POST nannyirrationalacquainted.com/pixel/pure
200 OK 0 B URL POST nannyirrationalacquainted.com/pixel/pure
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectnannyirrationalacquainted.com
Fingerprint47:7E:21:A4:36:CD:A7:87:FA:E3:71:88:12:63:65:05:63:7A:64:EF
ValidityWed, 19 Feb 2025 01:01:15 GMT - Tue, 20 May 2025 01:01:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /pixel/pure HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 13 Apr 2025 15:21:05 GMT
Content-Length: 0
Connection: keep-alive
Host: nannyirrationalacquainted.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css
200 OK 23 kB URL GET maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint90:B1:98:4A:7E:D6:37:CF:9B:DC:7D:67:82:58:17:6C:F7:F6:11:DE
ValiditySun, 16 Mar 2025 01:14:49 GMT - Sat, 14 Jun 2025 02:14:23 GMT
File type ASCII text, with very long lines (23192)
Hash ab6b02efeaf178e0247b9504051472fb
8256575374f430476bdcd49de98c77990229ce31
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e
GET /bootstrap/3.3.7/css/bootstrap-theme.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: W/"ab6b02efeaf178e0247b9504051472fb"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 03/18/2024 12:13:26
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1048
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requesttime: 0
cdn-requestid: 85dd826589f3e527b47e8217a7357bab
cdn-cache: HIT
cf-cache-status: HIT
age: 1245811
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 92fbf3682aea56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET clickndownload.online/images_new/logo.png
200 OK 3.8 kB URL GET clickndownload.online/images_new/logo.png
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type PNG image data, 266 x 45, 8-bit/color RGBA, non-interlaced
Hash 18dbed375d9a1ef749c74ac5138aa264
6282f8a7fcd2f81658d834f8c9f304d28555787c
4f331ff98a0e33ce634a2135e9a9e580b841595848450ab0533ce84a3e7bc0e1
GET /images_new/logo.png HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/css_new/style.css?r=1
Cookie: aff=35143
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:02 GMT
content-type: image/png
content-length: 3756
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m1vI2t8X%2FbwmM0kzNwmkeXzSOmkfE23DDNAEtR%2B004U0HHBBPW9h0imens44hXzohdknfRNEZjkS91umMbx7EGOXA5Ajr3X9dL0SnuXeyPjxEPSeYUVmhtf%2FgA86a7yLa3bOetK6ksI%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "eac-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6556
accept-ranges: bytes
cf-ray: 92fbf3715b24569c-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=2884&x=16"
GET nannyirrationalacquainted.com/pixel/purst?dl=0&th=0&sc=0&rs=3851&rd=3851&fd=1764&bv=25.3.2388&tmpl=70
200 OK 0 B URL GET nannyirrationalacquainted.com/pixel/purst?dl=0&th=0&sc=0&rs=3851&rd=3851&fd=1764&bv=25.3.2388&tmpl=70
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectnannyirrationalacquainted.com
Fingerprint47:7E:21:A4:36:CD:A7:87:FA:E3:71:88:12:63:65:05:63:7A:64:EF
ValidityWed, 19 Feb 2025 01:01:15 GMT - Tue, 20 May 2025 01:01:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3851&rd=3851&fd=1764&bv=25.3.2388&tmpl=70 HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 13 Apr 2025 15:21:03 GMT
Content-Length: 0
Connection: keep-alive
Host: nannyirrationalacquainted.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
POST gloacaultoa.net/5/2234672/?oo=1&js_build=iclick-v1.1125.0&dmn=madurird.com&tt=2&ix=0
204 No Content 0 B URL POST gloacaultoa.net/5/2234672/?oo=1&js_build=iclick-v1.1125.0&dmn=madurird.com&tt=2&ix=0
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectgloacaultoa.net
Fingerprint2C:75:0F:38:EE:31:53:EF:F2:FA:CF:82:33:A7:4B:EB:73:7B:34:DC
ValidityTue, 08 Apr 2025 12:08:15 GMT - Mon, 07 Jul 2025 12:08:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /5/2234672/?oo=1&js_build=iclick-v1.1125.0&dmn=madurird.com&tt=2&ix=0 HTTP/1.1
Host: gloacaultoa.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 2628
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx
date: Sun, 13 Apr 2025 15:21:08 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://clickndownload.online
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
OPTIONS nannyirrationalacquainted.com/pixel/pure
204 No Content 0 B URL OPTIONS nannyirrationalacquainted.com/pixel/pure
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectnannyirrationalacquainted.com
Fingerprint47:7E:21:A4:36:CD:A7:87:FA:E3:71:88:12:63:65:05:63:7A:64:EF
ValidityWed, 19 Feb 2025 01:01:15 GMT - Tue, 20 May 2025 01:01:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://clickndownload.online/
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Sun, 13 Apr 2025 15:21:08 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
GET clickndownload.online/css/bootstrap.css
200 OK 144 kB URL GET clickndownload.online/css/bootstrap.css
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type ASCII text, with very long lines (540)
Size 144 kB (144219 bytes)
Hash de29a2a7f8fdd32726d8e70fa3037379
45686004dcb4a332ffd98cca3ba7979bf1a02aa7
0dd311ba439876efdb560247faf414416adb4683c5184c817c5c4ff1137e8a9a
GET /css/bootstrap.css HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Cookie: aff=35143
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dqvlHFBWyfTH2CrI2%2BRcDwSnorvqFQcEW27RiBjQHz9Izi7wqQ5FsNkGrxbUV%2BTX6N%2B%2B28uz2K8k90hlRhSAWbrx%2B6rBvKgRtpwE04vRYlRhk%2B2jTlvsTd%2FtBvD%2BHiB0tGalQE5q3OM%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: W/"2335b-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 592
content-encoding: br
cf-ray: 92fbf367aa7c569c-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=1349&x=16"
GET clicknupload.click/images/buy_eth.png
200 OK 1.2 kB URL GET clicknupload.click/images/buy_eth.png
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclicknupload.click
Fingerprint59:08:1E:04:CC:07:3B:0D:51:09:88:8C:75:64:A3:7B:86:39:81:84
ValidityWed, 26 Mar 2025 22:26:58 GMT - Tue, 24 Jun 2025 23:24:29 GMT
File type PNG image data, 222 x 83, 8-bit colormap, non-interlaced
Hash 479f53c7a95b733a3f75549dc81911c0
08b0afdccd31497faa329c53305a33f961ee248c
dfe6abeb48711f23656d32822f8b2aedf5283c1d545bd4bcb31db12bb67d9087
GET /images/buy_eth.png HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: image/png
content-length: 1226
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "4ca-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4937
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rmCMMOa2qWMc5I%2BUjgOvYR4Y7eqp6BK3ojwZz%2BQdlHiWscIgm3TK2m9lYi0rXeD7oIH8PVsXnFZ6l1W8zv3UwkE7xU%2FldjOcTMwsEeSTiOwFmHkdrfE2XNDZphfGBcJnbMztsIQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fbf36a0da456c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=681&min_rtt=397&rtt_var=273&sent=36&recv=21&lost=0&retrans=0&sent_bytes=31040&recv_bytes=1636&delivery_rate=13668974&cwnd=245&unsent_bytes=0&cid=1a046cf3dc406f90&ts=291&x=0"
X-Firefox-Spdy: h2
GET experttrafficcounter.com/stats
200 OK 40 B URL GET experttrafficcounter.com/stats
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerAmazon
Subjectexperttrafficcounter.com
FingerprintEE:A0:89:D0:CF:A2:E2:EC:50:6D:6C:20:D2:5A:BB:B9:8C:6E:3F:CC
ValidityThu, 23 Jan 2025 00:00:00 GMT - Sat, 21 Feb 2026 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 43573d76fe0bece38b58c5f989867f6d
45658600a1094f00a7f3267efa4b457a717ea1a3
09670009827af9a85568b96639d76b356e76105d3b3e3f5517c453a253b2ea10
GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Cookie: uid_id2=196d5e5a-cfd8-41c9-815c-a216e5301836:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:08 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://clickndownload.online
vary: Origin
access-control-allow-credentials: true
X-Firefox-Spdy: h2
GET clicknupload.click/images/buy_ltc.png
200 OK 9.4 kB URL GET clicknupload.click/images/buy_ltc.png
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclicknupload.click
Fingerprint59:08:1E:04:CC:07:3B:0D:51:09:88:8C:75:64:A3:7B:86:39:81:84
ValidityWed, 26 Mar 2025 22:26:58 GMT - Tue, 24 Jun 2025 23:24:29 GMT
File type PNG image data, 105 x 40, 8-bit/color RGBA, non-interlaced
Hash 37d6e42e503157e2a89a8cadc4eb6478
320154baf290f5ae67a8d607b113ead68d2c576d
c8237c1024afc9b010ff81c2563a86c4a28d4c5486f9105aa2f06c4c5069e401
GET /images/buy_ltc.png HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: image/png
content-length: 9409
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "24c1-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 142
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yXtnJZCx7P0ei%2B3WMwk2bono7WjqPHJkiHrVwUhUJHjAvVpujymbIjho%2B56y%2B8aQUmP5O%2FfuWkrJwgMl%2Bx%2FktrFdKfiZ7MNtSbjyNcXu%2BsJQQAG9yl4Ho16A1AfEfsETOF5ggc0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fbf36a0da856c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=704&min_rtt=397&rtt_var=452&sent=24&recv=18&lost=0&retrans=0&sent_bytes=19781&recv_bytes=1636&delivery_rate=6906200&cwnd=245&unsent_bytes=0&cid=1a046cf3dc406f90&ts=288&x=0"
X-Firefox-Spdy: h2
OPTIONS nannyirrationalacquainted.com/pixel/pure
204 No Content 0 B URL OPTIONS nannyirrationalacquainted.com/pixel/pure
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectnannyirrationalacquainted.com
Fingerprint47:7E:21:A4:36:CD:A7:87:FA:E3:71:88:12:63:65:05:63:7A:64:EF
ValidityWed, 19 Feb 2025 01:01:15 GMT - Tue, 20 May 2025 01:01:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://clickndownload.online/
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.21.6
Date: Sun, 13 Apr 2025 15:21:05 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
GET my.rtmark.net/gid.js?userId=m5yg241749du974421011x4g8uwko631
200 OK 65 B URL GET my.rtmark.net/gid.js?userId=m5yg241749du974421011x4g8uwko631
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint03:52:6A:BD:35:83:43:81:AF:25:BB:A3:26:97:D1:78:25:73:A4:C9
ValidityTue, 04 Mar 2025 10:39:32 GMT - Mon, 02 Jun 2025 11:39:29 GMT
Hash 48c8ab5b821c71f4b0da336762d3eb57
f3bc5b54738fc0165ed1d8a3883e8a8ce3dc7859
c180e0bbf4427fa6db8cb62de7030a11e64d153d13908185717cbbfba6104e4b
GET /gid.js?userId=m5yg241749du974421011x4g8uwko631 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Cookie: ID=0801aa91f31741f4e66aed105301fdaf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:08 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://clickndownload.online
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0801aa91f31741f4e66aed105301fdaf; expires=Mon, 13 Apr 2026 15:21:08 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 92fbf39389c1568d-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET clickndownload.online/css_new/font/OpenSans-Regular.woff
200 OK 68 kB URL GET clickndownload.online/css_new/font/OpenSans-Regular.woff
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type Web Open Font Format, TrueType, length 67528, version 1.10
Hash 33ad0b840f7ea248dbc031820adf3040
e2b8f3a755202c8557093b44bcfccdec10d3ff0a
d12fd1d8afb1c2d8cb9d59868336a6c9e357af548f36aa41bcdb12fa19158365
GET /css_new/font/OpenSans-Regular.woff HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/css_new/style.css?r=1
Cookie: aff=35143
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:02 GMT
content-type: application/font-woff
content-length: 67528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LyTtPnpEGVYPqOh9oXakpGNJFLXAz51k%2BZ6HnG5MOpZZdhou8dMLyHzLrtBxdZ1%2BpWtvj0hbbKWDdreKntxHx2s5LEk9WK77etDBaLKX9K2RKa39Ef%2BpDG6hN3puWrF%2B4MJ6lZRALxc%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "107c8-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2601
accept-ranges: bytes
cf-ray: 92fbf3716b2b569c-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=2890&x=16"
GET capaciousdrewreligion.com/advertisers.js
200 OK 0 B URL GET capaciousdrewreligion.com/advertisers.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
FingerprintF2:06:B4:93:08:6A:C2:08:91:7D:7A:22:BE:44:FF:74:BE:CC:0C:2E
ValidityMon, 03 Mar 2025 21:07:24 GMT - Sun, 01 Jun 2025 21:07:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 13 Apr 2025 15:21:04 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 76aff7e8d5c379062092773bfa8d9ab9
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
200 OK 40 kB URL GET fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT
File type Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Hash 9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 10:03:46 GMT
expires: Fri, 10 Apr 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 278246
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
200 OK 55 kB URL User Request GET clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
IP
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (28183)
Hash 4bc098af6ece8c123bff2270b846deee
40a96aa6b5fcd4bc6c3ac6f5cf7be989bd89b479
60aff09b42dfad691061fc84d861db7771d21c628e0d11b84f9fe7baccc0cbda
GET /yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:00 GMT
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Sat, 12 Apr 2025 15:20:59 GMT
cf-cache-status: BYPASS
set-cookie: aff=35143; domain=.clickndownload.online; path=/; expires=Sun, 27-Apr-2025 15:20:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QdEp4jTlLH0uzYu7DhwzTup1UdZm%2FqxhmziOp2mQ9%2B5L0OPty0TambGGQbNk4vcvZJQmaVeOojAXXavL%2BvT%2FQxeb8cm7%2FUfH2vWB5UjN2fX%2FlgCTz1ZWUhsl5mqYOsaAmx78T8AXtWo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fbf35d48f15693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=6274&min_rtt=500&rtt_var=11558&sent=8&recv=12&lost=0&retrans=0&sent_bytes=3229&recv_bytes=1166&delivery_rate=6350877&cwnd=254&unsent_bytes=0&cid=d5956ca380d68bec&ts=348&x=0"
X-Firefox-Spdy: h2
GET maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css
200 OK 24 kB URL GET maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint90:B1:98:4A:7E:D6:37:CF:9B:DC:7D:67:82:58:17:6C:F7:F6:11:DE
ValiditySun, 16 Mar 2025 01:14:49 GMT - Sat, 14 Jun 2025 02:14:23 GMT
File type ASCII text, with very long lines (23577)
Hash 04425bbdc6243fc6e54bf8984fe50330
8c15c6bd82c71e9ef1bb11cf24e502fe07518ac5
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
GET /font-awesome/4.3.0/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: text/css; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: "04425bbdc6243fc6e54bf8984fe50330"
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-proxyver: 1.06
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 11/06/2024 09:03:28
cdn-edgestorageid: 1068
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requesttime: 0
cdn-requestid: 145fa65275dd7fc0ae8191346cf3bbbe
cdn-cache: HIT
cf-cache-status: HIT
age: 207266
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 92fbf3694f670b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET clickndownload.online/images_new/ico_signup.png
200 OK 437 B URL GET clickndownload.online/images_new/ico_signup.png
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type PNG image data, 19 x 15, 8-bit/color RGBA, non-interlaced
Hash cc927adee9d551cb449bc15c8a05e1ee
015a8551352393fde20a76d274f13da1cb54aa3b
094fde141b6a59b1ad394ae642df5776c43ea0e81a9fce018187832d106b7738
GET /images_new/ico_signup.png HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/css_new/style.css?r=1
Cookie: aff=35143
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:02 GMT
content-type: image/png
content-length: 437
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tQK5mgqjQg%2FUmrCl6UtsTT2yPZPel9lU3EUkmrYTOeyX26WRw3RTFgTx8Za4Iy69PfQVM5DllAkmlLQGeD1dZ43l0G%2B4tWp8Bw05g5a7Bh5b%2BssxRr9lQOx%2Bl3Q76xZBZNo9rdVV12s%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "1b5-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6556
accept-ranges: bytes
cf-ray: 92fbf3716b28569c-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=2889&x=16"
GET clickndownload.online/css_new/style.css?r=1
200 OK 96 kB URL GET clickndownload.online/css_new/style.css?r=1
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type ASCII text, with very long lines (339)
Hash e22ca2f4bc86d86b0712de8cc63a35bd
79b790aaf4cf7b48a2cb68c35f5c6d2a07fc1ddd
570ead7030ff62066608ee2e9d73287ff2aa7d01ba5d44b0d26b0d2155a72e94
GET /css_new/style.css?r=1 HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Cookie: aff=35143
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: text/css
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vkCpeRL%2Fcqd0thm5zF%2BaWZac8qePQP92Q1y4E2agUu8AdsjgbTKyjoNXI7qy5rFi9CD3nvelrelrdAGhXO4bBhygmClH%2BN8DoXu%2FcspRItUpCLiZCPCfy4M6deRg8O4y5Sdf2MzBX3o%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sun, 07 Aug 2022 23:26:23 GMT
etag: W/"1776a-5e5af070d7ac9"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2600
content-encoding: br
cf-ray: 92fbf367ca7d569c-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=1356&x=16"
GET clickndownload.online/images/flags.png
200 OK 15 kB URL GET clickndownload.online/images/flags.png
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type PNG image data, 1248 x 11, 8-bit/color RGBA, non-interlaced
Hash 0e7e0406e09ea913dc344ca9974ec94a
084fcf2d8e96661354a7e563f64801dfd13bead7
0787e30d6145bc8b8b92ed329f664bcc3012162ccba9ef943d7ada480afb74e9
GET /images/flags.png HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/css_new/style.css?r=1
Cookie: aff=35143
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:02 GMT
content-type: image/png
content-length: 15180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ppvgEkf0ada2qkeFqYe0sp2wlVokS3z%2BbtJ0BvK%2FIBHqGRNzc6B5KQgzIZgDQEkl%2F09hC5A5fGrQF51jM%2FY9stKMk%2BehQyLYfPkucuvixqIO0a0krj4BmgdsKF%2FFw1Co8%2F1LOmD8VM4%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "3b4c-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6556
accept-ranges: bytes
cf-ray: 92fbf3715b25569c-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=2883&x=16"
GET recordedthereby.com/sfp.js
200 OK 85 kB URL GET recordedthereby.com/sfp.js
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectrecordedthereby.com
Fingerprint19:45:8B:8A:1B:43:8F:CB:7D:D5:AA:7C:FF:FA:04:93:35:CA:9D:47
ValidityThu, 06 Mar 2025 21:25:47 GMT - Wed, 04 Jun 2025 21:25:46 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 108625937affa4b38bb17cea65510d72
2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee
c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 13 Apr 2025 15:21:03 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28255
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 3bde20010387cbf9b255548e0fbaa0d6
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET clickndownload.online/yjaj91uu4z9s/favicon.ico
200 OK 13 kB URL GET clickndownload.online/yjaj91uu4z9s/favicon.ico
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type HTML document, Unicode text, UTF-8 text
Hash a723eac8da622c531e5990351074410c
96c7bcc02fdb97a3f6d0144dbbcb77165e87c0f6
ba905a512de7df75d3fcaa6e7cecb353e03edd22cbbb70f17d417cdf903f5f33
GET /yjaj91uu4z9s/favicon.ico HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Cookie: aff=35143; ref_url=https%3A%2F%2Fclickndownload.online%2Fyjaj91uu4z9s%2FMors_Perfectionist_v1.0.0_WiN_OSX.rar; _ga_G0GWKC1CMJ=GS1.1.1744557663.1.0.1744557663.0.0.0; _ga=GA1.1.1237921132.1744557663
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:04 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ea8B5l4TUkQ0VG9ST3ngcdGpcOdmW%2F1DwYxGzSYfYvrpWv%2BdIswYAlZ06wBU5YF6sw3Z%2Bltr5vjcjbs%2BBou9ucBpzcVXpEZQl0hHGkt8C8eEVaiX6%2BHD3xQPu3T13Z4akqDgZ%2B3aspM%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Sat, 12 Apr 2025 15:21:04 GMT
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Sun, 13 Apr 2025 15:21:04 GMT
content-encoding: br
cf-ray: 92fbf37acbf0569c-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=4624&x=16"
POST nannyirrationalacquainted.com/pixel/pure
200 OK 0 B URL POST nannyirrationalacquainted.com/pixel/pure
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectnannyirrationalacquainted.com
Fingerprint47:7E:21:A4:36:CD:A7:87:FA:E3:71:88:12:63:65:05:63:7A:64:EF
ValidityWed, 19 Feb 2025 01:01:15 GMT - Tue, 20 May 2025 01:01:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /pixel/pure HTTP/1.1
Host: nannyirrationalacquainted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 73
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 13 Apr 2025 15:21:08 GMT
Content-Length: 0
Connection: keep-alive
Host: nannyirrationalacquainted.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
GET code.jquery.com/jquery-3.5.1.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.5.1.min.js
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Sun, 13 Apr 2025 15:21:01 GMT
age: 2178210
x-served-by: cache-lga21981-LGA, cache-hel1410024-HEL
x-cache: HIT, HIT
x-cache-hits: 64, 117098
x-timer: S1744557662.625352,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2
GET stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js
200 OK 60 kB URL GET stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint90:B1:98:4A:7E:D6:37:CF:9B:DC:7D:67:82:58:17:6C:F7:F6:11:DE
ValiditySun, 16 Mar 2025 01:14:49 GMT - Sat, 14 Jun 2025 02:14:23 GMT
File type JavaScript source, ASCII text, with very long lines (59893)
Hash 6bea60c34c5db6797150610dacdc6bce
544afefd148715da7dd52d368a414703390ca0e0
38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff
GET /bootstrap/4.5.0/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: application/javascript; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: "6bea60c34c5db6797150610dacdc6bce"
last-modified: Mon, 25 Jan 2021 22:04:10 GMT
cdn-cachedat: 11/29/2024 22:45:25
cdn-proxyver: 1.06
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 860
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requesttime: 0
cdn-requestid: a0e57fe1a84c8a3f8cfb9235a46d71d4
cdn-cache: HIT
cf-cache-status: HIT
age: 133064
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 92fbf3690f110b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET use.fontawesome.com/releases/v5.1.1/css/all.css
200 OK 46 kB URL GET use.fontawesome.com/releases/v5.1.1/css/all.css
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint35:EC:02:D7:73:13:A8:D4:94:28:42:85:E4:B3:7F:06:4F:C4:1B:CE
ValidityThu, 06 Mar 2025 00:21:22 GMT - Wed, 04 Jun 2025 01:21:21 GMT
File type ASCII text, with very long lines (45538)
Hash 597b70b2ce6b1483f72526c906918fe9
cdb01c449b472defd676e51a50074f5cf3f6076c
d98121a51ed3f911f519cf42be28225dc26b4c9d61cfab0a580118e5c3447463
GET /releases/v5.1.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"597b70b2ce6b1483f72526c906918fe9"
last-modified: Fri, 22 Sep 2023 01:44:26 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 117241
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9J5gPtz2lvNU4Xyy%2BFkvA4iLcYQwt1jWIydaOPyVdNzf0RkxGqS8hacoKuFAqhVqiR8%2Fe6O%2Fj2%2BOnJ2kquqq4DqGAEB%2BM%2B7A5ia89u1zda%2FKYuyRjaJOcoj9Q9nLDPobeSeJZlF0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92fbf3693e6156af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=507&min_rtt=460&rtt_var=134&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3200&recv_bytes=1064&delivery_rate=7063414&cwnd=249&unsent_bytes=0&cid=62ae8681494a7730&ts=186&x=0"
X-Firefox-Spdy: h2
GET fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
200 OK 27 kB URL GET fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint3C:2E:67:30:A6:95:F3:D3:61:49:AB:AC:BC:D1:CF:77:3E:33:8F:B7
ValidityThu, 20 Mar 2025 11:19:46 GMT - Thu, 12 Jun 2025 11:19:45 GMT
File type ASCII text, with very long lines (1572)
Hash da8ad2595d78edf21895319e7d02fe73
d707ec9d6f68fbcfc0e2ebe711b97ad7d67e9aa9
95bce9ed84dcd1e30d88c5e2b2368d24c4e6c60ca58210293d28b3394d1d629a
GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 13 Apr 2025 15:21:11 GMT
date: Sun, 13 Apr 2025 15:21:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET www.googletagmanager.com/gtag/js?id=G-G0GWKC1CMJ
200 OK 376 kB URL GET www.googletagmanager.com/gtag/js?id=G-G0GWKC1CMJ
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint88:85:26:A3:0A:0B:44:C6:92:DD:7B:0B:D1:14:38:BA:26:B9:EF:D9
ValidityThu, 20 Mar 2025 11:18:39 GMT - Thu, 12 Jun 2025 11:18:38 GMT
File type JavaScript source, ASCII text, with very long lines (6129)
Size 376 kB (376494 bytes)
Hash 53049f4e69e15a0183742f5fff72f293
de3356a5f152f5d4ce960e80cc1e9df56663ede5
3c8caa697bfd25575dc42c93a28ab4b6baf43f3e8107ea841ca939e0254b2407
GET /gtag/js?id=G-G0GWKC1CMJ HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 13 Apr 2025 15:21:02 GMT
expires: Sun, 13 Apr 2025 15:21:02 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 125767
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET skillcharging.com/b2/5b/12/b25b1231b97c9a7eb7dff0e8949a5e8f.js
200 OK 97 kB URL GET skillcharging.com/b2/5b/12/b25b1231b97c9a7eb7dff0e8949a5e8f.js
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectskillcharging.com
FingerprintBD:EF:7E:CF:8F:64:94:10:12:41:39:3C:4B:9F:3C:EF:C6:CB:B3:E4
ValidityFri, 28 Mar 2025 22:14:30 GMT - Thu, 26 Jun 2025 22:14:29 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Hash b2f30b8189e6fb614e5035f1119bfede
4ae7b1efbc319483eeca65c7b4f2e8fccf6a0207
4b1e9e71f1863d74b1967d3f4303b8c1b42dd695c063cf7d3e2f6357db6e561b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /b2/5b/12/b25b1231b97c9a7eb7dff0e8949a5e8f.js HTTP/1.1
Host: skillcharging.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sun, 13 Apr 2025 15:21:02 GMT
Content-Type: application/javascript
Content-Length: 29944
Connection: keep-alive
content-encoding: gzip
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
accept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
x-envoy-upstream-service-time: 6
Host: skillcharging.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 4c42a2647e9d10b5afcf651351d32f46
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET clicknupload.click/images/buy_btc.png
200 OK 6.6 kB URL GET clicknupload.click/images/buy_btc.png
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclicknupload.click
Fingerprint59:08:1E:04:CC:07:3B:0D:51:09:88:8C:75:64:A3:7B:86:39:81:84
ValidityWed, 26 Mar 2025 22:26:58 GMT - Tue, 24 Jun 2025 23:24:29 GMT
File type PNG image data, 105 x 40, 8-bit/color RGBA, non-interlaced
Hash aabeda231fd89740160b26231cde4146
b448e7995944224d9fab644f1628070893b7060b
c73e92d4d4acbcdf2e2f21fa0fe4e2a383edb6ec2385fd6cefa6c5ea11b07e5d
GET /images/buy_btc.png HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: image/png
content-length: 6552
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "1998-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 142
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q7DQBU4C6ERv52wW2BsTb7mawO%2FGHsn2FHJuo0rwZHMn85vw%2BRxGlkT42FZKSaM6YseZ3DVTgQscIfmXHcR57kpGNG3hWOa8QrjNUsBUKwI5KrLaWTpRp1ljiwWviMnkFP6PE5k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fbf36a0da656c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=528&min_rtt=397&rtt_var=132&sent=12&recv=17&lost=0&retrans=0&sent_bytes=5111&recv_bytes=1636&delivery_rate=6906200&cwnd=245&unsent_bytes=0&cid=1a046cf3dc406f90&ts=287&x=0"
X-Firefox-Spdy: h2
GET clickndownload.online/images_new/ico_superfast.png
200 OK 603 B URL GET clickndownload.online/images_new/ico_superfast.png
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type PNG image data, 49 x 55, 8-bit/color RGBA, non-interlaced
Hash 846cf458878e3c543e2f0fd6ff940146
c6292ced1aa145007a860bc7352e37e5dd706349
eb396ed047a76891a140323880f45163f88165bb334bdbd2e53c575f012804ed
GET /images_new/ico_superfast.png HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Cookie: aff=35143; ref_url=https%3A%2F%2Fclickndownload.online%2Fyjaj91uu4z9s%2FMors_Perfectionist_v1.0.0_WiN_OSX.rar
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:03 GMT
content-type: image/png
content-length: 603
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=giOb7x9qA23rhaXfWS0G4RoQJdzUupCdvuKSP3PCX9xyux90jC96hoK62CJbJq4kNHRIbYlxSyqEv4yG9xnzuIylxVucKcGvsJ90Z%2FX%2FjGEls7c8wBD0m44UMuyuZPFnySlMBwKLERc%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "25b-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4938
accept-ranges: bytes
cf-ray: 92fbf373cb5b569c-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=3268&x=16"
GET my.rtmark.net/gid.js?userId=m5yg241749du974421011x4g8uwko631
200 OK 65 B URL GET my.rtmark.net/gid.js?userId=m5yg241749du974421011x4g8uwko631
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint03:52:6A:BD:35:83:43:81:AF:25:BB:A3:26:97:D1:78:25:73:A4:C9
ValidityTue, 04 Mar 2025 10:39:32 GMT - Mon, 02 Jun 2025 11:39:29 GMT
Hash 48c8ab5b821c71f4b0da336762d3eb57
f3bc5b54738fc0165ed1d8a3883e8a8ce3dc7859
c180e0bbf4427fa6db8cb62de7030a11e64d153d13908185717cbbfba6104e4b
GET /gid.js?userId=m5yg241749du974421011x4g8uwko631 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Cookie: ID=0801aa91f31741f4e66aed105301fdaf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:07 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://clickndownload.online
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0801aa91f31741f4e66aed105301fdaf; expires=Mon, 13 Apr 2026 15:21:07 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
priority: u=3,i=?0
server: cloudflare
cf-ray: 92fbf38d5849568d-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
HEAD clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
200 OK 0 B URL HEAD clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Cookie: aff=35143
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:03 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5R0%2B98MARROx0absbNhVHB9JI%2Bx8PiSTHJzZxkMmCZ5PPYo%2FyuT9wsnDmeS%2Bk%2BT85Rs965c%2BolGubWEYdmbQ0NtUDTVJZJb2ri5rLy9VLvRz7q1kuBi1n5wgLZVre6EG0g%2B%2Bm1xrkUM%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
expires: Sat, 12 Apr 2025 15:21:03 GMT
cf-cache-status: BYPASS
set-cookie: ref_url=https%3A%2F%2Fclickndownload.online%2Fyjaj91uu4z9s%2FMors_Perfectionist_v1.0.0_WiN_OSX.rar; domain=.clickndownload.online; path=/; expires=Sun, 27-Apr-2025 15:21:03 GMT
aff=35143; domain=.clickndownload.online; path=/; expires=Sun, 27-Apr-2025 15:21:03 GMT
content-encoding: br
cf-ray: 92fbf3716b2a569c-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=3109&x=16"
POST tljgju7kh6ma.l4.adsco.re/
200 OK 0 B URL POST tljgju7kh6ma.l4.adsco.re/
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subject*.l4.adsco.re
FingerprintA3:A1:81:96:9D:3B:EE:16:13:4B:C8:7A:18:50:F8:21:90:08:E8:5A
ValidityWed, 19 Mar 2025 09:14:12 GMT - Tue, 17 Jun 2025 09:14:11 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tljgju7kh6ma.l4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:09 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 02 Jun 2023 14:03:32 GMT
etag: "6479f6b4-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
POST fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8270f7a5-724a-4f9b-afa4-5a5eeadc5872
200 OK 12 B URL POST fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8270f7a5-724a-4f9b-afa4-5a5eeadc5872
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint23:5D:23:03:7B:8D:47:5A:E9:9C:E7:E0:5C:7E:E6:4F:A2:DC:B6:D0
ValidityWed, 11 Dec 2024 00:00:00 GMT - Sun, 11 Jan 2026 23:59:59 GMT
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8270f7a5-724a-4f9b-afa4-5a5eeadc5872 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1460
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Sun, 13 Apr 2025 15:21:10 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://clickndownload.online
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
GET fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
200 OK 40 kB URL GET fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT
File type Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Hash 9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 10:03:46 GMT
expires: Fri, 10 Apr 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 278246
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET clicknupload.click/js/bootstrap-confirm.js
200 OK 3.1 kB URL GET clicknupload.click/js/bootstrap-confirm.js
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclicknupload.click
Fingerprint59:08:1E:04:CC:07:3B:0D:51:09:88:8C:75:64:A3:7B:86:39:81:84
ValidityWed, 26 Mar 2025 22:26:58 GMT - Tue, 24 Jun 2025 23:24:29 GMT
File type JavaScript source, Unicode text, UTF-8 text
Hash ed107aaa46561415692b9d4548c7c615
c23678dd36a64ddd29d8cc102d1b1bebf922875f
ecf662e9f1d25bd142e6b4e5618012a3af7af1a2cd7504d67b90d59ca344ef2f
GET /js/bootstrap-confirm.js HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: application/javascript
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: W/"c4c-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6333
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xzBXTc1zeph3TO7P2FbTsVK1Ttk0mn0FtxetGwoMw4IC6PmFUU951ny3HsISXdPWxPVPejEQeDhiSXK1C78m0uZ4VmUoqXD%2FTFLyAzJpJw6RJTMQt7n3zlx2D5afhxRH%2Bz1GStQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fbf36a0da956c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=528&min_rtt=397&rtt_var=132&sent=9&recv=17&lost=0&retrans=0&sent_bytes=3290&recv_bytes=1636&delivery_rate=6906200&cwnd=245&unsent_bytes=0&cid=1a046cf3dc406f90&ts=286&x=0"
X-Firefox-Spdy: h2
GET clicknupload.click/js/dialogs.js
200 OK 2.2 kB URL GET clicknupload.click/js/dialogs.js
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclicknupload.click
Fingerprint59:08:1E:04:CC:07:3B:0D:51:09:88:8C:75:64:A3:7B:86:39:81:84
ValidityWed, 26 Mar 2025 22:26:58 GMT - Tue, 24 Jun 2025 23:24:29 GMT
Hash 2f96a16e62a9d63834bbb6108f83d90b
7da8c8e56e98e99c6c891f6b44d135fb1276a32c
71fea8e764130d6d3e79297c3c69a3f30ba91e929ef79753dc6fd807d04bc03d
GET /js/dialogs.js HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: application/javascript
last-modified: Sat, 15 Feb 2020 04:18:22 GMT
etag: W/"896-59e959cd3df80"
cache-control: max-age=14400
cf-cache-status: HIT
age: 142
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1XLOOf1Gc2xSR6hlIgpOxaNgRNLmQ124R6lo7DzE3fTFhvqLXWKwv7LMG%2F4KHK5xaqO8vHWD6nUdAR%2Bv%2F63OnssQ95sxFY%2BGR5byuoJOvWhKmBf4ctwNyxL7AdzornDJXOb%2FFOI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fbf36a0d9a56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=719&min_rtt=397&rtt_var=369&sent=33&recv=19&lost=0&retrans=0&sent_bytes=29847&recv_bytes=1636&delivery_rate=8461238&cwnd=245&unsent_bytes=0&cid=1a046cf3dc406f90&ts=289&x=0"
X-Firefox-Spdy: h2
GET clickndownload.online/images_new/ico_money.png
200 OK 565 B URL GET clickndownload.online/images_new/ico_money.png
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type PNG image data, 16 x 19, 8-bit/color RGBA, non-interlaced
Hash 38c78ab79c4abec4f68f1988b2d2f401
8339760412ede29f07476f72e3331292633c8c19
fe08ea553a6794875a3e8e4b2dfd4a13386a71a7cd768daa82cfba983d2aba36
GET /images_new/ico_money.png HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/css_new/style.css?r=1
Cookie: aff=35143
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:02 GMT
content-type: image/png
content-length: 565
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Orz1SNV37jgkFd5UNq4dYmkxfWtgCvSXftDfKTniuYyo2eBvYn8FNHxLMBP3jPOo9U0T97asMMiHfnXObUZkxP1CKAeBSRj2Q5%2FfCi%2F0tWTfEVPM1r3r5gzVu1oAPMzDKbfB%2B5MzXoo%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "235-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 592
accept-ranges: bytes
cf-ray: 92fbf3715b26569c-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=2884&x=16"
GET oomaugnaps.net/www/images/85967e0f010711cbe771143036121ac0.jpg
200 OK 14 kB URL GET oomaugnaps.net/www/images/85967e0f010711cbe771143036121ac0.jpg
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectoomaugnaps.net
Fingerprint46:88:55:C4:EF:5C:FE:BC:C8:46:42:24:45:00:00:E8:EE:C9:D7:BA
ValiditySat, 22 Mar 2025 09:39:52 GMT - Fri, 20 Jun 2025 10:37:28 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Hash 85967e0f010711cbe771143036121ac0
c0bf36cff3d4142c7d498e59a22774918a698c8e
44566fd05f47e8bff3b38d81b468647612482ccdb2b003cf7f9e74ea90f2c389
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /www/images/85967e0f010711cbe771143036121ac0.jpg HTTP/1.1
Host: oomaugnaps.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:11 GMT
content-type: image/jpeg
content-length: 14424
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4zmWBPoqGR%2FWZy%2BWurQPgaRgGSyxJipVlcry9mHlGnQzuNxzht7Gz4CBEldafWqyjYu%2F4k677sC5IoHzK0KFKRFq22gnMys%2FOQChcA0vt9a8CC5YUmBiZBVs10ZesZPa5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Thu, 20 Mar 2025 03:16:49 GMT
etag: "67db88a1-3858"
expires: Mon, 14 Apr 2025 06:55:53 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 30318
accept-ranges: bytes
cf-ray: 92fbf3a8ddce56b5-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=14965&min_rtt=13467&rtt_var=6631&sent=14&recv=12&lost=0&retrans=0&sent_bytes=3861&recv_bytes=1390&delivery_rate=2229&cwnd=12000&unsent_bytes=0&cid=ac4e10b9af454d3a&ts=2168&x=16"
GET use.fontawesome.com/releases/v5.1.1/webfonts/fa-solid-900.woff2
200 OK 60 kB URL GET use.fontawesome.com/releases/v5.1.1/webfonts/fa-solid-900.woff2
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint35:EC:02:D7:73:13:A8:D4:94:28:42:85:E4:B3:7F:06:4F:C4:1B:CE
ValidityThu, 06 Mar 2025 00:21:22 GMT - Wed, 04 Jun 2025 01:21:21 GMT
File type Web Open Font Format (Version 2), TrueType, length 59604, version 1.0
Hash e8a92a29978352517c450b9a800b06cb
f2da460d41f0a68bcab83ed33073bb57d2c38484
b82ad8fbcf9bf844726f648ef268b74f8c2f668f56eafd98b05703e086ff1d5b
GET /releases/v5.1.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:02 GMT
content-type: font/woff2
content-length: 59604
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "e8a92a29978352517c450b9a800b06cb"
last-modified: Fri, 22 Sep 2023 01:44:27 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 117125
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dqSR1bHuag%2BxVsDAngnS4rVpetz8mMYVk2g%2FteBNSHpe9uPkSqQg%2FR69%2Fsw97KYdoEB78ZrhqXH69Rs4fGdlfQc0kWKfH8fEQUjiixrv8fZpcwqxyL33uujhYQ299HS1HYofZvZH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92fbf3716acb56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=4732&min_rtt=460&rtt_var=6932&sent=25&recv=15&lost=0&retrans=2&sent_bytes=19232&recv_bytes=1401&delivery_rate=7063414&cwnd=249&unsent_bytes=0&cid=62ae8681494a7730&ts=1496&x=0"
X-Firefox-Spdy: h2
GET tzegilo.com/stattag.js
200 OK 18 kB IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjecttzegilo.com
FingerprintCB:95:E4:2C:B0:9E:53:93:29:36:BD:03:FB:B9:70:C9:D1:93:CA:49
ValidityWed, 19 Mar 2025 12:29:56 GMT - Tue, 17 Jun 2025 13:28:20 GMT
File type JavaScript source, ASCII text, with very long lines (17229)
Hash 01227f5edc20e0ff4ed643b27cb8bb68
d71a88f7341f2b1bdaa7deb9a66888607bd52598
75c91d86601e23ab56d872b31b42660f893fc6d6b0785e085c06c2c038e98fb2
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:07 GMT
content-type: application/javascript
last-modified: Thu, 11 Jul 2024 10:23:58 GMT
etag: W/"668fb2be-45d7"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3678
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5KZnN0XHrw6PXEfSXCO5oycP0r%2BrZwXrJ%2FeDY0OyMJk9Pdz85rtSHhzjm7rMdJQQtC%2FW1I%2FQB0lKMQVv7YCvVfhmgiLBTWqGXaEfJpp3p5bxIb64LsJ3xuwpq19KWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fbf38deaf6569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=678&min_rtt=525&rtt_var=286&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3198&recv_bytes=1067&delivery_rate=5484848&cwnd=254&unsent_bytes=0&cid=2f61edd79049b667&ts=86&x=0"
X-Firefox-Spdy: h2
POST adsco.re/p
200 OK 1.2 kB IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerSectigo Limited
Subject*.adsco.re
Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT
File type ASCII text, with very long lines (1212), with no line terminators
Hash ad2788200a1f6b7d91b29148888aa3db
2a84a9b0d489eae317bc021779412bd0d1acf724
a5d5d6e212b9199b92aeff514c0c626d99c2eb83cb603a2206a25b6a01cb9167
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1697
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 13 Apr 2025 15:21:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK nyc123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Accept-CH: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
Access-Control-Allow-Origin: https://clickndownload.online
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
GET use.fontawesome.com/releases/v5.1.1/css/v4-shims.css
200 OK 27 kB URL GET use.fontawesome.com/releases/v5.1.1/css/v4-shims.css
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectuse.fontawesome.com
Fingerprint35:EC:02:D7:73:13:A8:D4:94:28:42:85:E4:B3:7F:06:4F:C4:1B:CE
ValidityThu, 06 Mar 2025 00:21:22 GMT - Wed, 04 Jun 2025 01:21:21 GMT
File type ASCII text, with very long lines (26508)
Hash 01727b5056f65c2ac938f5db4e552b10
a44b4f2f268d7fdd5fa700d8f1b71f6a85fb7c39
1458c65cd927c3e5bf35667665280eaaf849eef09ed217983334c5c8a78f6759
GET /releases/v5.1.1/css/v4-shims.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"01727b5056f65c2ac938f5db4e552b10"
last-modified: Fri, 22 Sep 2023 01:44:26 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 121006
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GMOvmRhhsp0%2FZv2lRocWjuAOgC54J81xW6ScGCJdX7xr9Ymq2vQFGylMnB3c5aDHmr644HPr3%2FFRubd9b5H3UkewvprnKRB9HxVAxnyvcLB45Ir35hlS1YSPWQBN3FmUtEpuLdes"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92fbf3698ebd56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=3694&min_rtt=460&rtt_var=6474&sent=18&recv=13&lost=0&retrans=1&sent_bytes=14443&recv_bytes=1184&delivery_rate=7063414&cwnd=249&unsent_bytes=0&cid=62ae8681494a7730&ts=237&x=0"
X-Firefox-Spdy: h2
GET clickndownload.online/js/jquery.cookie.js
200 OK 3.1 kB URL GET clickndownload.online/js/jquery.cookie.js
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type JavaScript source, ASCII text
Hash ff14e4812b7f512e620b1ad35542bcfc
c40c5f777e7a2f63e7b731b3cdb1fe9c806b23ae
c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96
GET /js/jquery.cookie.js HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Cookie: aff=35143
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gbrCfu2Gy%2B7F5JtO1ITfJ2Mp4i9dbA9dkWI51PskoRm1r22kk%2B60QdF2UF78wmB%2FxziRguZ%2BJMvFGEGEswsKmWHE3BrGMTwNeErJ91kaz22Yw7ZCDk9K2lAyzARF9ufIV%2FtKLjOqdrI%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:18:27 GMT
etag: W/"c31-59e959d202ac0"
cache-control: max-age=14400
cf-cache-status: HIT
age: 142
content-encoding: br
cf-ray: 92fbf367da80569c-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=1363&x=16"
POST tljgju7kh6ma.s4.adsco.re/
200 OK 0 B URL POST tljgju7kh6ma.s4.adsco.re/
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subject*.s4.adsco.re
FingerprintAD:9A:D5:4E:EA:13:2E:6A:D5:FD:16:56:63:DB:12:C7:26:B4:8C:D5
ValidityWed, 19 Mar 2025 09:14:11 GMT - Tue, 17 Jun 2025 09:14:10 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tljgju7kh6ma.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:10 GMT
content-type: text/html
content-length: 0
last-modified: Tue, 03 Oct 2023 13:29:59 GMT
etag: "651c1757-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
GET ptichoolsougn.net/impression/ggiB3KRfyyB4VYL8b_AYIc0cLifqD7k5BrNXtmRcOLXoEmemzh7awtzgP0VrRu7UsDHHfuBeLhwQjlfQfVmD6Gx7BuYUpBbnT7b-gsMTZDGeAPiNJlh2h_S7swWmaOk5huhJx9DOlxr5ZOj-9ugiM5BCI8hLG8uH4ToDRUdbsbjSPuZUm1s_QwXA1g64eTCwZXA2P-ZaOHhkZon377PuhclE2S2bRPYnKa5PgOlJfLU6K2MyrWZ-Zr1FqjTfKMG2hqbV5d2owbCn6ihrR42qqtytHH4l101RlwSwG3y73wxS4f5LN2EfCB-KOMr2xIz2HjPTwlcJe8KGBBvWqxycHHKVq1XnCk7Fd-0_DrTDahp8SNi7iJdbZGYsC8x5bsngTCYcWH7ZfTeuKPwmKI9cXk8waWLQIa7ST8iABsq4kkPmwn7HQx8f9NlwYuZ18hrEELIqZBWLHfvRz_NUCVDoR1CeLtrTMWEFR1MTfI64MDN-htCFtMoDCIxNfmEpK4VfR8-4xDgwPGBwufZqkXKZT7xdudjlRy2GFjSLhNMBxpRu_h0QiMwG0r5WrTOx3fgsX5nz0cULo_Qagl3ajKYdxoGd1CHpsMaHIE1HJQ==?_z=9192472&js_build=8&sw_version=v1.602.0&dmn=ptichoolsougn.net&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fclickndownload.online%2Fyjaj91uu4z9s%2FMors_Perfectionist_v1.0.0_WiN_OSX.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1
200 OK 43 B URL GET ptichoolsougn.net/impression/ggiB3KRfyyB4VYL8b_AYIc0cLifqD7k5BrNXtmRcOLXoEmemzh7awtzgP0VrRu7UsDHHfuBeLhwQjlfQfVmD6Gx7BuYUpBbnT7b-gsMTZDGeAPiNJlh2h_S7swWmaOk5huhJx9DOlxr5ZOj-9ugiM5BCI8hLG8uH4ToDRUdbsbjSPuZUm1s_QwXA1g64eTCwZXA2P-ZaOHhkZon377PuhclE2S2bRPYnKa5PgOlJfLU6K2MyrWZ-Zr1FqjTfKMG2hqbV5d2owbCn6ihrR42qqtytHH4l101RlwSwG3y73wxS4f5LN2EfCB-KOMr2xIz2HjPTwlcJe8KGBBvWqxycHHKVq1XnCk7Fd-0_DrTDahp8SNi7iJdbZGYsC8x5bsngTCYcWH7ZfTeuKPwmKI9cXk8waWLQIa7ST8iABsq4kkPmwn7HQx8f9NlwYuZ18hrEELIqZBWLHfvRz_NUCVDoR1CeLtrTMWEFR1MTfI64MDN-htCFtMoDCIxNfmEpK4VfR8-4xDgwPGBwufZqkXKZT7xdudjlRy2GFjSLhNMBxpRu_h0QiMwG0r5WrTOx3fgsX5nz0cULo_Qagl3ajKYdxoGd1CHpsMaHIE1HJQ==?_z=9192472&js_build=8&sw_version=v1.602.0&dmn=ptichoolsougn.net&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fclickndownload.online%2Fyjaj91uu4z9s%2FMors_Perfectionist_v1.0.0_WiN_OSX.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectptichoolsougn.net
FingerprintF4:5D:DD:00:D2:EC:3C:35:5A:52:DF:26:72:E6:B9:53:14:B8:5F:5F
ValidityFri, 14 Feb 2025 05:26:11 GMT - Thu, 15 May 2025 05:26:10 GMT
File type GIF image data, version 89a, 1 x 1
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /impression/ggiB3KRfyyB4VYL8b_AYIc0cLifqD7k5BrNXtmRcOLXoEmemzh7awtzgP0VrRu7UsDHHfuBeLhwQjlfQfVmD6Gx7BuYUpBbnT7b-gsMTZDGeAPiNJlh2h_S7swWmaOk5huhJx9DOlxr5ZOj-9ugiM5BCI8hLG8uH4ToDRUdbsbjSPuZUm1s_QwXA1g64eTCwZXA2P-ZaOHhkZon377PuhclE2S2bRPYnKa5PgOlJfLU6K2MyrWZ-Zr1FqjTfKMG2hqbV5d2owbCn6ihrR42qqtytHH4l101RlwSwG3y73wxS4f5LN2EfCB-KOMr2xIz2HjPTwlcJe8KGBBvWqxycHHKVq1XnCk7Fd-0_DrTDahp8SNi7iJdbZGYsC8x5bsngTCYcWH7ZfTeuKPwmKI9cXk8waWLQIa7ST8iABsq4kkPmwn7HQx8f9NlwYuZ18hrEELIqZBWLHfvRz_NUCVDoR1CeLtrTMWEFR1MTfI64MDN-htCFtMoDCIxNfmEpK4VfR8-4xDgwPGBwufZqkXKZT7xdudjlRy2GFjSLhNMBxpRu_h0QiMwG0r5WrTOx3fgsX5nz0cULo_Qagl3ajKYdxoGd1CHpsMaHIE1HJQ==?_z=9192472&js_build=8&sw_version=v1.602.0&dmn=ptichoolsougn.net&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fclickndownload.online%2Fyjaj91uu4z9s%2FMors_Perfectionist_v1.0.0_WiN_OSX.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1 HTTP/1.1
Host: ptichoolsougn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Cookie: OAID=0801aa91f31741f4e66aed105301fdaf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 13 Apr 2025 15:21:10 GMT
content-type: image/gif
content-length: 43
x-trace-id: a3280c0b4639f05958af3f01155d3243
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
GET blockadsnot.com/qvpmlpsucvdxrwhcbkx?YVIUOuBN=BQOCAAAAAAAACZUAAvakHLUg6FGJs-UrNtS5-tKDfImGfmKvpM9NGDwKfoWgaMvBrwMo9poWHqFAOxJ-DShQUCtPKOCPt8V5TvqRBgiBJ44LYO0Qr394rzj5PQ_FhCtNTN48iqJ_fv4ecDKGG6pF_iRLEwfmQakgUpuMPk8KGkwhoVhG3pAVLoSZpZNj3fi6msQlWTISpUVMcj2eKbF2TK1Ou_spNOP5nl2FaqvGGZ06Gsrc8e8QqdsvltWDjb39romMnzJBea3U2uk7pm75iV3C38oT9PNs1qMhDzioySgPTmyAuYOXnYCZK1gQooYSiUCIQvEsurbmTkgPy3llkXAjklke1iSqK76jaHSEk9QOnF9u_sVVsU9cET_x4Y19X6SRr1gNVW_T5tN_8PopXPvltZK8CJpxtJamglD5806piXla74FHjQH2SmIVMpsQN2bXUwFiWWw71zEQvthudrH8tI39FMUAWLdO2NIEVes4J_fUokwDKltWy-6ScTmA_AZ7pbFZV9qoVVdBxPZgqiWnMLjEKzk98VdcnAIGZOqfyr7Le6GrAwfM1MkYiYtXUeVd-4sRM7i81TJkopEv-Uk8Af0kbgSHSbEonckBt4IAaKXdUyXMjy8cDlTg-vyEegajmF3-JulM2NGv4Fyd5IpxJP6mvQW7Y59L7QCLUjkhc_bu3apVa9ZTav94Iu-9Hj6SsSmcBiO8DmwOY4S2szp4Oo0rgFSB9kkz72JjHQ_KEgvdQNVeeIquX5-6GgL3glAJKL47u8Y-Ls_zT4dHG9rkBJ90_pb649rerFrv1_jnCgtWmE91QNDaOsVP5tHWP21doNIY2IIc5OP0j0mtpPAYB56hTORa3YSl2AMCoafOywC8m_cW3NA03ZJGg-X8ScwNNpdxmYzempDQJtjkw7zjUs835q-ch70hNZVFLcUeS6VdzCskCqjAwfyYDTqTbnL8vcFN-WYuMceAuAid4a-bvnlkBdrDnRDI9W6maqHM-ShJIBe4QdZZMhtuuV27DE322Zggggr7TAVqdDlg9HPF8QUZmOtPw7PVv0CTiMyY9RzeRvOJhxJ5gceXa-xWjvAqO2dqb851qWpULeIZfjEPcVnP0ZnVYcyeaGKAgbaNrYAhQpNjTUnmKEqf_8fk093LnJ-4XA2DZilFpaXUnSsJNub3KnUwHKpRyJX4IOIZcLRMMeh3A2a-7ALL&HPMaApDr=4&dxXsgAOH=5187423&qstvEIUx=&RgrKpBqP=0,0&rvFyKpRD=&bRoAzFlX=&s=1280,1024,1,1280,1024,0
200 OK 44 B URL GET blockadsnot.com/qvpmlpsucvdxrwhcbkx?YVIUOuBN=BQOCAAAAAAAACZUAAvakHLUg6FGJs-UrNtS5-tKDfImGfmKvpM9NGDwKfoWgaMvBrwMo9poWHqFAOxJ-DShQUCtPKOCPt8V5TvqRBgiBJ44LYO0Qr394rzj5PQ_FhCtNTN48iqJ_fv4ecDKGG6pF_iRLEwfmQakgUpuMPk8KGkwhoVhG3pAVLoSZpZNj3fi6msQlWTISpUVMcj2eKbF2TK1Ou_spNOP5nl2FaqvGGZ06Gsrc8e8QqdsvltWDjb39romMnzJBea3U2uk7pm75iV3C38oT9PNs1qMhDzioySgPTmyAuYOXnYCZK1gQooYSiUCIQvEsurbmTkgPy3llkXAjklke1iSqK76jaHSEk9QOnF9u_sVVsU9cET_x4Y19X6SRr1gNVW_T5tN_8PopXPvltZK8CJpxtJamglD5806piXla74FHjQH2SmIVMpsQN2bXUwFiWWw71zEQvthudrH8tI39FMUAWLdO2NIEVes4J_fUokwDKltWy-6ScTmA_AZ7pbFZV9qoVVdBxPZgqiWnMLjEKzk98VdcnAIGZOqfyr7Le6GrAwfM1MkYiYtXUeVd-4sRM7i81TJkopEv-Uk8Af0kbgSHSbEonckBt4IAaKXdUyXMjy8cDlTg-vyEegajmF3-JulM2NGv4Fyd5IpxJP6mvQW7Y59L7QCLUjkhc_bu3apVa9ZTav94Iu-9Hj6SsSmcBiO8DmwOY4S2szp4Oo0rgFSB9kkz72JjHQ_KEgvdQNVeeIquX5-6GgL3glAJKL47u8Y-Ls_zT4dHG9rkBJ90_pb649rerFrv1_jnCgtWmE91QNDaOsVP5tHWP21doNIY2IIc5OP0j0mtpPAYB56hTORa3YSl2AMCoafOywC8m_cW3NA03ZJGg-X8ScwNNpdxmYzempDQJtjkw7zjUs835q-ch70hNZVFLcUeS6VdzCskCqjAwfyYDTqTbnL8vcFN-WYuMceAuAid4a-bvnlkBdrDnRDI9W6maqHM-ShJIBe4QdZZMhtuuV27DE322Zggggr7TAVqdDlg9HPF8QUZmOtPw7PVv0CTiMyY9RzeRvOJhxJ5gceXa-xWjvAqO2dqb851qWpULeIZfjEPcVnP0ZnVYcyeaGKAgbaNrYAhQpNjTUnmKEqf_8fk093LnJ-4XA2DZilFpaXUnSsJNub3KnUwHKpRyJX4IOIZcLRMMeh3A2a-7ALL&HPMaApDr=4&dxXsgAOH=5187423&qstvEIUx=&RgrKpBqP=0,0&rvFyKpRD=&bRoAzFlX=&s=1280,1024,1,1280,1024,0
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerSectigo Limited
Subjectblockadsnot.com
Fingerprint08:5E:F7:F5:F7:1E:CA:E8:7E:0B:56:16:C6:57:A9:7B:FA:BF:73:41
ValidityWed, 11 Sep 2024 00:00:00 GMT - Sat, 19 Apr 2025 23:59:59 GMT
File type ASCII text, with no line terminators
Hash d5f0a25e4d3522d56d48ce7bc3e518fb
86794caff58f7fee6e684c2ba7195f970a8d6f4c
9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
GET /qvpmlpsucvdxrwhcbkx?YVIUOuBN=BQOCAAAAAAAACZUAAvakHLUg6FGJs-UrNtS5-tKDfImGfmKvpM9NGDwKfoWgaMvBrwMo9poWHqFAOxJ-DShQUCtPKOCPt8V5TvqRBgiBJ44LYO0Qr394rzj5PQ_FhCtNTN48iqJ_fv4ecDKGG6pF_iRLEwfmQakgUpuMPk8KGkwhoVhG3pAVLoSZpZNj3fi6msQlWTISpUVMcj2eKbF2TK1Ou_spNOP5nl2FaqvGGZ06Gsrc8e8QqdsvltWDjb39romMnzJBea3U2uk7pm75iV3C38oT9PNs1qMhDzioySgPTmyAuYOXnYCZK1gQooYSiUCIQvEsurbmTkgPy3llkXAjklke1iSqK76jaHSEk9QOnF9u_sVVsU9cET_x4Y19X6SRr1gNVW_T5tN_8PopXPvltZK8CJpxtJamglD5806piXla74FHjQH2SmIVMpsQN2bXUwFiWWw71zEQvthudrH8tI39FMUAWLdO2NIEVes4J_fUokwDKltWy-6ScTmA_AZ7pbFZV9qoVVdBxPZgqiWnMLjEKzk98VdcnAIGZOqfyr7Le6GrAwfM1MkYiYtXUeVd-4sRM7i81TJkopEv-Uk8Af0kbgSHSbEonckBt4IAaKXdUyXMjy8cDlTg-vyEegajmF3-JulM2NGv4Fyd5IpxJP6mvQW7Y59L7QCLUjkhc_bu3apVa9ZTav94Iu-9Hj6SsSmcBiO8DmwOY4S2szp4Oo0rgFSB9kkz72JjHQ_KEgvdQNVeeIquX5-6GgL3glAJKL47u8Y-Ls_zT4dHG9rkBJ90_pb649rerFrv1_jnCgtWmE91QNDaOsVP5tHWP21doNIY2IIc5OP0j0mtpPAYB56hTORa3YSl2AMCoafOywC8m_cW3NA03ZJGg-X8ScwNNpdxmYzempDQJtjkw7zjUs835q-ch70hNZVFLcUeS6VdzCskCqjAwfyYDTqTbnL8vcFN-WYuMceAuAid4a-bvnlkBdrDnRDI9W6maqHM-ShJIBe4QdZZMhtuuV27DE322Zggggr7TAVqdDlg9HPF8QUZmOtPw7PVv0CTiMyY9RzeRvOJhxJ5gceXa-xWjvAqO2dqb851qWpULeIZfjEPcVnP0ZnVYcyeaGKAgbaNrYAhQpNjTUnmKEqf_8fk093LnJ-4XA2DZilFpaXUnSsJNub3KnUwHKpRyJX4IOIZcLRMMeh3A2a-7ALL&HPMaApDr=4&dxXsgAOH=5187423&qstvEIUx=&RgrKpBqP=0,0&rvFyKpRD=&bRoAzFlX=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: blockadsnot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
popads-node: wb3
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Sun, 13 Apr 2025 15:21:12 GMT
X-Firefox-Spdy: h2
GET my.rtmark.net/gid.js
200 OK 65 B IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectmy.rtmark.net
Fingerprint03:52:6A:BD:35:83:43:81:AF:25:BB:A3:26:97:D1:78:25:73:A4:C9
ValidityTue, 04 Mar 2025 10:39:32 GMT - Mon, 02 Jun 2025 11:39:29 GMT
Hash 48c8ab5b821c71f4b0da336762d3eb57
f3bc5b54738fc0165ed1d8a3883e8a8ce3dc7859
c180e0bbf4427fa6db8cb62de7030a11e64d153d13908185717cbbfba6104e4b
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:04 GMT
content-type: application/json; charset=utf-8
access-control-allow-origin: https://clickndownload.online
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0801aa91f31741f4e66aed105301fdaf; expires=Mon, 13 Apr 2026 15:21:04 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 92fbf37908afb509-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET oomaugnaps.net/www/images/85967e0f010711cbe771143036121ac0.jpg
200 OK 14 kB URL GET oomaugnaps.net/www/images/85967e0f010711cbe771143036121ac0.jpg
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectoomaugnaps.net
Fingerprint46:88:55:C4:EF:5C:FE:BC:C8:46:42:24:45:00:00:E8:EE:C9:D7:BA
ValiditySat, 22 Mar 2025 09:39:52 GMT - Fri, 20 Jun 2025 10:37:28 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Hash 85967e0f010711cbe771143036121ac0
c0bf36cff3d4142c7d498e59a22774918a698c8e
44566fd05f47e8bff3b38d81b468647612482ccdb2b003cf7f9e74ea90f2c389
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /www/images/85967e0f010711cbe771143036121ac0.jpg HTTP/1.1
Host: oomaugnaps.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:09 GMT
content-type: image/jpeg
content-length: 14424
last-modified: Thu, 20 Mar 2025 03:16:49 GMT
etag: "67db88a1-3858"
expires: Mon, 14 Apr 2025 06:55:53 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 30316
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GN35cJrL%2FOaVViCfBV9km9ouYhaPiHiMN16Bs7iARd2ugmTkxUA66ARhXWLi%2FrXzKMl08QxHPXJij14h2axQRRFbLrS4oOiIQ559d6s67HJp6bK5y7bPMwa%2FHhlkmuTqtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fbf39ad81cb517-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=680&min_rtt=525&rtt_var=228&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3207&recv_bytes=1111&delivery_rate=6724458&cwnd=254&unsent_bytes=0&cid=abbc535287753a82&ts=42&x=0"
X-Firefox-Spdy: h2
POST tljgju7kh6ma.n4.adsco.re/
200 OK 0 B URL POST tljgju7kh6ma.n4.adsco.re/
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subject*.n4.adsco.re
Fingerprint12:C2:74:6D:C8:48:4B:6D:CC:7C:C2:90:BC:AE:82:54:E9:DD:F0:C5
ValidityWed, 19 Mar 2025 09:14:09 GMT - Tue, 17 Jun 2025 09:14:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: tljgju7kh6ma.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:10 GMT
content-type: text/html
content-length: 0
last-modified: Fri, 16 Jun 2023 08:37:42 GMT
etag: "648c1f56-0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
accept-ranges: bytes
X-Firefox-Spdy: h2
GET ptichoolsougn.net/500/9192472?excludes=&oaid=0801aa91f31741f4e66aed105301fdaf&var=&ymid=&js_build=8&sw_version=v1.602.0&dmn=ptichoolsougn.net&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fclickndownload.online%2Fyjaj91uu4z9s%2FMors_Perfectionist_v1.0.0_WiN_OSX.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1
200 OK 1.3 kB URL GET ptichoolsougn.net/500/9192472?excludes=&oaid=0801aa91f31741f4e66aed105301fdaf&var=&ymid=&js_build=8&sw_version=v1.602.0&dmn=ptichoolsougn.net&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fclickndownload.online%2Fyjaj91uu4z9s%2FMors_Perfectionist_v1.0.0_WiN_OSX.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectptichoolsougn.net
FingerprintF4:5D:DD:00:D2:EC:3C:35:5A:52:DF:26:72:E6:B9:53:14:B8:5F:5F
ValidityFri, 14 Feb 2025 05:26:11 GMT - Thu, 15 May 2025 05:26:10 GMT
Hash 21e9fc6fbed60f2c64d6ef37aef97e39
7624e0c80fdf0a8cf1254ea6bdb4a71af5c7539c
ee04746aa6836c475c5bc3906a74d51912f13e15a63b1984bf894949d435d3bf
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /500/9192472?excludes=&oaid=0801aa91f31741f4e66aed105301fdaf&var=&ymid=&js_build=8&sw_version=v1.602.0&dmn=ptichoolsougn.net&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fclickndownload.online%2Fyjaj91uu4z9s%2FMors_Perfectionist_v1.0.0_WiN_OSX.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1 HTTP/1.1
Host: ptichoolsougn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Cookie: OAID=0301aad22cdd4a12ec9b8d76a87a904c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 13 Apr 2025 15:21:08 GMT
content-type: application/javascript
x-trace-id: 2c912af2de162ba1916856ce3ac1d183
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://clickndownload.online
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
set-cookie: OAID=0801aa91f31741f4e66aed105301fdaf; expires=Mon, 13 Apr 2026 15:21:08 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
GET c.adsco.re/#0.6321590903809557
200 OK 79 kB URL GET c.adsco.re/#0.6321590903809557
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerSectigo Limited
Subject*.adsco.re
Fingerprint3B:64:1C:DA:8C:64:22:01:36:0F:54:7A:99:6E:AD:26:C2:EF:59:8B
ValidityMon, 23 Sep 2024 00:00:00 GMT - Mon, 29 Sep 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (689)
Hash f0e71ebb1e2c90b307c171052ca517d0
1a1950b1868c0bfb8629f6f81b81439160727a79
adbce95b9ac0da66ea3a1d707494d9c74876e1c9186c446b4b5a22d15adc1ee5
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:09 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Wed, 14 May 2025 15:21:09 GMT
etag: W/"8Oceux4skLMHwXEFLKUX0A=="
content-encoding: gzip
cf-cache-status: HIT
age: 219227
priority: u=4,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fbf39a7c055694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET kn.healfultwifold.com/sMfqcVrJWPBPwz8y/116803
200 OK 6 B URL GET kn.healfultwifold.com/sMfqcVrJWPBPwz8y/116803
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectkn.healfultwifold.com
Fingerprint70:4B:22:7F:43:A6:34:29:71:CA:98:8C:33:FE:3E:C4:24:28:12:D6
ValiditySun, 09 Feb 2025 09:20:28 GMT - Sat, 10 May 2025 09:20:27 GMT
File type ASCII text, with no line terminators
Hash 4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sMfqcVrJWPBPwz8y/116803 HTTP/1.1
Host: kn.healfultwifold.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 13 Apr 2025 15:21:02 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 6
Connection: keep-alive
Keep-Alive: timeout=20
Vary: Origin
Access-Control-Expose-Headers: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Megageocheckolololo, X-Forwarded-For, X-Requested-With, Cache-Control, Pragma, Expires
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, OPTIONS
Set-Cookie: GGI10=G/IAAASeD7dNK/dmKv8IjKne3vVF23LHD4p/239bRbcCCoMg63NMJOcmHtdgLENcdVb9C/8fcU22F4TMszPXDn3bi0JM1sszQtMiPRle3iuF+nW+PadvTJQWghuEE2erh7OxP8CGug0ouFXNMz9sX8bofOhPVVBMTsv72LAiF5aGU46qKWF8uZ1fb+RKCE0MoKV13JEH4pvoZXocf6ywyRddqbWmm1R6/v8=; max-age=3600000; path=/; secure; SameSite=None
GUI4=G9kDAMRQnU1rdNODldiBgqv9J4LR4ZIpRP//vdPfGiAhh/bGvK81pv6iBLaFAYf/eEDZX79sWlES23jH+ZnyC+h/BfcJugQcr2a+Spl4kUudh1pyfvtxGHXpyfm/6l14csbpWPecBaFLH52XIrsbrw2DlBknEdqjUJCtRLH8CRyMHXaHMPIPNMwOiZ+mh90uoml0oMyPyjICQTQG4AssrYMjjlUQfJtTBUeItkBwbYRr+RbFh1BcDk3R9gfOzTdwgECZvJCvansmZmiKWl9FJ0o0tR7RxpKbqSssCJHIVSOPXozMBcX7RmAaOTRuJ+OS7oiHZeWjuObgDENbRRhprx44SQdVi1x8coQULb+KJJ+cg8YxSJfe2lt5pbe17j1KUAAe5e08pTanGtSQH0hQzmwxlVQWvOOf0RqLdTeC7NL5yqNz7YU9l5kbLmS5vodMb6hJTYSEJFraaKuNkmSsCzVtpYasataQshbbfhA7mt1FZBkjR1aKvqhnvC4B8R8QjEMeHmg1RWyNShIFiNqVuHpJ1PLMsq6ivmeuWhIsnYWrr5ZepTS7mSz9Z5CkaE2cpSs7KVG7B500yYXKCt02; max-age=3600000; path=/; secure; SameSite=None
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
GET www.blockadsnot.com/zreact.production.min.css
200 OK 37 kB URL GET www.blockadsnot.com/zreact.production.min.css
IP
ASN #60068 Datacamp Limited
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subject1158060716.rsc.cdn77.org
FingerprintEB:1D:D2:4F:13:9E:70:F8:65:27:E2:FC:9A:E0:74:75:A7:D3:24:DA
ValidityTue, 04 Feb 2025 22:53:07 GMT - Mon, 05 May 2025 22:53:06 GMT
File type JavaScript source, ASCII text, with very long lines (1568)
Hash 2130a5ca6c5930cfd26298bafd9090dd
a09633243600eea59a9426a53d15df003fd96875
5226ccd6a1fff04792e8505896e2eb0d530e9f889e2fdd23f2786ab323439238
GET /zreact.production.min.css HTTP/1.1
Host: www.blockadsnot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:03 GMT
content-type: application/x-javascript
popads-node: wb2
expires: Sat, 19 Apr 2025 11:35:54 GMT
access-control-allow-origin: https://clickndownload.online
link: <https://blockadsnot.com/>;rel=preconnect
cache-control: public, max-age=604800
x-77-nzt: EwwBX63NDQH3RTQBAAwBuUwKCQH381EAAAwBJRPCLgG3DQAAAA
x-77-nzt-ray: 2a494a157cf90ebe84d6fb67c6b6e717
x-77-cache: HIT
x-77-age: 78917
vary: Accept-Encoding, Origin
content-encoding: gzip
server: CDN77-Turbo
x-77-pop: osloNO
X-Firefox-Spdy: h2
OPTIONS ptichoolsougn.net/500/9192472?excludes=&oaid=0801aa91f31741f4e66aed105301fdaf&var=&ymid=&js_build=8&sw_version=v1.602.0&dmn=ptichoolsougn.net&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fclickndownload.online%2Fyjaj91uu4z9s%2FMors_Perfectionist_v1.0.0_WiN_OSX.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1
200 OK 0 B URL OPTIONS ptichoolsougn.net/500/9192472?excludes=&oaid=0801aa91f31741f4e66aed105301fdaf&var=&ymid=&js_build=8&sw_version=v1.602.0&dmn=ptichoolsougn.net&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fclickndownload.online%2Fyjaj91uu4z9s%2FMors_Perfectionist_v1.0.0_WiN_OSX.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectptichoolsougn.net
FingerprintF4:5D:DD:00:D2:EC:3C:35:5A:52:DF:26:72:E6:B9:53:14:B8:5F:5F
ValidityFri, 14 Feb 2025 05:26:11 GMT - Thu, 15 May 2025 05:26:10 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /500/9192472?excludes=&oaid=0801aa91f31741f4e66aed105301fdaf&var=&ymid=&js_build=8&sw_version=v1.602.0&dmn=ptichoolsougn.net&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=2&pl=https%3A%2F%2Fclickndownload.online%2Fyjaj91uu4z9s%2FMors_Perfectionist_v1.0.0_WiN_OSX.rar&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&jsp=1 HTTP/1.1
Host: ptichoolsougn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://clickndownload.online/
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 13 Apr 2025 15:21:08 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://clickndownload.online
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
GET clickndownload.online/images_new/ico_support.png
200 OK 582 B URL GET clickndownload.online/images_new/ico_support.png
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type PNG image data, 18 x 14, 8-bit/color RGBA, non-interlaced
Hash 56939c60e9460aecb545fdd7e87a83bf
261218ad70531ed0fb66ab20429fe38b9bd75301
699fd60d3ddd379687c3b3e497db49ea4d28b7a9292cc7f09e3704990b56a0ba
GET /images_new/ico_support.png HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/css_new/style.css?r=1
Cookie: aff=35143
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:02 GMT
content-type: image/png
content-length: 582
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ppWJw%2BHsCmazNND4%2BQo5Gd%2FuDS9IGT84vU4gtr4%2B3q7JgLN1h6F9e6yKAhmTene60CvKrjNKJkZkGgio2YAp2sCwb9yhIEADJhdkpfoZUbDz19yN1z%2FsHGxUxPRQmrlehAVdRR7F5b4%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "246-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 592
accept-ranges: bytes
cf-ray: 92fbf3716b27569c-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=2893&x=16"
GET clickndownload.online/images_new/ico_signin.png
200 OK 491 B URL GET clickndownload.online/images_new/ico_signin.png
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type PNG image data, 16 x 15, 8-bit/color RGBA, non-interlaced
Hash eb6902fefa5b8570ff46ffcb645004ca
badf718d8d54d271294131f50c37978367b7c263
3d1458173a2dd8f3b5258fb0fca34a0942a88e0ace54757018653d83bc539822
GET /images_new/ico_signin.png HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/css_new/style.css?r=1
Cookie: aff=35143
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:02 GMT
content-type: image/png
content-length: 491
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JfGJoiDl0rqpwWkTSN7fbNHZQPrWWB1h2geGRX3eKDRMKdYa%2FK%2BJleK7x3q%2Fr%2F9knxM0duafYHPV%2F9DpFJp4S1M2cHmhWuIe0sCA3PsNK47VMfEihAX0nsIr%2BXsLTZ9x309ryu1ikhQ%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: "1eb-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 592
accept-ranges: bytes
cf-ray: 92fbf3716b29569c-OSL
server: cloudflare
vary: Accept-Encoding
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=2896&x=16"
GET ptichoolsougn.net/401/9192472
200 OK 144 kB URL GET ptichoolsougn.net/401/9192472
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectptichoolsougn.net
FingerprintF4:5D:DD:00:D2:EC:3C:35:5A:52:DF:26:72:E6:B9:53:14:B8:5F:5F
ValidityFri, 14 Feb 2025 05:26:11 GMT - Thu, 15 May 2025 05:26:10 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 144 kB (143664 bytes)
Hash 7e898df4b69447feed54899d865b5773
576bd6a81f6ca27fa4548bc669d2a83b6669c0cb
21fc931189c57151090cef7459f33e6812b658f7f79036aee0dea8e38596b2cb
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /401/9192472 HTTP/1.1
Host: ptichoolsougn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 13 Apr 2025 15:21:03 GMT
content-type: application/javascript
x-trace-id: 39c7a6715214eb452bb4bb0f5e7fa754
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
set-cookie: OAID=0301aad22cdd4a12ec9b8d76a87a904c; expires=Mon, 13 Apr 2026 15:21:03 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
POST fleraprt.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8270f7a5-724a-4f9b-afa4-5a5eeadc5872
200 OK 0 B URL POST fleraprt.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8270f7a5-724a-4f9b-afa4-5a5eeadc5872
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint23:5D:23:03:7B:8D:47:5A:E9:9C:E7:E0:5C:7E:E6:4F:A2:DC:B6:D0
ValidityWed, 11 Dec 2024 00:00:00 GMT - Sun, 11 Jan 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=8270f7a5-724a-4f9b-afa4-5a5eeadc5872 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 451
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.25.5
Date: Sun, 13 Apr 2025 15:21:10 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Origin: https://clickndownload.online
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
GET clickndownload.online/js/paging.js
200 OK 1.8 kB URL GET clickndownload.online/js/paging.js
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type HTML document, ASCII text
Hash 3686c6282d9c94c620e42508fb5d0e18
97c9a31b1f7946d5f3ba6a5047c95cf38456fa64
e1d4f21db649ec5795e70cb72e59fdec97af300c64b5d8abbc67f00688eb0ecd
GET /js/paging.js HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Cookie: aff=35143
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jBfJkQBSLCKoc3tA8tSc98UMTGYaPkNnKB9x5%2BgMU7eYH5bNX2gHxaeEVr5dByCvvqustmXYkwGUBwoisc0b2eHW4Ml3GViSRTKwwgBdpgJLS41ThChttQV86rvhfXehS8BMK5dQ39Y%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:18:25 GMT
etag: W/"739-59e959d01a640"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6145
content-encoding: br
cf-ray: 92fbf367da7f569c-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=1361&x=16"
GET madurird.com/tag.min.js
200 OK 103 kB IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subjectmadurird.com
Fingerprint91:68:A5:03:A0:08:C3:71:EB:3A:29:4C:CC:F9:5B:B6:92:51:DA:AE
ValidityWed, 29 Jan 2025 05:40:30 GMT - Tue, 29 Apr 2025 05:40:29 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 103 kB (102575 bytes)
Hash 096f6c686e98cb350158932fc04e7024
0fef0a909f5247cfbfb6be0e15d8bb04a2d73662
97f2e10255c8217c9e65584949304fda0e5059f8cfe4329b0b09e290fa1938ab
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /tag.min.js HTTP/1.1
Host: madurird.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 13 Apr 2025 15:21:02 GMT
content-type: application/javascript
x-trace-id: c57245507b03823338dfb79341b46470
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
GET clicknupload.click/images/buy_usdt.png
200 OK 6.9 kB URL GET clicknupload.click/images/buy_usdt.png
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclicknupload.click
Fingerprint59:08:1E:04:CC:07:3B:0D:51:09:88:8C:75:64:A3:7B:86:39:81:84
ValidityWed, 26 Mar 2025 22:26:58 GMT - Tue, 24 Jun 2025 23:24:29 GMT
File type PNG image data, 118 x 41, 8-bit/color RGB, non-interlaced
Hash 3fd19c831caa4992cc14d656a0cc9637
def2788ea1807eea1b78a80b203b215707867ce7
b8ccbb11f00ac5d936de77fa269413482c9a5b3ae4ab23b18157dcc231ac1266
GET /images/buy_usdt.png HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: image/png
content-length: 6855
last-modified: Sun, 23 Apr 2023 12:23:21 GMT
etag: "1ac7-5f9fff4b48040"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2600
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I0l900ajjmnGEME9ME0ODKFSIbk7d0ElCMaJs1Siul%2Fvp9VI71fw%2FT%2Flwwp3OlPnYiyFvbwEh2g9i%2B5N6tG32FQbXrfkISOJGbjNjDBSXeHZNLY%2B9lbvftx9ZsuXBO7R12ICfdc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fbf36a0d9f56c3-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=528&min_rtt=397&rtt_var=132&sent=18&recv=17&lost=0&retrans=0&sent_bytes=12276&recv_bytes=1636&delivery_rate=6906200&cwnd=245&unsent_bytes=0&cid=1a046cf3dc406f90&ts=288&x=0"
X-Firefox-Spdy: h2
GET unseenreport.com/pxf.gif?uuid=196d5e5a-cfd8-41c9-815c-a216e5301836&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=b25b1231b97c9a7eb7dff0e8949a5e8f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=15
200 OK 0 B URL GET unseenreport.com/pxf.gif?uuid=196d5e5a-cfd8-41c9-815c-a216e5301836&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=b25b1231b97c9a7eb7dff0e8949a5e8f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=15
IP
ASN #39572 DataWeb Global Group B.V.
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintE0:4C:2E:29:FF:E3:0A:E7:2C:96:4B:AD:13:1B:9D:AB:A0:91:35:A7
ValidityTue, 18 Mar 2025 22:26:47 GMT - Mon, 16 Jun 2025 22:26:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /pxf.gif?uuid=196d5e5a-cfd8-41c9-815c-a216e5301836&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=b25b1231b97c9a7eb7dff0e8949a5e8f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=15 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 13 Apr 2025 15:21:14 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: unseenreport.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 10201bbba2d04635b6b29e05dd5a6720
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains
GET clickndownload.online/js/jquery.paging.js
200 OK 19 kB URL GET clickndownload.online/js/jquery.paging.js
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclickndownload.online
Fingerprint15:F7:8F:94:1D:9E:F6:FF:59:FF:78:9A:82:51:7C:FF:C8:11:D6:6E
ValidityThu, 27 Mar 2025 01:00:47 GMT - Wed, 25 Jun 2025 01:59:28 GMT
File type JavaScript source, ASCII text
Hash d7a2c1c7af2a004a6d68e1e55b1cfb46
7fd6daa7076c30381880519ad06ef5639b19ee28
c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6
GET /js/jquery.paging.js HTTP/1.1
Host: clickndownload.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Cookie: aff=35143
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:01 GMT
content-type: application/javascript
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rH8ygDZqZmZcUEq9S911xvbawmd5rgDfg8Qdrm4ayCmybbihqu1EXaGpbTRLD9G8zAa64GRGHOcVhFYQGkLqg1SX5wtSUeMLm%2FW%2B1dp%2FXVI3anC1TdMQiNGyM03tmNcQ%2FYMi6CbKgNQ%3D"}],"group":"cf-nel","max_age":604800}
last-modified: Sat, 15 Feb 2020 04:17:26 GMT
etag: W/"4ba5-59e95997d6180"
cache-control: max-age=14400
cf-cache-status: HIT
age: 142
content-encoding: br
cf-ray: 92fbf367da81569c-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=9608&min_rtt=629&rtt_var=7450&sent=112&recv=171&lost=0&retrans=0&sent_bytes=9176&recv_bytes=10830&delivery_rate=1474&cwnd=12000&unsent_bytes=0&cid=dc5cfbc65b3bf0f9&ts=1364&x=16"
GET clicknupload.click/?op=sso
200 OK 30 B URL GET clicknupload.click/?op=sso
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerGoogle Trust Services
Subjectclicknupload.click
Fingerprint59:08:1E:04:CC:07:3B:0D:51:09:88:8C:75:64:A3:7B:86:39:81:84
ValidityWed, 26 Mar 2025 22:26:58 GMT - Tue, 24 Jun 2025 23:24:29 GMT
Hash c5211db7f02c6e3531481dc39a027683
6fa951f3ad980a81a05099772e667d83af31e962
5ed798f3c72a867abfc7c5e46d413723dc7d96ca5b37b62eb2950030a9d0577c
GET /?op=sso HTTP/1.1
Host: clicknupload.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clickndownload.online/
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 13 Apr 2025 15:21:03 GMT
content-type: application/json
access-control-allow-origin: https://clickndownload.online
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M%2B5lFmBxu29JyfjjB6NaANF8tRPs9lhhZKkCk6lp8GJ0wAwm7aPHhwWG5EbAA8lUWb9vcBr2csPcbZqzZgo0O%2BKiJPVwqZ11zzphKlchv3FbukLonZBwCoqsWoTiuF%2B%2Fush%2Fvrs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92fbf3712b8656c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=7460&min_rtt=6512&rtt_var=3119&sent=13&recv=8&lost=0&retrans=0&sent_bytes=4167&recv_bytes=1210&delivery_rate=91214&cwnd=12000&unsent_bytes=0&cid=557ac77d48914835&ts=978&x=1", cfExtPri, cfHdrFlush;dur=0
GET experttrafficcounter.com/stats
200 OK 40 B URL GET experttrafficcounter.com/stats
IP
Requested by https://clickndownload.online/yjaj91uu4z9s/Mors_Perfectionist_v1.0.0_WiN_OSX.rar
Certificate IssuerAmazon
Subjectexperttrafficcounter.com
FingerprintEE:A0:89:D0:CF:A2:E2:EC:50:6D:6C:20:D2:5A:BB:B9:8C:6E:3F:CC
ValidityThu, 23 Jan 2025 00:00:00 GMT - Sat, 21 Feb 2026 23:59:59 GMT
File type ASCII text, with no line terminators
Hash 43573d76fe0bece38b58c5f989867f6d
45658600a1094f00a7f3267efa4b457a717ea1a3
09670009827af9a85568b96639d76b356e76105d3b3e3f5517c453a253b2ea10
GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://clickndownload.online
DNT: 1
Connection: keep-alive
Referer: https://clickndownload.online/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 13 Apr 2025 15:21:03 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://clickndownload.online
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=196d5e5a-cfd8-41c9-815c-a216e5301836:1:1; expires=Wed, 11 Apr 2035 15:21:03 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
104.21.1.31
185.200.118.62
185.200.116.60
23.109.170.227
192.243.59.13
3.123.168.64
151.101.194.137
95.173.205.14
0.0.0.0