWanZn1DTfeWWZ2vY5pTolAkWisVEC19_mSEyFCUFIgIZsGRUKKU12Ra2jpkFIjO5YMr3jvffu9lb73vflyvzgmPgp6dPlDPZJK0c1O062_dV2mXJe2fvFa3XOb7qn6dZkG_qn6cJHM4F2v7Tfdt-sfCLarN1uu57qe69XPSSMSPdxcspDZw8hrRm7TbzW9jo-h-S-2hQNLHfDBMTkJyecv_pl8DMmmSPs_nhV2N9fZO-_3C0VzbTDghx-lu6kuU_TXbWIcJOnhahrazgn5ugadHq42gB4cLDZALOek9upTxOnhSibiwb3nSmMFkSLmL6AcTCHUFJJOwfRtSP6YAIzj4iWk_fsXtSnpzecsXbBzcuLZ35DlnJx4-grS_g9bSg7rV7UqcqlTi2FSQQ6nkL0psmKGfFSDLGdg-S1I_gfZfHYBaf_gklUakh-96fvtyKVh1PCTiDX8IPEboet1GkIIPwzDTjdg0dIimUyhxBjUbqCwDgrpoEgcFJmDPj-q-27oM4-2gyTirOv61Pe5iN0obLkujVgXBVvoHyPPxmBqDGb2kJk97MoxTPEr7E4Fyx3YnGDAK5SCoLQEJSUoJUGZE5SD6h5XtmWr-1zZIvZWtbWq7Wqi894-vafznkgJqBnD8OpAZp_Z22D5xmSU2PMTvUg0zh9sXW0Eod_wP_EmNObVfnZMXlqY7Nz631fYFUf1IPaDgImgE8adbisMqR-0Qxq4ImRRl3pdWFlB2hqodTCSc3LmryfI5OPsLmI6g1UzMPkyaPEGaFmB7lQYpQ96mlGbNzOjwXWFLD-B_Kazr47Ja8sT34g_h2CPTv_8zSK-BTMVMlPhU_kbQU_dmVzRJTm4oktLfrqU5bIvR3Rx_qs5zcXGg_PiZqkN3z5rx9-9xxbEon14Tdj8Ak25THuWfL8lORfmnDZMkF-27XURXy7szlZh0iK7cPnMue1-ZoS1UqdTUDkn_69eB5NzcnLYWD7t1t42pJnCFBX6xSOyCkg9A8v2YLO1fqsJjFrPxJmDsqgmphWvPypJoMQa07iC_ReO1_3E0MXfVFb79g56pgaa30barzAwFQaqAlVj2GJjkmfm0ekn7WUgVrVJrEztIFZG3V3aPCc3ghmsPKp3WnE7CMNAJAFP2rzdavOo44rIp1HgR34HuZ3vbHzx-z8BAAD__82G0wDBBAAA
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectshotgunchancecruel.com
Fingerprint0C:D3:F1:8B:BC:8A:18:C0:64:49:9C:C1:D7:F5:0C:C7:24:2B:06:04
ValidityWed, 19 Feb 2025 02:30:57 GMT - Tue, 20 May 2025 02:30:56 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC_1RSMYwbRRee9UV_8VMgAqIBJBcUIGHfrr1e75Ii4hKCTglJlARFEQWanZn1DTfeWWZ2vY5pTolAkWisVEC19_mSEyFCUFIgIZsGRUKKU12Ra2jpkFIjO5YMr3jvffu9lb73vflyvzgmPgp6dPlDPZJK0c1O062_dV2mXJe2fvFa3XOb7qn6dZkG_qn6cJHM4F2v7Tfdt-sfCLarN1uu57qe69XPSSMSPdxcspDZw8hrRm7TbzW9jo-h-S-2hQNLHfDBMTkJyecv_pl8DMmmSPs_nhV2N9fZO-_3C0VzbTDghx-lu6kuU_TXbWIcJOnhahrazgn5ugadHq42gB4cLDZALOek9upTxOnhSibiwb3nSmMFkSLmL6AcTCHUFJJOwfRtSP6YAIzj4iWk_fsXtSnpzecsXbBzcuLZ35DlnJx4-grS_g9bSg7rV7UqcqlTi2FSQQ6nkL0psmKGfFSDLGdg-S1I_gfZfHYBaf_gklUakh-96fvtyKVh1PCTiDX8IPEboet1GkIIPwzDTjdg0dIimUyhxBjUbqCwDgrpoEgcFJmDPj-q-27oM4-2gyTirOv61Pe5iN0obLkujVgXBVvoHyPPxmBqDGb2kJk97MoxTPEr7E4Fyx3YnGDAK5SCoLQEJSUoJUGZE5SD6h5XtmWr-1zZIvZWtbWq7Wqi894-vafznkgJqBnD8OpAZp_Z22D5xmSU2PMTvUg0zh9sXW0Eod_wP_EmNObVfnZMXlqY7Nz631fYFUf1IPaDgImgE8adbisMqR-0Qxq4ImRRl3pdWFlB2hqodTCSc3LmryfI5OPsLmI6g1UzMPkyaPEGaFmB7lQYpQ96mlGbNzOjwXWFLD-B_Kazr47Ja8sT34g_h2CPTv_8zSK-BTMVMlPhU_kbQU_dmVzRJTm4oktLfrqU5bIvR3Rx_qs5zcXGg_PiZqkN3z5rx9-9xxbEon14Tdj8Ak25THuWfL8lORfmnDZMkF-27XURXy7szlZh0iK7cPnMue1-ZoS1UqdTUDkn_69eB5NzcnLYWD7t1t42pJnCFBX6xSOyCkg9A8v2YLO1fqsJjFrPxJmDsqgmphWvPypJoMQa07iC_ReO1_3E0MXfVFb79g56pgaa30barzAwFQaqAlVj2GJjkmfm0ekn7WUgVrVJrEztIFZG3V3aPCc3ghmsPKp3WnE7CMNAJAFP2rzdavOo44rIp1HgR34HuZ3vbHzx-z8BAAD__82G0wDBBAAA HTTP/1.1
Host: shotgunchancecruel.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Cookie: uid_id2=44390a89-4f9c-46f4-8015-eee4888576c9:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25298571=1; slec6b466ce658b57288a4638a60e8c97a17=[5857915,5846723]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 19 Apr 2025 11:15:23 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Host: shotgunchancecruel.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: f2c6d597e0aca85b8ec0dee534a91308
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

t.dtscout.com/i/?l=https%3A%2F%2Flivestreams.click%2Fembed01%2Fdaznliga.php&j=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php

172.67.70.180

200 OK

2.1 kB

URL GET
t.dtscout.com/i/?l=https%3A%2F%2Flivestreams.click%2Fembed01%2Fdaznliga.php&j=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php
IP
172.67.70.180:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectdtscout.com
Fingerprint4B:34:25:C3:56:75:F4:5A:B8:45:F5:43:DE:C9:89:43:D2:87:85:48
ValidityFri, 07 Mar 2025 01:14:02 GMT - Thu, 05 Jun 2025 02:13:46 GMT

File type
ASCII text, with very long lines (2077)
Size
2.1 kB (2079 bytes)
Hash
51bd741af3fcc4984d1a753eebfa1141
534664acf69cbbb5c9b97c96b63dd37bdc580da2
3e9c8e5dcf3cbff9e1b7211551a31fe388f1b8e607fd78a0a34855be65da721c

HTTP Headers

GET /i/?l=https%3A%2F%2Flivestreams.click%2Fembed01%2Fdaznliga.php&j=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php HTTP/1.1
Host: t.dtscout.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Cookie: m=1; df=1745061318
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:20 GMT
content-type: application/javascript
cf-ray: 932bfbc15b9e712b-OSL
server: cloudflare
x-s: mtl2
content-encoding: br
x-t: 0.24
expires: Sat, 19 Apr 2025 11:15:19 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wXyfS%2B7ORTsSrrkYyvBshbzwB3eEqqP3Qt6kYUyYRpx6TP26m2KfUNW7AqTPhNdA3GuxgFUJoHM%2FZuCNqxSU3Z%2FQF4DWhsvuxQVCzi6zpbc3SPAfeT3pzDpoNQ3mpCg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: m=2; SameSite=None; Secure; Path=/; Domain=dtscout.com; Max-Age=5000; Expires=Sat, 19 Apr 2025 12:38:40 GMT
server-timing: cfL4;desc="?proto=TCP&rtt=594&min_rtt=418&rtt_var=304&sent=14&recv=14&lost=0&retrans=0&sent_bytes=5354&recv_bytes=1449&delivery_rate=6917197&cwnd=255&unsent_bytes=0&cid=57a082d62bc0afe8&ts=2117&x=0"
X-Firefox-Spdy: h2

emb.apl373.me//player/live.php?id=235852&w=100%&h=100%

188.114.96.1

200 OK

6.1 kB

URL GET
emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectapl373.me
Fingerprint12:DC:87:54:C1:78:2E:3D:51:BC:D9:0D:6C:D7:74:5F:CF:E7:35:E7
ValidityTue, 18 Mar 2025 09:27:59 GMT - Mon, 16 Jun 2025 10:26:33 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
6.1 kB (6132 bytes)
Hash
892af428be1445ec67f8d0bfa62ffe5c
b17bec5c38d9d40abec906bb6db3e8c50cecb910
9a2dbe234c9aebdf3709aa8384b817b810741560a7128e8a21c8328688bc5320

HTTP Headers

GET //player/live.php?id=235852&w=100%&h=100% HTTP/1.1
Host: emb.apl373.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:20 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: lng=en; Path=/; Domain=emb.apl373.me; Max-Age=150000000; Expires=Sat, 19 Jan 2030 13:55:20 GMT
cf-ray: 932bfbc63c7b5691-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-stat1.com/sb/ssp/interstitial/bottom_banner/1/js/jquery.min.js

172.67.133.15

200 OK

90 kB

URL GET
cdn.creative-stat1.com/sb/ssp/interstitial/bottom_banner/1/js/jquery.min.js
IP
172.67.133.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectcreative-stat1.com
Fingerprint0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB
ValiditySun, 13 Apr 2025 21:34:38 GMT - Sat, 12 Jul 2025 22:33:20 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89492 bytes)
Hash
561acb3e541133bbdd2c0c19f8ee35a1
ffd1353cf3f77d25f801c84d8208613eb0d3d548
9fde6da568db31801e29243a903bf24f342256b41e3c01e7d018ff7c566ce7fc

HTTP Headers

GET /sb/ssp/interstitial/bottom_banner/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:25 GMT
content-type: application/javascript
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:45 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 798407
etag: W/"65aa8501-15d94"
content-encoding: br
cf-ray: 932bfbe71c7456af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=44390a89-4f9c-46f4-8015-eee4888576c9&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=bc0cea2cc67474235512f64ed7476bf4&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11

192.243.59.12

200 OK

0 B

URL GET
unseenreport.com/pxf.gif?uuid=44390a89-4f9c-46f4-8015-eee4888576c9&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=bc0cea2cc67474235512f64ed7476bf4&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintE0:4C:2E:29:FF:E3:0A:E7:2C:96:4B:AD:13:1B:9D:AB:A0:91:35:A7
ValidityTue, 18 Mar 2025 22:26:47 GMT - Mon, 16 Jun 2025 22:26:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=44390a89-4f9c-46f4-8015-eee4888576c9&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=bc0cea2cc67474235512f64ed7476bf4&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 19 Apr 2025 11:15:30 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: unseenreport.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 24f205947bf862b701d06a22b0c3b8f5
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

youradexchange.com/script/suurl5.php?r=9644746&cbur=0.020812503048537323&cbiframe=1&cbWidth=1264&cbHeight=1008&cbtitle=&cbpage=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&cbref=&cbdescription=&cbkeywords=&cbcdn=pdavbtkidyyra.click&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1745061319324&srs=d32767e004bfcf4d718991db43e5e1cf&atv=58.3&abtg=1&adbv=3-cdn

