| static.heehoujaifo.com/templates/_assets/sounds/blip1/default.mp3 | 139.45.197.159 | 206 Partial Content | 6.7 kB |
URL GET HTTP/2static.heehoujaifo.com/templates/_assets/sounds/blip1/default.mp3 IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
File typeAudio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural Hash6422f23e1751d74410347e02c0210a60 0e3e65be6b5fbb76f6a52191e973bd37368be204 4fdb5a03ae3f26e801517144609db3589bd0835a686fe11dfe7afddcdb750ef8
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /templates/_assets/sounds/blip1/default.mp3 HTTP/1.1
Host: static.heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Sat, 04 May 2024 21:34:59 GMT
content-type: audio/mpeg
content-length: 6712
last-modified: Fri, 03 May 2024 14:33:21 GMT
vary: Accept-Encoding
etag: "6634f5b1-1a38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-range: bytes 0-6711/6712
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js?userId=c2715b22afd218644e2bdb357097dde4 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=c2715b22afd218644e2bdb357097dde4 IP139.45.195.8:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash998a27cab8170a6bc4e1ef6b276edada 81c38c6745e8872b30ed1eba0f18f7f49bbdef68 fac103a5290195d728609a13df6c9eeb244bf41cd9e399ad9d069184feb42175
GET /gid.js?userId=c2715b22afd218644e2bdb357097dde4 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://heehoujaifo.com/
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:34:59 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c2715b22afd218644e2bdb357097dde4; expires=Sun, 04 May 2025 21:34:59 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/zone?&pub=0&zone_id=6304462&is_mobile=false&domain=heehoujaifo.com&var=6543462&ymid=&var_3=19449159_&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=045615a6-16bd-4c5a-b1ea-b0181d3f556e&action=prerequest | 139.45.197.159 | 200 OK | 0 B |
URL POST HTTP/2heehoujaifo.com/zone?&pub=0&zone_id=6304462&is_mobile=false&domain=heehoujaifo.com&var=6543462&ymid=&var_3=19449159_&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=045615a6-16bd-4c5a-b1ea-b0181d3f556e&action=prerequest IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /zone?&pub=0&zone_id=6304462&is_mobile=false&domain=heehoujaifo.com&var=6543462&ymid=&var_3=19449159_&var_4=&dsig=&tg=1&sw=3.1.504&trace_id=045615a6-16bd-4c5a-b1ea-b0181d3f556e&action=prerequest HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc
Cookie: reverse=hGLzs2rBTQJ9OzCcQprRpb8QprAG9SvFu_5fieKhYdg; OAID=c2715b22afd218644e2bdb357097dde4; oaidts=1714858499
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:34:59 GMT
content-length: 0
x-trace-id: d1d1e7670a898fd8e008055dfb6712fd
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js | 139.45.195.8 | 200 OK | 65 B |
IP139.45.195.8:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hash0e3e4c303e5a4ebcdd54157d4935455e b7b48761a6dcaa694d44e2e3d1e09bddfd51c86e 82539443f25a741d5cc62bb25d6924448db5a66edf320cf564b8e35c0eec63e5
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://heehoujaifo.com/
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:34:59 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=080052fa5f324176f556dd1112e81415; expires=Sun, 04 May 2025 21:34:59 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| cdntechone.com/stattag.js | 188.114.96.1 | 200 OK | 7.9 kB |
URL GET HTTP/2cdntechone.com/stattag.js IP188.114.96.1:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerGoogle Trust Services LLC Subjectcdntechone.com Fingerprint3D:20:D4:11:5D:06:B3:63:9C:08:BF:D9:D9:16:22:D5:DC:3B:9A:CB ValidityMon, 22 Apr 2024 03:33:58 GMT - Sun, 21 Jul 2024 03:33:57 GMT
File typeJavaScript source, ASCII text, with very long lines (18452) Hashbec2755dff94190fec0365b0db53807b f98c36e7e9e06325d03fe39c3b98879062fc2704 ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:34:59 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4422
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R6SBrcsFGjC0RJbxCOONumOXVzEwgZm%2Bn9rioUkJIAJ5IoCdCiwy5wIJE2BRaepKkLISomSk1PoSd9mUD9ZZHoZlX%2BE3zuv%2Bjrqo9qzcoGbAl4iB%2ByB1sjdBquJhNeWhOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87eb9e383ae056c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 435
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:35:00 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b40acc84b31d3aa78dc44c59d039975b
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 432
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:35:00 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: f7c8e3245bd4c301088f711c28028325
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 434
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:35:00 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 5bf979abc213ead169a0f84c2a5fbbed
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://heehoujaifo.com/
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:35:00 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 94 B |
IP139.45.197.250:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashdf8fc48f929ba4b80bf994004b13def6 42991139d4a94c916ebd6aa41b3f8ad934161a07 47413b547d620d4de40b84e0cccd9745638f09f0b79d893aa78aceac9e5a545d
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://heehoujaifo.com/
Content-Type: application/json
Content-Length: 1300
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:35:00 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/favicon.ico | 139.45.197.159 | 204 No Content | 0 B |
URL GET HTTP/2heehoujaifo.com/favicon.ico IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc
Cookie: reverse=hGLzs2rBTQJ9OzCcQprRpb8QprAG9SvFu_5fieKhYdg; OAID=080052fa5f324176f556dd1112e81415; oaidts=1714858499; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 04 May 2024 21:35:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/rotate?zz=6355835&var=6543462&uid=080052fa5f324176f556dd1112e81415&var_4=JSZuGZAiqUzRag6ptzM6kc&os_version=x86.64 | 139.45.197.159 | 200 OK | 562 B |
URL GET HTTP/2heehoujaifo.com/rotate?zz=6355835&var=6543462&uid=080052fa5f324176f556dd1112e81415&var_4=JSZuGZAiqUzRag6ptzM6kc&os_version=x86.64 IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
Hashfd2ae36a528c87a5fa6579215943e9b1 18fc10e6b67c3b5dec2c27782a70e530fc17629e ee6f247a453d954f1c65d322c69792206bfc21fdde8f0359996220f47c452844
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /rotate?zz=6355835&var=6543462&uid=080052fa5f324176f556dd1112e81415&var_4=JSZuGZAiqUzRag6ptzM6kc&os_version=x86.64 HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc
DNT: 1
Connection: keep-alive
Cookie: reverse=hGLzs2rBTQJ9OzCcQprRpb8QprAG9SvFu_5fieKhYdg; OAID=c2715b22afd218644e2bdb357097dde4; oaidts=1714858499; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:35:00 GMT
content-type: application/javascript
x-trace-id: 7b8c84e76118c08d3dd848b16c295699
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
timing-allow-origin: *
vary: Accept-Encoding, Origin
access-control-allow-origin: https://heehoujaifo.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=080052fa5f324176f556dd1112e81415; expires=Sun, 04 May 2025 21:35:00 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
|
|
| datatechone.com/log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81&ruid=fc29e5d5-744e-432a-b61e-2a213306b7e5 | 37.48.68.71 | 200 OK | 2 B |
URL POST HTTP/1.1datatechone.com/log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81&ruid=fc29e5d5-744e-432a-b61e-2a213306b7e5 IP37.48.68.71:443 ASN#60781 LeaseWeb Netherlands B.V.
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerSectigo Limited Subjectdatatechone.com FingerprintFD:AA:8A:21:49:9F:48:59:78:C7:B2:00:75:4F:CD:2C:AF:49:2C:37 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81&ruid=fc29e5d5-744e-432a-b61e-2a213306b7e5 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1482
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 04 May 2024 21:35:00 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://heehoujaifo.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| heehoujaifo.com/track-impression-applab?z=6543462&b=19449159&ymid=JSZuGZAiqUzRag6ptzM6kc&var=&var_3=19449159_&redirect=false&redirectUrl=https%3A%2F%2Fprized.pro%2Fyz992c%3Fexternal_id%3D%24%7BSUBID%7D%26source%3D6543462_%26ad_campaign_id%3Dzeydoocrypto%26land_state%3Dbefore_render%26land_id%3DjB33Wx3582pkTZu%26land_generation_time%3D2024-05-04_16%3A34%3A59%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3Dc2715b22afd218644e2bdb357097dde4%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64 | 139.45.197.159 | 200 OK | 747 B |
URL GET HTTP/2heehoujaifo.com/track-impression-applab?z=6543462&b=19449159&ymid=JSZuGZAiqUzRag6ptzM6kc&var=&var_3=19449159_&redirect=false&redirectUrl=https%3A%2F%2Fprized.pro%2Fyz992c%3Fexternal_id%3D%24%7BSUBID%7D%26source%3D6543462_%26ad_campaign_id%3Dzeydoocrypto%26land_state%3Dbefore_render%26land_id%3DjB33Wx3582pkTZu%26land_generation_time%3D2024-05-04_16%3A34%3A59%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3Dc2715b22afd218644e2bdb357097dde4%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64 IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (801), with no line terminators Hash74858cf0113aa338e53b380d044de4c8 b39dc56001399b05d1405e6400504abacb6ddc66 23211c2e5be8a5a5e51af70327622e41cfca5c5720daf4b1eb97ca03c430cc05
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /track-impression-applab?z=6543462&b=19449159&ymid=JSZuGZAiqUzRag6ptzM6kc&var=&var_3=19449159_&redirect=false&redirectUrl=https%3A%2F%2Fprized.pro%2Fyz992c%3Fexternal_id%3D%24%7BSUBID%7D%26source%3D6543462_%26ad_campaign_id%3Dzeydoocrypto%26land_state%3Dbefore_render%26land_id%3DjB33Wx3582pkTZu%26land_generation_time%3D2024-05-04_16%3A34%3A59%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3Dc2715b22afd218644e2bdb357097dde4%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64 HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc
DNT: 1
Connection: keep-alive
Cookie: reverse=hGLzs2rBTQJ9OzCcQprRpb8QprAG9SvFu_5fieKhYdg; OAID=c2715b22afd218644e2bdb357097dde4; oaidts=1714858499; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:35:00 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: f5c3da8868ffd33a133661ab54083622
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc&mprtr=1&os_version=x86.64 | 139.45.197.159 | 200 OK | 2 B |
URL POST HTTP/2heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc&mprtr=1&os_version=x86.64 IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
POST /?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc&mprtr=1&os_version=x86.64 HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc
Cookie: reverse=hGLzs2rBTQJ9OzCcQprRpb8QprAG9SvFu_5fieKhYdg; OAID=c2715b22afd218644e2bdb357097dde4; oaidts=1714858499; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:34:59 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: br
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/sw-check-permissions/6304462?var=6543462&var_3=19449159_&uhd=1&zoneId=6304462 | 139.45.197.159 | 200 OK | 1.3 kB |
URL GET HTTP/2heehoujaifo.com/sw-check-permissions/6304462?var=6543462&var_3=19449159_&uhd=1&zoneId=6304462 IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
File typeASCII text, with very long lines (1420), with no line terminators Hashf5dd4f841e49b429c612d0341017eae8 3c9b83ec376e4f4428fce5b1ba5baa7dac597563 b731b9c6f8d7a1b1aa3238dd8bd97363ec454648e316a932cd9f3b0c3abd5c51
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /sw-check-permissions/6304462?var=6543462&var_3=19449159_&uhd=1&zoneId=6304462 HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc
Cookie: reverse=hGLzs2rBTQJ9OzCcQprRpb8QprAG9SvFu_5fieKhYdg; OAID=c2715b22afd218644e2bdb357097dde4; oaidts=1714858499; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:35:00 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=6543462&sw=/sw-check-permissions/6304462&var_3=19449159_&os_version=x86.64 | 139.45.197.159 | 200 OK | 37 kB |
URL GET HTTP/2heehoujaifo.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=6543462&sw=/sw-check-permissions/6304462&var_3=19449159_&os_version=x86.64 IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
File typeJavaScript source, ASCII text, with very long lines (37142), with no line terminators Hash32d6dbd00a639e2cd10d1704b9159bd5 0dab4c95675393f1d0e13d20f13d80ee12e41d95 9f339e5efd7c959419a4e86bb4c5e9f07eae2ed839484846157be981917743de
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=&var=6543462&sw=/sw-check-permissions/6304462&var_3=19449159_&os_version=x86.64 HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc
Cookie: reverse=hGLzs2rBTQJ9OzCcQprRpb8QprAG9SvFu_5fieKhYdg; OAID=c2715b22afd218644e2bdb357097dde4; oaidts=1714858499
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:34:59 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 10:49:22 GMT
vary: Accept-Encoding
etag: W/"662a3532-9116"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: br
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc | 139.45.197.159 | 200 OK | 53 kB |
URL User Request GET HTTP/2heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc IP139.45.197.159:443
CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
File typeHTML document, ASCII text, with very long lines (3300), with CRLF, LF line terminators Hashf968067efa6c8c62e52e989aab840485 958c6b76503952321eeb81841ccccea7b330d9be 075c4fae98e94f0e2b7ee9c820a2b9f19c62abe6b599cddea0835c789c9d81c3
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 04 May 2024 21:34:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=hGLzs2rBTQJ9OzCcQprRpb8QprAG9SvFu_5fieKhYdg; expires=Sat, 04-May-2024 22:34:59 GMT; Max-Age=3600; path=/
OAID=c2715b22afd218644e2bdb357097dde4; expires=Wed, 06-Sep-2079 19:09:58 GMT; Max-Age=1746394499; path=/
oaidts=1714858499; expires=Wed, 06-Sep-2079 19:09:58 GMT; Max-Age=1746394499; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
|
|
| littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6 | 172.67.10.98 | 200 OK | 6.9 kB |
URL GET HTTP/2littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6 IP172.67.10.98:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=&ymid=JSZuGZAiqUzRag6ptzM6kc&ymid=JSZuGZAiqUzRag6ptzM6kc CertificateIssuerLet's Encrypt Subjectlittlecdn.com Fingerprint42:A1:9F:5B:B7:1B:88:CB:90:58:FC:E9:D1:96:3C:48:38:66:3A:9A ValidityMon, 11 Mar 2024 02:10:57 GMT - Sun, 09 Jun 2024 02:10:56 GMT
File typeASCII text, with very long lines (7345), with no line terminators Hash57f883f33e55218cea794ad4f6971357 d39f9e65da05862b37169425ccd72764da82dce0 be65cf329f062009996883e7d2ac5db7d2348e7121a45a775046e2f0e7822220
GET /apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 04 May 2024 21:34:59 GMT
content-type: text/css
last-modified: Fri, 03 May 2024 14:33:21 GMT
vary: Accept-Encoding
etag: W/"6634f5b1-1af3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 5706
server: cloudflare
cf-ray: 87eb9e374ff00b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|