| static.heehoujaifo.com/templates/_assets/sounds/blip1/default.mp3 | 139.45.197.159 | 206 Partial Content | 6.7 kB |
URL GET HTTP/2static.heehoujaifo.com/templates/_assets/sounds/blip1/default.mp3 IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
File typeAudio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural Hash6422f23e1751d74410347e02c0210a60 0e3e65be6b5fbb76f6a52191e973bd37368be204 4fdb5a03ae3f26e801517144609db3589bd0835a686fe11dfe7afddcdb750ef8
GET /templates/_assets/sounds/blip1/default.mp3 HTTP/1.1
Host: static.heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: audio/mpeg
content-length: 6712
last-modified: Wed, 24 Apr 2024 09:09:47 GMT
vary: Accept-Encoding
etag: "6628cc5b-1a38"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-range: bytes 0-6711/6712
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon | 139.45.197.159 | 200 OK | 13 kB |
URL User Request GET HTTP/2heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon IP139.45.197.159:443
CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
File typeHTML document, ASCII text, with very long lines (3300), with CRLF, LF line terminators Hash6b8f97310424f18ef738b91df9a5cd9c f9aca032e6c8351f847d15775200e2e30f968a0b 93e6478c325dfc9cab0b4707f14cf8baf45ac86ccf3758d69ec4d3810c4062e0
GET /?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=earraKEjwNJBYTS7lRXCRkT-JhdRz6D2wKJ8MAmM_3Y; expires=Thu, 25-Apr-2024 08:47:05 GMT; Max-Age=3600; path=/
OAID=d4c1d9bfc51e09ee3fce951a3b2118d6; expires=Fri, 18-Aug-2079 15:34:10 GMT; Max-Age=1745567225; path=/
oaidts=1714031225; expires=Fri, 18-Aug-2079 15:34:10 GMT; Max-Age=1745567225; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
|
|
| my.rtmark.net/gid.js | 139.45.195.8 | 200 OK | 65 B |
IP139.45.195.8:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
Hashbdbabd733c6180e1d71a8ae0302e1ed8 b095c9f57e0fd1a44abc2dca3037be8900b44107 e22a8b863f8dfb30f2a9d91edf53dba513e9c2bf92bbc8ece2640e78318d3735
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://heehoujaifo.com/
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=08004979f348479af5b940ce9f6c0a74; expires=Fri, 25 Apr 2025 07:47:05 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/zone?&pub=0&zone_id=6304462&is_mobile=false&domain=heehoujaifo.com&var=6543462&ymid=1320852&var_3=19449159_&var_4=&dsig=&tg=1&sw=3.1.503&trace_id=0fddd502-fa0e-4bef-8744-6b6c6e0680f9&action=prerequest | 139.45.197.159 | 200 OK | 0 B |
URL POST HTTP/2heehoujaifo.com/zone?&pub=0&zone_id=6304462&is_mobile=false&domain=heehoujaifo.com&var=6543462&ymid=1320852&var_3=19449159_&var_4=&dsig=&tg=1&sw=3.1.503&trace_id=0fddd502-fa0e-4bef-8744-6b6c6e0680f9&action=prerequest IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=6304462&is_mobile=false&domain=heehoujaifo.com&var=6543462&ymid=1320852&var_3=19449159_&var_4=&dsig=&tg=1&sw=3.1.503&trace_id=0fddd502-fa0e-4bef-8744-6b6c6e0680f9&action=prerequest HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon
Cookie: reverse=earraKEjwNJBYTS7lRXCRkT-JhdRz6D2wKJ8MAmM_3Y; OAID=d4c1d9bfc51e09ee3fce951a3b2118d6; oaidts=1714031225
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-length: 0
x-trace-id: 764e44ae5a19c4f1722efd12b4292462
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 446
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b62bd6fece78c6153633f7c003deacf7
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 448
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: faf759841b02ae3f9c43543c53c5b4f1
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| jouteetu.net/custom | 139.45.197.251 | 200 OK | 39 B |
IP139.45.197.251:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectjouteetu.net FingerprintF5:94:3C:5E:6B:54:1A:97:82:F8:7E:1F:C2:51:04:8C:FB:F5:CF:65 ValidityWed, 13 Mar 2024 19:38:02 GMT - Tue, 11 Jun 2024 19:38:01 GMT
Hash058b158c2be925f556454ef762d93538 cc6fc563b4b6baee880fdbc7fcfaa134978e33c9 ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881
POST /custom HTTP/1.1
Host: jouteetu.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 449
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: 9c83dd459b180fb70823e38d1f02fbd0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| amunfezanttor.com/event | 139.45.197.250 | 200 OK | 0 B |
IP139.45.197.250:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectamunfezanttor.com FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://heehoujaifo.com/
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
|
|
| littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6 | 172.67.10.98 | 200 OK | 1.8 kB |
URL GET HTTP/2littlecdn.com/apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6 IP172.67.10.98:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectlittlecdn.com Fingerprint42:A1:9F:5B:B7:1B:88:CB:90:58:FC:E9:D1:96:3C:48:38:66:3A:9A ValidityMon, 11 Mar 2024 02:10:57 GMT - Sun, 09 Jun 2024 02:10:56 GMT
File typeassembler source, ASCII text Hash77800b67413ed2d93cda5fbffdee9c80 e4c0cc617a79bc021ab2b114d76497dfc10f45df df72ad7033ec4e39d4cd75b51d6600837e5f46af3bb31fed01bb07aabb61cede
GET /apps/templates/android-instructions/ios-sys-msg-icon/css/style.css?v=1.6 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: text/css
last-modified: Wed, 24 Apr 2024 09:09:47 GMT
vary: Accept-Encoding
etag: W/"6628cc5b-1af3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 1212
server: cloudflare
cf-ray: 879cb9176d51b50f-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/rotate?zz=6355835&var=6543462&ymid=1320852&uid=08004979f348479af5b940ce9f6c0a74&var_4=XHiiAW77FaKDJE3dYRFyon&os_version=x86.64 | 139.45.197.159 | 200 OK | 581 B |
URL GET HTTP/2heehoujaifo.com/rotate?zz=6355835&var=6543462&ymid=1320852&uid=08004979f348479af5b940ce9f6c0a74&var_4=XHiiAW77FaKDJE3dYRFyon&os_version=x86.64 IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
Hash843c7df1bf87c7f70b4a12d6ba5656b9 805e9230c56abdd4e5a98474951f94a765f78636 ee135349c931d4373622aa959ab333423280c9a56b52cecfa8b85f3f76fd4ad8
GET /rotate?zz=6355835&var=6543462&ymid=1320852&uid=08004979f348479af5b940ce9f6c0a74&var_4=XHiiAW77FaKDJE3dYRFyon&os_version=x86.64 HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon
DNT: 1
Connection: keep-alive
Cookie: reverse=earraKEjwNJBYTS7lRXCRkT-JhdRz6D2wKJ8MAmM_3Y; OAID=d4c1d9bfc51e09ee3fce951a3b2118d6; oaidts=1714031225; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: application/javascript
x-trace-id: d4c2ee34a3b1d49a55ffc25a505e8e03
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
timing-allow-origin: *
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Accept-Encoding, Origin
access-control-allow-origin: https://heehoujaifo.com/
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
set-cookie: OAID=08004979f348479af5b940ce9f6c0a74; expires=Fri, 25 Apr 2025 07:47:05 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
|
|
| datatechone.com/log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81&ruid=7e5f8e87-4864-4671-aae7-a418cbf3a09c | 139.45.195.253 | 200 OK | 2 B |
URL POST HTTP/1.1datatechone.com/log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81&ruid=7e5f8e87-4864-4671-aae7-a418cbf3a09c IP139.45.195.253:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerSectigo Limited Subjectdatatechone.com FingerprintFD:AA:8A:21:49:9F:48:59:78:C7:B2:00:75:4F:CD:2C:AF:49:2C:37 ValiditySun, 10 Dec 2023 00:00:00 GMT - Mon, 23 Dec 2024 23:59:59 GMT
File typeASCII text, with no line terminators Hash444bcb3a3fcf8389296c49467f27e1d6 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
POST /log/add?cid=79b8b31a-f5b5-449e-9c97-e907dd6cec81&ruid=7e5f8e87-4864-4671-aae7-a418cbf3a09c HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1496
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 25 Apr 2024 07:47:06 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://heehoujaifo.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
|
|
| my.rtmark.net/gid.js?userId=d4c1d9bfc51e09ee3fce951a3b2118d6 | 139.45.195.8 | 200 OK | 65 B |
URL GET HTTP/2my.rtmark.net/gid.js?userId=d4c1d9bfc51e09ee3fce951a3b2118d6 IP139.45.195.8:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectrtmark.net FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT
File typetroff or preprocessor input, ASCII text, with no line terminators Hashb29c981702604d445c7ef82f60db2ef5 72a205fefb92b8381d7371a3723361c196dadf65 8ae7fbb23b9bfdb67b0748eb997a2f5447c41377920ece1ab61ec635e49b33c6
GET /gid.js?userId=d4c1d9bfc51e09ee3fce951a3b2118d6 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://heehoujaifo.com/
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://heehoujaifo.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=d4c1d9bfc51e09ee3fce951a3b2118d6; expires=Fri, 25 Apr 2025 07:47:05 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon&mprtr=1&os_version=x86.64 | 139.45.197.159 | 200 OK | 2 B |
URL POST HTTP/2heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon&mprtr=1&os_version=x86.64 IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
Hash99914b932bd37a50b983c5e7c90ae93b bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
POST /?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon&mprtr=1&os_version=x86.64 HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://heehoujaifo.com
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon
Cookie: reverse=earraKEjwNJBYTS7lRXCRkT-JhdRz6D2wKJ8MAmM_3Y; OAID=d4c1d9bfc51e09ee3fce951a3b2118d6; oaidts=1714031225
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: br
X-Firefox-Spdy: h2
|
|
| cdntechone.com/stattag.js | 104.21.36.146 | 200 OK | 19 kB |
URL GET HTTP/2cdntechone.com/stattag.js IP104.21.36.146:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerGoogle Trust Services LLC Subjectcdntechone.com Fingerprint3D:20:D4:11:5D:06:B3:63:9C:08:BF:D9:D9:16:22:D5:DC:3B:9A:CB ValidityMon, 22 Apr 2024 03:33:58 GMT - Sun, 21 Jul 2024 03:33:57 GMT
File typeJavaScript source, ASCII text, with very long lines (18452) Hashbec2755dff94190fec0365b0db53807b f98c36e7e9e06325d03fe39c3b98879062fc2704 ccb15ff22ece6946136f1501ab3ae74155399187c8e85beb10399d56bb8e149a
GET /stattag.js HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:04 GMT
etag: W/"65c37cb8-4a9e"
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5448
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rSnhMmsLfeM2f0BLItLl%2FIisbJtGYM9cQMk8FWkQfL3snzgOC674sZYndYvpBw3GTn2oVwKGed6b%2BL%2Fj3xBugfpjPeU5QlYYY8HOXSz9nctoAdob8yz0uqVXH59PlHAzvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879cb9186cddb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/favicon.ico | 139.45.197.159 | 204 No Content | 0 B |
URL GET HTTP/2heehoujaifo.com/favicon.ico IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon
Cookie: reverse=earraKEjwNJBYTS7lRXCRkT-JhdRz6D2wKJ8MAmM_3Y; OAID=08004979f348479af5b940ce9f6c0a74; oaidts=1714031225; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/track-impression-applab?z=6543462&b=19449159&ymid=XHiiAW77FaKDJE3dYRFyon&var=1320852&var_3=19449159_&redirect=false&redirectUrl=https%3A%2F%2Fprized.pro%2Fyz992c%3Fexternal_id%3D%24%7BSUBID%7D%26source%3D6543462_1320852%26ad_campaign_id%3Dzeydoocrypto%26land_state%3Dbefore_render%26land_id%3DjB33Wx3582pkTZu%26land_generation_time%3D2024-04-25_02%3A47%3A05%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3Dd4c1d9bfc51e09ee3fce951a3b2118d6%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64 | 139.45.197.159 | 200 OK | 778 B |
URL GET HTTP/2heehoujaifo.com/track-impression-applab?z=6543462&b=19449159&ymid=XHiiAW77FaKDJE3dYRFyon&var=1320852&var_3=19449159_&redirect=false&redirectUrl=https%3A%2F%2Fprized.pro%2Fyz992c%3Fexternal_id%3D%24%7BSUBID%7D%26source%3D6543462_1320852%26ad_campaign_id%3Dzeydoocrypto%26land_state%3Dbefore_render%26land_id%3DjB33Wx3582pkTZu%26land_generation_time%3D2024-04-25_02%3A47%3A05%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3Dd4c1d9bfc51e09ee3fce951a3b2118d6%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64 IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (836), with no line terminators Hash5773b5c17a79984603ac4a30f4e7f0ec 65f200a3939459e9dae0231b4e796e941314f37f d82d3c74608f31d51e19482cded8ce9737e13ac225fa8492bf4d652868723ea9
GET /track-impression-applab?z=6543462&b=19449159&ymid=XHiiAW77FaKDJE3dYRFyon&var=1320852&var_3=19449159_&redirect=false&redirectUrl=https%3A%2F%2Fprized.pro%2Fyz992c%3Fexternal_id%3D%24%7BSUBID%7D%26source%3D6543462_1320852%26ad_campaign_id%3Dzeydoocrypto%26land_state%3Dbefore_render%26land_id%3DjB33Wx3582pkTZu%26land_generation_time%3D2024-04-25_02%3A47%3A05%26land_error_code%3D%26ruid%3D%7Bruid%7D%26mgeo%3D%7Bmgeo%7D%26oaid%3Dd4c1d9bfc51e09ee3fce951a3b2118d6%26land_type%3Drtr%26isPushSubscribed%3Dfalse%26isPushAlreadySubscribed%3Dfalse%26land_tracker%3Dmarker%26land_purchase_method%3Dapk&os_version=x86.64 HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon
DNT: 1
Connection: keep-alive
Cookie: reverse=earraKEjwNJBYTS7lRXCRkT-JhdRz6D2wKJ8MAmM_3Y; OAID=d4c1d9bfc51e09ee3fce951a3b2118d6; oaidts=1714031225; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: c8dd8b6783632da060bf17214eda286f
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=1320852&var=6543462&sw=/sw-check-permissions/6304462&var_3=19449159_&os_version=x86.64 | 139.45.197.159 | 200 OK | 37 kB |
URL GET HTTP/2heehoujaifo.com/pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=1320852&var=6543462&sw=/sw-check-permissions/6304462&var_3=19449159_&os_version=x86.64 IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
File typeJavaScript source, ASCII text, with very long lines (37142), with no line terminators Hash8acf6198d81e7b03a7f405500e7ae7f2 9d1d750d53896ac2ddc64461938862f301773eed 68fbd570b73d292cf84bf733f4ada10f1f7bbe6ba5ad8043ee3e2f5d01278e02
GET /pfe/current/micro.tag.min.js?uhd=1&z=6304462&ymid=1320852&var=6543462&sw=/sw-check-permissions/6304462&var_3=19449159_&os_version=x86.64 HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon
Cookie: reverse=earraKEjwNJBYTS7lRXCRkT-JhdRz6D2wKJ8MAmM_3Y; OAID=d4c1d9bfc51e09ee3fce951a3b2118d6; oaidts=1714031225
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: application/javascript
last-modified: Wed, 24 Apr 2024 14:40:35 GMT
vary: Accept-Encoding
etag: W/"662919e3-9116"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: br
X-Firefox-Spdy: h2
|
|
| heehoujaifo.com/sw-check-permissions/6304462?var=6543462&var_3=19449159_&ymid=1320852&uhd=1&zoneId=6304462 | 139.45.197.159 | 200 OK | 1.3 kB |
URL GET HTTP/2heehoujaifo.com/sw-check-permissions/6304462?var=6543462&var_3=19449159_&ymid=1320852&uhd=1&zoneId=6304462 IP139.45.197.159:443
Requested byhttps://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon CertificateIssuerLet's Encrypt Subjectheehoujaifo.com Fingerprint2D:4E:0B:63:49:C9:90:F7:EB:19:3C:F1:03:34:AB:1C:D1:81:9F:8D ValidityThu, 04 Apr 2024 05:16:41 GMT - Wed, 03 Jul 2024 05:16:40 GMT
File typeASCII text, with very long lines (1420), with no line terminators Hashf5dd4f841e49b429c612d0341017eae8 3c9b83ec376e4f4428fce5b1ba5baa7dac597563 b731b9c6f8d7a1b1aa3238dd8bd97363ec454648e316a932cd9f3b0c3abd5c51
GET /sw-check-permissions/6304462?var=6543462&var_3=19449159_&ymid=1320852&uhd=1&zoneId=6304462 HTTP/1.1
Host: heehoujaifo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Referer: https://heehoujaifo.com/?l=jB33Wx3582pkTZu&b=19449159&z=6543462&s={CLICK_ID}&campid={campaignid}&var=1320852&ymid=XHiiAW77FaKDJE3dYRFyon&ymid=XHiiAW77FaKDJE3dYRFyon
Cookie: reverse=earraKEjwNJBYTS7lRXCRkT-JhdRz6D2wKJ8MAmM_3Y; OAID=d4c1d9bfc51e09ee3fce951a3b2118d6; oaidts=1714031225; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Thu, 25 Apr 2024 07:47:05 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2
|
|