haijezoa.top Open in urlscan Pro
172.67.138.253 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://gulfirya785.socro-ad.club/
Effective URL:
https://haijezoa.top/sweeps-survey.html?offer_id=554905&z=6591460&s=774896304699740999&b=19240138&campaignid=7526076&...
Submission: On January 26 via api (January 26th 2024, 11:53:26 pm UTC) from US — Scanned from US

Summary HTTP 38 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 13 domains to perform 38 HTTP transactions. The main IP is 172.67.138.253, located in United States and belongs to CLOUDFLARENET, US. The main domain is haijezoa.top.
TLS certificate: Issued by GTS CA 1P5 on December 21st 2023. Valid for: 3 months.

This is the only time haijezoa.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	2606:4700:303... 2606:4700:3035::ac43:b5cd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:80d::200a	15169 (GOOGLE) (GOOGLE)
1	2600:141b:1c0... 2600:141b:1c00:2588::523	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:303... 2606:4700:3030::ac43:caba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81c::2003	15169 (GOOGLE) (GOOGLE)
1	151.101.65.40 151.101.65.40	54113 (FASTLY) (FASTLY)
1	2600:141b:1c0... 2600:141b:1c00:30::1739:5a6a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	139.45.196.64 139.45.196.64	9002 (RETN-AS) (RETN-AS)
16	172.67.138.253 172.67.138.253	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 11	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
2	139.45.197.248 139.45.197.248	9002 (RETN-AS) (RETN-AS)
38	12

5 2606:4700:3035::ac43:b5cd (United States)

ASN13335 (CLOUDFLARENET, US)

gulfirya785.socro-ad.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80d::200a (Colchester, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:2588::523 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

res.cloudinary.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::ac43:caba (United States)

ASN13335 (CLOUDFLARENET, US)

socrobotic.store	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::2003 (Colchester, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.40 (United States)

ASN54113 (FASTLY, US)

captcha.px-cdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:1c00:30::1739:5a6a (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)

client.px-cloud.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.196.64 (United Kingdom) 1 redirects

ASN9002 (RETN-AS, GB)

eekighoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 172.67.138.253 (United States)

ASN13335 (CLOUDFLARENET, US)

haijezoa.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:6b8::1:119 (Russian Federation) 3 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.248 (United Kingdom)

ASN9002 (RETN-AS, GB)

dortmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	haijezoa.top haijezoa.top	177 KB
9	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 8747	5 KB
5	socro-ad.club gulfirya785.socro-ad.club	4 KB
2	dortmark.net dortmark.net — Cisco Umbrella Rank: 66666
2	yandex.ru 1 redirects mc.yandex.ru — Cisco Umbrella Rank: 3982	71 KB
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 11663	544 B
1	eekighoo.com 1 redirects eekighoo.com — Cisco Umbrella Rank: 289427	841 B
1	px-cloud.net client.px-cloud.net — Cisco Umbrella Rank: 4757	75 KB
1	px-cdn.net captcha.px-cdn.net — Cisco Umbrella Rank: 514968	499 KB
1	gstatic.com fonts.gstatic.com	19 KB
1	socrobotic.store socrobotic.store	3 KB
1	cloudinary.com res.cloudinary.com — Cisco Umbrella Rank: 2467	1 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	2 KB
38	13

	Domain	Requested by
16	haijezoa.top	haijezoa.top
9	mc.yandex.com	2 redirects haijezoa.top mc.yandex.ru
5	gulfirya785.socro-ad.club	gulfirya785.socro-ad.club captcha.px-cdn.net client.px-cloud.net
2	dortmark.net	haijezoa.top
2	mc.yandex.ru	1 redirects haijezoa.top
1	my.rtmark.net	haijezoa.top
1	eekighoo.com	1 redirects
1	client.px-cloud.net	captcha.px-cdn.net
1	captcha.px-cdn.net	gulfirya785.socro-ad.club
1	fonts.gstatic.com	fonts.googleapis.com
1	socrobotic.store	gulfirya785.socro-ad.club
1	res.cloudinary.com	gulfirya785.socro-ad.club
1	fonts.googleapis.com	gulfirya785.socro-ad.club
38	13

This site contains links to these domains. Also see Links.

Domain
vuolobnhqb.com

Subject Issuer	Validity	Valid
socro-ad.club GTS CA 1P5	`2023-12-02` - `2024-03-01`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.cloudinary.com Go Daddy Secure Certificate Authority - G2	`2023-12-18` - `2025-01-13`	a year	crt.sh
socrobotic.store GTS CA 1P5	`2024-01-03` - `2024-04-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.perimeterx.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-08-25` - `2024-09-25`	a year	crt.sh
client.botchk.net R3	`2023-12-13` - `2024-03-12`	3 months	crt.sh
haijezoa.top GTS CA 1P5	`2023-12-21` - `2024-03-20`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-12-26` - `2024-06-05`	5 months	crt.sh
rtmark.net R3	`2023-12-23` - `2024-03-22`	3 months	crt.sh
dortmark.net R3	`2023-12-26` - `2024-03-25`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://haijezoa.top/sweeps-survey.html?offer_id=554905&z=6591460&s=774896304699740999&b=19240138&campaignid=7526076&var=ft&ymid=774896304699740999&var_3={var_3}&geo=US&testinapp=5051875&comments=sweepTest
Frame ID: 88E098E4BDDE0A1BEB8820E440846397
Requests: 38 HTTP requests in this frame

Frame: https://mc.yandex.com/metrika/metrika_match.html
Frame ID: FCE6EF0D0A495ECAE7C3C61AF30E6530
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Test $$$

Page URL History Show full URLs

https://gulfirya785.socro-ad.club/ Page URL
https://eekighoo.com/link?z=6591460&var=ft&ymid=10to3g61ch622 HTTP 302
https://haijezoa.top/sweeps-survey.html?offer_id=554905&z=6591460&s=774896304699740999&b=19240138... Page URL

Detected technologies

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

38
Requests

95 %
HTTPS

58 %
IPv6

13
Domains

13
Subdomains

12
IPs

3
Countries

855 kB
Transfer

1450 kB
Size

25
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://vuolobnhqb.com/4180207/?var=6591460&ymid=ft

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://gulfirya785.socro-ad.club/ Page URL
https://eekighoo.com/link?z=6591460&var=ft&ymid=10to3g61ch622 HTTP 302
https://haijezoa.top/sweeps-survey.html?offer_id=554905&z=6591460&s=774896304699740999&b=19240138&campaignid=7526076&var=ft&ymid=774896304699740999&var_3={var_3}&geo=US&testinapp=5051875&comments=sweepTest Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10260.cw0BaO3cKOBzb22p9HdYiruewd6rQZCO0ezLEsfAzOQqqmIltuFHH9GUSxy3aPjj.i33o27YX318ljIUuKyFSSuabmzU%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=10260.VD_7jMsTUzvDbIsRUO-UwWw1R77KdRRWxidqFzKTcPCvdsEL2x4NuKyARL_aPtNr4TmXGl15CfgOgCE7iG_xglzAriH96LNHlZ_6Kch1Eugj1NoVcRNUx3nEe9R6QO-iNF-QVX7Y-W637NA5kjqq-RnaePKyv-jB2lYWytMRI5ShJkRal2f_32qk3vc_kvebIi7_vO4xSLly78qsObwX-2PRqkODMme0MNpjjlgyGTs%2C.tNuy6GgNYdRRy3xqUDkb-HXWTOU%2C

Request Chain 34

https://mc.yandex.com/watch/66423859?wmode=7&page-url=https%3A%2F%2Fhaijezoa.top%2Fsweeps-survey.html%3Foffer_id%3D554905%26z%3D6591460%26s%3D774896304699740999%26b%3D19240138%26campaignid%3D7526076%26var%3Dft%26ymid%3D774896304699740999%26var_3%3D%7Bvar_3%7D%26geo%3DUS%26testinapp%3D5051875%26comments%3DsweepTest%26utm_campaign%3Dft%26utm_medium%3D6591460%26utm_source%3Dzd_7526076%26utm_term%3D19240138%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A0%3Als%3A1350725175981%3Ahid%3A772933978%3Az%3A-600%3Ai%3A20240126135323%3Aet%3A1706313204%3Ac%3A1%3Arn%3A480926336%3Arqn%3A1%3Au%3A1706313204589023033%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C54%2C194%2C2%2C341%2C0%2C%2C95%2C1%2C%2C%2C%2C773%3Aco%3A0%3Acpf%3A1%3Ans%3A1706313202530%3Afp%3A723%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706313204%3At%3AOnline%20Test%20%24%24%24&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)ti(1) HTTP 302
https://mc.yandex.com/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fhaijezoa.top%2Fsweeps-survey.html%3Foffer_id%3D554905%26z%3D6591460%26s%3D774896304699740999%26b%3D19240138%26campaignid%3D7526076%26var%3Dft%26ymid%3D774896304699740999%26var_3%3D%7Bvar_3%7D%26geo%3DUS%26testinapp%3D5051875%26comments%3DsweepTest%26utm_campaign%3Dft%26utm_medium%3D6591460%26utm_source%3Dzd_7526076%26utm_term%3D19240138%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A0%3Als%3A1350725175981%3Ahid%3A772933978%3Az%3A-600%3Ai%3A20240126135323%3Aet%3A1706313204%3Ac%3A1%3Arn%3A480926336%3Arqn%3A1%3Au%3A1706313204589023033%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C54%2C194%2C2%2C341%2C0%2C%2C95%2C1%2C%2C%2C%2C773%3Aco%3A0%3Acpf%3A1%3Ans%3A1706313202530%3Afp%3A723%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706313204%3At%3AOnline%20Test%20%24%24%24&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

38 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
gulfirya785.socro-ad.club/ 7 KB
3 KB 337ms
247ms Document
text/html 2606:4700:3035::ac43:b5cd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gulfirya785.socro-ad.club/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:b5cd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f478ed77959ea20c09129f7f704ebcf6fb38dc14dc592a4583df39da4af74763

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 84bcacbfae244bcd-BUF
content-encoding: br
content-type: text/html
date: Fri, 26 Jan 2024 23:53:20 GMT
last-modified: Fri, 15 Dec 2023 11:16:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MNnYKGwwFPIQmXS%2FO0ifq%2FY41vWJEHNEOChW7rn8Y3YKQCGeevNDdulH7JxDNTzOHM5g5PCmEM847EgJQM7uU1xQhtwCCNqfTalGwHs2gk8sCM7u8Xdc9CKU%2FXG21AWtZ4k9oMd4KTX7z7YY1OEE6Zucf%2BUAnMFw"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 css
fonts.googleapis.com/ 6 KB
2 KB 130ms
68ms Stylesheet
text/css 2607:f8b0:4006:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300

Requested by

Host: gulfirya785.socro-ad.club
URL: https://gulfirya785.socro-ad.club/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200a Colchester, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c93254c3b38a544885ef7418366c3895b1a9871669f56ef2c9ac9f1315525b5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gulfirya785.socro-ad.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 26 Jan 2024 23:53:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 26 Jan 2024 22:32:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 26 Jan 2024 23:53:20 GMT

GET
H2 200 ssense_logo_v2.svg
res.cloudinary.com/ssenseweb/image/upload/v1471963917/web/ 2 KB
1 KB 156ms
34ms Image
image/svg+xml 2600:141b:1c00:2588::523
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://res.cloudinary.com/ssenseweb/image/upload/v1471963917/web/ssense_logo_v2.svg

Requested by

Host: gulfirya785.socro-ad.club
URL: https://gulfirya785.socro-ad.club/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2600:141b:1c00:2588::523 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Cloudinary /

Resource Hash

d72bd5954d7f907b3789b72ce0d6529e14f98d3a22aec30e16ed387122806ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gulfirya785.socro-ad.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:21 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=604800
content-disposition: attachment; filename="ssense_logo_v2.svg"
server-timing: cld-akam;dur=3;start=2024-01-26T23:53:21.020Z;desc=hit,rtt;dur=28
content-length: 668
last-modified: Fri, 16 Jun 2017 15:59:08 GMT
server: Cloudinary
etag: W/"165a98cd78afa862ce95b155ddeef13a"
content-type: image/svg+xml
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control: public, no-transform, immutable, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *

GET
DATA 200
OK truncated Show response
/ 2 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5f17b302ec4f91ede66b8ae2b31b3dea2fd8ac9d32b7052023c9a50e50fc310

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: text/javascript

GET
H2 200 fQWb4JtJ
socrobotic.store/ 4 KB
3 KB 1380ms
1181ms Script
application/javascript 2606:4700:3030::ac43:caba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://socrobotic.store/fQWb4JtJ?return=js.client&&se_referrer=&default_keyword=Access%20to%20this%20page%20has%20been%20denied.&landing_url=gulfirya785.socro-ad.club%2F&name=_28g2MYFKwwG32v9P&host=https%3A%2F%2Fsocrobotic.store%2FfQWb4JtJ
Requested by: Host: gulfirya785.socro-ad.club
URL: https://gulfirya785.socro-ad.club/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:caba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gulfirya785.socro-ad.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:22 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2BTNVL3po6RBfi8dG4IUTsntvm2GIBtS2RkkRruOdZjN4gyOkvDDUmC2g9WKUgTm4ysm7EFHC934JJxKjiJLbFDviCLIUdbR53A6V0yqMbUb6dawCcIv3kgDKn9R9zu%2FptiEbq0dxg8EZMYmWa7o"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cf-ray: 84bcacc3ba8d4bc0-BUF
alt-svc: h3=":443"; ma=86400
expires: Fri, 26 Jan 2024 23:53:22 GMT

GET
H2 404 captcha.js
gulfirya785.socro-ad.club/58Asv359/captcha/ 0
0 290ms
273ms Script
text/html 2606:4700:3035::ac43:b5cd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gulfirya785.socro-ad.club/58Asv359/captcha/captcha.js?a=c&u=baff9429-c4ac-11ec-aebb-6a766354456e&v=&m=0
Requested by: Host: gulfirya785.socro-ad.club
URL: https://gulfirya785.socro-ad.club/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:b5cd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gulfirya785.socro-ad.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:21 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OVyMJXJmlYQf7icWEw4ro4IPtlM7IZgLtElrx6s5XhTg2WImiwf3RxOhoKU6k9ilERWl7j7nBz1zlyqJeiNhtzFknLQQVjfCTvfu5L0V5RMAP75c%2B7b1DktIR%2Fsm9XhT8iAdHHknHdWF9f%2BkpHHD0njxB5LfxDDa"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
cf-ray: 84bcacc29f9e4bcd-BUF
alt-svc: h3=":443"; ma=86400

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ 18 KB
19 KB 221ms
25ms Font
font/woff2 2607:f8b0:4006:81c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsiH0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2003 Colchester, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

758015e3cb56989df5cfcf912d2c3861a62e623d386ef12d4bacf15891a4eb81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://gulfirya785.socro-ad.club
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 05:53:51 GMT
x-content-type-options: nosniff
age: 64770
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18704
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:00:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 25 Jan 2025 05:53:51 GMT

GET
H2 200 captcha.js Show response
captcha.px-cdn.net/PX58Asv359/ 499 KB
499 KB 94ms
20ms Script
application/javascript 151.101.65.40
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://captcha.px-cdn.net/PX58Asv359/captcha.js?a=c&u=baff9429-c4ac-11ec-aebb-6a766354456e&v=&m=0
Requested by: Host: gulfirya785.socro-ad.club
URL: https://gulfirya785.socro-ad.club/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.40 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 080868a636dfeaa0cb67e7b5e6a6566aa39261ac2278869a3662c68324f9c174

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gulfirya785.socro-ad.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-served-by: cache-yyz4552-YYZ
date: Fri, 26 Jan 2024 23:53:21 GMT
via: 1.1 varnish
age: 417
x-timer: S1706313201.401592,VS0,VE2
etag: W/"7caff-uzSh8al8HGzxgyls0UKjOH1X40o"
x-cache: HIT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 510719
x-cache-hits: 1

GET
H3 404 init.js
gulfirya785.socro-ad.club/58Asv359/ 0
0 243ms
242ms Script
text/html 2606:4700:3035::ac43:b5cd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gulfirya785.socro-ad.club/58Asv359/init.js
Requested by: Host: captcha.px-cdn.net
URL: https://captcha.px-cdn.net/PX58Asv359/captcha.js?a=c&u=baff9429-c4ac-11ec-aebb-6a766354456e&v=&m=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:b5cd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gulfirya785.socro-ad.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:22 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HDhiDFHhPISLPkWD8ymaFFXKX1ZZyA2e1qH74Vp1%2B30IS0kYQEjNDnCJnRsjUp2f8xir5X3MtvuPicQ9lFiNCOQeu0USGxOpmPD%2F7pUFqCHyp4mUrkcpac9Gwr2PhLXan1381g744tXgZU%2BRluJoC3NxL2WKOHLh"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
cf-ray: 84bcacc8b9964bcf-BUF
alt-svc: h3=":443"; ma=86400

GET
H2 200 main.min.js
client.px-cloud.net/PX58Asv359/ 169 KB
75 KB 158ms
29ms Script
application/javascript 2600:141b:1c00:30::1739:5a6a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://client.px-cloud.net/PX58Asv359/main.min.js
Requested by: Host: captcha.px-cdn.net
URL: https://captcha.px-cdn.net/PX58Asv359/captcha.js?a=c&u=baff9429-c4ac-11ec-aebb-6a766354456e&v=&m=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:1c00:30::1739:5a6a Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://gulfirya785.socro-ad.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:22 GMT
content-encoding: gzip
etag: "2a3df-NObiEgXIQ/qrAxG93bivkd6ViuA"
x-px-hash: ODU3ZTAyYzE1MWRmOTZiODVkYjQ2OTA4MzBlZGQ3MzI3NzM2Y2I3NjI5MzcxNmQ1NmNiMWZmNTc3MDNkZWUxMw==
vary: Accept-Encoding
active-cdn: Akamai
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: active-cdn,x-served-by,Akamai-Request-BC
cache-control: max-age=600
content-length: 76806

POST
H3 404 bundle
gulfirya785.socro-ad.club/58Asv359/xhr/assets/js/ 564 B
569 B 139ms
139ms XHR
text/html 2606:4700:3035::ac43:b5cd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gulfirya785.socro-ad.club/58Asv359/xhr/assets/js/bundle
Requested by: Host: client.px-cloud.net
URL: https://client.px-cloud.net/PX58Asv359/main.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:b5cd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 26 Jan 2024 23:53:22 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=49pANflKfxZyFZphbXVoA%2BT%2BNZ%2F%2B895uVInuxetOjfA7JYm2pdBqfJqLDD9f0PUKILCuXIGQ1vfTwG%2BgKQn1Eulx0HQGb59wnUzGVars1E3ZdCypiNtxea%2FP%2B79BZCPq5fsN8EOE2mHNFq5WdsoRFXauuZKxYqZn"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cf-ray: 84bcaccbdb694bcf-BUF
alt-svc: h3=":443"; ma=86400

GET
H2

200

Primary Request sweeps-survey.html Show response
haijezoa.top/
Redirect Chain

https://eekighoo.com/link?z=6591460&var=ft&ymid=10to3g61ch622
https://haijezoa.top/sweeps-survey.html?offer_id=554905&z=6591460&s=774896304699740999&b=19240138&campaignid=7526076&var=ft&ymid=774896304699740999&var_3={var_3}&geo=US&testinapp=5051875&comments=s...

8 KB
4 KB

279ms
194ms

Document
text/html

172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/sweeps-survey.html?offer_id=554905&z=6591460&s=774896304699740999&b=19240138&campaignid=7526076&var=ft&ymid=774896304699740999&var_3={var_3}&geo=US&testinapp=5051875&comments=sweepTest

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

878d65ced232eea9f5ec8f95f6ced63db58ad2d6dc42e7cfb5de4275610f57c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://gulfirya785.socro-ad.club/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 84bcacce8c454bc9-BUF
content-encoding: br
content-type: text/html
date: Fri, 26 Jan 2024 23:53:23 GMT
last-modified: Fri, 26 Jan 2024 14:58:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hV26%2BDpNumFYvuXePnoFHfpLqTilyEzCATAI%2FmEJ%2BeMPlhceATAOzUhK27OnolWrpgJ%2FcczY1MZyHUeMyeQbEZCbufkl6Ta9eDjmpAUr2VbKWC5mvh02khk9KavMGWU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-length: 0
date: Fri, 26 Jan 2024 23:53:22 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
link: <https://haijezoa.top>; rel="dns-prefetch preconnect"
location: https://haijezoa.top/sweeps-survey.html?offer_id=554905&z=6591460&s=774896304699740999&b=19240138&campaignid=7526076&var=ft&ymid=774896304699740999&var_3={var_3}&geo=US&testinapp=5051875&comments=sweepTest
pragma: no-cache
referrer-policy: no-referrer
server: nginx
strict-transport-security: max-age=1
timing-allow-origin: *
x-content-type-options: nosniff
x-trace-id: bf3791a59cc9b82972dfb78234f58198

POST
H3 404 uc
gulfirya785.socro-ad.club/58Asv359/xhr/res/ 564 B
565 B 139ms
138ms XHR
text/html 2606:4700:3035::ac43:b5cd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://gulfirya785.socro-ad.club/58Asv359/xhr/res/uc
Requested by: Host: client.px-cloud.net
URL: https://client.px-cloud.net/PX58Asv359/main.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:b5cd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 26 Jan 2024 23:53:22 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MxhJdxk05Auwue%2BwsOFdlNpJHZPmLoc2jjsloICYY62OpXuq8FyZa6ZOG55o5edhfiJlxqKGgalQ4tBgvTIS8fQO48RpYiC7XqjmWefjKuPxVYxfCFSATtRD%2FpS%2FhjtNazWiz4CJRMFe6Lr4t5atQ%2BfP6uHq8H%2FP"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cf-ray: 84bcacce0d154bcf-BUF
alt-svc: h3=":443"; ma=86400

GET
H2 200 _rtc.6c2941d4.js Show response
haijezoa.top/js/ 12 KB
5 KB 28ms
24ms Script
application/javascript 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/js/_rtc.6c2941d4.js

Requested by

Host: haijezoa.top
URL: https://haijezoa.top/sweeps-survey.html?offer_id=554905&z=6591460&s=774896304699740999&b=19240138&campaignid=7526076&var=ft&ymid=774896304699740999&var_3={var_3}&geo=US&testinapp=5051875&comments=sweepTest

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dae132705fdace4d7c7059bfa338acc5bf6875ef10ba4876c28aae513404deda

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3302
content-encoding: br
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 26 Jan 2024 14:58:01 GMT
server: cloudflare
etag: W/"65b3c879-2fbe"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2Fh3jrWAk9oMhviSHhMISyJJXDUeqgCMr7F7O2X00zk0FctLaEx4WcFw5KWmeY7RN0VeGS19tuVj0c2LuTMfjVIysuoxCsR%2BaJZAjTPvk2EPppCxdf3MHfZHFhQYQlw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 84bcacd00d754bc9-BUF

GET
H2 200 v-index.js.624bd71e.js Show response
haijezoa.top/js/ 40 KB
14 KB 31ms
27ms Script
application/javascript 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/js/v-index.js.624bd71e.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a731c8ab93911c4eff75d1a5ab79e8b87ef029f08936d54d7d02448bf6a9412b

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3302
cf-polished: origSize=40988
content-encoding: br
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 26 Jan 2024 14:58:01 GMT
server: cloudflare
etag: W/"65b3c879-a01c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eoUAu9VmRa%2BiETlV95uASp9%2BTOCgCnL%2BEOUM3Y%2BFV8VFFJ4Jkk5HzPR4KWJ24lIQ%2BCW9%2FTAwBowRCkqP3SPO0AXl%2Bq5mXQMpbsC1jou2AZrZaBtbeyErdcYBGQN5hiI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 84bcacd00d764bc9-BUF

GET
H2 200 s-storageService.js.f15d6737.js Show response
haijezoa.top/js/ 2 KB
1 KB 27ms
23ms Script
application/javascript 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/js/s-storageService.js.f15d6737.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25c6a48c5e780ce8e9df271a911975e6f14f27c6c0a5ebabb9709bfb0728d471

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3302
content-encoding: br
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 26 Jan 2024 14:58:01 GMT
server: cloudflare
etag: W/"65b3c879-87a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gAsMfC7VPnvlzRB1rpTyt0v1tfAK%2B5JrZz0y1UpqIfP70hHTgkRTbQAK4Pn0aKNsSKbAAaeClo4eFcWdNUHrFJgtnWn5mB0NCSDCCP21Z6ZsOMU1fqTVFD5Nxfq%2Fx7w%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 84bcacd01d7d4bc9-BUF

GET
H2 200 s-checkSessionStorageAvailable.ts.b62d43f3.js Show response
haijezoa.top/js/ 330 B
474 B 29ms
26ms Script
application/javascript 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/js/s-checkSessionStorageAvailable.ts.b62d43f3.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9eeaad733b7ade1126ec3f883e1a282afbd5de7cd49d28f98e63a92b678b58a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3302
content-encoding: br
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 26 Jan 2024 14:58:01 GMT
server: cloudflare
etag: W/"65b3c879-14a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wpRA32%2BM11jK9Pt725JyYTpRpVLEXckgJ1fxNOsd3ihaRY1RDOXX0fYBM68JHGcpzvp%2FI4DZfjt0EXAcolvzoa%2FDVi7wQFo8UrHWN%2BM%2B0SN1j5np5Se5apZ6AA2CK7M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 84bcacd01d7e4bc9-BUF

GET
H2 200 s-checkLocalStorageAvailable.ts.97fc8d79.js Show response
haijezoa.top/js/ 330 B
488 B 27ms
24ms Script
application/javascript 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/js/s-checkLocalStorageAvailable.ts.97fc8d79.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

209a4f88cfe5f92396be6f54f6992a680391252bf8a239aef849ff6feaddd8fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3302
content-encoding: br
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 26 Jan 2024 14:58:01 GMT
server: cloudflare
etag: W/"65b3c879-14a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2BmMPwlxkm4yfsbIdKTReNI3MpYn1XNN36c3%2BGbiE6dioeELptVckb%2FlaDIgNrt3q8NZPiQmOHWkgEZGjr6u9kvnDOCnnFYi7tfBiHanGUxYR0Gkc4wqsNj9upk0LX8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 84bcacd01d7f4bc9-BUF

GET
H2 200 v-redux-toolkit.esm.js.17fd28a5.js Show response
haijezoa.top/js/ 11 KB
5 KB 29ms
27ms Script
application/javascript 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/js/v-redux-toolkit.esm.js.17fd28a5.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d77e5c2ba803d5fea829c025d5ce3710e003faad2a37f038dc7111537a9f15f

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3302
content-encoding: br
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 26 Jan 2024 14:58:02 GMT
server: cloudflare
etag: W/"65b3c87a-2c37"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AaCaTOaP%2FLa60ICzsBvEYSYXP%2FG4KhtDu32XHdLGavPCDzafU4UuN1%2BbSiF0p3oaNn0RrA9y%2FVcJeAW%2BQDDP4B5T%2FGWXbNYyyxJ%2F%2FJKYqgic2o0h2g2zuygDBeuUoeI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 84bcacd01d804bc9-BUF

GET
H2 200 _each-land-config.a8d1762d.js Show response
haijezoa.top/js/ 70 KB
21 KB 33ms
31ms Script
application/javascript 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/js/_each-land-config.a8d1762d.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2c860c8f8811b0f5b54279ab7e3673f2bdd7101dd2763b0dbe3281d6f5f5852

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3302
cf-polished: origSize=71253
content-encoding: br
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 26 Jan 2024 14:58:01 GMT
server: cloudflare
etag: W/"65b3c879-11655"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ls0SY5fKex2KSXU4tQjKf35vftDQPp%2BNtsLvHaBF97mFk%2FtjGc1gdXI0zH1bZ9olepniBiL9dxCoywADfWdGHy0KaeE%2BiNIVJYwpgZCAO%2BXUniN2nlnAqfbaLIDIcJ8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 84bcacd01d824bc9-BUF

GET
H2 200 v-react-dom.production.min.js.9a01d26c.js Show response
haijezoa.top/js/ 126 KB
41 KB 35ms
33ms Script
application/javascript 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/js/v-react-dom.production.min.js.9a01d26c.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7c19e936856bf5d09135d91af1849ed58e2cea957059175bae4307bc015c25a

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3302
cf-polished: origSize=129359
content-encoding: br
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 26 Jan 2024 14:58:01 GMT
server: cloudflare
etag: W/"65b3c879-1f94f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zGJa64%2BvuQRlLWsmpFh%2B2Y233vNfNnVkv%2BQtWdc7rO6oAcFjlMW5ZwkC4yBUbtkqiKxtKC465NrYvie9tn%2BlKWPVlWSXfeptvUQuQctTr2VkfvJyBsu6TpdjkF7fHLQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 84bcacd01d834bc9-BUF

GET
H2 200 _core-survey.c6251d16.js Show response
haijezoa.top/js/ 164 KB
43 KB 49ms
47ms Script
application/javascript 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/js/_core-survey.c6251d16.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93c965a50f2f261c8129f7d7925e01625242b86907988f85003668c6c444ae50

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3302
cf-polished: origSize=167430
content-encoding: br
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 26 Jan 2024 14:58:01 GMT
server: cloudflare
etag: W/"65b3c879-28e06"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=afBcytQ3fu%2BhGkCydlUfaLomsZb78Utz%2F5xKOLb9HTIeAIDJNCbXIwhbj4EMckpd1bw3t7%2FwB6Zs9IXug0A8lISW2NFgPhfMu0Fo%2FaEh2EF1ijYN7jXNAdSBlKG1E00%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 84bcacd02d854bc9-BUF

GET
H2 200 sweeps-survey.38e6a307.js Show response
haijezoa.top/js/ 6 KB
3 KB 30ms
28ms Script
application/javascript 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/js/sweeps-survey.38e6a307.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a51781140f038481b119cf4db966f23698f7647a2d56aaf14dae0e71fd6953d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3302
content-encoding: br
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 26 Jan 2024 14:58:02 GMT
server: cloudflare
etag: W/"65b3c87a-16ba"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2hWdwxgS5pnM0njBqF9ebwVOspjJ0AetxNpA6lKCakguCLQC0%2FAa%2FKCtR3Ma9GzUY6RSwl%2F7SwVCXiwD%2FrTTgaBpQgcDE2g5Wz8bFcltrmNutVLKZIl9zlqANTx9hTU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 84bcacd02d864bc9-BUF

GET
H2 200 _core-survey.d3ac2ee0.css
haijezoa.top/css/ 83 B
408 B 25ms
22ms Stylesheet
text/css 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/css/_core-survey.d3ac2ee0.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4916da6d6e00e0e6681cccaf9107eb45fdfc78fe2e476444623c30a64959b5e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3302
cf-polished: origSize=84
content-encoding: br
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 26 Jan 2024 14:58:01 GMT
server: cloudflare
etag: W/"65b3c879-54"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BOqWkgPx56088xEcRnUyMNF4KDev37ePHE4AcVaT57xTtsBOaW48Ddbvj9HlxE4VZY7Ca9gkLxZteGxlfSjUCdpI21ruZIARk790lp6yMwzEVaKbCR9Sh7Q1jzNGUcE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 84bcacd00d734bc9-BUF

GET
H2 200 sweeps-survey.3ba9579d.css
haijezoa.top/css/ 85 KB
33 KB 28ms
25ms Stylesheet
text/css 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/css/sweeps-survey.3ba9579d.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f870a6af6e850e5942690b7d536a57b8f9040cc2d95241cfa910d75a4c1972ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3302
cf-polished: origSize=86973
content-encoding: br
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 26 Jan 2024 14:58:01 GMT
server: cloudflare
etag: W/"65b3c879-153bd"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PK99zINmiAEZC8X0BKfRim4ctD4xLIC1VsknRCu3RszkkrM6nw7LZKLCv1xyx9mKEu0Ik9lQPcRugbAfTc4EmFbMf9Ub7gd20s8NGsRu6eLE7oAEkwJLI1bOOEgniCs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 84bcacd00d744bc9-BUF

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 204 KB
71 KB 606ms
290ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

9c641fd8ad8fc0517d4ee8d937866e2542fe7e0b07761c710a5c9a423b269dd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Fri, 26 Jan 2024 12:09:51 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65b3a10f-11840"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 71744
expires: Sat, 27 Jan 2024 00:53:23 GMT

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
544 B 325ms
99ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=47kmnbpavl7631qeri6ze3cwggp6q0lo

Requested by

Host: haijezoa.top
URL: https://haijezoa.top/js/_each-land-config.a8d1762d.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4fc6ba0e70c34d6c5712b91d073027b24911e855eea60ffd36086e51da332d7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://haijezoa.top
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 404 sd-554905-en.js
haijezoa.top/js/config/sd/ 0
0 205ms
204ms Script
text/html 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://haijezoa.top/js/config/sd/sd-554905-en.js?v=10
Requested by: Host: haijezoa.top
URL: https://haijezoa.top/js/_each-land-config.a8d1762d.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
Origin: https://haijezoa.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gTKMlk8BSprGaTVGOLgfwoPy%2Biq7iqyGM%2FzADGksEh%2BGqnMyQgf58mK3LSxfhpSkpMaB8cWSHqAg8mqsgveDXaCQzqtc%2FB47ONAIdUTzpRRomfhQo91PZLHumA0K2tc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=1800
cf-ray: 84bcacd0896736eb-YYZ
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 82 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7e41ca21e421f129d3881e345f990027b66c0ab3c5580e549575f9393d117cbd

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/webp

GET
H3 200 cookie-consent-1.json Show response
haijezoa.top/js/config/dict/ 7 KB
3 KB 204ms
204ms Fetch
application/json 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/js/config/dict/cookie-consent-1.json?v=10

Requested by

Host: haijezoa.top
URL: https://haijezoa.top/js/_each-land-config.a8d1762d.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bfa8e9b4326caea44f0d0c0345a31f34f19d47ae2e60fbc7c557df9ceffdca6

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Fri, 26 Jan 2024 14:58:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"65b3c879-1a65"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ijNeVsNfoEwIfXivlRXInpdHPaYr42yrZPhLB8kP3Q0hl4aYtTc7A7NQTvpV1Gj2Y9%2BoDG%2BDxmGtK8L%2BBZ5ZwXOLBxPqJEPi4V%2BmeksVCdX2M8%2FW3tAMDPG0y3%2FopdY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cf-ray: 84bcacd0b9bd36eb-YYZ
alt-svc: h3=":443"; ma=86400

POST
H2 200 sync-metrics
dortmark.net/ 17 B
0 297ms
103ms Fetch
application/json 139.45.197.248
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dortmark.net/sync-metrics

Requested by

Host: haijezoa.top
URL: https://haijezoa.top/js/_each-land-config.a8d1762d.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.248 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 63606e2783c95089d20edaf7fc32f054
pragma: no-cache
date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://haijezoa.top
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
content-length: 17
expires: Tue, 11 Jan 1994 10:00:00 GMT

OPTIONS
H2 200 sync-metrics
dortmark.net/ Frame 0
0 311ms
97ms Preflight 139.45.197.248
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dortmark.net/sync-metrics

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.248 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://haijezoa.top
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://haijezoa.top
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
content-length: 0
date: Fri, 26 Jan 2024 23:53:23 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
timing-allow-origin: * *
x-content-type-options: nosniff

GET
H3 200 sd-554905.js Show response
haijezoa.top/js/config/data/ 6 KB
2 KB 120ms
120ms Script
application/javascript 172.67.138.253
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://haijezoa.top/js/config/data/sd-554905.js?v=10

Requested by

Host: haijezoa.top
URL: https://haijezoa.top/js/_each-land-config.a8d1762d.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.138.253 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d36afa47da0fa561ad04f256f78e46685a8046ec83acaef61b6e6b3b71d48160

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://haijezoa.top
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:23 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: EXPIRED
last-modified: Fri, 26 Jan 2024 14:57:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
etag: W/"65b3c864-1671"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B8NcG6oy2pH0a%2FDorpB3x2eYzsLPKSCv4gJc%2BqWjuFUfX7PQeF045V%2BJGGqRhQsJLi5iKWDrO2UwsAYU0%2BpW9yjOIlY82mRU6aOLtbE54gqwP3ETnjJDshITbOwEEZo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 84bcacd1cbd536eb-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10260.cw0BaO3cKOBzb22p9HdYiruewd6rQZCO0ezLEsfAzOQqqmIltuFHH9GUSxy3aPjj.i33o27YX318ljIUuKyFSSuabmzU%2C
https://mc.yandex.com/sync_cookie_image_decide?token=10260.VD_7jMsTUzvDbIsRUO-UwWw1R77KdRRWxidqFzKTcPCvdsEL2x4NuKyARL_aPtNr4TmXGl15CfgOgCE7iG_xglzAriH96LNHlZ_6Kch1Eugj1NoVcRNUx3nEe9R6QO-iNF-QVX7Y-W...

43 B
672 B

145ms
145ms

Image
image/gif

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=10260.VD_7jMsTUzvDbIsRUO-UwWw1R77KdRRWxidqFzKTcPCvdsEL2x4NuKyARL_aPtNr4TmXGl15CfgOgCE7iG_xglzAriH96LNHlZ_6Kch1Eugj1NoVcRNUx3nEe9R6QO-iNF-QVX7Y-W637NA5kjqq-RnaePKyv-jB2lYWytMRI5ShJkRal2f_32qk3vc_kvebIi7_vO4xSLly78qsObwX-2PRqkODMme0MNpjjlgyGTs%2C.tNuy6GgNYdRRy3xqUDkb-HXWTOU%2C

Requested by

Protocol

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:24 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=10260.VD_7jMsTUzvDbIsRUO-UwWw1R77KdRRWxidqFzKTcPCvdsEL2x4NuKyARL_aPtNr4TmXGl15CfgOgCE7iG_xglzAriH96LNHlZ_6Kch1Eugj1NoVcRNUx3nEe9R6QO-iNF-QVX7Y-W637NA5kjqq-RnaePKyv-jB2lYWytMRI5ShJkRal2f_32qk3vc_kvebIi7_vO4xSLly78qsObwX-2PRqkODMme0MNpjjlgyGTs%2C.tNuy6GgNYdRRy3xqUDkb-HXWTOU%2C
date: Fri, 26 Jan 2024 23:53:24 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
501 B 148ms
146ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 23:53:24 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 26 Jan 2024 12:09:51 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "65b3a10f-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Sat, 27 Jan 2024 00:53:24 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/66423859/
Redirect Chain

https://mc.yandex.com/watch/66423859?wmode=7&page-url=https%3A%2F%2Fhaijezoa.top%2Fsweeps-survey.html%3Foffer_id%3D554905%26z%3D6591460%26s%3D774896304699740999%26b%3D19240138%26campaignid%3D752607...
https://mc.yandex.com/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fhaijezoa.top%2Fsweeps-survey.html%3Foffer_id%3D554905%26z%3D6591460%26s%3D774896304699740999%26b%3D19240138%26campaignid%3D7526...

440 B
559 B

150ms
149ms

Fetch
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fhaijezoa.top%2Fsweeps-survey.html%3Foffer_id%3D554905%26z%3D6591460%26s%3D774896304699740999%26b%3D19240138%26campaignid%3D7526076%26var%3Dft%26ymid%3D774896304699740999%26var_3%3D%7Bvar_3%7D%26geo%3DUS%26testinapp%3D5051875%26comments%3DsweepTest%26utm_campaign%3Dft%26utm_medium%3D6591460%26utm_source%3Dzd_7526076%26utm_term%3D19240138%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A0%3Als%3A1350725175981%3Ahid%3A772933978%3Az%3A-600%3Ai%3A20240126135323%3Aet%3A1706313204%3Ac%3A1%3Arn%3A480926336%3Arqn%3A1%3Au%3A1706313204589023033%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C54%2C194%2C2%2C341%2C0%2C%2C95%2C1%2C%2C%2C%2C773%3Aco%3A0%3Acpf%3A1%3Ans%3A1706313202530%3Afp%3A723%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706313204%3At%3AOnline%20Test%20%24%24%24&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29

Protocol

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

835abdddf523b742619e089312b41a8b8f899f8e761b1cefcf6e47b22b7bc480

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Jan 2024 23:53:24 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Fri, 26-Jan-2024 23:53:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://haijezoa.top
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 440
x-xss-protection: 1; mode=block
expires: Fri, 26-Jan-2024 23:53:24 GMT

Redirect headers

pragma: no-cache
date: Fri, 26 Jan 2024 23:53:24 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 26-Jan-2024 23:53:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fhaijezoa.top%2Fsweeps-survey.html%3Foffer_id%3D554905%26z%3D6591460%26s%3D774896304699740999%26b%3D19240138%26campaignid%3D7526076%26var%3Dft%26ymid%3D774896304699740999%26var_3%3D%7Bvar_3%7D%26geo%3DUS%26testinapp%3D5051875%26comments%3DsweepTest%26utm_campaign%3Dft%26utm_medium%3D6591460%26utm_source%3Dzd_7526076%26utm_term%3D19240138%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A0%3Als%3A1350725175981%3Ahid%3A772933978%3Az%3A-600%3Ai%3A20240126135323%3Aet%3A1706313204%3Ac%3A1%3Arn%3A480926336%3Arqn%3A1%3Au%3A1706313204589023033%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C54%2C194%2C2%2C341%2C0%2C%2C95%2C1%2C%2C%2C%2C773%3Aco%3A0%3Acpf%3A1%3Ans%3A1706313202530%3Afp%3A723%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706313204%3At%3AOnline%20Test%20%24%24%24&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29ti%281%29
access-control-allow-origin: https://haijezoa.top
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Fri, 26-Jan-2024 23:53:24 GMT

GET
H2 200 metrika_match.html Show response
mc.yandex.com/metrika/ Frame FCE6 2 KB
1 KB 148ms
147ms Document
text/html 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/metrika/metrika_match.html

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

9df4ea0c8c25b6c96ccb4ef96780a7b074ee266972670f2572d38a961f1b481f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
access-control-allow-origin: *
cache-control: max-age=3600
content-encoding: br
content-length: 869
content-type: text/html
date: Fri, 26 Jan 2024 23:53:24 GMT
etag: "65b3a10f-365"
expires: Sat, 27 Jan 2024 00:53:24 GMT
last-modified: Fri, 26 Jan 2024 12:09:51 GMT
strict-transport-security: max-age=31536000
timing-allow-origin: *

POST
H2 200 1
mc.yandex.com/watch/66423859/ 43 B
86 B 147ms
145ms Ping
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/66423859/1?page-url=goal%3A%2F%2Fhaijezoa.top%2FonSurveyStart&page-ref=https%3A%2F%2Fhaijezoa.top%2Fsweeps-survey.html%3Foffer_id%3D554905%26z%3D6591460%26s%3D774896304699740999%26b%3D19240138%26campaignid%3D7526076%26var%3Dft%26ymid%3D774896304699740999%26var_3%3D%7Bvar_3%7D%26geo%3DUS%26testinapp%3D5051875%26comments%3DsweepTest%26utm_campaign%3Dft%26utm_medium%3D6591460%26utm_source%3Dzd_7526076%26utm_term%3D19240138%26utm_content%3Dzd_public_v2&charset=utf-8&uah=chm%0A%3F0&hittoken=1706313204_a537b875f363c8fc5dc1fda55a37235b06ddedecff81ca700d696a3610fc60af&browser-info=ar%3A1%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A1%3Als%3A1350725175981%3Ahid%3A772933978%3Az%3A-600%3Ai%3A20240126135324%3Aet%3A1706313205%3Ac%3A1%3Arn%3A358887601%3Arqn%3A2%3Au%3A1706313204589023033%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1942%2C1942%2C0%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1706313202530%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706313205%3At%3AOnline%20Test%20%24%24%24&t=gdpr(14)mc(g-3)clc(0-0-0)rqnt(2)aw(1)rcm(1)ti(0)&force-urlencoded=1&site-info=%7B%22userOfferId%22%3A%22554905%22%2C%22userSurveyId%22%3A%22554905%22%2C%22vertical%22%3A%22sweep%22%2C%22zone%22%3A%226591460%22%7D

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Jan 2024 23:53:24 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 26-Jan-2024 23:53:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://haijezoa.top
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 26-Jan-2024 23:53:24 GMT

POST
H2 200 1
mc.yandex.com/watch/66423859/ 43 B
74 B 150ms
149ms Ping
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/66423859/1?page-url=goal%3A%2F%2Fhaijezoa.top%2FonGidratorAddUrlParam&page-ref=https%3A%2F%2Fhaijezoa.top%2Fsweeps-survey.html%3Foffer_id%3D554905%26z%3D6591460%26s%3D774896304699740999%26b%3D19240138%26campaignid%3D7526076%26var%3Dft%26ymid%3D774896304699740999%26var_3%3D%7Bvar_3%7D%26geo%3DUS%26testinapp%3D5051875%26comments%3DsweepTest%26utm_campaign%3Dft%26utm_medium%3D6591460%26utm_source%3Dzd_7526076%26utm_term%3D19240138%26utm_content%3Dzd_public_v2&charset=utf-8&uah=chm%0A%3F0&hittoken=1706313204_a537b875f363c8fc5dc1fda55a37235b06ddedecff81ca700d696a3610fc60af&browser-info=ar%3A1%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A1%3Als%3A1350725175981%3Ahid%3A772933978%3Az%3A-600%3Ai%3A20240126135324%3Aet%3A1706313205%3Ac%3A1%3Arn%3A458911907%3Arqn%3A3%3Au%3A1706313204589023033%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1706313202530%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706313205%3At%3AOnline%20Test%20%24%24%24&t=gdpr(14)mc(g-3)clc(0-0-0)rqnt(3)aw(1)rcm(1)ti(0)&force-urlencoded=1&site-info=%7B%22isGidratorUnique%22%3Afalse%7D

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Jan 2024 23:53:24 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 26-Jan-2024 23:53:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://haijezoa.top
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 26-Jan-2024 23:53:24 GMT

POST
H2 200 1
mc.yandex.com/watch/66423859/ 43 B
74 B 150ms
149ms Ping
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/66423859/1?page-url=goal%3A%2F%2Fhaijezoa.top%2FonLanguageSelect&page-ref=https%3A%2F%2Fhaijezoa.top%2Fsweeps-survey.html%3Foffer_id%3D554905%26z%3D6591460%26s%3D774896304699740999%26b%3D19240138%26campaignid%3D7526076%26var%3Dft%26ymid%3D774896304699740999%26var_3%3D%7Bvar_3%7D%26geo%3DUS%26testinapp%3D5051875%26comments%3DsweepTest%26utm_campaign%3Dft%26utm_medium%3D6591460%26utm_source%3Dzd_7526076%26utm_term%3D19240138%26utm_content%3Dzd_public_v2&charset=utf-8&uah=chm%0A%3F0&hittoken=1706313204_a537b875f363c8fc5dc1fda55a37235b06ddedecff81ca700d696a3610fc60af&browser-info=ar%3A1%3Avf%3A6lymxorwswbp5wtc63gz2swr%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1220%3Acn%3A1%3Adp%3A1%3Als%3A1350725175981%3Ahid%3A772933978%3Az%3A-600%3Ai%3A20240126135324%3Aet%3A1706313205%3Ac%3A1%3Arn%3A23846964%3Arqn%3A4%3Au%3A1706313204589023033%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1706313202530%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1706313205%3At%3AOnline%20Test%20%24%24%24&t=gdpr(14)mc(g-3)clc(0-0-0)rqnt(4)aw(1)rcm(1)ti(0)&force-urlencoded=1&site-info=%7B%22languageCode%22%3Anull%2C%22languageSource%22%3A%22old%20config%22%7D

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 , Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 26 Jan 2024 23:53:24 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 26-Jan-2024 23:53:24 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://haijezoa.top
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 26-Jan-2024 23:53:24 GMT

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
eekighoo.com/	1970-01-21 02:44:09	Name: OAID Value: d112e47b93bb42eb96897282fa463ea7
eekighoo.com/	1970-01-21 02:44:09	Name: oaidts Value: 1706313202
eekighoo.com/	1970-01-21 02:44:09	Name: OXCCLK Value: 7526076.1
eekighoo.com/	1970-01-21 02:44:09	Name: allcnt Value: 1
my.rtmark.net/	1970-01-21 02:44:09	Name: ID Value: 47kmnbpavl7631qeri6ze3cwggp6q0lo
.haijezoa.top/	1970-01-20 19:24:57	Name: OAID Value: 47kmnbpavl7631qeri6ze3cwggp6q0lo
.haijezoa.top/	1970-01-20 18:08:38	Name: syncedCookie Value: true
.haijezoa.top/	1970-01-20 19:24:57	Name: oaidts Value: 1706313203
.haijezoa.top/	1970-01-20 19:24:57	Name: ID Value: 47kmnbpavl7631qeri6ze3cwggp6q0lo
.yandex.ru/	1970-01-21 03:34:33	Name: i Value: ykQXmXf29HOboeRN2j+m/rOPIrMlsNUcDPYWDbQM7WjhRjGjjUAxjc2C71o9yhPBQeu0WBFeuSQY0he+OEm3dME2pN0=
.yandex.ru/	1970-01-21 03:34:33	Name: yandexuid Value: 3138518321706313203
.haijezoa.top/	1970-01-21 02:44:09	Name: _ym_uid Value: 1706313204589023033
.haijezoa.top/	1970-01-21 02:44:09	Name: _ym_d Value: 1706313204
.mc.yandex.com/	1970-01-20 17:58:33	Name: sync_cookie_csrf Value: 990493295fake
.haijezoa.top/	1970-01-20 17:59:45	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-20 17:58:33	Name: sync_cookie_csrf Value: 1344957023fake
.yandex.com/	1970-01-21 02:44:09	Name: yandexuid Value: 3138518321706313203
.yandex.com/	1970-01-21 02:44:09	Name: yuidss Value: 3138518321706313203
.yandex.com/	1970-01-21 03:34:33	Name: i Value: ykQXmXf29HOboeRN2j+m/rOPIrMlsNUcDPYWDbQM7WjhRjGjjUAxjc2C71o9yhPBQeu0WBFeuSQY0he+OEm3dME2pN0=
.yandex.com/	1970-01-21 03:34:33	Name: yp Value: 1706399604.yu.653127151706313204
.mc.yandex.com/	1970-01-20 17:59:59	Name: sync_cookie_ok Value: synced
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 245514821706313204
.yandex.com/	1970-01-21 02:44:09	Name: ymex Value: 1708905204.oyu.653127151706313204#1737849204.yrts.1706313204
.yandex.com/	1970-01-21 02:44:09	Name: bh Value: KgI/MA==
.haijezoa.top/	1970-01-20 17:58:35	Name: _ym_visorc Value: b

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://gulfirya785.socro-ad.club/58Asv359/captcha/captcha.js?a=c&u=baff9429-c4ac-11ec-aebb-6a766354456e&v=&m=0 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gulfirya785.socro-ad.club/58Asv359/init.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gulfirya785.socro-ad.club/58Asv359/xhr/assets/js/bundle Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://gulfirya785.socro-ad.club/58Asv359/xhr/res/uc Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://haijezoa.top/js/config/sd/sd-554905-en.js?v=10 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

captcha.px-cdn.net
client.px-cloud.net
dortmark.net
eekighoo.com
fonts.googleapis.com
fonts.gstatic.com
gulfirya785.socro-ad.club
haijezoa.top
mc.yandex.com
mc.yandex.ru
my.rtmark.net
res.cloudinary.com
socrobotic.store
139.45.195.8
139.45.196.64
139.45.197.248
151.101.65.40
172.67.138.253
2600:141b:1c00:2588::523
2600:141b:1c00:30::1739:5a6a
2606:4700:3030::ac43:caba
2606:4700:3035::ac43:b5cd
2607:f8b0:4006:80d::200a
2607:f8b0:4006:81c::2003
2a02:6b8::1:119
080868a636dfeaa0cb67e7b5e6a6566aa39261ac2278869a3662c68324f9c174
209a4f88cfe5f92396be6f54f6992a680391252bf8a239aef849ff6feaddd8fc
25c6a48c5e780ce8e9df271a911975e6f14f27c6c0a5ebabb9709bfb0728d471
2bfa8e9b4326caea44f0d0c0345a31f34f19d47ae2e60fbc7c557df9ceffdca6
2d77e5c2ba803d5fea829c025d5ce3710e003faad2a37f038dc7111537a9f15f
4916da6d6e00e0e6681cccaf9107eb45fdfc78fe2e476444623c30a64959b5e4
4fc6ba0e70c34d6c5712b91d073027b24911e855eea60ffd36086e51da332d7b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
758015e3cb56989df5cfcf912d2c3861a62e623d386ef12d4bacf15891a4eb81
7e41ca21e421f129d3881e345f990027b66c0ab3c5580e549575f9393d117cbd
835abdddf523b742619e089312b41a8b8f899f8e761b1cefcf6e47b22b7bc480
878d65ced232eea9f5ec8f95f6ced63db58ad2d6dc42e7cfb5de4275610f57c3
93c965a50f2f261c8129f7d7925e01625242b86907988f85003668c6c444ae50
9c641fd8ad8fc0517d4ee8d937866e2542fe7e0b07761c710a5c9a423b269dd9
9df4ea0c8c25b6c96ccb4ef96780a7b074ee266972670f2572d38a961f1b481f
9eeaad733b7ade1126ec3f883e1a282afbd5de7cd49d28f98e63a92b678b58a9
a2c860c8f8811b0f5b54279ab7e3673f2bdd7101dd2763b0dbe3281d6f5f5852
a51781140f038481b119cf4db966f23698f7647a2d56aaf14dae0e71fd6953d7
a5f17b302ec4f91ede66b8ae2b31b3dea2fd8ac9d32b7052023c9a50e50fc310
a731c8ab93911c4eff75d1a5ab79e8b87ef029f08936d54d7d02448bf6a9412b
c7c19e936856bf5d09135d91af1849ed58e2cea957059175bae4307bc015c25a
c93254c3b38a544885ef7418366c3895b1a9871669f56ef2c9ac9f1315525b5d
d36afa47da0fa561ad04f256f78e46685a8046ec83acaef61b6e6b3b71d48160
d72bd5954d7f907b3789b72ce0d6529e14f98d3a22aec30e16ed387122806ddc
dae132705fdace4d7c7059bfa338acc5bf6875ef10ba4876c28aae513404deda
f478ed77959ea20c09129f7f704ebcf6fb38dc14dc592a4583df39da4af74763
f870a6af6e850e5942690b7d536a57b8f9040cc2d95241cfa910d75a4c1972ba

haijezoa.top Open in urlscan Pro 172.67.138.253 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

38 Requests

95 %HTTPS

58 %IPv6

13 Domains

13 Subdomains

12 IPs

3 Countries

855 kBTransfer

1450 kBSize

25 Cookies

1 Outgoing links

Page URL History

Redirected requests

38 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

haijezoa.top Open in urlscan Pro
172.67.138.253 Public Scan

Screenshot
Live screenshot

Full Image

38
Requests

95 %
HTTPS

58 %
IPv6

13
Domains

13
Subdomains

12
IPs

3
Countries

855 kB
Transfer

1450 kB
Size

25
Cookies

38 HTTP transactions
2 data transactions