The "Pickim" config is designed to automate the validation of MAC addresses against IPTV servers. It specifically targets , which are middleware interfaces (like those found on MAG boxes) that use a device's unique MAC address for authentication rather than a standard username and password. Core Functionality
: Triggered if the server returns status active, expiration dates in the future, or active channel packages.
Once the handshake request is successful, the configuration captures the temporary authorization token ( token ). It then fires a secondary request ( action=get_profile ) using the parsed token to verify account details:
In the automation and configuration ecosystem, individual creators write, optimize, and share their custom scripts. "pickim" is the moniker of the specific developer or user who coded, optimized, or distributed this particular OpenBullet config.
Always use the latest version of OpenBullet or OpenBullet 2 for better stability. The "Pickim" config is designed to automate the
The system is widely deployed across both legitimate IPTV services and unauthorized streaming operations. A typical Stalker Portal URL follows a standard format ending in /c/ or /stalker_portal/c/ , making these endpoints a prime target for automated scanning tools.
saw four judgments handed down by the Patent and Market Court of Appeal during 2024 concerning illegal IPTV networks. One case involved a large-scale operation that was described as “organized, business-like” and generated “substantial revenue” as the perpetrators’ main source of income, resulting in stiff prison sentences.
MacAttack’s functionality includes:
A web testing suite used here for automated credential checking. A Specialized Config: You need a Once the handshake request is successful, the configuration
Stalker Portals are specialized middleware solutions (historically developed by Infomir) used by IPTV providers to manage subscribers. Instead of standard username and password combinations, Stalker Portals heavily rely on hardware identification:
Using the OpenBullet Stacker interface , add the following sequence:
: Unlike standard IPTV playlists that use a username and password (XC API), many traditional IPTV systems authenticate users solely based on their device's physical hardware identifier, known as a Media Access Control (MAC) address . These addresses typically start with the prefix 00:1A:79: .
This indicates that OpenBullet is being used as the automated scanning engine specifically targeting IPTV servers. Always use the latest version of OpenBullet or
The SANS Internet Storm Center has observed widespread scanning for Stalker Portal endpoints, noting that requests for files like version.js , system_api.php , live.php , and clients_live.php are evenly distributed across multiple ports, indicating automated botnets actively hunting for vulnerable installations. These requests can, in some cases, allow an attacker to download content directly from compromised devices.
Because Stalker portals employ baseline Rate Limiting (restricting the number of HTTP requests allowed per minute per IP address), scanners cannot operate from a single network identity. Configurations must pull from high-quality residential or rotating HTTP/S proxy lists. This masks the scanner traffic pattern, spreading thousands of credential attempts across thousands of unique IP nodes. Security Mitigations for System Administrators
: When a client requests connection to a Stalker server, the server expects an API handshake via specific endpoints, usually located at /portal.php or /v0.1/index.php .
Open OpenBullet, go to the Config Manager , and select the Pickim IPTV MAC Scanner.