172.67.177.214

302 Found

0 B

URL GET
youradexchange.com/script/suurl5.php?r=9644746&cbur=0.020812503048537323&cbiframe=1&cbWidth=1264&cbHeight=1008&cbtitle=&cbpage=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&cbref=&cbdescription=&cbkeywords=&cbcdn=pdavbtkidyyra.click&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1745061319324&srs=d32767e004bfcf4d718991db43e5e1cf&atv=58.3&abtg=1&adbv=3-cdn
IP
172.67.177.214:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectyouradexchange.com
Fingerprint15:B3:64:96:16:B0:F4:77:6F:50:C1:66:99:8E:A6:A8:90:64:AD:7E
ValidityThu, 03 Apr 2025 15:59:56 GMT - Wed, 02 Jul 2025 16:56:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/suurl5.php?r=9644746&cbur=0.020812503048537323&cbiframe=1&cbWidth=1264&cbHeight=1008&cbtitle=&cbpage=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&cbref=&cbdescription=&cbkeywords=&cbcdn=pdavbtkidyyra.click&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1745061319324&srs=d32767e004bfcf4d718991db43e5e1cf&atv=58.3&abtg=1&adbv=3-cdn HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://livestreams.click/
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 19 Apr 2025 11:15:19 GMT
content-type: text/html; charset=utf-8
location: https://youradexchange.com/script/iprp.php?t=1&c=23931904&stamat=m%257C%252C%252Cw3P-IjNqoGU3BP-GH0dEdHP3xP.8cc%252CkDw3wepnGwC5URjbgeeQt9oqPYgTI4bd--y84AmYb2yKkPd_fv5An5X53TWm3UrHppYa40cgEPaEs-bqeYEKcWVdf3aFqGJebeBNiUuvRbO8j20ZdmwaCB_f0HtqUrM2C9foSJE_Y432B2uJVtfwuRCv2LSIwrNJRgyKu-5iFZeQ_4yOvvqTbyBCkdVXZeZ_18o9-zKJAFUtwnqjJf2SmpJ4BjrPDuz3odUOkbEhB8DqXlbR7Y8dgpwo7cEOmfV5ZWOjLNwP0VBg7f-pA3J3lPvlmuwxs47jHI040CJp9EG5Gf0zidsOs18fcmz_VFlryIPH6_AeLv15f9iMb5VM2rDEDgeXdtOgnLC1f41G7F-YFtHi8sug1JDXeauzyW3ZSmoPLq_zPx2YXjhTQcDyQLrFhYsMxSaNhJHUtvaV4g2p2yNJFeTjNIin5MVZV_H4KzUKyWGOIdIGQVkuZVT5BYAeHRUi8fOLPfnyvZEyFrDlstwHY6V0mbU9RLr9kcIuPHJrtbgds5Ks38R9gyXOG4Yjc1wgUDGSkViEIPYgtVmZgunuTGsEDjzKLcLkYTS-toym_1ixtiMgrxEFx2hgArCeDT2XPab3WAoL4vSjlI-5gdEu2zsBep7ghcMbW4Wk
server: cloudflare
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
via: 1.1 google
cf-cache-status: DYNAMIC
cf-ray: 932bfbbdef6156c4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

livestreams.click/upload/media/flags/Spain.png

172.67.207.222

200 OK

8.8 kB

URL GET
livestreams.click/upload/media/flags/Spain.png
IP
172.67.207.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectlivestreams.click
FingerprintFA:D0:0A:0E:8C:C9:F2:2A:14:63:DB:79:A7:A1:33:B1:5B:73:AD:1E
ValidityWed, 26 Feb 2025 14:55:45 GMT - Tue, 27 May 2025 15:54:24 GMT

File type
PNG image data, 250 x 167, 8-bit/color RGB, non-interlaced
Size
8.8 kB (8782 bytes)
Hash
33f719a285466edac578e84b36e9d553
f86370402a8d5b7789d9b67851621cb5b07b9798
a454b761a5d9fd2a166e64f38da7b09d4af36b1d6b3e9de9e723f37df36bdd86

HTTP Headers

GET /upload/media/flags/Spain.png HTTP/1.1
Host: livestreams.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/embed01/daznliga.php
Cookie: pp_main_bc0cea2cc67474235512f64ed7476bf4=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=44390a89-4f9c-46f4-8015-eee4888576c9%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:18 GMT
content-type: image/png
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4TGYI6EX%2BydgrbK1j%2BHagmiAmzex%2Fuy5hh4E4Yn92G7bRtnfVkHWSwelNgYYIQkRr2iKRkpWLgm25nf7AqK%2BkfQlQqV%2BSm%2FaziYqi01JfKYXwoB%2BgBBIdDPNSrsZRSdHUizRlg%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Fri, 10 Jul 2020 12:41:26 GMT
vary: Accept-Encoding
etag: W/"5f0861f6-224e"
expires: Sun, 18 May 2025 19:08:18 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
age: 58020
cf-ray: 932bfbb78df856c7-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3363&min_rtt=776&rtt_var=2868&sent=160&recv=135&lost=0&retrans=0&sent_bytes=87945&recv_bytes=8904&delivery_rate=300847&cwnd=24000&unsent_bytes=0&cid=634670089be2888f&ts=2185&x=16"

oudebsaucmoaftu.com/5/8635392

139.45.197.105

200 OK

108 kB

URL GET
oudebsaucmoaftu.com/5/8635392
IP
139.45.197.105:443
ASN
#9002 RETN Limited

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerLet's Encrypt
Subjectoudebsaucmoaftu.com
Fingerprint3E:57:18:B8:CF:46:7E:C2:63:61:14:EA:FD:80:DC:19:61:B5:3E:F1
ValidityWed, 16 Apr 2025 23:38:15 GMT - Tue, 15 Jul 2025 23:38:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107793 bytes)
Hash
391ef056c21b1e1b2a0ffe46bfeb6fb6
c4ed02b44aaefdd2b0f650d8864f95d5ee24ff24
3d607da667402cd10dfb461c7769ee52eeb0bb9f4277af9a005e5d47e3ff06a8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/8635392 HTTP/1.1
Host: oudebsaucmoaftu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 19 Apr 2025 11:15:19 GMT
content-type: application/javascript
x-trace-id: c35289e45df9ed8d7a40e8d6980b6610
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081b056f1f24340f3f05c3639def639; expires=Sun, 19 Apr 2026 11:15:19 GMT; path=/; secure; SameSite=None
oaidts=1745061319; expires=Sun, 19 Apr 2026 11:15:19 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-4X3D1TSXCP&l=dataLayer&cx=c&gtm=457e54g3za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316

142.250.178.72

200 OK

0 B

URL GET
www.googletagmanager.com/gtag/js?id=G-4X3D1TSXCP&l=dataLayer&cx=c&gtm=457e54g3za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316
IP
142.250.178.72:443
ASN
#15169 GOOGLE

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
FingerprintB7:82:F3:C7:93:B0:60:B0:83:49:F8:74:0D:49:78:23:65:0B:37:01
ValidityMon, 31 Mar 2025 08:54:29 GMT - Mon, 23 Jun 2025 08:54:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gtag/js?id=G-4X3D1TSXCP&l=dataLayer&cx=c&gtm=457e54g3za200&tag_exp=102803279~102813109~102887800~102926062~103027016~103051953~103055465~103077950~103106314~103106316 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 19 Apr 2025 11:15:18 GMT
expires: Sat, 19 Apr 2025 11:15:18 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1055:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1055:0
report-to: {"group":"ascgcycc:1055:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1055:0"}],}
server: Google Tag Manager
content-length: 115804
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ad.apl375.me/getbanner.php?zone_id=196

104.21.82.118

200 OK

439 B

URL GET
ad.apl375.me/getbanner.php?zone_id=196
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
439 B (439 bytes)
Hash
5aa3078cb5ecd1929c270c2465bd0f77
89d5dcf2c376bf5d9a1e61af5d4e48b7ca36d0f3
240cdce2b1a69b1d7fe255f5315b297e5b620e2fed02f9ca9b86e2f30b7854d2

HTTP Headers

GET /getbanner.php?zone_id=196 HTTP/1.1
Host: ad.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:25 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6cS6MxpQ2RFFb5PkGoZnnS7e1QKRiTho4WZ2Gruagapibk%2BVOC2lt2fLtVoEu8XBh3AT51f%2FEadHl3iDIjhXQGoPkf%2FVJzDtB3Ap7jayQwQ%2BtqrAMJch3%2B0G4XddTJQ%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 932bfbe12aac5690-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=8582&min_rtt=719&rtt_var=9236&sent=166&recv=217&lost=0&retrans=0&sent_bytes=16187&recv_bytes=13838&delivery_rate=26719&cwnd=12000&unsent_bytes=0&cid=58df4fa86fb0878f&ts=3349&x=16"

ad.apl375.me/getbanner.php?zone_id=198

104.21.82.118

200 OK

440 B

URL GET
ad.apl375.me/getbanner.php?zone_id=198
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
440 B (440 bytes)
Hash
f73897d0c7cab647dda70946277a049e
a4995dc8010ee9d4b56ad9ee66bc347b6497c819
aeaccabb9a89a951c00bbc8cb5a383c8630ee4365ea1fa32de6fd365a402b1cb

HTTP Headers

GET /getbanner.php?zone_id=198 HTTP/1.1
Host: ad.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:25 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8NKrkts3tYroQGeyLUkTGMHurF%2BCBlIf%2BCyaOzgaq%2FDbL7ommrNuCHi12ds6WRk%2B8Laa2BFKcGK2j8i09gLmh2G0DKsI9oVyFMJxODuamT2VzMGweKlp0gDiiT%2FpWec%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 932bfbe12aae5690-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9661&min_rtt=719&rtt_var=9436&sent=165&recv=216&lost=0&retrans=0&sent_bytes=15303&recv_bytes=13793&delivery_rate=609756&cwnd=12000&unsent_bytes=0&cid=58df4fa86fb0878f&ts=3311&x=16"

ad.apl375.me/counter.php?bid=7700&timestamp=1745061325&hash=2037300208

104.21.82.118

201 Created

0 B

URL GET
ad.apl375.me/counter.php?bid=7700&timestamp=1745061325&hash=2037300208
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ad.apl375.me/getbanner.php?zone_id=196
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /counter.php?bid=7700&timestamp=1745061325&hash=2037300208 HTTP/1.1
Host: ad.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.apl375.me/getbanner.php?zone_id=196
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 201 Created
date: Sat, 19 Apr 2025 11:15:26 GMT
content-type: application/octet-stream
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2T6z7u%2B5I%2BsSrCSrdr206lHVBZc8NiIL0B0x84dHP7Q40NkmfBJjOQJasnpIJS9ge6abwVlzhJ8doh1lSSysYeSkAkzXc%2FnVzIffWRI6UWvdLS%2FzHmo8QPzpfH%2FBW%2Fo%3D"}],"group":"cf-nel","max_age":604800}
expires: Sat, 19 Apr 2025 11:15:25 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 932bfbed4b305690-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=10435&min_rtt=719&rtt_var=9139&sent=176&recv=227&lost=0&retrans=0&sent_bytes=19877&recv_bytes=15726&delivery_rate=8581&cwnd=12000&unsent_bytes=0&cid=58df4fa86fb0878f&ts=5241&x=16"

livestreams.click/live/daznlaliga_spain.php

172.67.207.222

200 OK

212 kB

URL User Request GET
livestreams.click/live/daznlaliga_spain.php
IP
172.67.207.222:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectlivestreams.click
FingerprintFA:D0:0A:0E:8C:C9:F2:2A:14:63:DB:79:A7:A1:33:B1:5B:73:AD:1E
ValidityWed, 26 Feb 2025 14:55:45 GMT - Tue, 27 May 2025 15:54:24 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (46410), with LF, NEL line terminators
Size
212 kB (212252 bytes)
Hash
629b49b49c4b165adc5e6cac3e22a42e
99a6fc798b6882182451f022fd2830a84f5363dc
d3b99d41dc490608484126562a065679055f3a7eb5ed24d866140ff408191531

HTTP Headers

GET /live/daznlaliga_spain.php HTTP/1.1
Host: livestreams.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:16 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 932bfba768887131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ii.apl375.me/js/pop.js

