Report - csk.artclass.site/load.html?game=templerun2

Report Overview

Visited public
2024-05-22 09:32:07
Tags
URL
csk.artclass.site/load.html?game=templerun2
Finishing URL
csk.artclass.site/load.html?game=templerun2
IP / ASN
104.21.234.104
#13335 CLOUDFLARENET
Title
Temple Run 2 | Art Class

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2024-05-21 14:57:16	338 B	942 B	143.204.53.97
cdn.creative-bars1.com	unknown	2022-11-01	2022-11-15 17:46:22	2024-05-19 10:10:14	2.8 kB	185 kB	172.67.141.24
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2024-05-21 12:08:33	1.5 kB	846 B	192.243.61.227
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2024-05-20 18:13:46	2.0 kB	94 kB	151.101.193.229
pl22708848.profitablegatecpm.com	unknown	unknown	No data	No data	453 B	17 kB	192.243.59.13
detectivespreferably.com	unknown	unknown	No data	No data	493 B	467 B	172.240.108.76
abodedistributionpan.com	unknown	2024-05-06	2024-05-07 13:41:37	2024-05-16 18:33:21	8.5 kB	45 kB	192.243.61.225
analytics.proudparrot2.tech	unknown	unknown	No data	No data	415 B	0 B	0.0.0.0
csk.artclass.site	unknown	unknown	No data	No data	7.4 kB	783 kB	104.21.234.105
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-05-21 07:54:57	912 B	9.5 kB	142.250.74.106
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-05-20 18:38:08	424 B	103 kB	142.250.74.168
play-lh.googleusercontent.com	407	2008-11-17	2019-09-30 08:57:53	2024-05-21 18:15:15	493 B	542 kB	172.217.21.182
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2024-05-19 21:28:41	435 B	424 B	52.59.123.150
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-05-21 01:09:49	1.7 kB	82 kB	142.250.74.99
recordedthereby.com	unknown	2024-05-08	2024-05-14 07:24:53	2024-05-19 00:17:08	808 B	173 kB	188.114.96.1
cdn.barscreative1.com	25648	2021-09-08	2021-09-16 13:14:42	2024-05-19 10:10:13	481 B	1.5 kB	45.133.44.4

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-21	medium	abodedistributionpan.com	Sinkholed
2024-05-21	medium	abodedistributionpan.com	Sinkholed
2024-05-21	medium	abodedistributionpan.com	Sinkholed
2024-05-21	medium	abodedistributionpan.com	Sinkholed
2024-05-21	medium	abodedistributionpan.com	Sinkholed
2024-05-22	medium	unseenreport.com	Sinkholed
2024-05-22	medium	unseenreport.com	Sinkholed
2024-05-21	medium	abodedistributionpan.com	Sinkholed
2024-05-21	medium	abodedistributionpan.com	Sinkholed
2024-05-21	medium	abodedistributionpan.com	Sinkholed
2024-05-22	medium	recordedthereby.com	Sinkholed
2024-05-21	medium	abodedistributionpan.com	Sinkholed
2024-05-22	medium	recordedthereby.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	From	Size	First Seen	Last Seen
	csk.artclass.site/load.html?game=templerun2	ScriptElement	0 B	0001-01-01	2025-04-30
Pretty URL csk.artclass.site/load.html?game=templerun2 IP 104.21.234.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-04-30 05:34 Times Seen4579607 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	csk.artclass.site/js/index.js	ScriptElement	3.9 kB	2024-04-26	2024-10-15
Pretty URL csk.artclass.site/js/index.js IP 104.21.234.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:30 Last Seen2024-10-15 04:57 Times Seen10 Hash 570857415dbeff33e6dd0c1f66c17ac8 94b2938a6a73f7f158be7d08a37c49e07815e45f 7074356f23934938d70886bfb268820552fb8859fefd351a5828bfdd1d708955 Loading...

	csk.artclass.site/js/load.js	ScriptElement	2.6 kB	2024-04-26	2024-08-20
Pretty URL csk.artclass.site/js/load.js IP 104.21.234.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:30 Last Seen2024-08-20 02:32 Times Seen2 Hash b30437e23a1ec4cca524f92dcc9bb0cd 9c88cb22711b69c403125010e61dd3f33f85d9e5 1eec1fec003bf116bbea07badd19c251f38cacd9d6ed4af38fec1b77303f7833 Loading...

	recordedthereby.com/sfp.js	ScriptElement	85 kB	2024-05-17	2025-01-21
Pretty URL recordedthereby.com/sfp.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-17 16:43 Last Seen2025-01-21 11:22 Times Seen13574 Hash 7e3e44049654b6e244c1777e68ffb8e7 8f2a8298666d607afd92a0baa362ef4dc9ccd039 4acac8b8ff23671d365150818f3c39bbbfa08b1a1842d73de5933e0fea26454b Loading...

	csk.artclass.site/uv/uv.bundle.js	ScriptElement	672 kB	2023-07-14	2025-03-06
Pretty URL csk.artclass.site/uv/uv.bundle.js IP 104.21.234.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-14 21:07 Last Seen2025-03-06 16:12 Times Seen15 Hash 4a35d09930d1318aa07aafbc6e0fe817 d0986d9050ce27d08abb01d2af8af9b7dbaae253 764447d9c52eec36d699a359467d507935829d363049431c3e6d5cae6f2cbd25 Loading...

	csk.artclass.site/assets/data/games.js	ScriptElement	26 kB	2024-04-26	2024-08-20
Pretty URL csk.artclass.site/assets/data/games.js IP 104.21.234.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:30 Last Seen2024-08-20 02:32 Times Seen2 Hash 0db2eed829115b147c3da0ff3dfd7a19 d27e7070f36b0277fa5576adc311200bd9f08efa 457c85e69f8cef99e934ce372512f0a6754512f2e5e7273d3844fde450a7781f Loading...

	csk.artclass.site/assets/data/apps.js	ScriptElement	4.6 kB	2024-04-26	2024-08-20
Pretty URL csk.artclass.site/assets/data/apps.js IP 104.21.234.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:30 Last Seen2024-08-20 02:32 Times Seen2 Hash 9fcfe15ea654ae93f33f26947b236d48 10582d748830568d337afffadc882e9f6fb5bfcc c35e76adb0e12b71838e11ac239f171c7996b1c2514b2a83e78beaeb77a8f0c3 Loading...

	abodedistributionpan.com/78/9c/e0/789ce0da4eec346107d3ca6eebe7691e.js	ScriptElement	84 kB	2024-08-19	2024-08-19
Pretty URL abodedistributionpan.com/78/9c/e0/789ce0da4eec346107d3ca6eebe7691e.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 22:14 Last Seen2024-08-19 22:14 Times Seen1 Hash f07ab4b8dca77f08d16218bbcec3acbb 88c157c2d398a13195db5fbc3b9c76d678cb4013 817c0ba462bcf849c739a856bc5eeffc70197296bf95c41f5432955eb6d63a98 Loading...

	cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/js/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-04-30
Pretty URL cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/js/jquery.min.js IP 172.67.141.24 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-04-30 01:45 Times Seen35943 Hash c9f5aeeca3ad37bf2aa006139b935f0a 1055018c28ab41087ef9ccefe411606893dabea2 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Loading...

	unknown	ScriptElement	437 B	2024-05-05	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-05 14:35 Last Seen2024-08-20 00:33 Times Seen4 Hash f72a34dd4d0960dec076faf2a48e9bec c58ca9a3676c515b01f678f69b76e69345f96db3 41fdecb9df1d10f29a5e827eef47c2b24d7258dea6105494b561eb6ca65bb6d0 Loading...

	csk.artclass.site/uv/uv.config.js	ScriptElement	335 B	2024-04-26	2024-10-15
Pretty URL csk.artclass.site/uv/uv.config.js IP 104.21.234.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:30 Last Seen2024-10-15 04:57 Times Seen10 Hash 6d6ba99250b84e4310eb7e240e05990c 7b63b95a13232c4953bd448b83523c68983146d5 4e6fe037be5d8fa9ed2d8b1b157ff34ff5d4e811050d9a8503c92ae86abba5c3 Loading...

	csk.artclass.site/js/preload.js	ScriptElement	3.6 kB	2024-04-26	2024-08-20
Pretty URL csk.artclass.site/js/preload.js IP 104.21.234.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 16:30 Last Seen2024-08-20 02:32 Times Seen4 Hash 5b1ff06e87e438c585e46896286f62f9 14cfd9c0573ca43db905680c4441fe0973bb6df8 2973fd3110e3702b16e627760610633cd2880ccc3172d52b7fb5b8bcad9637d9 Loading...

	www.googletagmanager.com/gtag/js?id=G-66ZE075DLD	ScriptElement	309 kB	2024-08-19	2024-08-19
Pretty URL www.googletagmanager.com/gtag/js?id=G-66ZE075DLD IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 22:14 Last Seen2024-08-19 22:14 Times Seen1 Hash 2695c6de9b26846c03ced56789c2df7a 6050e56f6a8b5d7daaa6231b546b134cbc6bd626 d9e63c04cf44c0f4816c1b3247048864cdfac0640648138b3fe5981e41c99048 Loading...

	pl22708848.profitablegatecpm.com/4e/d6/be/4ed6beda21708e4b8f45fca957964a1f.js	ScriptElement	45 kB	2024-08-19	2024-08-19
Pretty URL pl22708848.profitablegatecpm.com/4e/d6/be/4ed6beda21708e4b8f45fca957964a1f.js IP 192.243.59.13 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 22:14 Last Seen2024-08-19 22:14 Times Seen1 Hash a87de494791c29eb881edf3aec22a20e e40b7643bdb3fa50bc3f53290f02bb378cd7563c b94d15281b45a81db25288dd9de9662d24e1866ba5f552d5a4d10abe1fd0d3bb Loading...

HTTP Transactions (52)

URL IP Response Size

csk.artclass.site/assets/images/icon.png

104.21.234.105

200 OK

7.1 kB

URL GET HTTP/3
csk.artclass.site/assets/images/icon.png
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
7.1 kB (7136 bytes)
Hash
6fece0b0e016146a838112be2ce5bc62
210c0d8c9bcbafdbad30a5c96acb3f37487a6c14
a7ea41616d84e6e5404721bbe85426d55bc41c02f459b8d6e8bdb821a758c8da

HTTP Headers

GET /assets/images/icon.png HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/load.html?game=templerun2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:41 GMT
content-type: image/png
content-length: 7136
alt-svc: h3=":443"; ma=86400
etag: "s7zkjt5i8"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lsJK7wufuG1D1qNrHMuzpxSZeaV13f5GRpboa3sHFewIUZ63uC6b9vEEUO8W0BRj4eeipbwB8H3t0gRCWbVgTYsEI09u3r1KYNaACnxiP%2B%2FCm6m9vGoUQlchzZIspKey3hCypQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb6b5aa0949c-LHR

fonts.googleapis.com/css2?family=Montserrat:wght@700;900&family=JetBrains+Mono:wght@300;400&display=swap

142.250.74.106

200 OK

1.3 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Montserrat:wght@700;900&family=JetBrains+Mono:wght@300;400&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77
ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT

File type
gzip compressed data, max compression
Size
1.3 kB (1252 bytes)
Hash
736153e45efa29c4fe0e70ac8f24515e
3832b8a6415b080103e43da8f9956aa506bdb03b
92d0d0ca181880a6d8418b904fed8677d176122e9a20e636d41bbd929eebcfb4

HTTP Headers

GET /css2?family=Montserrat:wght@700;900&family=JetBrains+Mono:wght@300;400&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 22 May 2024 09:31:41 GMT
date: Wed, 22 May 2024 09:31:41 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

csk.artclass.site/load.html?game=templerun2

104.21.234.105

200 OK

1.3 kB

URL User Request GET HTTP/2
csk.artclass.site/load.html?game=templerun2
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
HTML document, ASCII text
Size
1.3 kB (1268 bytes)
Hash
06b0feeb70c8b6cc50e15869ad9dad07
714667b5749c82cd614ae6d7ff61e8c453b47174
052c362de7c493110bf8b75466d6925e21f2ca2695d641524f13051fd8af1594

HTTP Headers

GET /load.html?game=templerun2 HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 May 2024 09:31:40 GMT
content-type: text/html; charset=utf-8
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 30 Apr 2024 18:55:45 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=17uVj023%2Bv3SHSm9JWQsRfUWWB2vaX3gJCmf0pcJSYkFBau0tbsOGvaxlZP5br5mx1CNVzMATm%2BrSEmKdfRDX63gvcEVyBNtloXLUrhmr2u3kSLLqY3C82azmTh05x1W88LgIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 887bcb674f176316-LHR
content-encoding: br
X-Firefox-Spdy: h2

csk.artclass.site/css/main.css

104.21.234.105

200 OK

8.4 kB

URL GET HTTP/3
csk.artclass.site/css/main.css
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text
Size
8.4 kB (8411 bytes)
Hash
30c48a332981f10934209d11a90a95e0
f0f8984c051048f37685c503fe2d1300b8079d8d
0f7681638903f00f44ac527f3ae842c2aeff88f462f10a3f26cbed2b68e35314

HTTP Headers

GET /css/main.css HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/css/master.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:41 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"scfez035y"
last-modified: Wed, 24 Apr 2024 02:59:24 GMT
cache-control: max-age=120
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9rTeHflEqE6d4rM0VLZohyRjQtPnO9JVV7fhdTKZjRAbw5M9VdoV7H0GtSG%2FRtPQNNO2UxKouitsudM%2FDc5c%2FheoEfiK1OYqF848SlMKIvxg%2FLl1WT%2BfEZsk%2B6hGeY3FZiFOpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb6dbdae949c-LHR
content-encoding: br

cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/css/all.css

151.101.193.229

200 OK

47 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/css/all.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text
Size
47 kB (47137 bytes)
Hash
f9e2f72281d6ac4e23b1d1690c5e6700
c8e7ec28b0d5e2dcbce9b22107bc1ed8e53e4b16
c4772e97742bb0756ab29709b59debdfbca546b640277ff1f86935b0a72eca7f

HTTP Headers

GET /gh/hung1001/font-awesome-pro@4cac1a6/css/all.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4cac1a6
x-jsd-version-type: branch
etag: W/"5ac4a-yOfsKLDV4ty86bIhB7we2OU+SxY"
content-encoding: br
accept-ranges: bytes
date: Wed, 22 May 2024 09:31:41 GMT
age: 27141
x-served-by: cache-fra-eddf8230054-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 47137
X-Firefox-Spdy: h2

cdn.jsdelivr.net/gh/ianlunn/hover/css/hover-min.css

151.101.193.229

200 OK

7.6 kB

URL GET HTTP/2
cdn.jsdelivr.net/gh/ianlunn/hover/css/hover-min.css
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65297)
Size
7.6 kB (7612 bytes)
Hash
766244a6ea3ecb9c1d502e2c03e088cb
f4b638b73f95ea6e1937b5ce5792918f9ebd39c4
73e0bcee3ba93b5a2d0f5239bb2c55ebc5a648b0aab48a0d95c1cb5edccb093d

HTTP Headers

GET /gh/ianlunn/hover/css/hover-min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 2.3.1
x-jsd-version-type: version
etag: W/"17432-9LY4tz+V6m4ZN7XOV5KRj569OcQ"
content-encoding: br
accept-ranges: bytes
age: 5066
date: Wed, 22 May 2024 09:31:41 GMT
x-served-by: cache-fra-eddf8230124-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7612
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

142.250.74.99

200 OK

33 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C
ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 33092, version 1.0
Size
33 kB (33092 bytes)
Hash
057478083c1d55ea0c2182b24f6dd72f
caf557cd276a76992084efc4c8857b66791a6b7f
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

HTTP Headers

GET /s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://csk.artclass.site
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33092
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 May 2024 08:41:12 GMT
expires: Fri, 16 May 2025 08:41:12 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:51:58 GMT
content-type: font/woff2
age: 521429
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

csk.artclass.site/css/nav.css

104.21.234.105

200 OK

32 kB

URL GET HTTP/3
csk.artclass.site/css/nav.css
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text
Size
32 kB (32128 bytes)
Hash
082dcc02004f81bf858009f910f0c5e0
7a80bbb3c093af8a92f4c9b6d3e97261fd1ee943
5735b1de26412aff510fd8622094add2c6b64420bd8c836e06074d3f95c55b2c

HTTP Headers

GET /css/nav.css HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/css/master.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:41 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjt1wo"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yJSLOj9SB4VlOPFU3URFSrht1MLz9dg6Fjexma3p2yYvBY5j%2FVaN5qjtTJDdzd20kMncwDEUQZ6QbHjUiPzZFkrqm%2BFo7lxVsMBa9sHxscJa8qYg%2BVYzH8%2BvcAWaJimqOaPOrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb6dbdb5949c-LHR
content-encoding: br

csk.artclass.site/uv/uv.config.js

104.21.234.105

200 OK

172 B

URL GET HTTP/3
csk.artclass.site/uv/uv.config.js
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text
Size
172 B (172 bytes)
Hash
6d6ba99250b84e4310eb7e240e05990c
7b63b95a13232c4953bd448b83523c68983146d5
4e6fe037be5d8fa9ed2d8b1b157ff34ff5d4e811050d9a8503c92ae86abba5c3

HTTP Headers

GET /uv/uv.config.js HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/load.html?game=templerun2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:41 GMT
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=120
etag: W/"14f-18d51873be0"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
x-powered-by: Express
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=feV2kthtFHGlWcyFp1LyL833e2YOleOKsxL1KGhhuGvmaNL5AnCFMuQnBtctv9GXv4lvB8hEkP34mhmMR7zJoK1atIZRkMAOCmwROolm7PsxgR8gkv1M5e9vj1c509BxmogDFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb6b5a95949c-LHR
content-encoding: br

www.googletagmanager.com/gtag/js?id=G-66ZE075DLD

142.250.74.168

200 OK

102 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-66ZE075DLD
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint8C:4A:82:1E:00:9B:5C:E8:2B:28:8C:2B:B1:77:07:74:60:4F:7D:5E
ValidityMon, 06 May 2024 13:42:09 GMT - Mon, 29 Jul 2024 13:42:08 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
102 kB (102368 bytes)
Hash
2695c6de9b26846c03ced56789c2df7a
6050e56f6a8b5d7daaa6231b546b134cbc6bd626
d9e63c04cf44c0f4816c1b3247048864cdfac0640648138b3fe5981e41c99048

HTTP Headers

GET /gtag/js?id=G-66ZE075DLD HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 22 May 2024 09:31:41 GMT
expires: Wed, 22 May 2024 09:31:41 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 102368
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-regular-400-5.10.2.woff2

151.101.193.229

200 OK

16 kB

URL GET HTTP/3
cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-regular-400-5.10.2.woff2
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16248, version 331.-31196
Size
16 kB (16248 bytes)
Hash
054b33973fedb68ef21f74b9d142acb4
a35f1a776ba0fd2089c0868f62b51a240782e75d
e272d442a9319692de4cc42fa2de41167f7f3731f247aa94399e07230f2ae46f

HTTP Headers

GET /gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-regular-400-5.10.2.woff2 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://csk.artclass.site
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 16248
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
x-jsd-version: 4cac1a6
x-jsd-version-type: branch
etag: W/"3f78-o18ad2ug/SCJwIaPYrUaJAeC510"
accept-ranges: bytes
age: 16696
date: Wed, 22 May 2024 09:31:42 GMT
x-served-by: cache-fra-eddf8230122-FRA, cache-hel1410026-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-solid-900-5.0.0.woff2

151.101.193.229

200 OK

20 kB

URL GET HTTP/3
cdn.jsdelivr.net/gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-solid-900-5.0.0.woff2
IP
151.101.193.229:443
ASN
#54113 FASTLY

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19784, version 331.-31196
Size
20 kB (19784 bytes)
Hash
c7682b8035fc1d1672d6455631813794
9e2955e5e55b3073e229c218724406425862d4a1
1b50aa1d36ea249991fb44f8f6ad2aa74fe360df9cc04c564b5edf3b053b739c

HTTP Headers

GET /gh/hung1001/font-awesome-pro@4cac1a6/webfonts/pro-fa-solid-900-5.0.0.woff2 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://csk.artclass.site
DNT: 1
Connection: keep-alive
Referer: https://cdn.jsdelivr.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-length: 19784
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff2
x-jsd-version: 4cac1a6
x-jsd-version-type: branch
etag: W/"4d48-nilV5eVbMHPiKcIYckQGQlhi1KE"
accept-ranges: bytes
age: 20424
date: Wed, 22 May 2024 09:31:42 GMT
x-served-by: cache-fra-etou8220126-FRA, cache-hel1410026-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

csk.artclass.site/assets/images/icon.png

104.21.234.105

200 OK

7.1 kB

URL GET HTTP/3
csk.artclass.site/assets/images/icon.png
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
7.1 kB (7136 bytes)
Hash
6fece0b0e016146a838112be2ce5bc62
210c0d8c9bcbafdbad30a5c96acb3f37487a6c14
a7ea41616d84e6e5404721bbe85426d55bc41c02f459b8d6e8bdb821a758c8da

HTTP Headers

GET /assets/images/icon.png HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/load.html?game=templerun2
Cookie: _ga_66ZE075DLD=GS1.1.1716370302.1.0.1716370302.0.0.0; _ga=GA1.1.89170636.1716370302
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:42 GMT
content-type: image/png
content-length: 7136
alt-svc: h3=":443"; ma=86400
etag: "s7zkjt5i8"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 1
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Og1%2FQBJY0kzq%2BddEAHIM6Q%2BDKpD4g5Y0B2P8PzHU1JyFVBiMRB31zM0g3ZXwkj0bPLmgbr5qsiWtkX%2Frln5URyWTDLyVrZ2%2Bzy2VpGDsmFtpSDnj%2FMzhHCdC3jbysAZNsOLUvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb75b97f949c-LHR

play-lh.googleusercontent.com/go4XqS4mYs-G2tZymiVLF4wJYXIi5QrvwixNRzssk4G_vRBHrAdg4E1ddNwy9c2cZA

172.217.21.182

200 OK

542 kB

URL GET HTTP/2
play-lh.googleusercontent.com/go4XqS4mYs-G2tZymiVLF4wJYXIi5QrvwixNRzssk4G_vRBHrAdg4E1ddNwy9c2cZA
IP
172.217.21.182:443
ASN
#15169 GOOGLE

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectedgestatic.com
Fingerprint4D:4C:A8:3F:41:51:FB:07:BA:EC:31:6F:36:24:27:B1:F2:65:B5:F0
ValidityMon, 06 May 2024 13:42:04 GMT - Mon, 29 Jul 2024 13:42:03 GMT

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced
Size
542 kB (541751 bytes)
Hash
55033afd54b284acd45d6d5f7f4e3327
9398bf09995522c2d7a8cd18b43ff2d050a13d13
b80db16ec029c38ac191ef168a5599a30a03c6fe527b2ee7dae6208924b51a27

HTTP Headers

GET /go4XqS4mYs-G2tZymiVLF4wJYXIi5QrvwixNRzssk4G_vRBHrAdg4E1ddNwy9c2cZA HTTP/1.1
Host: play-lh.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.png"
x-content-type-options: nosniff
server: fife
content-length: 541751
x-xss-protection: 0
date: Wed, 22 May 2024 05:35:19 GMT
expires: Thu, 23 May 2024 05:35:19 GMT
cache-control: public, max-age=86400, no-transform
age: 14183
etag: "v1"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pl22708848.profitablegatecpm.com/4e/d6/be/4ed6beda21708e4b8f45fca957964a1f.js

192.243.59.13

200 OK

16 kB

URL GET HTTP/1.1
pl22708848.profitablegatecpm.com/4e/d6/be/4ed6beda21708e4b8f45fca957964a1f.js
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subjectprofitablegatecpm.com
Fingerprint9D:FB:8C:AD:4D:64:98:6B:85:78:33:54:E7:A3:BB:10:ED:77:63:30
ValidityFri, 05 Apr 2024 18:10:33 GMT - Thu, 04 Jul 2024 18:10:32 GMT

File type
JavaScript source, ASCII text, with very long lines (44826), with no line terminators
Size
16 kB (16201 bytes)
Hash
a87de494791c29eb881edf3aec22a20e
e40b7643bdb3fa50bc3f53290f02bb378cd7563c
b94d15281b45a81db25288dd9de9662d24e1866ba5f552d5a4d10abe1fd0d3bb

HTTP Headers

GET /4e/d6/be/4ed6beda21708e4b8f45fca957964a1f.js HTTP/1.1
Host: pl22708848.profitablegatecpm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 22 May 2024 09:31:42 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_CF-348_v4=1; expires=Thu, 23 May 2024 09:31:42 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3d77617a682db21e1b8ceed40068b546
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
a6d1f99619819a7bf5f21a272196755b
5898115d22bf813731c30b3ac74872ab2f1a52ee
c6cd54bafa2fded9e1e6de1053611d5bd6be711f0b05e6e07e077dd04fea3ac2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 22 May 2024 09:31:42 GMT
Last-Modified: Wed, 22 May 2024 08:36:38 GMT
Server: ECAcc (ska/F7A5)
X-Cache: Miss from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: C6E5v567n6jnqwIEfkgnTS_6QG0VzG0z19Kach1joZ9ORvW1KKJmRg==
Age: 3304

proftrafficcounter.com/stats

52.59.123.150

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
52.59.123.150:443
ASN
#16509 AMAZON-02

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
37fdc1953a44606237a0b98375240c86
2e456dbe1e806f1eaadeaa202fb09ca836a22603
eb5b82d08d19e57a6c66c69c03921b31e58bf559e82e139b397b76f94b2f37da

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://csk.artclass.site
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 May 2024 09:31:42 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://csk.artclass.site
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4:3:1; expires=Sat, 20 May 2034 09:31:42 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

abodedistributionpan.com/78/9c/e0/789ce0da4eec346107d3ca6eebe7691e.js

192.243.61.225

200 OK

31 kB

URL GET HTTP/1.1
abodedistributionpan.com/78/9c/e0/789ce0da4eec346107d3ca6eebe7691e.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subjectabodedistributionpan.com
Fingerprint0A:F0:49:46:E9:89:77:CB:6E:7E:0C:A3:C6:E1:22:CA:19:69:A4:DC
ValidityMon, 06 May 2024 08:18:50 GMT - Sun, 04 Aug 2024 08:18:49 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
31 kB (30729 bytes)
Hash
f07ab4b8dca77f08d16218bbcec3acbb
88c157c2d398a13195db5fbc3b9c76d678cb4013
817c0ba462bcf849c739a856bc5eeffc70197296bf95c41f5432955eb6d63a98

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /78/9c/e0/789ce0da4eec346107d3ca6eebe7691e.js HTTP/1.1
Host: abodedistributionpan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 22 May 2024 09:31:43 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dcc53a7a2b75e32c1d6d3c418e4074a7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

detectivespreferably.com/pixel/purst?dl=0&th=0&sc=0&rs=3410&rd=3410&fd=586&bv=24.5.8221&tmpl=136

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
detectivespreferably.com/pixel/purst?dl=0&th=0&sc=0&rs=3410&rd=3410&fd=586&bv=24.5.8221&tmpl=136
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subjectdetectivespreferably.com
Fingerprint80:E1:05:59:6E:BB:0B:82:B2:FD:48:8C:E7:A7:1A:97:BD:C7:6D:53
ValidityTue, 21 May 2024 16:27:45 GMT - Mon, 19 Aug 2024 16:27:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=3410&rd=3410&fd=586&bv=24.5.8221&tmpl=136 HTTP/1.1
Host: detectivespreferably.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 22 May 2024 09:31:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

abodedistributionpan.com/sbar.json?key=4ed6beda21708e4b8f45fca957964a1f&psid=CF-348_v4_1&uuid=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4%3A3%3A1

192.243.61.225

200 OK

8.2 kB

URL GET HTTP/1.1
abodedistributionpan.com/sbar.json?key=4ed6beda21708e4b8f45fca957964a1f&psid=CF-348_v4_1&uuid=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4%3A3%3A1
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subjectabodedistributionpan.com
Fingerprint0A:F0:49:46:E9:89:77:CB:6E:7E:0C:A3:C6:E1:22:CA:19:69:A4:DC
ValidityMon, 06 May 2024 08:18:50 GMT - Sun, 04 Aug 2024 08:18:49 GMT

File type
JSON text data
Size
8.2 kB (8193 bytes)
Hash
881c8cc9818c1ad8e8d3b5df2900b87f
9ed69aa6db65c7be72bc9323fe723c53c718d417
19d6786fbc19a6a2c324796398e44491c4cf49f10252ba50a1c15bf7d2b86d11

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sbar.json?key=4ed6beda21708e4b8f45fca957964a1f&psid=CF-348_v4_1&uuid=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4%3A3%3A1 HTTP/1.1
Host: abodedistributionpan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://csk.artclass.site
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 22 May 2024 09:31:44 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://csk.artclass.site
Access-Control-Allow-Origin: https://csk.artclass.site
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=22608349; expires=Thu, 23 May 2024 09:31:43 GMT; secure; SameSite=None
uid_id2=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4:3:1; expires=Wed, 29 May 2024 09:31:43 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 23 May 2024 09:31:44 GMT; secure; SameSite=None
uncs=1; expires=Thu, 23 May 2024 09:31:44 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 23 May 2024 09:31:44 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 23 May 2024 09:31:44 GMT; secure; SameSite=None
slec4ed6beda21708e4b8f45fca957964a1f=[5210994,5210995]; expires=Wed, 22 May 2024 09:31:49 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d0fae35586ef94bb909599c36767a712
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

abodedistributionpan.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRStno0geBBlwYMIc%2FCgsJl0z3R6ZtzDajYbCWY3y65iYJVQ1VU9Kaemq6nqnp7kFAzogpfBi0c7b5IN60bRs7jKZEEkIGQ8BdmcFI8ehAXdi8wYNvgP9f%2Bv9wpevf8%2F2s5OSBUZPZ6%2FqjekUnRmtuKWX1nxvIvlJRlnvXKvEawG%2FsWy6b7WDCruq%2BU3RdjWM1XXc13P9coL0ohI92bGIGSy3%2FQqTbfiVyverI%2Be%2BX9vMweWOuDdE%2FI8JB9NPXDOQ4ZDxJ2v54Vtpzq5cKWTKZpqgy7feyduxzqP0TkrI%2BMgivdO2dD2aOE%2BdLw7kQvdfUJkckScH%2B%2BDxXunIsG6OxOdTEHEYPwZ5N0hhBpC0iFCvQXJjwgQclxbRty5c02bnK7%2Fh9IxOiJTj%2F6CzEdk6uF5xJ2v5pTslW9qlaVSxxa9qIDsDSFbQyTZAdKNEmR%2BgDD9EJL%2FTGYeLSHu7CxbpSH58ctercGY77nTtSatTfsiak4zVqXTjDV84TZY6Ef%2BxCAph5DREEr0Qe05ZNZBJh1kkYMscdDhx%2BXQ87y6y0PqNpphWON1wQLuerQeedRzgwaycPyHPtKkj1D1EZpNJGYTbdmHyX6AXStguQObEnR5gVwQ5JYgpwS5JMhTgrxb7HJlq7a4w5XNmHeaq6e5Vgx02tqmuzptiZiAmj4ML7aTE%2FLc2EBn5e%2BHaIvjsi94wASnVa%2FuNoTPGpE%2FG4W0OVtvBj71Ilh57%2FLCdM1vrHb9VQ%2FSlkCtgw05Iv7HvyKRI%2FLC%2FAoYPYBVBwjlOdDsJdC8AF0rsBF%2FSU0aKmptxcpUgOsCSTqFdN3ZVifkxck4l7cMRHj4%2BtM%2Fvf%2Fn56v7CE2BxBT4QD4gaKnbgxs6Jzs3dG7JN8tJKjtyg45HfTOlqXjqi7fEeq4NX5y3%2FbtvhGNgXO6%2FLWy6RGMu45Yl9%2BYk58IsaBMK8t2ifVew65ldm8tMnCVL1y8vLHYSI6yVOh6CyqMrnyGUI%2FLs9%2B9NdvjCrd8gzRAmK9DJDslpQOoDhMkmbHJ46Z928Lu%2BVYLVBEadcVjiIM%2BKgamys0slCZQ46ykrYMXhpcd3H%2F%2BhPpkHE0%2FsGBg6fk1lsW1vo2VKoOkW4k6BrinQVQWo6sNm5wZpYg4v%2FVKbBJgqDZgypR2mjPp0YvL4sLDyuFyv1VwaNGe9ep2KOvOrjSjwOKVVP6gGAa0htaPo6reb%2FwIAAP%2F%2FAQAA%2F%2F%2Bo5M4VnQQAAA%3D%3D

192.243.61.225

200 OK

7 B

URL GET HTTP/1.1
abodedistributionpan.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRStno0geBBlwYMIc%2FCgsJl0z3R6ZtzDajYbCWY3y65iYJVQ1VU9Kaemq6nqnp7kFAzogpfBi0c7b5IN60bRs7jKZEEkIGQ8BdmcFI8ehAXdi8wYNvgP9f%2Bv9wpevf8%2F2s5OSBUZPZ6%2FqjekUnRmtuKWX1nxvIvlJRlnvXKvEawG%2FsWy6b7WDCruq%2BU3RdjWM1XXc13P9coL0ohI92bGIGSy3%2FQqTbfiVyverI%2Be%2BX9vMweWOuDdE%2FI8JB9NPXDOQ4ZDxJ2v54Vtpzq5cKWTKZpqgy7feyduxzqP0TkrI%2BMgivdO2dD2aOE%2BdLw7kQvdfUJkckScH%2B%2BDxXunIsG6OxOdTEHEYPwZ5N0hhBpC0iFCvQXJjwgQclxbRty5c02bnK7%2Fh9IxOiJTj%2F6CzEdk6uF5xJ2v5pTslW9qlaVSxxa9qIDsDSFbQyTZAdKNEmR%2BgDD9EJL%2FTGYeLSHu7CxbpSH58ctercGY77nTtSatTfsiak4zVqXTjDV84TZY6Ef%2BxCAph5DREEr0Qe05ZNZBJh1kkYMscdDhx%2BXQ87y6y0PqNpphWON1wQLuerQeedRzgwaycPyHPtKkj1D1EZpNJGYTbdmHyX6AXStguQObEnR5gVwQ5JYgpwS5JMhTgrxb7HJlq7a4w5XNmHeaq6e5Vgx02tqmuzptiZiAmj4ML7aTE%2FLc2EBn5e%2BHaIvjsi94wASnVa%2FuNoTPGpE%2FG4W0OVtvBj71Ilh57%2FLCdM1vrHb9VQ%2FSlkCtgw05Iv7HvyKRI%2FLC%2FAoYPYBVBwjlOdDsJdC8AF0rsBF%2FSU0aKmptxcpUgOsCSTqFdN3ZVifkxck4l7cMRHj4%2BtM%2Fvf%2Fn56v7CE2BxBT4QD4gaKnbgxs6Jzs3dG7JN8tJKjtyg45HfTOlqXjqi7fEeq4NX5y3%2FbtvhGNgXO6%2FLWy6RGMu45Yl9%2BYk58IsaBMK8t2ifVew65ldm8tMnCVL1y8vLHYSI6yVOh6CyqMrnyGUI%2FLs9%2B9NdvjCrd8gzRAmK9DJDslpQOoDhMkmbHJ46Z928Lu%2BVYLVBEadcVjiIM%2BKgamys0slCZQ46ykrYMXhpcd3H%2F%2BhPpkHE0%2FsGBg6fk1lsW1vo2VKoOkW4k6BrinQVQWo6sNm5wZpYg4v%2FVKbBJgqDZgypR2mjPp0YvL4sLDyuFyv1VwaNGe9ep2KOvOrjSjwOKVVP6gGAa0htaPo6reb%2FwIAAP%2F%2FAQAA%2F%2F%2Bo5M4VnQQAAA%3D%3D
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subjectabodedistributionpan.com
Fingerprint0A:F0:49:46:E9:89:77:CB:6E:7E:0C:A3:C6:E1:22:CA:19:69:A4:DC
ValidityMon, 06 May 2024 08:18:50 GMT - Sun, 04 Aug 2024 08:18:49 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRStno0geBBlwYMIc%2FCgsJl0z3R6ZtzDajYbCWY3y65iYJVQ1VU9Kaemq6nqnp7kFAzogpfBi0c7b5IN60bRs7jKZEEkIGQ8BdmcFI8ehAXdi8wYNvgP9f%2Bv9wpevf8%2F2s5OSBUZPZ6%2FqjekUnRmtuKWX1nxvIvlJRlnvXKvEawG%2FsWy6b7WDCruq%2BU3RdjWM1XXc13P9coL0ohI92bGIGSy3%2FQqTbfiVyverI%2Be%2BX9vMweWOuDdE%2FI8JB9NPXDOQ4ZDxJ2v54Vtpzq5cKWTKZpqgy7feyduxzqP0TkrI%2BMgivdO2dD2aOE%2BdLw7kQvdfUJkckScH%2B%2BDxXunIsG6OxOdTEHEYPwZ5N0hhBpC0iFCvQXJjwgQclxbRty5c02bnK7%2Fh9IxOiJTj%2F6CzEdk6uF5xJ2v5pTslW9qlaVSxxa9qIDsDSFbQyTZAdKNEmR%2BgDD9EJL%2FTGYeLSHu7CxbpSH58ctercGY77nTtSatTfsiak4zVqXTjDV84TZY6Ef%2BxCAph5DREEr0Qe05ZNZBJh1kkYMscdDhx%2BXQ87y6y0PqNpphWON1wQLuerQeedRzgwaycPyHPtKkj1D1EZpNJGYTbdmHyX6AXStguQObEnR5gVwQ5JYgpwS5JMhTgrxb7HJlq7a4w5XNmHeaq6e5Vgx02tqmuzptiZiAmj4ML7aTE%2FLc2EBn5e%2BHaIvjsi94wASnVa%2FuNoTPGpE%2FG4W0OVtvBj71Ilh57%2FLCdM1vrHb9VQ%2FSlkCtgw05Iv7HvyKRI%2FLC%2FAoYPYBVBwjlOdDsJdC8AF0rsBF%2FSU0aKmptxcpUgOsCSTqFdN3ZVifkxck4l7cMRHj4%2BtM%2Fvf%2Fn56v7CE2BxBT4QD4gaKnbgxs6Jzs3dG7JN8tJKjtyg45HfTOlqXjqi7fEeq4NX5y3%2FbtvhGNgXO6%2FLWy6RGMu45Yl9%2BYk58IsaBMK8t2ifVew65ldm8tMnCVL1y8vLHYSI6yVOh6CyqMrnyGUI%2FLs9%2B9NdvjCrd8gzRAmK9DJDslpQOoDhMkmbHJ46Z928Lu%2BVYLVBEadcVjiIM%2BKgamys0slCZQ46ykrYMXhpcd3H%2F%2BhPpkHE0%2FsGBg6fk1lsW1vo2VKoOkW4k6BrinQVQWo6sNm5wZpYg4v%2FVKbBJgqDZgypR2mjPp0YvL4sLDyuFyv1VwaNGe9ep2KOvOrjSjwOKVVP6gGAa0htaPo6reb%2FwIAAP%2F%2FAQAA%2F%2F%2Bo5M4VnQQAAA%3D%3D HTTP/1.1
Host: abodedistributionpan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Cookie: u_pl=22608349; uid_id2=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec4ed6beda21708e4b8f45fca957964a1f=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 22 May 2024 09:31:44 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dcca69b9435cb3bb393c824add8678a8
Strict-Transport-Security: max-age=0; includeSubdomains

abodedistributionpan.com/pixel/sbls?bv=24.21.5047&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Findex.html&l=1125&fd=116

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
abodedistributionpan.com/pixel/sbls?bv=24.21.5047&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Findex.html&l=1125&fd=116
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subjectabodedistributionpan.com
Fingerprint0A:F0:49:46:E9:89:77:CB:6E:7E:0C:A3:C6:E1:22:CA:19:69:A4:DC
ValidityMon, 06 May 2024 08:18:50 GMT - Sun, 04 Aug 2024 08:18:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.21.5047&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Findex.html&l=1125&fd=116 HTTP/1.1
Host: abodedistributionpan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Cookie: u_pl=22608349; uid_id2=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec4ed6beda21708e4b8f45fca957964a1f=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 22 May 2024 09:31:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/img/icon.png

172.67.141.24

200 OK

12 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/img/icon.png
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
PNG image data, 230 x 253, 8-bit colormap, non-interlaced
Size
12 kB (11963 bytes)
Hash
b1f546ae7b0fbf8f3d19946146456d8a
37792f4d6fb3482b3d0281139a61e2e426fa3056
2a0b851026a70a5da3b5f2fe9e7f5d098c4126c035a68de8e90f8408bab6fd33

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/img/icon.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 22 May 2024 09:31:44 GMT
content-type: image/png
content-length: 11963
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: "65aa847c-2ebb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1876424
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EiURGyyJnCewEHs2VQuiXE81Sr1QQSylMIbUcMDzBTlhloIuMro7bq84XUKfJs6wu9SplldyXCLvUsAFUm%2B93UcoXtiFMty8DqUmpJLyseGYvLhDCgtIR6K4PNAIKcpM%2FOMjbv5qD5Ja"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb82ece8b524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

abodedistributionpan.com/pixel/sbls?bv=24.21.5047&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fcss%2Fstyle.css&l=1434&fd=181

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
abodedistributionpan.com/pixel/sbls?bv=24.21.5047&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fcss%2Fstyle.css&l=1434&fd=181
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subjectabodedistributionpan.com
Fingerprint0A:F0:49:46:E9:89:77:CB:6E:7E:0C:A3:C6:E1:22:CA:19:69:A4:DC
ValidityMon, 06 May 2024 08:18:50 GMT - Sun, 04 Aug 2024 08:18:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.21.5047&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fcss%2Fstyle.css&l=1434&fd=181 HTTP/1.1
Host: abodedistributionpan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Cookie: u_pl=22608349; uid_id2=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec4ed6beda21708e4b8f45fca957964a1f=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 22 May 2024 09:31:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/img/close.svg

172.67.141.24

200 OK

576 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/img/close.svg
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
SVG Scalable Vector Graphics image
Size
576 B (576 bytes)
Hash
369850b9873659adf0951d845f57dba1
a64257186daa33b6b318943a457b6cf8d80b26b6
9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/img/close.svg HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 22 May 2024 09:31:44 GMT
content-type: image/svg+xml
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: W/"65aa847c-4ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3165526
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6O9H%2FerfHERGiAL6ENKLfN4o5dwt4gWP%2BstrGlwscqibyXHY6L0dFxvOnhJl8k%2FXLuG75G4CI9ruWCQTXeW7XD8lcRhIxiZqkRzLFPIBBjDAwHvUYVGKHY7%2BBM2WnT%2BhfRLUZXWZ8jFr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb82dce3b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

unseenreport.com/pxf.gif?uuid=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=789ce0da4eec346107d3ca6eebe7691e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=9

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=789ce0da4eec346107d3ca6eebe7691e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=9
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintF5:95:0F:2B:01:D6:36:49:AB:2E:61:76:F7:EC:A5:45:3D:F1:0E:59
ValidityTue, 21 May 2024 07:36:27 GMT - Mon, 19 Aug 2024 07:36:26 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=789ce0da4eec346107d3ca6eebe7691e&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=9 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 22 May 2024 09:31:44 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1bb9179228fe04ce5a1db180d93cacb0
Strict-Transport-Security: max-age=0; includeSubdomains

unseenreport.com/pxf.gif?uuid=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=4ed6beda21708e4b8f45fca957964a1f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=9

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=4ed6beda21708e4b8f45fca957964a1f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=9
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintF5:95:0F:2B:01:D6:36:49:AB:2E:61:76:F7:EC:A5:45:3D:F1:0E:59
ValidityTue, 21 May 2024 07:36:27 GMT - Mon, 19 Aug 2024 07:36:26 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=4ed6beda21708e4b8f45fca957964a1f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=9 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 22 May 2024 09:31:44 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0ed75aa00934b3e0e0efac3649e62989
Strict-Transport-Security: max-age=0; includeSubdomains

abodedistributionpan.com/pixel/sbls?bv=24.21.5047&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fjs%2Fscript.js&l=321&fd=302

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
abodedistributionpan.com/pixel/sbls?bv=24.21.5047&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fjs%2Fscript.js&l=321&fd=302
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subjectabodedistributionpan.com
Fingerprint0A:F0:49:46:E9:89:77:CB:6E:7E:0C:A3:C6:E1:22:CA:19:69:A4:DC
ValidityMon, 06 May 2024 08:18:50 GMT - Sun, 04 Aug 2024 08:18:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.21.5047&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fjs%2Fscript.js&l=321&fd=302 HTTP/1.1
Host: abodedistributionpan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Cookie: u_pl=22608349; uid_id2=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec4ed6beda21708e4b8f45fca957964a1f=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 22 May 2024 09:31:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.99

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C
ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://csk.artclass.site
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 16 May 2024 08:36:46 GMT
expires: Fri, 16 May 2025 08:36:46 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 521699
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

abodedistributionpan.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWhcVRS%2BbxpBcCFKwYUIs3Ch0Ezem3nzZxfVNo0U06a0ioUq4f696XXuvPu4971506yCBS24Gdy49OWbpKE2iq7FKpOCSEDIuArSrBSXLoSCdiMzhgbP4p5z7vdd%2BO53zkcb2SGpIqMHixfNmtKaLtQrfvmVa0Fwurys4mxQHrQaq43wdNn2X2s3Kv6r5Tcl75qFqh%2F4fuAH5SVlZWQGC1MQKtlpB5W2XwmrlaAeYmD%2F37vMg6MeRP%2BQPA8lJnMPvJNQfIy49%2FWidN3UJKfO9zJNU2PRF9vvxN3Y5DF6x2VkPUTx9hEbxu0v3YeJt2ZyYfpPiExNiPfjfbB4%2B0gkWH9zppNpyBhMPIO8P4bUYyg6Bje3oMQ%2BAbjApRXEvTuXjM3pzf9QOkUnZO7RX1D5hMw9PIm499VZrQblq0ZnqTKxwyAqoAZjqM4YSbaLdK0Ele%2BCpx9CiZ%2FJwqNlxL3NFacNlDh4Oai1GAsDf77WprX5UEbtecaqdJ6xVij9FuNhFM4MUmoMFY2h5RDUnUDmPGTKQxZ5yBIPPXFQ5kEQNH3Bqd9qc14TTckawg9oMwpo4DdayPj0D0OkyRBcD8HtOhK7jq4awmY%2FwN0o4IQHlxL0RYFcEuSOIKcEuSLIU4K8X2wJ7aquuCO0y1hwlKtHuVaMTNrZoFsm7ciYgNohrCg2kkPy3NRA79rfD9GVB%2BVQigaTglaDpt%2BSIWtFYT3itF1vthshDSI4de%2Fc0nwtbK32w9UAypVAnYc1NSHhx78iURPywuI1MLoLp3fB1QnQ7CXQvAC9UWAt%2FpLalGvqXMWpVEKYAkk6h%2FSmt6EPyYuzca7cspB87%2FWnf3r%2Fz89Xd8BtgcQW%2BEA9IOjo26MrJiebV0zuyDcrSap6ao1OR301pal86ou35M3cWHFh0Q3vvsGnwLTceVu6dJnGQsUdR%2B6dVUJIu2Qsl%2BS7C%2B5dyS5n7sbZzMZZsnz53NKFXmKlc8rEY1C1f%2F4zcDUhz37%2F3myHT13%2FDcqOYbMCvWyPHAWU2QVP1uGSvTP%2FdBu%2Fm%2BslOENg9TGHJR7yrBjZKju%2B1IpAy%2BOesgJO7p15fPfxH%2FqTRTD5xI6RpdPXVBUb7jY6tgSa3kLcK9C3Bfq6ANVDuOzEKE3s3plfarMA06UR07a0ybTVn85Mnh4OTh2Ua75oMhnJJpNhPYwkF6xeZz6POKuJVosjdZPo4rfr%2FwIAAP%2F%2FAQAA%2F%2F8oMBv9nQQAAA%3D%3D

192.243.61.225

200 OK

7 B

URL GET HTTP/1.1
abodedistributionpan.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSTWhcVRS%2BbxpBcCFKwYUIs3Ch0Ezem3nzZxfVNo0U06a0ioUq4f696XXuvPu4971506yCBS24Gdy49OWbpKE2iq7FKpOCSEDIuArSrBSXLoSCdiMzhgbP4p5z7vdd%2BO53zkcb2SGpIqMHixfNmtKaLtQrfvmVa0Fwurys4mxQHrQaq43wdNn2X2s3Kv6r5Tcl75qFqh%2F4fuAH5SVlZWQGC1MQKtlpB5W2XwmrlaAeYmD%2F37vMg6MeRP%2BQPA8lJnMPvJNQfIy49%2FWidN3UJKfO9zJNU2PRF9vvxN3Y5DF6x2VkPUTx9hEbxu0v3YeJt2ZyYfpPiExNiPfjfbB4%2B0gkWH9zppNpyBhMPIO8P4bUYyg6Bje3oMQ%2BAbjApRXEvTuXjM3pzf9QOkUnZO7RX1D5hMw9PIm499VZrQblq0ZnqTKxwyAqoAZjqM4YSbaLdK0Ele%2BCpx9CiZ%2FJwqNlxL3NFacNlDh4Oai1GAsDf77WprX5UEbtecaqdJ6xVij9FuNhFM4MUmoMFY2h5RDUnUDmPGTKQxZ5yBIPPXFQ5kEQNH3Bqd9qc14TTckawg9oMwpo4DdayPj0D0OkyRBcD8HtOhK7jq4awmY%2FwN0o4IQHlxL0RYFcEuSOIKcEuSLIU4K8X2wJ7aquuCO0y1hwlKtHuVaMTNrZoFsm7ciYgNohrCg2kkPy3NRA79rfD9GVB%2BVQigaTglaDpt%2BSIWtFYT3itF1vthshDSI4de%2Fc0nwtbK32w9UAypVAnYc1NSHhx78iURPywuI1MLoLp3fB1QnQ7CXQvAC9UWAt%2FpLalGvqXMWpVEKYAkk6h%2FSmt6EPyYuzca7cspB87%2FWnf3r%2Fz89Xd8BtgcQW%2BEA9IOjo26MrJiebV0zuyDcrSap6ao1OR301pal86ou35M3cWHFh0Q3vvsGnwLTceVu6dJnGQsUdR%2B6dVUJIu2Qsl%2BS7C%2B5dyS5n7sbZzMZZsnz53NKFXmKlc8rEY1C1f%2F4zcDUhz37%2F3myHT13%2FDcqOYbMCvWyPHAWU2QVP1uGSvTP%2FdBu%2Fm%2BslOENg9TGHJR7yrBjZKju%2B1IpAy%2BOesgJO7p15fPfxH%2FqTRTD5xI6RpdPXVBUb7jY6tgSa3kLcK9C3Bfq6ANVDuOzEKE3s3plfarMA06UR07a0ybTVn85Mnh4OTh2Ua75oMhnJJpNhPYwkF6xeZz6POKuJVosjdZPo4rfr%2FwIAAP%2F%2FAQAA%2F%2F8oMBv9nQQAAA%3D%3D
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subjectabodedistributionpan.com
Fingerprint0A:F0:49:46:E9:89:77:CB:6E:7E:0C:A3:C6:E1:22:CA:19:69:A4:DC
ValidityMon, 06 May 2024 08:18:50 GMT - Sun, 04 Aug 2024 08:18:49 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSTWhcVRS%2BbxpBcCFKwYUIs3Ch0Ezem3nzZxfVNo0U06a0ioUq4f696XXuvPu4971506yCBS24Gdy49OWbpKE2iq7FKpOCSEDIuArSrBSXLoSCdiMzhgbP4p5z7vdd%2BO53zkcb2SGpIqMHixfNmtKaLtQrfvmVa0Fwurys4mxQHrQaq43wdNn2X2s3Kv6r5Tcl75qFqh%2F4fuAH5SVlZWQGC1MQKtlpB5W2XwmrlaAeYmD%2F37vMg6MeRP%2BQPA8lJnMPvJNQfIy49%2FWidN3UJKfO9zJNU2PRF9vvxN3Y5DF6x2VkPUTx9hEbxu0v3YeJt2ZyYfpPiExNiPfjfbB4%2B0gkWH9zppNpyBhMPIO8P4bUYyg6Bje3oMQ%2BAbjApRXEvTuXjM3pzf9QOkUnZO7RX1D5hMw9PIm499VZrQblq0ZnqTKxwyAqoAZjqM4YSbaLdK0Ele%2BCpx9CiZ%2FJwqNlxL3NFacNlDh4Oai1GAsDf77WprX5UEbtecaqdJ6xVij9FuNhFM4MUmoMFY2h5RDUnUDmPGTKQxZ5yBIPPXFQ5kEQNH3Bqd9qc14TTckawg9oMwpo4DdayPj0D0OkyRBcD8HtOhK7jq4awmY%2FwN0o4IQHlxL0RYFcEuSOIKcEuSLIU4K8X2wJ7aquuCO0y1hwlKtHuVaMTNrZoFsm7ciYgNohrCg2kkPy3NRA79rfD9GVB%2BVQigaTglaDpt%2BSIWtFYT3itF1vthshDSI4de%2Fc0nwtbK32w9UAypVAnYc1NSHhx78iURPywuI1MLoLp3fB1QnQ7CXQvAC9UWAt%2FpLalGvqXMWpVEKYAkk6h%2FSmt6EPyYuzca7cspB87%2FWnf3r%2Fz89Xd8BtgcQW%2BEA9IOjo26MrJiebV0zuyDcrSap6ao1OR301pal86ou35M3cWHFh0Q3vvsGnwLTceVu6dJnGQsUdR%2B6dVUJIu2Qsl%2BS7C%2B5dyS5n7sbZzMZZsnz53NKFXmKlc8rEY1C1f%2F4zcDUhz37%2F3myHT13%2FDcqOYbMCvWyPHAWU2QVP1uGSvTP%2FdBu%2Fm%2BslOENg9TGHJR7yrBjZKju%2B1IpAy%2BOesgJO7p15fPfxH%2FqTRTD5xI6RpdPXVBUb7jY6tgSa3kLcK9C3Bfq6ANVDuOzEKE3s3plfarMA06UR07a0ybTVn85Mnh4OTh2Ua75oMhnJJpNhPYwkF6xeZz6POKuJVosjdZPo4rfr%2FwIAAP%2F%2FAQAA%2F%2F8oMBv9nQQAAA%3D%3D HTTP/1.1
Host: abodedistributionpan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Cookie: u_pl=22608349; uid_id2=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec4ed6beda21708e4b8f45fca957964a1f=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 22 May 2024 09:31:45 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5657629931a42c406d79da655cf1377a
Strict-Transport-Security: max-age=0; includeSubdomains

abodedistributionpan.com/pixel/sbs?c=1

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
abodedistributionpan.com/pixel/sbs?c=1
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subjectabodedistributionpan.com
Fingerprint0A:F0:49:46:E9:89:77:CB:6E:7E:0C:A3:C6:E1:22:CA:19:69:A4:DC
ValidityMon, 06 May 2024 08:18:50 GMT - Sun, 04 Aug 2024 08:18:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbs?c=1 HTTP/1.1
Host: abodedistributionpan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Cookie: u_pl=22608349; uid_id2=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec4ed6beda21708e4b8f45fca957964a1f=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 22 May 2024 09:31:45 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/js/script.js

172.67.141.24

200 OK

321 B

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/js/script.js
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (343), with no line terminators
Size
321 B (321 bytes)
Hash
4f46dc256e627bbc1fa54e2996e30b25
56ff1d7676599e3d1ddbee84dad29f2a2bece6ce
6933ea1db439c96d670e6ce25bcbfa19052ce0626fee500df36d11167636d6c3

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://csk.artclass.site
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 May 2024 09:31:44 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: W/"65aa847c-141"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FG2UHOlGIklVSnAKbNCwQ%2FmIPBVLPu8Xn65ETsu5zgm1v9g9PElVmWTiNWyi7YI2OBiOYFjUQCfF7il6z0b9onG0SJs%2BLLzyFX83OwLSMBZaJp%2BpjFAtWh8TgJjKmhJ%2FTAPB2Fiva2PC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb83ae1fb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/css/style.css

172.67.141.24

200 OK

1.4 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/css/style.css
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text, with very long lines (1523), with no line terminators
Size
1.4 kB (1434 bytes)
Hash
af8b297e908242d66890c4650aaffdd2
45fe0a1587b11f77bf71085d15dbae9750a97179
cc03ce0e52d2d5b339b37554d900c6ec631929d4d729ffbd1fb200eba267d5ad

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://csk.artclass.site
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 May 2024 09:31:44 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: W/"65aa847c-59a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=inVPCBve245%2B%2FLe4nJ4PouOsMI1aP7pB1weT7cSA22Dr10OqmRvQA3tSVZg0ZmAP%2BQANQ2l%2FUJFYswV%2BNwDxNHGvbwCftZq1Lhs5%2F0sHGyrXUq1uDDQlZVRCjv2WQMS%2BnNRtedRWpqkj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb823ba9b524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

csk.artclass.site/css/master.css

104.21.234.105

200 OK

449 B

URL GET HTTP/3
csk.artclass.site/css/master.css
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text, with very long lines (470), with no line terminators
Size
449 B (449 bytes)
Hash
b62a249a4efae87ddf6f5e131ed8fe7c
4644f0103dd345f00fff6d452f3462ba18a801a8
a3bc13df62b9eb9fffa125fff61e13d835aae5e54eb9168b2ee23a18b03118f9

HTTP Headers

GET /css/master.css HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/load.html?game=templerun2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:41 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjtch"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jtoN8WupbiP6Z5Y%2FVW6KGez8BWhTbe7fCOQ08SV5pFZse%2FoA%2Bg22XwerCH1h2lCRXr%2FnhHYIonCOBopOwQiuYX1Mi7%2F5h5kctijxqyUisPVo4mRboDOBWUDlYiOXiWsnTWnCqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb6b5a90949c-LHR
content-encoding: br

fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap

142.250.74.106

200 OK

7.0 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint58:16:76:D3:35:A7:C7:1B:68:67:E2:F5:33:04:0E:E9:CB:56:BD:77
ValidityMon, 06 May 2024 14:43:20 GMT - Mon, 29 Jul 2024 14:43:19 GMT

File type
ASCII text, with very long lines (7193), with no line terminators
Size
7.0 kB (7004 bytes)
Hash
16b49a99486594c0b42d9bd7821deb2c
2fb46e5e86d6b37d4497cc04bfd89b3cb33a276a
3f3540952441e06ef81189cf63d46bac242804e386779dbb0cdd78ed10025c21

HTTP Headers

GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 22 May 2024 09:31:44 GMT
date: Wed, 22 May 2024 09:31:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

csk.artclass.site/uv/uv.bundle.js

104.21.234.105

200 OK

672 kB

URL GET HTTP/3
csk.artclass.site/uv/uv.bundle.js
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type

Size
672 kB (672297 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uv/uv.bundle.js HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/load.html?game=templerun2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:41 GMT
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=120
etag: W/"a4229-18d51a83f32"
last-modified: Sun, 28 Jan 2024 19:59:57 GMT
x-powered-by: Express
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=STknAvplzrHZCawbhDC2CEnhsx2rvJXdxvVvatlp3qOI2BT19lhfE06uIjwn%2FJH901rD4m0mPG%2FeMZ%2BI1XHrLQNLmrja1zQFntC%2BkcmlNBbBBr4rW3I8Pcjj%2FflpMXUc5WGr7w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb6b5a93949c-LHR
content-encoding: br

csk.artclass.site/assets/data/apps.js

104.21.234.105

200 OK

4.6 kB

URL GET HTTP/3
csk.artclass.site/assets/data/apps.js
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text, with very long lines (4884), with no line terminators
Size
4.6 kB (4606 bytes)
Hash
088afa11ff95a747597bcde90477a30e
b0e3483c73e0e93e88a81581ab081f4a35b21c59
2961f5fb6ee8dc55ab060aaa124b5dba87d92873929430b5da48d8fb0bfa11d8

HTTP Headers

GET /assets/data/apps.js HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/load.html?game=templerun2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:41 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjt3jy"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BnVMcM1IQNG%2BS72VUgWijnm9nZBpaQO6%2BT9D9KewiiTiTgBhB45DJEXBcycz90gfyAARFsyEZ8Gupbr2hi19AmBZvSPy7sZwVRljSZPs9b1%2FnzxjRCoiyBuwz%2B%2B7JkHM%2BoqDvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb6b5aa7949c-LHR
content-encoding: br

csk.artclass.site/js/index.js

104.21.234.105

200 OK

3.9 kB

URL GET HTTP/3
csk.artclass.site/js/index.js
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text, with very long lines (4093), with no line terminators
Size
3.9 kB (3922 bytes)
Hash
e0f6a8923586cb1fe281136098f00cfc
8841a712e0ea479a44ff73925bc92ed8f8a3df17
b5a7fd31e105979a674cbb5c2ba0f0502b243698a3b54684b05af3ead5e0d592

HTTP Headers

GET /js/index.js HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/load.html?game=templerun2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:41 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"sa9an630y"
last-modified: Tue, 12 Mar 2024 22:33:06 GMT
cache-control: max-age=120
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZsA0TbMyt8IqpXuAgxlNXKQI84IC7JukxQ0OEON%2FIFv2K7bYTUr7SnFUDLZgOibXBwCg%2BOZkkfte7W9cqck%2BnIXbslfcWMWq7HsPpI93NOXiekal11Shbm56HHeQi8IcdP6u3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb6b5aa2949c-LHR
content-encoding: br

recordedthereby.com/sfp.js

188.114.96.1

200 OK

85 kB

URL GET HTTP/2
recordedthereby.com/sfp.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectrecordedthereby.com
FingerprintA3:3F:9B:AE:CF:C6:1B:C3:8B:FC:65:01:2F:06:6A:22:60:3C:8E:AF
ValidityWed, 08 May 2024 14:16:18 GMT - Tue, 06 Aug 2024 14:16:17 GMT

File type

Size
85 kB (85378 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 May 2024 09:31:44 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: ca70c2158e6c858bb5529ea36f41d804
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 22 May 2024 09:31:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HrbdAs1iCBjMKcrHv6WvLOXPh46TElPPQhuB4IWGaGNjOpkxIHLIQ3YrxPv045nekAGPMW4l8er8s2XQKYjOUdM8srALlE%2FHOxsW6yZO3qZ5abTo1baBAF7O%2FoiJddyjdh5Y6K9a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb7be9c2b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

abodedistributionpan.com/pixel/sbls?bv=24.21.5047&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fcss%2Fanimate.css&l=78693&fd=327

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
abodedistributionpan.com/pixel/sbls?bv=24.21.5047&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fcss%2Fanimate.css&l=78693&fd=327
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subjectabodedistributionpan.com
Fingerprint0A:F0:49:46:E9:89:77:CB:6E:7E:0C:A3:C6:E1:22:CA:19:69:A4:DC
ValidityMon, 06 May 2024 08:18:50 GMT - Sun, 04 Aug 2024 08:18:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/sbls?bv=24.21.5047&tmpl=482&u=https%3A%2F%2Fcdn.creative-bars1.com%2Fsb%2Finterstitial%2Fsweep%2Fdefault%2Fstories%2F1%2Fcss%2Fanimate.css&l=78693&fd=327 HTTP/1.1
Host: abodedistributionpan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Cookie: u_pl=22608349; uid_id2=138bb410-39a3-4ef9-bb2a-bb84e08bc4f4:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slec4ed6beda21708e4b8f45fca957964a1f=[5210994,5210995]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 22 May 2024 09:31:44 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

csk.artclass.site/js/preload.js

104.21.234.105

200 OK

3.6 kB

URL GET HTTP/3
csk.artclass.site/js/preload.js
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
HTML document, ASCII text, with very long lines (3764), with no line terminators
Size
3.6 kB (3639 bytes)
Hash
04f892b78980ba1263507fc52968c680
3c865dceddb2e04fb46f1830c9741702d02940d5
6608d3ec192fdc5ab6237f2a758579cceae587bb5257771f28f80ac112ece805

HTTP Headers

GET /js/preload.js HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/load.html?game=templerun2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:41 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"scfez02t3"
last-modified: Wed, 24 Apr 2024 02:59:24 GMT
cache-control: max-age=120
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fb5Ij38mqXWaktMX6VY%2BHk7aiV3VqNOcGJtdgFoUBEyTlBEy5OHXAmaV%2FDy3V%2BvzT29bjYneDc5qtpNp7KV9lRg8%2FMhwqfqiWTj7eU%2B8%2B3tFrTcGVpDhDLcu2u%2BW8QcSx9C8rw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb6b5a9a949c-LHR
content-encoding: br

recordedthereby.com/sfp.js

188.114.96.1

200 OK

85 kB

URL GET HTTP/2
recordedthereby.com/sfp.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectrecordedthereby.com
FingerprintA3:3F:9B:AE:CF:C6:1B:C3:8B:FC:65:01:2F:06:6A:22:60:3C:8E:AF
ValidityWed, 08 May 2024 14:16:18 GMT - Tue, 06 Aug 2024 14:16:17 GMT

File type

Size
85 kB (85378 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 May 2024 09:31:43 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: eaea1e97bfe9e806a37d1017877c6ee2
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 22 May 2024 09:31:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w%2BgeYvESSNSXWYmCvrYvP7tFvJRbLM5BKRUVo558sHw4C%2Bvx2v5ls5cBEyChGad9ZEg%2BqHRDWUux3KImnrgUWwaM4iEo6rdFB%2Fs%2FFZHzRitMuMDgtGvYLftW1V38UX%2FU7YBX7KTj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb782b83b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

csk.artclass.site/css/themes.css

104.21.234.105

200 OK

2.0 kB

URL GET HTTP/3
csk.artclass.site/css/themes.css
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text, with very long lines (2108), with no line terminators
Size
2.0 kB (1989 bytes)
Hash
8189d45dd71c3ba47674509757a28cb3
8c6262bf8dfe492d57909de0ef9791e5ac701d23
ff8fd085106f207616121fb5095f3ec59dadc97ffdd5760e9cc656fc3e3bab85

HTTP Headers

GET /css/themes.css HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/css/master.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:41 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjt1j9"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vEkn%2FiIVZXy3SfSifMwvexiwlO31APQbhFplASlzR%2BBlSip1Z4V%2B%2FGQ%2BTXoqrDBBgNXh6P9crMazB1GeQ3hEejvem%2FgzIhIs9ybM3zTUBjf47x64TDUAbNNAMGhaDKsyYKWJ4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb6dbdb1949c-LHR
content-encoding: br

csk.artclass.site/service/hvtrs8%2F-aqsgtq.1kj0%2Cngt-tgmrlg-pul-0%2Fknfez.jtol

104.21.234.105

404 Not Found

0 B

URL GET HTTP/3
csk.artclass.site/service/hvtrs8%2F-aqsgtq.1kj0%2Cngt-tgmrlg-pul-0%2Fknfez.jtol
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /service/hvtrs8%2F-aqsgtq.1kj0%2Cngt-tgmrlg-pul-0%2Fknfez.jtol HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/load.html?game=templerun2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Wed, 22 May 2024 09:31:42 GMT
content-length: 0
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3TsoPhhJFS4kZdy0YqtZWUiP5uAa8FM2DxHC0PyFOXy9fMJfBKIAvCRqctWcaD3GXrCbTeGMe9m%2FmM0AsVH1A7N9qOopccH6ZzzB87MVTEY4zo8sWugVNAmRXwIj1w9ChbgAjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 887bcb72dcc4949c-LHR

analytics.proudparrot2.tech/script.js

0.0.0.0

0 B

URL GET
analytics.proudparrot2.tech/script.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://csk.artclass.site/load.html?game=templerun2

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /script.js HTTP/1.1
Host: analytics.proudparrot2.tech
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/css/animate.css

172.67.141.24

200 OK

79 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/css/animate.css
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
ASCII text
Size
79 kB (78693 bytes)
Hash
5982c5377696d20476871062646b253f
8bf2c93fa9ccc908f7df0fb7abb911bbac3e4242
4e23a6449e6ef4614f0107cecf5c9eda75d2041c7c71f4a55d45f2a7e75450f4

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://csk.artclass.site
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 May 2024 09:31:44 GMT
content-type: text/css
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: W/"65aa847c-13365"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KLS%2BqeCzVDL60tJ30ChOlHRr%2BjINbm5yoyxpaChwcC0rtUyOM3yp7zP7cdX3V0srWAU0wdhqoIC2VuoU8zscRNHg2sJ4ao%2F3vnUB5MBNneNqzqCGY%2BELpOC3YXHngFd%2FKUwo%2F0KL5fs8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb823bafb524-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/js/jquery.min.js

172.67.141.24

200 OK

87 kB

URL GET HTTP/2
cdn.creative-bars1.com/sb/interstitial/sweep/default/stories/1/js/jquery.min.js
IP
172.67.141.24:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectcreative-bars1.com
Fingerprint3D:29:39:2C:F1:E5:C6:EF:54:F5:70:B5:CF:A8:C2:75:4D:89:72:13
ValidityMon, 15 Apr 2024 15:02:18 GMT - Sun, 14 Jul 2024 15:02:17 GMT

File type
JavaScript source, ASCII text, with very long lines (32058)
Size
87 kB (86659 bytes)
Hash
c9f5aeeca3ad37bf2aa006139b935f0a
1055018c28ab41087ef9ccefe411606893dabea2
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 May 2024 09:31:44 GMT
content-type: application/javascript
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: W/"65aa847c-15283"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1876424
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uYwTkt7ixdw0vbVt1smLaHgZuEW6ISqtWG1W9XdOlN280MeXtUOZj9Ty00AbuF26a5%2FOFORtpuzja%2F8NCT1DapMnLk1NlTR%2BiHHUTsFbCKypcA%2FD0%2FmAItcqtGor0yAi6xkZF8H%2FXv1W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb82ecfdb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

csk.artclass.site/assets/data/games.js

104.21.234.105

200 OK

26 kB

URL GET HTTP/3
csk.artclass.site/assets/data/games.js
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text
Size
26 kB (25830 bytes)
Hash
0db2eed829115b147c3da0ff3dfd7a19
d27e7070f36b0277fa5576adc311200bd9f08efa
457c85e69f8cef99e934ce372512f0a6754512f2e5e7273d3844fde450a7781f

HTTP Headers

GET /assets/data/games.js HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/load.html?game=templerun2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:41 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"sa5grjjxi"
last-modified: Sun, 10 Mar 2024 20:54:55 GMT
cache-control: max-age=120
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KhTQRDHOM8Iv%2F1EpW2%2BFKB4InqXsmAwiBYq4accOdzuHtvj3Js8mT4YBJlOHftjXDRB41qjd%2BF254ZsHi%2F9evllvU36ymyCvuSO%2BJ4M9z1asmLOFF9ppQOEr3itO8yrZXNVZOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb6b5aa4949c-LHR
content-encoding: br

fonts.gstatic.com/s/jetbrainsmono/v18/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yK0BNntkaToggR7BYZbNPxDcwg.woff2

142.250.74.99

200 OK

31 kB

URL GET HTTP/2
fonts.gstatic.com/s/jetbrainsmono/v18/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yK0BNntkaToggR7BYZbNPxDcwg.woff2
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE4:8A:04:4E:A9:40:14:A5:25:38:29:DB:90:36:5A:67:AE:85:31:6C
ValidityMon, 06 May 2024 14:43:26 GMT - Mon, 29 Jul 2024 14:43:25 GMT

File type
Web Open Font Format (Version 2), TrueType, length 30960, version 1.0
Size
31 kB (30960 bytes)
Hash
1fdb405af078a06205123cec5d912e0f
5758307963b327b7ceb918d8f4f29be3c051bbed
e9b6fcd97ae3f51330bb9d01f3b62c5ea4ce8860967fb748aa1c7c115689b09e

HTTP Headers

GET /s/jetbrainsmono/v18/tDbv2o-flEEny0FZhsfKu5WU4zr3E_BX0PnT8RD8yK0BNntkaToggR7BYZbNPxDcwg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://csk.artclass.site
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30960
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 17 May 2024 05:09:48 GMT
expires: Sat, 17 May 2025 05:09:48 GMT
cache-control: public, max-age=31536000
age: 447713
last-modified: Tue, 02 May 2023 14:52:37 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.barscreative1.com/sb/interstitial/sweep/default/stories/1/index.html

45.133.44.4

200 OK

1.1 kB

URL GET HTTP/2
cdn.barscreative1.com/sb/interstitial/sweep/default/stories/1/index.html
IP
45.133.44.4:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerLet's Encrypt
Subjectcdn.barscreative1.com
Fingerprint08:55:F0:C8:EA:24:54:0D:3C:B9:2C:95:3E:DC:BF:FB:A8:76:BA:BC
ValidityThu, 09 May 2024 03:01:15 GMT - Wed, 07 Aug 2024 03:01:14 GMT

File type
HTML document, ASCII text, with very long lines (1191), with no line terminators
Size
1.1 kB (1125 bytes)
Hash
3cb5e6c9f01bfa7cb22cea97b0b797bd
e7d11b7e73cef3077f1fd9422b02887a0a9b92a3
ff16f3fe2fabcd2e6ff096ae0c0c535ea1b9e3ad821158fe96dd38a673a24ca8

HTTP Headers

GET /sb/interstitial/sweep/default/stories/1/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://csk.artclass.site
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 22 May 2024 09:31:44 GMT
content-type: text/html; charset=utf-8
server: nginx/1.21.6
last-modified: Fri, 19 Jan 2024 14:17:32 GMT
etag: W/"65aa847c-465"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 22 May 2024 10:31:44 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2

csk.artclass.site/js/load.js

104.21.234.105

200 OK

2.6 kB

URL GET HTTP/3
csk.artclass.site/js/load.js
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text, with very long lines (2725), with no line terminators
Size
2.6 kB (2585 bytes)
Hash
8353e9415f003f3f529ea3a1a063169b
312b5bcfd360299e60e2e170c1bec229621e98cd
c7e3222482c6286d69e7a4329b5ea7c8caac2afffdc50f8fcf71aa7df69b2b8e

HTTP Headers

GET /js/load.js HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/load.html?game=templerun2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:41 GMT
content-type: application/javascript
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjt1zt"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f07%2BYhRNO%2FejRJKP5CKuPSAQelYvwE5DiKk3zmDOlBu0c%2BDyE9o8PfA3%2BR27%2Bnl7hsFFuM0sg2tpCz2%2BbQt6Hk3NyZJG3S%2FRI6TmX92Rofvf7dHygHf0FWzrBACJfdh%2BmpnWqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb6b5aad949c-LHR
content-encoding: br

csk.artclass.site/css/cards.css

104.21.234.105

200 OK

754 B

URL GET HTTP/3
csk.artclass.site/css/cards.css
IP
104.21.234.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://csk.artclass.site/load.html?game=templerun2
Certificate
IssuerGoogle Trust Services LLC
Subjectartclass.site
Fingerprint68:C0:2A:49:31:95:C5:52:D7:9B:66:49:44:EF:B5:D4:1A:81:AB:2A
ValiditySat, 30 Mar 2024 14:12:34 GMT - Fri, 28 Jun 2024 14:12:33 GMT

File type
ASCII text, with very long lines (801), with no line terminators
Size
754 B (754 bytes)
Hash
a24e392c65537a27f4c33fc92d807ad2
cfbb52e32ef58b3ede60f20ac20e60730d36a9bd
c05f4888b0b5eab2032bd706e597f981d5d5436b633c3ed942c6640a32052f89

HTTP Headers

GET /css/cards.css HTTP/1.1
Host: csk.artclass.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://csk.artclass.site/css/main.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 22 May 2024 09:31:41 GMT
content-type: text/css; charset=utf-8
alt-svc: h3=":443"; ma=86400
etag: W/"s7zkjtky"
last-modified: Sun, 28 Jan 2024 19:23:53 GMT
cache-control: max-age=120
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oTPSs2TrqfWAwV5lyG3L4Wq9lvwHZK24gJD21UsVz67o0uKaf3UgWJFQF4kd9UncdPec9kA8AMspggA7HgPHJ5Vi73TFJlGwAC0fYNAjZKkXE9cvKhHLtpLOrwU6ea6lKOQIOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 887bcb6ff8b0949c-LHR
content-encoding: br

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash