Report - artclass.site/load.html?game=amongus

Report Overview

Visited public
2024-04-26 14:30:34
Tags
URL
artclass.site/load.html?game=amongus
Finishing URL
artclass.site/load.html?game=amongus
IP / ASN
104.21.234.105
#13335 CLOUDFLARENET
Title
(1) New Message!

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.topcreativeformat.com	unknown	2023-11-21	2023-11-22 20:49:06	2024-04-06 20:12:11	440 B	13 kB	172.240.108.68
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2024-04-25 18:13:46	2.0 kB	418 kB	151.101.1.229
pl22708848.profitablegatecpm.com	unknown	unknown	No data	No data	449 B	17 kB	172.240.108.76
quicklymuseum.com	unknown	unknown	No data	No data	482 B	467 B	172.240.108.84
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2024-04-25 21:01:53	2.2 kB	118 kB	104.21.70.253
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2024-04-25 21:43:01	1.5 kB	846 B	192.243.59.13
artclass.site	unknown	unknown	No data	No data	7.4 kB	333 kB	104.21.234.104
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-04-26 02:06:49	420 B	101 kB	142.250.74.168
youngestmildness.com	unknown	unknown	No data	No data	2.4 kB	8.9 kB	192.243.61.225
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2024-04-26 12:12:53	895 B	124 kB	45.133.44.9
cdn.barscreative1.com	25648	2021-09-08	2021-09-16 13:14:42	2024-04-25 19:51:52	484 B	1.7 kB	45.133.44.4
analytics.proudparrot2.tech	unknown	unknown	No data	No data	947 B	4.5 kB	172.67.153.223
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-04-25 23:54:18	910 B	17 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-04-26 07:25:36	2.2 kB	99 kB	216.58.207.227
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2024-04-25 19:41:44	427 B	420 B	35.158.46.84
play-lh.googleusercontent.com	407	2008-11-17	2019-09-30 08:57:53	2024-04-25 18:32:33	491 B	68 kB	142.250.74.86
trebleuniversity.com	unknown	2024-04-23	2024-04-23 17:29:21	2024-04-23 17:29:21	7.9 kB	44 kB	172.240.108.68
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04 23:39:03	2024-04-25 19:32:19	820 B	173 kB	104.21.35.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	youngestmildness.com	Sinkholed
2024-04-26	medium	trebleuniversity.com	Sinkholed
2024-04-26	medium	trebleuniversity.com	Sinkholed
2024-04-26	medium	trebleuniversity.com	Sinkholed
2024-04-26	medium	trebleuniversity.com	Sinkholed
2024-04-26	medium	quicklymuseum.com	Sinkholed
2024-04-26	medium	trebleuniversity.com	Sinkholed
2024-04-26	medium	trebleuniversity.com	Sinkholed
2024-04-26	medium	trebleuniversity.com	Sinkholed
2024-04-26	medium	trebleuniversity.com	Sinkholed
2024-04-26	medium	unseenreport.com	Sinkholed
2024-04-26	medium	unseenreport.com	Sinkholed
2024-04-26	medium	trebleuniversity.com	Sinkholed
2024-04-26	medium	youngestmildness.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (19)

	URL	From	Size	First Seen	Last Seen
	unknown	ScriptElement	3.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:32 Last Seen2024-08-20 02:32 Times Seen1 Hash 5117cad9afd67c134703dd38495ef471 637ad611d19b224571c102b7c411dc33d692d154 d5eb025860b8fb563f4183e958b7f2f20eadd9816936a6cfc22179b9a36b1dc8 Loading...

	unknown	ScriptElement	1.3 kB	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:32 Last Seen2024-08-20 02:32 Times Seen1 Hash 9cb481bf3fa7200af5c56818145d4315 ec0a52d37549c552fff4a4593b5bbe7ef4f03b0e 7e8c5c4625507c443d978e1906529adbce5c31672d3ad7ecceaa459056ef1389 Loading...

	downstairsnegotiatebarren.com/sfp.js	ScriptElement	86 kB	2024-03-29	2024-08-21
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 104.21.35.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13 Last Seen2024-08-21 22:41 Times Seen2254 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	artclass.site/js/index.js	ScriptElement	3.9 kB	2024-04-26	2024-10-15
Pretty URL artclass.site/js/index.js IP 104.21.234.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:30 Last Seen2024-10-15 04:57 Times Seen10 Hash 570857415dbeff33e6dd0c1f66c17ac8 94b2938a6a73f7f158be7d08a37c49e07815e45f 7074356f23934938d70886bfb268820552fb8859fefd351a5828bfdd1d708955 Loading...

	www.googletagmanager.com/gtag/js?id=G-66ZE075DLD	ScriptElement	302 kB	2024-08-20	2024-08-20
Pretty URL www.googletagmanager.com/gtag/js?id=G-66ZE075DLD IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:32 Last Seen2024-08-20 02:32 Times Seen1 Hash 209230b274e2b41104d4a4eeb8f43481 2adabc8eb10410df512bd8404c7c8c48e2ccd00c 9b1f168aca70f192bf1453abe006635fc6214a0423dd32333bb26035da7a6b70 Loading...

	pl22708848.profitablegatecpm.com/4e/d6/be/4ed6beda21708e4b8f45fca957964a1f.js	ScriptElement	44 kB	2024-08-20	2024-08-20
Pretty URL pl22708848.profitablegatecpm.com/4e/d6/be/4ed6beda21708e4b8f45fca957964a1f.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:32 Last Seen2024-08-20 02:32 Times Seen1 Hash 35d432e7ca504595d56d840c8bc23836 109d01707756c522dd217eef7af6bfe7856ff1c7 6e06cffee6a9607396b9b0ee218126da1895cfc172d4472a45c3ef09fbd0b342 Loading...

	www.topcreativeformat.com/8d57283b953b8b546d6a04d4deac19dc/invoke.js	ScriptElement	31 kB	2024-08-20	2024-08-20
Pretty URL www.topcreativeformat.com/8d57283b953b8b546d6a04d4deac19dc/invoke.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:32 Last Seen2024-08-20 02:32 Times Seen1 Hash a365ef6399a74744e0099bb1e108f9e5 a378b971bd0cc571edfe97fd3accd08f34f2b043 5041588294de2f9161a999bec1735dc44d0808d9258655b325e75560b7525171 Loading...

	artclass.site/uv/uv.config.js	ScriptElement	335 B	2024-04-26	2024-10-15
Pretty URL artclass.site/uv/uv.config.js IP 104.21.234.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:30 Last Seen2024-10-15 04:57 Times Seen10 Hash 6d6ba99250b84e4310eb7e240e05990c 7b63b95a13232c4953bd448b83523c68983146d5 4e6fe037be5d8fa9ed2d8b1b157ff34ff5d4e811050d9a8503c92ae86abba5c3 Loading...

	artclass.site/load.html?game=amongus	ScriptElement	0 B	0001-01-01	2025-06-23
Pretty URL artclass.site/load.html?game=amongus IP 104.21.234.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-23 04:06 Times Seen5077649 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	artclass.site/js/load.js	ScriptElement	2.6 kB	2024-04-26	2024-08-20
Pretty URL artclass.site/js/load.js IP 104.21.234.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:30 Last Seen2024-08-20 02:32 Times Seen2 Hash b30437e23a1ec4cca524f92dcc9bb0cd 9c88cb22711b69c403125010e61dd3f33f85d9e5 1eec1fec003bf116bbea07badd19c251f38cacd9d6ed4af38fec1b77303f7833 Loading...

	analytics.proudparrot2.tech/script.js	ScriptElement	2.6 kB	2024-04-26	2025-06-22
Pretty URL analytics.proudparrot2.tech/script.js IP 172.67.153.223 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:30 Last Seen2025-06-22 20:45 Times Seen59 Hash 771f5882f167b831330112c25e70a2a6 42551790830a71eda9bf774cf093432948394de6 70fd73f8d4c4e93f16a5f50cf698c68345ba696d3e893509442ba600c4d3979f Loading...

	artclass.site/uv/uv.bundle.js	ScriptElement	672 kB	2023-07-14	2025-03-06
Pretty URL artclass.site/uv/uv.bundle.js IP 104.21.234.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-14 21:07 Last Seen2025-03-06 16:12 Times Seen15 Hash 4a35d09930d1318aa07aafbc6e0fe817 d0986d9050ce27d08abb01d2af8af9b7dbaae253 764447d9c52eec36d699a359467d507935829d363049431c3e6d5cae6f2cbd25 Loading...

	artclass.site/assets/data/games.js	ScriptElement	26 kB	2024-04-26	2024-08-20
Pretty URL artclass.site/assets/data/games.js IP 104.21.234.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:30 Last Seen2024-08-20 02:32 Times Seen2 Hash 0db2eed829115b147c3da0ff3dfd7a19 d27e7070f36b0277fa5576adc311200bd9f08efa 457c85e69f8cef99e934ce372512f0a6754512f2e5e7273d3844fde450a7781f Loading...

	artclass.site/assets/data/apps.js	ScriptElement	4.6 kB	2024-04-26	2024-08-20
Pretty URL artclass.site/assets/data/apps.js IP 104.21.234.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:30 Last Seen2024-08-20 02:32 Times Seen2 Hash 9fcfe15ea654ae93f33f26947b236d48 10582d748830568d337afffadc882e9f6fb5bfcc c35e76adb0e12b71838e11ac239f171c7996b1c2514b2a83e78beaeb77a8f0c3 Loading...

	unknown	ScriptElement	145 B	2024-08-20	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:32 Last Seen2024-08-20 02:32 Times Seen1 Hash a2cb0f3246fb24f78c1b8338c204fe5f 4de1b40c127ffeafc5203a7a6e8757da915d5ac8 a2ee102358f7eae54e4c0ad9e9d80cb8c0dfa486bd0171a3edee5695c437ccd4 Loading...

	trebleuniversity.com/78/9c/e0/789ce0da4eec346107d3ca6eebe7691e.js	ScriptElement	82 kB	2024-08-20	2024-08-20
Pretty URL trebleuniversity.com/78/9c/e0/789ce0da4eec346107d3ca6eebe7691e.js IP 172.240.108.68 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 02:32 Last Seen2024-08-20 02:32 Times Seen1 Hash 1a35898283c196c0e1a25832be00fc31 1aa391a67d4411dcfab9cb0415a30d469e8de717 8c4d6eef23813ab4b1e8729103b9933a402ed18b6ba3239e51149a3b74a916e1 Loading...

	cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js	ScriptElement	84 kB	2023-03-07	2025-06-23
Pretty URL cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js IP 104.21.70.253 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-23 02:58 Times Seen7936 Hash 4a356126b9573eb7bd1e9a7494737410 8258d046f17dd3c15a5d3984e1868b7b5d1db329 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Loading...

	artclass.site/js/preload.js	ScriptElement	3.6 kB	2024-04-26	2024-08-20
Pretty URL artclass.site/js/preload.js IP 104.21.234.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:30 Last Seen2024-08-20 02:32 Times Seen4 Hash 5b1ff06e87e438c585e46896286f62f9 14cfd9c0573ca43db905680c4441fe0973bb6df8 2973fd3110e3702b16e627760610633cd2880ccc3172d52b7fb5b8bcad9637d9 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 57a03882c77b3bf6762f48903f01700d	2.1 kB	2024-08-20 02:32	2024-08-20 02:32
Pretty Observations First Seen2024-08-20 02:32 Last Seen2024-08-20 02:32 Times Seen1 Hash 57a03882c77b3bf6762f48903f01700d 87867ea5cfb0407a4d4a5b3b3acd38f3f5663a55 f39ccb97302a1b07d7fde3d85dfdfe7fd24818f18d3c5fb5f77754ad211b27eb Loading...

HTTP Transactions (57)

URL IP Response Size

GET artclass.site/assets/images/icon.png

104.21.234.104

200 OK

7.1 kB

URL GET HTTP/3
artclass.site/assets/images/icon.png
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
7.1 kB (7136 bytes)
Hash
6fece0b0e016146a838112be2ce5bc62
210c0d8c9bcbafdbad30a5c96acb3f37487a6c14
a7ea41616d84e6e5404721bbe85426d55bc41c02f459b8d6e8bdb821a758c8da

HTTP Headers

GET /assets/images/icon.png HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: image/png
content-length: 7136
alt-svc: h3=":443"; ma=86400
etag: "s7zkjt5i8"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4636
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gJCGJSxEMyl04LIyMf8GaHPgNbkMDCOUE3dzqVkMGh%2B5SDO86XVzAutYw5NLZF598NUffNfxY7eOkoM%2FEZ8%2B1lb09yjiCU2VfV72DeviXNRK5%2BvcIL0OxZ71qRUYf5TB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d87e3b770b-LHR

GET www.topcreativeformat.com/8d57283b953b8b546d6a04d4deac19dc/invoke.js

172.240.108.68

200 OK

12 kB

URL GET HTTP/1.1
www.topcreativeformat.com/8d57283b953b8b546d6a04d4deac19dc/invoke.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT

File type
JavaScript source, ASCII text, with very long lines (31304), with no line terminators
Size
12 kB (11848 bytes)
Hash
a365ef6399a74744e0099bb1e108f9e5
a378b971bd0cc571edfe97fd3accd08f34f2b043
5041588294de2f9161a999bec1735dc44d0808d9258655b325e75560b7525171

HTTP Headers

GET /8d57283b953b8b546d6a04d4deac19dc/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5f1b2c009297c8cd9b054412b3f9a1b8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET cdn.jsdelivr.net/gh/ianlunn/hover/css/hover-min.css

151.101.1.229

200 OK

7.6 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/ianlunn/hover/css/hover-min.css
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65297)
Size
7.6 kB (7612 bytes)
Hash
766244a6ea3ecb9c1d502e2c03e088cb
f4b638b73f95ea6e1937b5ce5792918f9ebd39c4
73e0bcee3ba93b5a2d0f5239bb2c55ebc5a648b0aab48a0d95c1cb5edccb093d

HTTP Headers

GET /gh/ianlunn/hover/css/hover-min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 2.3.1
x-jsd-version-type: version
etag: W/"17432-9LY4tz+V6m4ZN7XOV5KRj569OcQ"
content-encoding: br
accept-ranges: bytes
age: 12818
date: Fri, 26 Apr 2024 14:30:08 GMT
x-served-by: cache-fra-eddf8230124-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7612
X-Firefox-Spdy: h2

GET artclass.site/uv/uv.bundle.js

104.21.234.104

200 OK

228 kB

URL GET HTTP/3
artclass.site/uv/uv.bundle.js
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (63963)
Size
228 kB (228479 bytes)
Hash
4a35d09930d1318aa07aafbc6e0fe817
d0986d9050ce27d08abb01d2af8af9b7dbaae253
764447d9c52eec36d699a359467d507935829d363049431c3e6d5cae6f2cbd25

HTTP Headers

GET /uv/uv.bundle.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:08 GMT
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=120
etag: W/"a4229-18d51a83f32"
last-modified: Sun, 28 Jan 2024 19:59:57 GMT
x-powered-by: Express
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QBG%2FxLX3ovBf8L1Ar6rJNWdMmvm1wkqOUMb96dZZS8DAFuVHGOjU36XrwUUfH8O%2FtakhTEaHo0H9YkwRJmHWijv%2BNgaXdAnMY9Aldf2lKV0rrz7XZ6Q8NjpUEQOA%2BhcY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d87e37770b-LHR
content-encoding: br

GET www.googletagmanager.com/gtag/js?id=G-66ZE075DLD

142.250.74.168

200 OK

101 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-66ZE075DLD
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
101 kB (100671 bytes)
Hash
209230b274e2b41104d4a4eeb8f43481
2adabc8eb10410df512bd8404c7c8c48e2ccd00c
9b1f168aca70f192bf1453abe006635fc6214a0423dd32333bb26035da7a6b70

HTTP Headers

GET /gtag/js?id=G-66ZE075DLD HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 14:30:08 GMT
expires: Fri, 26 Apr 2024 14:30:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 100671
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET artclass.site/css/themes.css

104.21.234.104

200 OK

32 kB

URL GET HTTP/3
artclass.site/css/themes.css
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text
Size
32 kB (31493 bytes)
Hash
3c63abb3d355c0ee9471adacbbe42274
844c39e484dc6ea3fe0de0184db82816cca8b22b
e0a3b97c38b191aae2122bca635b9285f02967a8f1a755020d5ee64a244bb06e

HTTP Headers

GET /css/themes.css HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/css/master.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjt1j9"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4636
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K60Qm9oC%2FNOchEFhE%2Bwmvpm5KsS9dOXGeXWNWSB7Q7VlV8jMNZdgMb%2B59hs4Dmlqg8dMNp7WfZn8kBBligKJp0lUNuo%2Ff8xwk47LMjCobUFDSI5GqBJAvU9XUxtblyyn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d8cea0770b-LHR
content-encoding: br

GET fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

216.58.207.227

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Size
33 kB (33092 bytes)
Hash
057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 02:38:02 GMT
expires: Fri, 25 Apr 2025 02:38:02 GMT
cache-control: public, max-age=31536000
age: 129126
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET artclass.site/service/hvtrs8%2F-aqsgtq.1kj0%2Cngt-aoolg%2Fuq%2Fknfez.jtol

104.21.234.104

404 Not Found

0 B

URL GET HTTP/3
artclass.site/service/hvtrs8%2F-aqsgtq.1kj0%2Cngt-aoolg%2Fuq%2Fknfez.jtol
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /service/hvtrs8%2F-aqsgtq.1kj0%2Cngt-aoolg%2Fuq%2Fknfez.jtol HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Fri, 26 Apr 2024 14:30:08 GMT
content-length: 0
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ApRwr1sDNSWBqGwEz8ADu2X1tCdseGD3lqUuOozLEUvDKWXOudFGxmdXARDK40PprHBOKFy2tmNR60XKl16sj0zQ8qCEiaMBK74GNloMol%2BV05tFNsZOpBmZJH%2BSRFIj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a744de0da5770b-LHR

GET proftrafficcounter.com/stats

35.158.46.84

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
35.158.46.84:443
ASN
#16509 AMAZON-02

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
52fcd0a3007633326959b155698323bf
df3907d839cd61405219bd9f7b96c81688b0955b
15b7534a60eaf39455b92e0c38ce2a12c592c51f841595cd27ee4ce4ce0d9e4f

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:08 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://artclass.site
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; expires=Mon, 24 Apr 2034 14:30:08 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-solid-900-5.0.0.woff2

151.101.1.229

200 OK

20 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-solid-900-5.0.0.woff2
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19784, version 331.-31196
Size
20 kB (19784 bytes)
Hash
c7682b8035fc1d1672d6455631813794
9e2955e5e55b3073e229c218724406425862d4a1
1b50aa1d36ea249991fb44f8f6ad2aa74fe360df9cc04c564b5edf3b053b739c

HTTP Headers

GET /gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-solid-900-5.0.0.woff2 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
x-jsd-version: 4cac1a6
x-jsd-version-type: branch
etag: W/"4d48-nilV5eVbMHPiKcIYckQGQlhi1KE"
accept-ranges: bytes
age: 4383
date: Fri, 26 Apr 2024 14:30:08 GMT
x-served-by: cache-fra-etou8220126-FRA, cache-hel1410028-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 19784
X-Firefox-Spdy: h2

GET cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-regular-400-5.10.2.woff2

151.101.1.229

200 OK

16 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-regular-400-5.10.2.woff2
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16248, version 331.-31196
Size
16 kB (16248 bytes)
Hash
054b33973fedb68ef21f74b9d142acb4
a35f1a776ba0fd2089c0868f62b51a240782e75d
e272d442a9319692de4cc42fa2de41167f7f3731f247aa94399e07230f2ae46f

HTTP Headers

GET /gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-regular-400-5.10.2.woff2 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
x-jsd-version: 4cac1a6
x-jsd-version-type: branch
etag: W/"3f78-o18ad2ug/SCJwIaPYrUaJAeC510"
accept-ranges: bytes
age: 42874
date: Fri, 26 Apr 2024 14:30:08 GMT
x-served-by: cache-fra-eddf8230122-FRA, cache-hel1410028-HEL
x-cache: HIT, MISS
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16248
X-Firefox-Spdy: h2

GET artclass.site/assets/images/icon.png

104.21.234.104

200 OK

7.1 kB

URL GET HTTP/3
artclass.site/assets/images/icon.png
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
7.1 kB (7136 bytes)
Hash
6fece0b0e016146a838112be2ce5bc62
210c0d8c9bcbafdbad30a5c96acb3f37487a6c14
a7ea41616d84e6e5404721bbe85426d55bc41c02f459b8d6e8bdb821a758c8da

HTTP Headers

GET /assets/images/icon.png HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Cookie: _ga_66ZE075DLD=GS1.1.1714141808.1.0.1714141808.0.0.0; _ga=GA1.1.1669914591.1714141809; dom3ic8zudi28v8lr6fgphwffqoz0j6c=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:08 GMT
content-type: image/png
content-length: 7136
alt-svc: h3=":443"; ma=86400
etag: "s7zkjt5i8"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4637
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uQkdiNP7d9pJkuLBWWpsIrof1iwHhn6XdGcLyUQy333QXkORnwCEulyEaB34ipsJhU03iY9KTxR8QS5n3v0bdaoe4HsFDZ6gAry8sz%2Ff7FAUW%2FOgN%2FQX5Pc2qHfp%2FAtJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e21ae7770b-LHR

GET play-lh.googleusercontent.com/8ddL1kuoNUB5vUvgDVjYY3_6HwQcrg1K2fd_R8soD-e2QYj8fT9cfhfh3G0hnSruLKec

142.250.74.86

200 OK

67 kB

URL GET HTTP/2
play-lh.googleusercontent.com/8ddL1kuoNUB5vUvgDVjYY3_6HwQcrg1K2fd_R8soD-e2QYj8fT9cfhfh3G0hnSruLKec
IP
142.250.74.86:443
ASN
#15169 GOOGLE

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectedgestatic.com
FingerprintAA:30:2C:FF:B9:BE:46:DD:80:78:DE:31:89:E6:D2:9D:0B:3A:11:90
ValidityMon, 08 Apr 2024 06:34:54 GMT - Mon, 01 Jul 2024 06:34:53 GMT

File type
JPEG image data, baseline, precision 8, 512x512, components 3
Size
67 kB (67423 bytes)
Hash
21de6f05ba8e2b32946668656cb918a6
6e51610717c778d3f829af907527e5033f35c742
015d1cecf14c3ef529e92d788304fe58aa571c4e3ebaf4d78d5eea44f693c844

HTTP Headers

GET /8ddL1kuoNUB5vUvgDVjYY3_6HwQcrg1K2fd_R8soD-e2QYj8fT9cfhfh3G0hnSruLKec HTTP/1.1
Host: play-lh.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
server: fife
content-length: 67423
x-xss-protection: 0
date: Fri, 26 Apr 2024 14:16:50 GMT
expires: Sat, 27 Apr 2024 14:16:50 GMT
cache-control: public, max-age=86400, no-transform
etag: "v1"
content-type: image/jpeg
vary: Origin
age: 799
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET pl22708848.profitablegatecpm.com/4e/d6/be/4ed6beda21708e4b8f45fca957964a1f.js

172.240.108.76

200 OK

16 kB

URL GET HTTP/1.1
pl22708848.profitablegatecpm.com/4e/d6/be/4ed6beda21708e4b8f45fca957964a1f.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjectprofitablegatecpm.com
Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30
ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT

File type
JavaScript source, ASCII text, with very long lines (44120), with no line terminators
Size
16 kB (15859 bytes)
Hash
35d432e7ca504595d56d840c8bc23836
109d01707756c522dd217eef7af6bfe7856ff1c7
6e06cffee6a9607396b9b0ee218126da1895cfc172d4472a45c3ef09fbd0b342

HTTP Headers

GET /4e/d6/be/4ed6beda21708e4b8f45fca957964a1f.js HTTP/1.1
Host: pl22708848.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 326a003fc38ad39040a4ca0b6d8d18e0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET artclass.site/assets/data/apps.js

104.21.234.104

200 OK

1.6 kB

URL GET HTTP/3
artclass.site/assets/data/apps.js
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text
Size
1.6 kB (1626 bytes)
Hash
9fcfe15ea654ae93f33f26947b236d48
10582d748830568d337afffadc882e9f6fb5bfcc
c35e76adb0e12b71838e11ac239f171c7996b1c2514b2a83e78beaeb77a8f0c3

HTTP Headers

GET /assets/data/apps.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjt3jy"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 3973
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pq3S481Dtxho6phoNMk1Aq%2BTxdeFjpTurtX5RVbSeFDFbUEWaTf7UFvmSsIBEkQxa%2BgrXweM5pKVHT7oxlp%2BKGxOBoiB9Stvc%2FKbde3PQmdDzV%2BVRapzsDaHDXwEdf%2FE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d88e43770b-LHR
content-encoding: br

GET youngestmildness.com/watch.919633662244.js?dev=e&key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&pst=1714141869&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&res=14.2071&rmtc=t&shu=1c3a70e2e74824b583a6897d32cf33e7ae05d4f89acc65aa919dd16f4b2c9a0a4d7ea0564639615bce3ccb3bd2974e5b4016f2f97d4684215100f504dd8e1e54671734d38275fe97fca1b48f1620ea2306132b359d0eddb68a752cdbeda27f&tz=0&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1

192.243.61.225

200 OK

2.0 kB

URL GET HTTP/1.1
youngestmildness.com/watch.919633662244.js?dev=e&key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&pst=1714141869&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&res=14.2071&rmtc=t&shu=1c3a70e2e74824b583a6897d32cf33e7ae05d4f89acc65aa919dd16f4b2c9a0a4d7ea0564639615bce3ccb3bd2974e5b4016f2f97d4684215100f504dd8e1e54671734d38275fe97fca1b48f1620ea2306132b359d0eddb68a752cdbeda27f&tz=0&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjectyoungestmildness.com
Fingerprint1E:8F:59:B7:29:6A:D7:3F:99:85:F2:A7:49:89:88:22:3E:23:16:C1
ValidityWed, 24 Apr 2024 15:17:25 GMT - Tue, 23 Jul 2024 15:17:24 GMT

File type
JavaScript source, ASCII text, with very long lines (2460)
Size
2.0 kB (1998 bytes)
Hash
3de163cac0e7783c7b2c6c32856c04fd
e7ea81f4a6b75f09dd5d5519de6b05ff6ea19558
907c601ac43cb6f482b6933477cae538ca8bb84517ac04e64229c5ec4d841899

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.919633662244.js?dev=e&key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&pst=1714141869&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&res=14.2071&rmtc=t&shu=1c3a70e2e74824b583a6897d32cf33e7ae05d4f89acc65aa919dd16f4b2c9a0a4d7ea0564639615bce3ccb3bd2974e5b4016f2f97d4684215100f504dd8e1e54671734d38275fe97fca1b48f1620ea2306132b359d0eddb68a752cdbeda27f&tz=0&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1 HTTP/1.1
Host: youngestmildness.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
Referer: https://artclass.site/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22088700; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjA4ODcwMCwiayI6IjhkNTcyODNiOTUzYjhiNTQ2ZDZhMDRkNGRlYWMxOWRjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQyNjUxLCJwaWQiOjE1MjQ4MjQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJiNno0dWQ5eW0iLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9hcnRjbGFzcy5zaXRlL2xvYWQuaHRtbD9nYW1lPWFtb25ndXMiLCJhciI6W119fQ.914AZq1gMK58JpH3tfPwteEu8jKfCDPxa9rrzS1sRfI
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://artclass.site
Access-Control-Allow-Origin: https://artclass.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; expires=Fri, 03 May 2024 14:30:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
uncs=1; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f080c9cbb25f3ece3db69d26184b7349
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET trebleuniversity.com/78/9c/e0/789ce0da4eec346107d3ca6eebe7691e.js

172.240.108.68

200 OK

30 kB

URL GET HTTP/1.1
trebleuniversity.com/78/9c/e0/789ce0da4eec346107d3ca6eebe7691e.js
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (30080 bytes)
Hash
1a35898283c196c0e1a25832be00fc31
1aa391a67d4411dcfab9cb0415a30d469e8de717
8c4d6eef23813ab4b1e8729103b9933a402ed18b6ba3239e51149a3b74a916e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /78/9c/e0/789ce0da4eec346107d3ca6eebe7691e.js HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2931_new=0; expires=Sun, 28 Apr 2024 14:30:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7480749b13235ee2be05620fb344469e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET cdn.cloudimagesb.com/cti/c8/d8/67/c8d8673ced1eaa7e51baa9035243a09a/1627915868.png

45.133.44.9

200 OK

108 kB

URL GET HTTP/2
cdn.cloudimagesb.com/cti/c8/d8/67/c8d8673ced1eaa7e51baa9035243a09a/1627915868.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 300 x 250, 8-bit/color RGB, non-interlaced
Size
108 kB (107711 bytes)
Hash
d5d8bc18ba152c6e850417cdf9dfbbff
888bf155775a9879f26faf0e7faaff5803296e8e
b481f86a9731573e3cfd04880209d5ecb5c163caa0e2656a9f740321c5e637c8

HTTP Headers

GET /cti/c8/d8/67/c8d8673ced1eaa7e51baa9035243a09a/1627915868.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:09 GMT
content-type: image/png
content-length: 107711
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 14:51:18 GMT
etag: "61080666-1a4bf"
expires: Sun, 28 Apr 2024 14:30:09 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET trebleuniversity.com/sbar.json?key=4ed6beda21708e4b8f45fca957964a1f&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1

172.240.108.68

200 OK

8.3 kB

URL GET HTTP/1.1
trebleuniversity.com/sbar.json?key=4ed6beda21708e4b8f45fca957964a1f&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT

File type
JSON text data
Size
8.3 kB (8256 bytes)
Hash
9b82113796a7959ed62ef03b6c49b821
1032317aeef95d4e1d1396f03166c840317b38b0
e36040d564aab78fc18ae7cd49d38e4757e4f9d64e21a2acbb925a31f98422bf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=4ed6beda21708e4b8f45fca957964a1f&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1 HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:09 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://artclass.site
Access-Control-Allow-Origin: https://artclass.site
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22608349; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; expires=Fri, 03 May 2024 14:30:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
uncs=1; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b9ffb2e73b6589d2fa65ea0bc398deca
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

GET cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html

45.133.44.4

200 OK

1.3 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3
ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT

File type
HTML document, ASCII text
Size
1.3 kB (1325 bytes)
Hash
f6990569c7ffeac1f4a3f6d9eee5da44
e7d5e37acf89a8faee252c36fc2c9d6615501d76
cc2a9756c81bd570fff8b32e48a413687c33f8abe9c934e743a0769178b4f690

HTTP Headers

GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:09 GMT
content-type: text/html; charset=utf-8
content-length: 1325
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: "6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Fri, 26 Apr 2024 15:30:09 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET trebleuniversity.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYscRRSunuxNEJSAhyDMwUNEd7a7p6d7xhyCcV1ZXLMxibg3qe6qni23pqut6pqe3dNiQHMc%2FAW93%2BxmURdJrgGDzAY8LAgZT4tkL%2F4DhYA3mXFw9EHVe6%2B%2BV%2FC9772vDuwF8WHp%2BepHak9ISVdaDbd%2BdcvzrtU3RGYH9UE7%2FCwMrtV1%2F51O2HDfrH%2FAkx214rue63quV18TmqdqsDIFIfKTjtfouI3Ab3itAAP9%2F9xYB4Y6YP0L8ioEmyw9dS5DJGNkvYer3OwUKn%2F7%2FZ6VtFAafXb8SbaTqTJDbxGm2kGaHc%2BrocyztSdQ2dGMLlT%2F38JYTIjz8xPE2fGcJOL%2B4YxnLMEzxOwllP0xuBxD0DESdQ%2BCPSNAwnBzE1nvwU2lS7r7D0qn6IQsvfgTopyQpeeXkfV%2BuCHFoH5HSVsIlRkM0gpiMIbojpHbUxR7NYjyFEnxJQT7hay82EDWO9w0UkGw8zd42ImCuB0uu27cWQ58v7NMo1a03PJiP4h4EPkhmwkkxBgiHUPyIahxYKdHOLCpA5s76LHzeuJ5XuSyhLrtTpI0WcTjkLkejVKPem7Yhk2mPQxR5EMkcohE7yPX%2B9gRQ2j7E8x2BcNqMMWEOB%2Fvo88qlJygNAQlJSgFQVkQlP3qiEnjm%2BoBk8bG3tz7c9%2BsRqroHtAjVXR5RkD1EJpVB%2FkFeWUqorP113Ps8PN6wFkYc0Z9L3LbPIjbadBKE9ppRZ0woF4KIyoIU5u1vCcmJPj6N%2BRiQl5b3UJMT2HkKRJxCdS%2BDlpWoNsV9rITY3XKVJc3cq3AVIW8WEKx6xzIC3JlNsb1zUfgydn135szQ6Ir5LrC5%2BIpQVfeH91WJTm8rUpDHm3mheiJPTod8Z2CFvzSdx%2Fy3VJptr5qht%2B%2Bm0yBaXhyl5tig2ZMZF1Dvr8hGON6TemEkx%2FXzac8vmXN9g2rM5tv3Hpvbb2Xa26MUNkYdLqtf2gkYkJevnJ3tr1XH9%2BC0GNoW6Fnz8jcINQYSb4Pky%2F4G0Wg5aImzh2UthppP148SkEg%2BSKncQXznzxexCNNp7%2BpqA7MfXR1DbS4h6xXoa8r9GUFKocw9tKoyPXZ9V%2FnNGJZG8VS1w5jqeU3M5mn10MYcV6Pmk2Xhp2WF0WUR3Hgt9PQY5T6QeiHIW2iMJP0rcdf%2FA0AAP%2F%2FAQAA%2F%2F9muaSglwQAAA%3D%3D

172.240.108.68

200 OK

7 B

URL GET HTTP/1.1
trebleuniversity.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYscRRSunuxNEJSAhyDMwUNEd7a7p6d7xhyCcV1ZXLMxibg3qe6qni23pqut6pqe3dNiQHMc%2FAW93%2BxmURdJrgGDzAY8LAgZT4tkL%2F4DhYA3mXFw9EHVe6%2B%2BV%2FC9772vDuwF8WHp%2BepHak9ISVdaDbd%2BdcvzrtU3RGYH9UE7%2FCwMrtV1%2F51O2HDfrH%2FAkx214rue63quV18TmqdqsDIFIfKTjtfouI3Ab3itAAP9%2F9xYB4Y6YP0L8ioEmyw9dS5DJGNkvYer3OwUKn%2F7%2FZ6VtFAafXb8SbaTqTJDbxGm2kGaHc%2BrocyztSdQ2dGMLlT%2F38JYTIjz8xPE2fGcJOL%2B4YxnLMEzxOwllP0xuBxD0DESdQ%2BCPSNAwnBzE1nvwU2lS7r7D0qn6IQsvfgTopyQpeeXkfV%2BuCHFoH5HSVsIlRkM0gpiMIbojpHbUxR7NYjyFEnxJQT7hay82EDWO9w0UkGw8zd42ImCuB0uu27cWQ58v7NMo1a03PJiP4h4EPkhmwkkxBgiHUPyIahxYKdHOLCpA5s76LHzeuJ5XuSyhLrtTpI0WcTjkLkejVKPem7Yhk2mPQxR5EMkcohE7yPX%2B9gRQ2j7E8x2BcNqMMWEOB%2Fvo88qlJygNAQlJSgFQVkQlP3qiEnjm%2BoBk8bG3tz7c9%2BsRqroHtAjVXR5RkD1EJpVB%2FkFeWUqorP113Ps8PN6wFkYc0Z9L3LbPIjbadBKE9ppRZ0woF4KIyoIU5u1vCcmJPj6N%2BRiQl5b3UJMT2HkKRJxCdS%2BDlpWoNsV9rITY3XKVJc3cq3AVIW8WEKx6xzIC3JlNsb1zUfgydn135szQ6Ir5LrC5%2BIpQVfeH91WJTm8rUpDHm3mheiJPTod8Z2CFvzSdx%2Fy3VJptr5qht%2B%2Bm0yBaXhyl5tig2ZMZF1Dvr8hGON6TemEkx%2FXzac8vmXN9g2rM5tv3Hpvbb2Xa26MUNkYdLqtf2gkYkJevnJ3tr1XH9%2BC0GNoW6Fnz8jcINQYSb4Pky%2F4G0Wg5aImzh2UthppP148SkEg%2BSKncQXznzxexCNNp7%2BpqA7MfXR1DbS4h6xXoa8r9GUFKocw9tKoyPXZ9V%2FnNGJZG8VS1w5jqeU3M5mn10MYcV6Pmk2Xhp2WF0WUR3Hgt9PQY5T6QeiHIW2iMJP0rcdf%2FA0AAP%2F%2FAQAA%2F%2F9muaSglwQAAA%3D%3D
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQYscRRSunuxNEJSAhyDMwUNEd7a7p6d7xhyCcV1ZXLMxibg3qe6qni23pqut6pqe3dNiQHMc%2FAW93%2BxmURdJrgGDzAY8LAgZT4tkL%2F4DhYA3mXFw9EHVe6%2B%2BV%2FC9772vDuwF8WHp%2BepHak9ISVdaDbd%2BdcvzrtU3RGYH9UE7%2FCwMrtV1%2F51O2HDfrH%2FAkx214rue63quV18TmqdqsDIFIfKTjtfouI3Ab3itAAP9%2F9xYB4Y6YP0L8ioEmyw9dS5DJGNkvYer3OwUKn%2F7%2FZ6VtFAafXb8SbaTqTJDbxGm2kGaHc%2BrocyztSdQ2dGMLlT%2F38JYTIjz8xPE2fGcJOL%2B4YxnLMEzxOwllP0xuBxD0DESdQ%2BCPSNAwnBzE1nvwU2lS7r7D0qn6IQsvfgTopyQpeeXkfV%2BuCHFoH5HSVsIlRkM0gpiMIbojpHbUxR7NYjyFEnxJQT7hay82EDWO9w0UkGw8zd42ImCuB0uu27cWQ58v7NMo1a03PJiP4h4EPkhmwkkxBgiHUPyIahxYKdHOLCpA5s76LHzeuJ5XuSyhLrtTpI0WcTjkLkejVKPem7Yhk2mPQxR5EMkcohE7yPX%2B9gRQ2j7E8x2BcNqMMWEOB%2Fvo88qlJygNAQlJSgFQVkQlP3qiEnjm%2BoBk8bG3tz7c9%2BsRqroHtAjVXR5RkD1EJpVB%2FkFeWUqorP113Ps8PN6wFkYc0Z9L3LbPIjbadBKE9ppRZ0woF4KIyoIU5u1vCcmJPj6N%2BRiQl5b3UJMT2HkKRJxCdS%2BDlpWoNsV9rITY3XKVJc3cq3AVIW8WEKx6xzIC3JlNsb1zUfgydn135szQ6Ir5LrC5%2BIpQVfeH91WJTm8rUpDHm3mheiJPTod8Z2CFvzSdx%2Fy3VJptr5qht%2B%2Bm0yBaXhyl5tig2ZMZF1Dvr8hGON6TemEkx%2FXzac8vmXN9g2rM5tv3Hpvbb2Xa26MUNkYdLqtf2gkYkJevnJ3tr1XH9%2BC0GNoW6Fnz8jcINQYSb4Pky%2F4G0Wg5aImzh2UthppP148SkEg%2BSKncQXznzxexCNNp7%2BpqA7MfXR1DbS4h6xXoa8r9GUFKocw9tKoyPXZ9V%2FnNGJZG8VS1w5jqeU3M5mn10MYcV6Pmk2Xhp2WF0WUR3Hgt9PQY5T6QeiHIW2iMJP0rcdf%2FA0AAP%2F%2FAQAA%2F%2F9muaSglwQAAA%3D%3D HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:09 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d470796822f8d7901931af88b8e44a42
Strict-Transport-Security: max-age=0; includeSubdomains

GET trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=82

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=82
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=82 HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png

45.133.44.9

200 OK

16 kB

URL GET HTTP/2
cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png
IP
45.133.44.9:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT

File type
PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Size
16 kB (16093 bytes)
Hash
14cf262fabfd850855c42847d14fe775
2fafa28f167f018a0fb1f261f47380c8810803c9
972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af

HTTP Headers

GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:10 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Sun, 28 Apr 2024 14:30:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET quicklymuseum.com/pixel/purst?dl=0&th=0&sc=0&rs=2949&rd=2949&fd=532&bv=24.4.7838&tmpl=136

172.240.108.84

200 OK

0 B

URL GET HTTP/1.1
quicklymuseum.com/pixel/purst?dl=0&th=0&sc=0&rs=2949&rd=2949&fd=532&bv=24.4.7838&tmpl=136
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjectquicklymuseum.com
Fingerprint46:2B:BA:FF:1F:D7:9A:D9:BA:1C:E8:8F:54:9F:9F:CC:52:BB:F7:03
ValidityWed, 24 Apr 2024 15:07:42 GMT - Tue, 23 Jul 2024 15:07:41 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2949&rd=2949&fd=532&bv=24.4.7838&tmpl=136 HTTP/1.1
Host: quicklymuseum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png

104.21.70.253

200 OK

591 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
IP
104.21.70.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
Size
591 B (591 bytes)
Hash
9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:10 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6225903
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bYB92rITM413c3zIgo8bBo7QlQbEZdyj0wg7JFv9%2BX8syni9VllO2dBcPv1dyoCbs0A894W1Wrk6K6HFmcQr9ai1bbV3nm4YKa%2BSTeFgwmtBpS23pthiakYFwGtNOJiwGzbLteOyeZcl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e919a1568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

OPTIONS analytics.proudparrot2.tech/api/send

172.67.153.223

204 No Content

0 B

URL OPTIONS HTTP/3
analytics.proudparrot2.tech/api/send
IP
172.67.153.223:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectproudparrot2.tech
Fingerprint4A:08:60:5E:66:23:AC:1A:51:3B:45:44:7C:ED:73:DB:CE:6D:DA:ED
ValidityTue, 23 Apr 2024 02:56:28 GMT - Mon, 22 Jul 2024 02:56:27 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /api/send HTTP/1.1
Host: analytics.proudparrot2.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://artclass.site/
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 26 Apr 2024 14:30:10 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
vary: Access-Control-Request-Headers
x-dns-prefetch-control: on
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p0aH8SI0KAa%2BFkHFSj38yXW1v0KqbkoeTcYSoWzRbClKZrYT%2FvvFKDutOcgYBd5WK%2BXrzLvxWAObuhck7WbWVtklDQN%2FqufFdMEBrd%2Fly%2FupzzRH4gbPkf0xcXzMzmT7bNR3E%2FSxausfvD46zuU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a744e93a31b529-OSL

GET trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=195

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=195
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=195 HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js

104.21.70.253

200 OK

31 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js
IP
104.21.70.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
JavaScript source, ASCII text, with very long lines (32025)
Size
31 kB (30612 bytes)
Hash
4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:10 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6225904
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yyxz1KTefPXl%2BOoyBNKHaARX7oRHobLTewBfAL2g%2FogNixShhxnTZSv5AaNKK8VXNW1lVUYLflgfHUDnWtV27V%2B%2F4gp7FUFl20Jnd7yV%2BEk0YfGZtmNFloV6phA2b%2FzXc3Cg1lwOk%2FG9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e90991568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=16

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=16
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=16 HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 05:55:49 GMT
expires: Sat, 26 Apr 2025 05:55:49 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 30861
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 06:02:10 GMT
expires: Sat, 26 Apr 2025 06:02:10 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 30480
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET trebleuniversity.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuns1NEJQFD4swBw8rmkn3pGd6xj0sxhgJxk3cXTE3qV89KVPT1VZ1T09yCi7oHgf%2Fgs43yQY1yO51wUUmCx4Cwo6nIJuL%2F4HCgjeZcXD0QdV7r75X8L3vva8O80tSR04vVj8y%2B0prutSo%2BdXr20Fwo7qhkrxf7beanzXDG1Xbe6fdrPlvVj%2BQfNcs1f3A9wM%2FqK4pK2PTX5qAUOlpO6i1%2FVpYrwWNEH37%2F9zlHhz1IHqX5FUoMV546l2F4iMk3Yer0u1mJn37%2FW6uaWYseuLkk2Q3MUWC7jyMrYc4OZlVw7hna09gkuMpXZjev4VMjYn38xOw5GRGEqx3NOXJNGQCJl5C0RtB6hEUHYGbe1DiGQG4wK1NJN0Ht4wt6N4%2FKJ2gY7Lw4k%2BoYkwWnl9F0v1hRat%2B9Y7ReaZM4tCPS6j%2BCKozQpqfIduvQBVn4NmXUOIXsvRiA0n3aNNpAyUu3pDNdhSyVnPR91l7MazX24s0akSLjYDVw0iGUb0ppgIpNYKKR9ByAOo85JOjPOSxhzz10BUXVR4EQeQLTv1Wm%2FNlEUnWFH5Aoziggd9sIeeTHgbI0gG4HoDbA6T2ALtqAJv%2FBLdTwokKXDYm3scH6IkShSQoHEFBCQpFUGQERa88FtrVXflAaJezYObrM79cDk3WOaTHJuvIhIDaAawoD9NL8spERG%2F7r%2BfYlRfVUIomk4LWg8hvyZC14rARc9puRO1mSIMYTpVQrjJteV%2BNSfj1b0jVmLy2ug1Gz%2BD0Gbi6Apq%2FDlqUoDsl9pNTl9tYmI6spdZAmBJptoBszzvUl%2BTadIzrm48g%2BfnN35enBm5LpLbE5%2BopQUffH942BTm6bQpHHm2mmeqqfToZ8Z2MZvLKdx%2FKvcJYsb7qBt%2B%2ByyfAJDy9K122QROhko4j368oIaRdM5ZL8uO6%2B1SyrdztrOQ2ydONrffW1ruplc4pk4xAJ9v6hwVXY%2FLytbvT7b3%2BeAvKjmDzEt38nMwMyozA0wO4dM7fGQKr5zUs9VDk5dDW2fxRKwIt5zllJdx%2FcjaPh5ZOflNVHrr76NgKaHYPSbdEz5bo6RJUD%2BDyK8Mstec3f53RYLoyZNpWjpi2%2BpupzJPrIZy6qC77ImIylhGTYSOMJRes0WA%2BjzlbFq0WR%2BbG8VuPv%2FgbAAD%2F%2FwEAAP%2F%2F5m1xSJcEAAA%3D

192.243.59.13

200 OK

7 B

URL GET HTTP/1.1
trebleuniversity.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuns1NEJQFD4swBw8rmkn3pGd6xj0sxhgJxk3cXTE3qV89KVPT1VZ1T09yCi7oHgf%2Fgs43yQY1yO51wUUmCx4Cwo6nIJuL%2F4HCgjeZcXD0QdV7r75X8L3vva8O80tSR04vVj8y%2B0prutSo%2BdXr20Fwo7qhkrxf7beanzXDG1Xbe6fdrPlvVj%2BQfNcs1f3A9wM%2FqK4pK2PTX5qAUOlpO6i1%2FVpYrwWNEH37%2F9zlHhz1IHqX5FUoMV546l2F4iMk3Yer0u1mJn37%2FW6uaWYseuLkk2Q3MUWC7jyMrYc4OZlVw7hna09gkuMpXZjev4VMjYn38xOw5GRGEqx3NOXJNGQCJl5C0RtB6hEUHYGbe1DiGQG4wK1NJN0Ht4wt6N4%2FKJ2gY7Lw4k%2BoYkwWnl9F0v1hRat%2B9Y7ReaZM4tCPS6j%2BCKozQpqfIduvQBVn4NmXUOIXsvRiA0n3aNNpAyUu3pDNdhSyVnPR91l7MazX24s0akSLjYDVw0iGUb0ppgIpNYKKR9ByAOo85JOjPOSxhzz10BUXVR4EQeQLTv1Wm%2FNlEUnWFH5Aoziggd9sIeeTHgbI0gG4HoDbA6T2ALtqAJv%2FBLdTwokKXDYm3scH6IkShSQoHEFBCQpFUGQERa88FtrVXflAaJezYObrM79cDk3WOaTHJuvIhIDaAawoD9NL8spERG%2F7r%2BfYlRfVUIomk4LWg8hvyZC14rARc9puRO1mSIMYTpVQrjJteV%2BNSfj1b0jVmLy2ug1Gz%2BD0Gbi6Apq%2FDlqUoDsl9pNTl9tYmI6spdZAmBJptoBszzvUl%2BTadIzrm48g%2BfnN35enBm5LpLbE5%2BopQUffH942BTm6bQpHHm2mmeqqfToZ8Z2MZvLKdx%2FKvcJYsb7qBt%2B%2ByyfAJDy9K122QROhko4j368oIaRdM5ZL8uO6%2B1SyrdztrOQ2ydONrffW1ruplc4pk4xAJ9v6hwVXY%2FLytbvT7b3%2BeAvKjmDzEt38nMwMyozA0wO4dM7fGQKr5zUs9VDk5dDW2fxRKwIt5zllJdx%2FcjaPh5ZOflNVHrr76NgKaHYPSbdEz5bo6RJUD%2BDyK8Mstec3f53RYLoyZNpWjpi2%2BpupzJPrIZy6qC77ImIylhGTYSOMJRes0WA%2BjzlbFq0WR%2BbG8VuPv%2FgbAAD%2F%2FwEAAP%2F%2F5m1xSJcEAAA%3D
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuns1NEJQFD4swBw8rmkn3pGd6xj0sxhgJxk3cXTE3qV89KVPT1VZ1T09yCi7oHgf%2Fgs43yQY1yO51wUUmCx4Cwo6nIJuL%2F4HCgjeZcXD0QdV7r75X8L3vva8O80tSR04vVj8y%2B0prutSo%2BdXr20Fwo7qhkrxf7beanzXDG1Xbe6fdrPlvVj%2BQfNcs1f3A9wM%2FqK4pK2PTX5qAUOlpO6i1%2FVpYrwWNEH37%2F9zlHhz1IHqX5FUoMV546l2F4iMk3Yer0u1mJn37%2FW6uaWYseuLkk2Q3MUWC7jyMrYc4OZlVw7hna09gkuMpXZjev4VMjYn38xOw5GRGEqx3NOXJNGQCJl5C0RtB6hEUHYGbe1DiGQG4wK1NJN0Ht4wt6N4%2FKJ2gY7Lw4k%2BoYkwWnl9F0v1hRat%2B9Y7ReaZM4tCPS6j%2BCKozQpqfIduvQBVn4NmXUOIXsvRiA0n3aNNpAyUu3pDNdhSyVnPR91l7MazX24s0akSLjYDVw0iGUb0ppgIpNYKKR9ByAOo85JOjPOSxhzz10BUXVR4EQeQLTv1Wm%2FNlEUnWFH5Aoziggd9sIeeTHgbI0gG4HoDbA6T2ALtqAJv%2FBLdTwokKXDYm3scH6IkShSQoHEFBCQpFUGQERa88FtrVXflAaJezYObrM79cDk3WOaTHJuvIhIDaAawoD9NL8spERG%2F7r%2BfYlRfVUIomk4LWg8hvyZC14rARc9puRO1mSIMYTpVQrjJteV%2BNSfj1b0jVmLy2ug1Gz%2BD0Gbi6Apq%2FDlqUoDsl9pNTl9tYmI6spdZAmBJptoBszzvUl%2BTadIzrm48g%2BfnN35enBm5LpLbE5%2BopQUffH942BTm6bQpHHm2mmeqqfToZ8Z2MZvLKdx%2FKvcJYsb7qBt%2B%2ByyfAJDy9K122QROhko4j368oIaRdM5ZL8uO6%2B1SyrdztrOQ2ydONrffW1ruplc4pk4xAJ9v6hwVXY%2FLytbvT7b3%2BeAvKjmDzEt38nMwMyozA0wO4dM7fGQKr5zUs9VDk5dDW2fxRKwIt5zllJdx%2FcjaPh5ZOflNVHrr76NgKaHYPSbdEz5bo6RJUD%2BDyK8Mstec3f53RYLoyZNpWjpi2%2BpupzJPrIZy6qC77ImIylhGTYSOMJRes0WA%2BjzlbFq0WR%2BbG8VuPv%2FgbAAD%2F%2FwEAAP%2F%2F5m1xSJcEAAA%3D HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ba0ff99a03f9d0bfd99423e4906584fd
Strict-Transport-Security: max-age=0; includeSubdomains

GET trebleuniversity.com/pixel/sbs?c=1

172.240.108.68

200 OK

0 B

URL GET HTTP/1.1
trebleuniversity.com/pixel/sbs?c=1
IP
172.240.108.68:443
ASN
#7979 SERVERS-COM

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET unseenreport.com/pxf.gif?uuid=e6974b86-00b9-4229-a757-51b247e4726d&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=4ed6beda21708e4b8f45fca957964a1f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=e6974b86-00b9-4229-a757-51b247e4726d&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=4ed6beda21708e4b8f45fca957964a1f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=e6974b86-00b9-4229-a757-51b247e4726d&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=4ed6beda21708e4b8f45fca957964a1f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad66cfa4db43ede359efd3ce45a17f05
Strict-Transport-Security: max-age=0; includeSubdomains

GET unseenreport.com/pxf.gif?uuid=e6974b86-00b9-4229-a757-51b247e4726d&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=789ce0da4eec346107d3ca6eebe7691e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14

192.243.59.13

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=e6974b86-00b9-4229-a757-51b247e4726d&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=789ce0da4eec346107d3ca6eebe7691e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=e6974b86-00b9-4229-a757-51b247e4726d&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=789ce0da4eec346107d3ca6eebe7691e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a679aa73bde8d184d3244a8266858673
Strict-Transport-Security: max-age=0; includeSubdomains

GET trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=194

192.243.59.13

200 OK

0 B

URL GET HTTP/1.1
trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=194
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=194 HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET artclass.site/css/main.css

104.21.234.104

200 OK

4.1 kB

URL GET HTTP/3
artclass.site/css/main.css
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text, with very long lines (4356), with no line terminators
Size
4.1 kB (4102 bytes)
Hash
0257cbfe5039a18e76ed0088fff3cb79
5b257e3849fe8c9230744b7cb8a756f08d4dd4f4
c114aa41820f39f14ebaf6d82360fe1079c3e49cff1008546b1e9f7d3be63e0f

HTTP Headers

GET /css/main.css HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/css/master.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"scfez035y"
last-modified: Wed, 24 Apr 2024 02:59:24 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4636
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TZUqg8q4dV3r4xACdVdP%2B5%2FGBH8pWXgdHlx1d3cskclbh3LtKufQWXyK1zgezal7CqaiIYM4czB1X4l9wNpT6unRFAuYrNwVFIitxpns%2FdjaFKbKD%2BAbP1c0m8CaHTJc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d8ce9e770b-LHR
content-encoding: br

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css

104.21.70.253

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css
IP
104.21.70.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
79 kB (78689 bytes)
Hash
3d4123dbfb33d27a5cfdfcfa91df6783
e7d0eeeec54b848f0bc3da8685fa3bc88429d660
cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:10 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 103071
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d%2B8lBsKy4aMTvNBmAyXhreVQEcMyTCf%2F%2BanGOvFV0%2B4DBngkdMfhFT6xOh21Br5TkDevQhWOYl%2FxodYb0WfU5AKvXIzocWy2dz0XsDqPUjAU3r4474M%2BnEHM%2BLrC4DwOJlziJiJU3dfT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e90a35b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js

104.21.70.253

200 OK

962 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js
IP
104.21.70.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (1015), with no line terminators
Size
962 B (962 bytes)
Hash
88523e22d10f0cbad31aa1d8276764fa
9238cd9499e01abdbeb33e68c550d26cfb6eaba5
d553390acb639c765cb6aaa4fbb72529e4005227d190f53108aec87ccec411c2

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:10 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 450264
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C94hZv1zjKijFRewzCM814JUnly1Kebh5PK9jdO7XysyNb%2BKFKk0rgGBon78XMjVFIBQteN6MVMHX0ieW5syLMoh1J7Qn%2BDLtRNWg5ALAXBBrIvCJ2AuL1mD4PDkvd7UMSA%2FM6jpvCq9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744ea2c56b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET artclass.site/js/preload.js

104.21.234.104

200 OK

3.6 kB

URL GET HTTP/3
artclass.site/js/preload.js
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
HTML document, ASCII text, with very long lines (3764), with no line terminators
Size
3.6 kB (3639 bytes)
Hash
04f892b78980ba1263507fc52968c680
3c865dceddb2e04fb46f1830c9741702d02940d5
6608d3ec192fdc5ab6237f2a758579cceae587bb5257771f28f80ac112ece805

HTTP Headers

GET /js/preload.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"scfez02t3"
last-modified: Wed, 24 Apr 2024 02:59:24 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fmhp%2FJBpodxYaKOcPawTrzbPC6VRhmVzcTM4r0T2rGOCVdqIaw3tLjfBWNNZR8PQNu%2FuCIs0MWk2hvpXeOAPl1v%2FcMYEQHVLt9aP5VTdWnVsGtWIA255YiMNdganvgmJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d87e3a770b-LHR
content-encoding: br

GET cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/css/all.css

151.101.1.229

200 OK

372 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/css/all.css
IP
151.101.1.229:443
ASN
#54113 FASTLY

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text
Size
372 kB (371786 bytes)
Hash
f9e2f72281d6ac4e23b1d1690c5e6700
c8e7ec28b0d5e2dcbce9b22107bc1ed8e53e4b16
c4772e97742bb0756ab29709b59debdfbca546b640277ff1f86935b0a72eca7f

HTTP Headers

GET /gh/hung1001/font-awesome-pro@4cac1a6/css/all.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4cac1a6
x-jsd-version-type: branch
etag: W/"5ac4a-yOfsKLDV4ty86bIhB7we2OU+SxY"
content-encoding: br
accept-ranges: bytes
date: Fri, 26 Apr 2024 14:30:08 GMT
age: 11226
x-served-by: cache-fra-eddf8230054-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 47137
X-Firefox-Spdy: h2

GET youngestmildness.com/watch.919633662244.js?key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&tz=0&dev=e&res=14.2071&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1

192.243.61.225

307 Temporary Redirect

3.3 kB

URL GET HTTP/1.1
youngestmildness.com/watch.919633662244.js?key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&tz=0&dev=e&res=14.2071&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjectyoungestmildness.com
Fingerprint1E:8F:59:B7:29:6A:D7:3F:99:85:F2:A7:49:89:88:22:3E:23:16:C1
ValidityWed, 24 Apr 2024 15:17:25 GMT - Tue, 23 Jul 2024 15:17:24 GMT

File type

Size
3.3 kB (3336 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.919633662244.js?key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&tz=0&dev=e&res=14.2071&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1 HTTP/1.1
Host: youngestmildness.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:09 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://artclass.site
Access-Control-Allow-Origin: https://artclass.site
Access-Control-Allow-Credentials: true
Location: https://youngestmildness.com/watch.919633662244.js?dev=e&key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&pst=1714141869&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&res=14.2071&rmtc=t&shu=1c3a70e2e74824b583a6897d32cf33e7ae05d4f89acc65aa919dd16f4b2c9a0a4d7ea0564639615bce3ccb3bd2974e5b4016f2f97d4684215100f504dd8e1e54671734d38275fe97fca1b48f1620ea2306132b359d0eddb68a752cdbeda27f&tz=0&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1
Set-Cookie: u_pl=22088700; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjA4ODcwMCwiayI6IjhkNTcyODNiOTUzYjhiNTQ2ZDZhMDRkNGRlYWMxOWRjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQyNjUxLCJwaWQiOjE1MjQ4MjQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJiNno0dWQ5eW0iLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9hcnRjbGFzcy5zaXRlL2xvYWQuaHRtbD9nYW1lPWFtb25ndXMiLCJhciI6W119fQ.914AZq1gMK58JpH3tfPwteEu8jKfCDPxa9rrzS1sRfI; expires=Fri, 26 Apr 2024 14:31:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d6a2a706c25854f9374bb68150308e6f
Strict-Transport-Security: max-age=0; includeSubdomains

GET artclass.site/css/cards.css

104.21.234.104

200 OK

754 B

URL GET HTTP/3
artclass.site/css/cards.css
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text, with very long lines (801), with no line terminators
Size
754 B (754 bytes)
Hash
a24e392c65537a27f4c33fc92d807ad2
cfbb52e32ef58b3ede60f20ac20e60730d36a9bd
c05f4888b0b5eab2032bd706e597f981d5d5436b633c3ed942c6640a32052f89

HTTP Headers

GET /css/cards.css HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/css/main.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjtky"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4636
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8wH006GB1QgLYNhjYtz6dCSIDlyctNskJIRX7tfRVfNolhGMva0ilV7zmriPt9bceIIJmpAZA6StBbKnfbXCzhrzbsmx0GT6aEfujlCvbwirwKIew8LpT6sdaG%2BOdQy5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d90efe770b-LHR
content-encoding: br

GET analytics.proudparrot2.tech/script.js

172.67.153.223

200 OK

2.6 kB

URL GET HTTP/2
analytics.proudparrot2.tech/script.js
IP
172.67.153.223:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectproudparrot2.tech
Fingerprint4A:08:60:5E:66:23:AC:1A:51:3B:45:44:7C:ED:73:DB:CE:6D:DA:ED
ValidityTue, 23 Apr 2024 02:56:28 GMT - Mon, 22 Jul 2024 02:56:27 GMT

File type
JavaScript source, ASCII text, with very long lines (2658), with no line terminators
Size
2.6 kB (2573 bytes)
Hash
01193dbf5e8fd03a35b188875b9f4302
5c24946bae53e8ab600a46d69f6081a21b5ea3f3
4f7fc4fd8ca0fd8e2895028da510349e811494a8d0d3af7f3a4dbac985e504ef

HTTP Headers

GET /script.js HTTP/1.1
Host: analytics.proudparrot2.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:08 GMT
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=14400
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
etag: W/"a0d-18eea4fb4e0"
last-modified: Wed, 17 Apr 2024 04:27:56 GMT
vary: Accept-Encoding
x-dns-prefetch-control: on
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h1x%2BRKplEKYvyXjXTTs4aF%2FBCz%2FKdjjtAFzlbW3B1k5wLNyusuysW1eBQrR78ybZ4P%2Fg%2BLF%2BfI1vk5dP3lQ%2FMYsakXnJh2e47HTZZY1DSWGVq15y34NM3%2BlazKwtILK3SyToB%2Bg%2B9I06n%2FuZrVE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a744de3ce3b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2

GET downstairsnegotiatebarren.com/sfp.js

104.21.35.227

200 OK

86 kB

URL GET HTTP/3
downstairsnegotiatebarren.com/sfp.js
IP
104.21.35.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:09 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 6a8684afaf235ef5360b0f23d7ddb45b
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 26 Apr 2024 14:30:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sgd7kVM8RRJRLY4EJCXKvS65VXDIOxhHLIcN5QVzWtNA0DYeWaNn%2FKFUumqTg%2BUHHH3h%2FwbPjlpHYB9cR5rf8jzredE3vzwFep4CxDkUi9c5pLUXiP7ALM%2FE1kP3sX8Q9mfvEAoN9%2BAJNnBfXgej6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e66b48712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

7.0 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
ASCII text, with very long lines (7193), with no line terminators
Size
7.0 kB (7004 bytes)
Hash
16b49a99486594c0b42d9bd7821deb2c
2fb46e5e86d6b37d4497cc04bfd89b3cb33a276a
3f3540952441e06ef81189cf63d46bac242804e386779dbb0cdd78ed10025c21

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 14:30:10 GMT
date: Fri, 26 Apr 2024 14:30:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET artclass.site/load.html?game=amongus

104.21.234.104

200 OK

2.2 kB

URL User Request GET HTTP/2
artclass.site/load.html?game=amongus
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
HTML document, ASCII text, with very long lines (2337), with no line terminators
Size
2.2 kB (2160 bytes)
Hash
30225b8d27a254bde018565452eb7fdb
bbfbb48789e68f6c598e379b09468291f8203ea8
c0a07d92e7195e99040dddbc03ff07ca12a3419ab8ddca372b1bf964b54d7964

HTTP Headers

GET /load.html?game=amongus HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: text/html; charset=utf-8
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 24 Apr 2024 02:59:24 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ks8H1GQPDe9HnGCdp97CWNzQyBKFlh%2BE3sTNeNaf8rOZzV7JZFHivG25wmkcHuStE3hD%2BV6ThQhMV6PMZQZ7KOta1f4afJ0ifrzsevAdIfmI6yYq8QBCJwcKlikm5dGY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a744d4e86623e3-LHR
content-encoding: br
X-Firefox-Spdy: h2

GET artclass.site/js/index.js

104.21.234.104

200 OK

3.9 kB

URL GET HTTP/3
artclass.site/js/index.js
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text, with very long lines (4093), with no line terminators
Size
3.9 kB (3922 bytes)
Hash
e0f6a8923586cb1fe281136098f00cfc
8841a712e0ea479a44ff73925bc92ed8f8a3df17
b5a7fd31e105979a674cbb5c2ba0f0502b243698a3b54684b05af3ead5e0d592

HTTP Headers

GET /js/index.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"sa9an630y"
last-modified: Tue, 12 Mar 2024 22:33:06 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4636
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nGMs3b4fBBOfxlvw8kdsJMHL8Y1SY0AmIFWRVHn7Hp6QUgtEEBYasZYZvaw6Tg0PoYdH4YynGqIba4K8wsW%2BsGXEa1KXyEe%2FQ7UoS3FklmnZfd%2BgRmxfgEP2IOHkK%2Bsk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d88e3d770b-LHR
content-encoding: br

GET downstairsnegotiatebarren.com/sfp.js

104.21.35.227

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
104.21.35.227:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:09 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 887068a0bbf7894feefa62f999363286
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 26 Apr 2024 14:30:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pv0grc%2BJaXGg0xq678gkv4KEOb8gkilw5tq8sxAKXWSWUIOV%2B1dz10dqJ21m%2BneZ%2F5lgnKKsY3A%2B%2FhSGS3mMMkYr4%2FAV6E9OIY9EQ7YV1iehwRh97jUKYDMpvOzONyWEvFgl61OWcsBkZyEZWDRDnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e30b3c569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET artclass.site/css/master.css

104.21.234.104

200 OK

449 B

URL GET HTTP/3
artclass.site/css/master.css
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text, with very long lines (470), with no line terminators
Size
449 B (449 bytes)
Hash
b62a249a4efae87ddf6f5e131ed8fe7c
4644f0103dd345f00fff6d452f3462ba18a801a8
a3bc13df62b9eb9fffa125fff61e13d835aae5e54eb9168b2ee23a18b03118f9

HTTP Headers

GET /css/master.css HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjtch"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mk3omMt6yjn8%2FZXx6gPIhn2TlNsIPs%2BFVOXx%2B5%2FhzbNJ3P4XtLF3Jcdg4GJGqlN3zOFnnJGLbeASPq2v4rEIHriPIJEk2Yix2Nz9gQo%2BbHpYJPqgN2cIwP5Q9zMsJn3Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d87e35770b-LHR
content-encoding: br

GET artclass.site/uv/uv.config.js

104.21.234.104

200 OK

335 B

URL GET HTTP/3
artclass.site/uv/uv.config.js
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text, with very long lines (346), with no line terminators
Size
335 B (335 bytes)
Hash
e65f44a09352ce8c382d73bbe22611f6
585e1d79625ef10bdea44eddb0a20174ee7e0dd9
7243580eb92b1ef1f513697e159eead080167a99463677adea8183baa5bd583a

HTTP Headers

GET /uv/uv.config.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=120
etag: W/"14f-18d51873be0"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
x-powered-by: Express
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KERYbxGwOY2xXPR0s%2B2dffhLH4uD4lRF7d34LAQPVq5GskYyKsVl%2FL%2BF8UB%2BlTBOovmtkFizl6YoerSkoo%2Br1iqia%2Ffn1iG9kE4NfhWjbd0GaGY%2BH5vRNpI6un%2FcpUP5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d87e39770b-LHR
content-encoding: br

GET artclass.site/assets/data/games.js

104.21.234.104

200 OK

26 kB

URL GET HTTP/3
artclass.site/assets/data/games.js
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text
Size
26 kB (25830 bytes)
Hash
0db2eed829115b147c3da0ff3dfd7a19
d27e7070f36b0277fa5576adc311200bd9f08efa
457c85e69f8cef99e934ce372512f0a6754512f2e5e7273d3844fde450a7781f

HTTP Headers

GET /assets/data/games.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"sa5grjjxi"
last-modified: Sun, 10 Mar 2024 20:54:55 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 3973
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VmjxrNrslwG8CJ%2FVCE7cz4j3YLHe4ZyyT8SvyljXMv4GFCKS6XePTuxSFyd8t7LcjACohOhS5IhYobxze6DSI5tYAtKauEgr8yJKlTVHsMwV%2FpQTQtsvGYDFgzkS98OG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d88e3f770b-LHR
content-encoding: br

GET artclass.site/js/load.js

104.21.234.104

200 OK

2.6 kB

URL GET HTTP/3
artclass.site/js/load.js
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text, with very long lines (2725), with no line terminators
Size
2.6 kB (2585 bytes)
Hash
8353e9415f003f3f529ea3a1a063169b
312b5bcfd360299e60e2e170c1bec229621e98cd
c7e3222482c6286d69e7a4329b5ea7c8caac2afffdc50f8fcf71aa7df69b2b8e

HTTP Headers

GET /js/load.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjt1zt"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 3973
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=24zRse%2BpZpb0TQKZTDVZXdlJpCoFQuMSJ5wyZ0MEo3rVBTeVKtIxOZ%2BXL0P66FN%2FODzkXzcGnfhBZVfzKkPhLaByM1UHtFygPaxA7bZAgEQU9%2FVj8RMMOa%2BPRSXLlPax"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d88e46770b-LHR
content-encoding: br

GET fonts.googleapis.com/css2?family=Montserrat:wght@700;900&family=JetBrains+Mono:wght@300;400&display=swap

142.250.74.106

200 OK

8.5 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Montserrat:wght@700;900&family=JetBrains+Mono:wght@300;400&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT

File type
ASCII text, with very long lines (8716), with no line terminators
Size
8.5 kB (8518 bytes)
Hash
c12b151d8968970dc80a8039cd0cae18
8c9b391e2626773d34c3a2da2ef0538d706ac721
cc95db9f8d20b9d0d34d493e3b8e9783d5a8da4acbcb87415c0969bdbcd161c1

HTTP Headers

GET /css2?family=Montserrat:wght@700;900&family=JetBrains+Mono:wght@300;400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 14:30:07 GMT
date: Fri, 26 Apr 2024 14:30:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET artclass.site/css/nav.css

104.21.234.104

200 OK

2.5 kB

URL GET HTTP/3
artclass.site/css/nav.css
IP
104.21.234.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text, with very long lines (2620), with no line terminators
Size
2.5 kB (2472 bytes)
Hash
30b4157eb768613b3ae6f51470324790
39a41fdf5b28fe8afebd5f81bf86f82b3dd58cf4
b19e78c683b95641b8dcfcaf481a89fa2812f19076529f4a560db6597d5b6e13

HTTP Headers

GET /css/nav.css HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/css/master.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjt1wo"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ez2dTUUeiZsJmrO8R%2BP0%2FY4ZbmxxR%2FuWfZ9ZqjeGZ3I0vjpmRvz7tQC%2FX9wQqyiLd2kxR3%2FVv01CkDmaJFBk1B2TMTNWlcQQ39QYquTRUyhxUzNZ1O0xsYYkpREW7rTT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d8cea1770b-LHR
content-encoding: br

GET fonts.gstatic.com/s/jetbrainsmono/v18/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yK0BNntkaToggR7BYZbNPxDcwg.woff2

216.58.207.227

200 OK

31 kB

URL GET HTTP/2
fonts.gstatic.com/s/jetbrainsmono/v18/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yK0BNntkaToggR7BYZbNPxDcwg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT

File type
Web Open Font Format (Version 2), TrueType, length 30960, version 1.0
Size
31 kB (30960 bytes)
Hash
1fdb405af078a06205123cec5d912e0f
5758307963b327b7ceb918d8f4f29be3c051bbed
e9b6fcd97ae3f51330bb9d01f3b62c5ea4ce8860967fb748aa1c7c115689b09e

HTTP Headers

GET /s/jetbrainsmono/v18/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yK0BNntkaToggR7BYZbNPxDcwg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 08:51:01 GMT
expires: Fri, 25 Apr 2025 08:51:01 GMT
cache-control: public, max-age=31536000
age: 106747
last-modified: Tue, 02 May 2023 14:52:37 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css

104.21.70.253

200 OK

3.4 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css
IP
104.21.70.253:443
ASN
#13335 CLOUDFLARENET

Requested by
https://artclass.site/load.html?game=amongus
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (3537), with no line terminators
Size
3.4 kB (3355 bytes)
Hash
b8a277e051f047a41d3229377460f0c9
596b934114e1b6e3cee15ef19925c7f2ff5607e7
9cf981fe6d59b72cb9d12e4bc958983bac07f16b8f1b40bb1c6ced0bf2d6b2d0

HTTP Headers

GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:10 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-d1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 450264
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U1Z%2BzD3JWy4PqE7JiyoYYbqSVD7jW2cODPI8FQXYIlzMk1BZueVcwMpxS5vlv0gSCzdFoJqE1VsYUBfgSQcBY9oJlP%2BSn092xpoDWWFGXcUYOf64KxldBhRSWxsHTSkosgvmN4qx4TGN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e91a37b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (19)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN