Report - 90yunpan.com.atlaq.com/

Report Overview

Visited public
2023-11-21 10:13:30
Tags
URL
90yunpan.com.atlaq.com/
Finishing URL
90yunpan.com.atlaq.com/
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
90云盘网—最全的百度云网盘资源分享社区！

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
weconnect.com	304146	unknown	No data	No data	387 B	2.4 kB	104.18.79.192
bfue-ids.balcaofundosue.pt	unknown	unknown	No data	No data	2.5 kB	22 kB	20.105.224.7
region1.analytics.google.com	unknown	1997-09-15	2022-03-17 12:26:33	2023-11-21 05:09:05	891 B	453 B	216.239.34.36
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-11-21 05:11:06	1.1 kB	1.5 kB	139.45.195.8
epayroll.com.au	124808	unknown	No data	No data	391 B	647 B	188.114.97.1
balcaofundosue.pt	unknown	unknown	No data	No data	391 B	1.8 kB	20.105.224.7
dcpweb.co.uk	unknown	unknown	No data	No data	386 B	529 B	5.77.60.170
preview.atlaq.com	unknown	2019-04-07	2023-10-16 11:41:32	2023-11-19 12:52:30	458 B	7.6 kB	188.114.96.1
www.google.no	25607	2001-02-26	2016-04-05 21:50:59	2023-11-21 07:42:06	577 B	578 B	142.250.74.163
readytechworkforce.io	unknown	2021-11-01	2022-06-05 11:39:14	2023-05-23 00:54:11	405 B	1.3 kB	104.21.10.21
traffic.alexa.com	381412	1996-07-17	2012-05-20 23:46:11	2021-05-14 12:40:47	982 B	0 B	0.0.0.0
atlaq.com	460385	2019-04-07	2019-04-10 14:32:55	2023-11-19 12:52:29	864 B	223 kB	188.114.97.1
itweepinbelltor.com	116495	2021-08-11	2021-08-11 13:34:00	2023-11-20 08:34:11	4.6 kB	64 kB	139.45.197.250
whulsaux.com	unknown	2023-01-04	2023-01-04 17:10:35	2023-11-20 07:31:52	2.0 kB	34 kB	139.45.197.244
embeddedinventor.com	544883	unknown	No data	No data	838 B	1.8 kB	24.199.101.213
90yunpan.com.atlaq.com	unknown	unknown	No data	No data	1.3 kB	52 kB	188.114.97.1
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2023-11-19 05:09:41	1.5 kB	1.5 kB	139.45.197.250
t1.gstatic.com	unknown	2008-02-11	2013-05-07 00:57:20	2023-11-20 11:02:20	2.6 kB	7.7 kB	142.250.74.68
www.dcpweb.co.uk	unknown	unknown	No data	No data	392 B	377 B	5.77.60.170
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-21 07:28:38	882 B	319 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-21	medium	whulsaux.com	Sinkholed
2023-11-21	medium	amunfezanttor.com	Sinkholed
2023-11-21	medium	amunfezanttor.com	Sinkholed
2023-11-21	medium	whulsaux.com	Sinkholed
2023-11-21	medium	amunfezanttor.com	Sinkholed
2023-11-21	medium	whulsaux.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (17)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c	266 kB	2023-11-21 11:13	2023-11-21 11:13
Pretty URL www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-21 11:13 Last Seen2023-11-21 11:13 Times Seen1 Hash 8fd154d4613a6b53e582186fd048e9db 3749001d57cfe4940716061964a55341a69ae374 20f73b266a6b29afa13dd335561a08a71563102b06c9c5d62a4d4a343f1e1bd6 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11 21:07	2024-11-28 22:22
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 22:22 Times Seen281789 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	whulsaux.com/tag.min.js	81 kB	2023-11-20 14:09	2023-11-22 07:50
Pretty URL whulsaux.com/tag.min.js IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 14:09 Last Seen2023-11-22 07:50 Times Seen70 Hash 8f3daac0b4e1235a329bc4f74b63e842 f7aff3e9ac6825cad31d330b90b48f04ef43ac3f 241ec5cdfae74b605a11d0811dfea6c18fc14c947756e5fb3dc61fe70d4c9001 Loading...

	unknown	150 B	2024-08-20 18:30	2024-08-20 18:30
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 18:30 Last Seen2024-08-20 18:30 Times Seen1 Hash ad328a8823d4c6973a7623034385097b 71e344cda0d0fd3cb43496f86c50f5423e834cf9 c3791e29764ec9ee283bc8d9204faec831a0249edc417176f9bb270a0cfd2cfb Loading...

	unknown	26 kB	2023-03-07 01:18	2024-10-26 14:27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18 Last Seen2024-10-26 14:27 Times Seen1733 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

	90yunpan.com.atlaq.com/	3.6 kB	2024-08-20 18:30	2024-08-20 18:30
Pretty URL 90yunpan.com.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 18:30 Last Seen2024-08-20 18:30 Times Seen1 Hash 38586842d724d8f931a7d79add8ceb37 4bcb9b37395c2da3a1d5c74a0a0be6e977e908d0 b870d3e0ef7138113ab3b17287ee388d218124b9f0815b461ada6c797332fa28 Loading...

	itweepinbelltor.com/pfe/current/tag.min.js?z=5490114	13 kB	2023-11-02 10:05	2024-08-20 21:23
Pretty URL itweepinbelltor.com/pfe/current/tag.min.js?z=5490114 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2697 Hash 258578af3c107ccb907f73c3a2f4c25f 7a192edea829968fb7f57f2a2fc4cb5b612598be 1f945c9c46c47a2b0e867b0d09c3e4559cd768a2d3747abf28d1d65667733b75 Loading...

	90yunpan.com.atlaq.com/	59 kB	2023-11-11 13:15	2024-08-20 19:59
Pretty URL 90yunpan.com.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-11 13:15 Last Seen2024-08-20 19:59 Times Seen27 Hash b19b96f2fc5eeadfd5a5852e5fbd19ab 021c13b5d0cfe7880adaff70d73a5ab6910e1cb5 4be0a27e37a47491b51c4eb6ea1423d82483806e6ce015132a40a0ccb1e96c7d Loading...

	unknown	88 kB	2023-11-02 10:05	2024-08-20 21:23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2914 Hash d46d2997ab218d1dba1ab614422ed53f 3f1f6b9847c8ad209835db366c62fcb209b83a67 09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42 Loading...

	unknown	153 B	2024-08-20 18:30	2024-08-20 18:30
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 18:30 Last Seen2024-08-20 18:30 Times Seen1 Hash c487653c6898ab4b66d5b4a7ff3f3f36 d03f0fc11328e7e995d30c8715aff1a42570af63 aa13a196616d0881e6ed35f04c8aaf9793c573bfabea028fa5d37c836423a107 Loading...

	www.googletagmanager.com/gtag/js?id=UA-85346163-2	135 kB	2023-11-21 11:13	2023-11-21 11:13
Pretty URL www.googletagmanager.com/gtag/js?id=UA-85346163-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-21 11:13 Last Seen2023-11-21 11:13 Times Seen1 Hash a5d2cd6340f22333926022aed0b8e402 f3922605f8d11d90dae5db4e38936ecd99473f5b 5cbc9c27a580ebc8abfafe5bc2c426a83652a939b7ba83fccb0d7724d4e18e28 Loading...

	90yunpan.com.atlaq.com/	447 B	2023-11-11 13:15	2024-08-20 19:59
Pretty URL 90yunpan.com.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-11 13:15 Last Seen2024-08-20 19:59 Times Seen27 Hash edac1ca3689a31cc59d42a6062c37472 c02dff66418e29c297de8c4f07353942ca91bf2d 201665128cc31ad2da0fcf6cbacf714ebba47b34306525369fd8b6be99e7a07d Loading...

	unknown	150 B	2024-08-20 18:30	2024-08-20 18:30
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 18:30 Last Seen2024-08-20 18:30 Times Seen1 Hash e13396f81c7ee2679377126ccf39b5ab bf16155c179138eb768e4ca90604ea072fa0c065 4d8fb5752cdb8cd5d2c12d00df1af143089d2f9c4aaa39871fecdbb61463a2cc Loading...

	90yunpan.com.atlaq.com/sandbox%20eval%20code	147 B	2023-04-11 21:07	2024-11-28 22:22
Pretty URL 90yunpan.com.atlaq.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 22:22 Times Seen282589 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	unknown	155 B	2024-08-20 18:30	2024-08-20 18:30
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 18:30 Last Seen2024-08-20 18:30 Times Seen1 Hash 9bae41baac04060f71c99665a6de0873 db209d9ba200761c15e20ac198dd7631ced354a2 e5f74b2ebf03d0dd82935fd6691691ec87889c1155373cb8745a4b9c5b7e789d Loading...

	90yunpan.com.atlaq.com/	154 B	2023-03-10 11:07	2024-11-28 20:47
Pretty URL 90yunpan.com.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 11:07 Last Seen2024-11-28 20:47 Times Seen69 Hash 556aedec3c17b1047b6ea5b24555b6b3 bc98386bf7c5d5088b545befbe3f36738874ca18 25b0f8074b7996c02b28918d9dec52e00501eee8990db393f4a0624d136a828e Loading...

		Size	First Seen	Last Seen
	#1 Write - 88183d7a4611a7626a0437463addfd59	51 kB	2024-08-20 18:30	2024-08-20 18:30
Pretty Observations First Seen2024-08-20 18:30 Last Seen2024-08-20 18:30 Times Seen1 Hash 88183d7a4611a7626a0437463addfd59 6ce59944a8874700e2a7591bf416cde8adbf5395 4c6c91c518a91d438382e74f554df838a14437ed193e993fd989c413f1fc727d Loading...

HTTP Transactions (44)

URL IP Response Size

atlaq.com/logo.png

188.114.97.1

200 OK

117 kB

URL GET HTTP/3
atlaq.com/logo.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
PNG image data, 500 x 446, 8-bit/color RGBA, non-interlaced\012- data
Size
117 kB (117433 bytes)
Hash
792b74959e26cd37fd05dfcd0ef07770
c6e3ed2dd9771b077daf93eda5773cd10d621147
7ae2cb133588b7a2926b71630869d602c294840f6c1379666e82b25f3354623b

HTTP Headers

GET /logo.png HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 21 Nov 2023 10:13:12 GMT
content-type: image/png
content-length: 117433
cache-control: public, max-age=31536000
expires: Thu, 24 Oct 2024 05:27:08 GMT
last-modified: Wed, 29 Jan 2020 11:21:42 GMT
vary: User-Agent,Origin, Accept-Encoding
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2349964
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hgw2n9RvRIS61zoSBpcmGVEO6ln7eBp3iR2npVQd0%2FRm7KDecsSeb1MeUKGm%2FdkPunrw4LjQSdUTCokOil%2FL9IVZTqPKdlCtIF%2FHWfUXd8Fx9FbuGEMIX%2FHh85Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 829828a39b80b4f9-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=UA-85346163-2

142.250.74.168

200 OK

52 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-85346163-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (2213)
Size
52 kB (51489 bytes)
Hash
a5d2cd6340f22333926022aed0b8e402
f3922605f8d11d90dae5db4e38936ecd99473f5b
5cbc9c27a580ebc8abfafe5bc2c426a83652a939b7ba83fccb0d7724d4e18e28

HTTP Headers

GET /gtag/js?id=UA-85346163-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 21 Nov 2023 10:13:12 GMT
expires: Tue, 21 Nov 2023 10:13:12 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51489
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

dcpweb.co.uk/favicon.ico

5.77.60.170

301 Moved Permanently

244 B

URL GET HTTP/2
dcpweb.co.uk/favicon.ico
IP
5.77.60.170:443
ASN
#20860 Iomart Cloud Services Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerGlobalSign nv-sa
Subject*.dcpweb.co.uk
Fingerprint95:0A:3C:EF:5C:0A:31:8E:33:51:9F:17:E6:07:BA:FA:ED:6B:1F:5E
ValidityThu, 29 Jun 2023 10:50:30 GMT - Tue, 30 Jul 2024 10:50:29 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
244 B (244 bytes)
Hash
9aa40b38f65175f30a6f494bcd4b7ef6
bc43c726afa6bb6d2ff17bf32eefb51c8badce06
54b078f193e0d84b77813cd1b2136937a4db7a36d6121dca95a0c583591dd9f6

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: dcpweb.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 21 Nov 2023 10:13:14 GMT
server: Apache
location: https://www.dcpweb.co.uk/favicon.ico
cache-control: max-age=600
expires: Tue, 21 Nov 2023 10:23:14 GMT
content-length: 244
content-type: text/html; charset=iso-8859-1
X-Firefox-Spdy: h2

balcaofundosue.pt/favicon.ico

20.105.224.7

0 B

URL GET
balcaofundosue.pt/favicon.ico
IP
20.105.224.7:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerSectigo Limited
Subject*.balcaofundosue.pt
Fingerprint2B:A7:C8:3D:7E:B7:6C:4D:35:C3:5B:6B:45:85:84:02:CC:84:B9:CF
ValidityThu, 20 Apr 2023 00:00:00 GMT - Sat, 20 Apr 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: balcaofundosue.pt
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Content-Length: 0
Date: Tue, 21 Nov 2023 10:13:13 GMT
Server: Microsoft-IIS/10.0
Location: https://bfue-ids.balcaofundosue.pt/connect/authorize?client_id=Balcao%2B&redirect_uri=https%3A%2F%2Fbalcaofundosue.pt%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20Balcao%2Bapi&response_mode=form_post&nonce=638361583931150298.Zjg3MDc3MjEtZDJlOC00ZWRlLTlmYmItOTk0OTk2YTAzMTg1NTA4ZTYyNzgtMzgyMy00YWNmLTk2ZGUtYjNjM2E4MjFhNGNl&state=CfDJ8Aaqz2Z8X09Bg6aOXG2_af2xpl07QvHo3uZxRcg5BUfEeonQ21OUShY5Q_gyG7wMbH7wzVeMwbvUvil04axx-bXl0AWfMKUbR0ceDPuHRuSujxrb-8WkFXg10fBPigvvEifoO2w7jFk5yJppzl6vwoUf2m84C2Y7YJ8Xq965rKDXmQvsT-8wglK8aiUDbRQ-5_ZsiUvRHvjs5RQv5dzGjA2adbgNiB4H2PPx4ZzISQMkoNzmnULGvTDEJ9yFwvIPNtA_K5yHookp5pwHhPBMVONovKyvUvfOAu8jHuXk6w1_JZvuV1ju3aTrk52YUhwYMw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
Set-Cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8Aaqz2Z8X09Bg6aOXG2_af2Es3k067_1jD_HrxPY5azDdnQW_AxcFy1xqOD3C5GzposcGOJ5KISGEHJY5X9tjQyakeh_k1J57iu6Y2eyhhkv-F55qHTtCcNO-z3m-kZc_ewH_5AnA-AIGvFdOFM0pfi95oEb5BfrOa8GZVtAIYEdnRxZYh2rXBBGJ01GyOwU8F8dOLlfwVQrsg-sT1D51YSxWF7wE5cyo0dvnW-zleHStlPdWG_XtKeaeQqFIdjCLcXTJE3R1ZC9EZaZJxbOlGk=N; expires=Tue, 21 Nov 2023 10:28:13 GMT; path=/signin-oidc; secure; samesite=none; httponly
.AspNetCore.Correlation.oidc.s19iBAkj4kjNcwMW2W-5u_zeatLhb6fSDLf045rkNfE=N; expires=Tue, 21 Nov 2023 10:28:13 GMT; path=/signin-oidc; secure; samesite=none; httponly
ARRAffinity=7d577d29f8e00b2374ddb413016b2f6617c84445e3b963399a9d336135481e13;Path=/;HttpOnly;Secure;Domain=balcaofundosue.pt
ARRAffinitySameSite=7d577d29f8e00b2374ddb413016b2f6617c84445e3b963399a9d336135481e13;Path=/;HttpOnly;SameSite=None;Secure;Domain=balcaofundosue.pt
Strict-Transport-Security: max-age=2592000
Request-Context: appId=cid-v1:bfcc3d37-0b7d-446d-8e81-46c2d9cde734
X-Powered-By: ASP.NET

atlaq.com/style.css

188.114.97.1

200 OK

104 kB

URL GET HTTP/3
atlaq.com/style.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6732)
Size
104 kB (103593 bytes)
Hash
611e414a545a0c84fe6c111b9a4c3722
7fe2addc3373777aeb6de31caaf66f800049dd59
b5fc73fd3ef4ac8eda80826c1f684294f136c3d03c4afed7e7cd59a3f6a5a146

HTTP Headers

GET /style.css HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 21 Nov 2023 10:13:12 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
expires: Fri, 24 Nov 2023 06:07:01 GMT
last-modified: Tue, 25 Oct 2022 04:42:27 GMT
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2347571
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iPGVzVFjQ263jL1sFDOZncTe%2FBTXRfowVDUnbZG1PTh5EDMjwXTqz0JUN0vtNwlrRDnJsU2T5pIl832VHRwPu8ohNlZ74ZfJjMKsAMg20LKQhgvJdGEz%2FlwhWdw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 829828a2faf5b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

itweepinbelltor.com/zone?pub=0&zone_id=5490114&is_mobile=false&domain=90yunpan.com.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471

139.45.197.250

200 OK

888 B

URL GET HTTP/2
itweepinbelltor.com/zone?pub=0&zone_id=5490114&is_mobile=false&domain=90yunpan.com.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text, with very long lines (887)
Size
888 B (888 bytes)
Hash
5800ebd5fac46023ee5ce159af185039
69130d428356b977ec0a5bb70fe95ce3bc947b85
b299942a863006c6c8227371cc765b6eaef53616b56613001feda66f9667444f

HTTP Headers

GET /zone?pub=0&zone_id=5490114&is_mobile=false&domain=90yunpan.com.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: application/json; charset=utf-8
content-length: 888
x-trace-id: 46eb134e214111930c1cffbd9af93c75
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

whulsaux.com/tag.min.js

139.45.197.244

200 OK

26 kB

URL GET HTTP/2
whulsaux.com/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
FingerprintA8:C3:DA:A6:D8:7E:B2:1D:20:3B:9D:3B:86:9A:EF:7C:B3:AC:47:D7
ValidityMon, 20 Nov 2023 05:29:27 GMT - Sun, 18 Feb 2024 05:29:26 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (25608 bytes)
Hash
8f3daac0b4e1235a329bc4f74b63e842
f7aff3e9ac6825cad31d330b90b48f04ef43ac3f
241ec5cdfae74b605a11d0811dfea6c18fc14c947756e5fb3dc61fe70d4c9001

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: text/javascript; charset=utf-8
content-length: 25608
content-encoding: br
x-trace-id: d7a15b8e7e9e40c971c7405269e9d9da
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Mon, 20 Nov 2023 12:44:35 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://90yunpan.com.atlaq.com/
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

embeddedinventor.com/favicon.ico

24.199.101.213

302 Found

0 B

URL GET HTTP/2
embeddedinventor.com/favicon.ico
IP
24.199.101.213:443
ASN
#7029 WINDSTREAM

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectembeddedinventor.com
FingerprintC0:16:D8:E9:4F:A4:03:5C:4A:3D:23:C0:08:35:5B:2A:30:BB:69:1D
ValidityTue, 17 Oct 2023 18:02:34 GMT - Mon, 15 Jan 2024 18:02:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: embeddedinventor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://embeddedinventor.com/wp-content/uploads/2019/10/logo_350px-48x48.png
x-ua-compatible: IE=edge
link: <https://embeddedinventor.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=0
expires: Tue, 21 Nov 2023 07:27:04 GMT
age: 9967
x-cache: HIT
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
Content-Type: application/json
Content-Length: 381
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 8497a003f30bb3063e5f8b5caf445c9f
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

90yunpan.com.atlaq.com/

188.114.97.1

200 OK

0 B

URL User Request GET HTTP/2
90yunpan.com.atlaq.com/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: 90yunpan.com.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (waiting for pending WAN connection)
expires: Tue, 19 Dec 2023 01:53:31 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RuP29ybxbaM%2FXdIexGH8hiPY5Y%2F7S%2BhFOfWkGVqEiFmNdipCIvCSaQPL5uihRbXXJ%2BoGFvUcuDTtcOu10XpnZSil9D1Ux1u1EnCob8Xc0bP3kacVRp5dRJdbKvn1lae1LJBGVAlhW%2FL7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 829828a44c0ab4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

itweepinbelltor.com/pfe/current/tag.min.js?z=5490114

139.45.197.250

200 OK

6.3 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/tag.min.js?z=5490114
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
6.3 kB (6283 bytes)
Hash
1b528c02ec3329a2d21a59e3d68aab6c
18ae3bab849e58815a2882c97a331714aab1c8ad
2964f82fc8f9cb5828cf0004e3d8ae8bc4a46a70c92182a5b00d9b2fb237d40e

HTTP Headers

GET /pfe/current/tag.min.js?z=5490114 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:12 GMT
content-type: application/javascript
last-modified: Tue, 21 Nov 2023 08:28:54 GMT
etag: W/"655c6a46-33f4"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

itweepinbelltor.com/pfe/current/universal.min.js?v=3.1.471

139.45.197.250

200 OK

33 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/universal.min.js?v=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
33 kB (33416 bytes)
Hash
38f3e6cf921f6587605936d31e11488a
4d85d8428d1eb1f6b80288d9fd0f5507b9c31641
f991bea0bc4dda1be4f3885d3ab19c83805d2262246156539bcb0a4e96cb268e

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.471 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: application/javascript
last-modified: Tue, 21 Nov 2023 08:28:54 GMT
etag: W/"655c6a46-1572c"
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://90yunpan.com.atlaq.com/
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

weconnect.com/favicon.ico

104.18.79.192

403 Forbidden

2.0 kB

URL GET HTTP/2
weconnect.com/favicon.ico
IP
104.18.79.192:443
ASN
#13335 CLOUDFLARENET

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectweconnect.com
Fingerprint71:B4:01:85:02:DB:BC:2D:DC:51:8A:DA:99:58:C6:41:52:29:36:07
ValiditySun, 08 Oct 2023 00:00:00 GMT - Mon, 07 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (501)
Size
2.0 kB (1998 bytes)
Hash
94c084c72585d4245b11c3206c6c23a9
894f3f741db9bd737ec6ad8292d027021bbc3549
0c0082b702b8e0c4d665a1aa23516a3b6a90d6137a2377428680450873d05516

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: weconnect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 829828a46e575688-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
d27f5b3c20b5ae49c6e3cf334ac40b02
158564000e39335b6f6faa0105baac03c6077d65
a239c3e44a7ca46cf33cf15a60a08dce5db167c99b86846b9968859633f0ed63

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
Content-Type: application/json
Content-Length: 507
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

embeddedinventor.com/wp-content/uploads/2019/10/logo_350px-48x48.png

24.199.101.213

200 OK

1.0 kB

URL GET HTTP/2
embeddedinventor.com/wp-content/uploads/2019/10/logo_350px-48x48.png
IP
24.199.101.213:443
ASN
#7029 WINDSTREAM

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectembeddedinventor.com
FingerprintC0:16:D8:E9:4F:A4:03:5C:4A:3D:23:C0:08:35:5B:2A:30:BB:69:1D
ValidityTue, 17 Oct 2023 18:02:34 GMT - Mon, 15 Jan 2024 18:02:33 GMT

File type
PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size
1.0 kB (1041 bytes)
Hash
e0be49fe1aca2e615f943a59d00b0ab5
76c556ae6350c9b7b542ea4bffae218447452dcb
1d735a95fc42cca471fcaf3f1225d273899c9c5424f86e2dd6be98d97dd65cf2

HTTP Headers

GET /wp-content/uploads/2019/10/logo_350px-48x48.png HTTP/1.1
Host: embeddedinventor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: image/png
content-length: 1041
last-modified: Tue, 17 Oct 2023 18:48:23 GMT
etag: "652ed6f7-411"
cache-control: public, max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

preview.atlaq.com/crawl?url=90yunpan.com

188.114.96.1

521 No Reason Phrase

6.8 kB

URL GET HTTP/2
preview.atlaq.com/crawl?url=90yunpan.com
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint1E:C6:84:53:3B:FF:CE:FF:8F:8C:9D:8B:3A:69:3F:E5:28:C8:F4:A5
ValidityWed, 26 Apr 2023 00:00:00 GMT - Thu, 25 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (394)
Size
6.8 kB (6839 bytes)
Hash
96c47fef4dd9eb58a52ff9d69cf30f81
1f458ace8bc25769e197ea1ec453e1aee035b244
5bc10a69a251366656d442339f53c8e797abcdde9f3f13ecdd08f2d89b1ddbb9

HTTP Headers

GET /crawl?url=90yunpan.com HTTP/1.1
Host: preview.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 521 No Reason Phrase
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: text/html; charset=UTF-8
content-length: 6839
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eAAi97U%2FWiwCetx4ZpvBhp9KXbDiN8t%2Fk38PW1gU2YtidflU4ySlKHwObfJPMPpHH6g6jn5njaKGyRNe%2BpLC7gT2r%2Fn32BqeuazXARui0gkK10lkrr1sn2YgNqcOmLudqYlPIg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: cloudflare
cf-ray: 829828a7ee7b56af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

bfue-ids.balcaofundosue.pt/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DBalcao%252B%26redirect_uri%3Dhttps%253A%252F%252Fbalcaofundosue.pt%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520Balcao%252Bapi%26response_mode%3Dform_post%26nonce%3D638361583931150298.Zjg3MDc3MjEtZDJlOC00ZWRlLTlmYmItOTk0OTk2YTAzMTg1NTA4ZTYyNzgtMzgyMy00YWNmLTk2ZGUtYjNjM2E4MjFhNGNl%26state%3DCfDJ8Aaqz2Z8X09Bg6aOXG2_af2xpl07QvHo3uZxRcg5BUfEeonQ21OUShY5Q_gyG7wMbH7wzVeMwbvUvil04axx-bXl0AWfMKUbR0ceDPuHRuSujxrb-8WkFXg10fBPigvvEifoO2w7jFk5yJppzl6vwoUf2m84C2Y7YJ8Xq965rKDXmQvsT-8wglK8aiUDbRQ-5_ZsiUvRHvjs5RQv5dzGjA2adbgNiB4H2PPx4ZzISQMkoNzmnULGvTDEJ9yFwvIPNtA_K5yHookp5pwHhPBMVONovKyvUvfOAu8jHuXk6w1_JZvuV1ju3aTrk52YUhwYMw%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0

20.105.224.7

20 kB

URL GET
bfue-ids.balcaofundosue.pt/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DBalcao%252B%26redirect_uri%3Dhttps%253A%252F%252Fbalcaofundosue.pt%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520Balcao%252Bapi%26response_mode%3Dform_post%26nonce%3D638361583931150298.Zjg3MDc3MjEtZDJlOC00ZWRlLTlmYmItOTk0OTk2YTAzMTg1NTA4ZTYyNzgtMzgyMy00YWNmLTk2ZGUtYjNjM2E4MjFhNGNl%26state%3DCfDJ8Aaqz2Z8X09Bg6aOXG2_af2xpl07QvHo3uZxRcg5BUfEeonQ21OUShY5Q_gyG7wMbH7wzVeMwbvUvil04axx-bXl0AWfMKUbR0ceDPuHRuSujxrb-8WkFXg10fBPigvvEifoO2w7jFk5yJppzl6vwoUf2m84C2Y7YJ8Xq965rKDXmQvsT-8wglK8aiUDbRQ-5_ZsiUvRHvjs5RQv5dzGjA2adbgNiB4H2PPx4ZzISQMkoNzmnULGvTDEJ9yFwvIPNtA_K5yHookp5pwHhPBMVONovKyvUvfOAu8jHuXk6w1_JZvuV1ju3aTrk52YUhwYMw%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0
IP
20.105.224.7:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerSectigo Limited
Subject*.balcaofundosue.pt
Fingerprint2B:A7:C8:3D:7E:B7:6C:4D:35:C3:5B:6B:45:85:84:02:CC:84:B9:CF
ValidityThu, 20 Apr 2023 00:00:00 GMT - Sat, 20 Apr 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (41654), with CRLF line terminators
Size
20 kB (19865 bytes)
Hash
7bac35a292309d6f5be71ccdb96fa863
b3cbf542469243a3e4e5d370e1d90404c4915d9b
956b7438a22912830e99115ee4549ea79e04c95f280895872232a5ac4706b432

HTTP Headers

GET /Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DBalcao%252B%26redirect_uri%3Dhttps%253A%252F%252Fbalcaofundosue.pt%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520Balcao%252Bapi%26response_mode%3Dform_post%26nonce%3D638361583931150298.Zjg3MDc3MjEtZDJlOC00ZWRlLTlmYmItOTk0OTk2YTAzMTg1NTA4ZTYyNzgtMzgyMy00YWNmLTk2ZGUtYjNjM2E4MjFhNGNl%26state%3DCfDJ8Aaqz2Z8X09Bg6aOXG2_af2xpl07QvHo3uZxRcg5BUfEeonQ21OUShY5Q_gyG7wMbH7wzVeMwbvUvil04axx-bXl0AWfMKUbR0ceDPuHRuSujxrb-8WkFXg10fBPigvvEifoO2w7jFk5yJppzl6vwoUf2m84C2Y7YJ8Xq965rKDXmQvsT-8wglK8aiUDbRQ-5_ZsiUvRHvjs5RQv5dzGjA2adbgNiB4H2PPx4ZzISQMkoNzmnULGvTDEJ9yFwvIPNtA_K5yHookp5pwHhPBMVONovKyvUvfOAu8jHuXk6w1_JZvuV1ju3aTrk52YUhwYMw%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 HTTP/1.1
Host: bfue-ids.balcaofundosue.pt
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ARRAffinitySameSite=7d577d29f8e00b2374ddb413016b2f6617c84445e3b963399a9d336135481e13; ARRAffinitySameSite=e62b947e6340589f02236fa9ca24cbc0ba3f5749107df36ea12aae4b8106c265
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Date: Tue, 21 Nov 2023 10:13:13 GMT
Server: Microsoft-IIS/10.0
Cache-Control: no-cache
Content-Encoding: gzip
Expires: -1
Pragma: no-cache
Set-Cookie: .AspNetCore.Culture=c%3Dpt-PT%7Cuic%3Dpt-PT; expires=Thu, 21 Nov 2024 10:13:13 GMT; path=/; secure; samesite=none
.AspNetCore.Antiforgery.9fXoN5jHCXs=CfDJ8NUmSY_t9xBLkocZbHX20ihsYbteTPMF46-vEm4wVe7NVD1qWQtJp7fQBipN-qG8Jv0463_sJV5svdkQV-rmuo0PUNJ91y8427ONbSOMlhslCIZA413tlVlQjRN6qM1RwC9VOtH8TR1oRRqqCDKOQIs; path=/; samesite=strict; httponly
.AspNetCore.Mvc.CookieTempDataProvider=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax; httponly
.AspNetCore.Session=CfDJ8NUmSY%2Ft9xBLkocZbHX20ig9CImO6yYQiSR6dkSOBG%2BRK9cu8Q37snsWssR0yzVc3amXnIvh7rGCC7luhf2KnNbOaaGmqI%2FDRbU71xIDBQzdZY0UaS3Fgankw9pff6SRlYw%2BycfYMa34vwz7B%2FX7OTPO80xag38OQJr7wz9J%2Bul5; path=/; samesite=lax; httponly
Transfer-Encoding: chunked
Vary: Accept-Encoding
Strict-Transport-Security: max-age=2592000
Request-Context: appId=cid-v1:21165957-ec6e-44b8-8a66-a9af870a2f5b
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET

region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1700561594892&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1264369818.1700561595&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1700561595&sct=1&seg=0&dl=https%3A%2F%2F90yunpan.com.atlaq.com%2F&dt=90%E4%BA%91%E7%9B%98%E7%BD%91%E2%80%94%E6%9C%80%E5%85%A8%E7%9A%84%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98%E8%B5%84%E6%BA%90%E5%88%86%E4%BA%AB%E7%A4%BE%E5%8C%BA%EF%BC%81&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1573

216.239.34.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1700561594892&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1264369818.1700561595&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1700561595&sct=1&seg=0&dl=https%3A%2F%2F90yunpan.com.atlaq.com%2F&dt=90%E4%BA%91%E7%9B%98%E7%BD%91%E2%80%94%E6%9C%80%E5%85%A8%E7%9A%84%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98%E8%B5%84%E6%BA%90%E5%88%86%E4%BA%AB%E7%A4%BE%E5%8C%BA%EF%BC%81&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1573
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1700561594892&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1264369818.1700561595&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1700561595&sct=1&seg=0&dl=https%3A%2F%2F90yunpan.com.atlaq.com%2F&dt=90%E4%BA%91%E7%9B%98%E7%BD%91%E2%80%94%E6%9C%80%E5%85%A8%E7%9A%84%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98%E8%B5%84%E6%BA%90%E5%88%86%E4%BA%AB%E7%A4%BE%E5%8C%BA%EF%BC%81&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1573 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://90yunpan.com.atlaq.com
date: Tue, 21 Nov 2023 10:13:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

whulsaux.com/?rb=VtTExVurKiHLoXCVfscaKgeuTnSKkqIP6mQpXB3DCObwkTaYUt47ANe-4XglD9nebltGn5ZdjsXak-m0nbjzCnss2gkaxuSgfgDBzmX872OLLtJkAPL3d4OoyX8AFiUsjk8mUgH1rx6RZyUZToSWiD0fQph2niBmNH85XQLDRGS3j-AXyksTvZ46YEOnElm0C80zh4CNM_1rkYb9LZW1eqPCM7Ox2zl2Dcqnig%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-v1.631.2&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2F90yunpan.com.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.631.2&bs=76d3ea15-46ff-47e1-be44-302b0cf755c5&userId=e3b50eacf6e04b45ad7ba7a105b8130d&m=link

139.45.197.244

200 OK

1.6 kB

URL GET HTTP/2
whulsaux.com/?rb=VtTExVurKiHLoXCVfscaKgeuTnSKkqIP6mQpXB3DCObwkTaYUt47ANe-4XglD9nebltGn5ZdjsXak-m0nbjzCnss2gkaxuSgfgDBzmX872OLLtJkAPL3d4OoyX8AFiUsjk8mUgH1rx6RZyUZToSWiD0fQph2niBmNH85XQLDRGS3j-AXyksTvZ46YEOnElm0C80zh4CNM_1rkYb9LZW1eqPCM7Ox2zl2Dcqnig%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-v1.631.2&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2F90yunpan.com.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.631.2&bs=76d3ea15-46ff-47e1-be44-302b0cf755c5&userId=e3b50eacf6e04b45ad7ba7a105b8130d&m=link
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
FingerprintA8:C3:DA:A6:D8:7E:B2:1D:20:3B:9D:3B:86:9A:EF:7C:B3:AC:47:D7
ValidityMon, 20 Nov 2023 05:29:27 GMT - Sun, 18 Feb 2024 05:29:26 GMT

File type
JSON data\012- , ASCII text, with very long lines (2170), with no line terminators
Size
1.6 kB (1647 bytes)
Hash
6f4047fa26f6bd58a051dde61607cc9c
0269f4923470d386b4098dcac2830bd0181aa062
5d57d24a0a20e8412c5312a383052beefb19ef8fd1ef1a8cf190a0846cebb2f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=VtTExVurKiHLoXCVfscaKgeuTnSKkqIP6mQpXB3DCObwkTaYUt47ANe-4XglD9nebltGn5ZdjsXak-m0nbjzCnss2gkaxuSgfgDBzmX872OLLtJkAPL3d4OoyX8AFiUsjk8mUgH1rx6RZyUZToSWiD0fQph2niBmNH85XQLDRGS3j-AXyksTvZ46YEOnElm0C80zh4CNM_1rkYb9LZW1eqPCM7Ox2zl2Dcqnig%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-v1.631.2&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2F90yunpan.com.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.631.2&bs=76d3ea15-46ff-47e1-be44-302b0cf755c5&userId=e3b50eacf6e04b45ad7ba7a105b8130d&m=link HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Cookie: OAID=e3b50eacf6e04b45ad7ba7a105b8130d; oaidts=1700561593
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: application/json
x-trace-id: f4ddabeaf6cda86d1b8cb49a9acc6082
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=e3b50eacf6e04b45ad7ba7a105b8130d; expires=Wed, 20 Nov 2024 10:13:13 GMT; path=/; secure; SameSite=None
oaidts=1700561593; expires=Wed, 20 Nov 2024 10:13:13 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 28 Nov 2023 10:13:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

itweepinbelltor.com/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
itweepinbelltor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
d85b124b41e7a50a1b8768640e5489e4
1f984849bf719a6cc74b48fdea1bc484c8a863c0
5bdfd40154c1c2f5ec1933658d059570c583b661791ae8f69fbf962543f49b1f

HTTP Headers

POST /event HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
Content-Type: application/json
Content-Length: 1645
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:14 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=f532ec01fbcb4b46a2a58667b1b429c9&zoneId=5490114&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=f532ec01fbcb4b46a2a58667b1b429c9&zoneId=5490114&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
5cd01ff6d53107d846df33b130b59e90
a6db7186527a0de1b1da7a35db87df66b1e1997e
629a3d079a3dfecbbbac3f441d142ef66edfd8959117c04a60d01e06554b80e5

HTTP Headers

GET /gid.js?pub=0&userId=f532ec01fbcb4b46a2a58667b1b429c9&zoneId=5490114&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Cookie: ID=e3b50eacf6e04b45ad7ba7a105b8130d
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:14 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=e3b50eacf6e04b45ad7ba7a105b8130d; expires=Wed, 20 Nov 2024 10:13:14 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
56cf85420c9fcbea85da5af46dea284d
fd34fd0b36d3643378dfee8b4e93c96d1eeb6bc8
643288865f5747c57f3c5217bbd9cd4be9a44a410a5471bc2573eaa302ad770b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
Content-Type: application/json
Content-Length: 507
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:14 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
Content-Type: application/json
Content-Length: 378
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:14 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 728d77e4a0fefa5b0e5c5c6efc594e69
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://dcpweb.co.uk

142.250.74.68

200 OK

966 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://dcpweb.co.uk
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size
966 B (966 bytes)
Hash
de3d7e3324b1ff579232126b83b4c5c0
342fe0297a2789ce0bcfa97fdc369d8c729eaaa7
6afdad49bb9f93934c4a89dd8d6208937d7aad05d054ac46a0c1f91a1e5c4c65

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://dcpweb.co.uk HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://www.dcpweb.co.uk/theme/ico/apple-touch-icon.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 966
date: Tue, 21 Nov 2023 10:13:14 GMT
expires: Tue, 28 Nov 2023 10:13:14 GMT
cache-control: public, max-age=604800
last-modified: Thu, 11 Jun 2020 15:05:50 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://epayroll.com.au

142.250.74.68

200 OK

505 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://epayroll.com.au
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size
505 B (505 bytes)
Hash
7040c8ddf8e44b8c167be291725b0117
7e6f239d91244e8e26699bfd9bbd7105b627dc8c
286d005821dc4b36cd6b9eadb884ec364519875b8fe2374743b5fb2bf32da452

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://epayroll.com.au HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://readytechworkforce.io/wp-content/uploads/2022/02/cropped-readytech-favicon-180x180.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 505
date: Tue, 21 Nov 2023 10:13:14 GMT
expires: Tue, 28 Nov 2023 10:13:14 GMT
cache-control: public, max-age=604800
last-modified: Fri, 01 Apr 2022 05:17:07 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=1264369818.1700561595&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=627575161

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=1264369818.1700561595&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=627575161
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint6E:E4:BC:4A:67:5E:46:6A:B3:E4:CA:61:A7:C0:97:AB:14:F0:34:32
ValidityMon, 23 Oct 2023 11:27:27 GMT - Mon, 15 Jan 2024 11:27:26 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=1264369818.1700561595&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=627575161 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 21 Nov 2023 10:13:14 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://90yunpan.com

142.250.74.68

404 Not Found

726 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://90yunpan.com
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://90yunpan.com HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Tue, 21 Nov 2023 10:13:14 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://weconnect.com

142.250.74.68

200 OK

731 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://weconnect.com
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size
731 B (731 bytes)
Hash
cad8db4ce71545aacfc151fcd8370800
19404fc75917dfd3fd579119ee2af8b53ce118c7
00edb5925198b1438c84e574d9f73eaec98c5852f50a20fb8b726475079a4a8e

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://weconnect.com HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://irp.cdn-website.com/2d183c66/dms3rep/multi/lpi-logo-65x65.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 731
date: Tue, 21 Nov 2023 10:13:14 GMT
expires: Tue, 28 Nov 2023 10:13:14 GMT
cache-control: public, max-age=604800
last-modified: Tue, 06 Dec 2022 18:08:52 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://balcaofundosue.pt

142.250.74.68

200 OK

1.0 kB

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://balcaofundosue.pt
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size
1.0 kB (1030 bytes)
Hash
dae5ef2d0a96ee56cd2613936ef0a6a5
2f4bc0cc27340c2d52d41f24f142b25d9fbb9012
bda14cbdc7067f076c1103eb47a3efc6361049ccaf9c7ea9e38ca1c6366f779d

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://balcaofundosue.pt HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://bfue-ids.balcaofundosue.pt/images/favicon.png
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 1030
date: Tue, 21 Nov 2023 10:13:14 GMT
expires: Tue, 28 Nov 2023 10:13:14 GMT
cache-control: public, max-age=604800
last-modified: Mon, 11 Jul 2022 21:16:53 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

itweepinbelltor.com/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

20 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
20 kB (19850 bytes)
Hash
18aa137fc9085424587d5f4b61a22202
068fd8e513af0089dc1ac8539279285ebd448ce9
d52d7be912d0fbbd31bcfeb949fd0d726c0f2867b10a90b52cd26bed218d0f68

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:14 GMT
content-type: application/javascript
last-modified: Tue, 21 Nov 2023 08:28:54 GMT
etag: W/"655c6a46-df63"
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
Content-Type: application/json
Content-Length: 738
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:14 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 8afbb68aefda8a915f1de670153192c9
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

readytechworkforce.io/ready-pay-epayroll/

104.21.10.21

200 OK

0 B

URL GET HTTP/2
readytechworkforce.io/ready-pay-epayroll/
IP
104.21.10.21:443
ASN
#13335 CLOUDFLARENET

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectreadytechworkforce.io
FingerprintBB:42:B5:99:08:92:2E:06:46:C9:53:DD:57:3E:94:B7:76:57:76:1D
ValidityMon, 16 Oct 2023 02:37:24 GMT - Sun, 14 Jan 2024 02:37:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ready-pay-epayroll/ HTTP/1.1
Host: readytechworkforce.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 21 Nov 2023 10:13:14 GMT
content-type: text/html; charset=UTF-8
link: <https://readytechworkforce.io/wp-json/>; rel="https://api.w.org/", <https://readytechworkforce.io/wp-json/wp/v2/pages/3152>; rel="alternate"; type="application/json", <https://readytechworkforce.io/?p=3152>; rel=shortlink
cache-provider: CLOUDWAYS-CACHE-DC
x-frame-options: SAMEORIGIN
last-modified: Tue, 21 Nov 2023 08:52:53 GMT
cache-control: max-age=0, s-maxage=2592000
expires: Tue, 21 Nov 2023 08:52:50 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-security-policy: frame-ancestors 'self';
age: 4821
x-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mzKqKqBOZmDh4EgyQJre%2FrQKKRza7gEhGs2nWPnkmKiIFGkSAbzks1tG9Xe8Y3ExKIMn%2FDUbHToIGS5L2pJKlDASYzc4qQzl2fVy2fM1budi6Bwld8Y%2BXZW5VefN%2F6C4fhTCgZSiUag%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 829828a56f21b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=90yunpan.com

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=90yunpan.com
IP
0.0.0.0:0
ASN
#0

Requested by
https://90yunpan.com.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=90yunpan.com HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c

142.250.74.168

200 OK

266 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
266 kB (266539 bytes)
Hash
8fd154d4613a6b53e582186fd048e9db
3749001d57cfe4940716061964a55341a69ae374
20f73b266a6b29afa13dd335561a08a71563102b06c9c5d62a4d4a343f1e1bd6

HTTP Headers

GET /gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 21 Nov 2023 10:13:13 GMT
expires: Tue, 21 Nov 2023 10:13:13 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90043
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

whulsaux.com/5/6577958/?oo=1&aab=1

139.45.197.244

200 OK

2.8 kB

URL GET HTTP/2
whulsaux.com/5/6577958/?oo=1&aab=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
FingerprintA8:C3:DA:A6:D8:7E:B2:1D:20:3B:9D:3B:86:9A:EF:7C:B3:AC:47:D7
ValidityMon, 20 Nov 2023 05:29:27 GMT - Sun, 18 Feb 2024 05:29:26 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3009), with no line terminators
Size
2.8 kB (2769 bytes)
Hash
f33eb42711b3b9e56672c8629695a349
e59286aa70048b337daad302c61345bd6de3eb4c
5cc89b10a0221be4f699a381ce18c7a0095d86593b7075bd4c63a49f8d47722e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6577958/?oo=1&aab=1 HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: application/json
x-trace-id: f116c17dfe63e0c2cb30d938c5d9dbe7
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=e3b50eacf6e04b45ad7ba7a105b8130d; expires=Wed, 20 Nov 2024 10:13:13 GMT; path=/; secure; SameSite=None
oaidts=1700561593; expires=Wed, 20 Nov 2024 10:13:13 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

www.dcpweb.co.uk/favicon.ico

5.77.60.170

404 Not Found

0 B

URL GET HTTP/2
www.dcpweb.co.uk/favicon.ico
IP
5.77.60.170:443
ASN
#20860 Iomart Cloud Services Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerGlobalSign nv-sa
Subject*.dcpweb.co.uk
Fingerprint95:0A:3C:EF:5C:0A:31:8E:33:51:9F:17:E6:07:BA:FA:ED:6B:1F:5E
ValidityThu, 29 Jun 2023 10:50:30 GMT - Tue, 30 Jul 2024 10:50:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.dcpweb.co.uk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Tue, 21 Nov 2023 10:13:14 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
content-encoding: gzip
vary: Accept-Encoding,User-Agent
set-cookie: PHPSESSID=1c7f3dea23f24cff0308e157f5067d19; path=/
cache-control: no-store, no-cache, must-revalidate, public
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=e3b50eacf6e04b45ad7ba7a105b8130d

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=e3b50eacf6e04b45ad7ba7a105b8130d
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
5fa8b2dd3dd6247b0571ae7b768cf106
a7607e371c368325003486983158be3fa89731c7
e5b8048b892779530f03f515cc0aa569b93de4ca58598694c1731dea93fe0aaa

HTTP Headers

GET /gid.js?userId=e3b50eacf6e04b45ad7ba7a105b8130d HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://90yunpan.com.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://90yunpan.com.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=e3b50eacf6e04b45ad7ba7a105b8130d; expires=Wed, 20 Nov 2024 10:13:13 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

epayroll.com.au/favicon.ico

188.114.97.1

301 Moved Permanently

0 B

URL GET HTTP/2
epayroll.com.au/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectepayroll.com.au
FingerprintCF:77:67:D7:CD:FF:43:41:B1:2F:97:03:72:B5:63:47:A7:43:81:40
ValiditySun, 15 Oct 2023 03:44:58 GMT - Sat, 13 Jan 2024 03:44:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: epayroll.com.au
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 21 Nov 2023 10:13:13 GMT
location: https://readytechworkforce.io/ready-pay-epayroll/
cache-control: max-age=3600
expires: Tue, 21 Nov 2023 11:13:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HkyZVMncRDy4qRGIjbX7fR0%2Fa5Rr3N54lVHpK7wKv3LVFIjIEp8JAbO17Z1YkeRqRDj4F3STXqvQbPuu44NvdZvXMshWfFHUnTwe0dcY8mVwiE%2FOLXEXWR%2F5oGVKGjmRotI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 829828a46e920afe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=90yunpan.com

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=90yunpan.com
IP
0.0.0.0:0
ASN
#0

Requested by
https://90yunpan.com.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=90yunpan.com HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://90yunpan.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

90yunpan.com.atlaq.com/badk.txt

188.114.97.1

200 OK

44 kB

URL GET HTTP/3
90yunpan.com.atlaq.com/badk.txt
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
44 kB (43852 bytes)
Hash
f4245877e1f9b8764acbac7b475ebf2d
7471a9d7354637651fa5d0200febe7ab162fb69a
bd300473a295a173716b1b182aed7c14e3551f7400360dd5f694115683ccd41c

HTTP Headers

GET /badk.txt HTTP/1.1
Host: 90yunpan.com.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (starting new WAN connection)
expires: Thu, 21 Dec 2023 10:13:13 GMT
last-modified: Mon, 13 Apr 2020 08:00:16 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VtG2JlL9QM4DmbuHA5RB2ZXNztV7vw7QfEM%2F1edOUKuPJZ3V3uUV76r7bz4QEkXMiimAeY2sPLC2iNt6uodhxknnlnXdBp4AZBQdpX6Obag%2BpmhsauYnLF%2FCc%2Fc6ny5hUkUupNHan0Ex"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 829828a39b8ab4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

bfue-ids.balcaofundosue.pt/connect/authorize?client_id=Balcao%2B&redirect_uri=https%3A%2F%2Fbalcaofundosue.pt%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20Balcao%2Bapi&response_mode=form_post&nonce=638361583931150298.Zjg3MDc3MjEtZDJlOC00ZWRlLTlmYmItOTk0OTk2YTAzMTg1NTA4ZTYyNzgtMzgyMy00YWNmLTk2ZGUtYjNjM2E4MjFhNGNl&state=CfDJ8Aaqz2Z8X09Bg6aOXG2_af2xpl07QvHo3uZxRcg5BUfEeonQ21OUShY5Q_gyG7wMbH7wzVeMwbvUvil04axx-bXl0AWfMKUbR0ceDPuHRuSujxrb-8WkFXg10fBPigvvEifoO2w7jFk5yJppzl6vwoUf2m84C2Y7YJ8Xq965rKDXmQvsT-8wglK8aiUDbRQ-5_ZsiUvRHvjs5RQv5dzGjA2adbgNiB4H2PPx4ZzISQMkoNzmnULGvTDEJ9yFwvIPNtA_K5yHookp5pwHhPBMVONovKyvUvfOAu8jHuXk6w1_JZvuV1ju3aTrk52YUhwYMw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0

0.0.0.0

0 B

URL GET
bfue-ids.balcaofundosue.pt/connect/authorize?client_id=Balcao%2B&redirect_uri=https%3A%2F%2Fbalcaofundosue.pt%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20Balcao%2Bapi&response_mode=form_post&nonce=638361583931150298.Zjg3MDc3MjEtZDJlOC00ZWRlLTlmYmItOTk0OTk2YTAzMTg1NTA4ZTYyNzgtMzgyMy00YWNmLTk2ZGUtYjNjM2E4MjFhNGNl&state=CfDJ8Aaqz2Z8X09Bg6aOXG2_af2xpl07QvHo3uZxRcg5BUfEeonQ21OUShY5Q_gyG7wMbH7wzVeMwbvUvil04axx-bXl0AWfMKUbR0ceDPuHRuSujxrb-8WkFXg10fBPigvvEifoO2w7jFk5yJppzl6vwoUf2m84C2Y7YJ8Xq965rKDXmQvsT-8wglK8aiUDbRQ-5_ZsiUvRHvjs5RQv5dzGjA2adbgNiB4H2PPx4ZzISQMkoNzmnULGvTDEJ9yFwvIPNtA_K5yHookp5pwHhPBMVONovKyvUvfOAu8jHuXk6w1_JZvuV1ju3aTrk52YUhwYMw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
IP
0.0.0.0:0
ASN
#0

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerSectigo Limited
Subject*.balcaofundosue.pt
Fingerprint2B:A7:C8:3D:7E:B7:6C:4D:35:C3:5B:6B:45:85:84:02:CC:84:B9:CF
ValidityThu, 20 Apr 2023 00:00:00 GMT - Sat, 20 Apr 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /connect/authorize?client_id=Balcao%2B&redirect_uri=https%3A%2F%2Fbalcaofundosue.pt%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20Balcao%2Bapi&response_mode=form_post&nonce=638361583931150298.Zjg3MDc3MjEtZDJlOC00ZWRlLTlmYmItOTk0OTk2YTAzMTg1NTA4ZTYyNzgtMzgyMy00YWNmLTk2ZGUtYjNjM2E4MjFhNGNl&state=CfDJ8Aaqz2Z8X09Bg6aOXG2_af2xpl07QvHo3uZxRcg5BUfEeonQ21OUShY5Q_gyG7wMbH7wzVeMwbvUvil04axx-bXl0AWfMKUbR0ceDPuHRuSujxrb-8WkFXg10fBPigvvEifoO2w7jFk5yJppzl6vwoUf2m84C2Y7YJ8Xq965rKDXmQvsT-8wglK8aiUDbRQ-5_ZsiUvRHvjs5RQv5dzGjA2adbgNiB4H2PPx4ZzISQMkoNzmnULGvTDEJ9yFwvIPNtA_K5yHookp5pwHhPBMVONovKyvUvfOAu8jHuXk6w1_JZvuV1ju3aTrk52YUhwYMw&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0 HTTP/1.1
Host: bfue-ids.balcaofundosue.pt
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ARRAffinitySameSite=7d577d29f8e00b2374ddb413016b2f6617c84445e3b963399a9d336135481e13
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Content-Length: 0
Date: Tue, 21 Nov 2023 10:13:13 GMT
Server: Microsoft-IIS/10.0
Location: https://bfue-ids.balcaofundosue.pt/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DBalcao%252B%26redirect_uri%3Dhttps%253A%252F%252Fbalcaofundosue.pt%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520Balcao%252Bapi%26response_mode%3Dform_post%26nonce%3D638361583931150298.Zjg3MDc3MjEtZDJlOC00ZWRlLTlmYmItOTk0OTk2YTAzMTg1NTA4ZTYyNzgtMzgyMy00YWNmLTk2ZGUtYjNjM2E4MjFhNGNl%26state%3DCfDJ8Aaqz2Z8X09Bg6aOXG2_af2xpl07QvHo3uZxRcg5BUfEeonQ21OUShY5Q_gyG7wMbH7wzVeMwbvUvil04axx-bXl0AWfMKUbR0ceDPuHRuSujxrb-8WkFXg10fBPigvvEifoO2w7jFk5yJppzl6vwoUf2m84C2Y7YJ8Xq965rKDXmQvsT-8wglK8aiUDbRQ-5_ZsiUvRHvjs5RQv5dzGjA2adbgNiB4H2PPx4ZzISQMkoNzmnULGvTDEJ9yFwvIPNtA_K5yHookp5pwHhPBMVONovKyvUvfOAu8jHuXk6w1_JZvuV1ju3aTrk52YUhwYMw%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0
Set-Cookie: ARRAffinity=e62b947e6340589f02236fa9ca24cbc0ba3f5749107df36ea12aae4b8106c265;Path=/;HttpOnly;Secure;Domain=bfue-ids.balcaofundosue.pt
ARRAffinitySameSite=e62b947e6340589f02236fa9ca24cbc0ba3f5749107df36ea12aae4b8106c265;Path=/;HttpOnly;SameSite=None;Secure;Domain=bfue-ids.balcaofundosue.pt
Strict-Transport-Security: max-age=2592000
Request-Context: appId=cid-v1:21165957-ec6e-44b8-8a66-a9af870a2f5b
X-Powered-By: ASP.NET

90yunpan.com.atlaq.com/sw-5490114.js

188.114.97.1

404 Not Found

4.8 kB

URL GET HTTP/3
90yunpan.com.atlaq.com/sw-5490114.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://90yunpan.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (5213), with no line terminators
Size
4.8 kB (4828 bytes)
Hash
0b948a02e2696753bcdb4520f0589aa0
f697d5ce02d24b902c104fba13eefc36736e931b
78de08c576c4e4de3351cebf750102fb2e7aabe6459d0dd27e6672365ade8dea

HTTP Headers

GET /sw-5490114.js HTTP/1.1
Host: 90yunpan.com.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://90yunpan.com.atlaq.com/
DNT: 1
Connection: keep-alive
Cookie: _ga_FPZ0VEL1WQ=GS1.1.1700561595.1.0.1700561595.60.0.0; _ga=GA1.1.1264369818.1700561595
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 21 Nov 2023 10:13:13 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31536000
expires: Tue, 19 Dec 2023 01:53:35 GMT
x-litespeed-cache: hit
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-expose-headers: Content-Disposition
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Z82Sg3ezFi2oXp1%2Bc3ew3YWUGQ1EH1OA1sICP3Zd1XCZxF7SN1JbDhJBaMevP55p78zaAMikVG7YgGSqBX5yUkiUAkYGs2eIbpJXIcvKPUPPaPzlplL3L0cLHawAAKcVrKrLZYImDSY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 829828a72e3eb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP