clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
104.26.4.107200 OK 35 kB URL User Request GET HTTP/1.1 clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
IP 104.26.4.107:80
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (26650), with CRLF, LF line terminators
Hash a1bca3c729f7f49a99a2c5d7e247343d
496d223c850680db52b54b2355591bb5a6d15f0b
0a33b9147427c016475ffe94435ff421289eab6d3f4c20d4f0a2d78f35caf41f
GET /O2XGl648d4ab9c9156q1mFuGlCqIZO?r= HTTP/1.1
Host: clkmein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40-0+deb8u16
Set-Cookie: PHPSESSID=ld2fsg6gqpe023ah0oqjil1op3; expires=Sat, 17-Jun-2023 06:55:05 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Sun, 16-Jun-2024 05:55:06 GMT; Max-Age=31536000; path=/
referrer_url=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; httponly
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Frame-Options: DENY
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0zc3jhgH9nyX5mkLJDV5ygTnTPpEdycnBk09Bn3GZpBsAnWT0ev2xRZbe2tr%2F7uW2pxaeMvTGmDUT%2B4d%2BwWCmaEEWJeC1d2ObtQD2TcwOd5LOep5hX4RWjdPqIYC"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7d890aa9bd731c06-OSL
Content-Encoding: gzip
static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
104.26.6.218200 OK 25 kB URL GET HTTP/1.1 static.sh.st/js/packed/interstitial-page.js?2022-06-29.0
IP 104.26.6.218:80
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
File type Unicode text, UTF-8 text, with very long lines (20454)
Hash 06eb8d871dccb0da41b67abac7022ba9
dbe95283dcf49fac294a7d3445efad665c2ee790
88bb3be0111402f5ca81aaa36cbf7c4a2755099c5d0446831331e1d1d8e7a1ef
GET /js/packed/interstitial-page.js?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400
Cf-Bgj: minify
Cf-Polished: origSize=102880
ETag: W/"62bc140d-191e0"
Expires: Sat, 17 Jun 2023 20:06:11 GMT
Last-Modified: Wed, 29 Jun 2022 08:57:49 GMT
Vary: Accept-Encoding
X-Server-ID: shn03
X-UA-Compatible: IE=Edge
CF-Cache-Status: HIT
Age: 35335
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHVrO2pGuTxr9L0R5QGpXgv4Z3HFhcrgzTSeCbyv6Z5lSYZXw2DaHXH0Na9BU2kCrCoJ6Qu3kCGRqEFkGFEhQR3R2m3V6AqPlrhji6Lnv7hI0vr1x0ooEcJMILB55g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7d890aac9e7ab51d-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 4c58e00150b52a44a8ff135b29133181
d3efdac50fa272337927845f52a5137101d7debc
fadd34313125590be8b04e022a607aaaafb88fcd59b5e3969acbbdaf1f51c54b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
104.26.6.218200 OK 6.2 kB URL GET HTTP/1.1 static.sh.st/b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0
IP 104.26.6.218:80
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
File type PNG image data, 249 x 62, 8-bit/color RGBA, non-interlaced\012- data
Hash 9ca44d211b1779ef13c1f7406a76c1ff
8b5ab1222409a144c8f1d3bd2a098985bd0bcba7
fd7607ab554a8c5af9aed32593ae99aaf0682198dbbd277372e8b663bd98b001
GET /b5/4c/45/48/be/0d/ca/35/64/1c/e2/75/9d/8f/9e/2c/logo1707.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: image/png
Content-Length: 6226
Connection: keep-alive
Last-Modified: Fri, 17 Jul 2015 13:29:04 GMT
ETag: "55a90320-1852"
X-Server-ID: shn01
X-UA-Compatible: IE=Edge
Expires: Sat, 17 Jun 2023 14:17:35 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 56251
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YMLxOHReZPh5QogEbeksm0GsEDiLqMuUqgJNzNYUyvmNOK9HGaEhz2e3bzwSjIjdT5mtu3oU9iqOBX%2FXtk00SqN68xf2sJj5kc9nX2id8ZjapiPidC4L8AGCqyuFoA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d890aad1ed7b51d-OSL
alt-svc: h2=":443"; ma=60
clkmein.com/bundles/smeweb/img/tracking-38271.gif?t=1686981306
104.26.4.107200 OK 43 B URL GET HTTP/1.1 clkmein.com/bundles/smeweb/img/tracking-38271.gif?t=1686981306
IP 104.26.4.107:80
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /bundles/smeweb/img/tracking-38271.gif?t=1686981306 HTTP/1.1
Host: clkmein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Cookie: hl=en; cookies-enable=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn05
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SXWPH9vDXOOzfXUAHGg3NNseRbh37XJ2EN1D6PKAQy0TdlfapgZIHr8D%2FNCX1P7SFAeUmP9d%2Bp03puP0j5zdNoepRmsp7MLzkZfUKVrxdZZqLzXwlDnIR2T88dDe"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d890aad1f951c06-OSL
clkmein.com/bundles/advertisement/img/tracking.gif?test=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a
104.26.4.107200 OK 0 B URL GET HTTP/1.1 clkmein.com/bundles/advertisement/img/tracking.gif?test=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a
IP 104.26.4.107:80
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bundles/advertisement/img/tracking.gif?test=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a HTTP/1.1
Host: clkmein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Cookie: hl=en; cookies-enable=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:54 GMT
ETag: "62bc13d6-0"
X-Server-ID: shn09
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K3%2FR6cxN9I%2F4IXm81%2Bp9r2%2BbnQl%2BE8EDEWCU1lowfnNaBAYic%2FI85FRyTilBGI7%2FPLku2CLU8MMSxhs1F1zpiVPD6r9EKAdZ%2BCrHEeu4T4AFcLPcGvlMs7rel2gn"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d890aad18330b49-OSL
clkmein.com/bundles/smeweb/img/advertisement-tracking-38271.gif?t=1686981306
104.26.4.107200 OK 43 B URL GET HTTP/1.1 clkmein.com/bundles/smeweb/img/advertisement-tracking-38271.gif?t=1686981306
IP 104.26.4.107:80
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /bundles/smeweb/img/advertisement-tracking-38271.gif?t=1686981306 HTTP/1.1
Host: clkmein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Cookie: hl=en; cookies-enable=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Server-ID: shn06
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W5nevfUB7jCzGmh%2BczNRtQ1IgUxIqRATVmet2cprhx%2FViAPg2sscqA9X9qdDgUSDFD3Y%2FWS%2Bg%2FznP1b0b64kMmms%2BiVNBbc%2FchcKwa3zoCP23jIrUXhb9HecD9Go"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d890aad1f740b31-OSL
ocsp.pki.goog/gts1c3
142.250.74.131 472 B IP 142.250.74.131:0
Hash 4c58e00150b52a44a8ff135b29133181
d3efdac50fa272337927845f52a5137101d7debc
fadd34313125590be8b04e022a607aaaafb88fcd59b5e3969acbbdaf1f51c54b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ja.rewashwudu.com/fmwhVStpL4dxap/46223
23.109.82.97200 OK 26 B URL GET HTTP/1.1 ja.rewashwudu.com/fmwhVStpL4dxap/46223
IP 23.109.82.97:80
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
File type ASCII text, with no line terminators
Hash 4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce
GET /fmwhVStpL4dxap/46223 HTTP/1.1
Host: ja.rewashwudu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://clkmein.com
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jU1Sg0AQhSH8RQ1oV3EAj8AQMcnSTVbegZphGhwD06lmQuLtHa3S3fteffVeEASr8hHCJY0husgGnl8aXe97Ve31tsZq34vda9UoIbp6u1PycIA7M7dOqhFdDOt5kuxat8SwGdAim67tSGMOT976a06WrjaGRLG0Oodk8saYQ6aYrjNyGUFs5YSQHQ1jTzdvyE9iiIQQPhvrc1jBiuYyKu4heTf2cis2aVAUaQAP51G6nnhqjfaYDCw1QvgG6046HIi%2FINM4nxydAWjU7b%2F%2Fe5qMP2uQalxM55HcB%2FI3ouZOdQ%3D%3D; expires=Sun, 18-Jun-2023 05:55:06 GMT; Max-Age=86400; path=/
GL_GI10=eJwlTckKwjAUbJ4xLq0PB3rz0h%2BwuB56tff24BdIEA2UpKRx%2B3sjHoZZGGaSJKE8A5keWbUtq0152JXb4wHiBmpakLZQjfOvywfCgzZ7kLdI26FzRe0eNsRcQ%2F48hAGfOvMuzq57BOPsAIqY1c73zl%2FCFaJXAhSconhp8oyJRzznNI5qnvCUU1YYN%2B3696M1JlH%2Bp%2B9jXspY6yTEsIAIkZ%2BSV0p9AQoZJ54%3D; expires=Sun, 18-Jun-2023 05:55:06 GMT; Max-Age=86400; path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
104.26.6.218200 OK 84 kB URL GET HTTP/1.1 static.sh.st/bundles/smeweb/img/widget-sprite.png?2022-06-29.0
IP 104.26.6.218:80
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
File type PNG image data, 1000 x 2704, 8-bit colormap, non-interlaced\012- data
Hash 0eb6767d5ee6d6e7b3884a01b7730c80
4bc5d39918bcea70e852e0fb7b3d15caf0993434
8146dfca511f063c33c05e13e151ed3d3456441590a4b1358bbc99b320a02b8d
GET /bundles/smeweb/img/widget-sprite.png?2022-06-29.0 HTTP/1.1
Host: static.sh.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: image/png
Content-Length: 84545
Connection: keep-alive
Last-Modified: Wed, 29 Jun 2022 08:56:53 GMT
ETag: "62bc13d5-14a41"
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Expires: Sat, 17 Jun 2023 11:05:43 GMT
Cache-Control: max-age=86400
CF-Cache-Status: HIT
Age: 67763
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eebIUBMJOc6MNWZWcWlm19QmXWhoCBe05I8leRsOlwvMG%2FGjdR4cG9gCNh8DHngJ%2B9yzFh97pDn6R9vyeTLrKwoMrAMu7iBAguKgJcuvxyADX18IyNtbdzoOs7Y8kA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d890aadaf58b51d-OSL
alt-svc: h2=":443"; ma=60
ubbfpm.com/ms/1102360/inpage.js
95.216.206.230200 OK 201 kB URL GET HTTP/1.1 ubbfpm.com/ms/1102360/inpage.js
IP 95.216.206.230:443
ASN #24940 Hetzner Online GmbH
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectubbfpm.com
FingerprintA2:0C:E1:AA:B3:4F:02:D9:6C:68:9E:FE:AA:AD:20:F2:F2:F3:CB:7C
ValiditySun, 28 May 2023 13:41:52 GMT - Sat, 26 Aug 2023 13:41:51 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 201 kB (200738 bytes)
Hash af413834dffb762ffcfa6c20ce98ad42
1cc019785a20cf05f8804da008409a6ed8ba4a72
37800f9f2bb9d6543c17667dca9695da535d5b01fcf095db9d20d9782f1d22d0
GET /ms/1102360/inpage.js HTTP/1.1
Host: ubbfpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: application/javascript
Content-Length: 200738
Last-Modified: Fri, 21 Apr 2023 15:45:14 GMT
Connection: keep-alive
ETag: "6442af8a-31022"
X-Frame-Options: sameorigin
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Referrer-Policy: strict-origin
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 4c33dd00acf3e9ec3caa92992e03b532
f900808eafea946f52a49a7e536a97b2331d9f01
a00bc1576320e4aaa26267eb2836c33f6795cd1ace69497ecb52c0f584a00e2c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash f15247b894a1208e9114096e5471926e
9a0866397ba8755ce3feb083c203794575e3cab1
8fe29e24b8a4a510ea04168e92e9134e03d52b292b8616ecd4e02b334247ae07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash f15247b894a1208e9114096e5471926e
9a0866397ba8755ce3feb083c203794575e3cab1
8fe29e24b8a4a510ea04168e92e9134e03d52b292b8616ecd4e02b334247ae07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
216.58.207.227200 OK 46 kB URL GET HTTP/2 fonts.gstatic.com/s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2
IP 216.58.207.227:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC9:2E:2A:45:EE:CD:C4:04:39:8F:FA:80:3A:30:4F:97:C2:F4:BF:E4
ValidityMon, 22 May 2023 08:22:04 GMT - Mon, 14 Aug 2023 08:22:03 GMT
File type Web Open Font Format (Version 2), TrueType, length 46524, version 1.0\012- data
Hash c1fd378f54921c75e4ae1821e7b8fff6
2ce96e97783b2f154d07f4464ca6f8eb2469f2c1
405ceee1c2f5c31f1cb94ebc63d49a43fddd1471c2c7401a01c7c11bb1d93826
GET /s/raleway/v28/1Ptug8zYS_SKggPNyC0ITw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46524
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 13 Jun 2023 10:39:52 GMT
expires: Wed, 12 Jun 2024 10:39:52 GMT
cache-control: public, max-age=31536000
age: 328514
last-modified: Mon, 18 Jul 2022 19:58:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
142.250.74.168200 OK 42 kB URL GET HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5SFMWPJ
IP 142.250.74.168:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint10:38:7C:36:39:48:3A:75:B3:8C:F2:4A:E7:C5:44:0B:9D:46:7F:F8
ValidityMon, 22 May 2023 08:17:22 GMT - Mon, 14 Aug 2023 08:17:21 GMT
File type ASCII text, with very long lines (2271)
Hash 40fd4fcd4cfc0e66ea0355c9ac0eeccb
d94705e6b7ba44b6e796c1ff3eac2560691aba16
839b4fa4c3106c7a62dc9bf9492eedf103b593eec8fb478a3c11ef69cd0c69f1
GET /gtm.js?id=GTM-5SFMWPJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 17 Jun 2023 05:55:06 GMT
expires: Sat, 17 Jun 2023 05:55:06 GMT
cache-control: private, max-age=900
last-modified: Sat, 17 Jun 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 41843
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Raleway:400,700
142.250.74.106200 OK 47 kB URL GET HTTP/2 fonts.googleapis.com/css?family=Raleway:400,700
IP 142.250.74.106:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintA4:D0:2E:0C:FB:98:7C:38:24:ED:CC:2B:FE:74:AA:48:C4:9A:27:90
ValidityMon, 22 May 2023 08:22:04 GMT - Mon, 14 Aug 2023 08:22:03 GMT
File type gzip compressed data, max compression\012- data
Hash 0e76ffbc3d67bcf0b1dc39f39071aaf3
ad21978360cce560d375d566a3ae31205a09f1a3
e50cd940e4747912fa08ad2f6a8149f724ea58475cdbb342267bdecfd9a36a58
GET /css?family=Raleway:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 17 Jun 2023 05:55:06 GMT
date: Sat, 17 Jun 2023 05:55:06 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash f15247b894a1208e9114096e5471926e
9a0866397ba8755ce3feb083c203794575e3cab1
8fe29e24b8a4a510ea04168e92e9134e03d52b292b8616ecd4e02b334247ae07
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 4c33dd00acf3e9ec3caa92992e03b532
f900808eafea946f52a49a7e536a97b2331d9f01
a00bc1576320e4aaa26267eb2836c33f6795cd1ace69497ecb52c0f584a00e2c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 17 Jun 2023 05:55:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c
142.250.74.168200 OK 55 kB URL GET HTTP/3 www.googletagmanager.com/gtag/js?id=AW-997869120&l=dataLayer&cx=c
IP 142.250.74.168:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint10:38:7C:36:39:48:3A:75:B3:8C:F2:4A:E7:C5:44:0B:9D:46:7F:F8
ValidityMon, 22 May 2023 08:17:22 GMT - Mon, 14 Aug 2023 08:17:21 GMT
File type ASCII text, with very long lines (2271)
Hash 13a6c633fb71a750aeba3a04f7285194
232779274ab266356468b01be8a64446a2bbac4b
195ba2ad52fb8dd0ea3f09831eb5308d41791f262a5bec5d7007112c2ce76506
GET /gtag/js?id=AW-997869120&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 17 Jun 2023 05:55:06 GMT
expires: Sat, 17 Jun 2023 05:55:06 GMT
cache-control: private, max-age=900
last-modified: Sat, 17 Jun 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 54590
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
192.243.59.20200 OK 21 kB URL GET HTTP/1.1 endangersquarereducing.com/34/c6/b3/34c6b37755370ea4318f4ff4946df449.js
IP 192.243.59.20:80
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
File type HTML document, ASCII text, with very long lines (59375)
Hash 95ee65c71e53e72dfa9d9d2d74e69400
eac1d46c347c6029b3b8fc781e2bb7e2dea3d15c
76f574d45e9a4e84208b7999f23342e0ca6fc94832d5e933a63ec3d72cbb3554
GET /34/c6/b3/34c6b37755370ea4318f4ff4946df449.js HTTP/1.1
Host: endangersquarereducing.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2380-1=1; expires=Tue, 20 Jun 2023 05:55:06 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e6d6e7b199f266c3002b385632d55728
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.r2m01.amazontrust.com/
54.230.80.227 471 B URL ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 3c35122f6af5ea3e5671c86d4ca88bbc
a9f593511024c31010f6ff956c3a7651e1b7d9af
818a7657de6b657efe5ef1cef2d0b2b938d08f1f3b8f5772a61f47a0856f9af6
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 17 Jun 2023 05:55:07 GMT
Last-Modified: Sat, 17 Jun 2023 04:06:23 GMT
Server: ECAcc (nya/7968)
X-Cache: Miss from cloudfront
Via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: tZxfw65LrKmvJB_zZeV2hyBFVYlqmK8dk81Oroavfq3r3Ig1-umdJQ==
Age: 6524
respectablecharacteristicrider.com/pixel/purst?dl=0&th=0&sc=0&rs=2182&rd=2182&fd=607&bv=23.6.v.1&tmpl=70
173.233.137.44200 OK 0 B URL GET HTTP/1.1 respectablecharacteristicrider.com/pixel/purst?dl=0&th=0&sc=0&rs=2182&rd=2182&fd=607&bv=23.6.v.1&tmpl=70
IP 173.233.137.44:80
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2182&rd=2182&fd=607&bv=23.6.v.1&tmpl=70 HTTP/1.1
Host: respectablecharacteristicrider.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:07 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
addresseepaper.com/sfp.js
199.59.243.223403 Forbidden 111 B URL GET HTTP/1.1 addresseepaper.com/sfp.js
IP 199.59.243.223:80
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8b181bb6767bc5795dcf17341a387e5b
b5e2a9fb1f8a4aad3c7127c769af4c780b47bef4
32cbc376cd769a26d108ae31678f975b863b7066e110c59d9a212c7281bd8c81
Analyzer Verdict Alert quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: openresty
Date: Sat, 17 Jun 2023 05:55:07 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
x-backend-server: ip-10-201-16-117.ec2.internal
Content-Encoding: gzip
simplewebanalysis.com/stats
52.58.93.188200 OK 40 B URL GET HTTP/2 simplewebanalysis.com/stats
IP 52.58.93.188:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerAmazon
Subjectsimplewebanalysis.com
FingerprintE5:9D:30:D3:0E:8A:EF:0D:43:46:4C:4C:53:AD:05:78:63:E9:04:07
ValidityThu, 02 Mar 2023 00:00:00 GMT - Sun, 31 Mar 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 3a2dcd1046656ff1b60d7112cc760b0d
b941a9241f079707141e84dfd150f6d0a0104ccd
69708334c41589d9bda01d986811524a9ab5c1d3b64e77e0afdb647295e4deae
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://clkmein.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=10efd3ed-2482-4cac-8045-582e57e33ef8:3:1; expires=Tue, 14 Jun 2033 05:55:07 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=clkmein.com&var=&ymid=&var_3=
139.45.197.250200 OK 908 B URL GET HTTP/2 ptauxofi.net/zone?pub=0&zone_id=4157053&is_mobile=false&domain=clkmein.com&var=&ymid=&var_3=
IP 139.45.197.250:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT
File type JSON data\012- , ASCII text, with very long lines (907)
Hash 4a475681dd3fdb63073f740f13b06977
256ac9df787776671076d19900878722c4e3eacc
e59808a0236875606d894a1ad2e85c83ebb1f19effd57746de46dee7d71e60a0
GET /zone?pub=0&zone_id=4157053&is_mobile=false&domain=clkmein.com&var=&ymid=&var_3= HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 908
x-trace-id: 1fdf0c9bbfcc3e638bce4248b2f01078
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
xngqoc.com/cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=0&if=0&u=aHR0cDovL2Nsa21laW4uY29tL08yWEdsNjQ4ZDRhYjljOTE1NnExbUZ1R2xDcUlaTw==
185.162.85.14204 No Content 0 B URL GET HTTP/2 xngqoc.com/cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=0&if=0&u=aHR0cDovL2Nsa21laW4uY29tL08yWEdsNjQ4ZDRhYjljOTE1NnExbUZ1R2xDcUlaTw==
IP 185.162.85.14:443
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectxngqoc.com
Fingerprint4D:ED:76:7E:B2:4F:87:9C:A3:0B:79:50:6F:CF:19:D2:D9:16:F6:BF
ValidityTue, 02 May 2023 05:01:15 GMT - Mon, 31 Jul 2023 05:01:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /cuload?a=1&e=aeyJwaWQiOjExNDQ2NDYsInNpZCI6MTE5MDM3NSwid2lkIjo0MzMzNDAsImQiOiIiLCJsaSI6MX0=&tz=0&if=0&u=aHR0cDovL2Nsa21laW4uY29tL08yWEdsNjQ4ZDRhYjljOTE1NnExbUZ1R2xDcUlaTw== HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.18.0
date: Sat, 17 Jun 2023 05:55:07 GMT
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2
xngqoc.com/er?a=1
185.162.85.14200 OK 0 B IP 185.162.85.14:443
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectxngqoc.com
Fingerprint4D:ED:76:7E:B2:4F:87:9C:A3:0B:79:50:6F:CF:19:D2:D9:16:F6:BF
ValidityTue, 02 May 2023 05:01:15 GMT - Mon, 31 Jul 2023 05:01:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /er?a=1 HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 17 Jun 2023 05:55:07 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
respectablecharacteristicrider.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js
173.233.137.44200 OK 13 kB URL GET HTTP/1.1 respectablecharacteristicrider.com/08/26/66/0826667673c6afa9f85340ed4fc8ef57.js
IP 173.233.137.44:80
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
File type ASCII text, with very long lines (37141), with no line terminators
Hash 76875fc28094ec5e778984d213846d58
5045237b10561f40562a4e3e4049c6def80d417e
674fea4cacc6ab4b2e9c45e64cea81140ee5eaf8e3b8481faef47666b68a9352
Analyzer Verdict Alert Public Nextron yara rules malware Detects JS obfuscation done by the js obfuscator (often malicious)
quad9 Sinkholed
GET /08/26/66/0826667673c6afa9f85340ed4fc8ef57.js HTTP/1.1
Host: respectablecharacteristicrider.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f34ce437d16ee7ef9f7b2b8604eef702
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ptauxofi.net/custom
139.45.197.250200 OK 0 B IP 139.45.197.250:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Content-Type: application/json
Content-Length: 387
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 585bd1d45101bba7036f4c75c5867417
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
xngqoc.com/trt?a=1&t=310
185.162.85.14200 OK 0 B IP 185.162.85.14:443
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectxngqoc.com
Fingerprint4D:ED:76:7E:B2:4F:87:9C:A3:0B:79:50:6F:CF:19:D2:D9:16:F6:BF
ValidityTue, 02 May 2023 05:01:15 GMT - Mon, 31 Jul 2023 05:01:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /trt?a=1&t=310 HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 17 Jun 2023 05:55:07 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
amunfezanttor.com/event
139.45.197.250200 OK 0 B IP 139.45.197.250:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-max-age: 86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?pub=0&userId=eaaace5419d14d9f96657ee16b6ef7cd&zoneId=4157053&checkDuplicate=true&ymid=&var=
139.45.195.8200 OK 65 B URL GET HTTP/2 my.rtmark.net/gid.js?pub=0&userId=eaaace5419d14d9f96657ee16b6ef7cd&zoneId=4157053&checkDuplicate=true&ymid=&var=
IP 139.45.195.8:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint84:56:36:C3:24:DE:FB:F0:E7:EB:EB:9D:C8:B6:28:31:B5:3C:8B:80
ValiditySat, 06 May 2023 08:48:01 GMT - Fri, 04 Aug 2023 08:48:00 GMT
File type JSON data\012- , ASCII text
Hash ea15b7394b3f6a00765177878bb82d55
46628a9bdb27a1f5a9aa62e97092a45f36dd426c
4014e434739b1a1da693f5ed489934bedc9af6513a8fe192a0aa5306d6298883
GET /gid.js?pub=0&userId=eaaace5419d14d9f96657ee16b6ef7cd&zoneId=4157053&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://clkmein.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=eaaace5419d14d9f96657ee16b6ef7cd; expires=Sun, 16 Jun 2024 05:55:07 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
amunfezanttor.com/event
139.45.197.250200 OK 94 B IP 139.45.197.250:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT
File type JSON data\012- , ASCII text
Hash 5071ab33a3680b7c0393861ede27dc16
073b22dacebe0d6e6ef06d14b29e5e1249ae2bb7
5f7c09e410d39cf727462e2f4fd25f572bf5b40e1a6640545d2db1adbb88dd55
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Content-Type: application/json
Content-Length: 509
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: c150cb62da321a364b9770e28a93e6df
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.202.23200 OK 28 kB URL GET HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.202.23:80
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 8bf542db65f0ff20d510889d62e5e092
1b1b7cc04275b7641e2f07b0f4bf99b5387303bf
77a3bebee72af7beb49cd94b7f16852a532aac5f3db8f610160440fe75ca4711
Analyzer Verdict Alert Public Nextron yara rules malware Detects JS obfuscation done by the js obfuscator (often malicious)
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:07 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: ab1c95f7b4a31f2dd21f6f58e4e38fab
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Sat, 17 Jun 2023 05:55:07 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HgR5FWVww7qhB1KiJdqYjMAr7L5zGex4swJZo8L3lAP9L3yhxsE%2BVaNOUlMbebcdtemwAUlBqFvjhNAh%2Fp8qwTMYVKSqykPK%2B2aV2stUFu52fY1h2H5oBVL5Spyo8m8RH7d%2BwPg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d890ab2c935755a-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
amunfezanttor.com/event
139.45.197.250200 OK 94 B IP 139.45.197.250:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectamunfezanttor.com
Fingerprint06:75:EF:D1:99:AE:A5:FA:8B:93:D3:D4:ED:BD:88:51:DA:2A:62:B3
ValidityFri, 31 Mar 2023 10:01:30 GMT - Thu, 29 Jun 2023 10:01:29 GMT
File type JSON data\012- , ASCII text
Hash 378e344ab073bcccf2ca8431f7c3a8ad
fea23c3c1790206bcee6adcd5bb7c9d8250c4c78
c03de449ffc7ed98cc6d49642df2fe0903d571113c9dbbbbf9767c03c5afbff4
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Content-Type: application/json
Content-Length: 509
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 94
x-trace-id: 177bd1cfc483e72cac7664e85154ef19
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
prhzxq.com/wnrw?aid=15368011315392105229&t=1686981307&a=1
185.162.85.3200 OK 0 B URL GET HTTP/2 prhzxq.com/wnrw?aid=15368011315392105229&t=1686981307&a=1
IP 185.162.85.3:443
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectprhzxq.com
Fingerprint6D:AB:12:36:72:62:BB:6F:23:70:47:C5:CA:25:CF:D2:AB:BC:B2:54
ValiditySat, 20 May 2023 02:24:39 GMT - Fri, 18 Aug 2023 02:24:38 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wnrw?aid=15368011315392105229&t=1686981307&a=1 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 17 Jun 2023 05:55:07 GMT
content-length: 0
access-control-allow-origin: http://clkmein.com
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
192.243.61.225200 OK 0 B URL GET HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.61.225:80
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:07 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0217a90092722959f22abedb6b27eb1d
Strict-Transport-Security: max-age=0; includeSubdomains
eu.doctorpost.net/nty/metrics/save.img?event=impressions&bid-id=v2-1686981307313-7-8084-1241070-9a7dd09e-5441-2667-3cdf-615c252c2b94&img=https%3A%2F%2Fcdn.adx1.com%2Fe3f9768e80ee031d0ca3ffb82bda5d8a.jpeg
38.100.129.67302 Found 0 B URL GET HTTP/2 eu.doctorpost.net/nty/metrics/save.img?event=impressions&bid-id=v2-1686981307313-7-8084-1241070-9a7dd09e-5441-2667-3cdf-615c252c2b94&img=https%3A%2F%2Fcdn.adx1.com%2Fe3f9768e80ee031d0ca3ffb82bda5d8a.jpeg
IP 38.100.129.67:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subject*.doctorpost.net
Fingerprint03:CF:FD:3D:A3:A5:17:2C:F7:EB:78:69:2E:B0:F7:EA:82:52:AD:FB
ValidityThu, 20 Apr 2023 23:02:23 GMT - Wed, 19 Jul 2023 23:02:22 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /nty/metrics/save.img?event=impressions&bid-id=v2-1686981307313-7-8084-1241070-9a7dd09e-5441-2667-3cdf-615c252c2b94&img=https%3A%2F%2Fcdn.adx1.com%2Fe3f9768e80ee031d0ca3ffb82bda5d8a.jpeg HTTP/1.1
Host: eu.doctorpost.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Sat, 17 Jun 2023 05:55:07 GMT
content-length: 0
location: https://cdn.adx1.com/e3f9768e80ee031d0ca3ffb82bda5d8a.jpeg
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/defaultSkin.min.js
139.45.197.250200 OK 20 kB URL GET HTTP/2 ptauxofi.net/pfe/current/defaultSkin.min.js
IP 139.45.197.250:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT
File type gzip compressed data, max speed, from Unix\012- data
Hash e9a509bd03dba6834098a39034b63a9c
d68afd4691f4e80cec329866c08992f8344bae40
388d2f36b8afebc478a4d523c1cad204fc5cebb0ff63a0696164d0d9f2583078
GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/javascript
last-modified: Thu, 15 Jun 2023 13:18:05 GMT
etag: W/"648b0f8d-df63"
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Content-Type: application/json
Content-Length: 388
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: c226ff5a2b396527652fbd4205d00910
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ptauxofi.net/custom
139.45.197.250200 OK 39 B IP 139.45.197.250:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT
File type JSON data\012- , ASCII text
Hash 058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Content-Type: application/json
Content-Length: 732
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b18836a0f6e42f5fee30c00e10983c8a
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=10efd3ed-2482-4cac-8045-582e57e33ef8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5
192.243.59.12200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=10efd3ed-2482-4cac-8045-582e57e33ef8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5
IP 192.243.59.12:80
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=10efd3ed-2482-4cac-8045-582e57e33ef8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=0826667673c6afa9f85340ed4fc8ef57&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:08 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7b9a7145ea34f0992915faa0ee73b7bd
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=10efd3ed-2482-4cac-8045-582e57e33ef8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5
192.243.59.12200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=10efd3ed-2482-4cac-8045-582e57e33ef8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5
IP 192.243.59.12:80
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=10efd3ed-2482-4cac-8045-582e57e33ef8&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2077&b_frame=0&pk=34c6b37755370ea4318f4ff4946df449&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=5 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:08 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 97d9e0dee795f9045419a0533c0da4bd
Strict-Transport-Security: max-age=0; includeSubdomains
i.wmgtr.com/cic/d186Z1xqbgoLvkVafC4w0Mh9PeSfEmlg.png
45.133.44.32 18 kB URL GET i.wmgtr.com/cic/d186Z1xqbgoLvkVafC4w0Mh9PeSfEmlg.png
IP 45.133.44.32:0
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjecti.wmgtr.com
Fingerprint7D:1B:65:9B:B8:35:3F:63:AA:D6:0E:B1:DB:13:80:AA:F0:55:75:FC
ValiditySun, 23 Apr 2023 23:02:02 GMT - Sat, 22 Jul 2023 23:02:01 GMT
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash acb787f05bdc3b72341b39c9ee3936c4
72592389ec8bdc0e014ea21c8f2b202a99c21dfd
27b5ac39b06a071c2be4aed926fc70095f94334bce56f47a4d381aa128d003dc
GET /cic/d186Z1xqbgoLvkVafC4w0Mh9PeSfEmlg.png HTTP/1.1
Host: i.wmgtr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: image/png
server: nginx/1.19.0
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-option: nosniff
content-encoding: gzip
cache-control: max-age=82800
expires: Sun, 18 Jun 2023 04:55:07 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.barscreative1.com/sb/interstitial/software/norton/us/1/index.html
45.133.44.4200 OK 888 B URL GET HTTP/2 cdn.barscreative1.com/sb/interstitial/software/norton/us/1/index.html
IP 45.133.44.4:443
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint0B:AE:8A:C0:29:EA:B0:86:29:66:F6:7E:76:63:66:57:38:88:FC:E6
ValidityMon, 15 May 2023 04:01:53 GMT - Sun, 13 Aug 2023 04:01:52 GMT
File type HTML document text\012- HTML document, ASCII text
Hash 9da90deb5228e3d6f428bf2c1ec63c10
ac9efba63c33796d31132f2f16cd02e143fa18e0
9381287002caae0ed6df330e51f16e7ec24005e4748f522bc4ba9d989541def3
GET /sb/interstitial/software/norton/us/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:13 GMT
content-type: text/html; charset=utf-8
content-length: 888
server: nginx/1.17.6
last-modified: Fri, 02 Jul 2021 09:04:59 GMT
etag: "60ded6bb-378"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Sat, 17 Jun 2023 06:55:13 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
superiorickyfreshen.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSMW8cRRidTUwKqEBQpEA6IQoQ%2BLy7t3e3RwqUEIwCJo4SEHRodmb2PHhuZzWzc3t2KAyRUBqko6Vav7NjBawIOhpQWNNFQvJRucBISPwCpFQU6GyLg6%2F53vveV7x533y%2B7Y6JD0ePlt%2FVm1IputRu%2Bo2XPgyCS40VmblRYxR3PupElxpm%2BFrg95r%2By423BFvXS6Ef%2BH7gB41laUSqR0tBEDR9yHy%2FFzR7fjMKm0E7wsj8n1vnwVIPfHhMnoHk0yf3H0SQrEY2%2BPaqsOuFzl99c%2BAULbTBkO%2B9n61nuswwmMPUeEizvbNtaHu4%2FCN0tntiGHr472Iip8T78w8k2d6ZSyTD3VOjiYLIkPCnUA5rCFVD0hpM34HkhwRgHNdXkQ3uXdempBunKp2pU7Lw%2BC%2FIckoWfnsW2eDBFSVHjVtauULqzGKUVpCjGrJfI3cHKDbPQZYHYMVnkPwXsvR4BdlgZ9UqDcmPXgx8kfKW4IthFIeLEaNsMfaj9mI7DkW7K1otkcYnCUlZQ6Y1lBiD2vNw1oOTHlzqweUeBvyo0WVRHPO4zalgLEzSIE6jNOpR5qfMb%2FVCODZ7wxhFPgZTYzCzhdxsYV2OYdxD2LUKlnuwBcGQVygFQWkJSkpQSoKyICiH1S5XNrTVPa6sS4KzHp71VjXRRX%2Bb7uqiLzKynR%2BTp2fBeQtf%2BVgXRw0%2FDjudTrfTbbEOTWkvjdutyBc8Slks0nYXVlaQ9hyo9bApp%2BTi5CFyOSVPfP83EnoAqw7A5Aug7nnQctINfdC1SRT72Mzu2zVtCtG0BbiukBcLKDa8bXVMLp5c75Xbn0KwR%2BSswEyF3FT4WP5M0Fd3Jzd1SXZu6tKS71bzQg7kJp1d9lZBC3Hh63fERqkNv3bVju9fZjNhBvffE7ZYoRmXWd%2BSb65IzoVZ1oYJ8sM1%2B4FIbji7dsWZzOUrN95YvjbIjbBW6qwGlYefdMDklFy4vHvyZ5%2F7%2FTakqWFchYGbO5W6Bsu3YPP5zGoCo%2BY8yT2UrpqYMJkPlSRQYs5pUsH%2BhydzvG3vom880OIOskGFoakwVBWoGsO685MiN49e%2F7V1UkiUN0mU8XYSZdSXp9FaedQQXdHp9SI%2F6nLfTyIehkFbMNqKaI%2BGYdpFYaf8i7d%2F%2BgcAAP%2F%2FAQAA%2F%2F8aj58OgAQAAA%3D%3D
192.243.59.20200 OK 7 B URL GET HTTP/1.1 superiorickyfreshen.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSMW8cRRidTUwKqEBQpEA6IQoQ%2BLy7t3e3RwqUEIwCJo4SEHRodmb2PHhuZzWzc3t2KAyRUBqko6Vav7NjBawIOhpQWNNFQvJRucBISPwCpFQU6GyLg6%2F53vveV7x533y%2B7Y6JD0ePlt%2FVm1IputRu%2Bo2XPgyCS40VmblRYxR3PupElxpm%2BFrg95r%2By423BFvXS6Ef%2BH7gB41laUSqR0tBEDR9yHy%2FFzR7fjMKm0E7wsj8n1vnwVIPfHhMnoHk0yf3H0SQrEY2%2BPaqsOuFzl99c%2BAULbTBkO%2B9n61nuswwmMPUeEizvbNtaHu4%2FCN0tntiGHr472Iip8T78w8k2d6ZSyTD3VOjiYLIkPCnUA5rCFVD0hpM34HkhwRgHNdXkQ3uXdempBunKp2pU7Lw%2BC%2FIckoWfnsW2eDBFSVHjVtauULqzGKUVpCjGrJfI3cHKDbPQZYHYMVnkPwXsvR4BdlgZ9UqDcmPXgx8kfKW4IthFIeLEaNsMfaj9mI7DkW7K1otkcYnCUlZQ6Y1lBiD2vNw1oOTHlzqweUeBvyo0WVRHPO4zalgLEzSIE6jNOpR5qfMb%2FVCODZ7wxhFPgZTYzCzhdxsYV2OYdxD2LUKlnuwBcGQVygFQWkJSkpQSoKyICiH1S5XNrTVPa6sS4KzHp71VjXRRX%2Bb7uqiLzKynR%2BTp2fBeQtf%2BVgXRw0%2FDjudTrfTbbEOTWkvjdutyBc8Slks0nYXVlaQ9hyo9bApp%2BTi5CFyOSVPfP83EnoAqw7A5Aug7nnQctINfdC1SRT72Mzu2zVtCtG0BbiukBcLKDa8bXVMLp5c75Xbn0KwR%2BSswEyF3FT4WP5M0Fd3Jzd1SXZu6tKS71bzQg7kJp1d9lZBC3Hh63fERqkNv3bVju9fZjNhBvffE7ZYoRmXWd%2BSb65IzoVZ1oYJ8sM1%2B4FIbji7dsWZzOUrN95YvjbIjbBW6qwGlYefdMDklFy4vHvyZ5%2F7%2FTakqWFchYGbO5W6Bsu3YPP5zGoCo%2BY8yT2UrpqYMJkPlSRQYs5pUsH%2BhydzvG3vom880OIOskGFoakwVBWoGsO685MiN49e%2F7V1UkiUN0mU8XYSZdSXp9FaedQQXdHp9SI%2F6nLfTyIehkFbMNqKaI%2BGYdpFYaf8i7d%2F%2BgcAAP%2F%2FAQAA%2F%2F8aj58OgAQAAA%3D%3D
IP 192.243.59.20:443
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectsuperiorickyfreshen.com
Fingerprint4F:EB:46:C2:8E:8B:96:9B:27:C1:3E:65:91:0A:A1:29:05:16:DF:EE
ValidityTue, 16 May 2023 13:41:58 GMT - Mon, 14 Aug 2023 13:41:57 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSMW8cRRidTUwKqEBQpEA6IQoQ%2BLy7t3e3RwqUEIwCJo4SEHRodmb2PHhuZzWzc3t2KAyRUBqko6Vav7NjBawIOhpQWNNFQvJRucBISPwCpFQU6GyLg6%2F53vveV7x533y%2B7Y6JD0ePlt%2FVm1IputRu%2Bo2XPgyCS40VmblRYxR3PupElxpm%2BFrg95r%2By423BFvXS6Ef%2BH7gB41laUSqR0tBEDR9yHy%2FFzR7fjMKm0E7wsj8n1vnwVIPfHhMnoHk0yf3H0SQrEY2%2BPaqsOuFzl99c%2BAULbTBkO%2B9n61nuswwmMPUeEizvbNtaHu4%2FCN0tntiGHr472Iip8T78w8k2d6ZSyTD3VOjiYLIkPCnUA5rCFVD0hpM34HkhwRgHNdXkQ3uXdempBunKp2pU7Lw%2BC%2FIckoWfnsW2eDBFSVHjVtauULqzGKUVpCjGrJfI3cHKDbPQZYHYMVnkPwXsvR4BdlgZ9UqDcmPXgx8kfKW4IthFIeLEaNsMfaj9mI7DkW7K1otkcYnCUlZQ6Y1lBiD2vNw1oOTHlzqweUeBvyo0WVRHPO4zalgLEzSIE6jNOpR5qfMb%2FVCODZ7wxhFPgZTYzCzhdxsYV2OYdxD2LUKlnuwBcGQVygFQWkJSkpQSoKyICiH1S5XNrTVPa6sS4KzHp71VjXRRX%2Bb7uqiLzKynR%2BTp2fBeQtf%2BVgXRw0%2FDjudTrfTbbEOTWkvjdutyBc8Slks0nYXVlaQ9hyo9bApp%2BTi5CFyOSVPfP83EnoAqw7A5Aug7nnQctINfdC1SRT72Mzu2zVtCtG0BbiukBcLKDa8bXVMLp5c75Xbn0KwR%2BSswEyF3FT4WP5M0Fd3Jzd1SXZu6tKS71bzQg7kJp1d9lZBC3Hh63fERqkNv3bVju9fZjNhBvffE7ZYoRmXWd%2BSb65IzoVZ1oYJ8sM1%2B4FIbji7dsWZzOUrN95YvjbIjbBW6qwGlYefdMDklFy4vHvyZ5%2F7%2FTakqWFchYGbO5W6Bsu3YPP5zGoCo%2BY8yT2UrpqYMJkPlSRQYs5pUsH%2BhydzvG3vom880OIOskGFoakwVBWoGsO685MiN49e%2F7V1UkiUN0mU8XYSZdSXp9FaedQQXdHp9SI%2F6nLfTyIehkFbMNqKaI%2BGYdpFYaf8i7d%2F%2BgcAAP%2F%2FAQAA%2F%2F8aj58OgAQAAA%3D%3D HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Cookie: u_pl=17078832; uid_id2=10efd3ed-2482-4cac-8045-582e57e33ef8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:13 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4eaed96cde4ac1da8a41f6d2dd062cb6
Strict-Transport-Security: max-age=0; includeSubdomains
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.74200 OK 693 B URL GET HTTP/1.1 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.74:80
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Hash e8e4cfffdfbdea8388ebfcabeaa5eb5e
11886e1c95ae73f4839a30bf1fc93157c75f468e
611648a43dde7a75ebdd318079c5c21d48d2d1d0a991b08b304376c5f0775fb9
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Sat, 17 Jun 2023 05:55:13 GMT
Date: Sat, 17 Jun 2023 05:55:13 GMT
Cache-Control: private, max-age=86400
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin-allow-popups
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Nsa21laW4uY29tL08yWEdsNjQ4ZDRhYjljOTE1NnExbUZ1R2xDcUlaTw==&inc=1
185.162.85.3200 OK 96 kB URL GET HTTP/2 prhzxq.com/wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Nsa21laW4uY29tL08yWEdsNjQ4ZDRhYjljOTE1NnExbUZ1R2xDcUlaTw==&inc=1
IP 185.162.85.3:443
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectprhzxq.com
Fingerprint6D:AB:12:36:72:62:BB:6F:23:70:47:C5:CA:25:CF:D2:AB:BC:B2:54
ValiditySat, 20 May 2023 02:24:39 GMT - Fri, 18 Aug 2023 02:24:38 GMT
File type gzip compressed data, from Unix\012- data
Hash ec459840271a685fc50e45515b21c4d6
e5f86973c5e46579847afa5be660a2730deb1beb
985ad10404f4ef3c2c1a24c4f046d2910b656f6fa9857ea576ad9ca481421ced
GET /wnload?a=1&e=aeyJwaWQiOjExMDIzNjAsInNpZCI6MTE5NDYyMywid2lkIjo0Mzk2MzQsImQiOiIiLCJsaSI6Mn0=&tz=0&if=0&u=aHR0cDovL2Nsa21laW4uY29tL08yWEdsNjQ4ZDRhYjljOTE1NnExbUZ1R2xDcUlaTw==&inc=1 HTTP/1.1
Host: prhzxq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
clkmein.com/shortest-url/end-adsession?adSessionId=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a&adbd=0&callback=reqwest_1686981305746
104.26.4.107200 OK 127 B URL GET HTTP/1.1 clkmein.com/shortest-url/end-adsession?adSessionId=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a&adbd=0&callback=reqwest_1686981305746
IP 104.26.4.107:80
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
File type ASCII text, with no line terminators
Hash 3dc12a4332c1021d7294a1365af720a2
b456a5f958a298096d92135d8525463d3c256fd9
ca21f8ca106ed754cefe2136d44c15f58b62cfad4f5a36d9f4c2e1bf77a4e4a4
GET /shortest-url/end-adsession?adSessionId=fe818422f7c7e2f1988a1156b8a4ec9c0b7adb2a&adbd=0&callback=reqwest_1686981305746 HTTP/1.1
Host: clkmein.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Cookie: hl=en; cookies-enable=1; _gcl_au=1.1.802161943.1686981306; dom3ic8zudi28v8lr6fgphwffqoz0j6c=10efd3ed-2482-4cac-8045-582e57e33ef8%3A3%3A1; sb_main_0826667673c6afa9f85340ed4fc8ef57=1; sb_count_0826667673c6afa9f85340ed4fc8ef57=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=superiorickyfreshen.com
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 17 Jun 2023 05:55:13 GMT
Content-Type: text/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.6.40-0+deb8u16
Set-Cookie: PHPSESSID=iakl5kretoc4t0u9q4o9jd8870; expires=Sat, 17-Jun-2023 06:55:13 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
referrer_url=http%3A%2F%2Fclkmein.com%2FO2XGl648d4ab9c9156q1mFuGlCqIZO%3Fr%3D; expires=Sun, 18-Jun-2023 05:55:13 GMT; Max-Age=86400; path=/; httponly
cookies-enable=1; path=/; httponly
Cache-Control: no-cache
X-Server-ID: shn07
X-UA-Compatible: IE=Edge
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aBFSdMiYX0heZY8UC8JjgusbVYCYIx0PgtUVJr6X4ReSk0jcARN25eeapKtwLi0V%2Bin2xo3%2BZsjEh3L9YGbkwA9aQZrHWSKM6QLV%2FIFG4YmOQH2q7lsvIYhdLIx6"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7d890adb3a2c0b31-OSL
Content-Encoding: gzip
superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Findex.html&l=888&fd=97
192.243.59.20200 OK 0 B URL GET HTTP/1.1 superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Findex.html&l=888&fd=97
IP 192.243.59.20:80
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Findex.html&l=888&fd=97 HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:13 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fcss%2Fanimate.css&l=79249&fd=367
192.243.59.20200 OK 0 B URL GET HTTP/1.1 superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fcss%2Fanimate.css&l=79249&fd=367
IP 192.243.59.20:80
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fcss%2Fanimate.css&l=79249&fd=367 HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fjs%2Fscript.js&l=397&fd=384
192.243.59.13200 OK 0 B URL GET HTTP/1.1 superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fjs%2Fscript.js&l=397&fd=384
IP 192.243.59.13:80
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fjs%2Fscript.js&l=397&fd=384 HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/css/style.css
172.64.197.23200 OK 1.0 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/css/style.css
IP 172.64.197.23:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
Hash a39a17a98d209cbe630561b47254c7d5
8de3d1ec9c92aa7c4abeb2fb2785921accc9cbe0
6f85939897c208a053e343c5755a973f36e5f0570b3829ef584ed7f4370e6784
GET /sb/interstitial/software/norton/us/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:14 GMT
content-type: text/css
last-modified: Fri, 02 Jul 2021 09:05:01 GMT
etag: W/"60ded6bd-e6d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HatpYUEB5KjzOfU7aTDbla2j4ilOoZqHlhPopMdXbGwILqUZIOo5sgx%2BcxR3XucY67w4HhkDUJZ%2FnkwPBF5m8GQjJ8DjXIH4ImoMevB71MMyFRQi1zpuahygMI0m08yqJP6wTD8DeIwJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d890adb2e2906fd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
superiorickyfreshen.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSMW8cRRidTUwKqEBQpEA6IQoQ%2BLy7t3e3RwqUEIwCJo4SEHRodmb2PHhuZzWzc3t2KAyRUBqko6Vav7NjBawIOhpQWNNFQvJRucBISPwCpFQU6GyLg6%2F53vveV7x533y%2B7Y6JD0ePlt%2FVm1IputRu%2Bo2XPgyCS40VmblRYxR3PupElxpm%2BFrg95r%2By423BFvXS6Ef%2BH7gB41laUSqR0tBEDR9yHy%2FFzR7fjMKm0E7wsj8n1vnwVIPfHhMnoHk0yf3H0SQrEY2%2BPaqsOuFzl99c%2BAULbTBkO%2B9n61nuswwmMPUeEizvbNtaHu4%2FCN0tntiGHr472Iip8T78w8k2d6ZSyTD3VOjiYLIkPCnUA5rCFVD0hpM34HkhwRgHNdXkQ3uXdempBunKp2pU7Lw%2BC%2FIckoWfnsW2eDBFSVHjVtauULqzGKUVpCjGrJfI3cHKDbPQZYHYMVnkPwXsvR4BdlgZ9UqDcmPXgx8kfKW4IthFIeLEaNsMfaj9mI7DkW7K1otkcYnCUlZQ6Y1lBiD2vNw1oOTHlzqweUeBvyo0WVRHPO4zalgLEzSIE6jNOpR5qfMb%2FVCODZ7wxhFPgZTYzCzhdxsYV2OYdxD2LUKlnuwBcGQVygFQWkJSkpQSoKyICiH1S5XNrTVPa6sS4KzHp71VjXRRX%2Bb7uqiLzKynR%2BTp2fBeQtf%2BVgXRw0%2FDjudTrfTbbEOTWkvjdutyBc8Slks0nYXVlaQ9hyo9bApp%2BTi5CFyOSVPfP83EnoAqw7A5Aug7nnQctINfdC1SRT72Mzu2zVtCtG0BbiukBcLKDa8bXVMLp5c75Xbn0KwR%2BSswEyF3FT4WP5M0Fd3Jzd1SXZu6tKS71bzQg7kJp1d9lZBC3Hh63fERqkNv3bVju9fZjNhBvffE7ZYoRmXWd%2BSb65IzoVZ1oYJ8sM1%2B4FIbji7dsWZzOUrN95YvjbIjbBW6qwGlYefdMDklFy4vHvyZ5%2F7%2FTakqWFchYGbO5W6Bsu3YPP5zGoCo%2BY8yT2UrpqYMJkPlSRQYs5pUsH%2BhydzvG3vom880OIOskGFoakwVBWoGsO685MiN49e%2F7V1UkiUN0mU8XYSZdSXp9FaedRgzBc0SLqBEFy0W4xFHRYnnbQVdUXc5m0Udsq%2FePunfwAAAP%2F%2FAQAA%2F%2F%2FlqDcegAQAAA%3D%3D
192.243.59.20200 OK 7 B URL GET HTTP/1.1 superiorickyfreshen.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSMW8cRRidTUwKqEBQpEA6IQoQ%2BLy7t3e3RwqUEIwCJo4SEHRodmb2PHhuZzWzc3t2KAyRUBqko6Vav7NjBawIOhpQWNNFQvJRucBISPwCpFQU6GyLg6%2F53vveV7x533y%2B7Y6JD0ePlt%2FVm1IputRu%2Bo2XPgyCS40VmblRYxR3PupElxpm%2BFrg95r%2By423BFvXS6Ef%2BH7gB41laUSqR0tBEDR9yHy%2FFzR7fjMKm0E7wsj8n1vnwVIPfHhMnoHk0yf3H0SQrEY2%2BPaqsOuFzl99c%2BAULbTBkO%2B9n61nuswwmMPUeEizvbNtaHu4%2FCN0tntiGHr472Iip8T78w8k2d6ZSyTD3VOjiYLIkPCnUA5rCFVD0hpM34HkhwRgHNdXkQ3uXdempBunKp2pU7Lw%2BC%2FIckoWfnsW2eDBFSVHjVtauULqzGKUVpCjGrJfI3cHKDbPQZYHYMVnkPwXsvR4BdlgZ9UqDcmPXgx8kfKW4IthFIeLEaNsMfaj9mI7DkW7K1otkcYnCUlZQ6Y1lBiD2vNw1oOTHlzqweUeBvyo0WVRHPO4zalgLEzSIE6jNOpR5qfMb%2FVCODZ7wxhFPgZTYzCzhdxsYV2OYdxD2LUKlnuwBcGQVygFQWkJSkpQSoKyICiH1S5XNrTVPa6sS4KzHp71VjXRRX%2Bb7uqiLzKynR%2BTp2fBeQtf%2BVgXRw0%2FDjudTrfTbbEOTWkvjdutyBc8Slks0nYXVlaQ9hyo9bApp%2BTi5CFyOSVPfP83EnoAqw7A5Aug7nnQctINfdC1SRT72Mzu2zVtCtG0BbiukBcLKDa8bXVMLp5c75Xbn0KwR%2BSswEyF3FT4WP5M0Fd3Jzd1SXZu6tKS71bzQg7kJp1d9lZBC3Hh63fERqkNv3bVju9fZjNhBvffE7ZYoRmXWd%2BSb65IzoVZ1oYJ8sM1%2B4FIbji7dsWZzOUrN95YvjbIjbBW6qwGlYefdMDklFy4vHvyZ5%2F7%2FTakqWFchYGbO5W6Bsu3YPP5zGoCo%2BY8yT2UrpqYMJkPlSRQYs5pUsH%2BhydzvG3vom880OIOskGFoakwVBWoGsO685MiN49e%2F7V1UkiUN0mU8XYSZdSXp9FaedRgzBc0SLqBEFy0W4xFHRYnnbQVdUXc5m0Udsq%2FePunfwAAAP%2F%2FAQAA%2F%2F%2FlqDcegAQAAA%3D%3D
IP 192.243.59.20:443
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectsuperiorickyfreshen.com
Fingerprint4F:EB:46:C2:8E:8B:96:9B:27:C1:3E:65:91:0A:A1:29:05:16:DF:EE
ValidityTue, 16 May 2023 13:41:58 GMT - Mon, 14 Aug 2023 13:41:57 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSMW8cRRidTUwKqEBQpEA6IQoQ%2BLy7t3e3RwqUEIwCJo4SEHRodmb2PHhuZzWzc3t2KAyRUBqko6Vav7NjBawIOhpQWNNFQvJRucBISPwCpFQU6GyLg6%2F53vveV7x533y%2B7Y6JD0ePlt%2FVm1IputRu%2Bo2XPgyCS40VmblRYxR3PupElxpm%2BFrg95r%2By423BFvXS6Ef%2BH7gB41laUSqR0tBEDR9yHy%2FFzR7fjMKm0E7wsj8n1vnwVIPfHhMnoHk0yf3H0SQrEY2%2BPaqsOuFzl99c%2BAULbTBkO%2B9n61nuswwmMPUeEizvbNtaHu4%2FCN0tntiGHr472Iip8T78w8k2d6ZSyTD3VOjiYLIkPCnUA5rCFVD0hpM34HkhwRgHNdXkQ3uXdempBunKp2pU7Lw%2BC%2FIckoWfnsW2eDBFSVHjVtauULqzGKUVpCjGrJfI3cHKDbPQZYHYMVnkPwXsvR4BdlgZ9UqDcmPXgx8kfKW4IthFIeLEaNsMfaj9mI7DkW7K1otkcYnCUlZQ6Y1lBiD2vNw1oOTHlzqweUeBvyo0WVRHPO4zalgLEzSIE6jNOpR5qfMb%2FVCODZ7wxhFPgZTYzCzhdxsYV2OYdxD2LUKlnuwBcGQVygFQWkJSkpQSoKyICiH1S5XNrTVPa6sS4KzHp71VjXRRX%2Bb7uqiLzKynR%2BTp2fBeQtf%2BVgXRw0%2FDjudTrfTbbEOTWkvjdutyBc8Slks0nYXVlaQ9hyo9bApp%2BTi5CFyOSVPfP83EnoAqw7A5Aug7nnQctINfdC1SRT72Mzu2zVtCtG0BbiukBcLKDa8bXVMLp5c75Xbn0KwR%2BSswEyF3FT4WP5M0Fd3Jzd1SXZu6tKS71bzQg7kJp1d9lZBC3Hh63fERqkNv3bVju9fZjNhBvffE7ZYoRmXWd%2BSb65IzoVZ1oYJ8sM1%2B4FIbji7dsWZzOUrN95YvjbIjbBW6qwGlYefdMDklFy4vHvyZ5%2F7%2FTakqWFchYGbO5W6Bsu3YPP5zGoCo%2BY8yT2UrpqYMJkPlSRQYs5pUsH%2BhydzvG3vom880OIOskGFoakwVBWoGsO685MiN49e%2F7V1UkiUN0mU8XYSZdSXp9FaedRgzBc0SLqBEFy0W4xFHRYnnbQVdUXc5m0Udsq%2FePunfwAAAP%2F%2FAQAA%2F%2F%2FlqDcegAQAAA%3D%3D HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Cookie: u_pl=17078832; uid_id2=10efd3ed-2482-4cac-8045-582e57e33ef8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:14 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dbe4747b516c071311d0eb6146401c59
Strict-Transport-Security: max-age=0; includeSubdomains
superiorickyfreshen.com/pixel/sbs?c=1
192.243.59.20200 OK 0 B URL GET HTTP/1.1 superiorickyfreshen.com/pixel/sbs?c=1
IP 192.243.59.20:443
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectsuperiorickyfreshen.com
Fingerprint4F:EB:46:C2:8E:8B:96:9B:27:C1:3E:65:91:0A:A1:29:05:16:DF:EE
ValidityTue, 16 May 2023 13:41:58 GMT - Mon, 14 Aug 2023 13:41:57 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Cookie: u_pl=17078832; uid_id2=10efd3ed-2482-4cac-8045-582e57e33ef8:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fcss%2Fstyle.css&l=3693&fd=366
192.243.59.20200 OK 0 B URL GET HTTP/1.1 superiorickyfreshen.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fcss%2Fstyle.css&l=3693&fd=366
IP 192.243.59.20:80
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsoftware%2Fnorton%2Fus%2F1%2Fcss%2Fstyle.css&l=3693&fd=366 HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:14 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/img/close.svg
172.64.197.23200 OK 1.3 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/img/close.svg
IP 172.64.197.23:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type SVG Scalable Vector Graphics image\012- XML document text\012- exported SGML document, ASCII text, with very long lines (1374), with no line terminators
Hash 5ff33e884803785a8002a2aa5fa03b0e
a04406f2592e23e648bee499477f823da0c48362
6ba65121162b5b03e75501501ddaa928f73be8d1fe81c032a4879561de63ff58
GET /sb/interstitial/software/norton/us/1/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:13 GMT
content-type: image/svg+xml
last-modified: Fri, 02 Jul 2021 09:05:02 GMT
etag: W/"60ded6be-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 10097325
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MMVcWbN65T9EZebfz7%2FtV%2B5ANX8k6b9nkm52yed0ibF%2B3B9VwjvhDvWkwP38M8jRfq66PeRZsnA3jbl5K%2FzSQs8FlEQks%2F%2FsRCnEeV37if93epvFtlC9U1dmjTdMX0S%2BK%2B1309GQ32VD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d890adb3e2e06fd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/img/3.jpg
172.64.197.23200 OK 95 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/img/3.jpg
IP 172.64.197.23:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=900, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1600], progressive, precision 8, 800x450, components 3\012- data
Hash befb70e3c8fce549b08f642c9377a7bb
032fd6271376b935b7b8d53b7f5f0332c091af47
6015a52dfb1d485a912be418fee52a639476c2b1d3b23c67596c56e0e08a3132
GET /sb/interstitial/software/norton/us/1/img/3.jpg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:13 GMT
content-type: image/jpeg
content-length: 95317
last-modified: Mon, 01 Aug 2022 10:38:40 GMT
etag: "62e7ad30-17455"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 18460487
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WidHr4%2FeuECHyTwKRA5lBURy74NdE7gCi%2FWnaiVxT%2FKIEE%2FLldcKZ3dn%2BBMjqcO4gOb1QXCbUdLzfGdSNP%2BsOl7Q%2F5WItFGalGI6jvQudxYqL8uqFm%2B%2FsnlJX4JsEusEjxAg9GOh72z9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d890adb3e3106fd-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/js/script.js
172.64.197.23200 OK 397 B URL GET HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/js/script.js
IP 172.64.197.23:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
File type ASCII text, with very long lines (411), with no line terminators
Hash 15689a0801d80c44557c963c65b90950
e58890d54723a218306b1b03cd9414becf8fc6e3
75a4b69640acae042ff16424d897eb67acb88e78a5145032a6b29ce9e8660d56
GET /sb/interstitial/software/norton/us/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:14 GMT
content-type: application/javascript
last-modified: Fri, 02 Jul 2021 09:05:04 GMT
etag: W/"60ded6c0-18d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XNrZj20gw9Ae9u2lUHkF44F2ll39U6j%2BecPP%2BorIIXH6qzL7gR%2FqMqDJYJONtGfugo7tLzO3WS0bkpRLi4yxYw%2FlASJDW5wW3FssIAH6HIpirjhBdkrrMGbREagSUmMROfOh8rXgHpcw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d890adb3e2a06fd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
xdiwbc.com/template/social.html
172.64.197.39200 OK 4.6 kB URL GET HTTP/2 xdiwbc.com/template/social.html
IP 172.64.197.39:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerGoogle Trust Services LLC
Subjectxdiwbc.com
Fingerprint61:FF:DC:7A:FB:AC:AA:50:F3:3E:E2:87:38:DC:6A:46:09:4F:B8:D9
ValidityMon, 05 Jun 2023 18:53:28 GMT - Sun, 03 Sep 2023 18:53:27 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4639), with no line terminators
Hash 474cf430e4f70fc61a3695cb75f686de
8c14127415e490dff27896747f730ca8e49a957a
12fe3666e6b24360e737799e0cb1eafc47e6f11ccc109562f5426767a8529ef7
GET /template/social.html HTTP/1.1
Host: xdiwbc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: http://clkmein.com
cache-control: max-age=14400
cf-cache-status: HIT
age: 4676
last-modified: Sat, 17 Jun 2023 04:37:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ab43Ok8w9l69Qs95VZ8bw5t5YsGEujgo8Fmef%2F9LMdc7NUYVTq4UXM0Bn4yTvtf06fbo9ub4FPPDAzEo5im5yMxDoln4n%2BUU%2FYCu%2Bkeki710av3b2orykr7F6O3W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d890ab39d2c386a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
104.26.7.218302 Found 92 kB URL User Request GET HTTP/2 IP 104.26.7.218:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintC6:7F:86:BA:DE:5A:E8:C6:45:7C:7C:55:01:BC:71:BB:54:01:6B:CF
ValiditySun, 30 Apr 2023 00:00:00 GMT - Mon, 29 Apr 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TmIp HTTP/1.1
Host: sh.st
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Sat, 17 Jun 2023 05:55:05 GMT
content-type: text/html; charset=UTF-8
location: http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
x-powered-by: PHP/5.6.40-0+deb8u16
set-cookie: PHPSESSID=01ko885tuauin9heif67ov3uu7; expires=Sat, 17-Jun-2023 06:55:05 GMT; Max-Age=3600; path=/; domain=.shorte.st; HttpOnly
hl=en; expires=Sun, 16-Jun-2024 05:55:05 GMT; Max-Age=31536000; path=/
cookies-enable=1; path=/; httponly
cache-control: no-cache
x-server-id: shn05
x-ua-compatible: IE=Edge
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RyFOxUBXeNgZOwSYZnM8G93YtMynjk9NaM7Y7YxUrM9UoCmHy2q8qFMpyItJbgYPQZY55dXR4jEYxNrErbOjqTaxCq4%2FmWFbRXmJuhDlpzOtcGZDhYey"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d890aa8cd95b4f7-OSL
X-Firefox-Spdy: h2
xdiwbc.com/template/social.html
172.64.197.39200 OK 4.6 kB URL GET HTTP/2 xdiwbc.com/template/social.html
IP 172.64.197.39:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerGoogle Trust Services LLC
Subjectxdiwbc.com
Fingerprint61:FF:DC:7A:FB:AC:AA:50:F3:3E:E2:87:38:DC:6A:46:09:4F:B8:D9
ValidityMon, 05 Jun 2023 18:53:28 GMT - Sun, 03 Sep 2023 18:53:27 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4639), with no line terminators
Hash 474cf430e4f70fc61a3695cb75f686de
8c14127415e490dff27896747f730ca8e49a957a
12fe3666e6b24360e737799e0cb1eafc47e6f11ccc109562f5426767a8529ef7
GET /template/social.html HTTP/1.1
Host: xdiwbc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: http://clkmein.com
cache-control: max-age=14400
cf-cache-status: HIT
age: 4676
last-modified: Sat, 17 Jun 2023 04:37:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hYUfI8j84x7ySmWQT9lV8jPcSe3sGmRSlE0rntdLpH2UrhkhVLSXVd%2FNQ07w%2F2p5AILCYRFLuq%2BZCrcjElbInqGBgmyejoRyxsM4quM2aJ1%2FdmRySTpYiQzXZhO8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d890ab39d2d386a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/css/animate.css
172.64.197.23200 OK 79 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/interstitial/software/norton/us/1/css/animate.css
IP 172.64.197.23:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint88:10:E4:38:7C:46:CF:44:7C:D0:C8:1F:06:39:9F:7E:A5:2E:27:4A
ValidityThu, 27 Apr 2023 15:05:54 GMT - Wed, 26 Jul 2023 15:05:53 GMT
Hash e1d8acd5ee9d1a90ea09313cbd8f2b02
8a8327b115d1356715e63270d1ce6d46124c7b1a
3028c87fc798ac3741f02079034e6c23462afc0c5e6c8d321188ce3716c8472a
GET /sb/interstitial/software/norton/us/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 17 Jun 2023 05:55:14 GMT
content-type: text/css
last-modified: Fri, 02 Jul 2021 09:05:01 GMT
etag: W/"60ded6bd-13591"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvBA1culHY4593fArcap6HHVaiP9fxdWYu2B123Ac7IbaJygRVxKyys08igWirG6F7bQp4TGD%2FglKdmULC7bFZBDQyUv8e8bO5%2Fn%2B3BGmmhGSB8SQuxiqlAlz61KCMRITxhrg2ikVuHt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d890adb1e1906fd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
superiorickyfreshen.com/sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=10efd3ed-2482-4cac-8045-582e57e33ef8%3A3%3A1
192.243.59.20200 OK 5.6 kB URL GET HTTP/1.1 superiorickyfreshen.com/sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=10efd3ed-2482-4cac-8045-582e57e33ef8%3A3%3A1
IP 192.243.59.20:443
ASN #39572 DataWeb Global Group B.V.
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectsuperiorickyfreshen.com
Fingerprint4F:EB:46:C2:8E:8B:96:9B:27:C1:3E:65:91:0A:A1:29:05:16:DF:EE
ValidityTue, 16 May 2023 13:41:58 GMT - Mon, 14 Aug 2023 13:41:57 GMT
File type ASCII text, with very long lines (5634), with no line terminators
Hash 365d6396a0365374e8864a5d3a0984d3
89159251c79eec9ae5947e6a4e10bfb24f41a8da
162d063bf49ac42bf27164bbc919248b6d971000d824882b02cd20bf7b0bd70c
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=0826667673c6afa9f85340ed4fc8ef57&uuid=10efd3ed-2482-4cac-8045-582e57e33ef8%3A3%3A1 HTTP/1.1
Host: superiorickyfreshen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 17 Jun 2023 05:55:13 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://clkmein.com
Access-Control-Allow-Origin: http://clkmein.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17078832; expires=Sun, 18 Jun 2023 05:55:13 GMT; secure; SameSite=None
uid_id2=10efd3ed-2482-4cac-8045-582e57e33ef8:3:1; expires=Sat, 24 Jun 2023 05:55:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sun, 18 Jun 2023 05:55:13 GMT; secure; SameSite=None
uncs=1; expires=Sun, 18 Jun 2023 05:55:13 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sun, 18 Jun 2023 05:55:13 GMT; secure; SameSite=None
uncs29=1; expires=Sun, 18 Jun 2023 05:55:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0a2f67dd991c24218a5a3ad2d5635607
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ptauxofi.net/pfe/current/tag.min.js?z=4157053
139.45.197.250200 OK 15 kB URL GET HTTP/2 ptauxofi.net/pfe/current/tag.min.js?z=4157053
IP 139.45.197.250:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT
File type C source, ASCII text, with very long lines (14679), with no line terminators
Hash 14c32934745032eb37f0f3a47d4904d5
d078f01e7573173a0f604609b4e7c487f41fea4d
d6b4dda90bc32eca22039b16c531e9c247dd85927a4ab83181c240f709efe0e5
GET /pfe/current/tag.min.js?z=4157053 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://clkmein.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:06 GMT
content-type: application/javascript
last-modified: Thu, 15 Jun 2023 13:18:05 GMT
etag: W/"648b0f8d-3957"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/universal.min.js?v=3.1.440
139.45.197.250200 OK 103 kB URL GET HTTP/2 ptauxofi.net/pfe/current/universal.min.js?v=3.1.440
IP 139.45.197.250:443
Requested by http://clkmein.com/O2XGl648d4ab9c9156q1mFuGlCqIZO?r=
Certificate IssuerLet's Encrypt
Subjectptauxofi.net
FingerprintB2:71:27:8C:62:EC:51:9E:B6:89:1B:4C:C8:24:C7:E5:F5:2B:C2:66
ValidityFri, 09 Jun 2023 05:09:52 GMT - Thu, 07 Sep 2023 05:09:51 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 103 kB (103263 bytes)
Hash 08c89f96df68ac7c313b6c149a874b02
011d811e20041d0e654192b1f5dfc3f0801d5341
4e6a7f6a765f9221293d9b89110d66de87b602fb10ccf77c2441ca0e8534d5cd
GET /pfe/current/universal.min.js?v=3.1.440 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clkmein.com/
Origin: http://clkmein.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 17 Jun 2023 05:55:07 GMT
content-type: application/javascript
last-modified: Thu, 15 Jun 2023 13:18:05 GMT
etag: W/"648b0f8d-1935f"
access-control-allow-origin: http://clkmein.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2