| | 8.219.247.160 | 301 Moved Permanently | 162 B |
URL User Request GET HTTP/2IP8.219.247.160:443 ASN#45102 Alibaba US Technology Co., Ltd.
CertificateIssuerLet's Encrypt Subjectcclickks.com Fingerprint67:24:6A:50:AA:B7:DE:CD:F0:FD:3F:DD:72:ED:C8:45:86:96:44:09 ValidityTue, 07 May 2024 12:43:55 GMT - Mon, 05 Aug 2024 12:43:54 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash4f8e702cc244ec5d4de32740c0ecbd97 3adb1f02d5b6054de0046e367c1d687b6cdf7aff 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /fbt HTTP/1.1
Host: csaclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 10 May 2024 15:23:19 GMT
content-type: text/html
content-length: 162
location: https://csaclick.com/fbt/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
|
|
| csaclick.com/push.js | 8.219.247.160 | 200 OK | 698 B |
IP8.219.247.160:443 ASN#45102 Alibaba US Technology Co., Ltd.
Requested byhttps://csaclick.com/fbt/ CertificateIssuerLet's Encrypt Subjectcclickks.com Fingerprint67:24:6A:50:AA:B7:DE:CD:F0:FD:3F:DD:72:ED:C8:45:86:96:44:09 ValidityTue, 07 May 2024 12:43:55 GMT - Mon, 05 Aug 2024 12:43:54 GMT
Hashafb5cb7a2364b7feb604c371972a1e68 8d2f6b496ef54c12510586bc9ac7e62411242eee 98cc646122e9b03ee2783643d4e115aebe0687ceb9ab366a958019dbc046fa8e
GET /push.js HTTP/1.1
Host: csaclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csaclick.com/fbt/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 15:23:20 GMT
content-type: application/javascript
content-length: 698
last-modified: Tue, 07 May 2024 08:05:38 GMT
etag: "6639e0d2-2ba"
expires: Sat, 11 May 2024 03:23:20 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| poavoabe.net/zone?&pub=0&zone_id=7438708&is_mobile=false&domain=csaclick.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=fced32e3-fc2a-475c-937a-72fb6ef77179&action=prerequest | 139.45.197.251 | 200 OK | 0 B |
URL POST HTTP/2poavoabe.net/zone?&pub=0&zone_id=7438708&is_mobile=false&domain=csaclick.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=fced32e3-fc2a-475c-937a-72fb6ef77179&action=prerequest IP139.45.197.251:443
Requested byhttps://csaclick.com/fbt/ CertificateIssuerLet's Encrypt Subjectpoavoabe.net FingerprintEA:0B:FC:6A:9F:F2:C8:BB:63:B0:A9:3E:B1:A6:7B:52:34:86:5B:A4 ValidityMon, 15 Apr 2024 05:23:56 GMT - Sun, 14 Jul 2024 05:23:55 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=7438708&is_mobile=false&domain=csaclick.com&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=fced32e3-fc2a-475c-937a-72fb6ef77179&action=prerequest HTTP/1.1
Host: poavoabe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://csaclick.com
DNT: 1
Connection: keep-alive
Referer: https://csaclick.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 15:23:20 GMT
content-length: 0
x-trace-id: 85fffc728e621fa46168bd3704857639
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://csaclick.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://csaclick.com/fbt/ CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 243
Origin: https://csaclick.com
DNT: 1
Connection: keep-alive
Referer: https://csaclick.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 15:23:20 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: eba41a9728581ab771c5396f5c0f29e1
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://csaclick.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://csaclick.com/fbt/ CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 245
Origin: https://csaclick.com
DNT: 1
Connection: keep-alive
Referer: https://csaclick.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 15:23:20 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: a822b6fc21cd2e67e7c04dad6968c427
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://csaclick.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://csaclick.com/fbt/ CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 246
Origin: https://csaclick.com
DNT: 1
Connection: keep-alive
Referer: https://csaclick.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 15:23:20 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: cd87c1f436ba1b9804bac0931fcd37eb
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://csaclick.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://csaclick.com/fbt/ CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://csaclick.com/
Origin: https://csaclick.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 15:23:20 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://csaclick.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| poavoabe.net/pfe/current/micro.tag.min.js?z=7438708&sw=/sw-check-permissions-164e8.js | 139.45.197.251 | 200 OK | 15 kB |
URL GET HTTP/2poavoabe.net/pfe/current/micro.tag.min.js?z=7438708&sw=/sw-check-permissions-164e8.js IP139.45.197.251:443
Requested byhttps://csaclick.com/fbt/ CertificateIssuerLet's Encrypt Subjectpoavoabe.net FingerprintEA:0B:FC:6A:9F:F2:C8:BB:63:B0:A9:3E:B1:A6:7B:52:34:86:5B:A4 ValidityMon, 15 Apr 2024 05:23:56 GMT - Sun, 14 Jul 2024 05:23:55 GMT
File typegzip compressed data, max speed, from Unix Hash5fa7f5ebf5b62b5913b9195335fcb476 8fffe42b136cf5beb31424cc8e18e63126d201da 44de9cf6eaf65ffbbf261d842041ae714acb5f1dc5ade6b490379fab1c7cf32d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?z=7438708&sw=/sw-check-permissions-164e8.js HTTP/1.1
Host: poavoabe.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csaclick.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 15:23:20 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:48:52 GMT
etag: W/"662a3514-9116"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| csaclick.com/favicon.ico | 8.219.247.160 | 404 Not Found | 146 B |
IP8.219.247.160:443 ASN#45102 Alibaba US Technology Co., Ltd.
Requested byhttps://csaclick.com/fbt/ CertificateIssuerLet's Encrypt Subjectcclickks.com Fingerprint67:24:6A:50:AA:B7:DE:CD:F0:FD:3F:DD:72:ED:C8:45:86:96:44:09 ValidityTue, 07 May 2024 12:43:55 GMT - Mon, 05 Aug 2024 12:43:54 GMT
File typeHTML document, ASCII text, with CRLF line terminators Hash8eec510e57f5f732fd2cce73df7b73ef 3c0af39ecb3753c5fee3b53d063c7286019eac3b 55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /favicon.ico HTTP/1.1
Host: csaclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csaclick.com/fbt/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 10 May 2024 15:23:20 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2
|
|
| csaclick.com/sw-check-permissions-164e8.js?zoneId=7438708 | 8.219.247.160 | 200 OK | 566 B |
URL GET HTTP/2csaclick.com/sw-check-permissions-164e8.js?zoneId=7438708 IP8.219.247.160:443 ASN#45102 Alibaba US Technology Co., Ltd.
Requested byhttps://csaclick.com/fbt/ CertificateIssuerLet's Encrypt Subjectcclickks.com Fingerprint67:24:6A:50:AA:B7:DE:CD:F0:FD:3F:DD:72:ED:C8:45:86:96:44:09 ValidityTue, 07 May 2024 12:43:55 GMT - Mon, 05 Aug 2024 12:43:54 GMT
Hash1996c42e22ccd2f8d816f212865b4e0c 0f0d827b3c756825a819b6b7b1a89a0920f2134d 7e55220aa499769446bc2a7b714801888bf0d28956c9c8a1eeedc5af703beb50
GET /sw-check-permissions-164e8.js?zoneId=7438708 HTTP/1.1
Host: csaclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://csaclick.com/fbt/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 15:23:20 GMT
content-type: application/javascript
content-length: 566
last-modified: Tue, 07 May 2024 13:42:14 GMT
etag: "663a2fb6-236"
expires: Sat, 11 May 2024 03:23:20 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| | 8.219.247.160 | 200 OK | 1.2 kB |
URL User Request GET HTTP/2IP8.219.247.160:443 ASN#45102 Alibaba US Technology Co., Ltd.
CertificateIssuerLet's Encrypt Subjectcclickks.com Fingerprint67:24:6A:50:AA:B7:DE:CD:F0:FD:3F:DD:72:ED:C8:45:86:96:44:09 ValidityTue, 07 May 2024 12:43:55 GMT - Mon, 05 Aug 2024 12:43:54 GMT
File typeHTML document, ASCII text, with very long lines (1206), with no line terminators Hashc363a48d6df4a5bd2172160a3f4b8880 05cef8819cb875183a55ef38699c2758a002f0fc a23cf7fafee0dcb0d019fb32586e3087f3515a8ab166d509eb732bbec7f664ca
GET /fbt/ HTTP/1.1
Host: csaclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 10 May 2024 15:23:19 GMT
content-type: text/html
last-modified: Wed, 08 May 2024 10:15:44 GMT
vary: Accept-Encoding
etag: W/"663b50d0-483"
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|