GET artclass.site/assets/images/icon.png
104.21.234.104200 OK 7.1 kB URL GET HTTP/3 artclass.site/assets/images/icon.png
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Hash 6fece0b0e016146a838112be2ce5bc62
210c0d8c9bcbafdbad30a5c96acb3f37487a6c14
a7ea41616d84e6e5404721bbe85426d55bc41c02f459b8d6e8bdb821a758c8da
GET /assets/images/icon.png HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: image/png
content-length: 7136
alt-svc: h3=":443"; ma=86400
etag: "s7zkjt5i8"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4636
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gJCGJSxEMyl04LIyMf8GaHPgNbkMDCOUE3dzqVkMGh%2B5SDO86XVzAutYw5NLZF598NUffNfxY7eOkoM%2FEZ8%2B1lb09yjiCU2VfV72DeviXNRK5%2BvcIL0OxZ71qRUYf5TB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d87e3b770b-LHR
GET www.topcreativeformat.com/8d57283b953b8b546d6a04d4deac19dc/invoke.js
172.240.108.68200 OK 12 kB URL GET HTTP/1.1 www.topcreativeformat.com/8d57283b953b8b546d6a04d4deac19dc/invoke.js
IP 172.240.108.68:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjecttopcreativeformat.com
Fingerprint6D:98:D9:61:FC:CF:D9:8C:FE:5E:1C:15:5A:A5:F2:28:38:04:A4:A4
ValidityWed, 20 Mar 2024 07:51:41 GMT - Tue, 18 Jun 2024 07:51:40 GMT
File type JavaScript source, ASCII text, with very long lines (31304), with no line terminators
Hash a365ef6399a74744e0099bb1e108f9e5
a378b971bd0cc571edfe97fd3accd08f34f2b043
5041588294de2f9161a999bec1735dc44d0808d9258655b325e75560b7525171
GET /8d57283b953b8b546d6a04d4deac19dc/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5f1b2c009297c8cd9b054412b3f9a1b8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
GET cdn.jsdelivr.net/gh/ianlunn/hover/css/hover-min.css
151.101.1.229200 OK 7.6 kB URL GET HTTP/2 cdn.jsdelivr.net/gh/ianlunn/hover/css/hover-min.css
IP 151.101.1.229:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type ASCII text, with very long lines (65297)
Hash 766244a6ea3ecb9c1d502e2c03e088cb
f4b638b73f95ea6e1937b5ce5792918f9ebd39c4
73e0bcee3ba93b5a2d0f5239bb2c55ebc5a648b0aab48a0d95c1cb5edccb093d
GET /gh/ianlunn/hover/css/hover-min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 2.3.1
x-jsd-version-type: version
etag: W/"17432-9LY4tz+V6m4ZN7XOV5KRj569OcQ"
content-encoding: br
accept-ranges: bytes
age: 12818
date: Fri, 26 Apr 2024 14:30:08 GMT
x-served-by: cache-fra-eddf8230124-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7612
X-Firefox-Spdy: h2
GET artclass.site/uv/uv.bundle.js
104.21.234.104200 OK 228 kB URL GET HTTP/3 artclass.site/uv/uv.bundle.js
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (63963)
Size 228 kB (228479 bytes)
Hash 4a35d09930d1318aa07aafbc6e0fe817
d0986d9050ce27d08abb01d2af8af9b7dbaae253
764447d9c52eec36d699a359467d507935829d363049431c3e6d5cae6f2cbd25
GET /uv/uv.bundle.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:08 GMT
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=120
etag: W/"a4229-18d51a83f32"
last-modified: Sun, 28 Jan 2024 19:59:57 GMT
x-powered-by: Express
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QBG%2FxLX3ovBf8L1Ar6rJNWdMmvm1wkqOUMb96dZZS8DAFuVHGOjU36XrwUUfH8O%2FtakhTEaHo0H9YkwRJmHWijv%2BNgaXdAnMY9Aldf2lKV0rrz7XZ6Q8NjpUEQOA%2BhcY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d87e37770b-LHR
content-encoding: br
GET www.googletagmanager.com/gtag/js?id=G-66ZE075DLD
142.250.74.168200 OK 101 kB URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-66ZE075DLD
IP 142.250.74.168:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT
File type JavaScript source, ASCII text, with very long lines (5945)
Size 101 kB (100671 bytes)
Hash 209230b274e2b41104d4a4eeb8f43481
2adabc8eb10410df512bd8404c7c8c48e2ccd00c
9b1f168aca70f192bf1453abe006635fc6214a0423dd32333bb26035da7a6b70
GET /gtag/js?id=G-66ZE075DLD HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 14:30:08 GMT
expires: Fri, 26 Apr 2024 14:30:08 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 100671
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET artclass.site/css/themes.css
104.21.234.104200 OK 32 kB URL GET HTTP/3 artclass.site/css/themes.css
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
Hash 3c63abb3d355c0ee9471adacbbe42274
844c39e484dc6ea3fe0de0184db82816cca8b22b
e0a3b97c38b191aae2122bca635b9285f02967a8f1a755020d5ee64a244bb06e
GET /css/themes.css HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/css/master.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjt1j9"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4636
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K60Qm9oC%2FNOchEFhE%2Bwmvpm5KsS9dOXGeXWNWSB7Q7VlV8jMNZdgMb%2B59hs4Dmlqg8dMNp7WfZn8kBBligKJp0lUNuo%2Ff8xwk47LMjCobUFDSI5GqBJAvU9XUxtblyyn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d8cea0770b-LHR
content-encoding: br
GET fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.227200 OK 33 kB URL GET HTTP/2 fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.227:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT
File type Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Hash 057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 02:38:02 GMT
expires: Fri, 25 Apr 2025 02:38:02 GMT
cache-control: public, max-age=31536000
age: 129126
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET artclass.site/service/hvtrs8%2F-aqsgtq.1kj0%2Cngt-aoolg%2Fuq%2Fknfez.jtol
104.21.234.104404 Not Found 0 B URL GET HTTP/3 artclass.site/service/hvtrs8%2F-aqsgtq.1kj0%2Cngt-aoolg%2Fuq%2Fknfez.jtol
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /service/hvtrs8%2F-aqsgtq.1kj0%2Cngt-aoolg%2Fuq%2Fknfez.jtol HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Fri, 26 Apr 2024 14:30:08 GMT
content-length: 0
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ApRwr1sDNSWBqGwEz8ADu2X1tCdseGD3lqUuOozLEUvDKWXOudFGxmdXARDK40PprHBOKFy2tmNR60XKl16sj0zQ8qCEiaMBK74GNloMol%2BV05tFNsZOpBmZJH%2BSRFIj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a744de0da5770b-LHR
GET proftrafficcounter.com/stats
35.158.46.84200 OK 40 B URL GET HTTP/2 proftrafficcounter.com/stats
IP 35.158.46.84:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 52fcd0a3007633326959b155698323bf
df3907d839cd61405219bd9f7b96c81688b0955b
15b7534a60eaf39455b92e0c38ce2a12c592c51f841595cd27ee4ce4ce0d9e4f
GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:08 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://artclass.site
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; expires=Mon, 24 Apr 2034 14:30:08 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
GET cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-solid-900-5.0.0.woff2
151.101.1.229200 OK 20 kB URL GET HTTP/2 cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-solid-900-5.0.0.woff2
IP 151.101.1.229:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type Web Open Font Format (Version 2), TrueType, length 19784, version 331.-31196
Hash c7682b8035fc1d1672d6455631813794
9e2955e5e55b3073e229c218724406425862d4a1
1b50aa1d36ea249991fb44f8f6ad2aa74fe360df9cc04c564b5edf3b053b739c
GET /gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-solid-900-5.0.0.woff2 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
x-jsd-version: 4cac1a6
x-jsd-version-type: branch
etag: W/"4d48-nilV5eVbMHPiKcIYckQGQlhi1KE"
accept-ranges: bytes
age: 4383
date: Fri, 26 Apr 2024 14:30:08 GMT
x-served-by: cache-fra-etou8220126-FRA, cache-hel1410028-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 19784
X-Firefox-Spdy: h2
GET cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-regular-400-5.10.2.woff2
151.101.1.229200 OK 16 kB URL GET HTTP/2 cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-regular-400-5.10.2.woff2
IP 151.101.1.229:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type Web Open Font Format (Version 2), TrueType, length 16248, version 331.-31196
Hash 054b33973fedb68ef21f74b9d142acb4
a35f1a776ba0fd2089c0868f62b51a240782e75d
e272d442a9319692de4cc42fa2de41167f7f3731f247aa94399e07230f2ae46f
GET /gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-regular-400-5.10.2.woff2 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
x-jsd-version: 4cac1a6
x-jsd-version-type: branch
etag: W/"3f78-o18ad2ug/SCJwIaPYrUaJAeC510"
accept-ranges: bytes
age: 42874
date: Fri, 26 Apr 2024 14:30:08 GMT
x-served-by: cache-fra-eddf8230122-FRA, cache-hel1410028-HEL
x-cache: HIT, MISS
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 16248
X-Firefox-Spdy: h2
GET artclass.site/assets/images/icon.png
104.21.234.104200 OK 7.1 kB URL GET HTTP/3 artclass.site/assets/images/icon.png
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Hash 6fece0b0e016146a838112be2ce5bc62
210c0d8c9bcbafdbad30a5c96acb3f37487a6c14
a7ea41616d84e6e5404721bbe85426d55bc41c02f459b8d6e8bdb821a758c8da
GET /assets/images/icon.png HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Cookie: _ga_66ZE075DLD=GS1.1.1714141808.1.0.1714141808.0.0.0; _ga=GA1.1.1669914591.1714141809; dom3ic8zudi28v8lr6fgphwffqoz0j6c=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:08 GMT
content-type: image/png
content-length: 7136
alt-svc: h3=":443"; ma=86400
etag: "s7zkjt5i8"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4637
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uQkdiNP7d9pJkuLBWWpsIrof1iwHhn6XdGcLyUQy333QXkORnwCEulyEaB34ipsJhU03iY9KTxR8QS5n3v0bdaoe4HsFDZ6gAry8sz%2Ff7FAUW%2FOgN%2FQX5Pc2qHfp%2FAtJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e21ae7770b-LHR
GET play-lh.googleusercontent.com/8ddL1kuoNUB5vUvgDVjYY3_6HwQcrg1K2fd_R8soD-e2QYj8fT9cfhfh3G0hnSruLKec
142.250.74.86200 OK 67 kB URL GET HTTP/2 play-lh.googleusercontent.com/8ddL1kuoNUB5vUvgDVjYY3_6HwQcrg1K2fd_R8soD-e2QYj8fT9cfhfh3G0hnSruLKec
IP 142.250.74.86:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectedgestatic.com
FingerprintAA:30:2C:FF:B9:BE:46:DD:80:78:DE:31:89:E6:D2:9D:0B:3A:11:90
ValidityMon, 08 Apr 2024 06:34:54 GMT - Mon, 01 Jul 2024 06:34:53 GMT
File type JPEG image data, baseline, precision 8, 512x512, components 3
Hash 21de6f05ba8e2b32946668656cb918a6
6e51610717c778d3f829af907527e5033f35c742
015d1cecf14c3ef529e92d788304fe58aa571c4e3ebaf4d78d5eea44f693c844
GET /8ddL1kuoNUB5vUvgDVjYY3_6HwQcrg1K2fd_R8soD-e2QYj8fT9cfhfh3G0hnSruLKec HTTP/1.1
Host: play-lh.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
x-content-type-options: nosniff
server: fife
content-length: 67423
x-xss-protection: 0
date: Fri, 26 Apr 2024 14:16:50 GMT
expires: Sat, 27 Apr 2024 14:16:50 GMT
cache-control: public, max-age=86400, no-transform
etag: "v1"
content-type: image/jpeg
vary: Origin
age: 799
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET pl22708848.profitablegatecpm.com/4e/d6/be/4ed6beda21708e4b8f45fca957964a1f.js
172.240.108.76200 OK 16 kB URL GET HTTP/1.1 pl22708848.profitablegatecpm.com/4e/d6/be/4ed6beda21708e4b8f45fca957964a1f.js
IP 172.240.108.76:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjectprofitablegatecpm.com
Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30
ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT
File type JavaScript source, ASCII text, with very long lines (44120), with no line terminators
Hash 35d432e7ca504595d56d840c8bc23836
109d01707756c522dd217eef7af6bfe7856ff1c7
6e06cffee6a9607396b9b0ee218126da1895cfc172d4472a45c3ef09fbd0b342
GET /4e/d6/be/4ed6beda21708e4b8f45fca957964a1f.js HTTP/1.1
Host: pl22708848.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 326a003fc38ad39040a4ca0b6d8d18e0
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
GET artclass.site/assets/data/apps.js
104.21.234.104200 OK 1.6 kB URL GET HTTP/3 artclass.site/assets/data/apps.js
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
Hash 9fcfe15ea654ae93f33f26947b236d48
10582d748830568d337afffadc882e9f6fb5bfcc
c35e76adb0e12b71838e11ac239f171c7996b1c2514b2a83e78beaeb77a8f0c3
GET /assets/data/apps.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjt3jy"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 3973
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pq3S481Dtxho6phoNMk1Aq%2BTxdeFjpTurtX5RVbSeFDFbUEWaTf7UFvmSsIBEkQxa%2BgrXweM5pKVHT7oxlp%2BKGxOBoiB9Stvc%2FKbde3PQmdDzV%2BVRapzsDaHDXwEdf%2FE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d88e43770b-LHR
content-encoding: br
GET youngestmildness.com/watch.919633662244.js?dev=e&key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&pst=1714141869&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&res=14.2071&rmtc=t&shu=1c3a70e2e74824b583a6897d32cf33e7ae05d4f89acc65aa919dd16f4b2c9a0a4d7ea0564639615bce3ccb3bd2974e5b4016f2f97d4684215100f504dd8e1e54671734d38275fe97fca1b48f1620ea2306132b359d0eddb68a752cdbeda27f&tz=0&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1
192.243.61.225200 OK 2.0 kB URL GET HTTP/1.1 youngestmildness.com/watch.919633662244.js?dev=e&key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&pst=1714141869&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&res=14.2071&rmtc=t&shu=1c3a70e2e74824b583a6897d32cf33e7ae05d4f89acc65aa919dd16f4b2c9a0a4d7ea0564639615bce3ccb3bd2974e5b4016f2f97d4684215100f504dd8e1e54671734d38275fe97fca1b48f1620ea2306132b359d0eddb68a752cdbeda27f&tz=0&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1
IP 192.243.61.225:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjectyoungestmildness.com
Fingerprint1E:8F:59:B7:29:6A:D7:3F:99:85:F2:A7:49:89:88:22:3E:23:16:C1
ValidityWed, 24 Apr 2024 15:17:25 GMT - Tue, 23 Jul 2024 15:17:24 GMT
File type JavaScript source, ASCII text, with very long lines (2460)
Hash 3de163cac0e7783c7b2c6c32856c04fd
e7ea81f4a6b75f09dd5d5519de6b05ff6ea19558
907c601ac43cb6f482b6933477cae538ca8bb84517ac04e64229c5ec4d841899
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.919633662244.js?dev=e&key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&pst=1714141869&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&res=14.2071&rmtc=t&shu=1c3a70e2e74824b583a6897d32cf33e7ae05d4f89acc65aa919dd16f4b2c9a0a4d7ea0564639615bce3ccb3bd2974e5b4016f2f97d4684215100f504dd8e1e54671734d38275fe97fca1b48f1620ea2306132b359d0eddb68a752cdbeda27f&tz=0&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1 HTTP/1.1
Host: youngestmildness.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
Referer: https://artclass.site/
DNT: 1
Connection: keep-alive
Cookie: u_pl=22088700; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjA4ODcwMCwiayI6IjhkNTcyODNiOTUzYjhiNTQ2ZDZhMDRkNGRlYWMxOWRjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQyNjUxLCJwaWQiOjE1MjQ4MjQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJiNno0dWQ5eW0iLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9hcnRjbGFzcy5zaXRlL2xvYWQuaHRtbD9nYW1lPWFtb25ndXMiLCJhciI6W119fQ.914AZq1gMK58JpH3tfPwteEu8jKfCDPxa9rrzS1sRfI
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://artclass.site
Access-Control-Allow-Origin: https://artclass.site
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; expires=Fri, 03 May 2024 14:30:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
uncs=1; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f080c9cbb25f3ece3db69d26184b7349
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
GET trebleuniversity.com/78/9c/e0/789ce0da4eec346107d3ca6eebe7691e.js
172.240.108.68200 OK 30 kB URL GET HTTP/1.1 trebleuniversity.com/78/9c/e0/789ce0da4eec346107d3ca6eebe7691e.js
IP 172.240.108.68:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Hash 1a35898283c196c0e1a25832be00fc31
1aa391a67d4411dcfab9cb0415a30d469e8de717
8c4d6eef23813ab4b1e8729103b9933a402ed18b6ba3239e51149a3b74a916e1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /78/9c/e0/789ce0da4eec346107d3ca6eebe7691e.js HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-2931_new=0; expires=Sun, 28 Apr 2024 14:30:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7480749b13235ee2be05620fb344469e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
GET cdn.cloudimagesb.com/cti/c8/d8/67/c8d8673ced1eaa7e51baa9035243a09a/1627915868.png
45.133.44.9200 OK 108 kB URL GET HTTP/2 cdn.cloudimagesb.com/cti/c8/d8/67/c8d8673ced1eaa7e51baa9035243a09a/1627915868.png
IP 45.133.44.9:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File type PNG image data, 300 x 250, 8-bit/color RGB, non-interlaced
Size 108 kB (107711 bytes)
Hash d5d8bc18ba152c6e850417cdf9dfbbff
888bf155775a9879f26faf0e7faaff5803296e8e
b481f86a9731573e3cfd04880209d5ecb5c163caa0e2656a9f740321c5e637c8
GET /cti/c8/d8/67/c8d8673ced1eaa7e51baa9035243a09a/1627915868.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:09 GMT
content-type: image/png
content-length: 107711
server: nginx/1.21.6
last-modified: Mon, 02 Aug 2021 14:51:18 GMT
etag: "61080666-1a4bf"
expires: Sun, 28 Apr 2024 14:30:09 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET trebleuniversity.com/sbar.json?key=4ed6beda21708e4b8f45fca957964a1f&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1
172.240.108.68200 OK 8.3 kB URL GET HTTP/1.1 trebleuniversity.com/sbar.json?key=4ed6beda21708e4b8f45fca957964a1f&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1
IP 172.240.108.68:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT
Hash 9b82113796a7959ed62ef03b6c49b821
1032317aeef95d4e1d1396f03166c840317b38b0
e36040d564aab78fc18ae7cd49d38e4757e4f9d64e21a2acbb925a31f98422bf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sbar.json?key=4ed6beda21708e4b8f45fca957964a1f&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1 HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:09 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://artclass.site
Access-Control-Allow-Origin: https://artclass.site
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22608349; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; expires=Fri, 03 May 2024 14:30:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
uncs=1; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
pdhtkv29=true; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
uncs29=1; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b9ffb2e73b6589d2fa65ea0bc398deca
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
GET cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
45.133.44.4200 OK 1.3 kB URL GET HTTP/2 cdn.barscreative1.com/sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html
IP 45.133.44.4:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjectcdn.barscreative1.com
FingerprintF6:54:F4:B9:EB:AD:1E:FA:8F:76:B9:75:20:9B:41:57:32:37:94:E3
ValiditySun, 10 Mar 2024 03:01:32 GMT - Sat, 08 Jun 2024 03:01:31 GMT
File type HTML document, ASCII text
Hash f6990569c7ffeac1f4a3f6d9eee5da44
e7d5e37acf89a8faee252c36fc2c9d6615501d76
cc2a9756c81bd570fff8b32e48a413687c33f8abe9c934e743a0769178b4f690
GET /sb/au/0c/c8/e1/0cc8e13ba9d5dbc867b982993e805a9d/1632728593.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:09 GMT
content-type: text/html; charset=utf-8
content-length: 1325
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 07:43:24 GMT
etag: "6151761c-52d"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
expires: Fri, 26 Apr 2024 15:30:09 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET trebleuniversity.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYscRRSunuxNEJSAhyDMwUNEd7a7p6d7xhyCcV1ZXLMxibg3qe6qni23pqut6pqe3dNiQHMc%2FAW93%2BxmURdJrgGDzAY8LAgZT4tkL%2F4DhYA3mXFw9EHVe6%2B%2BV%2FC9772vDuwF8WHp%2BepHak9ISVdaDbd%2BdcvzrtU3RGYH9UE7%2FCwMrtV1%2F51O2HDfrH%2FAkx214rue63quV18TmqdqsDIFIfKTjtfouI3Ab3itAAP9%2F9xYB4Y6YP0L8ioEmyw9dS5DJGNkvYer3OwUKn%2F7%2FZ6VtFAafXb8SbaTqTJDbxGm2kGaHc%2BrocyztSdQ2dGMLlT%2F38JYTIjz8xPE2fGcJOL%2B4YxnLMEzxOwllP0xuBxD0DESdQ%2BCPSNAwnBzE1nvwU2lS7r7D0qn6IQsvfgTopyQpeeXkfV%2BuCHFoH5HSVsIlRkM0gpiMIbojpHbUxR7NYjyFEnxJQT7hay82EDWO9w0UkGw8zd42ImCuB0uu27cWQ58v7NMo1a03PJiP4h4EPkhmwkkxBgiHUPyIahxYKdHOLCpA5s76LHzeuJ5XuSyhLrtTpI0WcTjkLkejVKPem7Yhk2mPQxR5EMkcohE7yPX%2B9gRQ2j7E8x2BcNqMMWEOB%2Fvo88qlJygNAQlJSgFQVkQlP3qiEnjm%2BoBk8bG3tz7c9%2BsRqroHtAjVXR5RkD1EJpVB%2FkFeWUqorP113Ps8PN6wFkYc0Z9L3LbPIjbadBKE9ppRZ0woF4KIyoIU5u1vCcmJPj6N%2BRiQl5b3UJMT2HkKRJxCdS%2BDlpWoNsV9rITY3XKVJc3cq3AVIW8WEKx6xzIC3JlNsb1zUfgydn135szQ6Ir5LrC5%2BIpQVfeH91WJTm8rUpDHm3mheiJPTod8Z2CFvzSdx%2Fy3VJptr5qht%2B%2Bm0yBaXhyl5tig2ZMZF1Dvr8hGON6TemEkx%2FXzac8vmXN9g2rM5tv3Hpvbb2Xa26MUNkYdLqtf2gkYkJevnJ3tr1XH9%2BC0GNoW6Fnz8jcINQYSb4Pky%2F4G0Wg5aImzh2UthppP148SkEg%2BSKncQXznzxexCNNp7%2BpqA7MfXR1DbS4h6xXoa8r9GUFKocw9tKoyPXZ9V%2FnNGJZG8VS1w5jqeU3M5mn10MYcV6Pmk2Xhp2WF0WUR3Hgt9PQY5T6QeiHIW2iMJP0rcdf%2FA0AAP%2F%2FAQAA%2F%2F9muaSglwQAAA%3D%3D
172.240.108.68200 OK 7 B URL GET HTTP/1.1 trebleuniversity.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYscRRSunuxNEJSAhyDMwUNEd7a7p6d7xhyCcV1ZXLMxibg3qe6qni23pqut6pqe3dNiQHMc%2FAW93%2BxmURdJrgGDzAY8LAgZT4tkL%2F4DhYA3mXFw9EHVe6%2B%2BV%2FC9772vDuwF8WHp%2BepHak9ISVdaDbd%2BdcvzrtU3RGYH9UE7%2FCwMrtV1%2F51O2HDfrH%2FAkx214rue63quV18TmqdqsDIFIfKTjtfouI3Ab3itAAP9%2F9xYB4Y6YP0L8ioEmyw9dS5DJGNkvYer3OwUKn%2F7%2FZ6VtFAafXb8SbaTqTJDbxGm2kGaHc%2BrocyztSdQ2dGMLlT%2F38JYTIjz8xPE2fGcJOL%2B4YxnLMEzxOwllP0xuBxD0DESdQ%2BCPSNAwnBzE1nvwU2lS7r7D0qn6IQsvfgTopyQpeeXkfV%2BuCHFoH5HSVsIlRkM0gpiMIbojpHbUxR7NYjyFEnxJQT7hay82EDWO9w0UkGw8zd42ImCuB0uu27cWQ58v7NMo1a03PJiP4h4EPkhmwkkxBgiHUPyIahxYKdHOLCpA5s76LHzeuJ5XuSyhLrtTpI0WcTjkLkejVKPem7Yhk2mPQxR5EMkcohE7yPX%2B9gRQ2j7E8x2BcNqMMWEOB%2Fvo88qlJygNAQlJSgFQVkQlP3qiEnjm%2BoBk8bG3tz7c9%2BsRqroHtAjVXR5RkD1EJpVB%2FkFeWUqorP113Ps8PN6wFkYc0Z9L3LbPIjbadBKE9ppRZ0woF4KIyoIU5u1vCcmJPj6N%2BRiQl5b3UJMT2HkKRJxCdS%2BDlpWoNsV9rITY3XKVJc3cq3AVIW8WEKx6xzIC3JlNsb1zUfgydn135szQ6Ir5LrC5%2BIpQVfeH91WJTm8rUpDHm3mheiJPTod8Z2CFvzSdx%2Fy3VJptr5qht%2B%2Bm0yBaXhyl5tig2ZMZF1Dvr8hGON6TemEkx%2FXzac8vmXN9g2rM5tv3Hpvbb2Xa26MUNkYdLqtf2gkYkJevnJ3tr1XH9%2BC0GNoW6Fnz8jcINQYSb4Pky%2F4G0Wg5aImzh2UthppP148SkEg%2BSKncQXznzxexCNNp7%2BpqA7MfXR1DbS4h6xXoa8r9GUFKocw9tKoyPXZ9V%2FnNGJZG8VS1w5jqeU3M5mn10MYcV6Pmk2Xhp2WF0WUR3Hgt9PQY5T6QeiHIW2iMJP0rcdf%2FA0AAP%2F%2FAQAA%2F%2F9muaSglwQAAA%3D%3D
IP 172.240.108.68:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQYscRRSunuxNEJSAhyDMwUNEd7a7p6d7xhyCcV1ZXLMxibg3qe6qni23pqut6pqe3dNiQHMc%2FAW93%2BxmURdJrgGDzAY8LAgZT4tkL%2F4DhYA3mXFw9EHVe6%2B%2BV%2FC9772vDuwF8WHp%2BepHak9ISVdaDbd%2BdcvzrtU3RGYH9UE7%2FCwMrtV1%2F51O2HDfrH%2FAkx214rue63quV18TmqdqsDIFIfKTjtfouI3Ab3itAAP9%2F9xYB4Y6YP0L8ioEmyw9dS5DJGNkvYer3OwUKn%2F7%2FZ6VtFAafXb8SbaTqTJDbxGm2kGaHc%2BrocyztSdQ2dGMLlT%2F38JYTIjz8xPE2fGcJOL%2B4YxnLMEzxOwllP0xuBxD0DESdQ%2BCPSNAwnBzE1nvwU2lS7r7D0qn6IQsvfgTopyQpeeXkfV%2BuCHFoH5HSVsIlRkM0gpiMIbojpHbUxR7NYjyFEnxJQT7hay82EDWO9w0UkGw8zd42ImCuB0uu27cWQ58v7NMo1a03PJiP4h4EPkhmwkkxBgiHUPyIahxYKdHOLCpA5s76LHzeuJ5XuSyhLrtTpI0WcTjkLkejVKPem7Yhk2mPQxR5EMkcohE7yPX%2B9gRQ2j7E8x2BcNqMMWEOB%2Fvo88qlJygNAQlJSgFQVkQlP3qiEnjm%2BoBk8bG3tz7c9%2BsRqroHtAjVXR5RkD1EJpVB%2FkFeWUqorP113Ps8PN6wFkYc0Z9L3LbPIjbadBKE9ppRZ0woF4KIyoIU5u1vCcmJPj6N%2BRiQl5b3UJMT2HkKRJxCdS%2BDlpWoNsV9rITY3XKVJc3cq3AVIW8WEKx6xzIC3JlNsb1zUfgydn135szQ6Ir5LrC5%2BIpQVfeH91WJTm8rUpDHm3mheiJPTod8Z2CFvzSdx%2Fy3VJptr5qht%2B%2Bm0yBaXhyl5tig2ZMZF1Dvr8hGON6TemEkx%2FXzac8vmXN9g2rM5tv3Hpvbb2Xa26MUNkYdLqtf2gkYkJevnJ3tr1XH9%2BC0GNoW6Fnz8jcINQYSb4Pky%2F4G0Wg5aImzh2UthppP148SkEg%2BSKncQXznzxexCNNp7%2BpqA7MfXR1DbS4h6xXoa8r9GUFKocw9tKoyPXZ9V%2FnNGJZG8VS1w5jqeU3M5mn10MYcV6Pmk2Xhp2WF0WUR3Hgt9PQY5T6QeiHIW2iMJP0rcdf%2FA0AAP%2F%2FAQAA%2F%2F9muaSglwQAAA%3D%3D HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:09 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d470796822f8d7901931af88b8e44a42
Strict-Transport-Security: max-age=0; includeSubdomains
GET trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=82
172.240.108.68200 OK 0 B URL GET HTTP/1.1 trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=82
IP 172.240.108.68:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fau%2F0c%2Fc8%2Fe1%2F0cc8e13ba9d5dbc867b982993e805a9d%2F1632728593.html&l=1325&fd=82 HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:09 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png
45.133.44.9200 OK 16 kB URL GET HTTP/2 cdn.cloudimagesb.com/si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png
IP 45.133.44.9:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjectcdn.cloudimagesb.com
FingerprintC6:F3:21:F0:21:7D:7E:96:0F:E8:46:7A:5E:C5:3F:D1:52:B0:67:B0
ValidityFri, 22 Mar 2024 03:01:35 GMT - Thu, 20 Jun 2024 03:01:34 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced
Hash 14cf262fabfd850855c42847d14fe775
2fafa28f167f018a0fb1f261f47380c8810803c9
972004ebada4077c3a4d03dcb45175ea467faf54da72be727a1c5c75e688b8af
GET /si/07/9c/1b/079c1b9b48633e3ef398faef0739f24f/1701651986.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:10 GMT
content-type: image/png
content-length: 16093
server: nginx/1.21.6
last-modified: Mon, 04 Dec 2023 01:06:35 GMT
etag: "656d261b-3edd"
expires: Sun, 28 Apr 2024 14:30:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET quicklymuseum.com/pixel/purst?dl=0&th=0&sc=0&rs=2949&rd=2949&fd=532&bv=24.4.7838&tmpl=136
172.240.108.84200 OK 0 B URL GET HTTP/1.1 quicklymuseum.com/pixel/purst?dl=0&th=0&sc=0&rs=2949&rd=2949&fd=532&bv=24.4.7838&tmpl=136
IP 172.240.108.84:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjectquicklymuseum.com
Fingerprint46:2B:BA:FF:1F:D7:9A:D9:BA:1C:E8:8F:54:9F:9F:CC:52:BB:F7:03
ValidityWed, 24 Apr 2024 15:07:42 GMT - Tue, 23 Jul 2024 15:07:41 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2949&rd=2949&fd=532&bv=24.4.7838&tmpl=136 HTTP/1.1
Host: quicklymuseum.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
104.21.70.253200 OK 591 B URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/img/close.png
IP 104.21.70.253:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File type PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
Hash 9fd5bcb6103d86e317bd1eb019bcbe71
6b5a52ea669dcb74946f2bed4bdd7ec985026113
0ddd3be104ac7945fb062096df62034a6a24ecc76ba92493c35c62c3c25982ae
GET /sb/ssp/vpn/classic-push/small/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:10 GMT
content-type: image/png
content-length: 591
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: "65aa84fe-24f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6225903
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bYB92rITM413c3zIgo8bBo7QlQbEZdyj0wg7JFv9%2BX8syni9VllO2dBcPv1dyoCbs0A894W1Wrk6K6HFmcQr9ai1bbV3nm4YKa%2BSTeFgwmtBpS23pthiakYFwGtNOJiwGzbLteOyeZcl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e919a1568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
OPTIONS analytics.proudparrot2.tech/api/send
172.67.153.223204 No Content 0 B URL OPTIONS HTTP/3 analytics.proudparrot2.tech/api/send
IP 172.67.153.223:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectproudparrot2.tech
Fingerprint4A:08:60:5E:66:23:AC:1A:51:3B:45:44:7C:ED:73:DB:CE:6D:DA:ED
ValidityTue, 23 Apr 2024 02:56:28 GMT - Mon, 22 Jul 2024 02:56:27 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/send HTTP/1.1
Host: analytics.proudparrot2.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://artclass.site/
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Fri, 26 Apr 2024 14:30:10 GMT
content-length: 0
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
vary: Access-Control-Request-Headers
x-dns-prefetch-control: on
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p0aH8SI0KAa%2BFkHFSj38yXW1v0KqbkoeTcYSoWzRbClKZrYT%2FvvFKDutOcgYBd5WK%2BXrzLvxWAObuhck7WbWVtklDQN%2FqufFdMEBrd%2Fly%2FupzzRH4gbPkf0xcXzMzmT7bNR3E%2FSxausfvD46zuU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a744e93a31b529-OSL
GET trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=195
172.240.108.68200 OK 0 B URL GET HTTP/1.1 trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=195
IP 172.240.108.68:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fanimate.css&l=78689&fd=195 HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js
104.21.70.253200 OK 31 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/jquery.min.js
IP 104.21.70.253:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File type JavaScript source, ASCII text, with very long lines (32025)
Hash 4a356126b9573eb7bd1e9a7494737410
8258d046f17dd3c15a5d3984e1868b7b5d1db329
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
GET /sb/ssp/vpn/classic-push/small/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:10 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-1499c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 6225904
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yyxz1KTefPXl%2BOoyBNKHaARX7oRHobLTewBfAL2g%2FogNixShhxnTZSv5AaNKK8VXNW1lVUYLflgfHUDnWtV27V%2B%2F4gp7FUFl20Jnd7yV%2BEk0YfGZtmNFloV6phA2b%2FzXc3Cg1lwOk%2FG9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e90991568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=16
172.240.108.68200 OK 0 B URL GET HTTP/1.1 trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=16
IP 172.240.108.68:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fjs%2Fscript.js&l=962&fd=16 HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 05:55:49 GMT
expires: Sat, 26 Apr 2025 05:55:49 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 30861
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL GET HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 26 Apr 2024 06:02:10 GMT
expires: Sat, 26 Apr 2025 06:02:10 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 30480
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET trebleuniversity.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuns1NEJQFD4swBw8rmkn3pGd6xj0sxhgJxk3cXTE3qV89KVPT1VZ1T09yCi7oHgf%2Fgs43yQY1yO51wUUmCx4Cwo6nIJuL%2F4HCgjeZcXD0QdV7r75X8L3vva8O80tSR04vVj8y%2B0prutSo%2BdXr20Fwo7qhkrxf7beanzXDG1Xbe6fdrPlvVj%2BQfNcs1f3A9wM%2FqK4pK2PTX5qAUOlpO6i1%2FVpYrwWNEH37%2F9zlHhz1IHqX5FUoMV546l2F4iMk3Yer0u1mJn37%2FW6uaWYseuLkk2Q3MUWC7jyMrYc4OZlVw7hna09gkuMpXZjev4VMjYn38xOw5GRGEqx3NOXJNGQCJl5C0RtB6hEUHYGbe1DiGQG4wK1NJN0Ht4wt6N4%2FKJ2gY7Lw4k%2BoYkwWnl9F0v1hRat%2B9Y7ReaZM4tCPS6j%2BCKozQpqfIduvQBVn4NmXUOIXsvRiA0n3aNNpAyUu3pDNdhSyVnPR91l7MazX24s0akSLjYDVw0iGUb0ppgIpNYKKR9ByAOo85JOjPOSxhzz10BUXVR4EQeQLTv1Wm%2FNlEUnWFH5Aoziggd9sIeeTHgbI0gG4HoDbA6T2ALtqAJv%2FBLdTwokKXDYm3scH6IkShSQoHEFBCQpFUGQERa88FtrVXflAaJezYObrM79cDk3WOaTHJuvIhIDaAawoD9NL8spERG%2F7r%2BfYlRfVUIomk4LWg8hvyZC14rARc9puRO1mSIMYTpVQrjJteV%2BNSfj1b0jVmLy2ug1Gz%2BD0Gbi6Apq%2FDlqUoDsl9pNTl9tYmI6spdZAmBJptoBszzvUl%2BTadIzrm48g%2BfnN35enBm5LpLbE5%2BopQUffH942BTm6bQpHHm2mmeqqfToZ8Z2MZvLKdx%2FKvcJYsb7qBt%2B%2ByyfAJDy9K122QROhko4j368oIaRdM5ZL8uO6%2B1SyrdztrOQ2ydONrffW1ruplc4pk4xAJ9v6hwVXY%2FLytbvT7b3%2BeAvKjmDzEt38nMwMyozA0wO4dM7fGQKr5zUs9VDk5dDW2fxRKwIt5zllJdx%2FcjaPh5ZOflNVHrr76NgKaHYPSbdEz5bo6RJUD%2BDyK8Mstec3f53RYLoyZNpWjpi2%2BpupzJPrIZy6qC77ImIylhGTYSOMJRes0WA%2BjzlbFq0WR%2BbG8VuPv%2FgbAAD%2F%2FwEAAP%2F%2F5m1xSJcEAAA%3D
192.243.59.13200 OK 7 B URL GET HTTP/1.1 trebleuniversity.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuns1NEJQFD4swBw8rmkn3pGd6xj0sxhgJxk3cXTE3qV89KVPT1VZ1T09yCi7oHgf%2Fgs43yQY1yO51wUUmCx4Cwo6nIJuL%2F4HCgjeZcXD0QdV7r75X8L3vva8O80tSR04vVj8y%2B0prutSo%2BdXr20Fwo7qhkrxf7beanzXDG1Xbe6fdrPlvVj%2BQfNcs1f3A9wM%2FqK4pK2PTX5qAUOlpO6i1%2FVpYrwWNEH37%2F9zlHhz1IHqX5FUoMV546l2F4iMk3Yer0u1mJn37%2FW6uaWYseuLkk2Q3MUWC7jyMrYc4OZlVw7hna09gkuMpXZjev4VMjYn38xOw5GRGEqx3NOXJNGQCJl5C0RtB6hEUHYGbe1DiGQG4wK1NJN0Ht4wt6N4%2FKJ2gY7Lw4k%2BoYkwWnl9F0v1hRat%2B9Y7ReaZM4tCPS6j%2BCKozQpqfIduvQBVn4NmXUOIXsvRiA0n3aNNpAyUu3pDNdhSyVnPR91l7MazX24s0akSLjYDVw0iGUb0ppgIpNYKKR9ByAOo85JOjPOSxhzz10BUXVR4EQeQLTv1Wm%2FNlEUnWFH5Aoziggd9sIeeTHgbI0gG4HoDbA6T2ALtqAJv%2FBLdTwokKXDYm3scH6IkShSQoHEFBCQpFUGQERa88FtrVXflAaJezYObrM79cDk3WOaTHJuvIhIDaAawoD9NL8spERG%2F7r%2BfYlRfVUIomk4LWg8hvyZC14rARc9puRO1mSIMYTpVQrjJteV%2BNSfj1b0jVmLy2ug1Gz%2BD0Gbi6Apq%2FDlqUoDsl9pNTl9tYmI6spdZAmBJptoBszzvUl%2BTadIzrm48g%2BfnN35enBm5LpLbE5%2BopQUffH942BTm6bQpHHm2mmeqqfToZ8Z2MZvLKdx%2FKvcJYsb7qBt%2B%2ByyfAJDy9K122QROhko4j368oIaRdM5ZL8uO6%2B1SyrdztrOQ2ydONrffW1ruplc4pk4xAJ9v6hwVXY%2FLytbvT7b3%2BeAvKjmDzEt38nMwMyozA0wO4dM7fGQKr5zUs9VDk5dDW2fxRKwIt5zllJdx%2FcjaPh5ZOflNVHrr76NgKaHYPSbdEz5bo6RJUD%2BDyK8Mstec3f53RYLoyZNpWjpi2%2BpupzJPrIZy6qC77ImIylhGTYSOMJRes0WA%2BjzlbFq0WR%2BbG8VuPv%2FgbAAD%2F%2FwEAAP%2F%2F5m1xSJcEAAA%3D
IP 192.243.59.13:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz2skRRSuns1NEJQFD4swBw8rmkn3pGd6xj0sxhgJxk3cXTE3qV89KVPT1VZ1T09yCi7oHgf%2Fgs43yQY1yO51wUUmCx4Cwo6nIJuL%2F4HCgjeZcXD0QdV7r75X8L3vva8O80tSR04vVj8y%2B0prutSo%2BdXr20Fwo7qhkrxf7beanzXDG1Xbe6fdrPlvVj%2BQfNcs1f3A9wM%2FqK4pK2PTX5qAUOlpO6i1%2FVpYrwWNEH37%2F9zlHhz1IHqX5FUoMV546l2F4iMk3Yer0u1mJn37%2FW6uaWYseuLkk2Q3MUWC7jyMrYc4OZlVw7hna09gkuMpXZjev4VMjYn38xOw5GRGEqx3NOXJNGQCJl5C0RtB6hEUHYGbe1DiGQG4wK1NJN0Ht4wt6N4%2FKJ2gY7Lw4k%2BoYkwWnl9F0v1hRat%2B9Y7ReaZM4tCPS6j%2BCKozQpqfIduvQBVn4NmXUOIXsvRiA0n3aNNpAyUu3pDNdhSyVnPR91l7MazX24s0akSLjYDVw0iGUb0ppgIpNYKKR9ByAOo85JOjPOSxhzz10BUXVR4EQeQLTv1Wm%2FNlEUnWFH5Aoziggd9sIeeTHgbI0gG4HoDbA6T2ALtqAJv%2FBLdTwokKXDYm3scH6IkShSQoHEFBCQpFUGQERa88FtrVXflAaJezYObrM79cDk3WOaTHJuvIhIDaAawoD9NL8spERG%2F7r%2BfYlRfVUIomk4LWg8hvyZC14rARc9puRO1mSIMYTpVQrjJteV%2BNSfj1b0jVmLy2ug1Gz%2BD0Gbi6Apq%2FDlqUoDsl9pNTl9tYmI6spdZAmBJptoBszzvUl%2BTadIzrm48g%2BfnN35enBm5LpLbE5%2BopQUffH942BTm6bQpHHm2mmeqqfToZ8Z2MZvLKdx%2FKvcJYsb7qBt%2B%2ByyfAJDy9K122QROhko4j368oIaRdM5ZL8uO6%2B1SyrdztrOQ2ydONrffW1ruplc4pk4xAJ9v6hwVXY%2FLytbvT7b3%2BeAvKjmDzEt38nMwMyozA0wO4dM7fGQKr5zUs9VDk5dDW2fxRKwIt5zllJdx%2FcjaPh5ZOflNVHrr76NgKaHYPSbdEz5bo6RJUD%2BDyK8Mstec3f53RYLoyZNpWjpi2%2BpupzJPrIZy6qC77ImIylhGTYSOMJRes0WA%2BjzlbFq0WR%2BbG8VuPv%2FgbAAD%2F%2FwEAAP%2F%2F5m1xSJcEAAA%3D HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ba0ff99a03f9d0bfd99423e4906584fd
Strict-Transport-Security: max-age=0; includeSubdomains
GET trebleuniversity.com/pixel/sbs?c=1
172.240.108.68200 OK 0 B URL GET HTTP/1.1 trebleuniversity.com/pixel/sbs?c=1
IP 172.240.108.68:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET unseenreport.com/pxf.gif?uuid=e6974b86-00b9-4229-a757-51b247e4726d&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=4ed6beda21708e4b8f45fca957964a1f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14
192.243.59.13200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=e6974b86-00b9-4229-a757-51b247e4726d&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=4ed6beda21708e4b8f45fca957964a1f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14
IP 192.243.59.13:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=e6974b86-00b9-4229-a757-51b247e4726d&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=4ed6beda21708e4b8f45fca957964a1f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad66cfa4db43ede359efd3ce45a17f05
Strict-Transport-Security: max-age=0; includeSubdomains
GET unseenreport.com/pxf.gif?uuid=e6974b86-00b9-4229-a757-51b247e4726d&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=789ce0da4eec346107d3ca6eebe7691e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14
192.243.59.13200 OK 1 B URL GET HTTP/1.1 unseenreport.com/pxf.gif?uuid=e6974b86-00b9-4229-a757-51b247e4726d&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=789ce0da4eec346107d3ca6eebe7691e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14
IP 192.243.59.13:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=e6974b86-00b9-4229-a757-51b247e4726d&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=789ce0da4eec346107d3ca6eebe7691e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=14 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a679aa73bde8d184d3244a8266858673
Strict-Transport-Security: max-age=0; includeSubdomains
GET trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=194
192.243.59.13200 OK 0 B URL GET HTTP/1.1 trebleuniversity.com/pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=194
IP 192.243.59.13:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjecttrebleuniversity.com
FingerprintBB:85:33:0C:29:8B:B9:F9:12:37:D8:BE:36:46:F1:D3:EC:A5:DB:42
ValidityTue, 23 Apr 2024 10:53:58 GMT - Mon, 22 Jul 2024 10:53:57 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/sbls?bv=24.6.6370&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Fssp%2Fvpn%2Fclassic-push%2Fsmall%2Fcss%2Fstyle.css&l=3355&fd=194 HTTP/1.1
Host: trebleuniversity.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Cookie: u_pl=22608349; uid_id2=e6974b86-00b9-4229-a757-51b247e4726d:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 26 Apr 2024 14:30:10 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET artclass.site/css/main.css
104.21.234.104200 OK 4.1 kB URL GET HTTP/3 artclass.site/css/main.css
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
File type ASCII text, with very long lines (4356), with no line terminators
Hash 0257cbfe5039a18e76ed0088fff3cb79
5b257e3849fe8c9230744b7cb8a756f08d4dd4f4
c114aa41820f39f14ebaf6d82360fe1079c3e49cff1008546b1e9f7d3be63e0f
GET /css/main.css HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/css/master.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"scfez035y"
last-modified: Wed, 24 Apr 2024 02:59:24 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4636
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TZUqg8q4dV3r4xACdVdP%2B5%2FGBH8pWXgdHlx1d3cskclbh3LtKufQWXyK1zgezal7CqaiIYM4czB1X4l9wNpT6unRFAuYrNwVFIitxpns%2FdjaFKbKD%2BAbP1c0m8CaHTJc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d8ce9e770b-LHR
content-encoding: br
GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css
104.21.70.253200 OK 79 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/animate.css
IP 104.21.70.253:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
Hash 3d4123dbfb33d27a5cfdfcfa91df6783
e7d0eeeec54b848f0bc3da8685fa3bc88429d660
cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887
GET /sb/ssp/vpn/classic-push/small/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:10 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-13361"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 103071
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d%2B8lBsKy4aMTvNBmAyXhreVQEcMyTCf%2F%2BanGOvFV0%2B4DBngkdMfhFT6xOh21Br5TkDevQhWOYl%2FxodYb0WfU5AKvXIzocWy2dz0XsDqPUjAU3r4474M%2BnEHM%2BLrC4DwOJlziJiJU3dfT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e90a35b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js
104.21.70.253200 OK 962 B URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/js/script.js
IP 104.21.70.253:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File type ASCII text, with very long lines (1015), with no line terminators
Hash 88523e22d10f0cbad31aa1d8276764fa
9238cd9499e01abdbeb33e68c550d26cfb6eaba5
d553390acb639c765cb6aaa4fbb72529e4005227d190f53108aec87ccec411c2
GET /sb/ssp/vpn/classic-push/small/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:10 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-3c2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 450264
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C94hZv1zjKijFRewzCM814JUnly1Kebh5PK9jdO7XysyNb%2BKFKk0rgGBon78XMjVFIBQteN6MVMHX0ieW5syLMoh1J7Qn%2BDLtRNWg5ALAXBBrIvCJ2AuL1mD4PDkvd7UMSA%2FM6jpvCq9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744ea2c56b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET artclass.site/js/preload.js
104.21.234.104200 OK 3.6 kB URL GET HTTP/3 artclass.site/js/preload.js
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
File type HTML document, ASCII text, with very long lines (3764), with no line terminators
Hash 04f892b78980ba1263507fc52968c680
3c865dceddb2e04fb46f1830c9741702d02940d5
6608d3ec192fdc5ab6237f2a758579cceae587bb5257771f28f80ac112ece805
GET /js/preload.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"scfez02t3"
last-modified: Wed, 24 Apr 2024 02:59:24 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fmhp%2FJBpodxYaKOcPawTrzbPC6VRhmVzcTM4r0T2rGOCVdqIaw3tLjfBWNNZR8PQNu%2FuCIs0MWk2hvpXeOAPl1v%2FcMYEQHVLt9aP5VTdWnVsGtWIA255YiMNdganvgmJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d87e3a770b-LHR
content-encoding: br
GET cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/css/all.css
151.101.1.229200 OK 372 kB URL GET HTTP/2 cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/css/all.css
IP 151.101.1.229:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
Size 372 kB (371786 bytes)
Hash f9e2f72281d6ac4e23b1d1690c5e6700
c8e7ec28b0d5e2dcbce9b22107bc1ed8e53e4b16
c4772e97742bb0756ab29709b59debdfbca546b640277ff1f86935b0a72eca7f
GET /gh/hung1001/font-awesome-pro@4cac1a6/css/all.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4cac1a6
x-jsd-version-type: branch
etag: W/"5ac4a-yOfsKLDV4ty86bIhB7we2OU+SxY"
content-encoding: br
accept-ranges: bytes
date: Fri, 26 Apr 2024 14:30:08 GMT
age: 11226
x-served-by: cache-fra-eddf8230054-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 47137
X-Firefox-Spdy: h2
GET youngestmildness.com/watch.919633662244.js?key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&tz=0&dev=e&res=14.2071&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1
192.243.61.225307 Temporary Redirect 3.3 kB URL GET HTTP/1.1 youngestmildness.com/watch.919633662244.js?key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&tz=0&dev=e&res=14.2071&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1
IP 192.243.61.225:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjectyoungestmildness.com
Fingerprint1E:8F:59:B7:29:6A:D7:3F:99:85:F2:A7:49:89:88:22:3E:23:16:C1
ValidityWed, 24 Apr 2024 15:17:25 GMT - Tue, 23 Jul 2024 15:17:24 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /watch.919633662244.js?key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&tz=0&dev=e&res=14.2071&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1 HTTP/1.1
Host: youngestmildness.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 26 Apr 2024 14:30:09 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://artclass.site
Access-Control-Allow-Origin: https://artclass.site
Access-Control-Allow-Credentials: true
Location: https://youngestmildness.com/watch.919633662244.js?dev=e&key=8d57283b953b8b546d6a04d4deac19dc&kw=%5B%22art%22%2C%22class%22%5D&pst=1714141869&refer=https%3A%2F%2Fartclass.site%2Fload.html%3Fgame%3Damongus&res=14.2071&rmtc=t&shu=1c3a70e2e74824b583a6897d32cf33e7ae05d4f89acc65aa919dd16f4b2c9a0a4d7ea0564639615bce3ccb3bd2974e5b4016f2f97d4684215100f504dd8e1e54671734d38275fe97fca1b48f1620ea2306132b359d0eddb68a752cdbeda27f&tz=0&uuid=e6974b86-00b9-4229-a757-51b247e4726d%3A1%3A1
Set-Cookie: u_pl=22088700; expires=Sat, 27 Apr 2024 14:30:09 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMjA4ODcwMCwiayI6IjhkNTcyODNiOTUzYjhiNTQ2ZDZhMDRkNGRlYWMxOWRjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozNDQyNjUxLCJwaWQiOjE1MjQ4MjQsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MywiYWlkIjo1LCJwdCI6NCwicGsiOiJiNno0dWQ5eW0iLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9hcnRjbGFzcy5zaXRlL2xvYWQuaHRtbD9nYW1lPWFtb25ndXMiLCJhciI6W119fQ.914AZq1gMK58JpH3tfPwteEu8jKfCDPxa9rrzS1sRfI; expires=Fri, 26 Apr 2024 14:31:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d6a2a706c25854f9374bb68150308e6f
Strict-Transport-Security: max-age=0; includeSubdomains
GET artclass.site/css/cards.css
104.21.234.104200 OK 754 B URL GET HTTP/3 artclass.site/css/cards.css
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
File type ASCII text, with very long lines (801), with no line terminators
Hash a24e392c65537a27f4c33fc92d807ad2
cfbb52e32ef58b3ede60f20ac20e60730d36a9bd
c05f4888b0b5eab2032bd706e597f981d5d5436b633c3ed942c6640a32052f89
GET /css/cards.css HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/css/main.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjtky"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4636
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8wH006GB1QgLYNhjYtz6dCSIDlyctNskJIRX7tfRVfNolhGMva0ilV7zmriPt9bceIIJmpAZA6StBbKnfbXCzhrzbsmx0GT6aEfujlCvbwirwKIew8LpT6sdaG%2BOdQy5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d90efe770b-LHR
content-encoding: br
GET analytics.proudparrot2.tech/script.js
172.67.153.223200 OK 2.6 kB URL GET HTTP/2 analytics.proudparrot2.tech/script.js
IP 172.67.153.223:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectproudparrot2.tech
Fingerprint4A:08:60:5E:66:23:AC:1A:51:3B:45:44:7C:ED:73:DB:CE:6D:DA:ED
ValidityTue, 23 Apr 2024 02:56:28 GMT - Mon, 22 Jul 2024 02:56:27 GMT
File type JavaScript source, ASCII text, with very long lines (2658), with no line terminators
Hash 01193dbf5e8fd03a35b188875b9f4302
5c24946bae53e8ab600a46d69f6081a21b5ea3f3
4f7fc4fd8ca0fd8e2895028da510349e811494a8d0d3af7f3a4dbac985e504ef
GET /script.js HTTP/1.1
Host: analytics.proudparrot2.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:08 GMT
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=14400
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
etag: W/"a0d-18eea4fb4e0"
last-modified: Wed, 17 Apr 2024 04:27:56 GMT
vary: Accept-Encoding
x-dns-prefetch-control: on
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h1x%2BRKplEKYvyXjXTTs4aF%2FBCz%2FKdjjtAFzlbW3B1k5wLNyusuysW1eBQrR78ybZ4P%2Fg%2BLF%2BfI1vk5dP3lQ%2FMYsakXnJh2e47HTZZY1DSWGVq15y34NM3%2BlazKwtILK3SyToB%2Bg%2B9I06n%2FuZrVE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a744de3ce3b50c-OSL
content-encoding: br
X-Firefox-Spdy: h2
GET downstairsnegotiatebarren.com/sfp.js
104.21.35.227200 OK 86 kB URL GET HTTP/3 downstairsnegotiatebarren.com/sfp.js
IP 104.21.35.227:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:09 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 6a8684afaf235ef5360b0f23d7ddb45b
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 26 Apr 2024 14:30:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sgd7kVM8RRJRLY4EJCXKvS65VXDIOxhHLIcN5QVzWtNA0DYeWaNn%2FKFUumqTg%2BUHHH3h%2FwbPjlpHYB9cR5rf8jzredE3vzwFep4CxDkUi9c5pLUXiP7ALM%2FE1kP3sX8Q9mfvEAoN9%2BAJNnBfXgej6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e66b48712d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.106200 OK 7.0 kB URL GET HTTP/3 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.106:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT
File type ASCII text, with very long lines (7193), with no line terminators
Hash 16b49a99486594c0b42d9bd7821deb2c
2fb46e5e86d6b37d4497cc04bfd89b3cb33a276a
3f3540952441e06ef81189cf63d46bac242804e386779dbb0cdd78ed10025c21
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 14:30:10 GMT
date: Fri, 26 Apr 2024 14:30:10 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET artclass.site/load.html?game=amongus
104.21.234.104200 OK 2.2 kB URL User Request GET HTTP/2 artclass.site/load.html?game=amongus
IP 104.21.234.104:443
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
File type HTML document, ASCII text, with very long lines (2337), with no line terminators
Hash 30225b8d27a254bde018565452eb7fdb
bbfbb48789e68f6c598e379b09468291f8203ea8
c0a07d92e7195e99040dddbc03ff07ca12a3419ab8ddca372b1bf964b54d7964
GET /load.html?game=amongus HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: text/html; charset=utf-8
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 24 Apr 2024 02:59:24 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ks8H1GQPDe9HnGCdp97CWNzQyBKFlh%2BE3sTNeNaf8rOZzV7JZFHivG25wmkcHuStE3hD%2BV6ThQhMV6PMZQZ7KOta1f4afJ0ifrzsevAdIfmI6yYq8QBCJwcKlikm5dGY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a744d4e86623e3-LHR
content-encoding: br
X-Firefox-Spdy: h2
GET artclass.site/js/index.js
104.21.234.104200 OK 3.9 kB URL GET HTTP/3 artclass.site/js/index.js
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
File type ASCII text, with very long lines (4093), with no line terminators
Hash e0f6a8923586cb1fe281136098f00cfc
8841a712e0ea479a44ff73925bc92ed8f8a3df17
b5a7fd31e105979a674cbb5c2ba0f0502b243698a3b54684b05af3ead5e0d592
GET /js/index.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"sa9an630y"
last-modified: Tue, 12 Mar 2024 22:33:06 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4636
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nGMs3b4fBBOfxlvw8kdsJMHL8Y1SY0AmIFWRVHn7Hp6QUgtEEBYasZYZvaw6Tg0PoYdH4YynGqIba4K8wsW%2BsGXEa1KXyEe%2FQ7UoS3FklmnZfd%2BgRmxfgEP2IOHkK%2Bsk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d88e3d770b-LHR
content-encoding: br
GET downstairsnegotiatebarren.com/sfp.js
104.21.35.227200 OK 86 kB URL GET HTTP/2 downstairsnegotiatebarren.com/sfp.js
IP 104.21.35.227:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint2C:6A:E1:8E:26:5B:1D:8B:86:CB:C1:72:4E:52:4B:8B:67:3A:D2:44
ValidityMon, 04 Mar 2024 21:53:07 GMT - Sun, 02 Jun 2024 21:53:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:09 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 887068a0bbf7894feefa62f999363286
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 26 Apr 2024 14:30:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pv0grc%2BJaXGg0xq678gkv4KEOb8gkilw5tq8sxAKXWSWUIOV%2B1dz10dqJ21m%2BneZ%2F5lgnKKsY3A%2B%2FhSGS3mMMkYr4%2FAV6E9OIY9EQ7YV1iehwRh97jUKYDMpvOzONyWEvFgl61OWcsBkZyEZWDRDnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e30b3c569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET artclass.site/css/master.css
104.21.234.104200 OK 449 B URL GET HTTP/3 artclass.site/css/master.css
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
File type ASCII text, with very long lines (470), with no line terminators
Hash b62a249a4efae87ddf6f5e131ed8fe7c
4644f0103dd345f00fff6d452f3462ba18a801a8
a3bc13df62b9eb9fffa125fff61e13d835aae5e54eb9168b2ee23a18b03118f9
GET /css/master.css HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjtch"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4789
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mk3omMt6yjn8%2FZXx6gPIhn2TlNsIPs%2BFVOXx%2B5%2FhzbNJ3P4XtLF3Jcdg4GJGqlN3zOFnnJGLbeASPq2v4rEIHriPIJEk2Yix2Nz9gQo%2BbHpYJPqgN2cIwP5Q9zMsJn3Q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d87e35770b-LHR
content-encoding: br
GET artclass.site/uv/uv.config.js
104.21.234.104200 OK 335 B URL GET HTTP/3 artclass.site/uv/uv.config.js
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
File type ASCII text, with very long lines (346), with no line terminators
Hash e65f44a09352ce8c382d73bbe22611f6
585e1d79625ef10bdea44eddb0a20174ee7e0dd9
7243580eb92b1ef1f513697e159eead080167a99463677adea8183baa5bd583a
GET /uv/uv.config.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=120
etag: W/"14f-18d51873be0"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
x-powered-by: Express
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KERYbxGwOY2xXPR0s%2B2dffhLH4uD4lRF7d34LAQPVq5GskYyKsVl%2FL%2BF8UB%2BlTBOovmtkFizl6YoerSkoo%2Br1iqia%2Ffn1iG9kE4NfhWjbd0GaGY%2BH5vRNpI6un%2FcpUP5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d87e39770b-LHR
content-encoding: br
GET artclass.site/assets/data/games.js
104.21.234.104200 OK 26 kB URL GET HTTP/3 artclass.site/assets/data/games.js
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
Hash 0db2eed829115b147c3da0ff3dfd7a19
d27e7070f36b0277fa5576adc311200bd9f08efa
457c85e69f8cef99e934ce372512f0a6754512f2e5e7273d3844fde450a7781f
GET /assets/data/games.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"sa5grjjxi"
last-modified: Sun, 10 Mar 2024 20:54:55 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 3973
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VmjxrNrslwG8CJ%2FVCE7cz4j3YLHe4ZyyT8SvyljXMv4GFCKS6XePTuxSFyd8t7LcjACohOhS5IhYobxze6DSI5tYAtKauEgr8yJKlTVHsMwV%2FpQTQtsvGYDFgzkS98OG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d88e3f770b-LHR
content-encoding: br
GET artclass.site/js/load.js
104.21.234.104200 OK 2.6 kB IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
File type ASCII text, with very long lines (2725), with no line terminators
Hash 8353e9415f003f3f529ea3a1a063169b
312b5bcfd360299e60e2e170c1bec229621e98cd
c7e3222482c6286d69e7a4329b5ea7c8caac2afffdc50f8fcf71aa7df69b2b8e
GET /js/load.js HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/load.html?game=amongus
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjt1zt"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 3973
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=24zRse%2BpZpb0TQKZTDVZXdlJpCoFQuMSJ5wyZ0MEo3rVBTeVKtIxOZ%2BXL0P66FN%2FODzkXzcGnfhBZVfzKkPhLaByM1UHtFygPaxA7bZAgEQU9%2FVj8RMMOa%2BPRSXLlPax"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d88e46770b-LHR
content-encoding: br
GET fonts.googleapis.com/css2?family=Montserrat:wght@700;900&family=JetBrains+Mono:wght@300;400&display=swap
142.250.74.106200 OK 8.5 kB URL GET HTTP/2 fonts.googleapis.com/css2?family=Montserrat:wght@700;900&family=JetBrains+Mono:wght@300;400&display=swap
IP 142.250.74.106:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint5F:6D:48:87:16:89:1E:A5:57:29:92:8B:34:BD:F2:92:0C:7F:F2:50
ValidityMon, 08 Apr 2024 07:32:03 GMT - Mon, 01 Jul 2024 07:32:02 GMT
File type ASCII text, with very long lines (8716), with no line terminators
Hash c12b151d8968970dc80a8039cd0cae18
8c9b391e2626773d34c3a2da2ef0538d706ac721
cc95db9f8d20b9d0d34d493e3b8e9783d5a8da4acbcb87415c0969bdbcd161c1
GET /css2?family=Montserrat:wght@700;900&family=JetBrains+Mono:wght@300;400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 26 Apr 2024 14:30:07 GMT
date: Fri, 26 Apr 2024 14:30:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET artclass.site/css/nav.css
104.21.234.104200 OK 2.5 kB URL GET HTTP/3 artclass.site/css/nav.css
IP 104.21.234.104:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT
File type ASCII text, with very long lines (2620), with no line terminators
Hash 30b4157eb768613b3ae6f51470324790
39a41fdf5b28fe8afebd5f81bf86f82b3dd58cf4
b19e78c683b95641b8dcfcaf481a89fa2812f19076529f4a560db6597d5b6e13
GET /css/nav.css HTTP/1.1
Host: artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/css/master.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 Apr 2024 14:30:07 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjt1wo"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 4788
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ez2dTUUeiZsJmrO8R%2BP0%2FY4ZbmxxR%2FuWfZ9ZqjeGZ3I0vjpmRvz7tQC%2FX9wQqyiLd2kxR3%2FVv01CkDmaJFBk1B2TMTNWlcQQ39QYquTRUyhxUzNZ1O0xsYYkpREW7rTT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744d8cea1770b-LHR
content-encoding: br
GET fonts.gstatic.com/s/jetbrainsmono/v18/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yK0BNntkaToggR7BYZbNPxDcwg.woff2
216.58.207.227200 OK 31 kB URL GET HTTP/2 fonts.gstatic.com/s/jetbrainsmono/v18/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yK0BNntkaToggR7BYZbNPxDcwg.woff2
IP 216.58.207.227:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT
File type Web Open Font Format (Version 2), TrueType, length 30960, version 1.0
Hash 1fdb405af078a06205123cec5d912e0f
5758307963b327b7ceb918d8f4f29be3c051bbed
e9b6fcd97ae3f51330bb9d01f3b62c5ea4ce8860967fb748aa1c7c115689b09e
GET /s/jetbrainsmono/v18/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yK0BNntkaToggR7BYZbNPxDcwg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 08:51:01 GMT
expires: Fri, 25 Apr 2025 08:51:01 GMT
cache-control: public, max-age=31536000
age: 106747
last-modified: Tue, 02 May 2023 14:52:37 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css
104.21.70.253200 OK 3.4 kB URL GET HTTP/2 cdn.creative-bars1.com/sb/ssp/vpn/classic-push/small/css/style.css
IP 104.21.70.253:443
Requested by https://artclass.site/load.html?game=amongus
Certificate IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT
File type ASCII text, with very long lines (3537), with no line terminators
Hash b8a277e051f047a41d3229377460f0c9
596b934114e1b6e3cee15ef19925c7f2ff5607e7
9cf981fe6d59b72cb9d12e4bc958983bac07f16b8f1b40bb1c6ced0bf2d6b2d0
GET /sb/ssp/vpn/classic-push/small/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://artclass.site
DNT: 1
Connection: keep-alive
Referer: https://artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:30:10 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:19:42 GMT
etag: W/"65aa84fe-d1b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 450264
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U1Z%2BzD3JWy4PqE7JiyoYYbqSVD7jW2cODPI8FQXYIlzMk1BZueVcwMpxS5vlv0gSCzdFoJqE1VsYUBfgSQcBY9oJlP%2BSn092xpoDWWFGXcUYOf64KxldBhRSWxsHTSkosgvmN4qx4TGN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a744e91a37b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2