Report - tiktok18.tv.atlaq.com/

Report Overview

Visited public
2023-11-20 12:48:10
Tags
URL
tiktok18.tv.atlaq.com/
Finishing URL
tiktok18.tv.atlaq.com/
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
Make Your Sex Day - TikTok 18+

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.opirata.com	805895	2003-12-30	2012-10-04 22:41:06	2023-06-15 20:40:15	389 B	728 B	51.91.66.129
opirata.com	790169	unknown	No data	No data	385 B	363 B	51.91.66.129
tiktok18.tv.atlaq.com	unknown	unknown	No data	No data	1.3 kB	52 kB	188.114.97.1
www.google.no	25607	2001-02-26	2016-04-05 21:50:59	2023-11-20 03:03:38	576 B	578 B	142.250.74.163
opinalibros.com	unknown	unknown	No data	No data	391 B	1.1 kB	188.114.96.1
atlaq.com	460385	2019-04-07	2019-04-10 14:32:55	2023-11-19 12:52:29	850 B	163 kB	188.114.97.1
region1.analytics.google.com	unknown	1997-09-15	2022-03-17 12:26:33	2023-11-19 20:13:04	758 B	452 B	216.239.34.36
opm01.com	unknown	unknown	No data	No data	819 B	4.5 kB	172.67.167.142
operador.es	unknown	unknown	2017-04-08 06:08:57	2023-11-07 21:43:12	387 B	218 B	84.232.5.180
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2023-11-19 05:09:41	1.5 kB	1.5 kB	139.45.197.250
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-11-19 20:15:39	1.0 kB	1.5 kB	139.45.195.8
whulsaux.com	unknown	2023-01-04	2023-01-04 17:10:35	2023-11-20 07:31:52	1.9 kB	34 kB	139.45.197.244
www.opinalibros.com	unknown	unknown	No data	No data	843 B	2.3 kB	188.114.96.1
t1.gstatic.com	unknown	2008-02-11	2013-05-07 00:57:20	2023-11-20 11:02:20	1.5 kB	3.3 kB	142.250.74.68
traffic.alexa.com	381412	1996-07-17	2012-05-20 23:46:11	2021-05-14 12:40:47	978 B	0 B	0.0.0.0
opinator.com	127006	unknown	2013-10-24 16:39:20	2022-12-09 06:39:24	388 B	0 B	0.0.0.0
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-20 02:37:41	880 B	319 kB	142.250.74.168
itweepinbelltor.com	116495	2021-08-11	2021-08-11 13:34:00	2023-11-20 08:34:11	5.1 kB	246 kB	139.45.197.250

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-20	medium	whulsaux.com	Sinkholed
2023-11-20	medium	amunfezanttor.com	Sinkholed
2023-11-20	medium	amunfezanttor.com	Sinkholed
2023-11-20	medium	amunfezanttor.com	Sinkholed
2023-11-20	medium	whulsaux.com	Sinkholed
2023-11-20	medium	whulsaux.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (15)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/js?id=UA-85346163-2	135 kB	2023-11-20 13:48	2023-11-20 13:48
Pretty URL www.googletagmanager.com/gtag/js?id=UA-85346163-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 13:48 Last Seen2023-11-20 13:48 Times Seen1 Hash 855291c4f9ed3fbe92c14c351ce5f48c 1668231d7e2d80cea3251bd3c8944df0a0d0f57e 29958ba609bcc91ebd862fc2ccb917bf5323dd4fd5d175bd7f198af8886661ee Loading...

	www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c	266 kB	2023-11-20 13:48	2023-11-20 13:48
Pretty URL www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 13:48 Last Seen2023-11-20 13:48 Times Seen1 Hash ff1fe653b5d2df19d243f9f2f1f4873d 764f45ec083bce02ccf422387aae561bd57063bf cf21eaa52e9bf759a2e82911ea5279dbce9d1012100df1473b95ce94335d08f3 Loading...

	whulsaux.com/tag.min.js	81 kB	2023-11-20 13:07	2023-11-20 13:48
Pretty URL whulsaux.com/tag.min.js IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 13:07 Last Seen2023-11-20 13:48 Times Seen2 Hash 0dd0da5f0f2753df0a9f87d3ae1be345 9df4c66ff640517ffd057110b01902945eae314c fa0e667f0b744498af38c2de9020e424d17210b6da765c6d15f696767d88cc05 Loading...

	tiktok18.tv.atlaq.com/	3.6 kB	2024-08-20 18:39	2024-08-20 18:39
Pretty URL tiktok18.tv.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 18:39 Last Seen2024-08-20 18:39 Times Seen1 Hash 00fcc7bbc3e42484d24d07b2d3d4b691 e9dddb8019b34fd2d4967fc181aec4877dfce786 62a46a3bb7c9d9d1914910347cf688dadd2f98c939c9a5e303b1914885ff5410 Loading...

	tiktok18.tv.atlaq.com/	59 kB	2023-11-11 13:15	2024-08-20 19:59
Pretty URL tiktok18.tv.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-11 13:15 Last Seen2024-08-20 19:59 Times Seen27 Hash b19b96f2fc5eeadfd5a5852e5fbd19ab 021c13b5d0cfe7880adaff70d73a5ab6910e1cb5 4be0a27e37a47491b51c4eb6ea1423d82483806e6ce015132a40a0ccb1e96c7d Loading...

	itweepinbelltor.com/pfe/current/tag.min.js?z=5490114	13 kB	2023-11-02 10:05	2024-08-20 21:23
Pretty URL itweepinbelltor.com/pfe/current/tag.min.js?z=5490114 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2697 Hash 258578af3c107ccb907f73c3a2f4c25f 7a192edea829968fb7f57f2a2fc4cb5b612598be 1f945c9c46c47a2b0e867b0d09c3e4559cd768a2d3747abf28d1d65667733b75 Loading...

	unknown	149 B	2024-08-20 18:39	2024-08-20 18:39
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 18:39 Last Seen2024-08-20 18:39 Times Seen1 Hash fe0aa69c83fd370355462c676c57e45f 8d336fe5b7d9d8ea193c73afb004de81814d948e 12474c101df3ee8bf8b52eadc3d70f88fcb3e86198de099c7a46c6164290b053 Loading...

	unknown	148 B	2024-08-20 18:39	2024-08-20 18:39
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 18:39 Last Seen2024-08-20 18:39 Times Seen1 Hash dda4c74350676a009bc6e0efbf325c8b 9640e6fdccdb7c08eba211d9d775702380b1bc66 a03564941b754694fe8cdda853a009ad4bc7b4f22e237823d1ca1654052601fc Loading...

	tiktok18.tv.atlaq.com/	447 B	2023-11-11 13:15	2024-08-20 19:59
Pretty URL tiktok18.tv.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-11 13:15 Last Seen2024-08-20 19:59 Times Seen27 Hash edac1ca3689a31cc59d42a6062c37472 c02dff66418e29c297de8c4f07353942ca91bf2d 201665128cc31ad2da0fcf6cbacf714ebba47b34306525369fd8b6be99e7a07d Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11 21:07	2024-11-28 22:50
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 22:50 Times Seen281791 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	unknown	88 kB	2023-11-02 10:05	2024-08-20 21:23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2914 Hash d46d2997ab218d1dba1ab614422ed53f 3f1f6b9847c8ad209835db366c62fcb209b83a67 09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42 Loading...

	tiktok18.tv.atlaq.com/	154 B	2023-03-10 11:07	2024-11-28 20:47
Pretty URL tiktok18.tv.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 11:07 Last Seen2024-11-28 20:47 Times Seen69 Hash 556aedec3c17b1047b6ea5b24555b6b3 bc98386bf7c5d5088b545befbe3f36738874ca18 25b0f8074b7996c02b28918d9dec52e00501eee8990db393f4a0624d136a828e Loading...

	tiktok18.tv.atlaq.com/sandbox%20eval%20code	147 B	2023-04-11 21:07	2024-11-28 22:50
Pretty URL tiktok18.tv.atlaq.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 22:50 Times Seen282591 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	unknown	26 kB	2023-03-07 01:18	2024-10-26 14:27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18 Last Seen2024-10-26 14:27 Times Seen1733 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

		Size	First Seen	Last Seen
	#1 Write - d9e3949bee278eaea379e3820b0cc629	51 kB	2024-08-20 18:39	2024-08-20 18:39
Pretty Observations First Seen2024-08-20 18:39 Last Seen2024-08-20 18:39 Times Seen1 Hash d9e3949bee278eaea379e3820b0cc629 e3239f93f4bd8ff8d9a13661beb1053478a17bb7 3da7cc26bb28fb104da4fd03a3878f18e4064188a907050ead48e71131f8e987 Loading...

HTTP Transactions (41)

URL IP Response Size

atlaq.com/logo.png

188.114.97.1

200 OK

117 kB

URL GET HTTP/3
atlaq.com/logo.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
FingerprintFA:A2:5C:EE:B6:A9:D7:21:D6:87:4B:4F:82:74:3D:9E:A3:F6:E4:8E
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
PNG image data, 500 x 446, 8-bit/color RGBA, non-interlaced\012- data
Size
117 kB (117433 bytes)
Hash
792b74959e26cd37fd05dfcd0ef07770
c6e3ed2dd9771b077daf93eda5773cd10d621147
7ae2cb133588b7a2926b71630869d602c294840f6c1379666e82b25f3354623b

HTTP Headers

GET /logo.png HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: image/png
content-length: 117433
cache-control: public, max-age=31536000
expires: Thu, 24 Oct 2024 05:27:08 GMT
last-modified: Wed, 29 Jan 2020 11:21:42 GMT
vary: User-Agent,Origin, Accept-Encoding
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2272845
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zhKsSMdHnu5cnEy8chuM381IvrIREvUAKJCPMIhTJyMbSgPhanxBP%2BpSZH9v%2BCzDPUWb1asWgSNxJrh3CxZnSR3w7D1G9%2Fgq34BoOQskuZJgm6uyB0FFhdtxKGg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8290cdd4ea560b41-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=UA-85346163-2

142.250.74.168

200 OK

51 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-85346163-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (2213)
Size
51 kB (51439 bytes)
Hash
855291c4f9ed3fbe92c14c351ce5f48c
1668231d7e2d80cea3251bd3c8944df0a0d0f57e
29958ba609bcc91ebd862fc2ccb917bf5323dd4fd5d175bd7f198af8886661ee

HTTP Headers

GET /gtag/js?id=UA-85346163-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 20 Nov 2023 12:47:53 GMT
expires: Mon, 20 Nov 2023 12:47:53 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51439
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

itweepinbelltor.com/zone?pub=0&zone_id=5490114&is_mobile=false&domain=tiktok18.tv.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471

139.45.197.250

200 OK

888 B

URL GET HTTP/2
itweepinbelltor.com/zone?pub=0&zone_id=5490114&is_mobile=false&domain=tiktok18.tv.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text, with very long lines (887)
Size
888 B (888 bytes)
Hash
5800ebd5fac46023ee5ce159af185039
69130d428356b977ec0a5bb70fe95ce3bc947b85
b299942a863006c6c8227371cc765b6eaef53616b56613001feda66f9667444f

HTTP Headers

GET /zone?pub=0&zone_id=5490114&is_mobile=false&domain=tiktok18.tv.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tiktok18.tv.atlaq.com/
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: application/json; charset=utf-8
content-length: 888
x-trace-id: a13dc82c4a01852f17bccf7f7703808b
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

itweepinbelltor.com/pfe/current/tag.min.js?z=5490114

139.45.197.250

200 OK

96 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/tag.min.js?z=5490114
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
96 kB (95834 bytes)
Hash
0aa1869fdc406ab422553567f59d7a8f
ccfa59b5faa56c92c7ab12af417f602579d454ac
35f757e3afab5e797fd8c1e36f99af0596803999036c97afde789f56899c56e0

HTTP Headers

GET /pfe/current/tag.min.js?z=5490114 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:00:38 GMT
etag: W/"654e0d56-33f4"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

opirata.com/favicon.ico

51.91.66.129

301 Moved Permanently

162 B

URL GET HTTP/1.1
opirata.com/favicon.ico
IP
51.91.66.129:443
ASN
#16276 OVH SAS

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectopirata.com
FingerprintC6:BD:36:DD:ED:96:B1:55:F8:EC:F1:DA:83:EB:FA:88:A3:6C:AA:62
ValidityWed, 11 Oct 2023 04:43:12 GMT - Tue, 09 Jan 2024 04:43:11 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: opirata.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 20 Nov 2023 12:47:53 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.opirata.com/favicon.ico

whulsaux.com/tag.min.js

139.45.197.244

200 OK

26 kB

URL GET HTTP/2
whulsaux.com/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
FingerprintA8:C3:DA:A6:D8:7E:B2:1D:20:3B:9D:3B:86:9A:EF:7C:B3:AC:47:D7
ValidityMon, 20 Nov 2023 05:29:27 GMT - Sun, 18 Feb 2024 05:29:26 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (25607 bytes)
Hash
0dd0da5f0f2753df0a9f87d3ae1be345
9df4c66ff640517ffd057110b01902945eae314c
fa0e667f0b744498af38c2de9020e424d17210b6da765c6d15f696767d88cc05

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: text/javascript; charset=utf-8
content-length: 25607
content-encoding: br
x-trace-id: 5caa1ffa53f50a6bb7e46056524d1010
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Mon, 20 Nov 2023 11:33:43 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

0 B

URL POST HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://tiktok18.tv.atlaq.com/
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tiktok18.tv.atlaq.com/
Content-Type: application/json
Content-Length: 379
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: c2f3e9a98f7ad2420875b6f2bb4a0069
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

itweepinbelltor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
itweepinbelltor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /event HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://tiktok18.tv.atlaq.com/
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://tiktok18.tv.atlaq.com/
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

itweepinbelltor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
itweepinbelltor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
6338b7dab95fbf0b765900cdec26ed53
c0bd53d4021a96ae105a0eb83800363502257487
6713b35d66df4e719a28c3d6d51b41198fca685792e188fefa9299e75117d50f

HTTP Headers

POST /event HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tiktok18.tv.atlaq.com/
Content-Type: application/json
Content-Length: 1639
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
4b90b354b4b0d8e3176bb2871dc4c60a
480309e71431d2af44122829ef1fb21411a5cd6c
c9e9e2cfb89fb20a4b4951a948dff311b3373a41d317c48c9b3eceafed457770

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tiktok18.tv.atlaq.com/
Content-Type: application/json
Content-Length: 506
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

tiktok18.tv.atlaq.com/

188.114.97.1

200 OK

0 B

URL User Request GET HTTP/2
tiktok18.tv.atlaq.com/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
FingerprintFA:A2:5C:EE:B6:A9:D7:21:D6:87:4B:4F:82:74:3D:9E:A3:F6:E4:8E
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: tiktok18.tv.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (waiting for pending WAN connection)
expires: Mon, 18 Dec 2023 11:28:26 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E8y5CfqZHY%2FOB3VrabZr3JROkwZ5FPg4nysz5kwP0rHO4fRtSlT6FAb9tnxmjs7ZAb2T0YLjTvyKgVh7TlCmZU%2F2Mha7ZM12wKj0rlZY0PFGNX6FKRnH7k8j8oOMkCyuOHZnYjA5xUQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8290cdd59aec0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=3e0ec78a609549329c4e41befe897df4

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=3e0ec78a609549329c4e41befe897df4
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
04b3e6c3c85ed7c0477872c4e08b64d0
a68fd9796778cd2b301cf4ad3dd47809ffa39c6e
e2872e0ef0ee97a7c6ebad580c3aa96744a4921544350af6643f680ab5107c20

HTTP Headers

GET /gid.js?userId=3e0ec78a609549329c4e41befe897df4 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3e0ec78a609549329c4e41befe897df4; expires=Tue, 19 Nov 2024 12:47:53 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

www.opinalibros.com/wp-content/uploads/2020/05/cropped-favicon-32x32.png

188.114.96.1

200 OK

422 B

URL GET HTTP/3
www.opinalibros.com/wp-content/uploads/2020/05/cropped-favicon-32x32.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectopinalibros.com
FingerprintB9:75:2C:EF:67:DA:4F:EA:52:E4:E9:C5:E7:6C:70:27:52:D8:6F:AD
ValidityMon, 25 Sep 2023 14:34:33 GMT - Sun, 24 Dec 2023 14:34:32 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
422 B (422 bytes)
Hash
f131b7728d189b718a7c54238422af82
cccf14d9ccbb4da2b5edd10ef8780c727af8ccea
8b49429451c69b4b42eef954847ec1811af19af18b6d313706c322137097e946

HTTP Headers

GET /wp-content/uploads/2020/05/cropped-favicon-32x32.png HTTP/1.1
Host: www.opinalibros.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: image/png
content-length: 422
last-modified: Thu, 18 Feb 2021 15:24:22 GMT
etag: "1a6-5bb9dee127580"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jcS0EH%2F77kCfx%2FShvLpsEZmecmaVAKtLA%2BcG32RwxfuYv0pivgp9kMACwkIHeBtlOh5SGyHg6c2esX9VarTPgSilzk412pqQlcm%2FDORU%2F64J35KRThIVvdqvI0GsheGK51Grxx2C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8290cdd87e571c16-OSL
alt-svc: h3=":443"; ma=86400

www.opirata.com/favicon.ico

51.91.66.129

404 Not Found

478 B

URL GET HTTP/1.1
www.opirata.com/favicon.ico
IP
51.91.66.129:443
ASN
#16276 OVH SAS

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectopirata.com
FingerprintC6:BD:36:DD:ED:96:B1:55:F8:EC:F1:DA:83:EB:FA:88:A3:6C:AA:62
ValidityWed, 11 Oct 2023 04:43:12 GMT - Tue, 09 Jan 2024 04:43:11 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
478 B (478 bytes)
Hash
275f53f8212893f2684a7c0ea2f53ee2
985369f8b82b4e9d342601f0f49f3024c9fa9bc6
31ce4d904aebe80ab7364b303050e03638e018c05fbd1dbd3df3f48aa42ada2a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.opirata.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Server: nginx
Date: Mon, 20 Nov 2023 12:47:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 16 Aug 2022 13:55:23 GMT
ETag: W/"3bd-5e65c198fc240"
Content-Encoding: br

my.rtmark.net/gid.js?pub=0&userId=8e2f92c791c441d886489868c3d26ed7&zoneId=5490114&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=8e2f92c791c441d886489868c3d26ed7&zoneId=5490114&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
dde92194591fd7c90deb9fef4ae15829
0d162831a62f3572620a8afdd7b73dc800116e78
51ec11e53224f64d60341bec2e177aa4b43c055f271eb03b0638908401d93a3c

HTTP Headers

GET /gid.js?pub=0&userId=8e2f92c791c441d886489868c3d26ed7&zoneId=5490114&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tiktok18.tv.atlaq.com/
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=8e2f92c791c441d886489868c3d26ed7; expires=Tue, 19 Nov 2024 12:47:53 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
11839c89c0d6b00f1332e5c8b24efaa4
1fed4b2bfc9148088a2cdff81c8b50f065ec1bfc
bb0239ef615ce274bb54ccc2692512a6975bae3f252165dbbfc6d92e3b0f6dc3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tiktok18.tv.atlaq.com/
Content-Type: application/json
Content-Length: 506
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tiktok18.tv.atlaq.com/
Content-Type: application/json
Content-Length: 376
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:54 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 16a2d4e47b608c973f802d908fe1e8e2
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1700484474907&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=513704715.1700484475&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1700484475&sct=1&seg=0&dl=https%3A%2F%2Ftiktok18.tv.atlaq.com%2F&dt=Make%20Your%20Sex%20Day%20-%20TikTok%2018%2B&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1331

216.239.34.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1700484474907&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=513704715.1700484475&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1700484475&sct=1&seg=0&dl=https%3A%2F%2Ftiktok18.tv.atlaq.com%2F&dt=Make%20Your%20Sex%20Day%20-%20TikTok%2018%2B&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1331
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1700484474907&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=513704715.1700484475&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1700484475&sct=1&seg=0&dl=https%3A%2F%2Ftiktok18.tv.atlaq.com%2F&dt=Make%20Your%20Sex%20Day%20-%20TikTok%2018%2B&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1331 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://tiktok18.tv.atlaq.com
date: Mon, 20 Nov 2023 12:47:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://tiktok18.tv

142.250.74.68

404 Not Found

726 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://tiktok18.tv
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://tiktok18.tv HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Mon, 20 Nov 2023 12:47:54 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://opirata.com

142.250.74.68

200 OK

451 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://opirata.com
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
451 B (451 bytes)
Hash
0ea8e4671f9017ceab9b659c45f42982
b3163619897d95b5f944e3286fdfd055b6616fb5
c98d669eb44530e54d0c4c199b7513f05747ff7fedc0bbe2de979f7be3c9caba

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://opirata.com HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://www.opirata.com/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 451
date: Mon, 20 Nov 2023 12:47:54 GMT
expires: Mon, 27 Nov 2023 12:47:54 GMT
cache-control: public, max-age=604800
last-modified: Tue, 29 Jan 2019 22:52:26 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://operador.es

142.250.74.68

404 Not Found

726 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://operador.es
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://operador.es HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Mon, 20 Nov 2023 12:47:54 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=513704715.1700484475&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=2051339375

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=513704715.1700484475&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=2051339375
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint6E:E4:BC:4A:67:5E:46:6A:B3:E4:CA:61:A7:C0:97:AB:14:F0:34:32
ValidityMon, 23 Oct 2023 11:27:27 GMT - Mon, 15 Jan 2024 11:27:26 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=513704715.1700484475&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=2051339375 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 20 Nov 2023 12:47:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL POST HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tiktok18.tv.atlaq.com/
Content-Type: application/json
Content-Length: 736
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:54 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b826078fb6a0e7b3d0a0d9e84165f335
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

opm01.com/wp-content/uploads/2022/05/cropped-2-2-32x32.png

172.67.167.142

200 OK

1.5 kB

URL GET HTTP/2
opm01.com/wp-content/uploads/2022/05/cropped-2-2-32x32.png
IP
172.67.167.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectopm01.com
FingerprintD0:4F:67:09:68:5C:52:05:93:42:BC:D5:66:C0:77:AC:36:9C:F6:9A
ValidityMon, 25 Sep 2023 08:22:51 GMT - Sun, 24 Dec 2023 08:22:50 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
1.5 kB (1479 bytes)
Hash
bfb2b53e773e424cdbe66a8459953d44
3a294c2f8244525af50c64f681c8580aed532b9b
6f4828616bd15807199cd017d843376ed1bd7106fda2acb0d69a33ea9dfaadf9

HTTP Headers

GET /wp-content/uploads/2022/05/cropped-2-2-32x32.png HTTP/1.1
Host: opm01.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 20 Nov 2023 12:47:55 GMT
content-type: image/png
content-length: 1479
last-modified: Sun, 22 May 2022 06:03:34 GMT
cache-control: public, max-age=10368000
expires: Tue, 19 Mar 2024 12:47:55 GMT
etag: "6289d236-5c7"
x-powered-by: PleskLin
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ljtAK6xoBHKCF6ToVQjiRWrZZ7CyxvFij%2BxXyzeoPnJ1gL7lTtlqqw6VM%2FnSpC%2FfuqfuKsocKlwnD0LytNxs1pmfLCN%2FLuAiYSZKcKpV39c5w36QMqVVDOCaD6Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8290cde58a62712a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

opm01.com/favicon.ico

172.67.167.142

302 Found

1.5 kB

URL GET HTTP/2
opm01.com/favicon.ico
IP
172.67.167.142:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectopm01.com
FingerprintD0:4F:67:09:68:5C:52:05:93:42:BC:D5:66:C0:77:AC:36:9C:F6:9A
ValidityMon, 25 Sep 2023 08:22:51 GMT - Sun, 24 Dec 2023 08:22:50 GMT

File type

Size
1.5 kB (1479 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: opm01.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 20 Nov 2023 12:47:55 GMT
content-type: text/html; charset=UTF-8
location: https://opm01.com/wp-content/uploads/2022/05/cropped-2-2-32x32.png
x-powered-by: PHP/8.1.25, PleskLin
x-redirect-by: WordPress
cache-control: max-age=14400
expires: Mon, 20 Nov 2023 12:47:53 GMT
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xqIrTCTBebKKoVR07NwQpKGZhqv6NYLRzVgY7CZc4MmWOW%2BmkVYPHtuUsT5o8bLibiFWDg%2B3vDaXgipqe%2Fl2Rkj41DlJ24gqAQFhYaFpbaz%2BZG8qF%2B3izAyqspU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8290cdd57828712a-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=tiktok18.tv

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=tiktok18.tv
IP
0.0.0.0:0
ASN
#0

Requested by
https://tiktok18.tv.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=tiktok18.tv HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

tiktok18.tv.atlaq.com/badk.txt

188.114.97.1

200 OK

44 kB

URL GET HTTP/3
tiktok18.tv.atlaq.com/badk.txt
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
FingerprintFA:A2:5C:EE:B6:A9:D7:21:D6:87:4B:4F:82:74:3D:9E:A3:F6:E4:8E
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
44 kB (43852 bytes)
Hash
f4245877e1f9b8764acbac7b475ebf2d
7471a9d7354637651fa5d0200febe7ab162fb69a
bd300473a295a173716b1b182aed7c14e3551f7400360dd5f694115683ccd41c

HTTP Headers

GET /badk.txt HTTP/1.1
Host: tiktok18.tv.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tiktok18.tv.atlaq.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (starting new WAN connection)
expires: Wed, 20 Dec 2023 12:47:53 GMT
last-modified: Mon, 13 Apr 2020 08:00:16 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ISx4fe1Zu76y6s8zX%2B84du%2BfWUj0k9eUbagIbdxOwTtHWNiEJ9Sbik92SvM54m1KWoBn08%2FW1FTyrLVQgib43n5DT4%2BoVkmD9xaL82icsfQIz69FUeLDpbF%2FMd8sPanZiJAmSyoVcmU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8290cdd58ad70b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

itweepinbelltor.com/pfe/current/universal.min.js?v=3.1.471

139.45.197.250

200 OK

88 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/universal.min.js?v=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
88 kB (87852 bytes)
Hash
d46d2997ab218d1dba1ab614422ed53f
3f1f6b9847c8ad209835db366c62fcb209b83a67
09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.471 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tiktok18.tv.atlaq.com/
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:00:38 GMT
etag: W/"654e0d56-1572c"
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

www.opinalibros.com/favicon.ico

188.114.96.1

302 Found

422 B

URL GET HTTP/3
www.opinalibros.com/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectopinalibros.com
FingerprintB9:75:2C:EF:67:DA:4F:EA:52:E4:E9:C5:E7:6C:70:27:52:D8:6F:AD
ValidityMon, 25 Sep 2023 14:34:33 GMT - Sun, 24 Dec 2023 14:34:32 GMT

File type

Size
422 B (422 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.opinalibros.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: text/html; charset=UTF-8
location: https://www.opinalibros.com/wp-content/uploads/2020/05/cropped-favicon-32x32.png
x-ua-compatible: IE=edge
link: <https://www.opinalibros.com/wp-json/>; rel="https://api.w.org/"
x-redirect-by: WordPress
cf-cache-status: BYPASS
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QwoXpBQZjioAxXGxupvSgD5%2FutHIomGm%2FWO3cpCjRa10XDQpc2%2FuwSTZQess1yXGCftVWV0RknxJdwRDvHmh8i%2B%2B9z8k4E6zdkvKx8Pr4hQWc7aU5XPu2%2B7PFovT0K%2BNFL877%2FhF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8290cdd6bd021c16-OSL
alt-svc: h3=":443"; ma=86400

whulsaux.com/?rb=2RLX04BVp_qHDjTaq58XCBgpC_iLhFAxID1K7YJLPtEPOHk-PlLZBfd_CmfZPj0XMXMqsyDZcDsdzhsDx3fccsCqqi6Bxzm6LjkqlBLgIEHV_kw0nKq3xA1tRiIJYgmouwBjeRGSMRq1bTMjTcCgJswK5wKUbinjmNz4Fq7WBTVd7V155Lko6hW5dZSdrrh-x2HQpuOmf3ovNxmXJsrDwTgHkTozJeeDOdLZKQ%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-1.630.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Ftiktok18.tv.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.630.0&bs=e2d45ff2-d96d-42ad-a6ea-0ee1b1408315&userId=3e0ec78a609549329c4e41befe897df4&m=link

139.45.197.244

200 OK

2.2 kB

URL GET HTTP/2
whulsaux.com/?rb=2RLX04BVp_qHDjTaq58XCBgpC_iLhFAxID1K7YJLPtEPOHk-PlLZBfd_CmfZPj0XMXMqsyDZcDsdzhsDx3fccsCqqi6Bxzm6LjkqlBLgIEHV_kw0nKq3xA1tRiIJYgmouwBjeRGSMRq1bTMjTcCgJswK5wKUbinjmNz4Fq7WBTVd7V155Lko6hW5dZSdrrh-x2HQpuOmf3ovNxmXJsrDwTgHkTozJeeDOdLZKQ%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-1.630.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Ftiktok18.tv.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.630.0&bs=e2d45ff2-d96d-42ad-a6ea-0ee1b1408315&userId=3e0ec78a609549329c4e41befe897df4&m=link
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
FingerprintA8:C3:DA:A6:D8:7E:B2:1D:20:3B:9D:3B:86:9A:EF:7C:B3:AC:47:D7
ValidityMon, 20 Nov 2023 05:29:27 GMT - Sun, 18 Feb 2024 05:29:26 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2200), with no line terminators
Size
2.2 kB (2170 bytes)
Hash
0bb3efa8aeac70d226d7d29325a7c3c2
d518fe7a44c8b92fc55e080df25166972cbbf238
865469e87d0c7bdb0440e18915457caebcbeca70eedfb5cfa8824cdaab61dbb5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=2RLX04BVp_qHDjTaq58XCBgpC_iLhFAxID1K7YJLPtEPOHk-PlLZBfd_CmfZPj0XMXMqsyDZcDsdzhsDx3fccsCqqi6Bxzm6LjkqlBLgIEHV_kw0nKq3xA1tRiIJYgmouwBjeRGSMRq1bTMjTcCgJswK5wKUbinjmNz4Fq7WBTVd7V155Lko6hW5dZSdrrh-x2HQpuOmf3ovNxmXJsrDwTgHkTozJeeDOdLZKQ%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-1.630.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Ftiktok18.tv.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.630.0&bs=e2d45ff2-d96d-42ad-a6ea-0ee1b1408315&userId=3e0ec78a609549329c4e41befe897df4&m=link HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tiktok18.tv.atlaq.com/
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Cookie: OAID=3e0ec78a609549329c4e41befe897df4; oaidts=1700484473
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: application/json
x-trace-id: 03800e88ca81353a5a4f92bea2c032c6
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=3e0ec78a609549329c4e41befe897df4; expires=Tue, 19 Nov 2024 12:47:53 GMT; path=/; secure; SameSite=None
oaidts=1700484473; expires=Tue, 19 Nov 2024 12:47:53 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 27 Nov 2023 12:47:53 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

operador.es/favicon.ico

84.232.5.180

404 Not Found

0 B

URL GET HTTP/2
operador.es/favicon.ico
IP
84.232.5.180:443
ASN
#29119 ServiHosting Networks S.L.

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerSectigo Limited
Subject*.operador.es
Fingerprint3E:53:96:B2:2A:BA:94:79:6F:26:2E:AD:C0:36:FC:FE:A2:C3:AB:7C
ValidityTue, 29 Aug 2023 00:00:00 GMT - Sat, 28 Sep 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: operador.es
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: text/html
last-modified: Fri, 25 May 2018 15:39:23 GMT
etag: W/"3fd-56d09927d5f0e"
content-encoding: br
X-Firefox-Spdy: h2

tiktok18.tv.atlaq.com/sw-5490114.js

188.114.97.1

404 Not Found

4.8 kB

URL GET HTTP/3
tiktok18.tv.atlaq.com/sw-5490114.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
FingerprintFA:A2:5C:EE:B6:A9:D7:21:D6:87:4B:4F:82:74:3D:9E:A3:F6:E4:8E
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (5214), with no line terminators
Size
4.8 kB (4829 bytes)
Hash
4fa9a57847b553cf01fb5953c36899a9
fc06a5a9bcd25cbcec180e54b3ef56ca5919ae7b
2a2eb9d0f806dc1f248c042715683521bbfa79da97ddb637e50342c871666d2e

HTTP Headers

GET /sw-5490114.js HTTP/1.1
Host: tiktok18.tv.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tiktok18.tv.atlaq.com/
DNT: 1
Connection: keep-alive
Cookie: _ga_FPZ0VEL1WQ=GS1.1.1700484475.1.0.1700484475.60.0.0; _ga=GA1.1.513704715.1700484475
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31536000
expires: Mon, 18 Dec 2023 14:44:28 GMT
x-litespeed-cache: hit
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-expose-headers: Content-Disposition
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 61206
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PssIsa%2Fmoduc%2FjN%2Fjrzwokd7%2BAbxlxxZ8jimXUVOlHM9vgCTnnBtWwLeqsfy9diVVjBbWVYPxMQPEa8eZ2vSInJqtrJbfyKA%2BPIlUaPIrR%2B0j%2BbWFUfP0l%2BSxwOWq47fMKLXqaM8r%2BQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8290cdd75c290b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

itweepinbelltor.com/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

57 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
57 kB (57187 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tiktok18.tv.atlaq.com/
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:00:38 GMT
etag: W/"654e0d56-df63"
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

atlaq.com/style.css

188.114.97.1

200 OK

44 kB

URL GET HTTP/3
atlaq.com/style.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
FingerprintFA:A2:5C:EE:B6:A9:D7:21:D6:87:4B:4F:82:74:3D:9E:A3:F6:E4:8E
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6732)
Size
44 kB (43872 bytes)
Hash
611e414a545a0c84fe6c111b9a4c3722
7fe2addc3373777aeb6de31caaf66f800049dd59
b5fc73fd3ef4ac8eda80826c1f684294f136c3d03c4afed7e7cd59a3f6a5a146

HTTP Headers

GET /style.css HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
expires: Fri, 24 Nov 2023 06:07:01 GMT
last-modified: Tue, 25 Oct 2022 04:42:27 GMT
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2270452
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BdNB9RSCMc4Ihv%2B3iw1c6iN7vOT1IwKg6dNtYfAy1hib3JGRpQnl1O21od9G3KKHxtiDO9nvkAxF4ZQsj1AXzjyWwD9laqLTzmpGTasqpe5qZHSyTbe4BjDWFGU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8290cdd4ba400b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

opinalibros.com/favicon.ico

188.114.96.1

301 Moved Permanently

422 B

URL GET HTTP/2
opinalibros.com/favicon.ico
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectopinalibros.com
FingerprintB9:75:2C:EF:67:DA:4F:EA:52:E4:E9:C5:E7:6C:70:27:52:D8:6F:AD
ValidityMon, 25 Sep 2023 14:34:33 GMT - Sun, 24 Dec 2023 14:34:32 GMT

File type

Size
422 B (422 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: opinalibros.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: text/html
location: https://www.opinalibros.com/favicon.ico
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f9K3FCzNLsjCVw%2B0sQ1rnd3BIXK6t5UN8d55CiUf1W0oG7%2BT3AlkC5ODz0hKnKn9f9UOCFFV%2BhwOwYyDfbO%2BpkDSim1Pgkfo7v%2B8PmrbAakw%2F0eVkwbTbCFfY9kh5mHGDxY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8290cdd5685c5690-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c

142.250.74.168

200 OK

266 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
266 kB (266536 bytes)
Hash
ff1fe653b5d2df19d243f9f2f1f4873d
764f45ec083bce02ccf422387aae561bd57063bf
cf21eaa52e9bf759a2e82911ea5279dbce9d1012100df1473b95ce94335d08f3

HTTP Headers

GET /gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 20 Nov 2023 12:47:53 GMT
expires: Mon, 20 Nov 2023 12:47:53 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90054
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=tiktok18.tv

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=tiktok18.tv
IP
0.0.0.0:0
ASN
#0

Requested by
https://tiktok18.tv.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=tiktok18.tv HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

opinator.com/favicon.ico

0.0.0.0

0 B

URL GET
opinator.com/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://tiktok18.tv.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: opinator.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

whulsaux.com/5/6577958/?oo=1&aab=1

139.45.197.244

200 OK

2.8 kB

URL GET HTTP/2
whulsaux.com/5/6577958/?oo=1&aab=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://tiktok18.tv.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
FingerprintA8:C3:DA:A6:D8:7E:B2:1D:20:3B:9D:3B:86:9A:EF:7C:B3:AC:47:D7
ValidityMon, 20 Nov 2023 05:29:27 GMT - Sun, 18 Feb 2024 05:29:26 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3009), with no line terminators
Size
2.8 kB (2769 bytes)
Hash
ddaf91c04ff9eb6c30f38250d857481e
fad5daaefafb01d6d65df4b4f6956ecfb937d02a
5387f18d81952d5e6f9e7e84bedc37dc425d7a5685e7ebb713225b34dd29a9ae

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6577958/?oo=1&aab=1 HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tiktok18.tv.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://tiktok18.tv.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 12:47:53 GMT
content-type: application/json
x-trace-id: f5c4d98b9f231a2e266d67519a9d4f37
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://tiktok18.tv.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=3e0ec78a609549329c4e41befe897df4; expires=Tue, 19 Nov 2024 12:47:53 GMT; path=/; secure; SameSite=None
oaidts=1700484473; expires=Tue, 19 Nov 2024 12:47:53 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations