ak.hetaruvg.com/4/5773984?var=lp_error
95.101.11.42 11 kB URL ak.hetaruvg.com/4/5773984?var=lp_error
IP 95.101.11.42:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (17913)
Hash ff945d5ccec4239fb6748bb90b26a406
e925305223e1167e7ee49fcbd14fc84aa0a22676
54d037abd482dc4c73f659910266ed89371b170e2592b8c89bcb8b6ceffdae5e
GET /4/5773984?var=lp_error HTTP/1.1
Host: ak.hetaruvg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=utf8
x-trace-id: ec7d0b9a6d25b747b99377f8d39dab00
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-credentials: true
access-control-max-age: 86400
timing-allow-origin: *
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, Accept, Content-Type, Content-Length, Accept-Encoding
content-encoding: gzip
expires: Mon, 29 May 2023 14:38:48 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 29 May 2023 14:38:48 GMT
content-length: 11414
vary: Accept-Encoding
set-cookie: OAID=006bc53c1be7429abe16fbb207db727e; expires=Tue, 28 May 2024 14:38:48 GMT; path=/; secure; SameSite=None
oaidts=1685371128; expires=Tue, 28 May 2024 14:38:48 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
X-Firefox-Spdy: h2
ak.hetaruvg.com/favicon.ico
95.101.11.42 0 B URL ak.hetaruvg.com/favicon.ico
IP 95.101.11.42:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ak.hetaruvg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.hetaruvg.com/4/5773984?var=lp_error
Cookie: OAID=006bc53c1be7429abe16fbb207db727e; oaidts=1685371128
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
expires: Mon, 29 May 2023 14:38:49 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 29 May 2023 14:38:49 GMT
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=merge&userId=006bc53c1be7429abe16fbb207db727e
139.45.195.8 43 B URL my.rtmark.net/img.gif?f=merge&userId=006bc53c1be7429abe16fbb207db727e
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=006bc53c1be7429abe16fbb207db727e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.hetaruvg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 29 May 2023 14:38:49 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=006bc53c1be7429abe16fbb207db727e; expires=Tue, 28 May 2024 14:38:49 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.15.101 471 B IP 104.18.15.101:0
Hash 45c44320445221beacf6cb407a7724b0
6123b952d3ee7cd14358b82305e95c73cba0d906
ce74ba8d47e2cf668b51f8394d3a99e83bf7056e819762e55287712b46a1299b
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 29 May 2023 14:38:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 29 May 2023 02:07:07 GMT
Expires: Mon, 05 Jun 2023 02:07:06 GMT
Etag: "6123b952d3ee7cd14358b82305e95c73cba0d906"
Cache-Control: max-age=559322,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7cef7bb5cd66b511-OSL
ak.hetaruvg.com/?z=5773984&syncedCookie=true&rhd=false
95.101.11.42 0 B URL ak.hetaruvg.com/?z=5773984&syncedCookie=true&rhd=false
IP 95.101.11.42:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?z=5773984&syncedCookie=true&rhd=false HTTP/1.1
Host: ak.hetaruvg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 460
Origin: https://ak.hetaruvg.com
DNT: 1
Connection: keep-alive
Referer: https://ak.hetaruvg.com/afu.php?zoneid=5773984&var=5773984&rid=uZkGuFtJfk-T2gq_XdzZSg%3D%3D&rhd=false
Cookie: OAID=006bc53c1be7429abe16fbb207db727e; oaidts=1685371128
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-length: 0
x-trace-id: f1fd00c2e23c70581e22364bd6e722fe
link: <https://yt8pt.rdtk.io>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://xobr219pa.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://yt8pt.rdtk.io/64736e442e8cbe00012e5b1f
access-control-allow-origin: https://ak.hetaruvg.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Mon, 29 May 2023 14:38:49 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 29 May 2023 14:38:49 GMT
set-cookie: OAID=006bc53c1be7429abe16fbb207db727e; expires=Tue, 28 May 2024 14:38:49 GMT; path=/; secure; SameSite=None
oaidts=1685371128; expires=Tue, 28 May 2024 14:38:49 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Mon, 05 Jun 2023 14:38:49 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.usertrust.com/
104.18.14.101 471 B IP 104.18.14.101:0
Hash 02b226e6b99685fb4144d66fe3b3aaa3
85d049d017bd35778f4d01f89182864c6b16a2ab
356040e4d99a66f00b9c522e45caadc6cb3f8686a1236de98395883169c6b1b0
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 29 May 2023 14:38:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 26 May 2023 10:07:32 GMT
Expires: Fri, 02 Jun 2023 10:07:31 GMT
Etag: "85d049d017bd35778f4d01f89182864c6b16a2ab"
Cache-Control: max-age=602514,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 875
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7cef7bb7ad42b50b-OSL
yt8pt.rdtk.io/64736e442e8cbe00012e5b1f
37.48.87.182 224 B URL yt8pt.rdtk.io/64736e442e8cbe00012e5b1f
IP 37.48.87.182:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 5c144767d3923ece679ad54832c7a598
c1cc99dd7ecfd78a721b585312dd90b260899f87
91121e48ada33a2d136201c08a0a0aa8be2f239c3757eb07b0df368803d08b97
GET /64736e442e8cbe00012e5b1f HTTP/1.1
Host: yt8pt.rdtk.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Mon, 29 May 2023 14:38:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 224
Connection: keep-alive
Set-Cookie: redcmps=W3siaWQiOiI2NDczNmU0NDJlOGNiZTAwMDEyZTViMWYiLCJ0IjoiMjAyMy0wNS0yOVQxNDozODo0OS41OTM2MzQ3MjJaIn1d; Path=/; Domain=yt8pt.rdtk.io; Expires=Tue, 30 May 2023 14:38:49 GMT; Secure; SameSite=None
redhash=NjQ3NGI4Zjk5ODg5NDUwMDAxNTljNWYxfDB8NjQ3MzZlNDQyZThjYmUwMDAxMmU1YjFmfHw0MmM1NjJiZS1kN2IzLTQ4YzItODc1YS0zNjJlMjEyNzllMDR8MTY4NTM3MTEyOQ==; Path=/; Domain=yt8pt.rdtk.io; Expires=Tue, 28 May 2024 14:38:49 GMT; Secure; SameSite=None
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
www.highrevenuegate.com/r5emwnik02?key=49429c63dc13e526dadd5912943bb29f
192.243.59.12200 OK 115 B URL User Request GET HTTP/1.1 www.highrevenuegate.com/r5emwnik02?key=49429c63dc13e526dadd5912943bb29f
IP 192.243.59.12:443
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjecthighrevenuegate.com
FingerprintE3:83:9C:63:64:A5:46:F7:CE:7B:E1:4D:12:0F:29:C3:22:23:C0:14
ValidityTue, 02 May 2023 09:41:55 GMT - Mon, 31 Jul 2023 09:41:54 GMT
File type ASCII text, with no line terminators
Hash 16579cc322e9e105427ecfa57890ef69
8bb47ec30cf894ab49032d7271a45f0c778baa05
f28ce5befe08ed90a2e12b6b2a5e9fdafaa6ad173503079155260aa480c66590
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /r5emwnik02?key=49429c63dc13e526dadd5912943bb29f HTTP/1.1
Host: www.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 29 May 2023 14:38:50 GMT
Content-Type: text/html
Content-Length: 115
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=19389915; expires=Tue, 30 May 2023 14:38:50 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f170795ed871e4b9455e0a3368aec861
Strict-Transport-Security: max-age=0; includeSubdomains
www.highrevenuegate.com/favicon.ico
192.243.59.12200 OK 0 B URL GET HTTP/1.1 www.highrevenuegate.com/favicon.ico
IP 192.243.59.12:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://www.highrevenuegate.com/r5emwnik02?key=49429c63dc13e526dadd5912943bb29f
Certificate IssuerLet's Encrypt
Subjecthighrevenuegate.com
FingerprintE3:83:9C:63:64:A5:46:F7:CE:7B:E1:4D:12:0F:29:C3:22:23:C0:14
ValidityTue, 02 May 2023 09:41:55 GMT - Mon, 31 Jul 2023 09:41:54 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: www.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.highrevenuegate.com/r5emwnik02?key=49429c63dc13e526dadd5912943bb29f
Cookie: u_pl=19389915
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 29 May 2023 14:38:50 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 808caff428a26dd0db92c9c02cbb32b2
Strict-Transport-Security: max-age=0; includeSubdomains