| my.rtmark.net/img.gif?f=merge&userId=312bf6ba2b0d439c9bb759e6c0996a45 | 139.45.195.8 | | 43 B |
URL my.rtmark.net/img.gif?f=merge&userId=312bf6ba2b0d439c9bb759e6c0996a45 IP139.45.195.8:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=312bf6ba2b0d439c9bb759e6c0996a45 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 14:52:49 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=312bf6ba2b0d439c9bb759e6c0996a45; expires=Tue, 28 May 2024 14:52:49 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| totaldailyposts.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=totaldailyposts.com&var=4662728&ymid=687062436234400620&var_3=&var_4=&dsig=&action=prerequest | 172.64.96.3 | | 0 B |
URL totaldailyposts.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=totaldailyposts.com&var=4662728&ymid=687062436234400620&var_3=&var_4=&dsig=&action=prerequest IP172.64.96.3:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=5202932&is_mobile=false&domain=totaldailyposts.com&var=4662728&ymid=687062436234400620&var_3=&var_4=&dsig=&action=prerequest HTTP/1.1
Host: totaldailyposts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://totaldailyposts.com
DNT: 1
Connection: keep-alive
Referer: https://totaldailyposts.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=NO&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=312bf6ba2b0d439c9bb759e6c0996a45&pshr=0&rd=0&s=687062436234400620&ssk=1095538e5ca90526fb98e1ee7d16e958&svar=1685371969&tb=5202628&tbad=5234825&vi=0&vo=0&z=4662728
Cookie: reverse=ZD7yZ3wi6WHJfS9uU_C77TFb5717_Ar9vZpaWuq81Z8; OAID=312bf6ba2b0d439c9bb759e6c0996a45; oaidts=1685371969
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 14:52:49 GMT
content-length: 0
x-trace-id: 310f7990f9d48805fd937d932e310b9d
access-control-allow-origin: https://totaldailyposts.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=liE4Axt7llOpn4pbwt6W%2FTVFOlRiqKc7SVSFidhgGZ0XTvdM49mzqKBUhvh44l9WQCCxuvfCIz2Dkf5CXBY%2FK6ntNVTZoDSr8dh87U7E0LTBSJK6b%2Fh8TZVsQJFpDx2dNiJHKKbH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cef903a39547572-LHR
alt-svc: h3=":443"; ma=86400
|
|
| totaldailyposts.com/sw-check-permissions/5202932?var=4662728&ymid=687062436234400620&uhd=1 | 172.64.96.3 | | 319 B |
URL totaldailyposts.com/sw-check-permissions/5202932?var=4662728&ymid=687062436234400620&uhd=1 IP172.64.96.3:0
Hash284e2df38ef6c05d1943e160eb4fb8b0 654494f049309957c81a20e48705a942ed209cfc 15b1a8d0b6c45f6a52e5d2986c1c3f90efb0abf8e295b2ef39c617e8228e89fa
GET /sw-check-permissions/5202932?var=4662728&ymid=687062436234400620&uhd=1 HTTP/1.1
Host: totaldailyposts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://totaldailyposts.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=NO&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=312bf6ba2b0d439c9bb759e6c0996a45&pshr=0&rd=0&s=687062436234400620&ssk=1095538e5ca90526fb98e1ee7d16e958&svar=1685371969&tb=5202628&tbad=5234825&vi=0&vo=0&z=4662728
Cookie: reverse=ZD7yZ3wi6WHJfS9uU_C77TFb5717_Ar9vZpaWuq81Z8; OAID=312bf6ba2b0d439c9bb759e6c0996a45; oaidts=1685371969
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 14:52:49 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.26
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AJ8yl81UsLo3BHGUonOmykz6gnBGI0DfeRoJrDYNfBIO3OiA45%2BVsZIxr5fg5Pb3enMfy14rTgJXtyTxor3lOaXzp3L12SdXbUNSEwFUCMGdrqcWc5Y6%2F9foMNCQMxF4Epom9CjF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cef903a49617572-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| my.rtmark.net/img.gif?f=merge&userId=312bf6ba2b0d439c9bb759e6c0996a45 | 139.45.195.8 | | 43 B |
URL my.rtmark.net/img.gif?f=merge&userId=312bf6ba2b0d439c9bb759e6c0996a45 IP139.45.195.8:0
File typeGIF image data, version 89a, 1 x 1\012- data Hashb4491705564909da7f9eaf749dbbfbb1 279315d507855c6a4351e1e2c2f39dd9cd2fccd8 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=312bf6ba2b0d439c9bb759e6c0996a45 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
DNT: 1
Connection: keep-alive
Cookie: ID=312bf6ba2b0d439c9bb759e6c0996a45
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 14:52:50 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=312bf6ba2b0d439c9bb759e6c0996a45; expires=Tue, 28 May 2024 14:52:50 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| totaldailyposts.com/submenu/5202628/?rhd=1&var=4662728&var3=687062436234400620 | 172.64.96.3 | | 1.0 kB |
URL totaldailyposts.com/submenu/5202628/?rhd=1&var=4662728&var3=687062436234400620 IP172.64.96.3:0
File typegzip compressed data, from Unix\012- data Hash40e8b710afca407b985922ef4265da4e e1504a08df1a8943c6bb3ac39030d1631db0753c 4ea00b3e8c34fa11e8eb6b0e5df855ca4e1d816e441ee9ecd78330e8843f6726
GET /submenu/5202628/?rhd=1&var=4662728&var3=687062436234400620 HTTP/1.1
Host: totaldailyposts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://totaldailyposts.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=NO&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=312bf6ba2b0d439c9bb759e6c0996a45&pshr=0&rd=0&s=687062436234400620&ssk=1095538e5ca90526fb98e1ee7d16e958&svar=1685371969&tb=5202628&tbad=5234825&vi=0&vo=0&z=4662728
Cookie: reverse=ZD7yZ3wi6WHJfS9uU_C77TFb5717_Ar9vZpaWuq81Z8; OAID=312bf6ba2b0d439c9bb759e6c0996a45; oaidts=1685371969
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 29 May 2023 14:52:50 GMT
content-type: text/html; charset=utf8
vary: Accept-Encoding
x-trace-id: 67b0c212a05ec947813646226ff70074
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://yt8pt.rdtk.io>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://xobr219pa.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=312bf6ba2b0d439c9bb759e6c0996a45; expires=Tue, 28 May 2024 14:52:50 GMT; path=/
oaidts=1685371969; expires=Tue, 28 May 2024 14:52:50 GMT; path=/
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jUm2qBHBHcmTxusaxRnPLF8Rv6JOQd37AVwXfrP%2BYu9zbvnyyQBbb9QPdCsLn4mGS2RiSEEAa4XSJMtRMR4jzl85zwwy6Q9BGXQn%2Bb%2Fhn6yOWOkDcbtwO9u197n3SbuTkqO9z9kv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cef903d6d437572-LHR
alt-svc: h3=":443"; ma=86400
|
|
| totaldailyposts.com/favicon.ico | 172.64.96.3 | | 0 B |
URL totaldailyposts.com/favicon.ico IP172.64.96.3:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: totaldailyposts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: reverse=ZD7yZ3wi6WHJfS9uU_C77TFb5717_Ar9vZpaWuq81Z8; OAID=312bf6ba2b0d439c9bb759e6c0996a45; oaidts=1685371969
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Mon, 29 May 2023 14:52:50 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cache-control: max-age=86400
cf-cache-status: HIT
age: 2720
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nZ8qzwbk4S8Dzt%2FGtlBTJNupgwEGBWmxljYw0G%2BHDpuV9Vl%2FgiMGNqgT7RggZkSNx37MGlkC2atNaxaVU2ePDHYQPCPPbZ3yV55IoFmtfIRrNPK%2FIkFwkKuS30Wozsqrc%2BQQlrhB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cef903ecec87572-LHR
alt-svc: h3=":443"; ma=86400
|
|
| yt8pt.rdtk.io/64736e442e8cbe00012e5b1f | 37.48.87.182 | | 224 B |
URL yt8pt.rdtk.io/64736e442e8cbe00012e5b1f IP37.48.87.182:0 ASN#60781 LeaseWeb Netherlands B.V.
File typeHTML document text\012- HTML document, ASCII text Hash5c144767d3923ece679ad54832c7a598 c1cc99dd7ecfd78a721b585312dd90b260899f87 91121e48ada33a2d136201c08a0a0aa8be2f239c3757eb07b0df368803d08b97
GET /64736e442e8cbe00012e5b1f HTTP/1.1
Host: yt8pt.rdtk.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Mon, 29 May 2023 14:52:50 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 224
Connection: keep-alive
Set-Cookie: redcmps=W3siaWQiOiI2NDczNmU0NDJlOGNiZTAwMDEyZTViMWYiLCJ0IjoiMjAyMy0wNS0yOVQxNDo1Mjo1MC4zOTQ5MDk1MjRaIn1d; Path=/; Domain=yt8pt.rdtk.io; Expires=Tue, 30 May 2023 14:52:50 GMT; Secure; SameSite=None
redhash=NjQ3NGJjNDI4ZGQ2ZWQwMDAxNzkwMWEwfDB8NjQ3MzZlNDQyZThjYmUwMDAxMmU1YjFmfHwyMDQ4ODkzZC02MGFiLTQwNjItOGRmZi1jMmM3ODZlYmIzZmJ8MTY4NTM3MTk3MA==; Path=/; Domain=yt8pt.rdtk.io; Expires=Tue, 28 May 2024 14:52:50 GMT; Secure; SameSite=None
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
|
|
| www.highrevenuegate.com/r5emwnik02?key=49429c63dc13e526dadd5912943bb29f | 173.233.137.52 | 200 OK | 115 B |
URL User Request GET HTTP/1.1www.highrevenuegate.com/r5emwnik02?key=49429c63dc13e526dadd5912943bb29f IP173.233.137.52:443
CertificateIssuerLet's Encrypt Subjecthighrevenuegate.com FingerprintE3:83:9C:63:64:A5:46:F7:CE:7B:E1:4D:12:0F:29:C3:22:23:C0:14 ValidityTue, 02 May 2023 09:41:55 GMT - Mon, 31 Jul 2023 09:41:54 GMT
File typeASCII text, with no line terminators Hash16579cc322e9e105427ecfa57890ef69 8bb47ec30cf894ab49032d7271a45f0c778baa05 f28ce5befe08ed90a2e12b6b2a5e9fdafaa6ad173503079155260aa480c66590
Analyzer | Verdict | Alert | fortinet | Phishing | | quad9 | Sinkholed | |
GET /r5emwnik02?key=49429c63dc13e526dadd5912943bb29f HTTP/1.1
Host: www.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 29 May 2023 14:52:50 GMT
Content-Type: text/html
Content-Length: 115
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=19389915; expires=Tue, 30 May 2023 14:52:50 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7cb8367e8d49d54739b4b86a0d7ae3f6
Strict-Transport-Security: max-age=0; includeSubdomains
|
|
| www.highrevenuegate.com/favicon.ico | 173.233.137.52 | 200 OK | 0 B |
URL GET HTTP/1.1www.highrevenuegate.com/favicon.ico IP173.233.137.52:443
Requested byhttps://www.highrevenuegate.com/r5emwnik02?key=49429c63dc13e526dadd5912943bb29f CertificateIssuerLet's Encrypt Subjecthighrevenuegate.com FingerprintE3:83:9C:63:64:A5:46:F7:CE:7B:E1:4D:12:0F:29:C3:22:23:C0:14 ValidityTue, 02 May 2023 09:41:55 GMT - Mon, 31 Jul 2023 09:41:54 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | quad9 | Sinkholed | |
GET /favicon.ico HTTP/1.1
Host: www.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.highrevenuegate.com/r5emwnik02?key=49429c63dc13e526dadd5912943bb29f
Cookie: u_pl=19389915
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 29 May 2023 14:52:51 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8d80961315ee4063e0a8727ae4b08d17
Strict-Transport-Security: max-age=0; includeSubdomains
|
|