cclickpops.pro/cr38l3k.php?key=4ecc93a66d28ff1a7c25&clickId=GMvsAzj3kgNo4tgqcPfIggHoAbnvSPEBAAAAAAAARED5Ac3MzMzMzDxAgALSgODV5ozg0AE&Cost=0&zoneId=1193913&ageGroup=UNKNOWN&campaignId=699490&feed=0&browserVersion=0&os=linux&osVersion=&carrier=Google+user-triggered+fetchers&creativeId=2139255&browser=Other
157.90.94.62307 Temporary Redirect 0 B URL User Request GET HTTP/2 cclickpops.pro/cr38l3k.php?key=4ecc93a66d28ff1a7c25&clickId=GMvsAzj3kgNo4tgqcPfIggHoAbnvSPEBAAAAAAAARED5Ac3MzMzMzDxAgALSgODV5ozg0AE&Cost=0&zoneId=1193913&ageGroup=UNKNOWN&campaignId=699490&feed=0&browserVersion=0&os=linux&osVersion=&carrier=Google+user-triggered+fetchers&creativeId=2139255&browser=Other
IP 157.90.94.62:443
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectcclickpops.pro
FingerprintB7:55:43:83:AE:79:E2:09:98:6A:64:B0:C4:1D:54:74:35:96:E1:42
ValidityTue, 09 Apr 2024 14:38:17 GMT - Mon, 08 Jul 2024 14:38:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /cr38l3k.php?key=4ecc93a66d28ff1a7c25&clickId=GMvsAzj3kgNo4tgqcPfIggHoAbnvSPEBAAAAAAAARED5Ac3MzMzMzDxAgALSgODV5ozg0AE&Cost=0&zoneId=1193913&ageGroup=UNKNOWN&campaignId=699490&feed=0&browserVersion=0&os=linux&osVersion=&carrier=Google+user-triggered+fetchers&creativeId=2139255&browser=Other HTTP/1.1
Host: cclickpops.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 307 Temporary Redirect
date: Sat, 04 May 2024 07:24:12 GMT
location: https://www.rolltrk4.com/K3XPM3Q/3796KCK/?source_id=1193913&sub1=coqu5734mbic73fuslug
server: Caddy
set-cookie: uclick=ybiOkwxeat813+b2YWCYvjQhNfA4anQZRjrVxT2NPOiW5FCdDyC0OcgM2BDeBbxv253UPeF2; Max-Age=31536000; SameSite=Lax
bcid=coqu5734mbic73fuslug; Max-Age=31536000; SameSite=Lax
cid=coqu5734mbic73fuslug; Max-Age=31536000; SameSite=Lax
x-request-id: 67a18ecc-27e9-4a0e-8e29-4f7180ee1412
content-length: 0
X-Firefox-Spdy: h2
IP 192.124.249.23:0
Hash f9c997c838945439e8e26ee1b624450c
d28634e2fd4558d7a68f3d939de4247e6ce96b2e
cdbf1a06c40e32f1d4ac1278a7eadae26ce787e1b6e417fde8209282c5044206
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 04 May 2024 07:24:12 GMT
Content-Type: application/ocsp-response
Content-Length: 2148
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 03 May 2024 16:07:41 GMT
Expires: Sat, 04 May 2024 16:07:41 GMT
ETag: "d28634e2fd4558d7a68f3d939de4247e6ce96b2e"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.rolltrk4.com/K3XPM3Q/3796KCK/?source_id=1193913&sub1=coqu5734mbic73fuslug
34.149.124.125204 No Content 0 B URL User Request GET HTTP/2 www.rolltrk4.com/K3XPM3Q/3796KCK/?source_id=1193913&sub1=coqu5734mbic73fuslug
IP 34.149.124.125:443
ASN #396982 GOOGLE-CLOUD-PLATFORM
Certificate IssuerStarfield Technologies, Inc.
Subjectki42jfne.com
Fingerprint60:28:7C:A4:A3:73:24:EA:02:E2:77:B7:48:53:4A:55:81:05:6A:34
ValidityTue, 09 Apr 2024 15:29:32 GMT - Sat, 08 Mar 2025 22:43:41 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /K3XPM3Q/3796KCK/?source_id=1193913&sub1=coqu5734mbic73fuslug HTTP/1.1
Host: www.rolltrk4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx
date: Sat, 04 May 2024 07:24:13 GMT
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
vary: Origin
x-eflow-request-id: 187126db-f514-445c-b4e8-952e25ada6c5
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
IP 192.124.249.24:0
Hash f9c997c838945439e8e26ee1b624450c
d28634e2fd4558d7a68f3d939de4247e6ce96b2e
cdbf1a06c40e32f1d4ac1278a7eadae26ce787e1b6e417fde8209282c5044206
POST / HTTP/1.1
Host: ocsp.starfieldtech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 04 May 2024 07:24:13 GMT
Content-Type: application/ocsp-response
Content-Length: 2148
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 03 May 2024 16:07:41 GMT
Expires: Sat, 04 May 2024 16:07:41 GMT
ETag: "d28634e2fd4558d7a68f3d939de4247e6ce96b2e"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
IP 157.90.94.62:0
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectcclickpops.pro
FingerprintB7:55:43:83:AE:79:E2:09:98:6A:64:B0:C4:1D:54:74:35:96:E1:42
ValidityTue, 09 Apr 2024 14:38:17 GMT - Mon, 08 Jul 2024 14:38:16 GMT
Hash 48a73a4bd3176fbc096625bb7d4afa3f
c6068658652b4ce7eb408f699085d0738e1b244b
8699bf1eda7e016dec3efeff8db5e3400183e9ebf6ce42355b97b843def2b035
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: cclickpops.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Content-Length: 24
Content-Type: application/json; charset=UTF-8
Date: Sat, 04 May 2024 07:24:15 GMT
Server: Caddy
X-Request-Id: 51a8057e-831f-4144-9f7f-4383fbf61faa