Report - bh167.com.atlaq.com/

Report Overview

Visited public
2023-11-19 11:52:46
Tags
URL
bh167.com.atlaq.com/
Finishing URL
bh167.com.atlaq.com/
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
4k影视-最新最全最受欢迎的影视网站-在线观看_高清电影免费在线看

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
atlaq.com	460385	2019-04-07	2019-04-10 14:32:55	2023-11-17 13:50:12	834 B	163 kB	188.114.96.1
orbs.network	unknown	2017-08-25	2018-01-03 23:04:21	2023-03-25 01:05:29	388 B	0 B	0.0.0.0
onmedqa.com	unknown	unknown	No data	No data	385 B	38 kB	100.24.82.195
region1.analytics.google.com	unknown	1997-09-15	2022-03-17 12:26:33	2023-11-19 05:09:58	965 B	450 B	216.239.32.36
t1.gstatic.com	unknown	2008-02-11	2013-05-07 00:57:20	2023-11-19 06:51:01	2.1 kB	6.5 kB	142.250.74.68
www.google.no	25607	2001-02-26	2016-04-05 21:50:59	2023-11-19 05:57:07	573 B	578 B	142.250.74.163
onlinevgu.com	unknown	2022-08-28	2022-10-27 09:32:00	2023-08-27 01:49:31	823 B	2.0 kB	13.233.156.131
www.onlinepokies.me	unknown	2010-04-13	2013-04-20 11:54:36	2023-11-09 03:02:47	395 B	778 B	172.66.43.126
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-19 06:44:49	888 B	143 kB	142.250.74.168
onlinepokies.me	unknown	2010-04-13	2013-04-20 11:54:36	2023-10-21 03:51:54	389 B	1.2 kB	172.66.43.126
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-11-19 05:16:16	1.1 kB	1.5 kB	139.45.195.8
ozzykicks.myshopify.com	unknown	unknown	No data	No data	397 B	2.8 kB	23.227.38.74
traffic.alexa.com	381412	1996-07-17	2012-05-20 23:46:11	2021-05-14 12:40:47	970 B	0 B	0.0.0.0
whulsaux.com	unknown	2023-01-04	2023-01-04 17:10:35	2023-11-18 14:58:54	1.9 kB	32 kB	139.45.197.244
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2023-11-19 05:09:41	1.5 kB	1.5 kB	139.45.197.250
bh167.com.atlaq.com	unknown	unknown	No data	No data	1.8 kB	203 kB	188.114.96.1
itweepinbelltor.com	116495	2021-08-11	2021-08-11 13:34:00	2023-11-19 07:01:49	3.5 kB	124 kB	139.45.197.250
preview.atlaq.com	unknown	2019-04-07	2023-10-16 11:41:32	2023-11-17 13:50:12	451 B	0 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-19	medium	whulsaux.com	Sinkholed
2023-11-19	medium	whulsaux.com	Sinkholed
2023-11-19	medium	amunfezanttor.com	Sinkholed
2023-11-19	medium	amunfezanttor.com	Sinkholed
2023-11-19	medium	amunfezanttor.com	Sinkholed
2023-11-19	medium	whulsaux.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11 21:07	2024-11-28 22:36
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 22:36 Times Seen281790 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	bh167.com.atlaq.com/	3.6 kB	2024-08-20 18:48	2024-08-20 18:48
Pretty URL bh167.com.atlaq.com/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 18:48 Last Seen2024-08-20 18:48 Times Seen1 Hash b83deaabcaeb710670aab1a5237dea3c 0c5ca1a85405b78c7c5fdd6bc62f0461c0b1606e 60f202c828171776d660146ff4d3476b40423b59cf38218f20c55658649eb0da Loading...

	www.googletagmanager.com/gtag/js?id=UA-85346163-2	135 kB	2023-11-19 12:52	2023-11-19 12:52
Pretty URL www.googletagmanager.com/gtag/js?id=UA-85346163-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 12:52 Last Seen2023-11-19 12:52 Times Seen1 Hash 9f9eb3f6e6a1ab2df07d35a5f75eeef1 9edc376c2dcc076d83a80da7befbb8b3e2b8dcbf b1bd36bfa0b897780b2832b1df9576705b34102e7e4685ee221dc23e48fac380 Loading...

	whulsaux.com/tag.min.js	81 kB	2023-11-15 13:56	2023-11-21 03:05
Pretty URL whulsaux.com/tag.min.js IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 13:56 Last Seen2023-11-21 03:05 Times Seen245 Hash f2e2bbac9956f90deb8bb8620b4e6a34 92e196a6e8b21e835aeb47d0123fbad2c9c1bc2c 785e6fa651312a3f819529c5fa32cd529e74c771f73929ed85cdf424a462144f Loading...

	unknown	26 kB	2023-03-07 01:18	2024-10-26 14:27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18 Last Seen2024-10-26 14:27 Times Seen1733 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

	bh167.com.atlaq.com/	59 kB	2023-11-11 13:15	2024-08-20 19:59
Pretty URL bh167.com.atlaq.com/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-11 13:15 Last Seen2024-08-20 19:59 Times Seen27 Hash b19b96f2fc5eeadfd5a5852e5fbd19ab 021c13b5d0cfe7880adaff70d73a5ab6910e1cb5 4be0a27e37a47491b51c4eb6ea1423d82483806e6ce015132a40a0ccb1e96c7d Loading...

	bh167.com.atlaq.com/	447 B	2023-11-11 13:15	2024-08-20 19:59
Pretty URL bh167.com.atlaq.com/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-11 13:15 Last Seen2024-08-20 19:59 Times Seen27 Hash edac1ca3689a31cc59d42a6062c37472 c02dff66418e29c297de8c4f07353942ca91bf2d 201665128cc31ad2da0fcf6cbacf714ebba47b34306525369fd8b6be99e7a07d Loading...

	itweepinbelltor.com/pfe/current/tag.min.js?z=5490114	13 kB	2023-11-02 10:05	2024-08-20 21:23
Pretty URL itweepinbelltor.com/pfe/current/tag.min.js?z=5490114 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2697 Hash 258578af3c107ccb907f73c3a2f4c25f 7a192edea829968fb7f57f2a2fc4cb5b612598be 1f945c9c46c47a2b0e867b0d09c3e4559cd768a2d3747abf28d1d65667733b75 Loading...

	unknown	149 B	2024-08-20 18:48	2024-08-20 18:48
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 18:48 Last Seen2024-08-20 18:48 Times Seen1 Hash e633a8e62e82150cf9abb790644bfe78 12199afa090cac0c8f96c4a9cd38588a7dca8f94 7f570c0ca088872fd522324f7897d26ff676eb3c975841f78365944b31cb5f39 Loading...

	unknown	161 B	2024-08-20 18:48	2024-08-20 18:48
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 18:48 Last Seen2024-08-20 18:48 Times Seen1 Hash f0fdc634e65fd8d1f587cf4eed1b34da be2a505ee9ec8d31c69f99842059aca695bbb26d 33a0bd0ec6930652de0a8397390e9fee4339a33526b4eae4e6262924ca5bb706 Loading...

	unknown	152 B	2024-08-20 18:48	2024-08-20 18:48
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 18:48 Last Seen2024-08-20 18:48 Times Seen1 Hash 20194f1ded15d457ed4e6a773468fb27 fb6d659ea23ebc0aead1a648a312d0c9f90a9712 4e91c16fe2a19e1b0fe5fed4415c8b253e32c7a67b399c4be789c8c7fdd81113 Loading...

	bh167.com.atlaq.com/	154 B	2023-03-10 11:07	2024-11-28 20:47
Pretty URL bh167.com.atlaq.com/ IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 11:07 Last Seen2024-11-28 20:47 Times Seen69 Hash 556aedec3c17b1047b6ea5b24555b6b3 bc98386bf7c5d5088b545befbe3f36738874ca18 25b0f8074b7996c02b28918d9dec52e00501eee8990db393f4a0624d136a828e Loading...

	bh167.com.atlaq.com/sandbox%20eval%20code	147 B	2023-04-11 21:07	2024-11-28 22:36
Pretty URL bh167.com.atlaq.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 22:36 Times Seen282590 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	unknown	88 kB	2023-11-02 10:05	2024-08-20 21:23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2914 Hash d46d2997ab218d1dba1ab614422ed53f 3f1f6b9847c8ad209835db366c62fcb209b83a67 09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42 Loading...

	www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c	266 kB	2023-11-19 12:52	2023-11-19 12:52
Pretty URL www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-19 12:52 Last Seen2023-11-19 12:52 Times Seen1 Hash 4a8e09502e3d3de810c0826179c6fafd f343e009fe6cee27aea4ebc50d131b179845aec0 475ae005f3b40802ae81e47162200102f6fbcbeaa5653a9e839f02c7894010f5 Loading...

		Size	First Seen	Last Seen
	#1 Write - d3e45d17195965246390f5b8eb67b101	51 kB	2024-08-20 18:48	2024-08-20 18:48
Pretty Observations First Seen2024-08-20 18:48 Last Seen2024-08-20 18:48 Times Seen1 Hash d3e45d17195965246390f5b8eb67b101 3fb8971ab17e1c4f7648121893f2dce2d25aa14f 11d5a91fc5140facd62172453077845409707e891c401cfe1f6790a6baf74da4 Loading...

HTTP Transactions (39)

URL IP Response Size

www.googletagmanager.com/gtag/js?id=UA-85346163-2

142.250.74.168

200 OK

51 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-85346163-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (2213)
Size
51 kB (51440 bytes)
Hash
9f9eb3f6e6a1ab2df07d35a5f75eeef1
9edc376c2dcc076d83a80da7befbb8b3e2b8dcbf
b1bd36bfa0b897780b2832b1df9576705b34102e7e4685ee221dc23e48fac380

HTTP Headers

GET /gtag/js?id=UA-85346163-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 19 Nov 2023 11:52:29 GMT
expires: Sun, 19 Nov 2023 11:52:29 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51440
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

bh167.com.atlaq.com/

188.114.96.1

200 OK

150 kB

URL HEAD HTTP/3
bh167.com.atlaq.com/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (36038), with CR, LF line terminators
Size
150 kB (149650 bytes)
Hash
87628a131679e59084f72bde088c99b6
d294aa1a7fe8d0af0440ccf950225df932a6a35a
b3356d849f56502d8a98eb1894532d2980881a9ceec89d4984d2491af948404d

HTTP Headers

GET / HTTP/1.1
Host: bh167.com.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 19 Nov 2023 11:52:28 GMT
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (starting new WAN connection)
expires: Tue, 19 Dec 2023 11:52:24 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1MO1UpKL0w02402qvxF6GAANzPUBbQTVIfMUX7rdeJZnc%2F%2BB04Q2DOJRoXQmEq5lGbtCcWhFj3P4aDrpcjV737YnlGIUAhxKv7rjcj6VmY7uJA3T04p%2FdhE1dKyhBrlkLnEd9zb4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82883f47d859b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c

142.250.74.168

200 OK

90 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
90 kB (90056 bytes)
Hash
4a8e09502e3d3de810c0826179c6fafd
f343e009fe6cee27aea4ebc50d131b179845aec0
475ae005f3b40802ae81e47162200102f6fbcbeaa5653a9e839f02c7894010f5

HTTP Headers

GET /gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 19 Nov 2023 11:52:29 GMT
expires: Sun, 19 Nov 2023 11:52:29 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90056
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

itweepinbelltor.com/zone?pub=0&zone_id=5490114&is_mobile=false&domain=bh167.com.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471

139.45.197.250

200 OK

888 B

URL GET HTTP/2
itweepinbelltor.com/zone?pub=0&zone_id=5490114&is_mobile=false&domain=bh167.com.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text, with very long lines (887)
Size
888 B (888 bytes)
Hash
5800ebd5fac46023ee5ce159af185039
69130d428356b977ec0a5bb70fe95ce3bc947b85
b299942a863006c6c8227371cc765b6eaef53616b56613001feda66f9667444f

HTTP Headers

GET /zone?pub=0&zone_id=5490114&is_mobile=false&domain=bh167.com.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bh167.com.atlaq.com/
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:29 GMT
content-type: application/json; charset=utf-8
content-length: 888
x-trace-id: 38bdd41166358a0a074ba2afdcda2b09
access-control-allow-origin: https://bh167.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

whulsaux.com/tag.min.js

139.45.197.244

200 OK

26 kB

URL GET HTTP/2
whulsaux.com/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
Fingerprint29:C6:16:FB:8B:54:C5:1B:65:18:3D:96:39:33:73:B5:D3:8C:6D:48
ValidityFri, 01 Sep 2023 05:32:42 GMT - Thu, 30 Nov 2023 05:32:41 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (25542 bytes)
Hash
f2e2bbac9956f90deb8bb8620b4e6a34
92e196a6e8b21e835aeb47d0123fbad2c9c1bc2c
785e6fa651312a3f819529c5fa32cd529e74c771f73929ed85cdf424a462144f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:29 GMT
content-type: text/javascript; charset=utf-8
content-length: 25542
content-encoding: br
x-trace-id: ad6f62b986a9f9a59499c2cffda82df6
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 15 Nov 2023 11:39:56 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

whulsaux.com/5/6577958/?oo=1&aab=1

139.45.197.244

200 OK

1.3 kB

URL GET HTTP/2
whulsaux.com/5/6577958/?oo=1&aab=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
Fingerprint29:C6:16:FB:8B:54:C5:1B:65:18:3D:96:39:33:73:B5:D3:8C:6D:48
ValidityFri, 01 Sep 2023 05:32:42 GMT - Thu, 30 Nov 2023 05:32:41 GMT

File type
JSON data\012- , ASCII text, with very long lines (2769), with no line terminators
Size
1.3 kB (1349 bytes)
Hash
9abfd82daaf5a13c3a4cb7fc17e6d193
bc10c4e45b6b4cdc0b68c7d63dcc35c2d3d92c2c
031462c861907e957f83c22cec11538d33713bbbacddce6516f5708f365291a9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6577958/?oo=1&aab=1 HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:29 GMT
content-type: application/json
x-trace-id: 391e3bd4b3dd9d265a1189d21d2825dc
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://bh167.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=3c4ea1946d944f5789a5567d888186cf; expires=Mon, 18 Nov 2024 11:52:29 GMT; path=/; secure; SameSite=None
oaidts=1700394749; expires=Mon, 18 Nov 2024 11:52:29 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bh167.com.atlaq.com/
Content-Type: application/json
Content-Length: 375
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:29 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 8c5f77379f0849c0a816122642cbbca3
access-control-allow-origin: https://bh167.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

onlinepokies.me/favicon.ico

172.66.43.126

301 Moved Permanently

527 B

URL GET HTTP/2
onlinepokies.me/favicon.ico
IP
172.66.43.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectonlinepokies.me
FingerprintA5:28:6E:45:CA:AF:D7:0E:04:5A:22:A5:96:92:1F:8D:5A:6B:A1:FE
ValiditySat, 21 Oct 2023 00:52:15 GMT - Fri, 19 Jan 2024 00:52:14 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (371)
Size
527 B (527 bytes)
Hash
eb5e8c0e17d0206ffa6d4399ac86ba67
d2af84097cd6d5681a6ed5cf1b76726c908c29d8
f837132490d4da3e0e1e5093f4256059f3bd493e8f7067101d938d57840552ff

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: onlinepokies.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sun, 19 Nov 2023 11:52:29 GMT
content-type: text/html
location: https://www.onlinepokies.me/favicon.ico
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nxyXAD7BwcwJEzEOqGugvD8Qktj1unx4jjCFT%2B1smAhBsspuURgOHWn7zIUexzfyGwDY7BaKZvjpJcEmk59ZJZlmE1UDEU6cx9gK%2FMg3Ip96YFueXD4hqAtoCKbo99DEsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82883f50aee37131-OSL
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=3c4ea1946d944f5789a5567d888186cf

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=3c4ea1946d944f5789a5567d888186cf
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
dbbe80066c637c54854ce96976d3ead8
af72670c84813e80c550ec1c4ca5e2e4e60f46c2
305f2894b153b3dab7a5541975767b6984e7538c301c92b533c1c4694bf5c141

HTTP Headers

GET /gid.js?userId=3c4ea1946d944f5789a5567d888186cf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:29 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://bh167.com.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3c4ea1946d944f5789a5567d888186cf; expires=Mon, 18 Nov 2024 11:52:29 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://bh167.com.atlaq.com/
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:29 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://bh167.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

bh167.com.atlaq.com/

188.114.96.1

200 OK

0 B

URL HEAD HTTP/3
bh167.com.atlaq.com/
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: bh167.com.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 19 Nov 2023 11:52:30 GMT
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (waiting for pending WAN connection)
expires: Tue, 19 Dec 2023 11:52:24 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bGvpi105kZPbgM%2FqA8wbrFxTkWVQ5be6jwiyAG7uA4vhYHXAooX8V7IokKYV32WvumbOPmrdOe9612EHKXnJFjxzzBc3B0Zld8vhh7oS2wzhp97KUXYC2wwrh5KCx2B6upjGoBdU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82883f501c4b0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
29fc915dc3f2bdd9bed728001830ea37
65ab9fcdb683a3652ea9b682850f3dec761d4aec
67ad5ece915a9c36f582e53dfab50f7aba6f6a9a10ded8e75b326029547eb408

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bh167.com.atlaq.com/
Content-Type: application/json
Content-Length: 504
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:30 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://bh167.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

onmedqa.com/favicon.ico

100.24.82.195

200 OK

38 kB

URL GET HTTP/2
onmedqa.com/favicon.ico
IP
100.24.82.195:443
ASN
#14618 AMAZON-AES

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerGoDaddy.com, Inc.
Subjectonmedqa.com
Fingerprint4E:A6:99:BD:6F:D9:04:47:E8:00:6D:64:D3:E4:AC:51:43:43:98:D1
ValidityMon, 24 Jul 2023 21:04:21 GMT - Wed, 24 Jul 2024 21:04:21 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
38 kB (38108 bytes)
Hash
ca5cd2a08db011677fcdda01e3edfb60
424c06e9bbf00f26bb4d9efe0bd1f9850b29cc5c
1df33034b02218c222a802add72c239f40fb90350ce08b61eef9d61ecdf045b3

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: onmedqa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/x-icon
last-modified: Tue, 07 Nov 2023 14:44:20 GMT
accept-ranges: bytes
etag: "0faae48811da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sun, 19 Nov 2023 11:52:29 GMT
content-length: 38108
X-Firefox-Spdy: h2

itweepinbelltor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
itweepinbelltor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /event HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://bh167.com.atlaq.com/
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:30 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://bh167.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

ozzykicks.myshopify.com/favicon.ico

23.227.38.74

404 Not Found

1.9 kB

URL GET HTTP/2
ozzykicks.myshopify.com/favicon.ico
IP
23.227.38.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectmyshopify.com
Fingerprint3B:DF:A3:ED:31:66:0B:A1:3F:E1:BD:A4:4B:D7:09:6E:05:8E:4F:4E
ValidityWed, 23 Aug 2023 00:00:00 GMT - Wed, 21 Aug 2024 23:59:59 GMT

File type
data
Size
1.9 kB (1925 bytes)
Hash
744010d3c590c8d876b9a6da56dc2bfe
2caa12ddd1abb996455d4967db3b7b59c515f1f2
aabf00632c1ac87690d989f700cec1372d30828c7d1eb77a875bcd7aca385dae

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ozzykicks.myshopify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sun, 19 Nov 2023 11:52:29 GMT
x-sorting-hat-podid: 42
x-sorting-hat-shopid: 56052318251
x-storefront-renderer-rendered: 1
x-dc: gcp-europe-north1,gcp-europe-west1,gcp-europe-west1
x-request-id: 0a25d466-5ce1-4bbd-b9ca-63b1c03cedb2
x-download-options: noopen
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4J0Z2WJ3Ct9BCUqp%2B8iYC9f1Cj1IsXXDsr5j6MK7noFcgenRAhsz4UMivXwTaGQAjbCF3H4TWom%2FlwdcTB6drA5LHz4WvcLXD5%2Bdo8rRVucpuFy7sop58r2Moi%2FFp6bc5sKmfokf%2FUrz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server-timing: cfRequestDuration;dur=72.999954
server: cloudflare
cf-ray: 82883f510d9409af-ARN
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1700394750771&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=468058767.1700394751&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1700394751&sct=1&seg=0&dl=https%3A%2F%2Fbh167.com.atlaq.com%2F&dt=4k%E5%BD%B1%E8%A7%86-%E6%9C%80%E6%96%B0%E6%9C%80%E5%85%A8%E6%9C%80%E5%8F%97%E6%AC%A2%E8%BF%8E%E7%9A%84%E5%BD%B1%E8%A7%86%E7%BD%91%E7%AB%99-%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B_%E9%AB%98%E6%B8%85%E7%94%B5%E5%BD%B1%E5%85%8D%E8%B4%B9%E5%9C%A8%E7%BA%BF%E7%9C%8B&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1698

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1700394750771&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=468058767.1700394751&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1700394751&sct=1&seg=0&dl=https%3A%2F%2Fbh167.com.atlaq.com%2F&dt=4k%E5%BD%B1%E8%A7%86-%E6%9C%80%E6%96%B0%E6%9C%80%E5%85%A8%E6%9C%80%E5%8F%97%E6%AC%A2%E8%BF%8E%E7%9A%84%E5%BD%B1%E8%A7%86%E7%BD%91%E7%AB%99-%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B_%E9%AB%98%E6%B8%85%E7%94%B5%E5%BD%B1%E5%85%8D%E8%B4%B9%E5%9C%A8%E7%BA%BF%E7%9C%8B&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1698
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1700394750771&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=468058767.1700394751&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1700394751&sct=1&seg=0&dl=https%3A%2F%2Fbh167.com.atlaq.com%2F&dt=4k%E5%BD%B1%E8%A7%86-%E6%9C%80%E6%96%B0%E6%9C%80%E5%85%A8%E6%9C%80%E5%8F%97%E6%AC%A2%E8%BF%8E%E7%9A%84%E5%BD%B1%E8%A7%86%E7%BD%91%E7%AB%99-%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B_%E9%AB%98%E6%B8%85%E7%94%B5%E5%BD%B1%E5%85%8D%E8%B4%B9%E5%9C%A8%E7%BA%BF%E7%9C%8B&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1698 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://bh167.com.atlaq.com
date: Sun, 19 Nov 2023 11:52:30 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=5ed7371001c1401e8caee4cf4169182f&zoneId=5490114&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=5ed7371001c1401e8caee4cf4169182f&zoneId=5490114&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
dbbe80066c637c54854ce96976d3ead8
af72670c84813e80c550ec1c4ca5e2e4e60f46c2
305f2894b153b3dab7a5541975767b6984e7538c301c92b533c1c4694bf5c141

HTTP Headers

GET /gid.js?pub=0&userId=5ed7371001c1401e8caee4cf4169182f&zoneId=5490114&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bh167.com.atlaq.com/
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Cookie: ID=3c4ea1946d944f5789a5567d888186cf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:30 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://bh167.com.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3c4ea1946d944f5789a5567d888186cf; expires=Mon, 18 Nov 2024 11:52:30 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
300641db55d53c267884ed89bc464321
79267e8011b4fce45a9e95b20460b8c15a859350
fc974418e110f3d6c2e6f87b85148340f49b436eb009ad0fd9c089bcb8df0218

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bh167.com.atlaq.com/
Content-Type: application/json
Content-Length: 504
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:30 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://bh167.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

itweepinbelltor.com/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

19 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
19 kB (19417 bytes)
Hash
18d7f9cdf8cececa9acb9366eb878a4f
08cdcc747f5d191783dd258d060baf8e05cb6c3e
fef084b87169d9b60465bc7bf8028af6b67a2b2c8e1bd6c3cd3d3f98a378f9c9

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bh167.com.atlaq.com/
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:30 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:00:38 GMT
etag: W/"654e0d56-df63"
access-control-allow-origin: https://bh167.com.atlaq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://ozzykicks.myshopify.com

142.250.74.68

200 OK

590 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://ozzykicks.myshopify.com
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 32x32, components 3\012- data
Size
590 B (590 bytes)
Hash
432bf72a1fa2f8e0431275a7e6846f9e
2bf34ca3f713815e630cc5c82b394bdfd324f4a4
bfd2faaedcac2396c9a125f3cdc6ba0281a1af24c9a778bec3598733c02a106e

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://ozzykicks.myshopify.com HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
content-location: https://streetspark.com.au/cdn/shop/files/jordern_air_bf38d79e-50c6-45bc-84cf-627bd0f30c42.jpg?v=1667468950&width=32
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 590
date: Sun, 19 Nov 2023 11:52:31 GMT
expires: Sun, 26 Nov 2023 11:52:31 GMT
cache-control: public, max-age=604800
last-modified: Wed, 06 Sep 2023 15:28:51 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://orbs.network

142.250.74.68

404 Not Found

726 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://orbs.network
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://orbs.network HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Sun, 19 Nov 2023 11:52:31 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://onlinepokies.me

142.250.74.68

200 OK

2.0 kB

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://onlinepokies.me
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3\012- data
Size
2.0 kB (1961 bytes)
Hash
09a37980e3b7985ff2fec0436aef3cd2
dc5fc5cb2943755efed06327f11c0845fcb70719
1b03bcbcb3cea96f5177b2714d909fdd1c95e1303cdcbbd361ee62fe1d0dda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://onlinepokies.me HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/jpeg
content-location: https://www.onlinepokies.me/wp-content/uploads/favicon-opme1.jpg
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 1961
date: Sun, 19 Nov 2023 11:52:31 GMT
expires: Sun, 26 Nov 2023 11:52:31 GMT
cache-control: public, max-age=604800
last-modified: Sat, 08 Aug 2020 09:53:36 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://bh167.com

142.250.74.68

200 OK

346 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://bh167.com
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size
346 B (346 bytes)
Hash
e69f2a41956d1a169f23f17ce30f273e
614349ea6eef8b2344fe85441fb511a58072e7f1
7c8532deeac41e328bafd46452438412215e057fb619c6bad40b14342893f95f

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://bh167.com HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://bh167.com/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 346
date: Sun, 19 Nov 2023 11:52:31 GMT
expires: Sun, 26 Nov 2023 11:52:31 GMT
cache-control: public, max-age=604800
last-modified: Sat, 25 Jul 2020 05:59:54 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=468058767.1700394751&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=257770294

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=468058767.1700394751&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=257770294
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint6E:E4:BC:4A:67:5E:46:6A:B3:E4:CA:61:A7:C0:97:AB:14:F0:34:32
ValidityMon, 23 Oct 2023 11:27:27 GMT - Mon, 15 Jan 2024 11:27:26 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=468058767.1700394751&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=257770294 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 19 Nov 2023 11:52:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bh167.com.atlaq.com/
Content-Type: application/json
Content-Length: 739
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:31 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: eada3bb520bb59465ba46310f0baa181
access-control-allow-origin: https://bh167.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

onlinevgu.com/favicon.ico

13.233.156.131

302 Found

0 B

URL GET HTTP/1.1
onlinevgu.com/favicon.ico
IP
13.233.156.131:443
ASN
#16509 AMAZON-02

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuercPanel, Inc.
Subjectonlinevgu.com
Fingerprint97:A7:94:AB:1A:AB:83:CF:CF:39:C3:CE:CA:17:C2:AD:DE:B0:75:A9
ValiditySat, 26 Aug 2023 00:00:00 GMT - Fri, 24 Nov 2023 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: onlinevgu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Sun, 19 Nov 2023 11:52:30 GMT
Server: Apache
Link: <https://onlinevgu.com/wp-json/>; rel="https://api.w.org/"
X-Redirect-By: WordPress
Set-Cookie: lp_session_guest=g-6559f6fea9bd4; expires=Tue, 21-Nov-2023 11:52:30 GMT; Max-Age=172800; path=/; secure; HttpOnly
Location: https://onlinevgu.com/wp-content/uploads/2023/08/cropped-Untitled-design-32x32.png
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

onlinevgu.com/wp-content/uploads/2023/08/cropped-Untitled-design-32x32.png

13.233.156.131

200 OK

1.3 kB

URL GET HTTP/1.1
onlinevgu.com/wp-content/uploads/2023/08/cropped-Untitled-design-32x32.png
IP
13.233.156.131:443
ASN
#16509 AMAZON-02

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuercPanel, Inc.
Subjectonlinevgu.com
Fingerprint97:A7:94:AB:1A:AB:83:CF:CF:39:C3:CE:CA:17:C2:AD:DE:B0:75:A9
ValiditySat, 26 Aug 2023 00:00:00 GMT - Fri, 24 Nov 2023 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1293 bytes)
Hash
fff5b7b0345aa3bf64642f9e9b685b8d
ebe16db94781b90823e67a1315cac05b4e05023d
697d79cefbb8ba6a4d9c18496ba68965c7a7f1975271059fa768afb24275f3c6

HTTP Headers

GET /wp-content/uploads/2023/08/cropped-Untitled-design-32x32.png HTTP/1.1
Host: onlinevgu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 19 Nov 2023 11:52:31 GMT
Server: Apache
Last-Modified: Thu, 10 Aug 2023 06:15:06 GMT
Accept-Ranges: bytes
Content-Length: 1293
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=bh167.com

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=bh167.com
IP
0.0.0.0:0
ASN
#0

Requested by
https://bh167.com.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=bh167.com HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

itweepinbelltor.com/pfe/current/tag.min.js?z=5490114

139.45.197.250

200 OK

13 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/tag.min.js?z=5490114
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
C source, ASCII text, with very long lines (13300), with no line terminators
Size
13 kB (13300 bytes)
Hash
258578af3c107ccb907f73c3a2f4c25f
7a192edea829968fb7f57f2a2fc4cb5b612598be
1f945c9c46c47a2b0e867b0d09c3e4559cd768a2d3747abf28d1d65667733b75

HTTP Headers

GET /pfe/current/tag.min.js?z=5490114 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:29 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:00:38 GMT
etag: W/"654e0d56-33f4"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

preview.atlaq.com/crawl?url=bh167.com

0.0.0.0

0 B

URL GET
preview.atlaq.com/crawl?url=bh167.com
IP
0.0.0.0:0
ASN
#0

Requested by
https://bh167.com.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /crawl?url=bh167.com HTTP/1.1
Host: preview.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bh167.com.atlaq.com/
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

bh167.com.atlaq.com/badk.txt

188.114.96.1

200 OK

44 kB

URL GET HTTP/3
bh167.com.atlaq.com/badk.txt
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
44 kB (43852 bytes)
Hash
f4245877e1f9b8764acbac7b475ebf2d
7471a9d7354637651fa5d0200febe7ab162fb69a
bd300473a295a173716b1b182aed7c14e3551f7400360dd5f694115683ccd41c

HTTP Headers

GET /badk.txt HTTP/1.1
Host: bh167.com.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bh167.com.atlaq.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Nov 2023 11:52:30 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (starting new WAN connection)
expires: Tue, 19 Dec 2023 11:52:29 GMT
last-modified: Mon, 13 Apr 2020 08:00:16 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PDPXG6n6oFtj87qvmN%2BTmDN0Tk5ToOsPvc%2BMlBwUMqb%2BwxebPPhKparwZtDX1aa0%2BFd8XYOmL9%2FgOzaHueb0ZEM2DBrdtD6nnQJ58bTiLOTvwyz0T6gIy%2B5rjY9mj5CSLVanlDvB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82883f501c480afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

itweepinbelltor.com/pfe/current/universal.min.js?v=3.1.471

139.45.197.250

200 OK

88 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/universal.min.js?v=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
88 kB (87852 bytes)
Hash
d46d2997ab218d1dba1ab614422ed53f
3f1f6b9847c8ad209835db366c62fcb209b83a67
09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.471 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bh167.com.atlaq.com/
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:29 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:00:38 GMT
etag: W/"654e0d56-1572c"
access-control-allow-origin: https://bh167.com.atlaq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

bh167.com.atlaq.com/sw-5490114.js

188.114.96.1

404 Not Found

4.8 kB

URL GET HTTP/3
bh167.com.atlaq.com/sw-5490114.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (5213), with no line terminators
Size
4.8 kB (4828 bytes)
Hash
0b948a02e2696753bcdb4520f0589aa0
f697d5ce02d24b902c104fba13eefc36736e931b
78de08c576c4e4de3351cebf750102fb2e7aabe6459d0dd27e6672365ade8dea

HTTP Headers

GET /sw-5490114.js HTTP/1.1
Host: bh167.com.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bh167.com.atlaq.com/
DNT: 1
Connection: keep-alive
Cookie: _ga_FPZ0VEL1WQ=GS1.1.1700394751.1.0.1700394751.60.0.0; _ga=GA1.1.468058767.1700394751
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sun, 19 Nov 2023 11:52:30 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31536000
expires: Tue, 19 Dec 2023 11:52:30 GMT
x-litespeed-cache: miss
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-expose-headers: Content-Disposition
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rtq3gnwhEfa1vgiFZtQAdQFF9mW01Xj5ZSPanCZ%2FRcAFB9j%2FEW4ZggyY8xKAa6RItHbxfOXD5CmIwPtPKhQZdTjDVsoAG84AW6s5Oy25IKaJ2COpSRVnVDKO%2BuHzseIloGlfTHYp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82883f523d5f0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

whulsaux.com/?rb=xCT1LbulETdXA2O3456T-DszlQef_kBYcRyxYNC4WowuO6UsjaRq-SP9cQMVwo57v2TXc6Psbmy9f4Cz3xSdHegSqOzoBjcyWOaYClEDanODlG9PPsMJ7SHlM67fd9KmeCDUJxN5Gkso3RUiQwrIrmTIAxfOEItl9guLtQUj8G0fxS1Aqv2-pbcvFgTi5SvkifkWO82bRzD0-W8kpJqbNm-LsPF76KR7rHsiOg%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-1.629.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fbh167.com.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.629.0&bs=df87a737-3c76-472e-98c8-2d23b84fc09c&userId=3c4ea1946d944f5789a5567d888186cf&m=link

139.45.197.244

200 OK

1.8 kB

URL GET HTTP/2
whulsaux.com/?rb=xCT1LbulETdXA2O3456T-DszlQef_kBYcRyxYNC4WowuO6UsjaRq-SP9cQMVwo57v2TXc6Psbmy9f4Cz3xSdHegSqOzoBjcyWOaYClEDanODlG9PPsMJ7SHlM67fd9KmeCDUJxN5Gkso3RUiQwrIrmTIAxfOEItl9guLtQUj8G0fxS1Aqv2-pbcvFgTi5SvkifkWO82bRzD0-W8kpJqbNm-LsPF76KR7rHsiOg%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-1.629.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fbh167.com.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.629.0&bs=df87a737-3c76-472e-98c8-2d23b84fc09c&userId=3c4ea1946d944f5789a5567d888186cf&m=link
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
Fingerprint29:C6:16:FB:8B:54:C5:1B:65:18:3D:96:39:33:73:B5:D3:8C:6D:48
ValidityFri, 01 Sep 2023 05:32:42 GMT - Thu, 30 Nov 2023 05:32:41 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1862), with no line terminators
Size
1.8 kB (1842 bytes)
Hash
595f166a394e99551810242ebc50946b
149df87983b9d50c40dec8b5ffb14a4cfc895eff
86a4024252b16d47a29a051fe3c0233991d979167954d2453be9ac0d01f1c3b2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=xCT1LbulETdXA2O3456T-DszlQef_kBYcRyxYNC4WowuO6UsjaRq-SP9cQMVwo57v2TXc6Psbmy9f4Cz3xSdHegSqOzoBjcyWOaYClEDanODlG9PPsMJ7SHlM67fd9KmeCDUJxN5Gkso3RUiQwrIrmTIAxfOEItl9guLtQUj8G0fxS1Aqv2-pbcvFgTi5SvkifkWO82bRzD0-W8kpJqbNm-LsPF76KR7rHsiOg%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-1.629.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Fbh167.com.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.629.0&bs=df87a737-3c76-472e-98c8-2d23b84fc09c&userId=3c4ea1946d944f5789a5567d888186cf&m=link HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bh167.com.atlaq.com/
Origin: https://bh167.com.atlaq.com
DNT: 1
Connection: keep-alive
Cookie: OAID=3c4ea1946d944f5789a5567d888186cf; oaidts=1700394749
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 19 Nov 2023 11:52:30 GMT
content-type: application/json
x-trace-id: 6a0111601df375c183bfbf49ec85b1db
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://bh167.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=3c4ea1946d944f5789a5567d888186cf; expires=Mon, 18 Nov 2024 11:52:30 GMT; path=/; secure; SameSite=None
oaidts=1700394750; expires=Mon, 18 Nov 2024 11:52:30 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 26 Nov 2023 11:52:30 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=bh167.com

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=bh167.com
IP
0.0.0.0:0
ASN
#0

Requested by
https://bh167.com.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=bh167.com HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

atlaq.com/logo.png

188.114.96.1

200 OK

117 kB

URL GET HTTP/3
atlaq.com/logo.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
PNG image data, 500 x 446, 8-bit/color RGBA, non-interlaced\012- data
Size
117 kB (117433 bytes)
Hash
792b74959e26cd37fd05dfcd0ef07770
c6e3ed2dd9771b077daf93eda5773cd10d621147
7ae2cb133588b7a2926b71630869d602c294840f6c1379666e82b25f3354623b

HTTP Headers

GET /logo.png HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Nov 2023 11:52:29 GMT
content-type: image/png
content-length: 117433
cache-control: public, max-age=31536000
expires: Thu, 24 Oct 2024 05:27:08 GMT
last-modified: Wed, 29 Jan 2020 11:21:42 GMT
vary: User-Agent,Origin, Accept-Encoding
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2183121
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r11etFFYPXHhHHtCWpReRF6yaIeHVM6Go%2FBk6gDeAeGE4G16sLEeaqN0zqrGCNGNL6aayUyMiLeNUXHnfHKPXhdF6G2tvfPLec5lkIMcmJj0hcgCOpBYnuqCTx4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82883f500c450afa-OSL
alt-svc: h3=":443"; ma=86400

orbs.network/favicon.ico

0.0.0.0

0 B

URL GET
orbs.network/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://bh167.com.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: orbs.network
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

atlaq.com/style.css

188.114.96.1

200 OK

44 kB

URL GET HTTP/3
atlaq.com/style.css
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6732)
Size
44 kB (43872 bytes)
Hash
611e414a545a0c84fe6c111b9a4c3722
7fe2addc3373777aeb6de31caaf66f800049dd59
b5fc73fd3ef4ac8eda80826c1f684294f136c3d03c4afed7e7cd59a3f6a5a146

HTTP Headers

GET /style.css HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bh167.com.atlaq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 19 Nov 2023 11:52:29 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
expires: Fri, 24 Nov 2023 06:07:01 GMT
last-modified: Tue, 25 Oct 2022 04:42:27 GMT
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2180728
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aPWGTq2drLIZOH1P6AIaGk028vDILhxuIke6EFMh%2Be7d0jGblUHWWGDc7fdNybYlkyJbzrEyc05IFhBs7dxc1P4akUqqy1iWtucIcyKmejwzFgIXf%2BRwHbCq8OM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82883f4e7b5e0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.onlinepokies.me/favicon.ico

172.66.43.126

200 OK

0 B

URL GET HTTP/2
www.onlinepokies.me/favicon.ico
IP
172.66.43.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://bh167.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectonlinepokies.me
FingerprintA5:28:6E:45:CA:AF:D7:0E:04:5A:22:A5:96:92:1F:8D:5A:6B:A1:FE
ValiditySat, 21 Oct 2023 00:52:15 GMT - Fri, 19 Jan 2024 00:52:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.onlinepokies.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 19 Nov 2023 11:52:29 GMT
content-type: image/x-icon
content-length: 0
last-modified: Mon, 30 Oct 2023 19:00:06 GMT
etag: "653ffd36-0"
cache-control: public, max-age=31536000
vary: Accept-Encoding
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GDIx6Fspb96D7l152WnU7l0SbIJx564gqm6YDt13f457Wg0HwGi%2FPfKZyNruaFLtYzH9TKaSnFR3tt3jE3QS6M4rJOWsZZ8olLSOfBMGr0mmFJHIxrW36K5xz0KvF%2FPKg7vzpqI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82883f5228757131-OSL
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP