Report - sokroflix.top.atlaq.com/

Report Overview

Visited public
2023-11-12 09:52:41
Tags
URL
sokroflix.top.atlaq.com/
Finishing URL
sokroflix.top.atlaq.com/
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
SOKROFLIX | VOIR FILM et SERIE STREAMING HD Gratuit Sans Inscription

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
3verhigher.com	unknown	2015-06-08	2015-06-09 18:00:48	2023-09-17 17:46:56	388 B	596 B	103.255.250.152
www.google.no	25607	2001-02-26	2016-04-05 21:50:59	2023-11-12 06:09:45	579 B	578 B	216.58.207.227
itweepinbelltor.com	116495	2021-08-11	2021-08-11 13:34:00	2023-11-11 12:45:04	5.1 kB	103 kB	139.45.197.250
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-11-12 05:10:34	1.1 kB	1.5 kB	139.45.195.8
i0.wp.com	3021	1997-03-28	2013-09-17 08:14:42	2023-11-11 19:14:50	500 B	2.1 kB	192.0.77.2
t1.gstatic.com	unknown	2008-02-11	2013-05-07 00:57:20	2023-11-12 03:46:46	514 B	1.0 kB	142.250.74.36
520vr.cn	unknown	2021-03-10	2021-03-11 10:23:33	2023-09-01 11:39:16	798 B	9.1 kB	119.28.77.41
sokroflix.top	unknown	unknown	No data	No data	494 B	120 B	91.195.240.117
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2023-11-11 05:13:21	1.0 kB	1.0 kB	139.45.197.250
52cad.com	unknown	2011-06-28	2014-03-10 18:50:30	2023-07-20 08:16:27	383 B	4.5 kB	47.100.112.247
sokroflix.top.atlaq.com	unknown	unknown	No data	No data	1.4 kB	52 kB	188.114.97.1
60517.xyz	unknown	2022-03-01	2016-11-08 15:23:34	2023-09-23 04:37:51	383 B	286 B	23.225.205.13
www.3verhigher.com	unknown	2015-06-08	2016-01-14 05:10:46	2023-09-17 17:46:56	434 B	828 B	103.255.250.152
whulsaux.com	unknown	2023-01-04	2023-01-04 17:10:35	2023-11-11 18:24:56	2.0 kB	34 kB	139.45.197.244
preview.atlaq.com	unknown	2019-04-07	2023-10-16 11:41:32	2023-11-08 01:12:22	486 B	44 kB	188.114.96.1
5gsg.net	unknown	2020-04-23	2020-05-03 15:28:51	2023-11-03 06:35:21	382 B	611 B	75.98.175.95
traffic.alexa.com	381412	1996-07-17	2012-05-20 23:46:11	2021-05-14 12:40:47	986 B	0 B	0.0.0.0
region1.analytics.google.com	unknown	1997-09-15	2022-03-17 12:26:33	2023-11-11 20:47:23	813 B	456 B	216.239.32.36
atlaq.com	460385	2019-04-07	2019-04-10 14:32:55	2023-11-09 11:42:20	866 B	223 kB	188.114.97.1
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-12 06:29:52	884 B	319 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-12 09:52:26	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-12	medium	whulsaux.com	Sinkholed
2023-11-12	medium	amunfezanttor.com	Sinkholed
2023-11-12	medium	whulsaux.com	Sinkholed
2023-11-12	medium	amunfezanttor.com	Sinkholed
2023-11-12	medium	whulsaux.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	itweepinbelltor.com/pfe/current/tag.min.js?z=5490114	13 kB	2023-11-02 10:05	2024-08-20 21:23
Pretty URL itweepinbelltor.com/pfe/current/tag.min.js?z=5490114 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2697 Hash 258578af3c107ccb907f73c3a2f4c25f 7a192edea829968fb7f57f2a2fc4cb5b612598be 1f945c9c46c47a2b0e867b0d09c3e4559cd768a2d3747abf28d1d65667733b75 Loading...

	sokroflix.top.atlaq.com/sandbox%20eval%20code	147 B	2023-04-11 21:07	2024-11-28 22:50
Pretty URL sokroflix.top.atlaq.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 22:50 Times Seen282591 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11 21:07	2024-11-28 22:50
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 22:50 Times Seen281791 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c	266 kB	2023-11-12 10:52	2023-11-12 10:52
Pretty URL www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-12 10:52 Last Seen2023-11-12 10:52 Times Seen1 Hash 9c7285a377cc23ecfe93d380dc822609 4483d5571c295e1c6739a73beeed6854306f7c27 dfc73506230ec86cb422bbbac755ff581f5e6d0b1491d814ac2c190cb88581e0 Loading...

	whulsaux.com/tag.min.js	81 kB	2023-11-09 17:56	2023-11-14 03:25
Pretty URL whulsaux.com/tag.min.js IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-09 17:56 Last Seen2023-11-14 03:25 Times Seen209 Hash 31f7b9daf5ee02172c3c0cbe4e1fa617 48784129643d6897b3c275520d9983575b9d23c3 b5ad9f48d1639a9ed9f2ba15c61e9388903d97798d1fdc0d7d3559744f86c163 Loading...

	sokroflix.top.atlaq.com/	3.6 kB	2024-08-20 19:52	2024-08-20 19:52
Pretty URL sokroflix.top.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 19:52 Last Seen2024-08-20 19:52 Times Seen1 Hash 176a3f087faed460be39fc71c4982532 95cc01aa9b30a2e9b75697372a493d0b255cd220 f160b333c4d483bdd562da8e8897e1ab48a72dce469c077e3d92f127ccff7006 Loading...

	unknown	146 B	2024-08-20 19:52	2024-08-20 19:52
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 19:52 Last Seen2024-08-20 19:52 Times Seen1 Hash 46f22ebd35e2cc23a1ff90efd678dc68 3453fd483b58461db0b532180f6e50707bc2e411 47282e2c7d7731ab7d7fb2128e2d649c4b8ac79675948b071a11c3ad5165aa5c Loading...

	sokroflix.top.atlaq.com/	59 kB	2023-11-11 13:15	2024-08-20 19:59
Pretty URL sokroflix.top.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-11 13:15 Last Seen2024-08-20 19:59 Times Seen27 Hash b19b96f2fc5eeadfd5a5852e5fbd19ab 021c13b5d0cfe7880adaff70d73a5ab6910e1cb5 4be0a27e37a47491b51c4eb6ea1423d82483806e6ce015132a40a0ccb1e96c7d Loading...

	sokroflix.top.atlaq.com/	447 B	2023-11-11 13:15	2024-08-20 19:59
Pretty URL sokroflix.top.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-11 13:15 Last Seen2024-08-20 19:59 Times Seen27 Hash edac1ca3689a31cc59d42a6062c37472 c02dff66418e29c297de8c4f07353942ca91bf2d 201665128cc31ad2da0fcf6cbacf714ebba47b34306525369fd8b6be99e7a07d Loading...

	unknown	88 kB	2023-11-02 10:05	2024-08-20 21:23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2914 Hash d46d2997ab218d1dba1ab614422ed53f 3f1f6b9847c8ad209835db366c62fcb209b83a67 09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42 Loading...

	sokroflix.top.atlaq.com/	154 B	2023-03-10 11:07	2024-11-28 20:47
Pretty URL sokroflix.top.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 11:07 Last Seen2024-11-28 20:47 Times Seen69 Hash 556aedec3c17b1047b6ea5b24555b6b3 bc98386bf7c5d5088b545befbe3f36738874ca18 25b0f8074b7996c02b28918d9dec52e00501eee8990db393f4a0624d136a828e Loading...

	www.googletagmanager.com/gtag/js?id=UA-85346163-2	135 kB	2023-11-12 10:52	2023-11-12 10:52
Pretty URL www.googletagmanager.com/gtag/js?id=UA-85346163-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-12 10:52 Last Seen2023-11-12 10:52 Times Seen1 Hash 57c862f32662b069109e30f718f4810e 3fbeaaca987b08a72823e8de06b8a7ec7cdaeb1a 78e09a46081bb8ca720261f6d03046c1d9b0306a96ac1bc8be8886ad84a683a0 Loading...

	unknown	26 kB	2023-03-07 01:18	2024-10-26 14:27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18 Last Seen2024-10-26 14:27 Times Seen1733 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

		Size	First Seen	Last Seen
	#1 Write - 60172c9c76493722c5c3d59e8cb1d323	51 kB	2024-08-20 19:52	2024-08-20 19:52
Pretty Observations First Seen2024-08-20 19:52 Last Seen2024-08-20 19:52 Times Seen1 Hash 60172c9c76493722c5c3d59e8cb1d323 0f228120e4d7e8f7958b30774f47519914d1cd9f 0513bed70eb2fd618358abbc5a227d629a2a1777571f0119f1610cee5c82d629 Loading...

HTTP Transactions (39)

URL IP Response Size

atlaq.com/logo.png

188.114.97.1

200 OK

117 kB

URL GET HTTP/3
atlaq.com/logo.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint39:2B:6B:47:6D:E7:E2:74:8D:8C:D4:E2:E3:E7:2F:40:32:3B:18:6C
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
PNG image data, 500 x 446, 8-bit/color RGBA, non-interlaced\012- data
Size
117 kB (117433 bytes)
Hash
792b74959e26cd37fd05dfcd0ef07770
c6e3ed2dd9771b077daf93eda5773cd10d621147
7ae2cb133588b7a2926b71630869d602c294840f6c1379666e82b25f3354623b

HTTP Headers

GET /logo.png HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 12 Nov 2023 09:52:24 GMT
content-type: image/png
content-length: 117433
cache-control: public, max-age=31536000
expires: Thu, 24 Oct 2024 05:27:08 GMT
last-modified: Wed, 29 Jan 2020 11:21:42 GMT
vary: User-Agent,Origin, Accept-Encoding
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 1571116
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jhqESrgxdoG6rNIfWTQVBgkf3IL9GVAQ1pUDU2K1Y4Z6s9vjbQUBmV1N%2B6l5Y985wPhCSTFhHqFbU%2BarhrUzPDNyleZBlChrLWmHBFb%2Bevv5ain4xh1GakaIaDE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 824de1c76dd31c0e-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=UA-85346163-2

142.250.74.168

200 OK

52 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-85346163-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (2213)
Size
52 kB (51487 bytes)
Hash
57c862f32662b069109e30f718f4810e
3fbeaaca987b08a72823e8de06b8a7ec7cdaeb1a
78e09a46081bb8ca720261f6d03046c1d9b0306a96ac1bc8be8886ad84a683a0

HTTP Headers

GET /gtag/js?id=UA-85346163-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 12 Nov 2023 09:52:24 GMT
expires: Sun, 12 Nov 2023 09:52:24 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51487
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

atlaq.com/style.css

188.114.97.1

200 OK

104 kB

URL GET HTTP/3
atlaq.com/style.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint39:2B:6B:47:6D:E7:E2:74:8D:8C:D4:E2:E3:E7:2F:40:32:3B:18:6C
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6732)
Size
104 kB (103590 bytes)
Hash
611e414a545a0c84fe6c111b9a4c3722
7fe2addc3373777aeb6de31caaf66f800049dd59
b5fc73fd3ef4ac8eda80826c1f684294f136c3d03c4afed7e7cd59a3f6a5a146

HTTP Headers

GET /style.css HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 12 Nov 2023 09:52:24 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
expires: Fri, 24 Nov 2023 06:07:01 GMT
last-modified: Tue, 25 Oct 2022 04:42:27 GMT
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 1568723
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9GalTxKWj6utEMwsopRPSMoC7CZBLbHiZhVvCxZBbrREecB73xxCvBNHSdO8i35AqDuOiC%2FS5kXsIiluTJaT%2BwqhpLrV3wTMwmMAytdTwniqXcaeK7jmSGUTcV8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 824de1c73d9b1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

itweepinbelltor.com/zone?pub=0&zone_id=5490114&is_mobile=false&domain=sokroflix.top.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471

139.45.197.250

200 OK

888 B

URL GET HTTP/2
itweepinbelltor.com/zone?pub=0&zone_id=5490114&is_mobile=false&domain=sokroflix.top.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text, with very long lines (887)
Size
888 B (888 bytes)
Hash
5800ebd5fac46023ee5ce159af185039
69130d428356b977ec0a5bb70fe95ce3bc947b85
b299942a863006c6c8227371cc765b6eaef53616b56613001feda66f9667444f

HTTP Headers

GET /zone?pub=0&zone_id=5490114&is_mobile=false&domain=sokroflix.top.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sokroflix.top.atlaq.com/
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:24 GMT
content-type: application/json; charset=utf-8
content-length: 888
x-trace-id: 9ff089e082cca831939583c33f2ec98a
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

whulsaux.com/tag.min.js

139.45.197.244

200 OK

26 kB

URL GET HTTP/2
whulsaux.com/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
Fingerprint29:C6:16:FB:8B:54:C5:1B:65:18:3D:96:39:33:73:B5:D3:8C:6D:48
ValidityFri, 01 Sep 2023 05:32:42 GMT - Thu, 30 Nov 2023 05:32:41 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (25507 bytes)
Hash
31f7b9daf5ee02172c3c0cbe4e1fa617
48784129643d6897b3c275520d9983575b9d23c3
b5ad9f48d1639a9ed9f2ba15c61e9388903d97798d1fdc0d7d3559744f86c163

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:24 GMT
content-type: text/javascript; charset=utf-8
content-length: 25507
content-encoding: br
x-trace-id: f5c3dc41c5ff568976984838f198fccb
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Thu, 09 Nov 2023 15:33:43 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

preview.atlaq.com/ba6fbd8cadd414b1e763e9514b3d5469_sokroflix.top.png

188.114.96.1

200 OK

43 kB

URL GET HTTP/2
preview.atlaq.com/ba6fbd8cadd414b1e763e9514b3d5469_sokroflix.top.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint1E:C6:84:53:3B:FF:CE:FF:8F:8C:9D:8B:3A:69:3F:E5:28:C8:F4:A5
ValidityWed, 26 Apr 2023 00:00:00 GMT - Thu, 25 Apr 2024 23:59:59 GMT

File type
PNG image data, 683 x 384, 8-bit/color RGBA, non-interlaced\012- data
Size
43 kB (43354 bytes)
Hash
8582622a626174ca87fb2adf42bbb299
b9aaeb50f027a09b0ca85f2f2b7ac939870cc7a3
3e70d325846f671d1724bb9bd2c4e3b4ab55bd41460b37d1c17b198c1014378a

HTTP Headers

GET /ba6fbd8cadd414b1e763e9514b3d5469_sokroflix.top.png HTTP/1.1
Host: preview.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sun, 12 Nov 2023 09:52:24 GMT
content-type: image/png
content-length: 43354
x-powered-by: Express
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 08:45:36 GMT
etag: W/"a95a-18b37a97c99"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PjboQHq1MymK6uDmmfHF2MogYgv1NsKRQTAEvqI%2F1Ys7Xoj%2BwD5J%2BRb3%2BWYeHzoWX7kuiOJ2khf6lE4lcUzV7Ce4um39z9aHH6Y5WTkuw0jZWfB8ZVEJOefJIFUf3xCdbirufA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 824de1c78f1e56af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://sokroflix.top.atlaq.com/
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:24 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sokroflix.top.atlaq.com/
Content-Type: application/json
Content-Length: 383
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:24 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 661b6b5333c459c266f21cf984261f79
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

itweepinbelltor.com/pfe/current/universal.min.js?v=3.1.471

139.45.197.250

200 OK

33 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/universal.min.js?v=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
33 kB (33416 bytes)
Hash
91053bf1f546b8c8e4dd5371f1f22c44
bee6bc7de1d8f30a7deb1da4ec465e54dbc892b2
2e8860dbdd7baf6cc403f2f501750013139fc6a2d5a9aa6475c9154ee10781c7

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.471 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sokroflix.top.atlaq.com/
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:24 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:00:38 GMT
etag: W/"654e0d56-1572c"
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

itweepinbelltor.com/pfe/current/tag.min.js?z=5490114

139.45.197.250

200 OK

7.1 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/tag.min.js?z=5490114
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
C source, ASCII text, with very long lines (16072), with no line terminators
Size
7.1 kB (7131 bytes)
Hash
243c7fc194dc9bee42138d4c543d9828
096978852716abd7e716502f9e1bb54134e8295e
8923ee45210c097cd702f54c0844b4c437dbba08757c760be6c189efb36c3183

HTTP Headers

GET /pfe/current/tag.min.js?z=5490114 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:24 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:00:38 GMT
etag: W/"654e0d56-33f4"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

sokroflix.top.atlaq.com/

188.114.97.1

200 OK

0 B

URL HEAD HTTP/3
sokroflix.top.atlaq.com/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint39:2B:6B:47:6D:E7:E2:74:8D:8C:D4:E2:E3:E7:2F:40:32:3B:18:6C
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: sokroflix.top.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 12 Nov 2023 09:52:25 GMT
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (waiting for pending WAN connection)
expires: Sun, 10 Dec 2023 12:01:36 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w3cEvI4RGZ9%2FN%2BWx0lFLDmSWk5Mu0Btx0hgtOn%2Bsi4Nf5KCFqDgiNnaDLCL3icRiJ4zWfjqzcZyYhO78G2WyV%2Bu769lC8gdmw9i9ZjVyHQ2vuAR5mrrmUAIvV7M65Y%2BldiuO0%2FbuMZ89Mg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 824de1c82e4c1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
7c4cd95c967331ee782e2ae7e4db4a77
aa30f0632d71f7dd9b0eadcf46d6d6105323a4b4
760946c8ae55a06b7eca5d4f85f47df6b6ecf9fd51035c5f41136eac2c82ed0b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sokroflix.top.atlaq.com/
Content-Type: application/json
Content-Length: 508
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:25 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

60517.xyz/favicon.ico

23.225.205.13

404 Not Found

146 B

URL GET HTTP/2
60517.xyz/favicon.ico
IP
23.225.205.13:443
ASN
#40065 CNSERVERS

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subject60481.xyz
FingerprintF4:0B:53:B1:A2:82:8B:18:BC:0B:27:70:36:18:07:EC:E7:38:4F:43
ValiditySat, 23 Sep 2023 01:36:48 GMT - Fri, 22 Dec 2023 01:36:47 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 60517.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Sun, 12 Nov 2023 09:52:25 GMT
content-type: text/html
content-length: 146
X-Firefox-Spdy: h2

whulsaux.com/?rb=pllpdE7kDgfhhl5eydhk212Z5FfCjLt4aQGj5aKjJ8cDqxAcWK6-e4yPtmWucGtg8F1Ge6y9vYT31UiCzq7k7JVjW__2T5fN5gmP9fkcC9VwJ-uYKRSaRkk7htDE0-PeNpFFpvT8QD9ceqdow0WkvCZrP8uK390Iis8A9T0xPUwKIqF7RpLyY78yY6EYB2YVqaUuyZZu0Uzr48kZxUcVNYEyItr4hufS_itQFkN_ACo%3D&request_ab2=0&zoneid=6577958&js_build=iclick-1.626.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fsokroflix.top.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.626.0&bs=22c0c974-b7d6-4e8b-8b1e-d292d59672d7&userId=f5a81897aa134448903dffebd01a4d48&m=link

139.45.197.244

200 OK

1.7 kB

URL GET HTTP/2
whulsaux.com/?rb=pllpdE7kDgfhhl5eydhk212Z5FfCjLt4aQGj5aKjJ8cDqxAcWK6-e4yPtmWucGtg8F1Ge6y9vYT31UiCzq7k7JVjW__2T5fN5gmP9fkcC9VwJ-uYKRSaRkk7htDE0-PeNpFFpvT8QD9ceqdow0WkvCZrP8uK390Iis8A9T0xPUwKIqF7RpLyY78yY6EYB2YVqaUuyZZu0Uzr48kZxUcVNYEyItr4hufS_itQFkN_ACo%3D&request_ab2=0&zoneid=6577958&js_build=iclick-1.626.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fsokroflix.top.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.626.0&bs=22c0c974-b7d6-4e8b-8b1e-d292d59672d7&userId=f5a81897aa134448903dffebd01a4d48&m=link
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
Fingerprint29:C6:16:FB:8B:54:C5:1B:65:18:3D:96:39:33:73:B5:D3:8C:6D:48
ValidityFri, 01 Sep 2023 05:32:42 GMT - Thu, 30 Nov 2023 05:32:41 GMT

File type
JSON data\012- , ASCII text, with very long lines (2269), with no line terminators
Size
1.7 kB (1738 bytes)
Hash
f8efcddb3e84e1056e1130b0c43f3ca5
49642a6c6b3afd3442cc2447989fc579470034f7
0496962dd8f91d0dac47bfeff1ec649ab09c26984f4b3fcef7a399b38bd825f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=pllpdE7kDgfhhl5eydhk212Z5FfCjLt4aQGj5aKjJ8cDqxAcWK6-e4yPtmWucGtg8F1Ge6y9vYT31UiCzq7k7JVjW__2T5fN5gmP9fkcC9VwJ-uYKRSaRkk7htDE0-PeNpFFpvT8QD9ceqdow0WkvCZrP8uK390Iis8A9T0xPUwKIqF7RpLyY78yY6EYB2YVqaUuyZZu0Uzr48kZxUcVNYEyItr4hufS_itQFkN_ACo%3D&request_ab2=0&zoneid=6577958&js_build=iclick-1.626.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fsokroflix.top.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.626.0&bs=22c0c974-b7d6-4e8b-8b1e-d292d59672d7&userId=f5a81897aa134448903dffebd01a4d48&m=link HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sokroflix.top.atlaq.com/
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Cookie: OAID=f5a81897aa134448903dffebd01a4d48; oaidts=1699782744
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:25 GMT
content-type: application/json
x-trace-id: 7d0018628616fdb8761b2cbd954253ae
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=f5a81897aa134448903dffebd01a4d48; expires=Mon, 11 Nov 2024 09:52:25 GMT; path=/; secure; SameSite=None
oaidts=1699782745; expires=Mon, 11 Nov 2024 09:52:25 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 19 Nov 2023 09:52:25 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

itweepinbelltor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
itweepinbelltor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /event HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://sokroflix.top.atlaq.com/
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:25 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

itweepinbelltor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
itweepinbelltor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
2d2efebc16215827c28ce079d5ea0c25
675eb0d0d9700381e6ca455e50ca52c4f442d959
7cba50de9a332512ef3f8990e384bc11224b0091f4e53b23f6756c3e722be55d

HTTP Headers

POST /event HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sokroflix.top.atlaq.com/
Content-Type: application/json
Content-Length: 1651
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:25 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=63bc95bbe1ae4885be0d3b1e38a3b6b6&zoneId=5490114&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=63bc95bbe1ae4885be0d3b1e38a3b6b6&zoneId=5490114&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
99bfd36f746fe89b047e6b050e805f05
fa85249208acdbb8b9cd08534e8f1492865a4fdd
fb9f7260e89c9ee98c4e59ff7ef61a88626936ab796a8046db13fb207054f8ff

HTTP Headers

GET /gid.js?pub=0&userId=63bc95bbe1ae4885be0d3b1e38a3b6b6&zoneId=5490114&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sokroflix.top.atlaq.com/
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Cookie: ID=f5a81897aa134448903dffebd01a4d48
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:25 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=f5a81897aa134448903dffebd01a4d48; expires=Mon, 11 Nov 2024 09:52:25 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

52cad.com/favicon.ico

47.100.112.247

200 OK

4.3 kB

URL GET HTTP/1.1
52cad.com/favicon.ico
IP
47.100.112.247:443
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerDigiCert, Inc.
Subject*.52cad.com
Fingerprint66:DE:D3:96:F9:C4:5E:73:C1:4A:E5:12:88:E2:43:B4:E5:A3:C5:3F
ValidityThu, 15 Jun 2023 00:00:00 GMT - Mon, 15 Jul 2024 23:59:59 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
4.3 kB (4286 bytes)
Hash
7c6207657fb0ac7224959b6ec3af426f
02f93055b2d02787a5abc1eb4a87457410dadfbe
91f993f630d3f787dee79c5cee94dd2e94c4b488aa61b013ad211181c50d695b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 52cad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 12 Nov 2023 09:52:25 GMT
Content-Type: image/x-icon
Content-Length: 4286
Last-Modified: Sun, 25 Jun 2023 06:45:52 GMT
Connection: keep-alive
ETag: "6497e2a0-10be"
Accept-Ranges: bytes

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
a6f151a3ce36da1d36daa2ec03a35b3c
d9e0a3d77c36b06919b6997bd76e81ccf458aa6a
1d4e83a6efac7426b64ef8fcf8fec063efbeae1ee8ec797b89673e284c5b69b1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sokroflix.top.atlaq.com/
Content-Type: application/json
Content-Length: 508
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:25 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sokroflix.top.atlaq.com/
Content-Type: application/json
Content-Length: 380
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:25 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 7819ff717e0a17a05498efced941d87e
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

5gsg.net/favicon.ico

75.98.175.95

302 Found

0 B

URL GET HTTP/1.1
5gsg.net/favicon.ico
IP
75.98.175.95:443
ASN
#55293 A2HOSTING

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuercPanel, Inc.
Subject5gsg.net
Fingerprint24:F1:AF:F0:96:E0:07:21:B9:2B:83:5A:32:2F:12:F3:F8:F6:69:39
ValidityFri, 03 Nov 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 5gsg.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sun, 12 Nov 2023 09:52:24 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
X-UA-Compatible: IE=edge
Link: <https://5gsg.net/wp-json/>; rel="https://api.w.org/"
X-Redirect-By: WordPress
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Location: https://i0.wp.com/5gsg.net/wp-content/uploads/2020/05/cropped-5G%E6%96%87%E5%AD%A6%E7%BD%91-%E5%9C%86%E5%BD%A2-120x120-001-1.png?fit=32%2C32&ssl=1
Content-Length: 0
Keep-Alive: timeout=3, max=500
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

i0.wp.com/5gsg.net/wp-content/uploads/2020/05/cropped-5G%E6%96%87%E5%AD%A6%E7%BD%91-%E5%9C%86%E5%BD%A2-120x120-001-1.png?fit=32%2C32&ssl=1

192.0.77.2

200 OK

1.5 kB

URL GET HTTP/2
i0.wp.com/5gsg.net/wp-content/uploads/2020/05/cropped-5G%E6%96%87%E5%AD%A6%E7%BD%91-%E5%9C%86%E5%BD%A2-120x120-001-1.png?fit=32%2C32&ssl=1
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint95:BC:E9:E5:77:EA:A7:DE:2E:30:01:1E:65:1D:21:13:4F:16:69:37
ValidityMon, 14 Nov 2022 00:00:00 GMT - Fri, 15 Dec 2023 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.5 kB (1522 bytes)
Hash
5e1bae5064765fa00037be4a7cda62cc
5496febec2286788b1662590a651e2929a25b8c0
14286a273f7a993c8c6e00e4ae5da46fe418d78b3e7014c9179dbb472585fa55

HTTP Headers

GET /5gsg.net/wp-content/uploads/2020/05/cropped-5G%E6%96%87%E5%AD%A6%E7%BD%91-%E5%9C%86%E5%BD%A2-120x120-001-1.png?fit=32%2C32&ssl=1 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:25 GMT
content-type: image/webp
content-length: 1522
last-modified: Fri, 10 Nov 2023 19:48:59 GMT
expires: Mon, 10 Nov 2025 07:48:59 GMT
cache-control: public, max-age=63115200
link: <https://5gsg.net/wp-content/uploads/2020/05/cropped-5G%E6%96%87%E5%AD%A6%E7%BD%91-%E5%9C%86%E5%BD%A2-120x120-001-1.png>; rel="canonical"
x-content-type-options: nosniff
etag: "7f2a69997145e393"
vary: Accept
x-nc: MISS arn 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

3verhigher.com/favicon.ico

103.255.250.152

302 Found

0 B

URL GET HTTP/1.1
3verhigher.com/favicon.ico
IP
103.255.250.152:443
ASN
#133210 EN Technologies Pte Ltd

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuercPanel, Inc.
Subject3verhigher.com
Fingerprint90:D4:98:48:90:77:B3:58:E1:61:79:46:C0:B9:75:A1:49:95:A0:30
ValiditySun, 17 Sep 2023 00:00:00 GMT - Sat, 16 Dec 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 3verhigher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 12 Nov 2023 09:52:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/7.4.33
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Link: <https://www.3verhigher.com/wp-json/>; rel="https://api.w.org/"
X-Redirect-By: WordPress
Set-Cookie: PHPSESSID=64dd288361ac13b07f2d83d8ba9de9e0; path=/; secure; HttpOnly
Location: https://www.3verhigher.com/wp-content/uploads/2020/07/cropped-EHDR-Fav-32x32.png
Vary: User-Agent,Accept-Encoding

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=1496708958.1699782745&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1464454763

216.58.207.227

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=1496708958.1699782745&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1464454763
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint29:58:11:F3:D3:18:F5:CB:E0:44:F2:26:7E:93:2F:BD:DE:27:0C:EB
ValidityMon, 16 Oct 2023 08:13:02 GMT - Mon, 08 Jan 2024 08:13:01 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=1496708958.1699782745&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1464454763 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 12 Nov 2023 09:52:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://60517.xyz

142.250.74.36

404 Not Found

726 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://60517.xyz
IP
142.250.74.36:443
ASN
#15169 GOOGLE

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintEB:59:E9:F3:0F:CE:D8:1A:8C:BB:EE:7D:2E:B7:B8:39:73:7A:CE:28
ValidityMon, 16 Oct 2023 08:10:00 GMT - Mon, 08 Jan 2024 08:09:59 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://60517.xyz HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Sun, 12 Nov 2023 09:52:26 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sokroflix.top.atlaq.com/
Content-Type: application/json
Content-Length: 740
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:26 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: cec5bd1f1cf153b458c854d323cff8eb
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

520vr.cn/favicon.ico

119.28.77.41

302 Found

4.1 kB

URL GET HTTP/2
520vr.cn/favicon.ico
IP
119.28.77.41:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subject520vr.cn
Fingerprint05:46:F5:67:63:BD:01:34:99:6B:67:C1:97:85:E0:90:BA:15:2C:72
ValidityFri, 01 Sep 2023 08:37:21 GMT - Thu, 30 Nov 2023 08:37:20 GMT

File type
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4119 bytes)
Hash
000bf649cc8f6bf27cfb04d1bcdcd3c7
d73d2f6d74ec6cdcbae07955592962e77d8ae814
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 520vr.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sun, 12 Nov 2023 09:52:26 GMT
content-type: text/html; charset=UTF-8
location: https://520vr.cn/wp-includes/images/w-logo-blue-white-bg.png
set-cookie: PHPSESSID=tb562n6do7tm8mt88jpjt7io4k; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
link: <https://520vr.cn/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

sokroflix.top/wp-content/uploads/2018/11/IconeSokro_8aa3756629c33275cffd0727c64885e61.png

91.195.240.117

441 No Reason Phrase

0 B

URL GET HTTP/2
sokroflix.top/wp-content/uploads/2018/11/IconeSokro_8aa3756629c33275cffd0727c64885e61.png
IP
91.195.240.117:443
ASN
#47846 SEDO GmbH

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerDigiCert Inc
Subjectsokroflix.top
Fingerprint77:67:A4:F9:6D:93:10:5F:77:1D:F8:B1:0B:5F:75:52:A2:EE:FB:4F
ValidityWed, 08 Nov 2023 00:00:00 GMT - Fri, 08 Nov 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/uploads/2018/11/IconeSokro_8aa3756629c33275cffd0727c64885e61.png HTTP/1.1
Host: sokroflix.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 441 No Reason Phrase
date: Sun, 12 Nov 2023 09:52:26 GMT
server: NginX
content-length: 0
X-Firefox-Spdy: h2

www.3verhigher.com/wp-content/uploads/2020/07/cropped-EHDR-Fav-32x32.png

103.255.250.152

200 OK

503 B

URL GET HTTP/1.1
www.3verhigher.com/wp-content/uploads/2020/07/cropped-EHDR-Fav-32x32.png
IP
103.255.250.152:443
ASN
#133210 EN Technologies Pte Ltd

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuercPanel, Inc.
Subject3verhigher.com
Fingerprint90:D4:98:48:90:77:B3:58:E1:61:79:46:C0:B9:75:A1:49:95:A0:30
ValiditySun, 17 Sep 2023 00:00:00 GMT - Sat, 16 Dec 2023 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
503 B (503 bytes)
Hash
ca3b7ee78bc9c52d116583c683ca3ef3
530cf010c08759f773d9d0ea058820b7c7f13f4b
9f30b7adcf43fe9a086602a447abd90ca50240478afb384fe09ce19546b0bcd7

HTTP Headers

GET /wp-content/uploads/2020/07/cropped-EHDR-Fav-32x32.png HTTP/1.1
Host: www.3verhigher.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 12 Nov 2023 09:52:27 GMT
Content-Type: image/png
Content-Length: 503
Connection: keep-alive
Last-Modified: Fri, 10 Jul 2020 14:37:13 GMT
Cache-Control: max-age=10368000, public
Expires: Mon, 11 Mar 2024 06:18:26 GMT
Vary: Accept-Encoding
X-Cache: HIT
Accept-Ranges: bytes

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=sokroflix.top

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=sokroflix.top
IP
0.0.0.0:0
ASN
#0

Requested by
https://sokroflix.top.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=sokroflix.top HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

itweepinbelltor.com/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

57 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
57 kB (57187 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sokroflix.top.atlaq.com/
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:25 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:00:38 GMT
etag: W/"654e0d56-df63"
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=sokroflix.top

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=sokroflix.top
IP
0.0.0.0:0
ASN
#0

Requested by
https://sokroflix.top.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=sokroflix.top HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

sokroflix.top.atlaq.com/badk.txt

188.114.97.1

200 OK

44 kB

URL GET HTTP/3
sokroflix.top.atlaq.com/badk.txt
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint39:2B:6B:47:6D:E7:E2:74:8D:8C:D4:E2:E3:E7:2F:40:32:3B:18:6C
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
44 kB (43852 bytes)
Hash
f4245877e1f9b8764acbac7b475ebf2d
7471a9d7354637651fa5d0200febe7ab162fb69a
bd300473a295a173716b1b182aed7c14e3551f7400360dd5f694115683ccd41c

HTTP Headers

GET /badk.txt HTTP/1.1
Host: sokroflix.top.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sokroflix.top.atlaq.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 12 Nov 2023 09:52:24 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (starting new WAN connection)
expires: Tue, 12 Dec 2023 09:52:24 GMT
last-modified: Mon, 13 Apr 2020 08:00:16 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VNIT0X3gBljXjiKcVeCFjDMyi1MgpvtVKIDCME3RVm2zrHuBizhLHwNX%2FNIa%2FCtn3tzeGolH0b1l6uPrhDSyJRiYfnZEoo397FFRao1ph9Oh9dwq3SfQ5is8cbm%2FJ0l1b%2FPx%2B6Y3px5YgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 824de1c81e411c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

whulsaux.com/5/6577958/?oo=1&aab=1

139.45.197.244

200 OK

2.8 kB

URL GET HTTP/2
whulsaux.com/5/6577958/?oo=1&aab=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
Fingerprint29:C6:16:FB:8B:54:C5:1B:65:18:3D:96:39:33:73:B5:D3:8C:6D:48
ValidityFri, 01 Sep 2023 05:32:42 GMT - Thu, 30 Nov 2023 05:32:41 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3012), with no line terminators
Size
2.8 kB (2772 bytes)
Hash
5baeceafefe047c007e720e379b8bc9c
d20b3438862d42c2fce4b1481fafbea5dc542446
da5671dda11b4d66c2818b98c167de35ff80e444f973495b128c09a311fefdd6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6577958/?oo=1&aab=1 HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:24 GMT
content-type: application/json
x-trace-id: 18302aedb44fd6ef7a0975fb1a161ccb
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=f5a81897aa134448903dffebd01a4d48; expires=Mon, 11 Nov 2024 09:52:24 GMT; path=/; secure; SameSite=None
oaidts=1699782744; expires=Mon, 11 Nov 2024 09:52:24 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c

142.250.74.168

200 OK

266 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (5955)
Size
266 kB (266539 bytes)
Hash
9c7285a377cc23ecfe93d380dc822609
4483d5571c295e1c6739a73beeed6854306f7c27
dfc73506230ec86cb422bbbac755ff581f5e6d0b1491d814ac2c190cb88581e0

HTTP Headers

GET /gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 12 Nov 2023 09:52:24 GMT
expires: Sun, 12 Nov 2023 09:52:24 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90040
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

sokroflix.top.atlaq.com/sw-5490114.js

188.114.97.1

404 Not Found

4.8 kB

URL GET HTTP/3
sokroflix.top.atlaq.com/sw-5490114.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint39:2B:6B:47:6D:E7:E2:74:8D:8C:D4:E2:E3:E7:2F:40:32:3B:18:6C
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (5213), with no line terminators
Size
4.8 kB (4828 bytes)
Hash
0b948a02e2696753bcdb4520f0589aa0
f697d5ce02d24b902c104fba13eefc36736e931b
78de08c576c4e4de3351cebf750102fb2e7aabe6459d0dd27e6672365ade8dea

HTTP Headers

GET /sw-5490114.js HTTP/1.1
Host: sokroflix.top.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sokroflix.top.atlaq.com/
DNT: 1
Connection: keep-alive
Cookie: _ga_FPZ0VEL1WQ=GS1.1.1699782744.1.0.1699782744.60.0.0; _ga=GA1.1.1496708958.1699782745
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sun, 12 Nov 2023 09:52:25 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31536000
expires: Sun, 10 Dec 2023 12:01:38 GMT
x-litespeed-cache: hit
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-expose-headers: Content-Disposition
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MIo5vumHpwz5WLkaskk635GsXolh435aO8hIRGcvZwJHW5FgIyg22GqPGmAuXJukencl%2FTj%2F3pjnNYX0vcwZiZ1u0g%2BFC86iee7yuvx8ChsZKVCMd3bbZOurs%2BC4ukmxb%2FPmsh3ZzU2Hdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 824de1cb2f8b1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

520vr.cn/wp-includes/images/w-logo-blue-white-bg.png

119.28.77.41

200 OK

4.1 kB

URL GET HTTP/2
520vr.cn/wp-includes/images/w-logo-blue-white-bg.png
IP
119.28.77.41:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subject520vr.cn
Fingerprint05:46:F5:67:63:BD:01:34:99:6B:67:C1:97:85:E0:90:BA:15:2C:72
ValidityFri, 01 Sep 2023 08:37:21 GMT - Thu, 30 Nov 2023 08:37:20 GMT

File type
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4119 bytes)
Hash
000bf649cc8f6bf27cfb04d1bcdcd3c7
d73d2f6d74ec6cdcbae07955592962e77d8ae814
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

HTTP Headers

GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: 520vr.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:26 GMT
content-type: image/png
content-length: 4119
last-modified: Thu, 21 May 2020 09:10:12 GMT
etag: "5ec64574-1017"
expires: Tue, 12 Dec 2023 09:52:26 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=f5a81897aa134448903dffebd01a4d48

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=f5a81897aa134448903dffebd01a4d48
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
9a0f78f0f5c6219db628af5babb45ec6
2b9ad50f5beff1ef6abefa06c14c5bc900b1fd83
3360559c40fbb96d78e4b5651f52012e2ddfd55c6b865ce355eb3d7af00dec29

HTTP Headers

GET /gid.js?userId=f5a81897aa134448903dffebd01a4d48 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 12 Nov 2023 09:52:24 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://sokroflix.top.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=f5a81897aa134448903dffebd01a4d48; expires=Mon, 11 Nov 2024 09:52:24 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1699782744324&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1496708958.1699782745&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1699782744&sct=1&seg=0&dl=https%3A%2F%2Fsokroflix.top.atlaq.com%2F&dt=SOKROFLIX%20%7C%20VOIR%20FILM%20et%20SERIE%20STREAMING%20HD%20Gratuit%20Sans%20Inscription&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1460

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1699782744324&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1496708958.1699782745&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1699782744&sct=1&seg=0&dl=https%3A%2F%2Fsokroflix.top.atlaq.com%2F&dt=SOKROFLIX%20%7C%20VOIR%20FILM%20et%20SERIE%20STREAMING%20HD%20Gratuit%20Sans%20Inscription&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1460
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://sokroflix.top.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1699782744324&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1496708958.1699782745&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1699782744&sct=1&seg=0&dl=https%3A%2F%2Fsokroflix.top.atlaq.com%2F&dt=SOKROFLIX%20%7C%20VOIR%20FILM%20et%20SERIE%20STREAMING%20HD%20Gratuit%20Sans%20Inscription&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1460 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sokroflix.top.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://sokroflix.top.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://sokroflix.top.atlaq.com
date: Sun, 12 Nov 2023 09:52:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN