Report - fhcmeiju.com.atlaq.com/

Report Overview

Visited public
2023-11-20 11:16:13
Tags
URL
fhcmeiju.com.atlaq.com/
Finishing URL
fhcmeiju.com.atlaq.com/
IP / ASN
104.21.64.58
#13335 CLOUDFLARENET
Title
凤凰城美剧网 - 更多美剧在线观看、最新美剧及时更新！

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rcp-rollei.myshopify.com	unknown	unknown	No data	No data	400 B	915 B	23.227.38.74
realmroyale.com	unknown	2018-02-22	2018-12-13 06:58:12	2023-02-22 05:25:26	391 B	0 B	0.0.0.0
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-20 02:37:41	894 B	143 kB	142.250.74.104
itweepinbelltor.com	116495	2021-08-11	2021-08-11 13:34:00	2023-11-19 07:01:49	5.1 kB	156 kB	139.45.197.250
whulsaux.com	unknown	2023-01-04	2023-01-04 17:10:35	2023-11-19 14:42:55	2.0 kB	34 kB	139.45.197.244
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-11-19 20:15:39	1.1 kB	1.5 kB	139.45.195.8
www.rasting.de	unknown	unknown	2017-11-28 11:08:32	2023-10-12 11:01:24	437 B	2.5 kB	91.184.35.223
www.rationalgalerie.de	unknown	unknown	2013-05-03 16:22:11	2023-10-10 04:37:22	396 B	542 B	85.13.136.12
atlaq.com	460385	2019-04-07	2019-04-10 14:32:55	2023-11-17 13:50:12	852 B	163 kB	188.114.97.1
preview.atlaq.com	unknown	2019-04-07	2023-10-16 11:41:32	2023-11-17 13:50:12	484 B	30 kB	188.114.97.1
rationalgalerie.de	unknown	unknown	2017-10-12 23:29:17	2023-10-10 04:37:22	392 B	545 B	85.13.136.12
fhcmeiju.com.atlaq.com	unknown	2019-04-07	2023-09-14 13:26:49	2023-09-14 13:26:49	1.4 kB	50 kB	104.21.64.58
rbk-direkt.de	unknown	unknown	2015-07-28 02:26:40	2023-10-04 16:55:50	387 B	545 B	87.79.4.166
t1.gstatic.com	unknown	2008-02-11	2013-05-07 00:57:20	2023-11-20 11:02:20	1.1 kB	3.1 kB	142.250.74.68
www.fhcmeiju.com	unknown	2021-08-20	2021-08-20 10:11:23	2023-10-16 21:04:01	478 B	691 B	172.67.154.218
rasting.de	unknown	unknown	2019-05-27 10:36:53	2023-02-17 13:08:03	386 B	2.7 kB	91.184.35.223
traffic.alexa.com	381412	1996-07-17	2012-05-20 23:46:11	2021-05-14 12:40:47	982 B	0 B	0.0.0.0
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2023-11-19 05:09:41	1.5 kB	1.5 kB	139.45.197.250
www.rbk-direkt.de	unknown	unknown	2014-02-25 17:57:11	2023-11-06 21:17:58	405 B	1.6 kB	87.79.4.166
region1.analytics.google.com	unknown	1997-09-15	2022-03-17 12:26:33	2023-11-19 20:13:04	940 B	453 B	216.239.32.36
www.google.no	25607	2001-02-26	2016-04-05 21:50:59	2023-11-20 03:03:38	576 B	578 B	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-20	medium	whulsaux.com	Sinkholed
2023-11-20	medium	amunfezanttor.com	Sinkholed
2023-11-20	medium	amunfezanttor.com	Sinkholed
2023-11-20	medium	whulsaux.com	Sinkholed
2023-11-20	medium	amunfezanttor.com	Sinkholed
2023-11-20	medium	whulsaux.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (15)

	URL	Size	First Seen	Last Seen
	fhcmeiju.com.atlaq.com/	3.6 kB	2024-08-20 18:40	2024-08-20 18:40
Pretty URL fhcmeiju.com.atlaq.com/ IP 104.21.64.58 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 18:40 Last Seen2024-08-20 18:40 Times Seen1 Hash fa80210fde8526700b4a221955a4e0d8 c4ed817034b6c1d279244585ced9a9b2aedb1d4e 95f55a11714a3c885ce2d7974dfe8a1df23ea3f69dd21af8100fde12406f940b Loading...

	www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c	266 kB	2023-11-20 12:16	2023-11-20 12:16
Pretty URL www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c IP 142.250.74.104 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 12:16 Last Seen2023-11-20 12:16 Times Seen1 Hash 0c5a4b1714ff230fd8473e4501bba013 fd26dea868f8c070f2e809bdc872441cff44911f ca59c9380312dcbe4aadcd897a3cf005b01f4f3270317732e150d77aa190161b Loading...

	whulsaux.com/tag.min.js	81 kB	2023-11-15 13:56	2023-11-21 03:05
Pretty URL whulsaux.com/tag.min.js IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-15 13:56 Last Seen2023-11-21 03:05 Times Seen245 Hash f2e2bbac9956f90deb8bb8620b4e6a34 92e196a6e8b21e835aeb47d0123fbad2c9c1bc2c 785e6fa651312a3f819529c5fa32cd529e74c771f73929ed85cdf424a462144f Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11 21:07	2024-11-28 23:43
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 23:43 Times Seen281800 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	fhcmeiju.com.atlaq.com/	59 kB	2023-11-11 13:15	2024-08-20 19:59
Pretty URL fhcmeiju.com.atlaq.com/ IP 104.21.64.58 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-11 13:15 Last Seen2024-08-20 19:59 Times Seen27 Hash b19b96f2fc5eeadfd5a5852e5fbd19ab 021c13b5d0cfe7880adaff70d73a5ab6910e1cb5 4be0a27e37a47491b51c4eb6ea1423d82483806e6ce015132a40a0ccb1e96c7d Loading...

	fhcmeiju.com.atlaq.com/	447 B	2023-11-11 13:15	2024-08-20 19:59
Pretty URL fhcmeiju.com.atlaq.com/ IP 104.21.64.58 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-11 13:15 Last Seen2024-08-20 19:59 Times Seen27 Hash edac1ca3689a31cc59d42a6062c37472 c02dff66418e29c297de8c4f07353942ca91bf2d 201665128cc31ad2da0fcf6cbacf714ebba47b34306525369fd8b6be99e7a07d Loading...

	itweepinbelltor.com/pfe/current/tag.min.js?z=5490114	13 kB	2023-11-02 10:05	2024-08-20 21:23
Pretty URL itweepinbelltor.com/pfe/current/tag.min.js?z=5490114 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2697 Hash 258578af3c107ccb907f73c3a2f4c25f 7a192edea829968fb7f57f2a2fc4cb5b612598be 1f945c9c46c47a2b0e867b0d09c3e4559cd768a2d3747abf28d1d65667733b75 Loading...

	fhcmeiju.com.atlaq.com/sandbox%20eval%20code	147 B	2023-04-11 21:07	2024-11-28 23:43
Pretty URL fhcmeiju.com.atlaq.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 23:43 Times Seen282600 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	fhcmeiju.com.atlaq.com/	154 B	2023-03-10 11:07	2024-11-28 20:47
Pretty URL fhcmeiju.com.atlaq.com/ IP 104.21.64.58 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 11:07 Last Seen2024-11-28 20:47 Times Seen69 Hash 556aedec3c17b1047b6ea5b24555b6b3 bc98386bf7c5d5088b545befbe3f36738874ca18 25b0f8074b7996c02b28918d9dec52e00501eee8990db393f4a0624d136a828e Loading...

	unknown	156 B	2024-08-20 18:40	2024-08-20 18:40
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 18:40 Last Seen2024-08-20 18:40 Times Seen1 Hash b5dd934203a89eb418e7dadf018ec0dc 48c1d41af3a67290fed94d9eba8aa97096c77916 4d2f2a7b444e4577d43124ba6ff0f1c5f79f89d8c7295518d69c461c175f93e7 Loading...

	unknown	26 kB	2023-03-07 01:18	2024-10-26 14:27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18 Last Seen2024-10-26 14:27 Times Seen1733 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

	www.googletagmanager.com/gtag/js?id=UA-85346163-2	135 kB	2023-11-20 12:16	2023-11-20 12:16
Pretty URL www.googletagmanager.com/gtag/js?id=UA-85346163-2 IP 142.250.74.104 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-20 12:16 Last Seen2023-11-20 12:16 Times Seen1 Hash 238938239d57f59b62dc3e95b144fd65 8f2be1fba38b78d23b9abd480a91601a06e8ece8 e2366d9a12de3f2af0756f6fcac217b6356f2793dd802035bd25f2e25ba9a850 Loading...

	unknown	162 B	2024-08-20 18:40	2024-08-20 18:40
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 18:40 Last Seen2024-08-20 18:40 Times Seen1 Hash 31dd1e0035edb4152745b495f8256912 f567cfb318300ab4cdf8bd2c978b98a6e8d13f53 097bdf0d8b0837ca5ee3c225fd0b54caa6abde436b40e3e42feee6bb65fee3d0 Loading...

	unknown	88 kB	2023-11-02 10:05	2024-08-20 21:23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2914 Hash d46d2997ab218d1dba1ab614422ed53f 3f1f6b9847c8ad209835db366c62fcb209b83a67 09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42 Loading...

		Size	First Seen	Last Seen
	#1 Write - 898db721fbc011c9b4cd1cc41bda97c4	51 kB	2024-08-20 18:40	2024-08-20 18:40
Pretty Observations First Seen2024-08-20 18:40 Last Seen2024-08-20 18:40 Times Seen1 Hash 898db721fbc011c9b4cd1cc41bda97c4 4f48b6874d65f518d37aa29869df476b2b6f1a91 4425c69ae4d55d8ed97d41a4393352ee2cb0947026310101f43b35ec61255212 Loading...

HTTP Transactions (41)

URL IP Response Size

atlaq.com/logo.png

188.114.97.1

200 OK

117 kB

URL GET HTTP/3
atlaq.com/logo.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint5E:AC:5A:49:0B:05:39:5A:D5:49:EF:4E:F8:76:94:B6:C0:A1:29:84
ValidityTue, 29 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT

File type
PNG image data, 500 x 446, 8-bit/color RGBA, non-interlaced\012- data
Size
117 kB (117433 bytes)
Hash
792b74959e26cd37fd05dfcd0ef07770
c6e3ed2dd9771b077daf93eda5773cd10d621147
7ae2cb133588b7a2926b71630869d602c294840f6c1379666e82b25f3354623b

HTTP Headers

GET /logo.png HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: image/png
content-length: 117433
cache-control: public, max-age=31536000
expires: Thu, 24 Oct 2024 05:27:08 GMT
last-modified: Wed, 29 Jan 2020 11:21:42 GMT
vary: User-Agent,Origin, Accept-Encoding
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2267328
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J9sGv%2FqQ%2BgWImccYrUcc6mKdT84F6T3Gx9R5y%2Bd2%2BiMcYM3gJjEUf8p%2FVfs%2BwKF5xky9N4tjMZG6pYdawPW5rVBRiFuj8ZNZpdGkp4xaEd%2FUoCnNXUdO9AypC0I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82904724582a568f-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=UA-85346163-2

142.250.74.104

200 OK

51 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-85346163-2
IP
142.250.74.104:443
ASN
#15169 GOOGLE

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (2213)
Size
51 kB (51442 bytes)
Hash
238938239d57f59b62dc3e95b144fd65
8f2be1fba38b78d23b9abd480a91601a06e8ece8
e2366d9a12de3f2af0756f6fcac217b6356f2793dd802035bd25f2e25ba9a850

HTTP Headers

GET /gtag/js?id=UA-85346163-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 20 Nov 2023 11:15:56 GMT
expires: Mon, 20 Nov 2023 11:15:56 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51442
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c

142.250.74.104

200 OK

90 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c
IP
142.250.74.104:443
ASN
#15169 GOOGLE

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (5955)
Size
90 kB (90056 bytes)
Hash
0c5a4b1714ff230fd8473e4501bba013
fd26dea868f8c070f2e809bdc872441cff44911f
ca59c9380312dcbe4aadcd897a3cf005b01f4f3270317732e150d77aa190161b

HTTP Headers

GET /gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 20 Nov 2023 11:15:56 GMT
expires: Mon, 20 Nov 2023 11:15:56 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 90056
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

itweepinbelltor.com/zone?pub=0&zone_id=5490114&is_mobile=false&domain=fhcmeiju.com.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471

139.45.197.250

200 OK

888 B

URL GET HTTP/2
itweepinbelltor.com/zone?pub=0&zone_id=5490114&is_mobile=false&domain=fhcmeiju.com.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text, with very long lines (887)
Size
888 B (888 bytes)
Hash
5800ebd5fac46023ee5ce159af185039
69130d428356b977ec0a5bb70fe95ce3bc947b85
b299942a863006c6c8227371cc765b6eaef53616b56613001feda66f9667444f

HTTP Headers

GET /zone?pub=0&zone_id=5490114&is_mobile=false&domain=fhcmeiju.com.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fhcmeiju.com.atlaq.com/
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: application/json; charset=utf-8
content-length: 888
x-trace-id: 9dd63363572e0c2fa2f82e5b417d377b
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

preview.atlaq.com/7d10bbc4a28ba1174fa1128049046626_fhcmeiju.com.png

188.114.97.1

200 OK

29 kB

URL GET HTTP/2
preview.atlaq.com/7d10bbc4a28ba1174fa1128049046626_fhcmeiju.com.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint1E:C6:84:53:3B:FF:CE:FF:8F:8C:9D:8B:3A:69:3F:E5:28:C8:F4:A5
ValidityWed, 26 Apr 2023 00:00:00 GMT - Thu, 25 Apr 2024 23:59:59 GMT

File type
PNG image data, 683 x 384, 8-bit/color RGBA, non-interlaced\012- data
Size
29 kB (28688 bytes)
Hash
59952540d04b01ea737a3c77a153d645
ab6f9c8010a543ba4f8fdd07c39ee9ceb43520f7
7fcf0135c45d9251986cf32a06aef286ead7cd82d6e6f242175476a41b1a54d0

HTTP Headers

GET /7d10bbc4a28ba1174fa1128049046626_fhcmeiju.com.png HTTP/1.1
Host: preview.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: image/png
content-length: 28688
x-powered-by: Express
vary: Origin, Accept-Encoding
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2023 13:05:17 GMT
etag: W/"7010-18b38973da8"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ptm0CzBfmcZqHftbuQ1KC5qQ0ZBYXNOXKPQdJKYd8mDqsqJfbZYJyaeAQf0MD2QxavH9WXZWQdbl7t%2FySRFKN%2BriMDRLl8mTk9TQgJ7oWevaXrYqGrrH%2BZk7%2Bsp9q6hFP9krKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 829047231dbeb4ee-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

whulsaux.com/tag.min.js

139.45.197.244

200 OK

26 kB

URL GET HTTP/2
whulsaux.com/tag.min.js
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
FingerprintA8:C3:DA:A6:D8:7E:B2:1D:20:3B:9D:3B:86:9A:EF:7C:B3:AC:47:D7
ValidityMon, 20 Nov 2023 05:29:27 GMT - Sun, 18 Feb 2024 05:29:26 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (25542 bytes)
Hash
f2e2bbac9956f90deb8bb8620b4e6a34
92e196a6e8b21e835aeb47d0123fbad2c9c1bc2c
785e6fa651312a3f819529c5fa32cd529e74c771f73929ed85cdf424a462144f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: text/javascript; charset=utf-8
content-length: 25542
content-encoding: br
x-trace-id: 0c0130c68ca15f2bf172ad4bbb673e07
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 15 Nov 2023 11:44:01 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

rationalgalerie.de/favicon.ico

85.13.136.12

301 Moved Permanently

248 B

URL GET HTTP/2
rationalgalerie.de/favicon.ico
IP
85.13.136.12:443
ASN
#34788 Neue Medien Muennich GmbH

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrationalgalerie.de
FingerprintC9:7F:0A:CF:5E:67:74:59:51:F0:10:EF:79:2F:A9:96:2F:09:06:48
ValidityMon, 18 Sep 2023 02:07:02 GMT - Sun, 17 Dec 2023 02:07:01 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
248 B (248 bytes)
Hash
f1103764e40e64fadf0d1e5bf2e62f3c
55ea86e90b3bbfc38f42c23f529a60ed78bfa2f4
cfaf58a63b74e3a257efe74bdfabbccc58f9e84f5d50b91252e2e56896580a28

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rationalgalerie.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
strict-transport-security: max-age=600000
x-content-type-options: nosniff
location: https://www.rationalgalerie.de/index.php
content-length: 248
content-type: text/html; charset=iso-8859-1
date: Mon, 20 Nov 2023 11:15:56 GMT
server: Apache
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://fhcmeiju.com.atlaq.com/
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fhcmeiju.com.atlaq.com/
Content-Type: application/json
Content-Length: 381
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 9167233857788ac427cc6f700e3150a3
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

rbk-direkt.de/favicon.ico

87.79.4.166

301 Moved Permanently

159 B

URL GET HTTP/2
rbk-direkt.de/favicon.ico
IP
87.79.4.166:443
ASN
#8422 NetCologne Gesellschaft fur Telekommunikation mbH

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwww.rbk-direkt.de
FingerprintAD:B2:EF:F7:59:69:F8:84:7C:42:C5:DB:80:07:79:B6:CA:FF:B1:09
ValidityWed, 04 Oct 2023 13:54:10 GMT - Tue, 02 Jan 2024 13:54:09 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
159 B (159 bytes)
Hash
23f4e9e752ccc562fad185588ccf8755
27ff71b6a5881dd7dbd07c6cec09226b8fe57592
caf2972e6b656767e1d294e8591871f3394f261bbb077ef21e8342feec37a7ec

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rbk-direkt.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
location: http://www.rbk-direkt.de/favicon.ico
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
date: Mon, 20 Nov 2023 11:15:56 GMT
content-length: 159
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://fhcmeiju.com.atlaq.com/
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

fhcmeiju.com.atlaq.com/

104.21.64.58

200 OK

0 B

URL User Request GET HTTP/2
fhcmeiju.com.atlaq.com/
IP
104.21.64.58:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD / HTTP/1.1
Host: fhcmeiju.com.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (waiting for pending WAN connection)
expires: Tue, 19 Dec 2023 08:21:16 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UnOszb6g%2B5JFOD1hnFhxSz4bVHZQ3AHzYCyURMLV3AtnS3Q0uqrKiKj0dBBTY%2BHs5rQAQw3%2Fzw7fmBqUY04KRGYUIHKn9NgYh81oL%2Fvh0OnmrE4%2FtDuDAO7QEjDoxlqZhNFC%2BTx8I9IT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 829047252a500b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=c6d443379b9845a99d560d0aa1a66224

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=c6d443379b9845a99d560d0aa1a66224
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
8f3657b8c46803933e5735bbddf2d0e9
b38baeb0060839316cdf1607b083036365a18487
8ad93d96f0a8595bc9a4f804a160bad7c66bc9ac321f83554744424206154bba

HTTP Headers

GET /gid.js?userId=c6d443379b9845a99d560d0aa1a66224 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c6d443379b9845a99d560d0aa1a66224; expires=Tue, 19 Nov 2024 11:15:56 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
ce1de47b2696320338a2d77fc1c72465
1c0db5521be8172a8c64c2164600673f3fb7d053
b2bf0288c8db80654368aab26a316f52bee7c48e3afac9a9e5e6ae36e5b883de

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fhcmeiju.com.atlaq.com/
Content-Type: application/json
Content-Length: 507
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.rbk-direkt.de/favicon.ico

87.79.4.166

200 OK

1.2 kB

URL GET HTTP/2
www.rbk-direkt.de/favicon.ico
IP
87.79.4.166:443
ASN
#8422 NetCologne Gesellschaft fur Telekommunikation mbH

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwww.rbk-direkt.de
FingerprintAD:B2:EF:F7:59:69:F8:84:7C:42:C5:DB:80:07:79:B6:CA:FF:B1:09
ValidityWed, 04 Oct 2023 13:54:10 GMT - Tue, 02 Jan 2024 13:54:09 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
c7e0a02570287d2d1152583dfb3f189f
a6b8ac583479e68b89797b5c96fe372e3ec967c7
a87fefc3c881d1a3ffba6d55b979702f13347c5835f393a2508ae665800333ca

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.rbk-direkt.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/x-icon
last-modified: Mon, 18 Jul 2016 09:34:18 GMT
accept-ranges: bytes
etag: "09468ed7e0d11:0"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
date: Mon, 20 Nov 2023 11:15:56 GMT
content-length: 1150
X-Firefox-Spdy: h2

itweepinbelltor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
itweepinbelltor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /event HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://fhcmeiju.com.atlaq.com/
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:57 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

itweepinbelltor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
itweepinbelltor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
8bed764acaeeac194c11052f3f2550e4
50ed06d153279feaa9db3838edfac777907a3268
88f0d7e64d59560a77d3b5b1a6f86d089733c5bce4c97a874da2db792e8c8f16

HTTP Headers

POST /event HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fhcmeiju.com.atlaq.com/
Content-Type: application/json
Content-Length: 1645
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:57 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1700478958005&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=563303437.1700478958&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1700478958&sct=1&seg=0&dl=https%3A%2F%2Ffhcmeiju.com.atlaq.com%2F&dt=%E5%87%A4%E5%87%B0%E5%9F%8E%E7%BE%8E%E5%89%A7%E7%BD%91%20-%20%E6%9B%B4%E5%A4%9A%E7%BE%8E%E5%89%A7%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B%E3%80%81%E6%9C%80%E6%96%B0%E7%BE%8E%E5%89%A7%E5%8F%8A%E6%97%B6%E6%9B%B4%E6%96%B0%EF%BC%81&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1819

216.239.32.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1700478958005&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=563303437.1700478958&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1700478958&sct=1&seg=0&dl=https%3A%2F%2Ffhcmeiju.com.atlaq.com%2F&dt=%E5%87%A4%E5%87%B0%E5%9F%8E%E7%BE%8E%E5%89%A7%E7%BD%91%20-%20%E6%9B%B4%E5%A4%9A%E7%BE%8E%E5%89%A7%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B%E3%80%81%E6%9C%80%E6%96%B0%E7%BE%8E%E5%89%A7%E5%8F%8A%E6%97%B6%E6%9B%B4%E6%96%B0%EF%BC%81&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1819
IP
216.239.32.36:443
ASN
#15169 GOOGLE

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b81v894672372&_p=1700478958005&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=563303437.1700478958&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1700478958&sct=1&seg=0&dl=https%3A%2F%2Ffhcmeiju.com.atlaq.com%2F&dt=%E5%87%A4%E5%87%B0%E5%9F%8E%E7%BE%8E%E5%89%A7%E7%BD%91%20-%20%E6%9B%B4%E5%A4%9A%E7%BE%8E%E5%89%A7%E5%9C%A8%E7%BA%BF%E8%A7%82%E7%9C%8B%E3%80%81%E6%9C%80%E6%96%B0%E7%BE%8E%E5%89%A7%E5%8F%8A%E6%97%B6%E6%9B%B4%E6%96%B0%EF%BC%81&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1819 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
date: Mon, 20 Nov 2023 11:15:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

itweepinbelltor.com/pfe/current/tag.min.js?z=5490114

139.45.197.250

200 OK

5.8 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/tag.min.js?z=5490114
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
C source, ASCII text, with very long lines (13300)
Size
5.8 kB (5801 bytes)
Hash
c2585ce4e0bbfa562fed0b9cf703e098
de88857aba3bb6b5b3c94f86114e891c0dfd2a25
8a298b18f691c410dc9f548b24772ac3c78fc667d37d4d583db07278dc7256b3

HTTP Headers

GET /pfe/current/tag.min.js?z=5490114 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:00:38 GMT
etag: W/"654e0d56-33f4"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

whulsaux.com/?rb=W1L12aIbiyHmLd5kkXBZjqab-yXwoOd3hQlECWWAu9SLlEHqvwtNGRHBbqzRyD1V_Aa-7JQuNye7x2FbbolRqG7X2Ag6NDFkkjC58uQoNr5lVRBWqsjWmCgTNTKDgC__1d7oGE4v01Qyj5YM5xaDLaER8UnFqtgsS4VO6MBmhLaHJ0pNVm1TDQHy2gFx9l_ahx5mM-PTylh2M1gHdaesrslVXnJ2eASXxOA5uQ%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-1.629.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Ffhcmeiju.com.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.629.0&bs=aa827cc9-1741-45aa-b2bc-b066a4adaa27&userId=c6d443379b9845a99d560d0aa1a66224&m=link

139.45.197.244

200 OK

1.7 kB

URL GET HTTP/2
whulsaux.com/?rb=W1L12aIbiyHmLd5kkXBZjqab-yXwoOd3hQlECWWAu9SLlEHqvwtNGRHBbqzRyD1V_Aa-7JQuNye7x2FbbolRqG7X2Ag6NDFkkjC58uQoNr5lVRBWqsjWmCgTNTKDgC__1d7oGE4v01Qyj5YM5xaDLaER8UnFqtgsS4VO6MBmhLaHJ0pNVm1TDQHy2gFx9l_ahx5mM-PTylh2M1gHdaesrslVXnJ2eASXxOA5uQ%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-1.629.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Ffhcmeiju.com.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.629.0&bs=aa827cc9-1741-45aa-b2bc-b066a4adaa27&userId=c6d443379b9845a99d560d0aa1a66224&m=link
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
FingerprintA8:C3:DA:A6:D8:7E:B2:1D:20:3B:9D:3B:86:9A:EF:7C:B3:AC:47:D7
ValidityMon, 20 Nov 2023 05:29:27 GMT - Sun, 18 Feb 2024 05:29:26 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
1.7 kB (1748 bytes)
Hash
0d2a4600164fe874c9d02b073a30cba8
328bc92d088bf166695e11da2a5571b27f8f15e9
cde2d18cdfb84fd55424f59915fa5f5d7efad73ccc74290bc2b88d6de7946a53

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=W1L12aIbiyHmLd5kkXBZjqab-yXwoOd3hQlECWWAu9SLlEHqvwtNGRHBbqzRyD1V_Aa-7JQuNye7x2FbbolRqG7X2Ag6NDFkkjC58uQoNr5lVRBWqsjWmCgTNTKDgC__1d7oGE4v01Qyj5YM5xaDLaER8UnFqtgsS4VO6MBmhLaHJ0pNVm1TDQHy2gFx9l_ahx5mM-PTylh2M1gHdaesrslVXnJ2eASXxOA5uQ%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-1.629.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=1&pl=https%3A%2F%2Ffhcmeiju.com.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-1.629.0&bs=aa827cc9-1741-45aa-b2bc-b066a4adaa27&userId=c6d443379b9845a99d560d0aa1a66224&m=link HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fhcmeiju.com.atlaq.com/
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Cookie: OAID=c6d443379b9845a99d560d0aa1a66224; oaidts=1700478956
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:57 GMT
content-type: application/json
x-trace-id: 0b03cb2d6207749d31e850003aab56e4
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=c6d443379b9845a99d560d0aa1a66224; expires=Tue, 19 Nov 2024 11:15:57 GMT; path=/; secure; SameSite=None
oaidts=1700478957; expires=Tue, 19 Nov 2024 11:15:57 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 27 Nov 2023 11:15:57 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
582c7341ce2f21c621d9cbc88677a0ae
c3a17e9c1fa9e569335969d10a77e07015bf7a41
84e27e1f7749a0cb9e8ee1482a2af10177d21503f84732c4c8b0268315e9f7a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fhcmeiju.com.atlaq.com/
Content-Type: application/json
Content-Length: 507
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:57 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fhcmeiju.com.atlaq.com/
Content-Type: application/json
Content-Length: 378
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:58 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 84a3275dc10ee7579a5d7dd4243446e7
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.rasting.de/wp-content/uploads/sites/2/2020/11/cropped-favicon-32x32.jpg

91.184.35.223

200 OK

2.2 kB

URL GET HTTP/1.1
www.rasting.de/wp-content/uploads/sites/2/2020/11/cropped-favicon-32x32.jpg
IP
91.184.35.223:443
ASN
#34225 SpeedPartner GmbH

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerGlobalSign nv-sa
Subjectwww.rasting.de
Fingerprint4E:49:A3:E5:3F:75:7B:FF:7B:9F:9F:CD:4B:86:F3:66:D1:B9:27:57
ValidityMon, 12 Dec 2022 07:21:49 GMT - Sat, 13 Jan 2024 07:21:48 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 32x32, components 3\012- data
Size
2.2 kB (2247 bytes)
Hash
2b3aa8848a810562161a68e3db3141a8
7cc38653ffb409d2cd50a58450547a4f81c62058
7a052688beeff52ee2141126b4613afa09618229f09161a0c3efee5648ad876c

HTTP Headers

GET /wp-content/uploads/sites/2/2020/11/cropped-favicon-32x32.jpg HTTP/1.1
Host: www.rasting.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 20 Nov 2023 11:15:57 GMT
Server: Apache
Last-Modified: Mon, 16 Nov 2020 09:07:59 GMT
ETag: "8c7-5b435b6eff9c0"
Accept-Ranges: bytes
Content-Length: 2247
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/jpeg

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=563303437.1700478958&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=328205663

142.250.74.35

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=563303437.1700478958&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=328205663
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint6E:E4:BC:4A:67:5E:46:6A:B3:E4:CA:61:A7:C0:97:AB:14:F0:34:32
ValidityMon, 23 Oct 2023 11:27:27 GMT - Mon, 15 Jan 2024 11:27:26 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=563303437.1700478958&gtm=45je3b81v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=328205663 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 20 Nov 2023 11:15:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fhcmeiju.com.atlaq.com/sw-5490114.js

104.21.64.58

404 Not Found

2.7 kB

URL GET HTTP/3
fhcmeiju.com.atlaq.com/sw-5490114.js
IP
104.21.64.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (759)
Size
2.7 kB (2651 bytes)
Hash
4d657d6e65f504ad829ef64b13e3ce39
a7426d8f86e4c5c5a11fea86c504f1a621b59b99
18e942fe7d930851ee8cb5ddbd6d9af38b3c68b1c8a8ee3bb608096c81b13bcb

HTTP Headers

GET /sw-5490114.js HTTP/1.1
Host: fhcmeiju.com.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fhcmeiju.com.atlaq.com/
DNT: 1
Connection: keep-alive
Cookie: _ga_FPZ0VEL1WQ=GS1.1.1700478958.1.0.1700478958.60.0.0; _ga=GA1.1.563303437.1700478958
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
date: Mon, 20 Nov 2023 11:15:57 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31536000
expires: Mon, 18 Dec 2023 15:55:22 GMT
x-litespeed-cache: hit
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-expose-headers: Content-Disposition
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zSr88QqPtu1v2AWGUFpFEoSOyFbW5kdI8hAdCJ1ID8poh%2FN1%2BxuYs1AftV%2FnVbv0%2B0jRbk%2BcS8NwfY6UwvLjhQWxTHzl8FWkuEPhj%2F2TZmXNqVYqTvgs%2BpiSh9JX2ssMVTN%2FhvqW3RtO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82904727bc370b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://rationalgalerie.de

142.250.74.68

200 OK

538 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://rationalgalerie.de
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
538 B (538 bytes)
Hash
493a496707d5547bc798d49f6efd905d
4217b980914ca21dd4e1aa4c72281747b3d636b3
96af469558121aa296c0fb2a515f1117e01ca93da0af292be478b616bc6b58d6

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://rationalgalerie.de HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://www.rationalgalerie.de/templates/rationalgalerie/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 538
date: Mon, 20 Nov 2023 11:15:58 GMT
expires: Mon, 27 Nov 2023 11:15:58 GMT
cache-control: public, max-age=604800
last-modified: Wed, 05 Feb 2020 10:30:59 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fhcmeiju.com.atlaq.com/
Content-Type: application/json
Content-Length: 739
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:58 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 77c6e9603ab40efec62c8e9cc8082bb5
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

fhcmeiju.com.atlaq.com/badk.txt

104.21.64.58

200 OK

44 kB

URL GET HTTP/3
fhcmeiju.com.atlaq.com/badk.txt
IP
104.21.64.58:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint76:15:CE:DE:39:63:81:C5:4E:4A:13:3D:70:6B:AE:85:FA:98:9A:38
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
44 kB (43852 bytes)
Hash
f4245877e1f9b8764acbac7b475ebf2d
7471a9d7354637651fa5d0200febe7ab162fb69a
bd300473a295a173716b1b182aed7c14e3551f7400360dd5f694115683ccd41c

HTTP Headers

GET /badk.txt HTTP/1.1
Host: fhcmeiju.com.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fhcmeiju.com.atlaq.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 20 Nov 2023 11:15:57 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (starting new WAN connection)
expires: Wed, 20 Dec 2023 11:15:56 GMT
last-modified: Mon, 13 Apr 2020 08:00:16 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7rhUXUl6dK%2FiZWXpo6FVeVs6c84ZF0yiPjvn3aYaGP64mF8xFqwd8JsekAasG0Q0iMIfjA1qCfBVUpj75f1hLagxodJ9aLACLirjy9UNZsDDeISHYeTFX%2FdaHAeFssgKpq0z4WhOeKXJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 829047251a4a0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

rcp-rollei.myshopify.com/favicon.ico

23.227.38.74

404 Not Found

0 B

URL GET HTTP/2
rcp-rollei.myshopify.com/favicon.ico
IP
23.227.38.74:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectmyshopify.com
Fingerprint3B:DF:A3:ED:31:66:0B:A1:3F:E1:BD:A4:4B:D7:09:6E:05:8E:4F:4E
ValidityWed, 23 Aug 2023 00:00:00 GMT - Wed, 21 Aug 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rcp-rollei.myshopify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Mon, 20 Nov 2023 11:15:56 GMT
x-sorting-hat-podid: 263
x-sorting-hat-shopid: 27391131725
x-storefront-renderer-rendered: 1
x-dc: gcp-europe-north1,gcp-europe-west4,gcp-europe-west4
x-request-id: 8b22977b-bba4-4823-a67a-747816ad7ae3
x-download-options: noopen
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nFRnJg5AlbRDPOXaknM1DjyVmdGbcjqX6fKuts17J8mcupoCzyjR7%2FlZJvOVTZxqchy0TYXFajRUxjk2uy3r0yPXcJYKUum1VO1n3VbU9shUQv54W3lcPVD6XhMtoXPQ3y3WjUqajUG62A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server-timing: cfRequestDuration;dur=71.000099
server: cloudflare
cf-ray: 82904725cffd16a1-ARN
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

realmroyale.com/favicon.ico

0.0.0.0

0 B

URL GET
realmroyale.com/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://fhcmeiju.com.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: realmroyale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

atlaq.com/style.css

188.114.97.1

200 OK

44 kB

URL GET HTTP/2
atlaq.com/style.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint5E:AC:5A:49:0B:05:39:5A:D5:49:EF:4E:F8:76:94:B6:C0:A1:29:84
ValidityTue, 29 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6732)
Size
44 kB (43872 bytes)
Hash
611e414a545a0c84fe6c111b9a4c3722
7fe2addc3373777aeb6de31caaf66f800049dd59
b5fc73fd3ef4ac8eda80826c1f684294f136c3d03c4afed7e7cd59a3f6a5a146

HTTP Headers

GET /style.css HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
expires: Fri, 24 Nov 2023 06:07:01 GMT
last-modified: Tue, 25 Oct 2022 04:42:27 GMT
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 2264935
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rKk5vfGPRZM%2F1Dv1owbB%2B7Nn2sMyYZgURHav36SdqBR%2Ft9hmgFFH%2FxwpihgyzFans%2BsmDOGS7cMBFFMWh6s20R9tuxtz1mVitIieLbv8iGtmaLK3K8qQbBjbPMY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 829047230e8956c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.fhcmeiju.com/wp-content/themes/phoenix/static/images/pic/favicon.jpg

172.67.154.218

403 Forbidden

0 B

URL GET HTTP/2
www.fhcmeiju.com/wp-content/themes/phoenix/static/images/pic/favicon.jpg
IP
172.67.154.218:443
ASN
#13335 CLOUDFLARENET

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectfhcmeiju.com
Fingerprint78:A9:4E:F6:34:79:B8:BC:21:39:8A:68:3D:2F:98:63:9C:BE:3D:76
ValidityWed, 15 Nov 2023 20:12:26 GMT - Tue, 13 Feb 2024 20:12:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/themes/phoenix/static/images/pic/favicon.jpg HTTP/1.1
Host: www.fhcmeiju.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Mon, 20 Nov 2023 11:15:58 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: max-age=15
expires: Mon, 20 Nov 2023 11:16:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LitxYpfZ0vJV5KZ9jVNT1vaUKQRNpNKiXKZKnzui6zvExQacxD1pyIpIt5GrZsK4F7C2piR9puUh4WxqL47S15nY%2Bq7Od4WI1wvRUEjCALpA6WMjY6qmd5br6HDVyXrbobSy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 829047317d72b51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

itweepinbelltor.com/pfe/current/universal.min.js?v=3.1.471

139.45.197.250

200 OK

88 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/universal.min.js?v=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
88 kB (87852 bytes)
Hash
d46d2997ab218d1dba1ab614422ed53f
3f1f6b9847c8ad209835db366c62fcb209b83a67
09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.471 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fhcmeiju.com.atlaq.com/
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:00:38 GMT
etag: W/"654e0d56-1572c"
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=d1dd784c5ff244f2b3f4a36e5885cd09&zoneId=5490114&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=d1dd784c5ff244f2b3f4a36e5885cd09&zoneId=5490114&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
074aa66ddd24ca62e64dcb0a071b73a3
d7e4a5ef8e0aa41917e1a48b9c696fd692ce57ab
e1725cdb00e415407e3dd75343f914d967892d9f04c0005b8e5f7649831c2b00

HTTP Headers

GET /gid.js?pub=0&userId=d1dd784c5ff244f2b3f4a36e5885cd09&zoneId=5490114&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fhcmeiju.com.atlaq.com/
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Cookie: ID=c6d443379b9845a99d560d0aa1a66224
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:57 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c6d443379b9845a99d560d0aa1a66224; expires=Tue, 19 Nov 2024 11:15:57 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

rasting.de/favicon.ico

91.184.35.223

302 Found

2.2 kB

URL GET HTTP/1.1
rasting.de/favicon.ico
IP
91.184.35.223:443
ASN
#34225 SpeedPartner GmbH

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerGlobalSign nv-sa
Subjectwww.rasting.de
Fingerprint4E:49:A3:E5:3F:75:7B:FF:7B:9F:9F:CD:4B:86:F3:66:D1:B9:27:57
ValidityMon, 12 Dec 2022 07:21:49 GMT - Sat, 13 Jan 2024 07:21:48 GMT

File type

Size
2.2 kB (2247 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: rasting.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Mon, 20 Nov 2023 11:15:56 GMT
Server: Apache
Link: <https://www.rasting.de/wp-json/>; rel="https://api.w.org/"
X-Redirect-By: WordPress
Location: https://www.rasting.de/wp-content/uploads/sites/2/2020/11/cropped-favicon-32x32.jpg
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

www.rationalgalerie.de/index.php

85.13.136.12

200 OK

0 B

URL GET HTTP/2
www.rationalgalerie.de/index.php
IP
85.13.136.12:443
ASN
#34788 Neue Medien Muennich GmbH

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrationalgalerie.de
FingerprintC9:7F:0A:CF:5E:67:74:59:51:F0:10:EF:79:2F:A9:96:2F:09:06:48
ValidityMon, 18 Sep 2023 02:07:02 GMT - Sun, 17 Dec 2023 02:07:01 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /index.php HTTP/1.1
Host: www.rationalgalerie.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Wed, 17 Aug 2005 00:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: b6316690610c8c68d2a5f328497b61c3=b4ff8b90634b0c83e8eaf03398f7ee82; path=/; HttpOnly
strict-transport-security: max-age=600000
x-content-type-options: nosniff
last-modified: Mon, 20 Nov 2023 11:15:57 GMT
vary: Accept-Encoding,User-Agent
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 20 Nov 2023 11:15:56 GMT
server: Apache
X-Firefox-Spdy: h2

itweepinbelltor.com/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

57 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
57 kB (57187 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fhcmeiju.com.atlaq.com/
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:57 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:00:38 GMT
etag: W/"654e0d56-df63"
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=fhcmeiju.com

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=fhcmeiju.com
IP
0.0.0.0:0
ASN
#0

Requested by
https://fhcmeiju.com.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=fhcmeiju.com HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://rcp-rollei.myshopify.com

142.250.74.68

200 OK

822 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://rcp-rollei.myshopify.com
IP
142.250.74.68:443
ASN
#15169 GOOGLE

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size
822 B (822 bytes)
Hash
044a1feb970417964f702455961ecb26
2f31fe26b03bede382b81ef053f81c326b6b3e01
af6ee3bc9d81c5cbe031ef77cb15d2a3f174ba85862b7efadbd9b81f35c1cd06

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://rcp-rollei.myshopify.com HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://www.rollei.de/cdn/shop/files/favicon.png?crop=center&height=180&v=1644961544&width=180
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 822
date: Mon, 20 Nov 2023 11:15:58 GMT
expires: Mon, 27 Nov 2023 11:15:58 GMT
cache-control: public, max-age=604800
last-modified: Tue, 26 Sep 2023 02:15:36 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=fhcmeiju.com

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=fhcmeiju.com
IP
0.0.0.0:0
ASN
#0

Requested by
https://fhcmeiju.com.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=fhcmeiju.com HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

whulsaux.com/5/6577958/?oo=1&aab=1

139.45.197.244

200 OK

2.8 kB

URL GET HTTP/2
whulsaux.com/5/6577958/?oo=1&aab=1
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://fhcmeiju.com.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectwhulsaux.com
FingerprintA8:C3:DA:A6:D8:7E:B2:1D:20:3B:9D:3B:86:9A:EF:7C:B3:AC:47:D7
ValidityMon, 20 Nov 2023 05:29:27 GMT - Sun, 18 Feb 2024 05:29:26 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3009), with no line terminators
Size
2.8 kB (2769 bytes)
Hash
e77d42d5b6e46bb9c333af9c40e6e301
d1393776ab0fb6f18ef97f6f09411fbc72b2f8f0
b278bfa75908cc291a0ed69d84e3136508b00d2ebad71dfab5e1d31346859bdd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6577958/?oo=1&aab=1 HTTP/1.1
Host: whulsaux.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://fhcmeiju.com.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://fhcmeiju.com.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Mon, 20 Nov 2023 11:15:56 GMT
content-type: application/json
x-trace-id: c2d8b2cfd15a8f9ac12d8f0b1e65832c
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://fhcmeiju.com.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=c6d443379b9845a99d560d0aa1a66224; expires=Tue, 19 Nov 2024 11:15:56 GMT; path=/; secure; SameSite=None
oaidts=1700478956; expires=Tue, 19 Nov 2024 11:15:56 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash