Report - nicozon.net.atlaq.com/

Report Overview

Visited public
2023-11-09 10:42:13
Tags
URL
nicozon.net.atlaq.com/
Finishing URL
nicozon.net.atlaq.com/
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
ニコニコ動画保存ツール - nicozon

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
3online.sharepoint.com	unknown	1998-08-10	2015-11-14 23:10:05	2022-01-30 14:39:55	396 B	523 B	13.107.136.10
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-11-09 05:09:50	1.1 kB	1.5 kB	139.45.195.8
amunfezanttor.com	unknown	2023-03-31	2023-03-31 14:42:42	2023-11-09 05:14:44	1.5 kB	1.5 kB	139.45.197.250
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-11-09 08:36:30	894 B	226 kB	142.250.74.168
itweepinbelltor.com	116495	2021-08-11	2021-08-11 13:34:00	2023-11-05 20:20:07	5.1 kB	164 kB	139.45.197.250
www.google.no	25607	2001-02-26	2016-04-05 21:50:59	2023-11-09 09:39:30	576 B	578 B	142.250.74.163
t1.gstatic.com	unknown	2008-02-11	2013-05-07 00:57:20	2023-11-09 08:35:33	1.6 kB	3.0 kB	142.250.74.36
arvigorothan.com	unknown	2023-10-19	2023-10-19 12:17:55	2023-11-08 18:50:25	411 B	82 kB	172.67.150.119
3dsexanime.xyz	unknown	unknown	2020-12-15 06:52:26	2023-03-07 02:05:16	390 B	666 B	172.67.206.212
nicozon.net.atlaq.com	unknown	unknown	No data	No data	1.4 kB	86 kB	188.114.97.1
atlaq.com	460385	2019-04-07	2019-04-10 14:32:55	2023-11-07 14:03:46	848 B	135 kB	172.67.176.167
3dxxx.net	unknown	unknown	No data	No data	814 B	9.9 kB	188.114.97.1
3sbilsalg.dk	unknown	unknown	No data	No data	386 B	4.6 kB	178.251.4.112
www.3mdanmark.dk	unknown	unknown	2016-01-14 16:08:04	2023-01-16 13:54:05	390 B	2.7 kB	23.54.7.122
region1.analytics.google.com	unknown	1997-09-15	2022-03-17 12:26:33	2023-11-09 05:09:16	827 B	452 B	216.239.34.36
traffic.alexa.com	381412	1996-07-17	2012-05-20 23:46:11	2021-05-14 12:40:47	978 B	0 B	0.0.0.0
3mdanmark.dk	unknown	unknown	2015-08-16 04:53:10	2023-09-11 21:52:22	386 B	938 B	3.20.38.251
www.3dsexanime.xyz	unknown	unknown	2020-12-15 06:52:26	2023-03-02 14:31:49	394 B	650 B	172.67.206.212
groorsoa.net	unknown	2023-10-23	2023-10-24 03:50:52	2023-11-09 01:19:54	1.6 kB	6.6 kB	139.45.197.245

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-11-09	medium	amunfezanttor.com	Sinkholed
2023-11-09	medium	amunfezanttor.com	Sinkholed
2023-11-09	medium	amunfezanttor.com	Sinkholed
2023-11-09	medium	groorsoa.net	Sinkholed
2023-11-09	medium	groorsoa.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	nicozon.net.atlaq.com/	3.6 kB	2024-08-20 20:17	2024-08-20 20:17
Pretty URL nicozon.net.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:17 Last Seen2024-08-20 20:17 Times Seen1 Hash 66d5c40c7bf57dc299dcd3152c169ee2 39744431f24df1ab5c9493ef81eb1327cf7a6d9e a41814712f3189dc616caf9d6d22e414e5d36c2ed5c85def0b544d74f92b6e70 Loading...

	nicozon.net.atlaq.com/	196 B	2024-08-20 20:17	2024-08-20 20:17
Pretty URL nicozon.net.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 20:17 Last Seen2024-08-20 20:17 Times Seen1 Hash 1acf86509b92acffa4f350c1bb6a86c7 575bad3e193dda7a9bfe4cec566f158ac2b8cf35 139f0973f90ae23345fd55d52764bd1b8f526e47f6d0d5eae682cb8c7e34b31f Loading...

	unknown	160 B	2024-08-20 20:17	2024-08-20 20:17
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 20:17 Last Seen2024-08-20 20:17 Times Seen1 Hash bb1232f36800c33f18a8fcdef688048b 916f9a7a82f8acb960353246139c39a52e03f4e4 23e107436b3edbd4279c9adaae470cbd06d34195a6401bffe8b81d67acbf68c4 Loading...

	unknown	151 B	2024-08-20 20:17	2024-08-20 20:17
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2024-08-20 20:17 Last Seen2024-08-20 20:17 Times Seen1 Hash 5e6eb0d742eee6df88b05e9cf6ffc673 269a9351d2aaaf8626859a926eb0d8212acf70cf de1715d9ce01374ec370faf054f6b8dc3f3b1b2aeae146183fb40ad9e96d9348 Loading...

	arvigorothan.com/tag.min.js	81 kB	2023-11-07 15:04	2023-11-10 10:37
Pretty URL arvigorothan.com/tag.min.js IP 172.67.150.119 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-07 15:04 Last Seen2023-11-10 10:37 Times Seen101 Hash 9886ced2a23f597e699da8c08cce79d8 052851b56885ea5ce57d98c36163680300f64bc0 515abc8669312dd2e623a0a8f1d6fce5593e131ddc96d330a38810dc3e04075c Loading...

	www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c	266 kB	2023-11-09 11:42	2023-11-09 11:42
Pretty URL www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-09 11:42 Last Seen2023-11-09 11:42 Times Seen1 Hash 290a49be821b1eafd487d1178d1cbc08 243b36050f4b3a41a2ecdb42a82d6906654a36b7 38e3bcba42b2b0a51ba714a1134d690caaa8b0b7487f32d0dd347fb0a97dc728 Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11 21:07	2024-11-28 22:36
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 22:36 Times Seen281790 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	nicozon.net.atlaq.com/sandbox%20eval%20code	147 B	2023-04-11 21:07	2024-11-28 22:36
Pretty URL nicozon.net.atlaq.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2024-11-28 22:36 Times Seen282590 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	nicozon.net.atlaq.com/	154 B	2023-03-10 11:07	2024-11-28 20:47
Pretty URL nicozon.net.atlaq.com/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 11:07 Last Seen2024-11-28 20:47 Times Seen69 Hash 556aedec3c17b1047b6ea5b24555b6b3 bc98386bf7c5d5088b545befbe3f36738874ca18 25b0f8074b7996c02b28918d9dec52e00501eee8990db393f4a0624d136a828e Loading...

	www.googletagmanager.com/gtag/js?id=UA-85346163-2	135 kB	2023-11-09 11:42	2023-11-09 11:42
Pretty URL www.googletagmanager.com/gtag/js?id=UA-85346163-2 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-09 11:42 Last Seen2023-11-09 11:42 Times Seen1 Hash bc9ebe5b5ebc039d173caed665ffc759 cdd0557dca54f25fd011f3ec42318d56dffdaf34 04ca263d51fa553b3612219220f795de1d31e08b63a445ff81306bb0ffd87641 Loading...

	itweepinbelltor.com/pfe/current/tag.min.js?z=5490114	13 kB	2023-11-02 10:05	2024-08-20 21:23
Pretty URL itweepinbelltor.com/pfe/current/tag.min.js?z=5490114 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2697 Hash 258578af3c107ccb907f73c3a2f4c25f 7a192edea829968fb7f57f2a2fc4cb5b612598be 1f945c9c46c47a2b0e867b0d09c3e4559cd768a2d3747abf28d1d65667733b75 Loading...

	unknown	88 kB	2023-11-02 10:05	2024-08-20 21:23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-02 10:05 Last Seen2024-08-20 21:23 Times Seen2914 Hash d46d2997ab218d1dba1ab614422ed53f 3f1f6b9847c8ad209835db366c62fcb209b83a67 09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42 Loading...

	unknown	26 kB	2023-03-07 01:18	2024-10-26 14:27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18 Last Seen2024-10-26 14:27 Times Seen1733 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

		Size	First Seen	Last Seen
	#1 Write - 8ac30c122db3cc3fcdf87f61c4006b6b	51 kB	2024-08-20 20:17	2024-08-20 20:17
Pretty Observations First Seen2024-08-20 20:17 Last Seen2024-08-20 20:17 Times Seen1 Hash 8ac30c122db3cc3fcdf87f61c4006b6b 1b4b2f26e8bd98904aa957edf3d41310ca2ae846 3f73185e9eaae55b3b30e00391ce4481d9139259b36951dac993dac9fae4f060 Loading...

HTTP Transactions (40)

URL IP Response Size

nicozon.net.atlaq.com/

188.114.97.1

200 OK

64 kB

URL User Request GET HTTP/2
nicozon.net.atlaq.com/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
FingerprintFA:A2:5C:EE:B6:A9:D7:21:D6:87:4B:4F:82:74:3D:9E:A3:F6:E4:8E
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9720), with CR, LF line terminators
Size
64 kB (63466 bytes)
Hash
fcdb15c6b15a012488523274f7d1f2a5
cca875beb27dc8f62076d2ab961dd6c73dc92607
7528eeb96433e15849649f4ef53a3915cc9adc68a217ce9f05e1886f1eeade44

HTTP Headers

GET / HTTP/1.1
Host: nicozon.net.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 Nov 2023 10:41:55 GMT
content-type: text/html; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (starting new WAN connection)
expires: Sat, 09 Dec 2023 10:41:50 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-litespeed-cache: hit
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=otVKZqa7C7h60wiZaSTmxaWxiKkfWm5WSUrkxqVe6j7S8Id7Ay%2BiJkssIrdK3fKzKFkiAtIiSKOXtpX5qXkrFyj1LhJqQYNfUc%2FjgiSIeRVav56xtigd7OewNZk2gCBHnGxqYFDmMP4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 823572304cf55696-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

atlaq.com/style.css

172.67.176.167

200 OK

16 kB

URL GET HTTP/2
atlaq.com/style.css
IP
172.67.176.167:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint5E:AC:5A:49:0B:05:39:5A:D5:49:EF:4E:F8:76:94:B6:C0:A1:29:84
ValidityTue, 29 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (6732)
Size
16 kB (15696 bytes)
Hash
611e414a545a0c84fe6c111b9a4c3722
7fe2addc3373777aeb6de31caaf66f800049dd59
b5fc73fd3ef4ac8eda80826c1f684294f136c3d03c4afed7e7cd59a3f6a5a146

HTTP Headers

GET /style.css HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 Nov 2023 10:41:56 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000
expires: Fri, 24 Nov 2023 06:07:01 GMT
last-modified: Tue, 25 Oct 2022 04:42:27 GMT
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 1312495
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lFzO1dJ%2B9zj18Qe7y1xdBU%2FvTnurFQvNg1eodvrdBxsSHbeBLUNtYeUMJa0N6%2FP0Ou4cSlSvl9dVdp4FEo3YoAfOsVTZPYfNiHndtV8IU%2BjRhtad9703zioQgx0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8235723618ab56c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

atlaq.com/logo.png

172.67.176.167

200 OK

117 kB

URL GET HTTP/3
atlaq.com/logo.png
IP
172.67.176.167:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
Fingerprint5E:AC:5A:49:0B:05:39:5A:D5:49:EF:4E:F8:76:94:B6:C0:A1:29:84
ValidityTue, 29 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT

File type
PNG image data, 500 x 446, 8-bit/color RGBA, non-interlaced\012- data
Size
117 kB (117433 bytes)
Hash
792b74959e26cd37fd05dfcd0ef07770
c6e3ed2dd9771b077daf93eda5773cd10d621147
7ae2cb133588b7a2926b71630869d602c294840f6c1379666e82b25f3354623b

HTTP Headers

GET /logo.png HTTP/1.1
Host: atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 Nov 2023 10:41:56 GMT
content-type: image/png
content-length: 117433
cache-control: public, max-age=31536000
expires: Thu, 24 Oct 2024 05:27:08 GMT
last-modified: Wed, 29 Jan 2020 11:21:42 GMT
vary: User-Agent,Origin, Accept-Encoding
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 1314888
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1kPkIQdvnvzRYsuffwBOlFqkSOTQG67vKkVgxVnXp%2Fo%2FMuwcHfPqhuBKNEZMUx6EYSgeruIZ7H8CcJWQyXqRuv02Erl1UU0CCrptg1jIQSmSMllcfg2zelyIFfU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82357237bda81c16-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c

142.250.74.168

200 OK

90 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (5955)
Size
90 kB (89925 bytes)
Hash
290a49be821b1eafd487d1178d1cbc08
243b36050f4b3a41a2ecdb42a82d6906654a36b7
38e3bcba42b2b0a51ba714a1134d690caaa8b0b7487f32d0dd347fb0a97dc728

HTTP Headers

GET /gtag/js?id=G-FPZ0VEL1WQ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 Nov 2023 10:41:56 GMT
expires: Thu, 09 Nov 2023 10:41:56 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89925
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

itweepinbelltor.com/zone?pub=0&zone_id=5490114&is_mobile=false&domain=nicozon.net.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471

139.45.197.250

200 OK

888 B

URL GET HTTP/2
itweepinbelltor.com/zone?pub=0&zone_id=5490114&is_mobile=false&domain=nicozon.net.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text, with very long lines (887)
Size
888 B (888 bytes)
Hash
5800ebd5fac46023ee5ce159af185039
69130d428356b977ec0a5bb70fe95ce3bc947b85
b299942a863006c6c8227371cc765b6eaef53616b56613001feda66f9667444f

HTTP Headers

GET /zone?pub=0&zone_id=5490114&is_mobile=false&domain=nicozon.net.atlaq.com&var=&ymid=&var_3=&tg=0&sw=3.1.471 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nicozon.net.atlaq.com/
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:56 GMT
content-type: application/json; charset=utf-8
content-length: 888
x-trace-id: b316cc5ecad6e3434e4b7b881a98ab23
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

3dxxx.net/wp-includes/images/w-logo-blue-white-bg.png

188.114.97.1

200 OK

4.1 kB

URL GET HTTP/3
3dxxx.net/wp-includes/images/w-logo-blue-white-bg.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint74:C8:3A:B9:4A:74:53:25:DC:C4:01:57:FF:F1:BC:03:EF:50:DF:0A
ValidityFri, 03 Feb 2023 00:00:00 GMT - Fri, 02 Feb 2024 23:59:59 GMT

File type
PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4119 bytes)
Hash
000bf649cc8f6bf27cfb04d1bcdcd3c7
d73d2f6d74ec6cdcbae07955592962e77d8ae814
6bdb369337ac2496761c6f063bffea0aa6a91d4662279c399071a468251f51f0

HTTP Headers

GET /wp-includes/images/w-logo-blue-white-bg.png HTTP/1.1
Host: 3dxxx.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 Nov 2023 10:41:56 GMT
content-type: image/png
content-length: 4119
last-modified: Tue, 06 Dec 2022 22:26:54 GMT
etag: "638fc1ae-1017"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 388268
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iv5EI3mBz3qVbdQAapeLZO%2FxrbQZZZb7lChwcX5oU8ASwEtjx1i8JqQ78V9I8VLV%2F1U8F2nuxQyXHTmI8dV1eSDZJFnk74fhcYwOFLZaw3%2BMD4Zza4IoVinIJfw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 823572393fb8568b-OSL
alt-svc: h3=":443"; ma=86400

3online.sharepoint.com/favicon.ico

13.107.136.10

404 Not Found

0 B

URL GET HTTP/2
3online.sharepoint.com/favicon.ico
IP
13.107.136.10:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerMicrosoft Corporation
Subject*.sharepoint.com
Fingerprint4F:05:25:62:5B:8B:B9:4F:5F:54:60:7F:43:4A:D6:26:33:61:44:3E
ValidityThu, 12 Oct 2023 00:01:20 GMT - Sun, 06 Oct 2024 00:01:20 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 3online.sharepoint.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
p3p: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
sprequestduration: 49
spiislatency: 0
x-powered-by: ASP.NET
microsoftsharepointteamservices: 16.0.0.24225
x-content-type-options: nosniff
x-ms-invokeapp: 1; RequireReadOnly
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 090616A06590457EA0EFFC757E2C4197 Ref B: OSL30EDGE0414 Ref C: 2023-11-09T10:41:56Z
date: Thu, 09 Nov 2023 10:41:56 GMT
content-length: 0
X-Firefox-Spdy: h2

3sbilsalg.dk/favicon.ico

178.251.4.112

200 OK

4.3 kB

URL GET HTTP/2
3sbilsalg.dk/favicon.ico
IP
178.251.4.112:443
ASN
#207199 team.blue Denmark A/S

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subject3sbilsalg.dk
Fingerprint0A:75:F8:E6:12:64:A0:E6:6D:54:05:CE:38:6F:FA:5E:0D:2D:9F:EB
ValidityMon, 06 Nov 2023 09:53:34 GMT - Sun, 04 Feb 2024 09:53:33 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
4.3 kB (4286 bytes)
Hash
c8134164da2b964625ccfa9e1bdefdbc
078298647072a5d3c301ffaca1bd827802c7a7f3
64c62606980f723dbcfc380ac3828454eb3528aa222681f600e1f8084a0ef006

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 3sbilsalg.dk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 4286
content-type: image/x-icon
last-modified: Tue, 06 Sep 2022 06:15:48 GMT
accept-ranges: bytes
etag: "1d8c1b81b1612be"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Thu, 09 Nov 2023 10:41:56 GMT
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://nicozon.net.atlaq.com/
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:57 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nicozon.net.atlaq.com/
Content-Type: application/json
Content-Length: 379
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:57 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 5b45d4ac12d44104f7fac5aa8b802e0e
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

nicozon.net.atlaq.com/badk.txt

188.114.97.1

200 OK

15 kB

URL GET HTTP/3
nicozon.net.atlaq.com/badk.txt
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
FingerprintFA:A2:5C:EE:B6:A9:D7:21:D6:87:4B:4F:82:74:3D:9E:A3:F6:E4:8E
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
15 kB (14616 bytes)
Hash
f4245877e1f9b8764acbac7b475ebf2d
7471a9d7354637651fa5d0200febe7ab162fb69a
bd300473a295a173716b1b182aed7c14e3551f7400360dd5f694115683ccd41c

HTTP Headers

GET /badk.txt HTTP/1.1
Host: nicozon.net.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nicozon.net.atlaq.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 09 Nov 2023 10:41:57 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=2592000
cf-railgun: direct (starting new WAN connection)
expires: Sat, 09 Dec 2023 10:41:56 GMT
last-modified: Mon, 13 Apr 2020 08:00:16 GMT
strict-transport-security: max-age=31536000;includeSubDomains
vary: Accept-Encoding,User-Agent,Origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-turbo-charged-by: LiteSpeed
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DmZwJLbqzATkwTwD%2BJlsknFJ%2Bml6p7p8LNpVMBJSe%2FOWDm%2FIvTCQXcE9SI%2FXrKHbrIEGM8RSsVj5kacTAlNCzasf2wtar4GUxiETcYvIejLD19sp2f3892PmQ42q2BKiEKDssbWiPPs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82357237c8a356a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=c66a5f57462f468493f8a3bc8c09feb4

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=c66a5f57462f468493f8a3bc8c09feb4
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
d6e798a5488d1398c73583a130c2a6fb
109460cc9c463124f4f536fc8825338c6031b0db
6fc4a80e7a250a5c00f4a26f5df76164155155e2b434932c319587a419ee7441

HTTP Headers

GET /gid.js?userId=c66a5f57462f468493f8a3bc8c09feb4 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:57 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c66a5f57462f468493f8a3bc8c09feb4; expires=Fri, 08 Nov 2024 10:41:57 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://nicozon.net.atlaq.com/
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:57 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
fa4d5274a43445f49b32e976d62b3a0d
96befe98f41ee52c5755d1289be44a45e1323cb1
493e859d9b13b7e6ae48d5a25aad7ec59390505dc28c178833008fdfc7379424

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nicozon.net.atlaq.com/
Content-Type: application/json
Content-Length: 506
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:57 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

3mdanmark.dk/favicon.ico

3.20.38.251

301 Moved Permanently

244 B

URL GET HTTP/2
3mdanmark.dk/favicon.ico
IP
3.20.38.251:443
ASN
#16509 AMAZON-02

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerAmazon
Subjectsvs3.3m.com
Fingerprint14:B9:7B:4F:C9:7C:BA:6D:A0:04:14:61:13:1B:71:79:86:5D:80:EE
ValidityWed, 08 Feb 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
244 B (244 bytes)
Hash
7dbfca4ec9c9025d214bdbf1f5c1682f
15e8963e6a7c3b00ca8feb410d81c622fc6bf2aa
c09c256f266e10ef49a62012e2b0dad343be55df0d19bec80b1ecfcc52d85394

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 3mdanmark.dk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 09 Nov 2023 10:41:57 GMT
content-type: text/html; charset=iso-8859-1
content-length: 244
location: https://www.3mdanmark.dk/favicon.ico
set-cookie: AWSALB=/SagAkj4frk6U+MTzX5AxYQxdwaRxW6KirXLWxtTJremtAsN+sxOpiUYCsLtJSsjfUAHFA09qTWuSA1rzand52KJ5oWVhT/AorO09VZttNI392L9+Asoa/3qEWKq; Expires=Thu, 16 Nov 2023 10:41:57 GMT; Path=/
AWSALBCORS=/SagAkj4frk6U+MTzX5AxYQxdwaRxW6KirXLWxtTJremtAsN+sxOpiUYCsLtJSsjfUAHFA09qTWuSA1rzand52KJ5oWVhT/AorO09VZttNI392L9+Asoa/3qEWKq; Expires=Thu, 16 Nov 2023 10:41:57 GMT; Path=/; SameSite=None; Secure
server: Apache
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self';
X-Firefox-Spdy: h2

www.3mdanmark.dk/favicon.ico

23.54.7.122

200 OK

2.2 kB

URL GET HTTP/2
www.3mdanmark.dk/favicon.ico
IP
23.54.7.122:443
ASN
#16625 AKAMAI-AS

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerSectigo Limited
Subjectak-san02.3m.com
Fingerprint47:E9:BF:DE:0A:08:D6:14:D7:67:D1:F9:90:E0:80:8D:7D:EF:B4:09
ValidityTue, 14 Mar 2023 00:00:00 GMT - Wed, 13 Mar 2024 23:59:59 GMT

File type
MS Windows icon resource - 2 icons, 32x32, 16 colors, 16x16\012- data
Size
2.2 kB (2166 bytes)
Hash
79986902129349e2e4be24ec29797b58
185e9e3737e9e786d222241acdb9bf924ec42c7c
5ae4ab61528007a712ebfe7d7a9a237cc8beae0a339a953a79ee43c5b69cc8fc

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.3mdanmark.dk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self' *.adobe.com;
last-modified: Wed, 24 Jan 2007 22:59:37 GMT
etag: "70e004-876-427d13fb02840"
accept-ranges: bytes
content-length: 2166
served-by: p-812
x-xss-protection: 1; mode=block
content-type: image/x-icon
cache-control: max-age=86400
expires: Fri, 10 Nov 2023 10:41:57 GMT
date: Thu, 09 Nov 2023 10:41:57 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=23, origin; dur=0, ak_p; desc="1699526517504_34992163_1490739_2304_8341_8_29_12";dur=1
X-Firefox-Spdy: h2

itweepinbelltor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
itweepinbelltor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /event HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://nicozon.net.atlaq.com/
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:57 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

itweepinbelltor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
itweepinbelltor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
78ca7d70931e9c718bc83c135c7d408f
dbc72a8a5c05ba2554c1c4ae812e1ca91632a13a
b45e48f3600d71e36dc65dec4ae6caa7358908dc8e21ef7980c5923569161980

HTTP Headers

POST /event HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nicozon.net.atlaq.com/
Content-Type: application/json
Content-Length: 1639
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:57 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b60v894672372&_p=1699526516355&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=513255933.1699526517&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1699526516&sct=1&seg=0&dl=https%3A%2F%2Fnicozon.net.atlaq.com%2F&dt=%E3%83%8B%E3%82%B3%E3%83%8B%E3%82%B3%E5%8B%95%E7%94%BB%E4%BF%9D%E5%AD%98%E3%83%84%E3%83%BC%E3%83%AB%20-%20nicozon&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1624

216.239.34.36

204 No Content

0 B

URL POST HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b60v894672372&_p=1699526516355&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=513255933.1699526517&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1699526516&sct=1&seg=0&dl=https%3A%2F%2Fnicozon.net.atlaq.com%2F&dt=%E3%83%8B%E3%82%B3%E3%83%8B%E3%82%B3%E5%8B%95%E7%94%BB%E4%BF%9D%E5%AD%98%E3%83%84%E3%83%BC%E3%83%AB%20-%20nicozon&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1624
IP
216.239.34.36:443
ASN
#15169 GOOGLE

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-FPZ0VEL1WQ&gtm=45je3b60v894672372&_p=1699526516355&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=513255933.1699526517&ul=en-us&sr=1280x1024&_eu=AAAI&_s=1&sid=1699526516&sct=1&seg=0&dl=https%3A%2F%2Fnicozon.net.atlaq.com%2F&dt=%E3%83%8B%E3%82%B3%E3%83%8B%E3%82%B3%E5%8B%95%E7%94%BB%E4%BF%9D%E5%AD%98%E3%83%84%E3%83%BC%E3%83%AB%20-%20nicozon&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1624 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://nicozon.net.atlaq.com
date: Thu, 09 Nov 2023 10:41:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=a35e641d0f1b4d2b87c999ed936783c6&zoneId=5490114&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=a35e641d0f1b4d2b87c999ed936783c6&zoneId=5490114&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
d6e798a5488d1398c73583a130c2a6fb
109460cc9c463124f4f536fc8825338c6031b0db
6fc4a80e7a250a5c00f4a26f5df76164155155e2b434932c319587a419ee7441

HTTP Headers

GET /gid.js?pub=0&userId=a35e641d0f1b4d2b87c999ed936783c6&zoneId=5490114&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nicozon.net.atlaq.com/
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Cookie: ID=c66a5f57462f468493f8a3bc8c09feb4
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:57 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c66a5f57462f468493f8a3bc8c09feb4; expires=Fri, 08 Nov 2024 10:41:57 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=513255933.1699526517&gtm=45je3b60v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1908098678

142.250.74.163

200 OK

42 B

URL GET HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=513255933.1699526517&gtm=45je3b60v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1908098678
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.no
Fingerprint29:58:11:F3:D3:18:F5:CB:E0:44:F2:26:7E:93:2F:BD:DE:27:0C:EB
ValidityMon, 16 Oct 2023 08:13:02 GMT - Mon, 08 Jan 2024 08:13:01 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FPZ0VEL1WQ&cid=513255933.1699526517&gtm=45je3b60v894672372&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1908098678 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 09 Nov 2023 10:41:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://nicozon.net

142.250.74.36

200 OK

132 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://nicozon.net
IP
142.250.74.36:443
ASN
#15169 GOOGLE

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintEB:59:E9:F3:0F:CE:D8:1A:8C:BB:EE:7D:2E:B7:B8:39:73:7A:CE:28
ValidityMon, 16 Oct 2023 08:10:00 GMT - Mon, 08 Jan 2024 08:09:59 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
132 B (132 bytes)
Hash
d25a7db79c9f10bdbb20453739590820
8b8a22e8006214354dcbf894aa3bbe46c265ccbe
2d9ee1a2c61c3df1a0fa3ce425551cdeba97cff30b000e236df1e55afabeb633

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://nicozon.net HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: http://www.nicozon.net/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 132
date: Thu, 09 Nov 2023 10:41:57 GMT
expires: Thu, 16 Nov 2023 10:41:57 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://3dsexanime.xyz

142.250.74.36

404 Not Found

726 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://3dsexanime.xyz
IP
142.250.74.36:443
ASN
#15169 GOOGLE

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintEB:59:E9:F3:0F:CE:D8:1A:8C:BB:EE:7D:2E:B7:B8:39:73:7A:CE:28
ValidityMon, 16 Oct 2023 08:10:00 GMT - Mon, 08 Jan 2024 08:09:59 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://3dsexanime.xyz HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Thu, 09 Nov 2023 10:41:57 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://3online.sharepoint.com

142.250.74.36

404 Not Found

726 B

URL GET HTTP/2
t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://3online.sharepoint.com
IP
142.250.74.36:443
ASN
#15169 GOOGLE

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintEB:59:E9:F3:0F:CE:D8:1A:8C:BB:EE:7D:2E:B7:B8:39:73:7A:CE:28
ValidityMon, 16 Oct 2023 08:10:00 GMT - Mon, 08 Jan 2024 08:09:59 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
726 B (726 bytes)
Hash
b8a0bf372c762e966cc99ede8682bc71
2d7c9b60d1e2b4f4726141de2e4ab738110b9287
59bfe9bc385ad69f50793ce4a53397316d7a875a7148a63c16df9b674c6cda64

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&size=64&url=https://3online.sharepoint.com HTTP/1.1
Host: t1.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cross-origin-resource-policy: cross-origin
content-type: image/png
x-content-type-options: nosniff
date: Thu, 09 Nov 2023 10:41:57 GMT
server: sffe
content-length: 726
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nicozon.net.atlaq.com/
Content-Type: application/json
Content-Length: 736
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:58 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 59fd70ac75fcb6bf652489b266d6efbd
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintD6:54:A1:23:39:A0:9A:41:5A:CC:0B:F2:C1:7C:6A:FA:F0:E8:C1:52
ValidityWed, 06 Sep 2023 01:33:39 GMT - Tue, 05 Dec 2023 01:33:38 GMT

File type
JSON data\012- , ASCII text
Size
94 B (94 bytes)
Hash
7eeb2ab97ff90211a1c6a53a7b36c03a
f0d4d36298b6b8c70fdfc66e8eb8b5a4f95c3610
60875f123e8c5a1cfe04bc3fcb82d608e796e91041d183e8b9cc3672735cf268

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nicozon.net.atlaq.com/
Content-Type: application/json
Content-Length: 506
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:58 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

itweepinbelltor.com/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
itweepinbelltor.com/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
JSON data\012- , ASCII text
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

HTTP Headers

POST /custom HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nicozon.net.atlaq.com/
Content-Type: application/json
Content-Length: 376
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:58 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 3c251ed1df00fec796a2515c6f60c8a7
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

itweepinbelltor.com/pfe/current/tag.min.js?z=5490114

139.45.197.250

200 OK

13 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/tag.min.js?z=5490114
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
C source, ASCII text, with very long lines (13300), with no line terminators
Size
13 kB (13300 bytes)
Hash
258578af3c107ccb907f73c3a2f4c25f
7a192edea829968fb7f57f2a2fc4cb5b612598be
1f945c9c46c47a2b0e867b0d09c3e4559cd768a2d3747abf28d1d65667733b75

HTTP Headers

GET /pfe/current/tag.min.js?z=5490114 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:56 GMT
content-type: application/javascript
last-modified: Wed, 08 Nov 2023 10:32:15 GMT
etag: W/"654b63af-33f4"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

arvigorothan.com/tag.min.js

172.67.150.119

200 OK

81 kB

URL GET HTTP/2
arvigorothan.com/tag.min.js
IP
172.67.150.119:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectarvigorothan.com
FingerprintAC:1F:39:DE:94:70:43:89:E6:3A:0A:DC:3C:07:35:17:63:91:D3:18
ValidityThu, 19 Oct 2023 09:16:34 GMT - Wed, 17 Jan 2024 09:16:33 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
81 kB (80827 bytes)
Hash
9886ced2a23f597e699da8c08cce79d8
052851b56885ea5ce57d98c36163680300f64bc0
515abc8669312dd2e623a0a8f1d6fce5593e131ddc96d330a38810dc3e04075c

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: arvigorothan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 09 Nov 2023 10:41:56 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 331df805c1eb0091c31e153ee1377f34
cache-control: max-age=86400
last-modified: Tue, 07 Nov 2023 13:38:54 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Thu, 09 Nov 2023 12:47:51 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 78845
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VKL5UFcrNKt9321rW%2Bvn0nGby%2FnKHmkGsgFU%2FW4VzJDNNwd8V8DfHSrHnhDQ%2B2orVzgKugX0PWlAhLtZyeq%2F5zpEqVDU9019jCRtdMiOO%2B%2F8mOkYXkPrs0jU6hyx8JpPsS%2F4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 823572380a850afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=nicozon.net

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=nicozon.net
IP
0.0.0.0:0
ASN
#0

Requested by
https://nicozon.net.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=q&b=f5f5f5&n=666666&r=2y&u=nicozon.net HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

www.googletagmanager.com/gtag/js?id=UA-85346163-2

142.250.74.168

200 OK

135 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-85346163-2
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint3B:1D:9C:59:AC:F8:2F:47:8A:C6:AE:4F:88:F0:8D:84:C7:6A:47:DA
ValidityMon, 16 Oct 2023 08:02:30 GMT - Mon, 08 Jan 2024 08:02:29 GMT

File type
ASCII text, with very long lines (2213)
Size
135 kB (134666 bytes)
Hash
bc9ebe5b5ebc039d173caed665ffc759
cdd0557dca54f25fd011f3ec42318d56dffdaf34
04ca263d51fa553b3612219220f795de1d31e08b63a445ff81306bb0ffd87641

HTTP Headers

GET /gtag/js?id=UA-85346163-2 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 Nov 2023 10:41:56 GMT
expires: Thu, 09 Nov 2023 10:41:56 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 51353
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

itweepinbelltor.com/pfe/current/universal.min.js?v=3.1.471

139.45.197.250

200 OK

88 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/universal.min.js?v=3.1.471
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
88 kB (87852 bytes)
Hash
d46d2997ab218d1dba1ab614422ed53f
3f1f6b9847c8ad209835db366c62fcb209b83a67
09e8ce2dfeac0ad09cd24788931b38ea7e7592f2c28eecc324b2dd1cd69d1b42

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.471 HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nicozon.net.atlaq.com/
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:56 GMT
content-type: application/javascript
last-modified: Wed, 08 Nov 2023 10:32:15 GMT
etag: W/"654b63af-1572c"
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

nicozon.net.atlaq.com/sw-5490114.js

188.114.97.1

404 Not Found

4.8 kB

URL GET HTTP/3
nicozon.net.atlaq.com/sw-5490114.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectatlaq.com
FingerprintFA:A2:5C:EE:B6:A9:D7:21:D6:87:4B:4F:82:74:3D:9E:A3:F6:E4:8E
ValidityFri, 25 Aug 2023 00:00:00 GMT - Sat, 24 Aug 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (5213), with no line terminators
Size
4.8 kB (4828 bytes)
Hash
544e939050d2421a4d8f8ff308ade809
2464e831970ca9846ab4a5e5bf9e6b3184e6557d
32d1737df6b9ece657e8092fcc2f786efbb472e7a84e2baae1fb17efabdded34

HTTP Headers

GET /sw-5490114.js HTTP/1.1
Host: nicozon.net.atlaq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nicozon.net.atlaq.com/
DNT: 1
Connection: keep-alive
Cookie: _ga_FPZ0VEL1WQ=GS1.1.1699526516.1.0.1699526516.60.0.0; _ga=GA1.1.513255933.1699526517
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 09 Nov 2023 10:41:57 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=31536000
expires: Sat, 09 Dec 2023 10:41:57 GMT
x-litespeed-cache: miss
vary: Accept-Encoding,User-Agent,Origin
strict-transport-security: max-age=31536000;includeSubDomains
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Authorization, Accept
access-control-expose-headers: Content-Disposition
x-turbo-charged-by: LiteSpeed
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9jQehQBXBRbsaLFu4BMCtdecdgcI8HqJTZ8efMOiObNd6%2FeDfP8X%2BayJ3Z%2B6HCBGie%2FyCc0f7pNyvxGTaczYVx8oTK2S4Vuh2%2F%2BWWgNg74HiZerQ8i8rfG8FT6dfO2NvCkZGQs44hgo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8235723b8b7256a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=nicozon.net

0.0.0.0

0 B

URL GET
traffic.alexa.com/graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=nicozon.net
IP
0.0.0.0:0
ASN
#0

Requested by
https://nicozon.net.atlaq.com/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /graph?w=260&h=190&o=f&c=1&y=t&b=f5f5f5&n=666666&r=2y&u=nicozon.net HTTP/1.1
Host: traffic.alexa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

3dxxx.net/favicon.ico

188.114.97.1

302 Found

4.1 kB

URL GET HTTP/2
3dxxx.net/favicon.ico
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint74:C8:3A:B9:4A:74:53:25:DC:C4:01:57:FF:F1:BC:03:EF:50:DF:0A
ValidityFri, 03 Feb 2023 00:00:00 GMT - Fri, 02 Feb 2024 23:59:59 GMT

File type

Size
4.1 kB (4119 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 3dxxx.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 09 Nov 2023 10:41:56 GMT
content-type: text/html; charset=UTF-8
location: https://3dxxx.net/wp-includes/images/w-logo-blue-white-bg.png
cache-control: s-maxage=31536000, max-age=60
x-wp-cf-super-cache: cache
x-wp-cf-super-cache-active: 1
x-wp-cf-super-cache-cache-control: s-maxage=31536000, max-age=60
x-wp-cf-super-cache-cookies-bypass: swfpc-feature-not-enabled
x-redirect-by: WordPress
cf-cache-status: HIT
age: 388268
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WKwH1wv1cB40rJWEPPJzI%2FUc1w0FcAkij2vLj4WiCffD0CxIu6M%2FlO%2FLxwDeA0v8V4O3LtOHeTCrhoVM8R1P7%2BSXdaujnmGFMxayLbnXbA1MNSKHDAUdu%2F49yc4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82357238de195690-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.3dsexanime.xyz/favicon.ico

172.67.206.212

404 Not Found

0 B

URL GET HTTP/3
www.3dsexanime.xyz/favicon.ico
IP
172.67.206.212:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.3dsexanime.xyz
Fingerprint4E:79:67:2D:31:51:6D:B4:CF:36:D4:48:B6:37:1E:79:56:19:20:61
ValidityWed, 20 Sep 2023 00:04:34 GMT - Tue, 19 Dec 2023 00:04:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.3dsexanime.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Thu, 09 Nov 2023 10:41:56 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/5.6.37
vary: User-Agent, Accept-Encoding
cache-control: max-age=3600
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ry8zu6ZmlSL1pA4xTybFFn9yMoPlCmh1UdhSPZY7ZmdzihzxDLgBBQpDrZQmLW1YRHqnh%2FMEQRrb2%2BttEGDVBi8lfMtYzM7p3kYBud465AFcvyYMQ7B%2BQ82z0uXJVBbiW4n9aEw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82357239ab4c1c06-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400

groorsoa.net/5/6577958/?oo=1&js_build=iclick-v1.624.0

139.45.197.245

200 OK

2.8 kB

URL GET HTTP/2
groorsoa.net/5/6577958/?oo=1&js_build=iclick-v1.624.0
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectgroorsoa.net
FingerprintD7:6E:83:AB:7A:9A:E5:7C:B8:7B:8D:12:E4:FD:B6:E5:71:49:D0:F8
ValidityMon, 23 Oct 2023 16:34:15 GMT - Sun, 21 Jan 2024 16:34:14 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3010), with no line terminators
Size
2.8 kB (2770 bytes)
Hash
5056e36b9d4a4ded9e07faf86a62ed1a
29cb11169e09f6a3972283c551e2e0c5a239ccc4
4ef3ecf4fa704684e2a7382af0f12e14a07f945c28aad67328603c8fd44a76e9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /5/6577958/?oo=1&js_build=iclick-v1.624.0 HTTP/1.1
Host: groorsoa.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Referer: https://nicozon.net.atlaq.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:56 GMT
content-type: application/json
x-trace-id: 97ded50868daf555a63574c2000391aa
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=c66a5f57462f468493f8a3bc8c09feb4; expires=Fri, 08 Nov 2024 10:41:56 GMT; path=/; secure; SameSite=None
oaidts=1699526516; expires=Fri, 08 Nov 2024 10:41:56 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

itweepinbelltor.com/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

57 kB

URL GET HTTP/2
itweepinbelltor.com/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectitweepinbelltor.com
Fingerprint02:3B:3D:FF:9B:86:67:A5:C6:4C:6C:1F:CB:D0:95:6B:BE:08:B2:DF
ValidityFri, 20 Oct 2023 05:44:18 GMT - Thu, 18 Jan 2024 05:44:17 GMT

File type

Size
57 kB (57187 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: itweepinbelltor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nicozon.net.atlaq.com/
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:58 GMT
content-type: application/javascript
last-modified: Wed, 08 Nov 2023 10:32:15 GMT
etag: W/"654b63af-df63"
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

3dsexanime.xyz/favicon.ico

172.67.206.212

301 Moved Permanently

0 B

URL GET HTTP/2
3dsexanime.xyz/favicon.ico
IP
172.67.206.212:443
ASN
#13335 CLOUDFLARENET

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.3dsexanime.xyz
Fingerprint4E:79:67:2D:31:51:6D:B4:CF:36:D4:48:B6:37:1E:79:56:19:20:61
ValidityWed, 20 Sep 2023 00:04:34 GMT - Tue, 19 Dec 2023 00:04:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 3dsexanime.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 09 Nov 2023 10:41:56 GMT
content-type: text/html; charset=iso-8859-1
location: https://www.3dsexanime.xyz/favicon.ico
cache-control: max-age=3600
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hd4XBqLDzpWHsyvQrK03SbL1tmDMrIxJUcZAJ5%2F78uNC7WzPmvpQKAVQA4Js7OeWcG%2Fhjf8hrUVZpemaaoZwTWeBEoQVOR0GXG1dIN32KtfT078YblkH%2FhVSiEHPmJV1GQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82357238c89cb51b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

groorsoa.net/?rb=pEf9d4OOilQehVGksG493xnSWMOAiuPFdDqL5JePN7qqjgotmSOBVBS0o47Y_-FE-vLm92-10vxyXbM0cq9N-j7IsvKTmhsAOlMTIDTJUTryAD5WvpyLUK3jHZfLIQhHVRZhIEP5NXpO5qU1AqMFV0WfQ0jBvfTTtNURzEpC_e21izzU10NWh0R7kTMX4ENGnX2DkpLd_ZXUaiAnZv4id7jipjMacQaama7Dtw%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-v1.624.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fnicozon.net.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.624.0&bs=1302d360-2bfd-4df1-8c3b-9d62c705731d&userId=c66a5f57462f468493f8a3bc8c09feb4&m=link

139.45.197.245

200 OK

1.3 kB

URL GET HTTP/2
groorsoa.net/?rb=pEf9d4OOilQehVGksG493xnSWMOAiuPFdDqL5JePN7qqjgotmSOBVBS0o47Y_-FE-vLm92-10vxyXbM0cq9N-j7IsvKTmhsAOlMTIDTJUTryAD5WvpyLUK3jHZfLIQhHVRZhIEP5NXpO5qU1AqMFV0WfQ0jBvfTTtNURzEpC_e21izzU10NWh0R7kTMX4ENGnX2DkpLd_ZXUaiAnZv4id7jipjMacQaama7Dtw%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-v1.624.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fnicozon.net.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.624.0&bs=1302d360-2bfd-4df1-8c3b-9d62c705731d&userId=c66a5f57462f468493f8a3bc8c09feb4&m=link
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://nicozon.net.atlaq.com/
Certificate
IssuerLet's Encrypt
Subjectgroorsoa.net
FingerprintD7:6E:83:AB:7A:9A:E5:7C:B8:7B:8D:12:E4:FD:B6:E5:71:49:D0:F8
ValidityMon, 23 Oct 2023 16:34:15 GMT - Sun, 21 Jan 2024 16:34:14 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (1330), with no line terminators
Size
1.3 kB (1311 bytes)
Hash
b6aa412cdbd5b5c90c665a42995df8a5
8634416ba4b4c250908d2d3496c55f225d9e0584
f042582939758ad75c7609fb0d7a2dc7733f463a2b4fdc94e9475c11fcd67d6d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=pEf9d4OOilQehVGksG493xnSWMOAiuPFdDqL5JePN7qqjgotmSOBVBS0o47Y_-FE-vLm92-10vxyXbM0cq9N-j7IsvKTmhsAOlMTIDTJUTryAD5WvpyLUK3jHZfLIQhHVRZhIEP5NXpO5qU1AqMFV0WfQ0jBvfTTtNURzEpC_e21izzU10NWh0R7kTMX4ENGnX2DkpLd_ZXUaiAnZv4id7jipjMacQaama7Dtw%3D%3D&request_ab2=0&zoneid=6577958&js_build=iclick-v1.624.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fnicozon.net.atlaq.com%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.624.0&bs=1302d360-2bfd-4df1-8c3b-9d62c705731d&userId=c66a5f57462f468493f8a3bc8c09feb4&m=link HTTP/1.1
Host: groorsoa.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nicozon.net.atlaq.com/
Origin: https://nicozon.net.atlaq.com
DNT: 1
Connection: keep-alive
Cookie: OAID=c66a5f57462f468493f8a3bc8c09feb4; oaidts=1699526516
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 09 Nov 2023 10:41:57 GMT
content-type: application/json
x-trace-id: ca63f657a8991e192c0ff54643e747bc
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://nicozon.net.atlaq.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=c66a5f57462f468493f8a3bc8c09feb4; expires=Fri, 08 Nov 2024 10:41:57 GMT; path=/; secure; SameSite=None
oaidts=1699526517; expires=Fri, 08 Nov 2024 10:41:57 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 16 Nov 2023 10:41:57 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN