Report - sh.st/TmIp

Report Overview

Submitted URL
sh.st/TmIp
IP
104.26.7.218
ASN
#13335 CLOUDFLARENET
Submitted
2023-06-17 05:55:24
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
endangersquarereducing.com	unknown	2022-04-07	2022-04-12	2023-06-12	361 B	21 kB	192.243.59.20
simplewebanalysis.com	unknown	2022-02-15	2022-02-25	2023-06-16	422 B	417 B	52.58.93.188
xngqoc.com	unknown	2023-03-03	2023-03-03	2023-06-17	1.4 kB	543 B	185.162.85.14
eu.doctorpost.net	10457	2021-12-22	2021-12-23	2023-06-16	565 B	192 B	38.100.129.67
clkmein.com	165181	2017-04-19	2017-04-24	2023-06-14	2.5 kB	40 kB	104.26.4.107
friendshipmale.com	unknown	2022-10-21	2022-10-21	2023-06-16	315 B	28 kB	172.64.202.23
ja.rewashwudu.com	unknown	2022-10-04	2022-10-04	2023-06-14	328 B	1.5 kB	23.109.82.97
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15	2023-06-16	2.3 kB	181 kB	172.64.197.23
banquetunarmedgrater.com	unknown	2022-08-04	2022-08-04	2023-06-16	329 B	327 B	192.243.61.225
ocsp.r2m01.amazontrust.com	unknown	2007-05-11	2022-10-12	2023-06-17	340 B	942 B	54.230.80.227
addresseepaper.com	18169	2021-11-01	2021-11-01	2023-06-16	315 B	356 B	199.59.243.223
i.wmgtr.com	13696	2020-09-11	2020-09-11	2023-06-16	414 B	18 kB	45.133.44.32
xdiwbc.com	unknown	2023-02-07	2023-02-07	2023-06-17	856 B	11 kB	172.64.197.39
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-06-17	867 B	98 kB	142.250.74.168
ubbfpm.com	unknown	2022-05-31	2022-05-31	2023-06-17	402 B	201 kB	95.216.206.230
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-06-17	518 B	47 kB	216.58.207.227
respectablecharacteristicrider.com	unknown	2023-06-14	2023-06-14	2023-06-14	785 B	15 kB	173.233.137.44
ptauxofi.net	35628	2021-03-31	2021-03-31	2023-06-14	3.8 kB	142 kB	139.45.197.250
my.rtmark.net	9054	2014-10-29	2015-02-04	2023-06-16	507 B	739 B	139.45.195.8
prhzxq.com	unknown	2022-06-29	2022-06-29	2023-06-17	1.0 kB	96 kB	185.162.85.3
sh.st	118569	2013-07-01	2014-06-27	2023-06-14	468 B	93 kB	104.26.7.218
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-06-16	2.3 kB	4.9 kB	142.250.74.131
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-06-17	770 B	49 kB	142.250.74.106
unseenreport.com	unknown	2022-03-30	2022-03-30	2023-06-16	1.3 kB	846 B	192.243.59.12
static.sh.st	276104	2013-07-01	2016-10-20	2023-06-14	1.1 kB	118 kB	104.26.6.218
cdn.barscreative1.com	25648	2021-09-08	2021-09-16	2023-06-16	464 B	1.3 kB	45.133.44.4
superiorickyfreshen.com	unknown	2023-05-16	2023-06-01	2023-06-17	6.6 kB	10 kB	192.243.59.20
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2023-06-16	1.5 kB	1.5 kB	139.45.197.250

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator
2023-06-17	medium	respectablecharacteristicrider.com
2023-06-17	medium	addresseepaper.com
2023-06-17	medium	xngqoc.com
2023-06-17	medium	xngqoc.com
2023-06-17	medium	respectablecharacteristicrider.com
2023-06-17	medium	xngqoc.com
2023-06-16	medium	unseenreport.com
2023-06-16	medium	unseenreport.com
2023-06-17	medium	superiorickyfreshen.com
2023-06-17	medium	superiorickyfreshen.com
2023-06-17	medium	superiorickyfreshen.com
2023-06-17	medium	superiorickyfreshen.com
2023-06-17	medium	superiorickyfreshen.com
2023-06-17	medium	superiorickyfreshen.com
2023-06-17	medium	superiorickyfreshen.com
2023-06-17	medium	superiorickyfreshen.com

ThreatFox

No alerts detected

JavaScript (24)

	URL	Size	First Seen	Last Seen
	ubbfpm.com/ms/1102360/inpage.js	201 kB	2023-04-06	2024-03-06
Pretty URL ubbfpm.com/ms/1102360/inpage.js IP 95.216.206.230 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 00:22:18 Last Seen2024-03-06 04:49:02 Times Seen540 Hash af413834dffb762ffcfa6c20ce98ad42 1cc019785a20cf05f8804da008409a6ed8ba4a72 37800f9f2bb9d6543c17667dca9695da535d5b01fcf095db9d20d9782f1d22d0 Loading...

	unknown	103 kB	2023-06-15	2023-06-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-15 17:30:58 Last Seen2023-06-21 13:47:10 Times Seen137 Hash 08c89f96df68ac7c313b6c149a874b02 011d811e20041d0e654192b1f5dfc3f0801d5341 4e6a7f6a765f9221293d9b89110d66de87b602fb10ccf77c2441ca0e8534d5cd Loading...

	unknown	26 kB	2023-03-07	2024-07-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:51 Last Seen2024-07-27 00:12:07 Times Seen2337 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

	clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=	26 kB	2023-06-06	2023-06-28
Pretty URL clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r= IP 104.26.4.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-06 17:14:41 Last Seen2023-06-28 07:45:26 Times Seen20 Hash 48ea58a062d34062336e9b25aaf3b0e2 04359b3911f05659fa0d9f9df3af118750134ed2 e2e150421ef46cc7e6bf5865b53d6bc47489e7bcae4434acd7c35aa61507d162 Loading...

	clkmein.com/sandbox%20eval%20code	147 B	2023-04-11	2024-07-27
Pretty URL clkmein.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-07-27 07:00:39 Times Seen385056 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=	412 B	2023-03-07	2024-03-06
Pretty URL clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r= IP 104.26.4.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24:13 Last Seen2024-03-06 04:49:01 Times Seen287 Hash e57a17959756709555be23700fdf86e0 5f995918711370e6c6847a0942d9007cf364cc21 537be2c7d2a919573cfcb2a600e327546e046b656e1ff22513ca98f03965a3ed Loading...

	static.sh.st/js/packed/interstitial-page.js?2022-06-29.0	81 kB	2023-04-06	2024-03-06
Pretty URL static.sh.st/js/packed/interstitial-page.js?2022-06-29.0 IP 104.26.6.218 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 00:22:18 Last Seen2024-03-06 04:49:02 Times Seen492 Hash 06eb8d871dccb0da41b67abac7022ba9 dbe95283dcf49fac294a7d3445efad665c2ee790 88bb3be0111402f5ca81aaa36cbf7c4a2755099c5d0446831331e1d1d8e7a1ef Loading...

	www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ	107 kB	2023-06-17	2023-06-17
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-17 07:55:25 Last Seen2023-06-17 07:55:25 Times Seen2 Hash 40fd4fcd4cfc0e66ea0355c9ac0eeccb d94705e6b7ba44b6e796c1ff3eac2560691aba16 839b4fa4c3106c7a62dc9bf9492eedf103b593eec8fb478a3c11ef69cd0c69f1 Loading...

	www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c	143 kB	2023-06-17	2023-06-17
Pretty URL www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-17 07:55:25 Last Seen2023-06-17 07:55:25 Times Seen2 Hash 13a6c633fb71a750aeba3a04f7285194 232779274ab266356468b01be8a64446a2bbac4b 195ba2ad52fb8dd0ea3f09831eb5308d41791f262a5bec5d7007112c2ce76506 Loading...

	endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js	59 kB	2023-06-17	2023-06-17
Pretty URL endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-17 07:55:25 Last Seen2023-06-17 07:55:25 Times Seen2 Hash 95ee65c71e53e72dfa9d9d2d74e69400 eac1d46c347c6029b3b8fc781e2bb7e2dea3d15c 76f574d45e9a4e84208b7999f23342e0ca6fc94832d5e933a63ec3d72cbb3554 Loading...

	ja.rewashwudu.com/fmwhVStpL4dxap/46223	6 B	2023-03-07	2024-07-27
Pretty URL ja.rewashwudu.com/fmwhVStpL4dxap/46223 IP 23.109.82.97 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31:39 Last Seen2024-07-27 06:59:35 Times Seen13181 Hash 4fc71bf68a1d477bd1523733e34d1e90 15119105cffbe108b6cf290146ab02c9aa8517ba 74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce Loading...

	clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=	385 B	2023-03-07	2024-03-06
Pretty URL clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r= IP 104.26.4.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24:13 Last Seen2024-03-06 04:49:01 Times Seen287 Hash 18f785c58c9ad2590695ebb6a75b48f0 9260be0a1f90cd980c5cd2197dfe4835100a31f6 8ff650b1e7d5cdd15bd9b492c15b443a53cf3fa85f0ed1ab907afe74aa127d92 Loading...

	respectablecharacteristicrider.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js	37 kB	2023-06-17	2023-06-17
Pretty URL respectablecharacteristicrider.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js IP 173.233.137.44 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-17 07:55:25 Last Seen2023-06-17 07:55:25 Times Seen2 Hash 76875fc28094ec5e778984d213846d58 5045237b10561f40562a4e3e4049c6def80d417e 674fea4cacc6ab4b2e9c45e64cea81140ee5eaf8e3b8481faef47666b68a9352 Loading...

	friendshipmale.com/sfp.js	86 kB	2023-04-05	2023-08-25
Pretty URL friendshipmale.com/sfp.js IP 172.64.202.23 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 07:35:42 Last Seen2023-08-25 11:30:02 Times Seen8520 Hash 8bf542db65f0ff20d510889d62e5e092 1b1b7cc04275b7641e2f07b0f4bf99b5387303bf 77a3bebee72af7beb49cd94b7f16852a532aac5f3db8f610160440fe75ca4711 Loading...

	unknown	612 B	2023-03-07	2023-10-31
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:41 Last Seen2023-10-31 22:26:40 Times Seen6 Hash 998da7e917d5a46dd84dcd609fd2f624 f638d6a8d3fb4c95166decbbc1c4b9d1fc4f9259 4b9bf6c08e604412ef281a7b02a3a176fcb9509e1239dfa881fe8da207cbc37f Loading...

	ptauxofi.net/pfe/current/tag.min.js?z=4157053	15 kB	2023-06-15	2023-06-21
Pretty URL ptauxofi.net/pfe/current/tag.min.js?z=4157053 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-15 17:30:58 Last Seen2023-06-21 13:47:10 Times Seen121 Hash 14c32934745032eb37f0f3a47d4904d5 d078f01e7573173a0f604609b4e7c487f41fea4d d6b4dda90bc32eca22039b16c531e9c247dd85927a4ab83181c240f709efe0e5 Loading...

	clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=	173 B	2023-03-07	2024-03-06
Pretty URL clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r= IP 104.26.4.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24:13 Last Seen2024-03-06 04:49:02 Times Seen287 Hash a881bba8a59d80992e9c397d3cc3d67a 85ab04d40c85bd897b78a88dd6da95671fa6d64e dbd5a5ffb649a1301d16a94539210972ab60b8e7972f4b073d6199a6c5268888 Loading...

	clkmein.com/shortest-url/end-adsession?adSessionId=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a&adbd=0&callback=reqwest_1686981305746	106 B	2023-06-17	2023-06-17
Pretty URL clkmein.com/shortest-url/end-adsession?adSessionId=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a&adbd=0&callback=reqwest_1686981305746 IP 104.26.4.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-17 07:55:25 Last Seen2023-06-17 07:55:25 Times Seen2 Hash 3dc12a4332c1021d7294a1365af720a2 b456a5f958a298096d92135d8525463d3c256fd9 ca21f8ca106ed754cefe2136d44c15f58b62cfad4f5a36d9f4c2e1bf77a4e4a4 Loading...

	clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=	2.7 kB	2023-06-17	2023-06-17
Pretty URL clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r= IP 104.26.4.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-17 07:55:25 Last Seen2023-06-17 07:55:25 Times Seen1 Hash 1bd1cd4103adf4bf2ed70227d7f419c4 ba63ca02a46af8edcb681eb4ecc6da2deb4c4538 6b16e6f3635f932f14bcaa86b1ac49cbcbf2c4e745efc72f4d319baa8a7b4d32 Loading...

	clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=	224 B	2023-03-07	2024-03-06
Pretty URL clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r= IP 104.26.4.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:24:13 Last Seen2024-03-06 04:49:02 Times Seen285 Hash 1257ac8e5dfe1e338f9a7190fac3bf8b 91039ad3afbab7525d86a3220ded4109a7f112a7 dbfe45437742f1831de6c1818e9060e0ec9d588b4779558f9c91f621453666ea Loading...

	clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=	338 B	2023-03-12	2023-12-20
Pretty URL clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r= IP 104.26.4.107 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 20:12:48 Last Seen2023-12-20 10:32:35 Times Seen15 Hash 638f6c7b6879e9a3ef189087bbbef3de 061dd67f36c14d477da292a92467b63266087a65 a9aaaa107c257ba6e6817f053476b511102167891eb49a4c1eb8fc0b4a4414fe Loading...

	banquetunarmedgrater.com/advertisers.js	0 B	2023-03-07	2024-07-27
Pretty URL banquetunarmedgrater.com/advertisers.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-07-27 07:15:04 Times Seen41189289 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-07-27
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-07-27 07:00:40 Times Seen384404 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

		Size	First Seen	Last Seen
	#1 Write - 2ca06deb2e1c7a1d2e8441b9fd532301	51 kB	2023-03-07	2023-12-31
Pretty Observations First Seen2023-03-07 12:24:05 Last Seen2023-12-31 00:41:38 Times Seen85 Hash 2ca06deb2e1c7a1d2e8441b9fd532301 4f7dfa45a759034e7c96d78f86f68f28b207959b 0d1f38ccb3dd3a8ebfd3dfd4d887f04ae1d237498932ab1cefb4b21fcec3b056 Loading...

HTTP Transactions (68)

URL IP Response Size

clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

104.26.4.107

200 OK

35 kB

URL User Request GET HTTP/1.1
clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
IP
104.26.4.107:80
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (26650), with CRLF, LF line terminators
Size
35 kB (35242 bytes)
Hash
a1bca3c729f7f49a99a2c5d7e247343d
496d223c850680db52b54b2355591bb5a6d15f0b
0a33b9147427c016475ffe94435ff421289eab6d3f4c20d4f0a2d78f35caf41f

HTTP Headers

GET /O2XGl648d4ab9c9156q1mFuGlCqIZO?r= HTTP/1.1
Host: clkmein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40-0+deb8u16
Set-Cookie: PHPSESSID=ld2fsg6gqpe023ah0oqjil1op3; expires=Sat, 17-Jun-2023 06:55:05 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Sun, 16-Jun-2024 05:55:06 GMT; Max-Age=31536000; path=/
referrer_url=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Frame-Options: DENY
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0zc3jhgH9nyX5mkLJDV5ygTnTPpEdycnBk09Bn3GZpBsAnWT0ev2xRZbe2tr%2F7uW2pxaeMvTGmDUT%2B4d%2BwWCmaEEWJeC1d2ObtQD2TcwOd5LOep5hX4RWjdPqIYC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7d890aa9bd731c06-OSL
Content-Encoding: gzip

static.sh.st/js/packed/interstitial-page.js?2022-06-29.0

104.26.6.218

200 OK

25 kB

URL GET HTTP/1.1
static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
IP
104.26.6.218:80
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
Unicode text, UTF-8 text, with very long lines (20454)
Size
25 kB (24685 bytes)
Hash
06eb8d871dccb0da41b67abac7022ba9
dbe95283dcf49fac294a7d3445efad665c2ee790
88bb3be0111402f5ca81aaa36cbf7c4a2755099c5d0446831331e1d1d8e7a1ef

HTTP Headers

GET /js/packed/interstitial-page.js?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: origSize=102880
ETag: W/"62bc140d-191e0"
Expires: Sat, 17 Jun 2023 20:06:11 GMT
Last-Modified: Wed, 29 Jun 2022 08:57:49 GMT
Vary: Accept-Encoding
X-Server-ID: shn03
X-UA-Compatible: IE=Edge
CF-Cache-Status: HIT
Age: 35335
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHVrO2pGuTxr9L0R5QGpXgv4Z3HFhcrgzTSeCbyv6Z5lSYZXw2DaHXH0Na9BU2kCrCoJ6Qu3kCGRqEFkGFEhQR3R2m3V6AqPlrhji6Lnv7hI0vr1x0ooEcJMILB55g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7d890aac9e7ab51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4c58e00150b52a44a8ff135b29133181
d3efdac50fa272337927845f52a5137101d7debc
fadd34313125590be8b04e022a607aaaafb88fcd59b5e3969acbbdaf1f51c54b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0

104.26.6.218

200 OK

6.2 kB

URL GET HTTP/1.1
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
IP
104.26.6.218:80
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
PNG image data, 249 x 62, 8-bit/color RGBA, non-interlaced\012- data
Size
6.2 kB (6226 bytes)
Hash
9ca44d211b1779ef13c1f7406a76c1ff
8b5ab1222409a144c8f1d3bd2a098985bd0bcba7
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001

HTTP Headers

GET /b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: image/png
Content-Length: 6226
Connection: keep-alive
Last-Modified: Fri, 17 Jul 2015 13:29:04 GMT
ETag: "55a90320-1852"
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Expires: Sat, 17 Jun 2023 14:17:35 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 56251
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YMLxOHReZPh5QogEbeksm0GsEDiLqMuUqgJNzNYUyvmNOK9HGaEhz2e3bzwSjIjdT5mtu3oU9iqOBX%2FXtk00SqN68xf2sJj5kc9nX2id8ZjapiPidC4L8AGCqyuFoA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d890aad1ed7b51d-OSL
alt-svc: h2=":443"; ma=60

clkmein.com/bundles/smeweb/img/tracking-38271.gif?t=1686981306

104.26.4.107

200 OK

43 B

URL GET HTTP/1.1
clkmein.com/bundles/smeweb/img/tracking-38271.gif?t=1686981306
IP
104.26.4.107:80
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /bundles/smeweb/img/tracking-38271.gif?t=1686981306 HTTP/1.1
Host: clkmein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Cookie: hl=en; cookies-enable=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn05
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SXWPH9vDXOOzfXUAHGg3NNseRbh37XJ2EN1D6PKAQy0TdlfapgZIHr8D%2FNCX1P7SFAeUmP9d%2Bp03puP0j5zdNoepRmsp7MLzkZfUKVrxdZZqLzXwlDnIR2T88dDe"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d890aad1f951c06-OSL

clkmein.com/bundles/advertisement/img/tracking.gif?test=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a

104.26.4.107

200 OK

0 B

URL GET HTTP/1.1
clkmein.com/bundles/advertisement/img/tracking.gif?test=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a
IP
104.26.4.107:80
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bundles/advertisement/img/tracking.gif?test=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a HTTP/1.1
Host: clkmein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Cookie: hl=en; cookies-enable=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:54 GMT
ETag: "62bc13d6-0"
X-Server-ID: shn09
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K3%2FR6cxN9I%2F4IXm81%2Bp9r2%2BbnQl%2BE8EDEWCU1lowfnNaBAYic%2FI85FRyTilBGI7%2FPLku2CLU8MMSxhs1F1zpiVPD6r9EKAdZ%2BCrHEeu4T4AFcLPcGvlMs7rel2gn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d890aad18330b49-OSL

clkmein.com/bundles/smeweb/img/advertisement-tracking-38271.gif?t=1686981306

104.26.4.107

200 OK

43 B

URL GET HTTP/1.1
clkmein.com/bundles/smeweb/img/advertisement-tracking-38271.gif?t=1686981306
IP
104.26.4.107:80
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /bundles/smeweb/img/advertisement-tracking-38271.gif?t=1686981306 HTTP/1.1
Host: clkmein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Cookie: hl=en; cookies-enable=1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn06
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W5nevfUB7jCzGmh%2BczNRtQ1IgUxIqRATVmet2cprhx%2FViAPg2sscqA9X9qdDgUSDFD3Y%2FWS%2Bg%2FznP1b0b64kMmms%2BiVNBbc%2FchcKwa3zoCP23jIrUXhb9HecD9Go"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d890aad1f740b31-OSL

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
4c58e00150b52a44a8ff135b29133181
d3efdac50fa272337927845f52a5137101d7debc
fadd34313125590be8b04e022a607aaaafb88fcd59b5e3969acbbdaf1f51c54b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ja.rewashwudu.com/fmwhVStpL4dxap/46223

23.109.82.97

200 OK

26 B

URL GET HTTP/1.1
ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP
23.109.82.97:80
ASN
#7979 SERVERS-COM

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce

HTTP Headers

GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://clkmein.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jU1Sg0AQhSH8RQ1oV3EAj8AQMcnSTVbegZphGhwD06lmQuLtHa3S3fteffVeEASr8hHCJY0husgGnl8aXe97Ve31tsZq34vda9UoIbp6u1PycIA7M7dOqhFdDOt5kuxat8SwGdAim67tSGMOT976a06WrjaGRLG0Oodk8saYQ6aYrjNyGUFs5YSQHQ1jTzdvyE9iiIQQPhvrc1jBiuYyKu4heTf2cis2aVAUaQAP51G6nnhqjfaYDCw1QvgG6046HIi%2FINM4nxydAWjU7b%2F%2Fe5qMP2uQalxM55HcB%2FI3ouZOdQ%3D%3D; expires=Sun, 18-Jun-2023 05:55:06 GMT; Max-Age=86400; path=/
GL_GI10=eJwlTckKwjAUbJ4xLq0PB3rz0h%2BwuB56tff24BdIEA2UpKRx%2B3sjHoZZGGaSJKE8A5keWbUtq0152JXb4wHiBmpakLZQjfOvywfCgzZ7kLdI26FzRe0eNsRcQ%2F48hAGfOvMuzq57BOPsAIqY1c73zl%2FCFaJXAhSconhp8oyJRzznNI5qnvCUU1YYN%2B3696M1JlH%2Bp%2B9jXspY6yTEsIAIkZ%2BSV0p9AQoZJ54%3D; expires=Sun, 18-Jun-2023 05:55:06 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0

104.26.6.218

200 OK

84 kB

URL GET HTTP/1.1
static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
IP
104.26.6.218:80
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
PNG image data, 1000 x 2704, 8-bit colormap, non-interlaced\012- data
Size
84 kB (84545 bytes)
Hash
0eb6767d5ee6d6e7b3884a01b7730c80
4bc5d39918bcea70e852e0fb7b3d15caf0993434
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d

HTTP Headers

GET /bundles/smeweb/img/widget-sprite.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: image/png
Content-Length: 84545
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:53 GMT
ETag: "62bc13d5-14a41"
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Expires: Sat, 17 Jun 2023 11:05:43 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 67763
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eebIUBMJOc6MNWZWcWlm19QmXWhoCBe05I8leRsOlwvMG%2FGjdR4cG9gCNh8DHngJ%2B9yzFh97pDn6R9vyeTLrKwoMrAMu7iBAguKgJcuvxyADX18IyNtbdzoOs7Y8kA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d890aadaf58b51d-OSL
alt-svc: h2=":443"; ma=60

ubbfpm.com/ms/1102360/inpage.js

95.216.206.230

200 OK

201 kB

URL GET HTTP/1.1
ubbfpm.com/ms/1102360/inpage.js
IP
95.216.206.230:443
ASN
#24940 Hetzner Online GmbH

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectubbfpm.com
FingerprintA2:0C:E1:AA:B3:4F:02:D9:6C:68:9E:FE:AA:AD:20:F2:F2:F3:CB:7C
ValiditySun, 28 May 2023 13:41:52 GMT - Sat, 26 Aug 2023 13:41:51 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
201 kB (200738 bytes)
Hash
af413834dffb762ffcfa6c20ce98ad42
1cc019785a20cf05f8804da008409a6ed8ba4a72
37800f9f2bb9d6543c17667dca9695da535d5b01fcf095db9d20d9782f1d22d0

HTTP Headers

GET /ms/1102360/inpage.js HTTP/1.1
Host: ubbfpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: application/javascript
Content-Length: 200738
Last-Modified: Fri, 21 Apr 2023 15:45:14 GMT
Connection: keep-alive
ETag: "6442af8a-31022"
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Referrer-Policy: strict-origin
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4c33dd00acf3e9ec3caa92992e03b532
f900808eafea946f52a49a7e536a97b2331d9f01
a00bc1576320e4aaa26267eb2836c33f6795cd1ace69497ecb52c0f584a00e2c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f15247b894a1208e9114096e5471926e
9a0866397ba8755ce3feb083c203794575e3cab1
8fe29e24b8a4a510ea04168e92e9134e03d52b292b8616ecd4e02b334247ae07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f15247b894a1208e9114096e5471926e
9a0866397ba8755ce3feb083c203794575e3cab1
8fe29e24b8a4a510ea04168e92e9134e03d52b292b8616ecd4e02b334247ae07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2

216.58.207.227

200 OK

46 kB

URL GET HTTP/2
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC9:2E:2A:45:EE:CD:C4:04:39:8F:FA:80:3A:30:4F:97:C2:F4:BF:E4
ValidityMon, 22 May 2023 08:22:04 GMT - Mon, 14 Aug 2023 08:22:03 GMT

File type
Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Size
46 kB (46524 bytes)
Hash
c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826

HTTP Headers

GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Jun 2023 10:39:52 GMT
expires: Wed, 12 Jun 2024 10:39:52 GMT
cache-control: public, max-age=31536000
age: 328514
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ

142.250.74.168

200 OK

42 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint10:38:7C:36:39:48:3A:75:B3:8C:F2:4A:E7:C5:44:0B:9D:46:7F:F8
ValidityMon, 22 May 2023 08:17:22 GMT - Mon, 14 Aug 2023 08:17:21 GMT

File type
ASCII text, with very long lines (2271)
Size
42 kB (41843 bytes)
Hash
40fd4fcd4cfc0e66ea0355c9ac0eeccb
d94705e6b7ba44b6e796c1ff3eac2560691aba16
839b4fa4c3106c7a62dc9bf9492eedf103b593eec8fb478a3c11ef69cd0c69f1

HTTP Headers

GET /gtm.js?id=GTM-5SFMWPJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 17 Jun 2023 05:55:06 GMT
expires: Sat, 17 Jun 2023 05:55:06 GMT
cache-control: private, max-age=900
last-modified: Sat, 17 Jun 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41843
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Raleway:400,700

142.250.74.106

200 OK

47 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Raleway:400,700
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintA4:D0:2E:0C:FB:98:7C:38:24:ED:CC:2B:FE:74:AA:48:C4:9A:27:90
ValidityMon, 22 May 2023 08:22:04 GMT - Mon, 14 Aug 2023 08:22:03 GMT

File type
gzip compressed data, max compression\012- data
Size
47 kB (47070 bytes)
Hash
0e76ffbc3d67bcf0b1dc39f39071aaf3
ad21978360cce560d375d566a3ae31205a09f1a3
e50cd940e4747912fa08ad2f6a8149f724ea58475cdbb342267bdecfd9a36a58

HTTP Headers

GET /css?family=Raleway:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 17 Jun 2023 05:55:06 GMT
date: Sat, 17 Jun 2023 05:55:06 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f15247b894a1208e9114096e5471926e
9a0866397ba8755ce3feb083c203794575e3cab1
8fe29e24b8a4a510ea04168e92e9134e03d52b292b8616ecd4e02b334247ae07

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
4c33dd00acf3e9ec3caa92992e03b532
f900808eafea946f52a49a7e536a97b2331d9f01
a00bc1576320e4aaa26267eb2836c33f6795cd1ace69497ecb52c0f584a00e2c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c

142.250.74.168

200 OK

55 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint10:38:7C:36:39:48:3A:75:B3:8C:F2:4A:E7:C5:44:0B:9D:46:7F:F8
ValidityMon, 22 May 2023 08:17:22 GMT - Mon, 14 Aug 2023 08:17:21 GMT

File type
ASCII text, with very long lines (2271)
Size
55 kB (54590 bytes)
Hash
13a6c633fb71a750aeba3a04f7285194
232779274ab266356468b01be8a64446a2bbac4b
195ba2ad52fb8dd0ea3f09831eb5308d41791f262a5bec5d7007112c2ce76506

HTTP Headers

GET /gtag/js?id=AW-997869120&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 17 Jun 2023 05:55:06 GMT
expires: Sat, 17 Jun 2023 05:55:06 GMT
cache-control: private, max-age=900
last-modified: Sat, 17 Jun 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54590
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js

192.243.59.20

200 OK

21 kB

URL GET HTTP/1.1
endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
IP
192.243.59.20:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
HTML document, ASCII text, with very long lines (59375)
Size
21 kB (20562 bytes)
Hash
95ee65c71e53e72dfa9d9d2d74e69400
eac1d46c347c6029b3b8fc781e2bb7e2dea3d15c
76f574d45e9a4e84208b7999f23342e0ca6fc94832d5e933a63ec3d72cbb3554

HTTP Headers

GET /34/c6/b3/34c6b37755370ea4318f4ff4946df449.js HTTP/1.1
Host: endangersquarereducing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2380-1=1; expires=Tue, 20 Jun 2023 05:55:06 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e6d6e7b199f266c3002b385632d55728
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m01.amazontrust.com/

54.230.80.227

471 B

URL
ocsp.r2m01.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
3c35122f6af5ea3e5671c86d4ca88bbc
a9f593511024c31010f6ff956c3a7651e1b7d9af
818a7657de6b657efe5ef1cef2d0b2b938d08f1f3b8f5772a61f47a0856f9af6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 17 Jun 2023 05:55:07 GMT
Last-Modified: Sat, 17 Jun 2023 04:06:23 GMT
Server: ECAcc (nya/7968)
X-Cache: Miss from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: tZxfw65LrKmvJB_zZeV2hyBFVYlqmK8dk81Oroavfq3r3Ig1-umdJQ==
Age: 6524

respectablecharacteristicrider.com/pixel/purst?dl=0&th=0&sc=0&rs=2182&rd=2182&fd=607&bv=23.6.v.1&tmpl=70

