Report - pussh.top/r4/index.php?p=2&tid=1k4w10if7zwge1oledh541nuh8&pid=285215b0-2ffd-4a86-9bf3-5c8f614b789e&sid=3547&u=https://trrpop.com/track/click/za06R3fBRgoNIEMgstm-wdDAb7tMYm0OL0_8blDHmJHfho11htZ0Pq5p8gdjNRuf4sGCWgA9fIjX2xmA2FoSVlqAHK7f4UvyJXE04sfO3sVep0qlLfSiNkoqsSveCXoK01ZLOsP5Xf2_uqpkblzyNCJjbn-0fJoZcVNM23YiE8v45OPNO8gzXK739xXKnccEUUT61KnXjLUgECbLfAGJqs7WPbaHs0tWTAObRcNEHvZnqTsGrSF9l_77JtVGtb5zRKdYB7x2fjiJrjb48vuZ-MqnXURLAR8ip5Qsc_UKen7eWs95EyTZy02mLKDn1PSp1tzliWU2CCNgZPwEIAIb0RZvtLSCthHQDp3Fgwc48i28wa5DYoh6Z4DClk2Gnxinz05UEwkkCZszuLb6fEV9d4q_9kgArInMdFXUfKlBvMXBxX62dkWilYaCAhPm2L4AiT9qHKQHLemv81uNdvYucfA_2STzC0XUecM9_hSnw3yd033dHLiMU2MuwF54pLoLReIsjjF468gqGt4KywtGyxSqbvKhVYRwKwf1Ve6inprb-3ewCBVFdxhNs6sELZ9DVT-pvBN_T1iPkpg?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=1k4w10if7zwge1oledh541nuh8&price=${AUCTION_PRICE}&rurl=https://creatives.altaffiliatesol.com/hentaiheroes/?ref_id=135846&td=ep&tc=91b75fed-e221-4087-b908-2fb4b83bd446&impid=1&exchange_name=AD_STORK_ADL&bid=0.0005&ts=1708231920360&tid=1k4w10if7zwge1oledh541nuh8&imp_url=https://analytics.ozlinedsp.com/tracking/imp.gif?token=1k4w10if7zwge1oledh541nuh8&price=${AUCTION_PRICE}&imp_nurl_url=https://analytics.ozlinedsp.com/tracking/imp?token=1k4w10if7zwge1oledh541nuh8&price=${AUCTION_PRICE}&campaign_id=0ef36287-e58c-4569-ab06-c31f0bb826b9&campaign=LQ_T3AD_STORK_ADL&creative_id=78c7dc47-64c7-42b2-b5dd-c59816245911&media_type=SITE&tag_id=&app_name=&app_id=&site=&site_id=3547&placement=&category=&sub_category=&app_bundle=&placement_id=3547&site_url=3547&carrier=olleh&device_os=windows&os_version=10.0&device=pc&device_id=&device_hwv=&device_make=&device_model=&language=en&platform_ip=&lat=&lon=&country=KOR&cc=&region=gyeonggi-do&city=seongnam&zc=13118&isp=ktcorporation&ip=121.172.250.95&ua=mozilla/5.0(windowsnt10.0;win64;x64)applewebkit/537.36(khtml,likegecko)chrome/121.0.0.0safari/537.36opr/107.0.0.0&ifa=8d02641e-b23b-3a37-929a-88dfa3bd80d8&idfa=8d02641e-b23b-3a37-929a-88dfa3bd80d8&gaid=

Report Overview

Visited public
2024-02-18 21:51:57
Tags
URL
pussh.top/r4/index.php?p=2&tid=1k4w10if7zwge1oledh541nuh8&pid=285215b0-2ffd-4a86-9bf3-5c8f614b789e&sid=3547&u=https://trrpop.com/track/click/za06R3fBRgoNIEMgstm-wdDAb7tMYm0OL0_8blDHmJHfho11htZ0Pq5p8gdjNRuf4sGCWgA9fIjX2xmA2FoSVlqAHK7f4UvyJXE04sfO3sVep0qlLfSiNkoqsSveCXoK01ZLOsP5Xf2_uqpkblzyNCJjbn-0fJoZcVNM23YiE8v45OPNO8gzXK739xXKnccEUUT61KnXjLUgECbLfAGJqs7WPbaHs0tWTAObRcNEHvZnqTsGrSF9l_77JtVGtb5zRKdYB7x2fjiJrjb48vuZ-MqnXURLAR8ip5Qsc_UKen7eWs95EyTZy02mLKDn1PSp1tzliWU2CCNgZPwEIAIb0RZvtLSCthHQDp3Fgwc48i28wa5DYoh6Z4DClk2Gnxinz05UEwkkCZszuLb6fEV9d4q_9kgArInMdFXUfKlBvMXBxX62dkWilYaCAhPm2L4AiT9qHKQHLemv81uNdvYucfA_2STzC0XUecM9_hSnw3yd033dHLiMU2MuwF54pLoLReIsjjF468gqGt4KywtGyxSqbvKhVYRwKwf1Ve6inprb-3ewCBVFdxhNs6sELZ9DVT-pvBN_T1iPkpg?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=1k4w10if7zwge1oledh541nuh8&price=${AUCTION_PRICE}&rurl=https://creatives.altaffiliatesol.com/hentaiheroes/?ref_id=135846&td=ep&tc=91b75fed-e221-4087-b908-2fb4b83bd446&impid=1&exchange_name=AD_STORK_ADL&bid=0.0005&ts=1708231920360&tid=1k4w10if7zwge1oledh541nuh8&imp_url=https://analytics.ozlinedsp.com/tracking/imp.gif?token=1k4w10if7zwge1oledh541nuh8&price=${AUCTION_PRICE}&imp_nurl_url=https://analytics.ozlinedsp.com/tracking/imp?token=1k4w10if7zwge1oledh541nuh8&price=${AUCTION_PRICE}&campaign_id=0ef36287-e58c-4569-ab06-c31f0bb826b9&campaign=LQ_T3AD_STORK_ADL&creative_id=78c7dc47-64c7-42b2-b5dd-c59816245911&media_type=SITE&tag_id=&app_name=&app_id=&site=&site_id=3547&placement=&category=&sub_category=&app_bundle=&placement_id=3547&site_url=3547&carrier=olleh&device_os=windows&os_version=10.0&device=pc&device_id=&device_hwv=&device_make=&device_model=&language=en&platform_ip=&lat=&lon=&country=KOR&cc=&region=gyeonggi-do&city=seongnam&zc=13118&isp=ktcorporation&ip=121.172.250.95&ua=mozilla/5.0(windowsnt10.0;win64;x64)applewebkit/537.36(khtml,likegecko)chrome/121.0.0.0safari/537.36opr/107.0.0.0&ifa=8d02641e-b23b-3a37-929a-88dfa3bd80d8&idfa=8d02641e-b23b-3a37-929a-88dfa3bd80d8&gaid=
Finishing URL
www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1708356918908000&;usg=AOvVaw2u3jf_LTw2erLbcMzE7WSV
IP / ASN
104.21.29.80
#13335 CLOUDFLARENET
Title
Viderekoblingsmerknad

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
resionsfrester.com	unknown	2023-06-07	2023-06-08 10:22:33	2024-02-16 22:35:31	801 B	1.1 kB	54.230.111.115
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2024-02-16 17:40:14	1.5 kB	3.9 kB	142.250.74.164
trrpop.com	unknown	2024-02-14	2024-02-14 11:14:34	2024-02-18 13:40:13	1.2 kB	468 B	136.243.0.58
ak.itponytaa.com	unknown	2022-06-27	2022-06-28 05:35:26	2024-02-18 14:18:14	2.7 kB	18 kB	23.36.76.162
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2024-02-18 14:44:04	527 B	678 B	139.45.195.8
datatechone.com	unknown	2021-12-24	2015-06-17 15:52:19	2024-02-16 18:36:50	574 B	467 B	37.48.68.71

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-02-18	medium	trrpop.com	Sinkholed
2024-02-18	medium	itponytaa.com	Sinkholed
2024-02-18	medium	itponytaa.com	Sinkholed
2024-02-18	medium	itponytaa.com	Sinkholed
2024-02-18	medium	datatechone.com	Sinkholed
2024-02-18	medium	itponytaa.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1708356918908000&;usg=AOvVaw2u3jf_LTw2erLbcMzE7WSV	ScriptElement	490 B	2023-04-07	2024-10-18
Pretty URL www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1708356918908000&;usg=AOvVaw2u3jf_LTw2erLbcMzE7WSV IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-04-07 05:11 Last Seen2024-10-18 10:07 Times Seen953 Hash 24a5a451dbbce4bbb98a7d6f4e7d5a05 3e2b1bc144cf6708bdcd9e92ac27bcd6018c28b9 0b9ae8dc4cdf88f688b4b3f351fbfc420c3d16bef7eda6536d94f31aa9e6a892 Loading...

HTTP Transactions (10)

URL IP Response Size

trrpop.com/track/click/za06R3fBRgoNIEMgstm-wdDAb7tMYm0OL0_8blDHmJHfho11htZ0Pq5p8gdjNRuf4sGCWgA9fIjX2xmA2FoSVlqAHK7f4UvyJXE04sfO3sVep0qlLfSiNkoqsSveCXoK01ZLOsP5Xf2_uqpkblzyNCJjbn-0fJoZcVNM23YiE8v45OPNO8gzXK739xXKnccEUUT61KnXjLUgECbLfAGJqs7WPbaHs0tWTAObRcNEHvZnqTsGrSF9l_77JtVGtb5zRKdYB7x2fjiJrjb48vuZ-MqnXURLAR8ip5Qsc_UKen7eWs95EyTZy02mLKDn1PSp1tzliWU2CCNgZPwEIAIb0RZvtLSCthHQDp3Fgwc48i28wa5DYoh6Z4DClk2Gnxinz05UEwkkCZszuLb6fEV9d4q_9kgArInMdFXUfKlBvMXBxX62dkWilYaCAhPm2L4AiT9qHKQHLemv81uNdvYucfA_2STzC0XUecM9_hSnw3yd033dHLiMU2MuwF54pLoLReIsjjF468gqGt4KywtGyxSqbvKhVYRwKwf1Ve6inprb-3ewCBVFdxhNs6sELZ9DVT-pvBN_T1iPkpg?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=1k4w10if7zwge1oledh541nuh8

136.243.0.58

0 B

URL
trrpop.com/track/click/za06R3fBRgoNIEMgstm-wdDAb7tMYm0OL0_8blDHmJHfho11htZ0Pq5p8gdjNRuf4sGCWgA9fIjX2xmA2FoSVlqAHK7f4UvyJXE04sfO3sVep0qlLfSiNkoqsSveCXoK01ZLOsP5Xf2_uqpkblzyNCJjbn-0fJoZcVNM23YiE8v45OPNO8gzXK739xXKnccEUUT61KnXjLUgECbLfAGJqs7WPbaHs0tWTAObRcNEHvZnqTsGrSF9l_77JtVGtb5zRKdYB7x2fjiJrjb48vuZ-MqnXURLAR8ip5Qsc_UKen7eWs95EyTZy02mLKDn1PSp1tzliWU2CCNgZPwEIAIb0RZvtLSCthHQDp3Fgwc48i28wa5DYoh6Z4DClk2Gnxinz05UEwkkCZszuLb6fEV9d4q_9kgArInMdFXUfKlBvMXBxX62dkWilYaCAhPm2L4AiT9qHKQHLemv81uNdvYucfA_2STzC0XUecM9_hSnw3yd033dHLiMU2MuwF54pLoLReIsjjF468gqGt4KywtGyxSqbvKhVYRwKwf1Ve6inprb-3ewCBVFdxhNs6sELZ9DVT-pvBN_T1iPkpg?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=1k4w10if7zwge1oledh541nuh8
IP
136.243.0.58:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /track/click/za06R3fBRgoNIEMgstm-wdDAb7tMYm0OL0_8blDHmJHfho11htZ0Pq5p8gdjNRuf4sGCWgA9fIjX2xmA2FoSVlqAHK7f4UvyJXE04sfO3sVep0qlLfSiNkoqsSveCXoK01ZLOsP5Xf2_uqpkblzyNCJjbn-0fJoZcVNM23YiE8v45OPNO8gzXK739xXKnccEUUT61KnXjLUgECbLfAGJqs7WPbaHs0tWTAObRcNEHvZnqTsGrSF9l_77JtVGtb5zRKdYB7x2fjiJrjb48vuZ-MqnXURLAR8ip5Qsc_UKen7eWs95EyTZy02mLKDn1PSp1tzliWU2CCNgZPwEIAIb0RZvtLSCthHQDp3Fgwc48i28wa5DYoh6Z4DClk2Gnxinz05UEwkkCZszuLb6fEV9d4q_9kgArInMdFXUfKlBvMXBxX62dkWilYaCAhPm2L4AiT9qHKQHLemv81uNdvYucfA_2STzC0XUecM9_hSnw3yd033dHLiMU2MuwF54pLoLReIsjjF468gqGt4KywtGyxSqbvKhVYRwKwf1Ve6inprb-3ewCBVFdxhNs6sELZ9DVT-pvBN_T1iPkpg?ur=https://analytics.ozlinedsp.com/tracking/click.gif?token=1k4w10if7zwge1oledh541nuh8 HTTP/1.1
Host: trrpop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 
Location: https://ak.itponytaa.com/afu.php?zoneid=5917692
x-responded-by: cors-support-provider
Access-Control-Expose-Headers: set-cookie
Access-Control-Allow-Origin: *
Access-Control-Request-Headers: origin,accept,content-type,x-requested-with
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
Access-Control-Max-Age: 86400
Content-Length: 0
Date: Sun, 18 Feb 2024 21:51:33 GMT

ak.itponytaa.com/afu.php?zoneid=5917692

23.36.76.162

14 kB

URL
ak.itponytaa.com/afu.php?zoneid=5917692
IP
23.36.76.162:0
ASN
#20940 Akamai International B.V.

File type
HTML document, ASCII text, with very long lines (18492)
Size
14 kB (14065 bytes)
Hash
e485ec1dba3bd6e7677d0d7e7ee86708
6f5656bec750f3042721c653ac1a27e2795dc50c
2f21e025218a4405247a1c7b753a53ee5d6a05ae3348d92c329cbbb7b30a6815

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /afu.php?zoneid=5917692 HTTP/1.1
Host: ak.itponytaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=utf8
x-trace-id: 48bbe2db82d885033104bf84a92ff427
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
vary: Accept-Encoding
x-akamai-transformed: 9 13208 0 pmb=mRUM,1
content-encoding: gzip
expires: Sun, 18 Feb 2024 21:51:33 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 18 Feb 2024 21:51:33 GMT
content-length: 14065
set-cookie: OAID=008006c8f583499fec26e0c9c92088e9; expires=Mon, 17 Feb 2025 21:51:33 GMT; path=/; secure; SameSite=None
oaidts=1708293093; expires=Mon, 17 Feb 2025 21:51:33 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=28, origin; dur=13, ak_p; desc="1708293093393_388254878_36957744_4102_792_2_25_41";dur=1
X-Firefox-Spdy: h2

ak.itponytaa.com/sftouch?userId=008006c8f583499fec26e0c9c92088e9&z=5917692&p_rid=58efb3bc-8705-4ca5-bc1c-cb99edc37905&p_src=sf&branchId=0&rb=6kCAiKSeJnFOBAecIRHLc-tuckV1fbrAqDR0JtlXGnVYke9ezVVWuVrXF7HOFJmNkJ7Ao6Zn7ZKAqPypGZZA_qUs2yzeyIruEvZdVxUQTj3eNmyWK6mECLhir0q6gZf6TqV3HeIx_mrxQhCZTe0DhsIPLv6_VqQ8TZKBmDsqCFtCZTeteWPNwV7e65wvK6N0-1tCdeO57bnPMd_JLMF6cBkz7nK0szdu

23.36.76.162

2 B

URL
ak.itponytaa.com/sftouch?userId=008006c8f583499fec26e0c9c92088e9&z=5917692&p_rid=58efb3bc-8705-4ca5-bc1c-cb99edc37905&p_src=sf&branchId=0&rb=6kCAiKSeJnFOBAecIRHLc-tuckV1fbrAqDR0JtlXGnVYke9ezVVWuVrXF7HOFJmNkJ7Ao6Zn7ZKAqPypGZZA_qUs2yzeyIruEvZdVxUQTj3eNmyWK6mECLhir0q6gZf6TqV3HeIx_mrxQhCZTe0DhsIPLv6_VqQ8TZKBmDsqCFtCZTeteWPNwV7e65wvK6N0-1tCdeO57bnPMd_JLMF6cBkz7nK0szdu
IP
23.36.76.162:0
ASN
#20940 Akamai International B.V.

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /sftouch?userId=008006c8f583499fec26e0c9c92088e9&z=5917692&p_rid=58efb3bc-8705-4ca5-bc1c-cb99edc37905&p_src=sf&branchId=0&rb=6kCAiKSeJnFOBAecIRHLc-tuckV1fbrAqDR0JtlXGnVYke9ezVVWuVrXF7HOFJmNkJ7Ao6Zn7ZKAqPypGZZA_qUs2yzeyIruEvZdVxUQTj3eNmyWK6mECLhir0q6gZf6TqV3HeIx_mrxQhCZTe0DhsIPLv6_VqQ8TZKBmDsqCFtCZTeteWPNwV7e65wvK6N0-1tCdeO57bnPMd_JLMF6cBkz7nK0szdu HTTP/1.1
Host: ak.itponytaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ak.itponytaa.com
DNT: 1
Connection: keep-alive
Referer: https://ak.itponytaa.com/afu.php?zoneid=5917692
Cookie: OAID=008006c8f583499fec26e0c9c92088e9; oaidts=1708293093
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers

HTTP/2 200 OK
content-type: text/plain
content-length: 2
x-trace-id: c9d88af8729399f3b7e20cb3c740c562
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://ak.itponytaa.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Sun, 18 Feb 2024 21:51:33 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 18 Feb 2024 21:51:33 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=7, ak_p; desc="1708293093721_388254878_36957787_2785_769_2_0_1";dur=1
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=merge&userId=008006c8f583499fec26e0c9c92088e9&z=5917692&p_rid=58efb3bc-8705-4ca5-bc1c-cb99edc37905&p_src=sf

139.45.195.8

43 B

URL
my.rtmark.net/img.gif?f=merge&userId=008006c8f583499fec26e0c9c92088e9&z=5917692&p_rid=58efb3bc-8705-4ca5-bc1c-cb99edc37905&p_src=sf
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=merge&userId=008006c8f583499fec26e0c9c92088e9&z=5917692&p_rid=58efb3bc-8705-4ca5-bc1c-cb99edc37905&p_src=sf HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.itponytaa.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 18 Feb 2024 21:51:33 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=008006c8f583499fec26e0c9c92088e9; expires=Mon, 17 Feb 2025 21:51:33 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ak.itponytaa.com/favicon.ico

23.36.76.162

0 B

URL
ak.itponytaa.com/favicon.ico
IP
23.36.76.162:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ak.itponytaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.itponytaa.com/afu.php?zoneid=5917692
Cookie: OAID=008006c8f583499fec26e0c9c92088e9; oaidts=1708293093
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
pragma: public
cache-control: public, must-revalidate, proxy-revalidate, max-age=2591992
date: Sun, 18 Feb 2024 21:51:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=58, origin; dur=0, ak_p; desc="1708293093847_388254878_36957828_5791_719_2_0_21";dur=1
X-Firefox-Spdy: h2

datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=58efb3bc-8705-4ca5-bc1c-cb99edc37905

37.48.68.71

2 B

URL
datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=58efb3bc-8705-4ca5-bc1c-cb99edc37905
IP
37.48.68.71:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=58efb3bc-8705-4ca5-bc1c-cb99edc37905 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1398
Origin: https://ak.itponytaa.com
DNT: 1
Connection: keep-alive
Referer: https://ak.itponytaa.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sun, 18 Feb 2024 21:51:33 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://ak.itponytaa.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

ak.itponytaa.com/?z=5917692&syncedCookie=true&rhd=false

23.36.76.162

0 B

URL
ak.itponytaa.com/?z=5917692&syncedCookie=true&rhd=false
IP
23.36.76.162:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /?z=5917692&syncedCookie=true&rhd=false HTTP/1.1
Host: ak.itponytaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 505
Origin: https://ak.itponytaa.com
DNT: 1
Connection: keep-alive
Referer: https://ak.itponytaa.com/afu.php?zoneid=5917692&var=5917692&rid=dqGdfktL4PWmomSE3WzGcA%3D%3D&rhd=false&sf=1
Cookie: OAID=008006c8f583499fec26e0c9c92088e9; oaidts=1708293093
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
content-length: 0
x-trace-id: 80b5abfd86cf1de75270536fbc8434e1
link: <https://resionsfrester.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://resionsfrester.com/1f5e6ffc-409c-44e5-b722-77f6c07b88fb?zoneid=5917692&bannerid=20360668&zonetype={zone_type}&campaignid=7943673&device=desktop&region=03&isp=blix group as&useragent=Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0&language=en&connectiontype=broadband&cost=0.000721&visitor_id=783200606528745676
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://ak.itponytaa.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Sun, 18 Feb 2024 21:51:34 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 18 Feb 2024 21:51:34 GMT
set-cookie: OAID=008006c8f583499fec26e0c9c92088e9; expires=Mon, 17 Feb 2025 21:51:34 GMT; path=/; secure; SameSite=None
oaidts=1708293093; expires=Mon, 17 Feb 2025 21:51:34 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sun, 25 Feb 2024 21:51:34 GMT; path=/; secure; SameSite=None
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=211, ak_p; desc="1708293093992_388254878_36957841_23152_970_2_0_41";dur=1
X-Firefox-Spdy: h2

resionsfrester.com/1f5e6ffc-409c-44e5-b722-77f6c07b88fb?zoneid=5917692&bannerid=20360668&zonetype={zone_type}&campaignid=7943673&device=desktop&region=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&language=en&connectiontype=broadband&cost=0.000721&visitor_id=783200606528745676

54.230.111.115

0 B

URL
resionsfrester.com/1f5e6ffc-409c-44e5-b722-77f6c07b88fb?zoneid=5917692&bannerid=20360668&zonetype={zone_type}&campaignid=7943673&device=desktop&region=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&language=en&connectiontype=broadband&cost=0.000721&visitor_id=783200606528745676
IP
54.230.111.115:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1f5e6ffc-409c-44e5-b722-77f6c07b88fb?zoneid=5917692&bannerid=20360668&zonetype={zone_type}&campaignid=7943673&device=desktop&region=03&isp=blix%20group%20as&useragent=Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:96.0)%20Gecko/20100101%20Firefox/96.0&language=en&connectiontype=broadband&cost=0.000721&visitor_id=783200606528745676 HTTP/1.1
Host: resionsfrester.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-length: 0
location: https://href.li/?https://www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1708356918908000&;usg=AOvVaw2u3jf_LTw2erLbcMzE7WSV
date: Sun, 18 Feb 2024 21:51:34 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 1f5e6ffc-409c-44e5-b722-77f6c07b88fb-v4=H_qLYnnaBGx9_RV_mBZKq11GU8v0A-u29DkGJ1eh3tE; Max-Age=86400; Expires=Mon, 19-Feb-2024 21:51:34 GMT; Domain=resionsfrester.com; Path=/; Secure; HttpOnly;SameSite=None
voluum-cid-v4=%7B%22cid%22%3A%22womc8vt12l3c2d9vimbqstd4%22%2C%22caid%22%3A%221f5e6ffc-409c-44e5-b722-77f6c07b88fb%22%7D; Max-Age=31536000; Expires=Mon, 17-Feb-2025 21:51:34 GMT; Domain=resionsfrester.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
x-cache: Miss from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: uJD_aCOPEDkuCdPDw2TTMKH0Ji3slQpnhp37AtWZ6V_DNyr_lxwuvQ==
X-Firefox-Spdy: h2

www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1708356918908000&;usg=AOvVaw2u3jf_LTw2erLbcMzE7WSV

142.250.74.164

200 OK

676 B

URL User Request GET HTTP/2
www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1708356918908000&;usg=AOvVaw2u3jf_LTw2erLbcMzE7WSV
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint2A:14:A8:9A:EA:5B:44:20:C3:AE:90:FF:4D:2F:4C:22:15:54:F9:7C
ValidityMon, 29 Jan 2024 08:20:23 GMT - Mon, 22 Apr 2024 08:20:22 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1517), with no line terminators
Size
676 B (676 bytes)
Hash
cdf9f7b33f199fe202146ce3426ae3ad
d638cf4386e14ba70a62efce521cdf2c01b8e086
b7b361aed844498b0bc65ede545790bdff53c7e1f05455333da9ded9d3365a68

HTTP Headers

GET /url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1708356918908000&;usg=AOvVaw2u3jf_LTw2erLbcMzE7WSV HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 18 Feb 2024 21:51:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-oC3W6MxR4QPW75TyK96TkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding: br
server: gws
content-length: 676
x-xss-protection: 0
set-cookie: __Secure-ENID=17.SE=Y4xxZyarQizYgyE3yohbz3AstAFOaSlcX4z3F0zpA4yxVyi4O5mwsJIZDzX-dYFTRzBAl9EYk2NDVEqMltfpoIdlJ1e7_8GXaO7nHFpmBeWYtCZf_3K-L9onsdYuzsrpMdn_JqYxtE3qcLCQoZt-KVlFmk72YEWHaTv98n3k_3g; expires=Thu, 20-Mar-2025 14:09:52 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/favicon.ico

142.250.74.164

200 OK

1.5 kB

URL GET HTTP/3
www.google.com/favicon.ico
IP
142.250.74.164:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1708356918908000&;usg=AOvVaw2u3jf_LTw2erLbcMzE7WSV
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint66:92:08:3D:8D:29:C3:CF:50:3F:34:A3:87:1B:18:29:A9:9A:66:A2
ValidityMon, 29 Jan 2024 08:04:47 GMT - Mon, 22 Apr 2024 08:04:46 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
1.5 kB (1494 bytes)
Hash
f3418a443e7d841097c714d69ec4bcb8
49263695f6b0cdd72f45cf1b775e660fdc36c606
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/url?q=https://www.business2community.com/no/gambling/casino-norge&;source=gmail&;ust=1708356918908000&;usg=AOvVaw2u3jf_LTw2erLbcMzE7WSV
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg; __Secure-ENID=17.SE=Y4xxZyarQizYgyE3yohbz3AstAFOaSlcX4z3F0zpA4yxVyi4O5mwsJIZDzX-dYFTRzBAl9EYk2NDVEqMltfpoIdlJ1e7_8GXaO7nHFpmBeWYtCZf_3K-L9onsdYuzsrpMdn_JqYxtE3qcLCQoZt-KVlFmk72YEWHaTv98n3k_3g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-length: 1494
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 18 Feb 2024 11:20:04 GMT
expires: Mon, 26 Feb 2024 11:20:04 GMT
cache-control: public, max-age=691200
last-modified: Tue, 22 Oct 2019 18:30:00 GMT
content-type: image/x-icon
vary: Accept-Encoding
age: 37890
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (10)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type