Report - clickndownload.live/l4b5cvcvf8vc

Report Overview

Visited public
2025-06-06 16:02:09
Tags
URL
clickndownload.live/l4b5cvcvf8vc
Finishing URL
clickndownload.cloud/l4b5cvcvf8vc
IP / ASN
104.21.21.109
#13335 CLOUDFLARENET
Title
Download Orihime and Rangiku Kokoboro mp4

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2025-05-30	433 B	377 B	185.196.197.71
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2025-06-04	983 B	49 kB	104.18.10.207
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-04-05	2025-06-04	455 B	61 kB	104.18.10.207
unseenreport.com	unknown	2022-03-30	2022-03-30	2025-06-05	772 B	496 B	192.243.61.227
madurird.com	unknown	2023-10-06	2023-10-07	2025-05-30	416 B	108 kB	139.45.197.106
qk.zirconscuculle.com	unknown	unknown	No data	No data	438 B	1.4 kB	23.109.170.89
clickndownload.live	unknown	2025-03-14	2025-06-01	2025-06-01	500 B	54 kB	188.114.96.1
my.rtmark.net	9054	2014-10-29	2015-02-04	2025-06-05	447 B	843 B	104.18.41.22
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-06-04	441 B	392 kB	142.250.74.136
clickndownload.cloud	unknown	unknown	No data	No data	8.0 kB	423 kB	104.21.64.1
oamsedsaiph.net	unknown	2025-04-25	2025-05-15	2025-06-01	1.3 kB	2.3 kB	139.45.195.9
experttrafficcounter.com	unknown	2025-01-23	2025-01-24	2025-05-30	972 B	734 B	52.58.57.192
use.fontawesome.com	942	2012-10-18	2017-01-30	2025-06-04	1.5 kB	135 kB	104.21.27.152
stationshy.com	unknown	2024-09-30	2025-03-07	2025-04-11	452 B	105 kB	172.240.127.234
invadedisheartentrail.com	unknown	2024-09-01	2024-10-22	2025-06-02	510 B	502 B	172.240.108.84
code.jquery.com	634	2005-12-10	2012-05-21	2025-06-04	428 B	90 kB	151.101.2.137
clicknupload.click	unknown	2023-02-09	2023-02-22	2025-05-30	3.1 kB	34 kB	188.114.97.1
recordedthereby.com	unknown	2024-05-08	2024-05-08	2025-06-02	419 B	86 kB	185.196.197.72

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-06	medium	madurird.com	Sinkholed
2025-06-06	medium	oamsedsaiph.net	Sinkholed
2025-06-06	medium	stationshy.com	Sinkholed
2025-06-06	medium	oamsedsaiph.net	Sinkholed
2025-06-06	medium	invadedisheartentrail.com	Sinkholed
2025-06-06	medium	unseenreport.com	Sinkholed
2025-06-06	medium	recordedthereby.com	Sinkholed
2025-06-06	medium	capaciousdrewreligion.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (20)

	URL	From	Size	First Seen	Last Seen
	clickndownload.cloud/l4b5cvcvf8vc	ScriptElement	261 B	2023-03-07	2025-06-16
Pretty URL clickndownload.cloud/l4b5cvcvf8vc IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:23 Last Seen2025-06-16 22:59 Times Seen1720 Hash d04584334d251ef8ea053da53b683194 dc0092f79b3e040a93d5d94951ff9eb326960c99 6f42d96dcea6cd1193084d86f60b8629162023b44cd213d41fc63bedc177fbb8 Loading...

	clickndownload.cloud/l4b5cvcvf8vc	ScriptElement	666 B	2023-03-07	2025-06-16
Pretty URL clickndownload.cloud/l4b5cvcvf8vc IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:23 Last Seen2025-06-16 22:59 Times Seen1975 Hash b43b98ae6d81d1bcc31bf4d398af2770 084014353ba5a80e35a7144b4c4ad8abbcdf6eac 6df937222477e1219205ce19b008280da54e60cdf8c3a5749369a66224a82faa Loading...

	clickndownload.cloud/js/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-06-16
Pretty URL clickndownload.cloud/js/jquery.cookie.js IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23 Last Seen2025-06-16 22:59 Times Seen2728 Hash ff14e4812b7f512e620b1ad35542bcfc c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96 Loading...

	clickndownload.cloud/js/paging.js	ScriptElement	1.8 kB	2023-03-07	2025-06-12
Pretty URL clickndownload.cloud/js/paging.js IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:03 Last Seen2025-06-12 04:29 Times Seen509 Hash 3686c6282d9c94c620e42508fb5d0e18 97c9a31b1f7946d5f3ba6a5047c95cf38456fa64 e1d4f21db649ec5795e70cb72e59fdec97af300c64b5d8abbc67f00688eb0ecd Loading...

	www.googletagmanager.com/gtag/js?id=G-G0GWKC1CMJ	ScriptElement	391 kB	2025-06-06	2025-06-06
Pretty URL www.googletagmanager.com/gtag/js?id=G-G0GWKC1CMJ IP 142.250.74.136 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-06 16:02 Last Seen2025-06-06 16:02 Times Seen1 Hash 06b9bd37aa7f868c79db45923a9e5144 7e928fe446ca1421ddbba282389fd583e1a11175 8c4ffdc0f61510beb506826253c08f4cef0ee87f38d7f10208cff82580e68693 Loading...

	recordedthereby.com/sfp.js	ScriptElement	85 kB	2025-01-25	2025-06-17
Pretty URL recordedthereby.com/sfp.js IP 185.196.197.72 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-25 09:25 Last Seen2025-06-17 03:50 Times Seen1814 Hash 108625937affa4b38bb17cea65510d72 2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0 Loading...

	clicknupload.click/js/dialogs.js	ScriptElement	2.2 kB	2023-03-07	2025-06-13
Pretty URL clicknupload.click/js/dialogs.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:52 Last Seen2025-06-13 16:00 Times Seen372 Hash 2f96a16e62a9d63834bbb6108f83d90b 7da8c8e56e98e99c6c891f6b44d135fb1276a32c 71fea8e764130d6d3e79297c3c69a3f30ba91e929ef79753dc6fd807d04bc03d Loading...

	code.jquery.com/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-06-17
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-17 03:58 Times Seen114117 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js	ScriptElement	60 kB	2023-03-07	2025-06-17
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07 Last Seen2025-06-17 03:42 Times Seen3129 Hash 6bea60c34c5db6797150610dacdc6bce 544afefd148715da7dd52d368a414703390ca0e0 38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff Loading...

	clickndownload.cloud/js/jquery.paging.js	ScriptElement	19 kB	2023-03-07	2025-06-16
Pretty URL clickndownload.cloud/js/jquery.paging.js IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:23 Last Seen2025-06-16 22:59 Times Seen2683 Hash d7a2c1c7af2a004a6d68e1e55b1cfb46 7fd6daa7076c30381880519ad06ef5639b19ee28 c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6 Loading...

	clickndownload.cloud/l4b5cvcvf8vc	ScriptElement	153 B	2023-04-28	2025-06-12
Pretty URL clickndownload.cloud/l4b5cvcvf8vc IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-28 03:42 Last Seen2025-06-12 04:29 Times Seen181 Hash 0b7f5a628579e8912b699f49266ae90c baa05017f2bb4e3c9f51127ba7ecd5d96a18d709 a477fce51b2469cca586acc65e7dec5bcf6c6c8284a2666f1915b4c46f6f7597 Loading...

	clickndownload.cloud/l4b5cvcvf8vc	ScriptElement	174 B	2023-03-07	2025-06-13
Pretty URL clickndownload.cloud/l4b5cvcvf8vc IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:23 Last Seen2025-06-13 16:00 Times Seen898 Hash cb943eb9432bf54d0289b5b025bef54f 59126b245742b44378dbfa4c3d11bd852a4d716b a40ee726019c571babd88bcfc2265bb8030e1b476452ed3ccda139deebefee94 Loading...

	clickndownload.cloud/l4b5cvcvf8vc	ScriptElement	369 B	2023-03-14	2025-06-12
Pretty URL clickndownload.cloud/l4b5cvcvf8vc IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 18:42 Last Seen2025-06-12 04:29 Times Seen164 Hash e24a84043f8085dc32aeb9891ee2c523 aaa239859d12c75b961dbfccd53afd6497dedaaf a936c24cd92da7461745d5bc25662f7bbf8af5c11a761a406dd498936c08d923 Loading...

	clicknupload.click/js/bootstrap-confirm.js	ScriptElement	3.1 kB	2023-03-07	2025-06-14
Pretty URL clicknupload.click/js/bootstrap-confirm.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:52 Last Seen2025-06-14 08:50 Times Seen402 Hash ed107aaa46561415692b9d4548c7c615 c23678dd36a64ddd29d8cc102d1b1bebf922875f ecf662e9f1d25bd142e6b4e5618012a3af7af1a2cd7504d67b90d59ca344ef2f Loading...

	qk.zirconscuculle.com/rP8GSwH2osUDKUWr6/52561	ScriptElement	5 B	2025-04-24	2025-06-17
Pretty URL qk.zirconscuculle.com/rP8GSwH2osUDKUWr6/52561 IP 23.109.170.89 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-24 10:17 Last Seen2025-06-17 04:08 Times Seen735 Hash 848667c49f5d3aef59cd65ed276cd7ae bd12c0ca2dfaa249586f1b9b8d48b02a1b9e3763 cc5a5851251dd8052292557ba0231c51363ff1474f60b7a4af3be144cb1327c8 Loading...

	clickndownload.cloud/l4b5cvcvf8vc	ScriptElement	28 kB	2025-06-06	2025-06-12
Pretty URL clickndownload.cloud/l4b5cvcvf8vc IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-06 16:02 Last Seen2025-06-12 04:29 Times Seen4 Hash e24fe571d4742742fffb62dda40fa11a b394181e3ee6b2492d372f5dd230ca86d5c3921b f96f9dfcdc34194d5ea4e2cd452261000ac44c92ede688ee97a415c22204ee7b Loading...

	madurird.com/tag.min.js	ScriptElement	108 kB	2025-06-06	2025-06-10
Pretty URL madurird.com/tag.min.js IP 139.45.197.106 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-06 13:14 Last Seen2025-06-10 10:19 Times Seen35 Hash 73217dbc1f4a40490924d207f9954b68 36dec7c4513fb9a90109340e387e9a74d683ef20 70e626751e2ecfb9bb2602d111d7aec443f0fa5595bf2002278d00c612b3d9a1 Loading...

	stationshy.com/a1/90/5d/a1905d2642267dd1c1ad339abf69efcf.js	ScriptElement	104 kB	2025-06-06	2025-06-06
Pretty URL stationshy.com/a1/90/5d/a1905d2642267dd1c1ad339abf69efcf.js IP 172.240.127.234 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-06 16:02 Last Seen2025-06-06 16:02 Times Seen1 Hash 6dcd69999f3fafb9270fa63b8508f4f7 a61b76f1b70f942e29fc6875332285481fd3c495 0fc0fdda21ffc7252b360ec7fb9dbb754a98a5e85d2507cec17a0763c0763b6d Loading...

	clickndownload.cloud/l4b5cvcvf8vc	EventHandler	11 B	2025-06-06	2025-06-12
Pretty URL clickndownload.cloud/l4b5cvcvf8vc IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by eventHandler Embedded in HTML false Observations First Seen2025-06-06 16:02 Last Seen2025-06-12 04:29 Times Seen4 Hash 750f349e1dd8477805a67ede3f334943 fe4c6431cef07c41969231d204687b14dd6bcfa8 ed3fc2ae74b29df83a04462f4b327d4b44acbad58becaee7e705425e02c8a460 Loading...

	clickndownload.cloud/l4b5cvcvf8vc	EventHandler	11 B	2025-06-06	2025-06-12
Pretty URL clickndownload.cloud/l4b5cvcvf8vc IP 104.21.64.1 ASN #13335 CLOUDFLARENET Introduced by eventHandler Embedded in HTML false Observations First Seen2025-06-06 16:02 Last Seen2025-06-12 04:29 Times Seen4 Hash 1dcafb9be74f34c4544eb627a7fd9d9f dfc23de884376b6cb016ae47205b49366ac62af3 14ee2c795b7e8c42937fb80aae1d5d498b02fb5b1bc43ce752569ae27c66bf41 Loading...

HTTP Transactions (44)

URL IP Response Size

clicknupload.click/images/buy_usdt.png

188.114.97.1

200 OK

6.9 kB

URL GET
clicknupload.click/images/buy_usdt.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclicknupload.click
FingerprintB1:F2:BC:3D:0A:D7:71:04:BD:20:26:B3:5C:C6:46:6E:B2:68:01:CF
ValiditySun, 25 May 2025 03:14:19 GMT - Sat, 23 Aug 2025 04:13:01 GMT

File type
PNG image data, 118 x 41, 8-bit/color RGB, non-interlaced
Size
6.9 kB (6855 bytes)
Hash
3fd19c831caa4992cc14d656a0cc9637
def2788ea1807eea1b78a80b203b215707867ce7
b8ccbb11f00ac5d936de77fa269413482c9a5b3ae4ab23b18157dcc231ac1266

HTTP Headers

GET /images/buy_usdt.png HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: image/png
content-length: 6855
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sun, 23 Apr 2023 12:23:21 GMT
etag: "1ac7-5f9fff4b48040"
accept-ranges: bytes
age: 4374
cache-control: max-age=14400
cf-cache-status: HIT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=twjnPN0PpMcug5RKS%2B%2FliqYuactpqf%2F95w43WgzR96OJKlonCK8mZvW9cpCUkjMoAigCvn%2BTcpsKdy0LFd1vptomiPvn6NVTW8RQgZmVS7A%3D"}]}
cf-ray: 94b92164093e56b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

clickndownload.cloud/css/bootstrap.css

104.21.64.1

200 OK

144 kB

URL GET
clickndownload.cloud/css/bootstrap.css
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
ASCII text, with very long lines (540)
Size
144 kB (144219 bytes)
Hash
de29a2a7f8fdd32726d8e70fa3037379
45686004dcb4a332ffd98cca3ba7979bf1a02aa7
0dd311ba439876efdb560247faf414416adb4683c5184c817c5c4ff1137e8a9a

HTTP Headers

GET /css/bootstrap.css HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/l4b5cvcvf8vc
Cookie: aff=46132
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: text/css
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qmbY9Sdok7YgG9iZ4mp%2BVe%2B6l2nTrRyky%2FERTqmJ15XIrDf1vutcBmGf9BtZLeH1HRCGtVmNHAnKYH8KXIJP1dbtdlKD0hmxZoRr0KTmgbMovg%3D%3D"}]}
age: 1762
cache-control: max-age=14400
cf-cache-status: HIT
etag: W/"2335b-59e95997d6180"
content-encoding: br
cf-ray: 94b92162fb485699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

clicknupload.click/images/buy_eth.png

188.114.97.1

200 OK

1.2 kB

URL GET
clicknupload.click/images/buy_eth.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclicknupload.click
FingerprintB1:F2:BC:3D:0A:D7:71:04:BD:20:26:B3:5C:C6:46:6E:B2:68:01:CF
ValiditySun, 25 May 2025 03:14:19 GMT - Sat, 23 Aug 2025 04:13:01 GMT

File type
PNG image data, 222 x 83, 8-bit colormap, non-interlaced
Size
1.2 kB (1226 bytes)
Hash
479f53c7a95b733a3f75549dc81911c0
08b0afdccd31497faa329c53305a33f961ee248c
dfe6abeb48711f23656d32822f8b2aedf5283c1d545bd4bcb31db12bb67d9087

HTTP Headers

GET /images/buy_eth.png HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: image/png
content-length: 1226
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "4ca-59e95997d6180"
accept-ranges: bytes
age: 4374
cache-control: max-age=14400
cf-cache-status: HIT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4HDr%2BMELeF39O66rh%2BZlY%2FzgnqMXrbDIzBkcAu9stEoLEwJ%2FOVXfQrxSXhyv8aaQYdW122ZVTd%2B59KI4Oro%2BE%2BgUhKpj6eE8%2FIpWsyI6Izs%3D"}]}
cf-ray: 94b92164093856b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

clickndownload.cloud/css_new/style.css?r=1

104.21.64.1

200 OK

96 kB

URL GET
clickndownload.cloud/css_new/style.css?r=1
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
ASCII text, with very long lines (339)
Size
96 kB (96106 bytes)
Hash
e22ca2f4bc86d86b0712de8cc63a35bd
79b790aaf4cf7b48a2cb68c35f5c6d2a07fc1ddd
570ead7030ff62066608ee2e9d73287ff2aa7d01ba5d44b0d26b0d2155a72e94

HTTP Headers

GET /css_new/style.css?r=1 HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/l4b5cvcvf8vc
Cookie: aff=46132
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: text/css
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sun, 07 Aug 2022 23:26:23 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4MLVoLc6En3d%2FYFihO66vqBwzvJ1y9HIUgGPMcP1XA4lHxJzXWa%2BGtsCfD7Hagg3A57v8202WVZsSWaH9uS%2BlYTdqlVr5eswgFKRbYM0Yng%2FHA%3D%3D"}]}
age: 1762
cache-control: max-age=14400
cf-cache-status: HIT
etag: W/"1776a-5e5af070d7ac9"
content-encoding: br
cf-ray: 94b921630b605699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

madurird.com/tag.min.js

139.45.197.106

200 OK

108 kB

URL GET
madurird.com/tag.min.js
IP
139.45.197.106:443
ASN
#9002 RETN Limited

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerLet's Encrypt
Subjectmadurird.com
FingerprintE6:F5:25:47:3F:87:05:23:96:F8:35:FA:1C:BC:79:F8:B3:85:26:2D
ValiditySat, 19 Apr 2025 05:46:37 GMT - Fri, 18 Jul 2025 05:46:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107527 bytes)
Hash
73217dbc1f4a40490924d207f9954b68
36dec7c4513fb9a90109340e387e9a74d683ef20
70e626751e2ecfb9bb2602d111d7aec443f0fa5595bf2002278d00c612b3d9a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: madurird.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: application/javascript
x-trace-id: 64e57bf0eeb2f876374d3a4696bf17bd
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

clicknupload.click/js/bootstrap-confirm.js

188.114.97.1

200 OK

3.1 kB

URL GET
clicknupload.click/js/bootstrap-confirm.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclicknupload.click
FingerprintB1:F2:BC:3D:0A:D7:71:04:BD:20:26:B3:5C:C6:46:6E:B2:68:01:CF
ValiditySun, 25 May 2025 03:14:19 GMT - Sat, 23 Aug 2025 04:13:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text
Size
3.1 kB (3148 bytes)
Hash
ed107aaa46561415692b9d4548c7c615
c23678dd36a64ddd29d8cc102d1b1bebf922875f
ecf662e9f1d25bd142e6b4e5618012a3af7af1a2cd7504d67b90d59ca344ef2f

HTTP Headers

GET /js/bootstrap-confirm.js HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ud86qmL%2Fwy3B%2BQJXxiHKFB9zxpVsqm6kETiB4QnehkHLwAlfmAwzqXoRtI0rr%2FtUG8ZnFnnngPeJbSz4x7G4vi1SXIBsJs5HSZX0MBwA9uw%3D"}]}
age: 1248
cache-control: max-age=14400
cf-cache-status: HIT
etag: W/"c4c-59e95997d6180"
content-encoding: br
cf-ray: 94b92164197756b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

clickndownload.cloud/favicon.ico

104.21.64.1

200 OK

1.3 kB

URL GET
clickndownload.cloud/favicon.ico
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
PNG image data, 48 x 48, 8-bit colormap, non-interlaced
Size
1.3 kB (1288 bytes)
Hash
77e59d75ebf5717f8cfd153710506119
e6d99fb7820c3802ccbbea7cba43d14ae70efd0f
c8ad32630b8fd77e7555c1aabbafb9999140b3593cb52d21f6af951cef54941f

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/l4b5cvcvf8vc
Cookie: aff=46132; ref_url=https%3A%2F%2Fclickndownload.cloud%2Fl4b5cvcvf8vc; _ga_G0GWKC1CMJ=GS2.1.s1749225709$o1$g0$t1749225709$j60$l0$h0; _ga=GA1.1.355442670.1749225709
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Jun 2025 16:01:49 GMT
content-type: image/vnd.microsoft.icon
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sVO9yHvMHwnT3BWvK4Vze0ekih170ure5cCR78AN1j2cirObhbFRM%2BtPXw0KIxjSaY1HpGR%2Fhf%2BJL8jND2smYpIZ6ISmbRvTShbZljFVBIXKl0c%2BZBoubxvTXSmDAFB%2FilsfoWs%2Fug%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: W/"508-59e95997d6180"
age: 1763
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 94b9216b5ff256bb-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4518&min_rtt=664&rtt_var=2592&sent=180&recv=140&lost=0&retrans=0&sent_bytes=105671&recv_bytes=10568&delivery_rate=8423532&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=96000&unsent_bytes=0&cid=75eb463c8c452ff5&ts=1632&inflight_dur=98&x=80"

clickndownload.cloud/js/jquery.paging.js

104.21.64.1

200 OK

19 kB

URL GET
clickndownload.cloud/js/jquery.paging.js
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
JavaScript source, ASCII text
Size
19 kB (19365 bytes)
Hash
d7a2c1c7af2a004a6d68e1e55b1cfb46
7fd6daa7076c30381880519ad06ef5639b19ee28
c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6

HTTP Headers

GET /js/jquery.paging.js HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/l4b5cvcvf8vc
Cookie: aff=46132
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=z4IfCKtPJgqRuk%2BL7CvVMqKwx8MKI2VtvV36%2FamVQv7tLPUv%2FQ%2BzKNHm0LCYOXi4QK%2BsF4gyzRvT6LMdgOjPuDKM5pfA%2B9G8yrPbZ0ZYsS6hWg%3D%3D"}]}
age: 1762
cache-control: max-age=14400
cf-cache-status: HIT
etag: W/"4ba5-59e95997d6180"
content-encoding: br
cf-ray: 94b921630b635699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-G0GWKC1CMJ

142.250.74.136

200 OK

391 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-G0GWKC1CMJ
IP
142.250.74.136:443
ASN
#15169 GOOGLE

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT

File type
JavaScript source, ASCII text, with very long lines (6079)
Size
391 kB (391203 bytes)
Hash
06b9bd37aa7f868c79db45923a9e5144
7e928fe446ca1421ddbba282389fd583e1a11175
8c4ffdc0f61510beb506826253c08f4cef0ee87f38d7f10208cff82580e68693

HTTP Headers

GET /gtag/js?id=G-G0GWKC1CMJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 06 Jun 2025 16:01:48 GMT
expires: Fri, 06 Jun 2025 16:01:48 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 130081
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

qk.zirconscuculle.com/rP8GSwH2osUDKUWr6/52561

23.109.170.89

200 OK

5 B

URL GET
qk.zirconscuculle.com/rP8GSwH2osUDKUWr6/52561
IP
23.109.170.89:443
ASN
#7979 SERVERS-COM

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerLet's Encrypt
Subjectqk.zirconscuculle.com
Fingerprint29:31:28:AD:39:33:3E:B8:3C:8F:60:B6:C0:34:B8:66:5D:4B:D0:22
ValidityFri, 06 Jun 2025 04:27:34 GMT - Thu, 04 Sep 2025 04:27:33 GMT

File type
ASCII text, with no line terminators
Size
5 B (5 bytes)
Hash
848667c49f5d3aef59cd65ed276cd7ae
bd12c0ca2dfaa249586f1b9b8d48b02a1b9e3763
cc5a5851251dd8052292557ba0231c51363ff1474f60b7a4af3be144cb1327c8

HTTP Headers

GET /rP8GSwH2osUDKUWr6/52561 HTTP/1.1
Host: qk.zirconscuculle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 06 Jun 2025 16:01:48 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://clickndownload.cloud
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9zV1OhDAcBHC%2B2dUFnYQDeASKlPDqi1fwkRT6B%2BtCuykV9PYSE32bTH6T8TwvKB7gb8kZ4afgeGKsbdqaV21ZD62o%2Br5tGl72vC1ZxceR46zWzol%2BJhfhtC7Cus5tES4TabJq6AYjKcPjof6aqza7jhD3VmiZIV4OMWdIe2v2lWwRItJiIaSvytJovg4hPoxFyJ7rIyt9ZL9EYNYizO%2BQviktj2V%2BQcDKPE883N9m4UZjl07JxEc8WSEJ%2FgtOg3A0GfuNVNJ6deYGmFl2%2F%2F73ONxZiUTSpgZCbNw72R%2B3Z03l; expires=Sat, 07-Jun-2025 16:01:48 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Sat, 07-Jun-2025 16:01:48 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

clickndownload.cloud/css_new/font/OpenSans-Regular.woff

104.21.64.1

200 OK

68 kB

URL GET
clickndownload.cloud/css_new/font/OpenSans-Regular.woff
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
Web Open Font Format, TrueType, length 67528, version 1.10
Size
68 kB (67528 bytes)
Hash
33ad0b840f7ea248dbc031820adf3040
e2b8f3a755202c8557093b44bcfccdec10d3ff0a
d12fd1d8afb1c2d8cb9d59868336a6c9e357af548f36aa41bcdb12fa19158365

HTTP Headers

GET /css_new/font/OpenSans-Regular.woff HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/css_new/style.css?r=1
Cookie: aff=46132
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: application/font-woff
content-length: 67528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6yuAxw65SGUdpEnHJYnxRqH6iOg%2Ba%2Fya2%2FjKSMOkKPEdjJEMAgIE3LXVfXlABTpz9LGERp5SkctEFN26ffmzZbKp8PsOQKoTfoOpOkohNRZlrGwQer2NiSexrlhkQFixMZrbYvfD5g%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "107c8-59e95997d6180"
accept-ranges: bytes
age: 1525
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 94b92167bfdd56bb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6787&min_rtt=664&rtt_var=4386&sent=101&recv=130&lost=0&retrans=0&sent_bytes=19742&recv_bytes=9461&delivery_rate=397767&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=75eb463c8c452ff5&ts=1056&inflight_dur=56&x=80"

oamsedsaiph.net/5/2234672/?oo=1&abt_opts=1&js_build=iclick-v1.1456.0&dmn=madurird.com&tt=2&ix=0&userId=0801e0c06aba4f65e23f2ca52db02734

139.45.195.9

204 No Content

0 B

URL POST
oamsedsaiph.net/5/2234672/?oo=1&abt_opts=1&js_build=iclick-v1.1456.0&dmn=madurird.com&tt=2&ix=0&userId=0801e0c06aba4f65e23f2ca52db02734
IP
139.45.195.9:443
ASN
#9002 RETN Limited

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerLet's Encrypt
Subjectoamsedsaiph.net
FingerprintDE:D8:F0:3D:9C:E8:22:B5:A9:2B:DB:CF:ED:EB:34:A7:81:7E:67:CE
ValidityFri, 25 Apr 2025 09:17:16 GMT - Thu, 24 Jul 2025 09:17:15 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /5/2234672/?oo=1&abt_opts=1&js_build=iclick-v1.1456.0&dmn=madurird.com&tt=2&ix=0&userId=0801e0c06aba4f65e23f2ca52db02734 HTTP/1.1
Host: oamsedsaiph.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2621
Origin: https://clickndownload.cloud
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Cookie: OAID=0081e021fcf44580f45de2a346bd85cd; oaidts=1749225710
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Fri, 06 Jun 2025 16:01:50 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://clickndownload.cloud
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

clickndownload.live/l4b5cvcvf8vc

188.114.96.1

302 Found

54 kB

URL User Request GET
clickndownload.live/l4b5cvcvf8vc
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectclickndownload.live
Fingerprint5C:9E:08:AA:EC:7A:D8:4A:1A:CD:AA:2D:C5:ED:67:4A:F9:0B:0C:BD
ValiditySun, 25 May 2025 05:07:03 GMT - Sat, 23 Aug 2025 06:05:30 GMT

File type

Size
54 kB (53771 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /l4b5cvcvf8vc HTTP/1.1
Host: clickndownload.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 06 Jun 2025 16:01:47 GMT
content-length: 0
location: https://clickndownload.cloud/l4b5cvcvf8vc
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rivKXB4sIEVNHyou6X7m%2B8L4dsrcFj2IEAUzH%2BAhVkaGEbacz8TYgsguvV0ZUAb38nNInXpMMCtPRMK%2BT7VMrDknscs1xznUdLxuYyEEarFW"}]}
cf-ray: 94b9215bcbd156c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

clickndownload.cloud/l4b5cvcvf8vc

104.21.64.1

200 OK

54 kB

URL User Request GET
clickndownload.cloud/l4b5cvcvf8vc
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (28160)
Size
54 kB (53771 bytes)
Hash
06bd54712b4b51626ed4296c38e745db
8d3384acb5ace79fc1899a252e622a171d251937
e94e46e623ff365389961b0cafa18f61960eb7c030460429514538655b955edc

HTTP Headers

GET /l4b5cvcvf8vc HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:47 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Thu, 05 Jun 2025 16:01:47 GMT
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=SwxqbNwjwoRG2gGDfZxl6laTNgAWAIP2pDnvzAdfMY5N0TmfXX7ZtsgQSkUG2I%2BC7srCAVQNkZ7X6PTv1CTaAdU%2B41vJOlyIgISGEkwfFlIj9Q%3D%3D"}]}
content-encoding: br
set-cookie: aff=46132; Path=/; Domain=clickndownload.cloud; Expires=Fri, 20 Jun 2025 16:01:47 GMT
cf-ray: 94b9215e0c285699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

clickndownload.cloud/js/jquery.cookie.js

104.21.64.1

200 OK

3.1 kB

URL GET
clickndownload.cloud/js/jquery.cookie.js
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
JavaScript source, ASCII text
Size
3.1 kB (3121 bytes)
Hash
ff14e4812b7f512e620b1ad35542bcfc
c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae
c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96

HTTP Headers

GET /js/jquery.cookie.js HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/l4b5cvcvf8vc
Cookie: aff=46132
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 15 Feb 2020 04:18:27 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=JxhjDBR5qr3v1S11o9Z9emH77tzbnKPMEL4%2FVCAkb5tDZWrGfry9bL51B165PYyrCwLrrCANrhDl0TcOtKGta136VBVQXrpBX5bGihtpvpvQRA%3D%3D"}]}
age: 1763
cache-control: max-age=14400
cf-cache-status: HIT
etag: W/"c31-59e959d202ac0"
content-encoding: br
cf-ray: 94b921630b655699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

clickndownload.cloud/js/paging.js

104.21.64.1

200 OK

1.8 kB

URL GET
clickndownload.cloud/js/paging.js
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
HTML document, ASCII text
Size
1.8 kB (1849 bytes)
Hash
3686c6282d9c94c620e42508fb5d0e18
97c9a31b1f7946d5f3ba6a5047c95cf38456fa64
e1d4f21db649ec5795e70cb72e59fdec97af300c64b5d8abbc67f00688eb0ecd

HTTP Headers

GET /js/paging.js HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/l4b5cvcvf8vc
Cookie: aff=46132
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 15 Feb 2020 04:18:25 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7oTq3lU5CD37xPcgNEk5455%2F%2BoMbNbW8wFFnkvOSlIzfoMKMnTAAU6s5uqmpvnbRPWPDyFigkIE%2B8udTY%2BOTuP6rOz7k3y3cusI2mrHX%2FJNxeg%3D%3D"}]}
age: 1763
cache-control: max-age=14400
cf-cache-status: HIT
etag: W/"739-59e959d01a640"
content-encoding: br
cf-ray: 94b921631b7f5699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

experttrafficcounter.com/stats

52.58.57.192

200 OK

40 B

URL GET
experttrafficcounter.com/stats
IP
52.58.57.192:443
ASN
#16509 AMAZON-02

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerAmazon
Subjectexperttrafficcounter.com
FingerprintCE:93:F6:82:20:C2:20:51:6E:53:85:EC:03:9C:48:F0:13:0B:67:D7
ValidityTue, 29 Apr 2025 00:00:00 GMT - Thu, 28 May 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
d80a59b6a990a068a88a78af3a6faef3
bd5f44e8aa4389af16256df57ceee2cafe463dc1
4ddc5b54e4bb698aaa752c9a9aa6959935f69b90df6ad2a646df8a353b9722be

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clickndownload.cloud
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:49 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://clickndownload.cloud
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=64704ffc-59f0-4836-9bb5-1adade40607a:1:1; expires=Mon, 04 Jun 2035 16:01:49 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

clicknupload.click/?op=sso

188.114.97.1

200 OK

30 B

URL GET
clicknupload.click/?op=sso
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclicknupload.click
FingerprintB1:F2:BC:3D:0A:D7:71:04:BD:20:26:B3:5C:C6:46:6E:B2:68:01:CF
ValiditySun, 25 May 2025 03:14:19 GMT - Sat, 23 Aug 2025 04:13:01 GMT

File type
JSON text data
Size
30 B (30 bytes)
Hash
c5211db7f02c6e3531481dc39a027683
6fa951f3ad980a81a05099772e667d83af31e962
5ed798f3c72a867abfc7c5e46d413723dc7d96ca5b37b62eb2950030a9d0577c

HTTP Headers

GET /?op=sso HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clickndownload.cloud/
Origin: https://clickndownload.cloud
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Jun 2025 16:01:49 GMT
content-type: application/json
server: cloudflare
access-control-allow-origin: https://clickndownload.cloud
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=bMZFJU55NvNH%2BGaNingWOCotFC5HNV0GGZJ6s8FoW2DYkzhZ8AQpVLw0jwq6UNq1Zorl6%2Fu%2BE79vAhcZcJKpDyjzuHLZx8gtAG0Ud2TZGS8%3D"}]}
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-encoding: br
cf-ray: 94b921679baa712a-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

use.fontawesome.com/releases/v5.1.1/webfonts/fa-solid-900.woff2

104.21.27.152

200 OK

60 kB

URL GET
use.fontawesome.com/releases/v5.1.1/webfonts/fa-solid-900.woff2
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint2F:A0:71:2B:C1:50:E8:B9:6E:F6:46:C3:85:EA:4E:30:ED:94:CB:C6
ValiditySun, 04 May 2025 00:52:35 GMT - Sat, 02 Aug 2025 01:52:29 GMT

File type
Web Open Font Format (Version 2), TrueType, length 59604, version 1.0
Size
60 kB (59604 bytes)
Hash
e8a92a29978352517c450b9a800b06cb
f2da460d41f0a68bcab83ed33073bb57d2c38484
b82ad8fbcf9bf844726f648ef268b74f8c2f668f56eafd98b05703e086ff1d5b

HTTP Headers

GET /releases/v5.1.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clickndownload.cloud
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: font/woff2
content-length: 59604
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "e8a92a29978352517c450b9a800b06cb"
last-modified: Fri, 22 Sep 2023 01:44:27 GMT
vary: Origin, Accept-Encoding
age: 1763
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PS16RDpSoyNsadyTU59BY3Z1btG8S5XOiriVcswLHXAzr7u8498TJJap5cVzIzNoLOksZaF05LJrvukAGoKB5%2BrTewpODZRXLcVW8bbIdeZ0%2FY8XycByPtE5W80ZaUjC%2BGMOmdO8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 94b92167bdfd5684-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4258&min_rtt=520&rtt_var=5249&sent=26&recv=15&lost=0&retrans=2&sent_bytes=19023&recv_bytes=1399&delivery_rate=7985294&cwnd=253&unsent_bytes=0&cid=6b2657570a6863bc&ts=742&x=0"
X-Firefox-Spdy: h2

experttrafficcounter.com/stats

52.58.57.192

200 OK

40 B

URL GET
experttrafficcounter.com/stats
IP
52.58.57.192:443
ASN
#16509 AMAZON-02

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerAmazon
Subjectexperttrafficcounter.com
FingerprintCE:93:F6:82:20:C2:20:51:6E:53:85:EC:03:9C:48:F0:13:0B:67:D7
ValidityTue, 29 Apr 2025 00:00:00 GMT - Thu, 28 May 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
d80a59b6a990a068a88a78af3a6faef3
bd5f44e8aa4389af16256df57ceee2cafe463dc1
4ddc5b54e4bb698aaa752c9a9aa6959935f69b90df6ad2a646df8a353b9722be

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clickndownload.cloud
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Cookie: uid_id2=64704ffc-59f0-4836-9bb5-1adade40607a:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:49 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://clickndownload.cloud
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js

104.18.10.207

200 OK

60 kB

URL GET
stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint73:3E:54:5A:E7:0A:B5:3C:11:79:4A:9F:FE:64:7B:38:B7:15:03:C0
ValidityWed, 14 May 2025 02:01:13 GMT - Tue, 12 Aug 2025 03:00:50 GMT

File type
JavaScript source, ASCII text, with very long lines (59893)
Size
60 kB (60174 bytes)
Hash
6bea60c34c5db6797150610dacdc6bce
544afefd148715da7dd52d368a414703390ca0e0
38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff

HTTP Headers

GET /bootstrap/4.5.0/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: application/javascript; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: "6bea60c34c5db6797150610dacdc6bce"
last-modified: Mon, 25 Jan 2021 22:04:10 GMT
cdn-cachedat: 11/29/2024 22:45:25
cdn-proxyver: 1.06
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 860
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requesttime: 0
cdn-requestid: a0e57fe1a84c8a3f8cfb9235a46d71d4
cdn-cache: HIT
cf-cache-status: HIT
age: 223764
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 94b921634e7c56a5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

stationshy.com/a1/90/5d/a1905d2642267dd1c1ad339abf69efcf.js

172.240.127.234

200 OK

104 kB

URL GET
stationshy.com/a1/90/5d/a1905d2642267dd1c1ad339abf69efcf.js
IP
172.240.127.234:443
ASN
#7979 SERVERS-COM

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerLet's Encrypt
Subjectstationshy.com
Fingerprint87:1A:EC:21:15:1A:5E:7D:6D:3F:52:C0:7C:66:6D:05:C6:6A:C0:DE
ValidityWed, 28 May 2025 21:29:05 GMT - Tue, 26 Aug 2025 21:29:04 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
104 kB (104450 bytes)
Hash
6dcd69999f3fafb9270fa63b8508f4f7
a61b76f1b70f942e29fc6875332285481fd3c495
0fc0fdda21ffc7252b360ec7fb9dbb754a98a5e85d2507cec17a0763c0763b6d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /a1/90/5d/a1905d2642267dd1c1ad339abf69efcf.js HTTP/1.1
Host: stationshy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 06 Jun 2025 16:01:48 GMT
Content-Type: application/javascript
Content-Length: 32744
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 4
Host: stationshy.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 3dcdddab892edcd55c8f64681a2b55b7
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

clicknupload.click/images/buy_btc.png

188.114.97.1

200 OK

6.6 kB

URL GET
clicknupload.click/images/buy_btc.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclicknupload.click
FingerprintB1:F2:BC:3D:0A:D7:71:04:BD:20:26:B3:5C:C6:46:6E:B2:68:01:CF
ValiditySun, 25 May 2025 03:14:19 GMT - Sat, 23 Aug 2025 04:13:01 GMT

File type
PNG image data, 105 x 40, 8-bit/color RGBA, non-interlaced
Size
6.6 kB (6552 bytes)
Hash
aabeda231fd89740160b26231cde4146
b448e7995944224d9fab644f1628070893b7060b
c73e92d4d4acbcdf2e2f21fa0fe4e2a383edb6ec2385fd6cefa6c5ea11b07e5d

HTTP Headers

GET /images/buy_btc.png HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: image/png
content-length: 6552
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "1998-59e95997d6180"
accept-ranges: bytes
age: 4374
cache-control: max-age=14400
cf-cache-status: HIT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6uA6rXw1HyjFlCAjtqbXGvhBCTvPh2Qh1B1dJ3E2Xpp8WN2LRY%2F2Ht0CXhCB3LisbniG%2FKslwLChmPNCR99xhoTpSv7LhF2iHbXC0OEYsAQ%3D"}]}
cf-ray: 94b92164094056b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

oamsedsaiph.net/5/2234672/?oo=1&js_build=iclick-v1.1456.0&dmn=madurird.com&tt=2&ix=0

139.45.195.9

200 OK

237 B

URL POST
oamsedsaiph.net/5/2234672/?oo=1&js_build=iclick-v1.1456.0&dmn=madurird.com&tt=2&ix=0
IP
139.45.195.9:443
ASN
#9002 RETN Limited

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerLet's Encrypt
Subjectoamsedsaiph.net
FingerprintDE:D8:F0:3D:9C:E8:22:B5:A9:2B:DB:CF:ED:EB:34:A7:81:7E:67:CE
ValidityFri, 25 Apr 2025 09:17:16 GMT - Thu, 24 Jul 2025 09:17:15 GMT

File type
JSON text data
Size
237 B (237 bytes)
Hash
58945c8245aef31b878de53908034a8b
9d7c093102de66bf39b0efeef81ccc4ebc2c8ec1
72d93f9cb937cf11940fe9d25c49169354e4dae211e26f5ce4288ea742c5305d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /5/2234672/?oo=1&js_build=iclick-v1.1456.0&dmn=madurird.com&tt=2&ix=0 HTTP/1.1
Host: oamsedsaiph.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2621
Origin: https://clickndownload.cloud
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 06 Jun 2025 16:01:50 GMT
content-type: application/json
content-length: 237
x-trace-id: cc7ef375aaeef1ecea26f69c7a3305bd
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://clickndownload.cloud
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0081e021fcf44580f45de2a346bd85cd; expires=Sat, 06 Jun 2026 16:01:50 GMT; path=/; secure; SameSite=None
oaidts=1749225710; expires=Sat, 06 Jun 2026 16:01:50 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css

104.18.10.207

200 OK

24 kB

URL GET
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint73:3E:54:5A:E7:0A:B5:3C:11:79:4A:9F:FE:64:7B:38:B7:15:03:C0
ValidityWed, 14 May 2025 02:01:13 GMT - Tue, 12 Aug 2025 03:00:50 GMT

File type
ASCII text, with very long lines (23577)
Size
24 kB (23739 bytes)
Hash
04425bbdc6243fc6e54bf8984fe50330
8c15c6bd82c71e9ef1bb11cf24e502fe07518ac5
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

HTTP Headers

GET /font-awesome/4.3.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: "04425bbdc6243fc6e54bf8984fe50330"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver: 1.06
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/06/2024 09:03:28
cdn-edgestorageid: 1068
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requesttime: 0
cdn-requestid: 145fa65275dd7fc0ae8191346cf3bbbe
cdn-cache: HIT
cf-cache-status: HIT
age: 224369
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 94b92163cf2156a5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

clickndownload.cloud/images_new/logo.png

104.21.64.1

200 OK

3.8 kB

URL GET
clickndownload.cloud/images_new/logo.png
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
PNG image data, 266 x 45, 8-bit/color RGBA, non-interlaced
Size
3.8 kB (3756 bytes)
Hash
18dbed375d9a1ef749c74ac5138aa264
6282f8a7fcd2f81658d834f8c9f304d28555787c
4f331ff98a0e33ce634a2135e9a9e580b841595848450ab0533ce84a3e7bc0e1

HTTP Headers

GET /images_new/logo.png HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/css_new/style.css?r=1
Cookie: aff=46132
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: image/png
content-length: 3756
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=irqmp9twPMlVlVo0iFzkBrxu8pQqHhY4UruNz9OzXlzRI8%2Bn8AvNTRKRvx3Oge8wgxde4HVz%2BaRzFwbv6OPNi066QhpUTl52zWJ4jAHHWroxuafiaxq94EaUVAyG%2BQLBjvAV1Vh1eA%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "eac-59e95997d6180"
accept-ranges: bytes
age: 1763
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 94b921679fd656bb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6787&min_rtt=664&rtt_var=4386&sent=88&recv=130&lost=0&retrans=0&sent_bytes=7742&recv_bytes=9461&delivery_rate=397767&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=75eb463c8c452ff5&ts=1049&inflight_dur=51&x=80"

clickndownload.cloud/images_new/ico_support.png

104.21.64.1

200 OK

582 B

URL GET
clickndownload.cloud/images_new/ico_support.png
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
PNG image data, 18 x 14, 8-bit/color RGBA, non-interlaced
Size
582 B (582 bytes)
Hash
56939c60e9460aecb545fdd7e87a83bf
261218ad70531ed0fb66ab20429fe38b9bd75301
699fd60d3ddd379687c3b3e497db49ea4d28b7a9292cc7f09e3704990b56a0ba

HTTP Headers

GET /images_new/ico_support.png HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/css_new/style.css?r=1
Cookie: aff=46132
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: image/png
content-length: 582
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j7nKVzuVgFspuJpby98qGM4kgd2c4zEFNpfllJevsb6PF0HX4y6VsgMvtXMkBC9ZKHeBrsEOMl3Bc3D97vUpsq%2BSIr7FppJXTfNGB6RlPnkbRjuWL65goXVv08vvQfok5dyH0cWQTg%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "246-59e95997d6180"
accept-ranges: bytes
age: 1763
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 94b92167afd856bb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6787&min_rtt=664&rtt_var=4386&sent=92&recv=130&lost=0&retrans=0&sent_bytes=12304&recv_bytes=9461&delivery_rate=397767&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=75eb463c8c452ff5&ts=1050&inflight_dur=51&x=80"

clickndownload.cloud/images_new/ico_signup.png

104.21.64.1

200 OK

437 B

URL GET
clickndownload.cloud/images_new/ico_signup.png
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
PNG image data, 19 x 15, 8-bit/color RGBA, non-interlaced
Size
437 B (437 bytes)
Hash
cc927adee9d551cb449bc15c8a05e1ee
015a8551352393fde20a76d274f13da1cb54aa3b
094fde141b6a59b1ad394ae642df5776c43ea0e81a9fce018187832d106b7738

HTTP Headers

GET /images_new/ico_signup.png HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/css_new/style.css?r=1
Cookie: aff=46132
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: image/png
content-length: 437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=200J64sSCnPMAqEgiu17%2FuxwqzqBfGHUBnJzhrit4uLteqykNfDNV07QYUmVj0WtFWRRIaNtoql3Zl927IW%2FdFhOizXTOCRLh0RzwVR2ZzUfsR9KIfJvCDJ4nvtLCGZz3NOp8jA25g%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "1b5-59e95997d6180"
accept-ranges: bytes
age: 1763
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 94b92167afda56bb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6787&min_rtt=664&rtt_var=4386&sent=94&recv=130&lost=0&retrans=0&sent_bytes=13599&recv_bytes=9461&delivery_rate=397767&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=75eb463c8c452ff5&ts=1051&inflight_dur=52&x=80"

clickndownload.cloud/images_new/ico_superfast.png

104.21.64.1

200 OK

603 B

URL GET
clickndownload.cloud/images_new/ico_superfast.png
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
PNG image data, 49 x 55, 8-bit/color RGBA, non-interlaced
Size
603 B (603 bytes)
Hash
846cf458878e3c543e2f0fd6ff940146
c6292ced1aa145007a860bc7352e37e5dd706349
eb396ed047a76891a140323880f45163f88165bb334bdbd2e53c575f012804ed

HTTP Headers

GET /images_new/ico_superfast.png HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/l4b5cvcvf8vc
Cookie: aff=46132
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: image/png
content-length: 603
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NHF3qnHld%2FbZftPy7DxwpxzZ9tL5%2FdLe4UousZw%2BEf0kWqfVsUznpAr1QYQKmPQQdTcmFWWIK2gtbOHcw8ZN2mxm4yu%2BiDI%2FAxsbzQuCtv1IP4uRtUVjsV5Epct%2BDMVTEUWxeyygaA%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "25b-59e95997d6180"
accept-ranges: bytes
age: 1763
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 94b921685fe356bb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=5268&min_rtt=664&rtt_var=2368&sent=176&recv=137&lost=0&retrans=0&sent_bytes=103475&recv_bytes=10056&delivery_rate=8423532&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=96000&unsent_bytes=0&cid=75eb463c8c452ff5&ts=1156&inflight_dur=74&x=80"

use.fontawesome.com/releases/v5.1.1/css/v4-shims.css

104.21.27.152

200 OK

27 kB

URL GET
use.fontawesome.com/releases/v5.1.1/css/v4-shims.css
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint2F:A0:71:2B:C1:50:E8:B9:6E:F6:46:C3:85:EA:4E:30:ED:94:CB:C6
ValiditySun, 04 May 2025 00:52:35 GMT - Sat, 02 Aug 2025 01:52:29 GMT

File type
ASCII text, with very long lines (26508)
Size
27 kB (26688 bytes)
Hash
01727b5056f65c2ac938f5db4e552b10
a44b4f2f268d7fdd5fa700d8f1b71f6a85fb7c39
1458c65cd927c3e5bf35667665280eaaf849eef09ed217983334c5c8a78f6759

HTTP Headers

GET /releases/v5.1.1/css/v4-shims.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"01727b5056f65c2ac938f5db4e552b10"
last-modified: Fri, 22 Sep 2023 01:44:26 GMT
vary: Accept-Encoding
age: 222572
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IOOcoXsBNozoaOPRWTNawP0SgmLsN8B%2F1Zm9wmqdYkMxw7jLV7e%2FxcXldregLW9Mn8jvGx%2B%2FF567wbPnG2Ep0JawwWqTXUZdzmUXtdDg4MuIoxWI0OxHMWWI3YC0PGPlTDxNEkkC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 94b921639fdb5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=1336&min_rtt=520&rtt_var=686&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3198&recv_bytes=1066&delivery_rate=7985294&cwnd=253&unsent_bytes=0&cid=6b2657570a6863bc&ts=78&x=0"
X-Firefox-Spdy: h2

clicknupload.click/js/dialogs.js

188.114.97.1

200 OK

2.2 kB

URL GET
clicknupload.click/js/dialogs.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclicknupload.click
FingerprintB1:F2:BC:3D:0A:D7:71:04:BD:20:26:B3:5C:C6:46:6E:B2:68:01:CF
ValiditySun, 25 May 2025 03:14:19 GMT - Sat, 23 Aug 2025 04:13:01 GMT

File type
ASCII text
Size
2.2 kB (2198 bytes)
Hash
2f96a16e62a9d63834bbb6108f83d90b
7da8c8e56e98e99c6c891f6b44d135fb1276a32c
71fea8e764130d6d3e79297c3c69a3f30ba91e929ef79753dc6fd807d04bc03d

HTTP Headers

GET /js/dialogs.js HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: application/javascript
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 15 Feb 2020 04:18:22 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=YeTK8pixX2p87xUZ6GEo6zk63jm%2F8Ft5eXkw7AO85GQ14akpSMabxrPcYrpfyB6RQhmIVM%2Bm25CPU1JSpnFqBqS2MTJPMLLnuNXAk7ZGmvk%3D"}]}
age: 1248
cache-control: max-age=14400
cf-cache-status: HIT
etag: W/"896-59e959cd3df80"
content-encoding: br
cf-ray: 94b92164093656b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

clicknupload.click/images/buy_ltc.png

188.114.97.1

200 OK

9.4 kB

URL GET
clicknupload.click/images/buy_ltc.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclicknupload.click
FingerprintB1:F2:BC:3D:0A:D7:71:04:BD:20:26:B3:5C:C6:46:6E:B2:68:01:CF
ValiditySun, 25 May 2025 03:14:19 GMT - Sat, 23 Aug 2025 04:13:01 GMT

File type
PNG image data, 105 x 40, 8-bit/color RGBA, non-interlaced
Size
9.4 kB (9409 bytes)
Hash
37d6e42e503157e2a89a8cadc4eb6478
320154baf290f5ae67a8d607b113ead68d2c576d
c8237c1024afc9b010ff81c2563a86c4a28d4c5486f9105aa2f06c4c5069e401

HTTP Headers

GET /images/buy_ltc.png HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: image/png
content-length: 9409
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "24c1-59e95997d6180"
accept-ranges: bytes
age: 4374
cache-control: max-age=14400
cf-cache-status: HIT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=axV%2FmiiuOaG9mPtnHUn0ktemSeN7IqGQSajXXncP%2Fhk5sxflQiigZ5OxoCINhlUNcBTPprlxfyUWPujD7YoSxuzQGn6QztlPYaVbdL%2Fq1Ug%3D"}]}
cf-ray: 94b92164094556b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

clickndownload.cloud/images/flags.png

104.21.64.1

200 OK

15 kB

URL GET
clickndownload.cloud/images/flags.png
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
PNG image data, 1248 x 11, 8-bit/color RGBA, non-interlaced
Size
15 kB (15180 bytes)
Hash
0e7e0406e09ea913dc344ca9974ec94a
084fcf2d8e96661354a7e563f64801dfd13bead7
0787e30d6145bc8b8b92ed329f664bcc3012162ccba9ef943d7ada480afb74e9

HTTP Headers

GET /images/flags.png HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/css_new/style.css?r=1
Cookie: aff=46132
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: image/png
content-length: 15180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n0Be1K7HQBKMiXvV0rKmFRDxQoPwiU5IeR9CdYIBk05o2x0AWgw8IfpNbxKCU4%2BRgnrtQ%2BWFgiAzgAG%2BbZ6eZwFlaZE9DQiUxnUoB1dnfhiWhaxP4YzkjU469KrYN0UPq%2BDUnUFNRw%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "3b4c-59e95997d6180"
accept-ranges: bytes
age: 1763
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 94b921679fd556bb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6787&min_rtt=664&rtt_var=4386&sent=98&recv=130&lost=0&retrans=0&sent_bytes=17192&recv_bytes=9461&delivery_rate=397767&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=75eb463c8c452ff5&ts=1054&inflight_dur=55&x=80"

invadedisheartentrail.com/pixel/purst?dl=0&th=0&sc=0&rs=1837&rd=1837&fd=622&bv=25.5.2579&tmpl=70

172.240.108.84

200 OK

0 B

URL GET
invadedisheartentrail.com/pixel/purst?dl=0&th=0&sc=0&rs=1837&rd=1837&fd=622&bv=25.5.2579&tmpl=70
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerLet's Encrypt
Subjectinvadedisheartentrail.com
Fingerprint95:61:8E:B5:87:C3:51:FF:61:D7:15:A0:D3:84:2F:F7:62:3D:AF:A5
ValidityTue, 29 Apr 2025 21:47:10 GMT - Mon, 28 Jul 2025 21:47:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1837&rd=1837&fd=622&bv=25.5.2579&tmpl=70 HTTP/1.1
Host: invadedisheartentrail.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 06 Jun 2025 16:01:49 GMT
Content-Length: 0
Connection: keep-alive
Host: invadedisheartentrail.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

unseenreport.com/pxf.gif?uuid=64704ffc-59f0-4836-9bb5-1adade40607a&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=a1905d2642267dd1c1ad339abf69efcf&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16

192.243.61.227

200 OK

0 B

URL GET
unseenreport.com/pxf.gif?uuid=64704ffc-59f0-4836-9bb5-1adade40607a&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=a1905d2642267dd1c1ad339abf69efcf&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint70:62:DC:6C:0A:F4:AA:56:4E:74:DC:EF:DA:CC:60:5A:C4:34:CE:F2
ValiditySat, 17 May 2025 22:34:21 GMT - Fri, 15 Aug 2025 22:34:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=64704ffc-59f0-4836-9bb5-1adade40607a&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=a1905d2642267dd1c1ad339abf69efcf&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=16 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 06 Jun 2025 16:01:50 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: unseenreport.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 99b5b8e96e3af8e1dcc01635929edbaf
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

code.jquery.com/jquery-3.5.1.min.js

151.101.2.137

200 OK

90 kB

URL GET
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 06 Jun 2025 16:01:48 GMT
age: 2162641
x-served-by: cache-lga21981-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 64, 101319
x-timer: S1749225708.184056,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

clickndownload.cloud/images_new/ico_signin.png

104.21.64.1

200 OK

491 B

URL GET
clickndownload.cloud/images_new/ico_signin.png
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
PNG image data, 16 x 15, 8-bit/color RGBA, non-interlaced
Size
491 B (491 bytes)
Hash
eb6902fefa5b8570ff46ffcb645004ca
badf718d8d54d271294131f50c37978367b7c263
3d1458173a2dd8f3b5258fb0fca34a0942a88e0ace54757018653d83bc539822

HTTP Headers

GET /images_new/ico_signin.png HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/css_new/style.css?r=1
Cookie: aff=46132
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: image/png
content-length: 491
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6kEjKnxemjUcx5T5iaz3IBWJl%2FFNIxBzeDEJCIMReEtLyfDdqS1OdFyNUduhn1mPVeeI5Y8MyUcBgwZI1OviRP4XKfgilFhmYHmH2QEGqJN4iW3%2Bj0qwendWt6V0TIkPWZjpq7wclQ%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "1eb-59e95997d6180"
accept-ranges: bytes
age: 1763
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 94b92167afd956bb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6787&min_rtt=664&rtt_var=4386&sent=95&recv=130&lost=0&retrans=0&sent_bytes=14724&recv_bytes=9461&delivery_rate=397767&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=75eb463c8c452ff5&ts=1051&inflight_dur=53&x=80"

recordedthereby.com/sfp.js

185.196.197.72

200 OK

85 kB

URL GET
recordedthereby.com/sfp.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerLet's Encrypt
Subjectrecordedthereby.com
Fingerprint43:76:D8:56:43:66:8A:49:51:DC:E6:8E:5A:E9:35:93:29:07:37:C1
ValidityMon, 05 May 2025 21:20:39 GMT - Sun, 03 Aug 2025 21:20:38 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
85 kB (85380 bytes)
Hash
108625937affa4b38bb17cea65510d72
2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee
c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 06 Jun 2025 16:01:49 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28255
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: be09d9eee1a5f3ffe229569451b23805
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

my.rtmark.net/gid.js

104.18.41.22

200 OK

65 B

URL GET
my.rtmark.net/gid.js
IP
104.18.41.22:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint61:93:FB:BF:25:C3:CE:7B:CB:69:5D:87:04:AA:ED:1B:35:8D:44:82
ValidityFri, 02 May 2025 11:10:51 GMT - Thu, 31 Jul 2025 12:10:47 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
a0d056ba91209758d0ee307fae4f0f28
ed5329fab2b04df579d586fd94c804f330804649
76c075ceef2395d7fd1a4c0c956987361058fd0f14ca223fda9b100713b0ae92

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clickndownload.cloud
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:50 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://clickndownload.cloud
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0801e0c06aba4f65e23f2ca52db02734; expires=Sat, 06 Jun 2026 16:01:50 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 94b92170cf2256c3-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css

104.18.11.207

200 OK

23 kB

URL GET
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css
IP
104.18.11.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint73:3E:54:5A:E7:0A:B5:3C:11:79:4A:9F:FE:64:7B:38:B7:15:03:C0
ValidityWed, 14 May 2025 02:01:13 GMT - Tue, 12 Aug 2025 03:00:50 GMT

File type
ASCII text, with very long lines (23192)
Size
23 kB (23409 bytes)
Hash
ab6b02efeaf178e0247b9504051472fb
8256575374f430476bdcd49de98c77990229ce31
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e

HTTP Headers

GET /bootstrap/3.3.7/css/bootstrap-theme.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clickndownload.cloud
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"ab6b02efeaf178e0247b9504051472fb"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 03/18/2024 12:13:26
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1048
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 0e47a98a078dcdb3c6428b0fb8b13026
cdn-cache: HIT
cdn-requesttime: 0
cf-cache-status: HIT
age: 1764
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 94b921637f40b4fd-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.1.1/css/all.css

104.21.27.152

200 OK

46 kB

URL GET
use.fontawesome.com/releases/v5.1.1/css/all.css
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint2F:A0:71:2B:C1:50:E8:B9:6E:F6:46:C3:85:EA:4E:30:ED:94:CB:C6
ValiditySun, 04 May 2025 00:52:35 GMT - Sat, 02 Aug 2025 01:52:29 GMT

File type
ASCII text, with very long lines (45538)
Size
46 kB (45718 bytes)
Hash
597b70b2ce6b1483f72526c906918fe9
cdb01c449b472defd676e51a50074f5cf3f6076c
d98121a51ed3f911f519cf42be28225dc26b4c9d61cfab0a580118e5c3447463

HTTP Headers

GET /releases/v5.1.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"597b70b2ce6b1483f72526c906918fe9"
last-modified: Fri, 22 Sep 2023 01:44:26 GMT
vary: Accept-Encoding
age: 210891
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sm82OZFCp%2B4o73RODq4McyEHOLn45592WmkhSBAdROMyihAzVkeS50Xgwg6hhFbubP9%2BOQloKs3O3QuY%2F6u%2F09djBpyNhjFzITQ3tscRE4jlmFIQ8DcRI7QdCIoAUnZmgGKMF256"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 94b92163b8175684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=3294&min_rtt=520&rtt_var=4430&sent=15&recv=13&lost=0&retrans=1&sent_bytes=8326&recv_bytes=1183&delivery_rate=7985294&cwnd=253&unsent_bytes=0&cid=6b2657570a6863bc&ts=112&x=0"
X-Firefox-Spdy: h2

clickndownload.cloud/images_new/ico_money.png

104.21.64.1

200 OK

565 B

URL GET
clickndownload.cloud/images_new/ico_money.png
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type
PNG image data, 16 x 19, 8-bit/color RGBA, non-interlaced
Size
565 B (565 bytes)
Hash
38c78ab79c4abec4f68f1988b2d2f401
8339760412ede29f07476f72e3331292633c8c19
fe08ea553a6794875a3e8e4b2dfd4a13386a71a7cd768daa82cfba983d2aba36

HTTP Headers

GET /images_new/ico_money.png HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/css_new/style.css?r=1
Cookie: aff=46132
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: image/png
content-length: 565
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bGLdo76C6Fd3XV%2FW03q9lmxl%2FGoDkjGCsNxYje%2F%2FQTuIAyMD8xnQnPs6LXvwXiDgpJrwRSCoosscsyRQnCFlfgtpa3CiTX%2FxP%2FM5E3mW66q7jv%2BSLdWy62qXCXNEbn1IdnRgZCmvYw%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "235-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 1763
accept-ranges: bytes
cf-ray: 94b92167afd756bb-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=6787&min_rtt=664&rtt_var=4386&sent=96&recv=130&lost=0&retrans=0&sent_bytes=15904&recv_bytes=9461&delivery_rate=397767&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=75eb463c8c452ff5&ts=1052&inflight_dur=54&x=80"

clickndownload.cloud/l4b5cvcvf8vc

104.21.64.1

200 OK

0 B

URL HEAD
clickndownload.cloud/l4b5cvcvf8vc
IP
104.21.64.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerGoogle Trust Services
Subjectclickndownload.cloud
Fingerprint9E:25:C0:B0:96:00:51:83:E4:CF:DF:40:DE:D0:C0:05:1F:EA:C8:C2
ValidityFri, 06 Jun 2025 13:19:54 GMT - Thu, 04 Sep 2025 14:18:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /l4b5cvcvf8vc HTTP/1.1
Host: clickndownload.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/l4b5cvcvf8vc
Cookie: aff=46132
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 06 Jun 2025 16:01:48 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AXmg4dvs%2BizeV65PBCPRT54Qd2UgFztKvtaPccXG9qDMbShHjTNYKrB10x%2BvdFp9iTY5xNv%2BFILq6QlX8fKukSkj73tRNVcYkvOCwdMb0mDyxrdCin1gm4ukWnfv%2BuEaech587AmwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Thu, 05 Jun 2025 16:01:48 GMT
set-cookie: ref_url=https%3A%2F%2Fclickndownload.cloud%2Fl4b5cvcvf8vc; domain=.clickndownload.cloud; path=/; expires=Fri, 20-Jun-2025 16:01:48 GMT
aff=46132; domain=.clickndownload.cloud; path=/; expires=Fri, 20-Jun-2025 16:01:48 GMT
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 94b92167bfdc56bb-OSL
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4786&min_rtt=664&rtt_var=2742&sent=178&recv=138&lost=0&retrans=0&sent_bytes=104801&recv_bytes=10101&delivery_rate=8423532&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=96000&unsent_bytes=0&cid=75eb463c8c452ff5&ts=1182&inflight_dur=76&x=80"

capaciousdrewreligion.com/advertisers.js

185.196.197.71

200 OK

0 B

URL GET
capaciousdrewreligion.com/advertisers.js
IP
185.196.197.71:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://clickndownload.cloud/l4b5cvcvf8vc
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint4C:9A:D1:39:AD:B4:C8:D5:6E:A1:5A:54:6F:88:D5:0F:D1:C6:5A:06
ValidityFri, 02 May 2025 21:09:09 GMT - Thu, 31 Jul 2025 21:09:08 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 06 Jun 2025 16:01:49 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: a3876ae52253aa1407d76f0922e159dc
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML