ak.hetaruvg.com/4/5710373?var=ag_error
23.36.76.200 11 kB URL ak.hetaruvg.com/4/5710373?var=ag_error
IP 23.36.76.200:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (17913)
Hash 04b4d3ab664c8753f608781e9d8a0efc
019a88affdadfaa47d08ab6fc67e9b6054c2a973
9fbfe0f9bd23ddccfc571e085a7aa78b6d7ec5ccb67458116d859cb3f436aef6
GET /4/5710373?var=ag_error HTTP/1.1
Host: ak.hetaruvg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=utf8
x-trace-id: aae945598b08be84c1509f0671686441
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
access-control-allow-credentials: true
access-control-max-age: 86400
timing-allow-origin: *
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, Accept, Content-Type, Content-Length, Accept-Encoding
content-encoding: gzip
expires: Sat, 03 Jun 2023 16:31:46 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 03 Jun 2023 16:31:46 GMT
content-length: 11416
vary: Accept-Encoding
set-cookie: OAID=c9d696999c5d4ebe80b7d25d5c73f029; expires=Sun, 02 Jun 2024 16:31:46 GMT; path=/; secure; SameSite=None
oaidts=1685809906; expires=Sun, 02 Jun 2024 16:31:46 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
X-Firefox-Spdy: h2
ak.hetaruvg.com/favicon.ico
23.36.76.200 0 B URL ak.hetaruvg.com/favicon.ico
IP 23.36.76.200:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: ak.hetaruvg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ak.hetaruvg.com/4/5710373?var=ag_error
Cookie: OAID=c9d696999c5d4ebe80b7d25d5c73f029; oaidts=1685809906
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
expires: Sat, 03 Jun 2023 16:31:47 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 03 Jun 2023 16:31:47 GMT
X-Firefox-Spdy: h2
ak.hetaruvg.com/?z=5710373&syncedCookie=true&rhd=false
23.36.76.200 0 B URL ak.hetaruvg.com/?z=5710373&syncedCookie=true&rhd=false
IP 23.36.76.200:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /?z=5710373&syncedCookie=true&rhd=false HTTP/1.1
Host: ak.hetaruvg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 460
Origin: https://ak.hetaruvg.com
DNT: 1
Connection: keep-alive
Referer: https://ak.hetaruvg.com/afu.php?zoneid=5710373&var=5710373&rid=uZkGuFtJfk-T2gq_XdzZSg%3D%3D&rhd=false
Cookie: OAID=c9d696999c5d4ebe80b7d25d5c73f029; oaidts=1685809906
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-length: 0
x-trace-id: ed74a86920cf81861c59b9f0d63cc955
link: <https://kczqq.rdtk.io>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://xobr219pa.com>; rel="preconnect dns-prefetch"
referrer-policy: no-referrer
location: https://kczqq.rdtk.io/647a428a66d33c000126c10f
access-control-allow-origin: https://ak.hetaruvg.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
expires: Sat, 03 Jun 2023 16:31:48 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 03 Jun 2023 16:31:48 GMT
set-cookie: OAID=c9d696999c5d4ebe80b7d25d5c73f029; expires=Sun, 02 Jun 2024 16:31:48 GMT; path=/; secure; SameSite=None
oaidts=1685809906; expires=Sun, 02 Jun 2024 16:31:48 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Sat, 10 Jun 2023 16:31:48 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=merge&userId=c9d696999c5d4ebe80b7d25d5c73f029
139.45.195.8 43 B URL my.rtmark.net/img.gif?f=merge&userId=c9d696999c5d4ebe80b7d25d5c73f029
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=c9d696999c5d4ebe80b7d25d5c73f029 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ak.hetaruvg.com
DNT: 1
Connection: keep-alive
Referer: https://ak.hetaruvg.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Sat, 03 Jun 2023 16:31:49 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: https://ak.hetaruvg.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c9d696999c5d4ebe80b7d25d5c73f029; expires=Sun, 02 Jun 2024 16:31:49 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.usertrust.com/
104.18.15.101 471 B IP 104.18.15.101:0
Hash b096b030374c0b843cf10df47c04ded9
a1af4956636ee9b24e3b3c8569bb4e75ba7b2f92
bf8616f55fc85e7fe1c5717294e83ecb24e0ddc975e52ac3f9fffdf885e50557
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 03 Jun 2023 16:31:49 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 02 Jun 2023 10:07:30 GMT
Expires: Fri, 09 Jun 2023 10:07:29 GMT
Etag: "a1af4956636ee9b24e3b3c8569bb4e75ba7b2f92"
Cache-Control: max-age=602224,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 575
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d19541ce9400b55-OSL
kczqq.rdtk.io/647a428a66d33c000126c10f
37.48.87.182 224 B URL kczqq.rdtk.io/647a428a66d33c000126c10f
IP 37.48.87.182:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document, ASCII text
Hash 5c144767d3923ece679ad54832c7a598
c1cc99dd7ecfd78a721b585312dd90b260899f87
91121e48ada33a2d136201c08a0a0aa8be2f239c3757eb07b0df368803d08b97
GET /647a428a66d33c000126c10f HTTP/1.1
Host: kczqq.rdtk.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.2
Date: Sat, 03 Jun 2023 16:31:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 224
Connection: keep-alive
Set-Cookie: redcmps=W3siaWQiOiI2NDdhNDI4YTY2ZDMzYzAwMDEyNmMxMGYiLCJ0IjoiMjAyMy0wNi0wM1QxNjozMTo0OS4zMjcyMjM2NzJaIn1d; Path=/; Domain=kczqq.rdtk.io; Expires=Sun, 04 Jun 2023 16:31:49 GMT; Secure; SameSite=None
redhash=NjQ3YjZhZjVjNzllMDUwMDAxZjBiZjg1fDB8NjQ3YTQyOGE2NmQzM2MwMDAxMjZjMTBmfHxiNmY2OTc2Zi0wOTlkLTQxYmMtOWFiNy1iZTJlMWZhZGFiZmR8MTY4NTgwOTkwOQ==; Path=/; Domain=kczqq.rdtk.io; Expires=Sun, 02 Jun 2024 16:31:49 GMT; Secure; SameSite=None
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
www.highrevenuegate.com/r5emwnik02?key=49429c63dc13e526dadd5912943bb29f
173.233.137.60200 OK 115 B URL User Request GET HTTP/1.1 www.highrevenuegate.com/r5emwnik02?key=49429c63dc13e526dadd5912943bb29f
IP 173.233.137.60:443
Certificate IssuerLet's Encrypt
Subjecthighrevenuegate.com
FingerprintE3:83:9C:63:64:A5:46:F7:CE:7B:E1:4D:12:0F:29:C3:22:23:C0:14
ValidityTue, 02 May 2023 09:41:55 GMT - Mon, 31 Jul 2023 09:41:54 GMT
File type ASCII text, with no line terminators
Hash 16579cc322e9e105427ecfa57890ef69
8bb47ec30cf894ab49032d7271a45f0c778baa05
f28ce5befe08ed90a2e12b6b2a5e9fdafaa6ad173503079155260aa480c66590
Analyzer Verdict Alert quad9 Sinkholed
GET /r5emwnik02?key=49429c63dc13e526dadd5912943bb29f HTTP/1.1
Host: www.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Jun 2023 16:31:49 GMT
Content-Type: text/html
Content-Length: 115
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=19389915; expires=Sun, 04 Jun 2023 16:31:49 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9ff3753fe272f7a39ffdafbbed01987d
Strict-Transport-Security: max-age=0; includeSubdomains
www.highrevenuegate.com/favicon.ico
173.233.137.60200 OK 0 B URL GET HTTP/1.1 www.highrevenuegate.com/favicon.ico
IP 173.233.137.60:443
Requested by https://www.highrevenuegate.com/r5emwnik02?key=49429c63dc13e526dadd5912943bb29f
Certificate IssuerLet's Encrypt
Subjecthighrevenuegate.com
FingerprintE3:83:9C:63:64:A5:46:F7:CE:7B:E1:4D:12:0F:29:C3:22:23:C0:14
ValidityTue, 02 May 2023 09:41:55 GMT - Mon, 31 Jul 2023 09:41:54 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: www.highrevenuegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.highrevenuegate.com/r5emwnik02?key=49429c63dc13e526dadd5912943bb29f
Cookie: u_pl=19389915
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 03 Jun 2023 16:31:50 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a080eae2a2108f6ddd898a8e82b64dfe
Strict-Transport-Security: max-age=0; includeSubdomains