173.233.137.44

200 OK

0 B

URL GET HTTP/1.1
respectablecharacteristicrider.com/pixel/purst?dl=0&th=0&sc=0&rs=2182&rd=2182&fd=607&bv=23.6.v.1&tmpl=70
IP
173.233.137.44:80
ASN
#7979 SERVERS-COM

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2182&rd=2182&fd=607&bv=23.6.v.1&tmpl=70 HTTP/1.1
Host: respectablecharacteristicrider.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

addresseepaper.com/sfp.js

199.59.243.223

403 Forbidden

111 B

URL GET HTTP/1.1
addresseepaper.com/sfp.js
IP
199.59.243.223:80
ASN
#16509 AMAZON-02

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
111 B (111 bytes)
Hash
8b181bb6767bc5795dcf17341a387e5b
b5e2a9fb1f8a4aad3c7127c769af4c780b47bef4
32cbc376cd769a26d108ae31678f975b863b7066e110c59d9a212c7281bd8c81

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Server: openresty
Date: Sat, 17 Jun 2023 05:55:07 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-backend-server: ip-10-201-16-117.ec2.internal
Content-Encoding: gzip

simplewebanalysis.com/stats

52.58.93.188

200 OK

40 B

URL GET HTTP/2
simplewebanalysis.com/stats
IP
52.58.93.188:443
ASN
#16509 AMAZON-02

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
3a2dcd1046656ff1b60d7112cc760b0d
b941a9241f079707141e84dfd150f6d0a0104ccd
69708334c41589d9bda01d986811524a9ab5c1d3b64e77e0afdb647295e4deae

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://clkmein.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=10efd3ed-2482-4cac-8045-582e57e33ef8:3:1; expires=Tue, 14 Jun 2033 05:55:07 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=clkmein.com&var=&ymid=&var_3=

139.45.197.250

200 OK

908 B

URL GET HTTP/2
ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=clkmein.com&var=&ymid=&var_3=
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT

File type
JSON data\012- , ASCII text, with very long lines (907)
Size
908 B (908 bytes)
Hash
4a475681dd3fdb63073f740f13b06977
256ac9df787776671076d19900878722c4e3eacc
e59808a0236875606d894a1ad2e85c83ebb1f19effd57746de46dee7d71e60a0

HTTP Headers

GET /zone?pub=0&zone_id=4157053&is_mobile=false&domain=clkmein.com&var=&ymid=&var_3= HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 908
x-trace-id: 1fdf0c9bbfcc3e638bce4248b2f01078
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

xngqoc.com/cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=0&if=0&u=aHR0cDovL2Nsa21laW4uY29tL08yWEdsNjQ4ZDRhYjljOTE1NnExbUZ1R2xDcUlaTw==

185.162.85.14

204 No Content

0 B

URL GET HTTP/2
xngqoc.com/cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=0&if=0&u=aHR0cDovL2Nsa21laW4uY29tL08yWEdsNjQ4ZDRhYjljOTE1NnExbUZ1R2xDcUlaTw==
IP
185.162.85.14:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectxngqoc.com
Fingerprint4D:ED:76:7E:B2:4F:87:9C:A3:0B:79:50:6F:CF:19:D2:D9:16:F6:BF
ValidityTue, 02 May 2023 05:01:15 GMT - Mon, 31 Jul 2023 05:01:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=0&if=0&u=aHR0cDovL2Nsa21laW4uY29tL08yWEdsNjQ4ZDRhYjljOTE1NnExbUZ1R2xDcUlaTw== HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx/1.18.0
date: Sat, 17 Jun 2023 05:55:07 GMT
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2

xngqoc.com/er?a=1

185.162.85.14

200 OK

0 B

URL GET HTTP/2
xngqoc.com/er?a=1
IP
185.162.85.14:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectxngqoc.com
Fingerprint4D:ED:76:7E:B2:4F:87:9C:A3:0B:79:50:6F:CF:19:D2:D9:16:F6:BF
ValidityTue, 02 May 2023 05:01:15 GMT - Mon, 31 Jul 2023 05:01:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /er?a=1 HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 17 Jun 2023 05:55:07 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2

respectablecharacteristicrider.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js

173.233.137.44

200 OK

13 kB

URL GET HTTP/1.1
respectablecharacteristicrider.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js
IP
173.233.137.44:80
ASN
#7979 SERVERS-COM

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
ASCII text, with very long lines (37141), with no line terminators
Size
13 kB (13424 bytes)
Hash
76875fc28094ec5e778984d213846d58
5045237b10561f40562a4e3e4049c6def80d417e
674fea4cacc6ab4b2e9c45e64cea81140ee5eaf8e3b8481faef47666b68a9352

Detections

Analyzer	Verdict	Alert
Public Nextron yara rules	malware	Detects JS obfuscation done by the js obfuscator (often malicious)
quad9	Sinkholed

HTTP Headers

GET /08/26/66/0826667673c6afa9f85340ed4fc8ef57.js HTTP/1.1
Host: respectablecharacteristicrider.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f34ce437d16ee7ef9f7b2b8604eef702
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ptauxofi.net/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Content-Type: application/json
Content-Length: 387
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 585bd1d45101bba7036f4c75c5867417
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

xngqoc.com/trt?a=1&t=310

185.162.85.14

200 OK

0 B

URL GET HTTP/2
xngqoc.com/trt?a=1&t=310
IP
185.162.85.14:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectxngqoc.com
Fingerprint4D:ED:76:7E:B2:4F:87:9C:A3:0B:79:50:6F:CF:19:D2:D9:16:F6:BF
ValidityTue, 02 May 2023 05:01:15 GMT - Mon, 31 Jul 2023 05:01:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /trt?a=1&t=310 HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 17 Jun 2023 05:55:07 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=eaaace5419d14d9f96657ee16b6ef7cd&zoneId=4157053&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=eaaace5419d14d9f96657ee16b6ef7cd&zoneId=4157053&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint84:56:36:C3:24:DE:FB:F0:E7:EB:EB:9D:C8:B6:28:31:B5:3C:8B:80
ValiditySat, 06 May 2023 08:48:01 GMT - Fri, 04 Aug 2023 08:48:00 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
ea15b7394b3f6a00765177878bb82d55
46628a9bdb27a1f5a9aa62e97092a45f36dd426c
4014e434739b1a1da693f5ed489934bedc9af6513a8fe192a0aa5306d6298883

HTTP Headers

GET /gid.js?pub=0&userId=eaaace5419d14d9f96657ee16b6ef7cd&zoneId=4157053&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://clkmein.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=eaaace5419d14d9f96657ee16b6ef7cd; expires=Sun, 16 Jun 2024 05:55:07 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
5071ab33a3680b7c0393861ede27dc16
073b22dacebe0d6e6ef06d14b29e5e1249ae2bb7
5f7c09e410d39cf727462e2f4fd25f572bf5b40e1a6640545d2db1adbb88dd55

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Content-Type: application/json
Content-Length: 509
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: c150cb62da321a364b9770e28a93e6df
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

172.64.202.23

200 OK

28 kB

URL GET HTTP/1.1
friendshipmale.com/sfp.js
IP
172.64.202.23:80
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27574 bytes)
Hash
8bf542db65f0ff20d510889d62e5e092
1b1b7cc04275b7641e2f07b0f4bf99b5387303bf
77a3bebee72af7beb49cd94b7f16852a532aac5f3db8f610160440fe75ca4711

Detections

Analyzer	Verdict	Alert
Public Nextron yara rules	malware	Detects JS obfuscation done by the js obfuscator (often malicious)

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:07 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: ab1c95f7b4a31f2dd21f6f58e4e38fab
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 17 Jun 2023 05:55:07 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HgR5FWVww7qhB1KiJdqYjMAr7L5zGex4swJZo8L3lAP9L3yhxsE%2BVaNOUlMbebcdtemwAUlBqFvjhNAh%2Fp8qwTMYVKSqykPK%2B2aV2stUFu52fY1h2H5oBVL5Spyo8m8RH7d%2BwPg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d890ab2c935755a-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
378e344ab073bcccf2ca8431f7c3a8ad
fea23c3c1790206bcee6adcd5bb7c9d8250c4c78
c03de449ffc7ed98cc6d49642df2fe0903d571113c9dbbbbf9767c03c5afbff4

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Content-Type: application/json
Content-Length: 509
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 177bd1cfc483e72cac7664e85154ef19
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

prhzxq.com/wnrw?aid=15368011315392105229&t=1686981307&a=1

185.162.85.3

200 OK

0 B

URL GET HTTP/2
prhzxq.com/wnrw?aid=15368011315392105229&t=1686981307&a=1
IP
185.162.85.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectprhzxq.com
Fingerprint6D:AB:12:36:72:62:BB:6F:23:70:47:C5:CA:25:CF:D2:AB:BC:B2:54
ValiditySat, 20 May 2023 02:24:39 GMT - Fri, 18 Aug 2023 02:24:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wnrw?aid=15368011315392105229&t=1686981307&a=1 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 17 Jun 2023 05:55:07 GMT
content-length: 0
access-control-allow-origin: http://clkmein.com
X-Firefox-Spdy: h2

banquetunarmedgrater.com/advertisers.js

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
banquetunarmedgrater.com/advertisers.js
IP
192.243.61.225:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:07 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0217a90092722959f22abedb6b27eb1d
Strict-Transport-Security: max-age=0; includeSubdomains

eu.doctorpost.net/nty/metrics/save.img?event=impressions&bid-id=v2-1686981307313-7-8084-1241070-9a7dd09e-5441-2667-3cdf-615c252c2b94&img=https%3A%2F%2Fcdn.adx1.com%2Fe3f9768e80ee031d0ca3ffb82bda5d8a.jpeg

38.100.129.67

302 Found

0 B

URL GET HTTP/2
eu.doctorpost.net/nty/metrics/save.img?event=impressions&bid-id=v2-1686981307313-7-8084-1241070-9a7dd09e-5441-2667-3cdf-615c252c2b94&img=https%3A%2F%2Fcdn.adx1.com%2Fe3f9768e80ee031d0ca3ffb82bda5d8a.jpeg
IP
38.100.129.67:443
ASN
#174 COGENT-174

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subject*.doctorpost.net
Fingerprint03:CF:FD:3D:A3:A5:17:2C:F7:EB:78:69:2E:B0:F7:EA:82:52:AD:FB
ValidityThu, 20 Apr 2023 23:02:23 GMT - Wed, 19 Jul 2023 23:02:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nty/metrics/save.img?event=impressions&bid-id=v2-1686981307313-7-8084-1241070-9a7dd09e-5441-2667-3cdf-615c252c2b94&img=https%3A%2F%2Fcdn.adx1.com%2Fe3f9768e80ee031d0ca3ffb82bda5d8a.jpeg HTTP/1.1
Host: eu.doctorpost.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: openresty/1.15.8.3
date: Sat, 17 Jun 2023 05:55:07 GMT
content-length: 0
location: https://cdn.adx1.com/e3f9768e80ee031d0ca3ffb82bda5d8a.jpeg
X-Firefox-Spdy: h2

ptauxofi.net/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

20 kB

URL GET HTTP/2
ptauxofi.net/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 kB (19881 bytes)
Hash
e9a509bd03dba6834098a39034b63a9c
d68afd4691f4e80cec329866c08992f8344bae40
388d2f36b8afebc478a4d523c1cad204fc5cebb0ff63a0696164d0d9f2583078

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/javascript
last-modified: Thu, 15 Jun 2023 13:18:05 GMT
etag: W/"648b0f8d-df63"
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Content-Type: application/json
Content-Length: 388
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: c226ff5a2b396527652fbd4205d00910
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ptauxofi.net/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
ptauxofi.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Content-Type: application/json
Content-Length: 732
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b18836a0f6e42f5fee30c00e10983c8a
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=10efd3ed-2482-4cac-8045-582e57e33ef8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=10efd3ed-2482-4cac-8045-582e57e33ef8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5
IP
192.243.59.12:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=10efd3ed-2482-4cac-8045-582e57e33ef8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:08 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7b9a7145ea34f0992915faa0ee73b7bd
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=10efd3ed-2482-4cac-8045-582e57e33ef8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5

192.243.59.12

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=10efd3ed-2482-4cac-8045-582e57e33ef8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5
IP
192.243.59.12:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=10efd3ed-2482-4cac-8045-582e57e33ef8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:08 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 97d9e0dee795f9045419a0533c0da4bd
Strict-Transport-Security: max-age=0; includeSubdomains

i.wmgtr.com/cic/d186Z1xqbgoLvkVafC4w0Mh9PeSfEmlg.png

45.133.44.32

18 kB

URL GET
i.wmgtr.com/cic/d186Z1xqbgoLvkVafC4w0Mh9PeSfEmlg.png
IP
45.133.44.32:0
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjecti.wmgtr.com
Fingerprint7D:1B:65:9B:B8:35:3F:63:AA:D6:0E:B1:DB:13:80:AA:F0:55:75:FC
ValiditySun, 23 Apr 2023 23:02:02 GMT - Sat, 22 Jul 2023 23:02:01 GMT

File type
PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Size
18 kB (18189 bytes)
Hash
acb787f05bdc3b72341b39c9ee3936c4
72592389ec8bdc0e014ea21c8f2b202a99c21dfd
27b5ac39b06a071c2be4aed926fc70095f94334bce56f47a4d381aa128d003dc

HTTP Headers

GET /cic/d186Z1xqbgoLvkVafC4w0Mh9PeSfEmlg.png HTTP/1.1
Host: i.wmgtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: image/png
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-option: nosniff
content-encoding: gzip
cache-control: max-age=82800
expires: Sun, 18 Jun 2023 04:55:07 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/interstitial/software/norton/us/1/index.html

45.133.44.4

200 OK

888 B

URL GET HTTP/2
cdn.barscreative1.com/sb/interstitial/software/norton/us/1/index.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint0B:AE:8A:C0:29:EA:B0:86:29:66:F6:7E:76:63:66:57:38:88:FC:E6
ValidityMon, 15 May 2023 04:01:53 GMT - Sun, 13 Aug 2023 04:01:52 GMT

File type
HTML document text\012- HTML document, ASCII text
Size
888 B (888 bytes)
Hash
9da90deb5228e3d6f428bf2c1ec63c10
ac9efba63c33796d31132f2f16cd02e143fa18e0
9381287002caae0ed6df330e51f16e7ec24005e4748f522bc4ba9d989541def3

HTTP Headers

GET /sb/interstitial/software/norton/us/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:13 GMT
content-type: text/html; charset=utf-8
content-length: 888
server: nginx/1.17.6
last-modified: Fri, 02 Jul 2021 09:04:59 GMT
etag: "60ded6bb-378"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Sat, 17 Jun 2023 06:55:13 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

superiorickyfreshen.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSMW8cRRidTUwKqEBQpEA6IQoQ%2BLy7t3e3RwqUEIwCJo4SEHRodmb2PHhuZzWzc3t2KAyRUBqko6Vav7NjBawIOhpQWNNFQvJRucBISPwCpFQU6GyLg6%2F53vveV7x533y%2B7Y6JD0ePlt%2FVm1IputRu%2Bo2XPgyCS40VmblRYxR3PupElxpm%2BFrg95r%2By423BFvXS6Ef%2BH7gB41laUSqR0tBEDR9yHy%2FFzR7fjMKm0E7wsj8n1vnwVIPfHhMnoHk0yf3H0SQrEY2%2BPaqsOuFzl99c%2BAULbTBkO%2B9n61nuswwmMPUeEizvbNtaHu4%2FCN0tntiGHr472Iip8T78w8k2d6ZSyTD3VOjiYLIkPCnUA5rCFVD0hpM34HkhwRgHNdXkQ3uXdempBunKp2pU7Lw%2BC%2FIckoWfnsW2eDBFSVHjVtauULqzGKUVpCjGrJfI3cHKDbPQZYHYMVnkPwXsvR4BdlgZ9UqDcmPXgx8kfKW4IthFIeLEaNsMfaj9mI7DkW7K1otkcYnCUlZQ6Y1lBiD2vNw1oOTHlzqweUeBvyo0WVRHPO4zalgLEzSIE6jNOpR5qfMb%2FVCODZ7wxhFPgZTYzCzhdxsYV2OYdxD2LUKlnuwBcGQVygFQWkJSkpQSoKyICiH1S5XNrTVPa6sS4KzHp71VjXRRX%2Bb7uqiLzKynR%2BTp2fBeQtf%2BVgXRw0%2FDjudTrfTbbEOTWkvjdutyBc8Slks0nYXVlaQ9hyo9bApp%2BTi5CFyOSVPfP83EnoAqw7A5Aug7nnQctINfdC1SRT72Mzu2zVtCtG0BbiukBcLKDa8bXVMLp5c75Xbn0KwR%2BSswEyF3FT4WP5M0Fd3Jzd1SXZu6tKS71bzQg7kJp1d9lZBC3Hh63fERqkNv3bVju9fZjNhBvffE7ZYoRmXWd%2BSb65IzoVZ1oYJ8sM1%2B4FIbji7dsWZzOUrN95YvjbIjbBW6qwGlYefdMDklFy4vHvyZ5%2F7%2FTakqWFchYGbO5W6Bsu3YPP5zGoCo%2BY8yT2UrpqYMJkPlSRQYs5pUsH%2BhydzvG3vom880OIOskGFoakwVBWoGsO685MiN49e%2F7V1UkiUN0mU8XYSZdSXp9FaedQQXdHp9SI%2F6nLfTyIehkFbMNqKaI%2BGYdpFYaf8i7d%2F%2BgcAAP%2F%2FAQAA%2F%2F8aj58OgAQAAA%3D%3D

192.243.59.20

200 OK

7 B

URL GET HTTP/1.1
superiorickyfreshen.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSMW8cRRidTUwKqEBQpEA6IQoQ%2BLy7t3e3RwqUEIwCJo4SEHRodmb2PHhuZzWzc3t2KAyRUBqko6Vav7NjBawIOhpQWNNFQvJRucBISPwCpFQU6GyLg6%2F53vveV7x533y%2B7Y6JD0ePlt%2FVm1IputRu%2Bo2XPgyCS40VmblRYxR3PupElxpm%2BFrg95r%2By423BFvXS6Ef%2BH7gB41laUSqR0tBEDR9yHy%2FFzR7fjMKm0E7wsj8n1vnwVIPfHhMnoHk0yf3H0SQrEY2%2BPaqsOuFzl99c%2BAULbTBkO%2B9n61nuswwmMPUeEizvbNtaHu4%2FCN0tntiGHr472Iip8T78w8k2d6ZSyTD3VOjiYLIkPCnUA5rCFVD0hpM34HkhwRgHNdXkQ3uXdempBunKp2pU7Lw%2BC%2FIckoWfnsW2eDBFSVHjVtauULqzGKUVpCjGrJfI3cHKDbPQZYHYMVnkPwXsvR4BdlgZ9UqDcmPXgx8kfKW4IthFIeLEaNsMfaj9mI7DkW7K1otkcYnCUlZQ6Y1lBiD2vNw1oOTHlzqweUeBvyo0WVRHPO4zalgLEzSIE6jNOpR5qfMb%2FVCODZ7wxhFPgZTYzCzhdxsYV2OYdxD2LUKlnuwBcGQVygFQWkJSkpQSoKyICiH1S5XNrTVPa6sS4KzHp71VjXRRX%2Bb7uqiLzKynR%2BTp2fBeQtf%2BVgXRw0%2FDjudTrfTbbEOTWkvjdutyBc8Slks0nYXVlaQ9hyo9bApp%2BTi5CFyOSVPfP83EnoAqw7A5Aug7nnQctINfdC1SRT72Mzu2zVtCtG0BbiukBcLKDa8bXVMLp5c75Xbn0KwR%2BSswEyF3FT4WP5M0Fd3Jzd1SXZu6tKS71bzQg7kJp1d9lZBC3Hh63fERqkNv3bVju9fZjNhBvffE7ZYoRmXWd%2BSb65IzoVZ1oYJ8sM1%2B4FIbji7dsWZzOUrN95YvjbIjbBW6qwGlYefdMDklFy4vHvyZ5%2F7%2FTakqWFchYGbO5W6Bsu3YPP5zGoCo%2BY8yT2UrpqYMJkPlSRQYs5pUsH%2BhydzvG3vom880OIOskGFoakwVBWoGsO685MiN49e%2F7V1UkiUN0mU8XYSZdSXp9FaedQQXdHp9SI%2F6nLfTyIehkFbMNqKaI%2BGYdpFYaf8i7d%2F%2BgcAAP%2F%2FAQAA%2F%2F8aj58OgAQAAA%3D%3D
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectsuperiorickyfreshen.com
Fingerprint4F:EB:46:C2:8E:8B:96:9B:27:C1:3E:65:91:0A:A1:29:05:16:DF:EE
ValidityTue, 16 May 2023 13:41:58 GMT - Mon, 14 Aug 2023 13:41:57 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSMW8cRRidTUwKqEBQpEA6IQoQ%2BLy7t3e3RwqUEIwCJo4SEHRodmb2PHhuZzWzc3t2KAyRUBqko6Vav7NjBawIOhpQWNNFQvJRucBISPwCpFQU6GyLg6%2F53vveV7x533y%2B7Y6JD0ePlt%2FVm1IputRu%2Bo2XPgyCS40VmblRYxR3PupElxpm%2BFrg95r%2By423BFvXS6Ef%2BH7gB41laUSqR0tBEDR9yHy%2FFzR7fjMKm0E7wsj8n1vnwVIPfHhMnoHk0yf3H0SQrEY2%2BPaqsOuFzl99c%2BAULbTBkO%2B9n61nuswwmMPUeEizvbNtaHu4%2FCN0tntiGHr472Iip8T78w8k2d6ZSyTD3VOjiYLIkPCnUA5rCFVD0hpM34HkhwRgHNdXkQ3uXdempBunKp2pU7Lw%2BC%2FIckoWfnsW2eDBFSVHjVtauULqzGKUVpCjGrJfI3cHKDbPQZYHYMVnkPwXsvR4BdlgZ9UqDcmPXgx8kfKW4IthFIeLEaNsMfaj9mI7DkW7K1otkcYnCUlZQ6Y1lBiD2vNw1oOTHlzqweUeBvyo0WVRHPO4zalgLEzSIE6jNOpR5qfMb%2FVCODZ7wxhFPgZTYzCzhdxsYV2OYdxD2LUKlnuwBcGQVygFQWkJSkpQSoKyICiH1S5XNrTVPa6sS4KzHp71VjXRRX%2Bb7uqiLzKynR%2BTp2fBeQtf%2BVgXRw0%2FDjudTrfTbbEOTWkvjdutyBc8Slks0nYXVlaQ9hyo9bApp%2BTi5CFyOSVPfP83EnoAqw7A5Aug7nnQctINfdC1SRT72Mzu2zVtCtG0BbiukBcLKDa8bXVMLp5c75Xbn0KwR%2BSswEyF3FT4WP5M0Fd3Jzd1SXZu6tKS71bzQg7kJp1d9lZBC3Hh63fERqkNv3bVju9fZjNhBvffE7ZYoRmXWd%2BSb65IzoVZ1oYJ8sM1%2B4FIbji7dsWZzOUrN95YvjbIjbBW6qwGlYefdMDklFy4vHvyZ5%2F7%2FTakqWFchYGbO5W6Bsu3YPP5zGoCo%2BY8yT2UrpqYMJkPlSRQYs5pUsH%2BhydzvG3vom880OIOskGFoakwVBWoGsO685MiN49e%2F7V1UkiUN0mU8XYSZdSXp9FaedQQXdHp9SI%2F6nLfTyIehkFbMNqKaI%2BGYdpFYaf8i7d%2F%2BgcAAP%2F%2FAQAA%2F%2F8aj58OgAQAAA%3D%3D HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Cookie: u_pl=17078832; uid_id2=10efd3ed-2482-4cac-8045-582e57e33ef8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:13 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4eaed96cde4ac1da8a41f6d2dd062cb6
Strict-Transport-Security: max-age=0; includeSubdomains

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.74

200 OK

693 B

URL GET HTTP/1.1
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.74:80
ASN
#15169 GOOGLE

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
ASCII text
Size
693 B (693 bytes)
Hash
e8e4cfffdfbdea8388ebfcabeaa5eb5e
11886e1c95ae73f4839a30bf1fc93157c75f468e
611648a43dde7a75ebdd318079c5c21d48d2d1d0a991b08b304376c5f0775fb9

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 17 Jun 2023 05:55:13 GMT
Date: Sat, 17 Jun 2023 05:55:13 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff

prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Nsa21laW4uY29tL08yWEdsNjQ4ZDRhYjljOTE1NnExbUZ1R2xDcUlaTw==&inc=1

185.162.85.3

200 OK

96 kB

URL GET HTTP/2
prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Nsa21laW4uY29tL08yWEdsNjQ4ZDRhYjljOTE1NnExbUZ1R2xDcUlaTw==&inc=1
IP
185.162.85.3:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectprhzxq.com
Fingerprint6D:AB:12:36:72:62:BB:6F:23:70:47:C5:CA:25:CF:D2:AB:BC:B2:54
ValiditySat, 20 May 2023 02:24:39 GMT - Fri, 18 Aug 2023 02:24:38 GMT

File type
gzip compressed data, from Unix\012- data
Size
96 kB (95842 bytes)
Hash
ec459840271a685fc50e45515b21c4d6
e5f86973c5e46579847afa5be660a2730deb1beb
985ad10404f4ef3c2c1a24c4f046d2910b656f6fa9857ea576ad9ca481421ced

HTTP Headers

GET /wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Nsa21laW4uY29tL08yWEdsNjQ4ZDRhYjljOTE1NnExbUZ1R2xDcUlaTw==&inc=1 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2

clkmein.com/shortest-url/end-adsession?adSessionId=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a&adbd=0&callback=reqwest_1686981305746

104.26.4.107

200 OK

127 B

URL GET HTTP/1.1
clkmein.com/shortest-url/end-adsession?adSessionId=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a&adbd=0&callback=reqwest_1686981305746
IP
104.26.4.107:80
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type
ASCII text, with no line terminators
Size
127 B (127 bytes)
Hash
3dc12a4332c1021d7294a1365af720a2
b456a5f958a298096d92135d8525463d3c256fd9
ca21f8ca106ed754cefe2136d44c15f58b62cfad4f5a36d9f4c2e1bf77a4e4a4

HTTP Headers

GET /shortest-url/end-adsession?adSessionId=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a&adbd=0&callback=reqwest_1686981305746 HTTP/1.1
Host: clkmein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Cookie: hl=en; cookies-enable=1; _gcl_au=1.1.802161943.1686981306; dom3ic8zudi28v8lr6fgphwffqoz0j6c=10efd3ed-2482-4cac-8045-582e57e33ef8%3A3%3A1; sb_main_0826667673c6afa9f85340ed4fc8ef57=1; sb_count_0826667673c6afa9f85340ed4fc8ef57=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=superiorickyfreshen.com
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:13 GMT
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40-0+deb8u16
Set-Cookie: PHPSESSID=iakl5kretoc4t0u9q4o9jd8870; expires=Sat, 17-Jun-2023 06:55:13 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
referrer_url=http%3A%2F%2Fclkmein.com%2FO2XGl648d4ab9c9156q1mFuGlCqIZO%3Fr%3D; expires=Sun, 18-Jun-2023 05:55:13 GMT; Max-Age=86400; path=/; httponly
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aBFSdMiYX0heZY8UC8JjgusbVYCYIx0PgtUVJr6X4ReSk0jcARN25eeapKtwLi0V%2Bin2xo3%2BZsjEh3L9YGbkwA9aQZrHWSKM6QLV%2FIFG4YmOQH2q7lsvIYhdLIx6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7d890adb3a2c0b31-OSL
Content-Encoding: gzip

superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Findex.html&l=888&fd=97

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Findex.html&l=888&fd=97
IP
192.243.59.20:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Findex.html&l=888&fd=97 HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:13 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fcss%2Fanimate.css&l=79249&fd=367

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fcss%2Fanimate.css&l=79249&fd=367
IP
192.243.59.20:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fcss%2Fanimate.css&l=79249&fd=367 HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fjs%2Fscript.js&l=397&fd=384

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fjs%2Fscript.js&l=397&fd=384
IP
192.243.59.13:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fjs%2Fscript.js&l=397&fd=384 HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/css/style.css

172.64.197.23

200 OK

1.0 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/css/style.css
IP
172.64.197.23:443
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
ASCII text
Size
1.0 kB (1043 bytes)
Hash
a39a17a98d209cbe630561b47254c7d5
8de3d1ec9c92aa7c4abeb2fb2785921accc9cbe0
6f85939897c208a053e343c5755a973f36e5f0570b3829ef584ed7f4370e6784

HTTP Headers

GET /sb/interstitial/software/norton/us/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:14 GMT
content-type: text/css
last-modified: Fri, 02 Jul 2021 09:05:01 GMT
etag: W/"60ded6bd-e6d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HatpYUEB5KjzOfU7aTDbla2j4ilOoZqHlhPopMdXbGwILqUZIOo5sgx%2BcxR3XucY67w4HhkDUJZ%2FnkwPBF5m8GQjJ8DjXIH4ImoMevB71MMyFRQi1zpuahygMI0m08yqJP6wTD8DeIwJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d890adb2e2906fd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

superiorickyfreshen.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSMW8cRRidTUwKqEBQpEA6IQoQ%2BLy7t3e3RwqUEIwCJo4SEHRodmb2PHhuZzWzc3t2KAyRUBqko6Vav7NjBawIOhpQWNNFQvJRucBISPwCpFQU6GyLg6%2F53vveV7x533y%2B7Y6JD0ePlt%2FVm1IputRu%2Bo2XPgyCS40VmblRYxR3PupElxpm%2BFrg95r%2By423BFvXS6Ef%2BH7gB41laUSqR0tBEDR9yHy%2FFzR7fjMKm0E7wsj8n1vnwVIPfHhMnoHk0yf3H0SQrEY2%2BPaqsOuFzl99c%2BAULbTBkO%2B9n61nuswwmMPUeEizvbNtaHu4%2FCN0tntiGHr472Iip8T78w8k2d6ZSyTD3VOjiYLIkPCnUA5rCFVD0hpM34HkhwRgHNdXkQ3uXdempBunKp2pU7Lw%2BC%2FIckoWfnsW2eDBFSVHjVtauULqzGKUVpCjGrJfI3cHKDbPQZYHYMVnkPwXsvR4BdlgZ9UqDcmPXgx8kfKW4IthFIeLEaNsMfaj9mI7DkW7K1otkcYnCUlZQ6Y1lBiD2vNw1oOTHlzqweUeBvyo0WVRHPO4zalgLEzSIE6jNOpR5qfMb%2FVCODZ7wxhFPgZTYzCzhdxsYV2OYdxD2LUKlnuwBcGQVygFQWkJSkpQSoKyICiH1S5XNrTVPa6sS4KzHp71VjXRRX%2Bb7uqiLzKynR%2BTp2fBeQtf%2BVgXRw0%2FDjudTrfTbbEOTWkvjdutyBc8Slks0nYXVlaQ9hyo9bApp%2BTi5CFyOSVPfP83EnoAqw7A5Aug7nnQctINfdC1SRT72Mzu2zVtCtG0BbiukBcLKDa8bXVMLp5c75Xbn0KwR%2BSswEyF3FT4WP5M0Fd3Jzd1SXZu6tKS71bzQg7kJp1d9lZBC3Hh63fERqkNv3bVju9fZjNhBvffE7ZYoRmXWd%2BSb65IzoVZ1oYJ8sM1%2B4FIbji7dsWZzOUrN95YvjbIjbBW6qwGlYefdMDklFy4vHvyZ5%2F7%2FTakqWFchYGbO5W6Bsu3YPP5zGoCo%2BY8yT2UrpqYMJkPlSRQYs5pUsH%2BhydzvG3vom880OIOskGFoakwVBWoGsO685MiN49e%2F7V1UkiUN0mU8XYSZdSXp9FaedRgzBc0SLqBEFy0W4xFHRYnnbQVdUXc5m0Udsq%2FePunfwAAAP%2F%2FAQAA%2F%2F%2FlqDcegAQAAA%3D%3D

192.243.59.20

200 OK

7 B

URL GET HTTP/1.1
superiorickyfreshen.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSMW8cRRidTUwKqEBQpEA6IQoQ%2BLy7t3e3RwqUEIwCJo4SEHRodmb2PHhuZzWzc3t2KAyRUBqko6Vav7NjBawIOhpQWNNFQvJRucBISPwCpFQU6GyLg6%2F53vveV7x533y%2B7Y6JD0ePlt%2FVm1IputRu%2Bo2XPgyCS40VmblRYxR3PupElxpm%2BFrg95r%2By423BFvXS6Ef%2BH7gB41laUSqR0tBEDR9yHy%2FFzR7fjMKm0E7wsj8n1vnwVIPfHhMnoHk0yf3H0SQrEY2%2BPaqsOuFzl99c%2BAULbTBkO%2B9n61nuswwmMPUeEizvbNtaHu4%2FCN0tntiGHr472Iip8T78w8k2d6ZSyTD3VOjiYLIkPCnUA5rCFVD0hpM34HkhwRgHNdXkQ3uXdempBunKp2pU7Lw%2BC%2FIckoWfnsW2eDBFSVHjVtauULqzGKUVpCjGrJfI3cHKDbPQZYHYMVnkPwXsvR4BdlgZ9UqDcmPXgx8kfKW4IthFIeLEaNsMfaj9mI7DkW7K1otkcYnCUlZQ6Y1lBiD2vNw1oOTHlzqweUeBvyo0WVRHPO4zalgLEzSIE6jNOpR5qfMb%2FVCODZ7wxhFPgZTYzCzhdxsYV2OYdxD2LUKlnuwBcGQVygFQWkJSkpQSoKyICiH1S5XNrTVPa6sS4KzHp71VjXRRX%2Bb7uqiLzKynR%2BTp2fBeQtf%2BVgXRw0%2FDjudTrfTbbEOTWkvjdutyBc8Slks0nYXVlaQ9hyo9bApp%2BTi5CFyOSVPfP83EnoAqw7A5Aug7nnQctINfdC1SRT72Mzu2zVtCtG0BbiukBcLKDa8bXVMLp5c75Xbn0KwR%2BSswEyF3FT4WP5M0Fd3Jzd1SXZu6tKS71bzQg7kJp1d9lZBC3Hh63fERqkNv3bVju9fZjNhBvffE7ZYoRmXWd%2BSb65IzoVZ1oYJ8sM1%2B4FIbji7dsWZzOUrN95YvjbIjbBW6qwGlYefdMDklFy4vHvyZ5%2F7%2FTakqWFchYGbO5W6Bsu3YPP5zGoCo%2BY8yT2UrpqYMJkPlSRQYs5pUsH%2BhydzvG3vom880OIOskGFoakwVBWoGsO685MiN49e%2F7V1UkiUN0mU8XYSZdSXp9FaedRgzBc0SLqBEFy0W4xFHRYnnbQVdUXc5m0Udsq%2FePunfwAAAP%2F%2FAQAA%2F%2F%2FlqDcegAQAAA%3D%3D
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectsuperiorickyfreshen.com
Fingerprint4F:EB:46:C2:8E:8B:96:9B:27:C1:3E:65:91:0A:A1:29:05:16:DF:EE
ValidityTue, 16 May 2023 13:41:58 GMT - Mon, 14 Aug 2023 13:41:57 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSMW8cRRidTUwKqEBQpEA6IQoQ%2BLy7t3e3RwqUEIwCJo4SEHRodmb2PHhuZzWzc3t2KAyRUBqko6Vav7NjBawIOhpQWNNFQvJRucBISPwCpFQU6GyLg6%2F53vveV7x533y%2B7Y6JD0ePlt%2FVm1IputRu%2Bo2XPgyCS40VmblRYxR3PupElxpm%2BFrg95r%2By423BFvXS6Ef%2BH7gB41laUSqR0tBEDR9yHy%2FFzR7fjMKm0E7wsj8n1vnwVIPfHhMnoHk0yf3H0SQrEY2%2BPaqsOuFzl99c%2BAULbTBkO%2B9n61nuswwmMPUeEizvbNtaHu4%2FCN0tntiGHr472Iip8T78w8k2d6ZSyTD3VOjiYLIkPCnUA5rCFVD0hpM34HkhwRgHNdXkQ3uXdempBunKp2pU7Lw%2BC%2FIckoWfnsW2eDBFSVHjVtauULqzGKUVpCjGrJfI3cHKDbPQZYHYMVnkPwXsvR4BdlgZ9UqDcmPXgx8kfKW4IthFIeLEaNsMfaj9mI7DkW7K1otkcYnCUlZQ6Y1lBiD2vNw1oOTHlzqweUeBvyo0WVRHPO4zalgLEzSIE6jNOpR5qfMb%2FVCODZ7wxhFPgZTYzCzhdxsYV2OYdxD2LUKlnuwBcGQVygFQWkJSkpQSoKyICiH1S5XNrTVPa6sS4KzHp71VjXRRX%2Bb7uqiLzKynR%2BTp2fBeQtf%2BVgXRw0%2FDjudTrfTbbEOTWkvjdutyBc8Slks0nYXVlaQ9hyo9bApp%2BTi5CFyOSVPfP83EnoAqw7A5Aug7nnQctINfdC1SRT72Mzu2zVtCtG0BbiukBcLKDa8bXVMLp5c75Xbn0KwR%2BSswEyF3FT4WP5M0Fd3Jzd1SXZu6tKS71bzQg7kJp1d9lZBC3Hh63fERqkNv3bVju9fZjNhBvffE7ZYoRmXWd%2BSb65IzoVZ1oYJ8sM1%2B4FIbji7dsWZzOUrN95YvjbIjbBW6qwGlYefdMDklFy4vHvyZ5%2F7%2FTakqWFchYGbO5W6Bsu3YPP5zGoCo%2BY8yT2UrpqYMJkPlSRQYs5pUsH%2BhydzvG3vom880OIOskGFoakwVBWoGsO685MiN49e%2F7V1UkiUN0mU8XYSZdSXp9FaedRgzBc0SLqBEFy0W4xFHRYnnbQVdUXc5m0Udsq%2FePunfwAAAP%2F%2FAQAA%2F%2F%2FlqDcegAQAAA%3D%3D HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Cookie: u_pl=17078832; uid_id2=10efd3ed-2482-4cac-8045-582e57e33ef8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:14 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dbe4747b516c071311d0eb6146401c59
Strict-Transport-Security: max-age=0; includeSubdomains

superiorickyfreshen.com/pixel/sbs?c=1

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
superiorickyfreshen.com/pixel/sbs?c=1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectsuperiorickyfreshen.com
Fingerprint4F:EB:46:C2:8E:8B:96:9B:27:C1:3E:65:91:0A:A1:29:05:16:DF:EE
ValidityTue, 16 May 2023 13:41:58 GMT - Mon, 14 Aug 2023 13:41:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Cookie: u_pl=17078832; uid_id2=10efd3ed-2482-4cac-8045-582e57e33ef8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fcss%2Fstyle.css&l=3693&fd=366

192.243.59.20

200 OK

0 B

URL GET HTTP/1.1
superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fcss%2Fstyle.css&l=3693&fd=366
IP
192.243.59.20:80
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fcss%2Fstyle.css&l=3693&fd=366 HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/img/close.svg

172.64.197.23

200 OK

1.3 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/img/close.svg
IP
172.64.197.23:443
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- exported SGML document, ASCII text, with very long lines (1374), with no line terminators
Size
1.3 kB (1279 bytes)
Hash
5ff33e884803785a8002a2aa5fa03b0e
a04406f2592e23e648bee499477f823da0c48362
6ba65121162b5b03e75501501ddaa928f73be8d1fe81c032a4879561de63ff58

HTTP Headers

GET /sb/interstitial/software/norton/us/1/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:13 GMT
content-type: image/svg+xml
last-modified: Fri, 02 Jul 2021 09:05:02 GMT
etag: W/"60ded6be-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 10097325
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MMVcWbN65T9EZebfz7%2FtV%2B5ANX8k6b9nkm52yed0ibF%2B3B9VwjvhDvWkwP38M8jRfq66PeRZsnA3jbl5K%2FzSQs8FlEQks%2F%2FsRCnEeV37if93epvFtlC9U1dmjTdMX0S%2BK%2B1309GQ32VD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d890adb3e2e06fd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/img/3.jpg

172.64.197.23

200 OK

95 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/img/3.jpg
IP
172.64.197.23:443
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=900, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1600], progressive, precision 8, 800x450, components 3\012- data
Size
95 kB (95317 bytes)
Hash
befb70e3c8fce549b08f642c9377a7bb
032fd6271376b935b7b8d53b7f5f0332c091af47
6015a52dfb1d485a912be418fee52a639476c2b1d3b23c67596c56e0e08a3132

HTTP Headers

GET /sb/interstitial/software/norton/us/1/img/3.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:13 GMT
content-type: image/jpeg
content-length: 95317
last-modified: Mon, 01 Aug 2022 10:38:40 GMT
etag: "62e7ad30-17455"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 18460487
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WidHr4%2FeuECHyTwKRA5lBURy74NdE7gCi%2FWnaiVxT%2FKIEE%2FLldcKZ3dn%2BBMjqcO4gOb1QXCbUdLzfGdSNP%2BsOl7Q%2F5WItFGalGI6jvQudxYqL8uqFm%2B%2FsnlJX4JsEusEjxAg9GOh72z9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d890adb3e3106fd-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/js/script.js

172.64.197.23

200 OK

397 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/js/script.js
IP
172.64.197.23:443
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
ASCII text, with very long lines (411), with no line terminators
Size
397 B (397 bytes)
Hash
15689a0801d80c44557c963c65b90950
e58890d54723a218306b1b03cd9414becf8fc6e3
75a4b69640acae042ff16424d897eb67acb88e78a5145032a6b29ce9e8660d56

HTTP Headers

GET /sb/interstitial/software/norton/us/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:14 GMT
content-type: application/javascript
last-modified: Fri, 02 Jul 2021 09:05:04 GMT
etag: W/"60ded6c0-18d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XNrZj20gw9Ae9u2lUHkF44F2ll39U6j%2BecPP%2BorIIXH6qzL7gR%2FqMqDJYJONtGfugo7tLzO3WS0bkpRLi4yxYw%2FlASJDW5wW3FssIAH6HIpirjhBdkrrMGbREagSUmMROfOh8rXgHpcw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d890adb3e2a06fd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xdiwbc.com/template/social.html

172.64.197.39

200 OK

4.6 kB

URL GET HTTP/2
xdiwbc.com/template/social.html
IP
172.64.197.39:443
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerGoogle Trust Services LLC
Subjectxdiwbc.com
Fingerprint61:FF:DC:7A:FB:AC:AA:50:F3:3E:E2:87:38:DC:6A:46:09:4F:B8:D9
ValidityMon, 05 Jun 2023 18:53:28 GMT - Sun, 03 Sep 2023 18:53:27 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4639), with no line terminators
Size
4.6 kB (4579 bytes)
Hash
474cf430e4f70fc61a3695cb75f686de
8c14127415e490dff27896747f730ca8e49a957a
12fe3666e6b24360e737799e0cb1eafc47e6f11ccc109562f5426767a8529ef7

HTTP Headers

GET /template/social.html HTTP/1.1
Host: xdiwbc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: http://clkmein.com
cache-control: max-age=14400
cf-cache-status: HIT
age: 4676
last-modified: Sat, 17 Jun 2023 04:37:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ab43Ok8w9l69Qs95VZ8bw5t5YsGEujgo8Fmef%2F9LMdc7NUYVTq4UXM0Bn4yTvtf06fbo9ub4FPPDAzEo5im5yMxDoln4n%2BUU%2FYCu%2Bkeki710av3b2orykr7F6O3W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d890ab39d2c386a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sh.st/TmIp

104.26.7.218

302 Found

92 kB

URL User Request GET HTTP/2
sh.st/TmIp
IP
104.26.7.218:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC6:7F:86:BA:DE:5A:E8:C6:45:7C:7C:55:01:BC:71:BB:54:01:6B:CF
ValiditySun, 30 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT

File type

Size
92 kB (92410 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /TmIp HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Sat, 17 Jun 2023 05:55:05 GMT
content-type: text/html; charset=UTF-8
location: http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
x-powered-by: PHP/5.6.40-0+deb8u16
set-cookie: PHPSESSID=01ko885tuauin9heif67ov3uu7; expires=Sat, 17-Jun-2023 06:55:05 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Sun, 16-Jun-2024 05:55:05 GMT; Max-Age=31536000; path=/
cookies-enable=1; path=/; httponly
cache-control: no-cache
x-server-id: shn05
x-ua-compatible: IE=Edge
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RyFOxUBXeNgZOwSYZnM8G93YtMynjk9NaM7Y7YxUrM9UoCmHy2q8qFMpyItJbgYPQZY55dXR4jEYxNrErbOjqTaxCq4%2FmWFbRXmJuhDlpzOtcGZDhYey"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d890aa8cd95b4f7-OSL
X-Firefox-Spdy: h2

xdiwbc.com/template/social.html

172.64.197.39

200 OK

4.6 kB

URL GET HTTP/2
xdiwbc.com/template/social.html
IP
172.64.197.39:443
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerGoogle Trust Services LLC
Subjectxdiwbc.com
Fingerprint61:FF:DC:7A:FB:AC:AA:50:F3:3E:E2:87:38:DC:6A:46:09:4F:B8:D9
ValidityMon, 05 Jun 2023 18:53:28 GMT - Sun, 03 Sep 2023 18:53:27 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4639), with no line terminators
Size
4.6 kB (4579 bytes)
Hash
474cf430e4f70fc61a3695cb75f686de
8c14127415e490dff27896747f730ca8e49a957a
12fe3666e6b24360e737799e0cb1eafc47e6f11ccc109562f5426767a8529ef7

HTTP Headers

GET /template/social.html HTTP/1.1
Host: xdiwbc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: http://clkmein.com
cache-control: max-age=14400
cf-cache-status: HIT
age: 4676
last-modified: Sat, 17 Jun 2023 04:37:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hYUfI8j84x7ySmWQT9lV8jPcSe3sGmRSlE0rntdLpH2UrhkhVLSXVd%2FNQ07w%2F2p5AILCYRFLuq%2BZCrcjElbInqGBgmyejoRyxsM4quM2aJ1%2FdmRySTpYiQzXZhO8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d890ab39d2d386a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/css/animate.css

172.64.197.23

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/css/animate.css
IP
172.64.197.23:443
ASN
#13335 CLOUDFLARENET

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT

File type
ASCII text
Size
79 kB (79249 bytes)
Hash
e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a

HTTP Headers

GET /sb/interstitial/software/norton/us/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:14 GMT
content-type: text/css
last-modified: Fri, 02 Jul 2021 09:05:01 GMT
etag: W/"60ded6bd-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvBA1culHY4593fArcap6HHVaiP9fxdWYu2B123Ac7IbaJygRVxKyys08igWirG6F7bQp4TGD%2FglKdmULC7bFZBDQyUv8e8bO5%2Fn%2B3BGmmhGSB8SQuxiqlAlz61KCMRITxhrg2ikVuHt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d890adb1e1906fd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

superiorickyfreshen.com/sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=10efd3ed-2482-4cac-8045-582e57e33ef8%3A3%3A1

192.243.59.20

200 OK

5.6 kB

URL GET HTTP/1.1
superiorickyfreshen.com/sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=10efd3ed-2482-4cac-8045-582e57e33ef8%3A3%3A1
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectsuperiorickyfreshen.com
Fingerprint4F:EB:46:C2:8E:8B:96:9B:27:C1:3E:65:91:0A:A1:29:05:16:DF:EE
ValidityTue, 16 May 2023 13:41:58 GMT - Mon, 14 Aug 2023 13:41:57 GMT

File type
ASCII text, with very long lines (5634), with no line terminators
Size
5.6 kB (5566 bytes)
Hash
365d6396a0365374e8864a5d3a0984d3
89159251c79eec9ae5947e6a4e10bfb24f41a8da
162d063bf49ac42bf27164bbc919248b6d971000d824882b02cd20bf7b0bd70c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=10efd3ed-2482-4cac-8045-582e57e33ef8%3A3%3A1 HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:13 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://clkmein.com
Access-Control-Allow-Origin: http://clkmein.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17078832; expires=Sun, 18 Jun 2023 05:55:13 GMT; secure; SameSite=None
uid_id2=10efd3ed-2482-4cac-8045-582e57e33ef8:3:1; expires=Sat, 24 Jun 2023 05:55:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 18 Jun 2023 05:55:13 GMT; secure; SameSite=None
uncs=1; expires=Sun, 18 Jun 2023 05:55:13 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 18 Jun 2023 05:55:13 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 18 Jun 2023 05:55:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0a2f67dd991c24218a5a3ad2d5635607
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ptauxofi.net/pfe/current/tag.min.js?z=4157053

139.45.197.250

200 OK

15 kB

URL GET HTTP/2
ptauxofi.net/pfe/current/tag.min.js?z=4157053
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT

File type
C source, ASCII text, with very long lines (14679), with no line terminators
Size
15 kB (14679 bytes)
Hash
14c32934745032eb37f0f3a47d4904d5
d078f01e7573173a0f604609b4e7c487f41fea4d
d6b4dda90bc32eca22039b16c531e9c247dd85927a4ab83181c240f709efe0e5

HTTP Headers

GET /pfe/current/tag.min.js?z=4157053 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:06 GMT
content-type: application/javascript
last-modified: Thu, 15 Jun 2023 13:18:05 GMT
etag: W/"648b0f8d-3957"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

ptauxofi.net/pfe/current/universal.min.js?v=3.1.440

139.45.197.250

200 OK

103 kB

URL GET HTTP/2
ptauxofi.net/pfe/current/universal.min.js?v=3.1.440
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate
IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
103 kB (103263 bytes)
Hash
08c89f96df68ac7c313b6c149a874b02
011d811e20041d0e654192b1f5dfc3f0801d5341
4e6a7f6a765f9221293d9b89110d66de87b602fb10ccf77c2441ca0e8534d5cd

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.440 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/javascript
last-modified: Thu, 15 Jun 2023 13:18:05 GMT
etag: W/"648b0f8d-1935f"
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by