104.21.82.118

200 OK

3.4 kB

URL GET
ii.apl375.me/js/pop.js
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type
JavaScript source, ASCII text, with very long lines (3382), with CRLF line terminators
Size
3.4 kB (3430 bytes)
Hash
95040ce0d5d432074cd2ce429efc7536
e658b6cf1953cb9025d1569f18ac0e6d3c73de00
e03f6027fb5588ab5ae7950dea73d98ac24cda0f2b6840340130391e82fd4c72

HTTP Headers

GET /js/pop.js HTTP/1.1
Host: ii.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:21 GMT
content-type: application/javascript
server: cloudflare
last-modified: Wed, 08 Jul 2020 14:33:20 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 121460
etag: W/"5f05d930-d66"
content-encoding: br
cf-ray: 932bfbcc98410b51-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

139.45.197.105

204 No Content

0 B

URL POST
oudebsaucmoaftu.com/wrr?z=8635392&p_rid=11b07125-2ef3-4bc7-843f-e7b3bc04cfe2&rb=9kAba27QsrXrTZfnid0wA5gBc5a4r18FPBTiDsP7DwxMxUC3EFC0eR6P2AiZZ3ktXMadjdWeMFnyaZIYsWGdefHaHhI9Z-srW0a3vU8GYF2Jh9k9tL000-hWH_Js8C5CkGiigIxhpAb5PrA5M2Xe11Tg2acM8-FzYQPM7Ny5ibelOJrO-Dy8eOLuIDEZWFo7SLdVl3pUknq5DyqZ4NWVGpBmT-z3T3L5LI56KZ_JDSMTgaTxksodaVt75WK5DcgUvhXeTDb1e1jbEpG9w3nvom8VRYhs5DezdMFnY7BMii8=&dmn=oudebsaucmoaftu.com&userId=0081b056f1f24340f3f05c3639def639
IP
139.45.197.105:443
ASN
#9002 RETN Limited

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerLet's Encrypt
Subjectoudebsaucmoaftu.com
Fingerprint3E:57:18:B8:CF:46:7E:C2:63:61:14:EA:FD:80:DC:19:61:B5:3E:F1
ValidityWed, 16 Apr 2025 23:38:15 GMT - Tue, 15 Jul 2025 23:38:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wrr?z=8635392&p_rid=11b07125-2ef3-4bc7-843f-e7b3bc04cfe2&rb=9kAba27QsrXrTZfnid0wA5gBc5a4r18FPBTiDsP7DwxMxUC3EFC0eR6P2AiZZ3ktXMadjdWeMFnyaZIYsWGdefHaHhI9Z-srW0a3vU8GYF2Jh9k9tL000-hWH_Js8C5CkGiigIxhpAb5PrA5M2Xe11Tg2acM8-FzYQPM7Ny5ibelOJrO-Dy8eOLuIDEZWFo7SLdVl3pUknq5DyqZ4NWVGpBmT-z3T3L5LI56KZ_JDSMTgaTxksodaVt75WK5DcgUvhXeTDb1e1jbEpG9w3nvom8VRYhs5DezdMFnY7BMii8=&dmn=oudebsaucmoaftu.com&userId=0081b056f1f24340f3f05c3639def639 HTTP/1.1
Host: oudebsaucmoaftu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://livestreams.click/
content-type: application/json
Content-Length: 2587
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Sat, 19 Apr 2025 11:15:23 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://livestreams.click
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

cdn.creative-stat1.com/sb/ssp/interstitial/bottom_banner/1/img/close.svg

172.67.133.15

200 OK

1.3 kB

URL GET
cdn.creative-stat1.com/sb/ssp/interstitial/bottom_banner/1/img/close.svg
IP
172.67.133.15:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectcreative-stat1.com
Fingerprint0B:D7:09:43:6C:42:76:92:3B:8C:0E:15:43:A3:A3:AC:94:B2:C2:CB
ValiditySun, 13 Apr 2025 21:34:38 GMT - Sat, 12 Jul 2025 22:33:20 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1279 bytes)
Hash
369850b9873659adf0951d845f57dba1
a64257186daa33b6b318943a457b6cf8d80b26b6
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

HTTP Headers

GET /sb/ssp/interstitial/bottom_banner/1/img/close.svg HTTP/1.1
Host: cdn.creative-stat1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:25 GMT
content-type: image/svg+xml
server: cloudflare
last-modified: Fri, 19 Jan 2024 14:19:45 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 795471
etag: W/"65aa8501-4ff"
content-encoding: br
cf-ray: 932bfbe71c7856af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

a73.azplay5.me/hls/streama235852/416.ts

45.178.7.155

200 OK

1.4 MB

URL GET
a73.azplay5.me/hls/streama235852/416.ts
IP
45.178.7.155:443
ASN
#64122 SWISS GLOBAL SERVICES S.A.S

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerLet's Encrypt
Subjecta73.azplay5.me
Fingerprint14:89:B4:21:5A:D6:68:72:1E:2C:AA:8B:27:40:16:6D:62:74:04:2E
ValidityFri, 18 Apr 2025 18:27:46 GMT - Thu, 17 Jul 2025 18:27:45 GMT

File type
MPEG transport stream data
Size
1.4 MB (1409248 bytes)
Hash
91b34713024254b544d23e14c5d54828
31af8dc99d84b7909b634d97aec0a3ee2a906749
145173ec47fdd92dbb95bdfafca229d7b472ae65f4ba67ffad6d19e8f632cb0c

HTTP Headers

GET /hls/streama235852/416.ts HTTP/1.1
Host: a73.azplay5.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://emb.apl373.me
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Sat, 19 Apr 2025 11:15:27 GMT
Content-Type: video/mp2t
Content-Length: 1409248
Connection: keep-alive
Last-Modified: Sat, 19 Apr 2025 11:15:06 GMT
ETag: "680385ba-1580e0"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

pubtrky.com/ut/hb.php?cb=0.3872497371511009&v=1

104.21.8.108

204 No Content

0 B

URL POST
pubtrky.com/ut/hb.php?cb=0.3872497371511009&v=1
IP
104.21.8.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectpubtrky.com
FingerprintE5:4C:CF:74:BF:B8:D7:8B:39:F8:13:97:6C:AE:46:2B:E5:A8:E7:0B
ValidityFri, 07 Mar 2025 10:09:06 GMT - Thu, 05 Jun 2025 11:07:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ut/hb.php?cb=0.3872497371511009&v=1 HTTP/1.1
Host: pubtrky.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=utf-8
Content-Length: 831
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sat, 19 Apr 2025 11:15:18 GMT
server: cloudflare
access-control-allow-origin: *
via: 1.1 google
cf-cache-status: DYNAMIC
cf-ray: 932bfbb8884256c6-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wearychallengeraise.com/pixel/purst?dl=0&th=0&sc=0&rs=2052&rd=2052&fd=774&bv=25.3.2388&tmpl=70

192.243.61.227

200 OK

0 B

URL GET
wearychallengeraise.com/pixel/purst?dl=0&th=0&sc=0&rs=2052&rd=2052&fd=774&bv=25.3.2388&tmpl=70
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerLet's Encrypt
Subjectwearychallengeraise.com
FingerprintCA:85:55:24:7F:CE:B0:89:58:51:18:1A:79:82:36:40:F2:5E:45:8F
ValidityWed, 19 Feb 2025 03:29:13 GMT - Tue, 20 May 2025 03:29:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2052&rd=2052&fd=774&bv=25.3.2388&tmpl=70 HTTP/1.1
Host: wearychallengeraise.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 19 Apr 2025 11:15:17 GMT
Content-Length: 0
Connection: keep-alive
Host: wearychallengeraise.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

pdavbtkidyyra.click/script/ut.js?cb=1745061318019

172.67.199.177

200 OK

66 kB

URL GET
pdavbtkidyyra.click/script/ut.js?cb=1745061318019
IP
172.67.199.177:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectpdavbtkidyyra.click
FingerprintB4:0C:16:99:34:F5:ED:C5:DE:8B:23:51:D9:E5:C2:73:53:F7:C3:3E
ValidityThu, 17 Apr 2025 11:19:18 GMT - Wed, 16 Jul 2025 12:17:49 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65493), with no line terminators
Size
66 kB (66473 bytes)
Hash
4afa2ac99f97331dc98263d49022a958
60bb7c7c45ff14e8df86ef9e0b9a7a55a7d2baca
a4beaec54247a9a3cb97821ecdb68d39cacdcdcc62ae872c13c2cca2d3d88e32

HTTP Headers

GET /script/ut.js?cb=1745061318019 HTTP/1.1
Host: pdavbtkidyyra.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:18 GMT
content-type: text/javascript
server: cloudflare
x-guploader-uploadid: AKDAyIsPsIsj2hFNo70dx-DezTube6ZOgu18kbcp4WoHQ4PWwxr4YVmA9Zj684Sx6Sty3SnY1sA3RJU
x-goog-generation: 1733127707295818
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 66473
x-goog-hash: crc32c=VBET1w==, md5=SvoqyZ+XMx3JgmPUkCKpWA==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Sat, 19 Apr 2025 11:23:12 GMT
cache-control: public, max-age=14400
age: 2969
last-modified: Mon, 02 Dec 2024 08:21:47 GMT
cf-cache-status: HIT
etag: W/"4afa2ac99f97331dc98263d49022a958"
content-encoding: br
cf-ray: 932bfbb65a7e0b49-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vjs.zencdn.net/7.20.3/video.min.js

151.101.130.217

200 OK

584 kB

URL GET
vjs.zencdn.net/7.20.3/video.min.js
IP
151.101.130.217:443
ASN
#54113 FASTLY

Requested by
https://emb.apl373.me//player/live.php?id=235852&w=100%&h=100%
Certificate
IssuerGlobalSign nv-sa
Subjectvjs.zencdn.net
Fingerprint22:88:1F:07:1F:92:14:54:4B:E7:66:41:59:BF:5D:37:AF:C0:31:C7
ValidityTue, 07 Jan 2025 21:56:05 GMT - Sun, 08 Feb 2026 21:56:04 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (48447)
Size
584 kB (583743 bytes)
Hash
e8501cee3dd39de15e41eeb3298c9576
005d5d3fa2c5fff0b4819a2415c709d09a17fa92
46763816babdcf547c1cbedf9a54a7295648cbc1ae648f5620c8e11264b01fcc

HTTP Headers

GET /7.20.3/video.min.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://emb.apl373.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Fri, 09 Sep 2022 18:11:04 GMT
etag: "e8501cee3dd39de15e41eeb3298c9576"
content-type: application/javascript
content-encoding: gzip
date: Sat, 19 Apr 2025 11:15:21 GMT
x-served-by: cache-hel1410029-HEL
x-cache: HIT
x-cache-hits: 10
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 163091
X-Firefox-Spdy: h2

ad.apl375.me/counter.php?bid=7701&timestamp=1745061325&hash=3607505505

104.21.82.118

201 Created

0 B

URL GET
ad.apl375.me/counter.php?bid=7701&timestamp=1745061325&hash=3607505505
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ad.apl375.me/getbanner.php?zone_id=197
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /counter.php?bid=7701&timestamp=1745061325&hash=3607505505 HTTP/1.1
Host: ad.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.apl375.me/getbanner.php?zone_id=197
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 201 Created
date: Sat, 19 Apr 2025 11:15:27 GMT
content-type: application/octet-stream
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3IRrkI4tlskFdWPaudNzzD4xnoA6dlfHMmr%2Bg9%2FBZE054XumlC2pTNb86y8lw62W0CxUTJp8ZMoHr2nw%2FLDeQfU89cBPZgK5E0fBFoe8%2BeTeKAK%2BG4dDkxVzoGi9BeE%3D"}],"group":"cf-nel","max_age":604800}
expires: Sat, 19 Apr 2025 11:15:26 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 932bfbee2b375690-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9866&min_rtt=719&rtt_var=7993&sent=178&recv=229&lost=0&retrans=0&sent_bytes=20573&recv_bytes=16098&delivery_rate=9259&cwnd=12000&unsent_bytes=0&cid=58df4fa86fb0878f&ts=5392&x=16"

fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.35

200 OK

40 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint62:05:36:C2:8E:4C:CD:95:1E:1C:75:06:44:A3:57:E5:C0:17:02:80
ValidityMon, 31 Mar 2025 08:55:35 GMT - Mon, 23 Jun 2025 08:55:34 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Apr 2025 10:03:46 GMT
expires: Fri, 17 Apr 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 177103
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

livestreams.click/ds.js

172.67.207.222

200 OK

8.6 kB

URL GET
livestreams.click/ds.js
IP
172.67.207.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectlivestreams.click
FingerprintFA:D0:0A:0E:8C:C9:F2:2A:14:63:DB:79:A7:A1:33:B1:5B:73:AD:1E
ValidityWed, 26 Feb 2025 14:55:45 GMT - Tue, 27 May 2025 15:54:24 GMT

File type
JavaScript source, ASCII text, with very long lines (8560), with no line terminators
Size
8.6 kB (8560 bytes)
Hash
a41caf5294227669425cd5135a26b2a0
a26a13f88c51c37b58fbd8a6b444e9b9150fae16
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1

HTTP Headers

GET /ds.js HTTP/1.1
Host: livestreams.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/live/daznlaliga_spain.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:16 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2dc11g9bARxOX7C4uGe3ZX0ChVKcMJi2ikb%2BkJQ0MCRvQdQSEsDnVYzPkk0mAhDyme3OQsgh4gh1X9W7RPi%2BEUzD20mVZuveishGAbXhKY635WSW14Nbu7kX8cC%2BuCm14MC%2B1A%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Wed, 26 Feb 2025 15:47:22 GMT
vary: Accept-Encoding
etag: W/"67bf378a-2170"
expires: Sat, 19 Apr 2025 19:06:02 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
cf-cache-status: HIT
age: 14954
cf-ray: 932bfbacfd7456c7-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6183&min_rtt=776&rtt_var=5358&sent=83&recv=122&lost=0&retrans=0&sent_bytes=7598&recv_bytes=7123&delivery_rate=273417&cwnd=12000&unsent_bytes=0&cid=634670089be2888f&ts=492&x=16"

livestreams.click/embed01/daznliga.php

172.67.207.222

200 OK

0 B

URL HEAD
livestreams.click/embed01/daznliga.php
IP
172.67.207.222:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerGoogle Trust Services
Subjectlivestreams.click
FingerprintFA:D0:0A:0E:8C:C9:F2:2A:14:63:DB:79:A7:A1:33:B1:5B:73:AD:1E
ValidityWed, 26 Feb 2025 14:55:45 GMT - Tue, 27 May 2025 15:54:24 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /embed01/daznliga.php HTTP/1.1
Host: livestreams.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://livestreams.click/embed01/daznliga.php
Cookie: pp_main_bc0cea2cc67474235512f64ed7476bf4=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=44390a89-4f9c-46f4-8015-eee4888576c9%3A3%3A1; _ga_4X3D1TSXCP=GS1.1.1745061318.1.0.1745061318.0.0.0; _ga=GA1.1.634031272.1745061319
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 19 Apr 2025 11:15:19 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wPtvyw%2Bm49qqWShpcMb65owtsUAknCMTCb%2BzTlUtWIKqOtPeqvfkSVfcYW%2FpRmX0j7KfLdXH6qWprEoe5zPJNpXNhz%2FsN4eoMPcsLgCO1bU%2BDJvasjdj0k6nnRVrZwErI63YKA%3D%3D"}],"group":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 932bfbbf5e3f56c7-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3837&min_rtt=776&rtt_var=2625&sent=173&recv=139&lost=0&retrans=0&sent_bytes=98331&recv_bytes=9872&delivery_rate=10548&cwnd=24000&unsent_bytes=0&cid=634670089be2888f&ts=3505&x=16"

cdn.storageimagedisplay.com/si/f9/ac/55/f9ac551b25c9b589fc97d44eaf092491adc1b8251ef433b7cb57256a5f74dc77.png

45.133.44.1

200 OK

54 kB

URL GET
cdn.storageimagedisplay.com/si/f9/ac/55/f9ac551b25c9b589fc97d44eaf092491adc1b8251ef433b7cb57256a5f74dc77.png
IP
45.133.44.1:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://livestreams.click/embed01/daznliga.php
Certificate
IssuerLet's Encrypt
Subjectcdn.storageimagedisplay.com
Fingerprint44:32:60:54:16:79:8E:ED:60:B9:DD:B2:36:7C:B0:DC:CC:F5:B5:5C
ValidityWed, 12 Mar 2025 02:33:05 GMT - Tue, 10 Jun 2025 02:33:04 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x400, components 3
Size
54 kB (54201 bytes)
Hash
138819c70190c8244c8cbb88bf5a26fc
a7a17f536fc942b5332a0f1556cf2210947e5729
9f12ddd2a0009b4d719e46811f092d292a164c7da194883dd8917bf562c7d0c0

HTTP Headers

GET /si/f9/ac/55/f9ac551b25c9b589fc97d44eaf092491adc1b8251ef433b7cb57256a5f74dc77.png HTTP/1.1
Host: cdn.storageimagedisplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 19 Apr 2025 11:15:26 GMT
content-type: image/png
content-length: 54201
server: nginx/1.21.6
last-modified: Sun, 16 Mar 2025 03:27:50 GMT
etag: "67d64536-d3b9"
expires: Mon, 21 Apr 2025 11:15:26 GMT
cache-control: max-age=172800
x-cdn-host-id: ah0543
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

a27.azplay5.me/media/15142291.gif

45.141.56.198

200 OK

146 kB

URL GET
a27.azplay5.me/media/15142291.gif
IP
45.141.56.198:443
ASN
#213373 IP Connect Inc

Requested by
https://ad.apl375.me/getbanner.php?zone_id=204
Certificate
IssuerLet's Encrypt
Subjecta27.azplay5.me
Fingerprint4B:47:0D:C9:39:E9:4B:DF:B1:31:6C:CD:04:1B:0B:C6:E3:35:BE:3E
ValidityFri, 18 Apr 2025 18:43:43 GMT - Thu, 17 Jul 2025 18:43:42 GMT

File type
GIF image data, version 89a, 300 x 250
Size
146 kB (146237 bytes)
Hash
bee345492f5ceff3aa67ab79f1c0cc61
1e6cbe6a8e2095b8f6885a721e729a29f71274d8
a4a8afd96db4de1ef2d408e609dbacc086db8c9730091454dd7c231f9daa73b6

HTTP Headers

GET /media/15142291.gif HTTP/1.1
Host: a27.azplay5.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.apl375.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0
Date: Sat, 19 Apr 2025 11:15:25 GMT
Content-Type: image/gif
Content-Length: 146237
Connection: keep-alive
Last-Modified: Wed, 02 Apr 2025 10:41:25 GMT
ETag: "67ed1455-23b3d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes

ad.apl375.me/counter.php?bid=9368&timestamp=1745061324&hash=1167811249

104.21.82.118

201 Created

0 B

URL GET
ad.apl375.me/counter.php?bid=9368&timestamp=1745061324&hash=1167811249
IP
104.21.82.118:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ad.apl375.me/getbanner.php?zone_id=183&0.3791217036339496
Certificate
IssuerGoogle Trust Services
Subjectapl375.me
FingerprintBB:8D:BA:0B:27:8E:FD:85:02:1E:D7:EE:8C:1E:6F:CF:AF:FA:09:16
ValidityTue, 01 Apr 2025 07:57:18 GMT - Mon, 30 Jun 2025 08:55:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /counter.php?bid=9368&timestamp=1745061324&hash=1167811249 HTTP/1.1
Host: ad.apl375.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ad.apl375.me/getbanner.php?zone_id=183&0.3791217036339496
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 201 Created
date: Sat, 19 Apr 2025 11:15:26 GMT
content-type: application/octet-stream
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KmV0qIXyiRFvmQ98AcgYCNz5QXqpBZbms%2B0Kj6Tty%2BhkArkRARGZbsVcbK7Ca%2BHVugahmNqdgu5WD86y127dFDCrjzf8PEDFEXyDciXF4GHBZx%2BeckunRu0GR%2FlAqyQ%3D"}],"group":"cf-nel","max_age":604800}
expires: Sat, 19 Apr 2025 11:15:25 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 932bfbe87b015690-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=10314&min_rtt=719&rtt_var=9682&sent=172&recv=223&lost=0&retrans=0&sent_bytes=18486&recv_bytes=14983&delivery_rate=8416&cwnd=12000&unsent_bytes=0&cid=58df4fa86fb0878f&ts=4478&x=16"

youradexchange.com/script/suurl5.php?r=9664994&cbur=0.948274303735008&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&cbref=&cbdescription=&cbkeywords=&cbcdn=pdavbtkidyyra.click&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1745061317754&srs=c3410f1a49b9b34e89590713f3fe89b5&atv=58.3&abtg=1&adbv=3-cdn

172.67.177.214

302 Found

1.7 kB

URL GET
youradexchange.com/script/suurl5.php?r=9664994&cbur=0.948274303735008&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&cbref=&cbdescription=&cbkeywords=&cbcdn=pdavbtkidyyra.click&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1745061317754&srs=c3410f1a49b9b34e89590713f3fe89b5&atv=58.3&abtg=1&adbv=3-cdn
IP
172.67.177.214:443
ASN
#13335 CLOUDFLARENET

Requested by
https://livestreams.click/live/daznlaliga_spain.php
Certificate
IssuerGoogle Trust Services
Subjectyouradexchange.com
Fingerprint15:B3:64:96:16:B0:F4:77:6F:50:C1:66:99:8E:A6:A8:90:64:AD:7E
ValidityThu, 03 Apr 2025 15:59:56 GMT - Wed, 02 Jul 2025 16:56:55 GMT

File type

Size
1.7 kB (1744 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script/suurl5.php?r=9664994&cbur=0.948274303735008&cbiframe=0&cbWidth=1280&cbHeight=1024&cbtitle=&cbpage=https%3A%2F%2Flivestreams.click%2Flive%2Fdaznlaliga_spain.php&cbref=&cbdescription=&cbkeywords=&cbcdn=pdavbtkidyyra.click&ufp=Linux%20x86_64%2FMozilla%2FNetscape%2Ftrue%2Ffalse%2F1280x10240en-USunknown4824%20bits&ts=1745061317754&srs=c3410f1a49b9b34e89590713f3fe89b5&atv=58.3&abtg=1&adbv=3-cdn HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://livestreams.click/
Origin: https://livestreams.click
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 19 Apr 2025 11:15:18 GMT
content-type: text/html; charset=utf-8
location: https://youradexchange.com/script/iprp.php?t=1&c=23598160&stamat=m%257C%252C%252CQjF-o3E-oGU3BP-GH0dEdHP3xP.f65%252Cj03dyx5YWAoVgmoUE_JY3wxF69aYfrCf6DMXwuGEi4IQfN2FbM78m1TpjoVFHgv7w8NR1DzrNEDEAzuk8gQQvPwHOVDhtVp4kX8gKIxyF6-SsMdJHDrwrSre21-DHlIXTI2MYf1RLG8OAhjmlXA-Y5LXhPZV4mHuRuQWZmRNI9dbHhjF-JhUehiQFqnNLhzMgcozL9k8p7svHa51sfWbizMRUNQTMNna6PcxXbaCi3BMU0q7V4WVhHFRPIEa1nlaXnxD18XEZ-e7bwDcReEvjEOXa6o40eQlYgfAuF_rVsoVhCcuDDYdp642OQvJxqn5GNmcwJusJRWLlGEsR2Qk8_9cjQm0bTei61XjQ-e1zADuo5cKB9CnVOiyEktnAHJRde88I4WU66amLi4zb_1jAC-tmFD_eFuTaoAeRFHrFWoCTdV7mScF9HHtVDQMMnqbSsrLqp-3ZkNBBHhUfDf_d1efZtwOH1U3kcHWdecv4T_vsZ73lzOZoAEHV8xs5WiRCxRJ8K_IO4SRyBr1XTDgsQ0sggYQhxl4FKQo7YFLmPB9HFNgsPh1K-mOIFToqzxfgPQlYIi4WeaFIbpu6J3pawuml7gMymuFZ1KzXw7CFgz3ff1ska3DyJ79wWCvns2O
server: cloudflare
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
via: 1.1 google
cf-cache-status: DYNAMIC
cf-ray: 932bfbb4eebb56c4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (38)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML