Report - xc.veteransbenefitsinfopro.site/

Report Overview

Submitted URL
xc.veteransbenefitsinfopro.site/
IP
172.67.166.176
ASN
#13335 CLOUDFLARENET
Submitted
2023-04-01 10:41:24
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
xc.veteransbenefitsinfopro.site	unknown	2023-04-01T02:20:01Z	2023-04-01T02:20:01Z	1.5 kB	36 kB	104.21.11.171
fly.windguard.top	unknown	2023-03-31T14:42:57Z	2023-04-02T08:24:55Z	4.9 kB	36 kB	116.202.184.109
antibotcloud.com	unknown	2022-04-26T14:48:57Z	2023-04-02T17:03:29Z	497 B	20 kB	188.114.97.1
code.jquery.com	634	2012-05-21T19:28:02Z	2023-04-01T18:12:20Z	415 B	30 kB	69.16.175.42
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-04-01T18:12:04Z	686 B	1.4 kB	142.250.74.131
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-04-01T17:56:08Z	413 B	5.9 kB	34.160.144.191
counter.yadro.ru	7275	2014-09-09T20:41:17Z	2023-04-01T18:45:37Z	505 B	433 B	88.212.202.52
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-04-01T18:12:11Z	333 B	391 B	34.117.237.239
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-04-01T18:12:22Z	357 B	1.9 kB	104.18.21.226
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-04-01T18:14:35Z	606 B	238 B	34.117.65.55
js.pushssp.top	unknown	2022-12-22T12:46:51Z	2023-04-02T12:54:31Z	777 B	17 kB	5.75.133.219
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-04-01T05:09:04Z	2.7 kB	35 kB	34.120.237.76
js.cdnpsh.com	unknown	2023-02-09T09:06:01Z	2023-04-02T04:00:03Z	492 B	235 B	5.75.133.219
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-04-01T18:12:25Z	3.0 kB	8.0 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-04-01T18:13:29Z	782 B	2.4 kB	35.241.9.150

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-04-01 10:41:12	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-04-01	medium	xc.veteransbenefitsinfopro.site/	Malware
2023-04-01	medium	xc.veteransbenefitsinfopro.site/	Malware
2023-04-01	medium	xc.veteransbenefitsinfopro.site/	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	js.cdnpsh.com/ps/ps.js?pl=true&id=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&click_id=&sub_id=	22 kB	2023-04-01	2023-04-02
Pretty URL js.cdnpsh.com/ps/ps.js?pl=true&id=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&click_id=&sub_id= IP 5.75.133.219 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-01 11:16:05 Last Seen2023-04-02 21:25:35 Times Seen11 Hash de71d24fb2bcf9b152ac8989246a504e 67c767f8bb4e2c7caf948bafe3965c8826c8b0a3 0d2fa0c7dce662c9ad5d2089f46141b3ffdba60efdaa76577d6fd02ec280025b Loading...

	feed.cdnpsh.com/ps/config.js?id=Rb6RftRizUO8EtK7b3ElNQ	356 B	2023-03-14	2023-04-02
Pretty URL feed.cdnpsh.com/ps/config.js?id=Rb6RftRizUO8EtK7b3ElNQ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 13:31:58 Last Seen2023-04-02 21:29:47 Times Seen181 Hash d93bb318859bc34b78cad18336900ef0 41850f660c85ad8e1cbbe9e986db73a949dc761c ad20bac1315dfdb49471c8429821a302cc944fbfa9f7952575e9d6c1884a8af1 Loading...

	xc.veteransbenefitsinfopro.site/	312 B	2023-03-08	2023-04-05
Pretty URL xc.veteransbenefitsinfopro.site/ IP 104.21.11.171 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 11:54:42 Last Seen2023-04-05 02:09:39 Times Seen148 Hash 7a37ac4484c3dec85bb2c2e986bb2e25 48e17803b2a0a8fbecb7d3c0dda759968fac95eb 785aa71450cc237ee8f9823213d894f48837099ff5bafa577b8356d4ffeafc4c Loading...

	xc.veteransbenefitsinfopro.site/	3.7 kB	2023-04-02	2023-04-02
Pretty URL xc.veteransbenefitsinfopro.site/ IP 104.21.11.171 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-02 21:15:25 Last Seen2023-04-02 21:15:25 Times Seen1 Hash c422a8b26d82d4d06caecebf1e968e16 9b5f00acc43af9e65b7f932be304bbbabc78fad7 075f3c22f2fd10c44fe5828f890266db23864efe4bf2b3f6101cae53a3aa3eb3 Loading...

	fly.windguard.top/space-robot/assets/main.js	1.8 kB	2023-03-07	2024-01-31
Pretty URL fly.windguard.top/space-robot/assets/main.js IP 116.202.184.109 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:23 Last Seen2024-01-31 16:28:02 Times Seen559 Hash e007064d63d81a6d97c2f89715028389 2d198eb80febf99c6378586092731c6d1cf72c7a f392f08652d464570cdc9c514ba60a5fa93b8837d6e12fe1b225e700cde8fa72 Loading...

	www.gstatic.com/firebasejs/8.4.1/firebase-app.js	21 kB	2023-03-07	2024-05-09
Pretty URL www.gstatic.com/firebasejs/8.4.1/firebase-app.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-05-09 09:46:01 Times Seen5537 Hash e20da9cfaabf0b23d89c2335c06e2b03 b1af5616825acaba44bd714bd2685327abe896fd d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2 Loading...

	www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js	41 kB	2023-03-07	2024-05-09
Pretty URL www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:55 Last Seen2024-05-09 09:46:02 Times Seen7450 Hash a498cb0f91ef52cc08969e1737b34638 c0e12b338ca7adea31b105546fde021edecbfc3c a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7 Loading...

	fly.windguard.top/space-robot/assets/trls.js	7.8 kB	2023-03-26	2023-11-08
Pretty URL fly.windguard.top/space-robot/assets/trls.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 05:23:00 Last Seen2023-11-08 14:30:00 Times Seen569 Hash 59f05330688d8f2e5212cc7d7c5aea35 005ada82704b96f73669d53d8ac1373aa8852c48 19d86cc07a7da0beb9ede38f5c79c41e0e2576883c63593a548e3fe0d7c95f1e Loading...

	code.jquery.com/jquery-2.1.4.min.js	84 kB	2023-03-07	2024-05-10
Pretty URL code.jquery.com/jquery-2.1.4.min.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:48 Last Seen2024-05-10 09:11:39 Times Seen7473 Hash f9c7afd05729f10f55b689f36bb20172 43dc554608df885a59ddeece1598c6ace434d747 f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c Loading...

	js.pushssp.top/ps/pl.js	2.4 kB	2023-03-26	2023-04-05
Pretty URL js.pushssp.top/ps/pl.js IP 5.75.133.219 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 05:05:40 Last Seen2023-04-05 02:12:05 Times Seen137 Hash 9b6c5a4e3cf2c7c47581e3f954d9cb82 51161502cb315fbd92a201077be6c111eb3508eb 2ce124db8107aa34d7a68a4f60047f0a7e71c35c2c5048c0e45615131f5d2e76 Loading...

HTTP Transactions (40)

URL IP Response Size

xc.veteransbenefitsinfopro.site/

104.21.11.171

301 Moved Permanently

0 B

URL HTTP/1.1
xc.veteransbenefitsinfopro.site/
IP
104.21.11.171:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: xc.veteransbenefitsinfopro.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sat, 01 Apr 2023 10:41:13 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 01 Apr 2023 11:41:13 GMT
Location: https://xc.veteransbenefitsinfopro.site/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1jXV6p7VBqTlGyYcbxWabg0B%2FeuxpKCS9R59PFhUfNOT4UjBs2RSwC2T1BeSepE7Hjtpd2sFdT6bTxe%2FvnJ8X0a0Y8a0RpQVeeV7Ay7OOsWe1qRzsUt0R2Z87HYdDRA8%2FxD8YqpMrBk13lapWIwRJ4e"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b1037eb196fb500-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7af19a5145a4ee99bdf18831bad04bfd
7bdd2a4785b999ef54a2644211d2b2b7190fb8e1
3237bf0111ecdec3615c4d2d49a602f48f800335d0194f52b600bdaefbd63ed0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3237BF0111ECDEC3615C4D2D49A602F48F800335D0194F52B600BDAEFBD63ED0"
Last-Modified: Thu, 30 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9832
Expires: Sat, 01 Apr 2023 13:25:05 GMT
Date: Sat, 01 Apr 2023 10:41:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
034b06325b334948200ef1d79d4ddeb7
b9a3c93cff37cbaaf20cca79b965b1a21c525ce8
417ce2093027b05cc34199c75e6b29f155c4dd3150651b6b3dbe8564098c4143

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "417CE2093027B05CC34199C75E6B29F155C4DD3150651B6B3DBE8564098C4143"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11577
Expires: Sat, 01 Apr 2023 13:54:10 GMT
Date: Sat, 01 Apr 2023 10:41:13 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Alert, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 01 Apr 2023 10:16:15 GMT
content-type: application/json
age: 1498
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
374c9e295a804e605c402f48ae7e2446
967394b36ecdff2dd32842f878887f061024c6b3
7652dfcb9e2d620ce1d033be8ecc53166d2881154c15decd60899415e5ac2706

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7652DFCB9E2D620CE1D033BE8ECC53166D2881154C15DECD60899415E5AC2706"
Last-Modified: Thu, 30 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6099
Expires: Sat, 01 Apr 2023 12:22:52 GMT
Date: Sat, 01 Apr 2023 10:41:13 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: bkp8mTqn5TU+uhix3sP/+dr+XV0xWkJB1GVisI/pVws+XM3JeUFkFEO8JE1Gn4P0pakvoQUONQ4=
x-amz-request-id: F1R5S9HQ951WQM3A
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 01 Apr 2023 10:03:42 GMT
age: 2251
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 10:41:13 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsalphasha2g2

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
686def1677a49513ce26dbbe3bb20221
842c759251cac66b07c26d6aeb3afc7eea89e2ef
35abd17547086db71ccdd8715171c67075bb5f4c0733956acb9b50aadd2d98eb

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 10:41:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 05 Apr 2023 07:23:06 GMT
ETag: "842c759251cac66b07c26d6aeb3afc7eea89e2ef"
Last-Modified: Sat, 01 Apr 2023 07:23:07 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2426
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b1037ee4c830b3d-OSL

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9e9f6891559058a4f43596719386a231
8b9bdfb379748c09759d43d9771a71269c0391d3
d1a9523b4094f8ce15ca02124033623203e20b8e375172c1f84491d6b4c0ea6c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D1A9523B4094F8CE15CA02124033623203E20B8E375172C1F84491D6B4C0EA6C"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15124
Expires: Sat, 01 Apr 2023 14:53:17 GMT
Date: Sat, 01 Apr 2023 10:41:13 GMT
Connection: keep-alive

counter.yadro.ru/hit;Korea?t39.8;r;s1280*1024*24;uhttps%3A//xc.veteransbenefitsinfopro.site/;hJust%20a%20moment...;0.5456295798418848

88.212.202.52

200 OK

130 B

URL HTTP/1.1
counter.yadro.ru/hit;Korea?t39.8;r;s1280*1024*24;uhttps%3A//xc.veteransbenefitsinfopro.site/;hJust%20a%20moment...;0.5456295798418848
IP
88.212.202.52:0
ASN
#39134 United Network LLC

File type
GIF image data, version 87a, 31 x 31\012- data
Size
130 B (130 bytes)
Hash
37d40582c43ce723e6cfd676d1bfe391
9368ef39958e9152cbfe97c3763a08447b0d0cdc
97da286ce2ce72d0c8d611c00bd886aecd19459aca337ea1e62435cb4ff5da55

HTTP Headers

GET /hit;Korea?t39.8;r;s1280*1024*24;uhttps%3A//xc.veteransbenefitsinfopro.site/;hJust%20a%20moment...;0.5456295798418848 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xc.veteransbenefitsinfopro.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 01 Apr 2023 10:41:14 GMT
Content-Type: image/gif
Content-Length: 130
Connection: keep-alive
Expires: Thu, 31 Mar 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

push.services.mozilla.com/

34.117.65.55

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.117.65.55:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dAUp7snr/kJi3zBvZpVpnA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /56d49+KQw0q1snBuVT8JBdpidU=
Date: Sat, 01 Apr 2023 10:41:14 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Expires, Cache-Control, Content-Length, Retry-After, Last-Modified, Pragma, ETag, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 01 Apr 2023 10:17:27 GMT
age: 1427
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

xc.veteransbenefitsinfopro.site/

104.21.11.171

301 Moved Permanently

33 kB

URL HTTP/2
xc.veteransbenefitsinfopro.site/
IP
104.21.11.171:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (16918), with CRLF line terminators
Size
33 kB (32608 bytes)
Hash
b5ea8e7309acd7658d8221090fe55ad4
4088475f9c661d5a4fce8755776fc62c24581392
bbb72b9ecaa87f3c973524ff3e9d15f750c20e67e8f57ebf6bf25906eaec3bcb

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: xc.veteransbenefitsinfopro.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: antibot_uid=a59f007fbf3384ccc33cc586d5d348f0; antibot_country=NO; antibot_lang=en; antibot_ptr=s919042154.blix.com; antibot_f8c8f105482c2ee3c28e15c06f42de45=99a05f3d1f9ea66be51e96564a263f55; lastcid=1680345673.7449
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 01 Apr 2023 10:41:14 GMT
content-type: text/html; charset=UTF-8
location: https://vcpkp.cloudpsh.top/?pl=Rb6RftRizUO8EtK7b3ElNQ
set-cookie: antibot_hits=2; expires=Sun, 02-Apr-2023 10:41:14 GMT; Max-Age=86400; path=/
antibot_unique_20230401=1; expires=Sun, 02-Apr-2023 10:41:14 GMT; Max-Age=86400; path=/
lastcid=0; expires=Sat, 01-Apr-2023 10:39:34 GMT; Max-Age=0; path=/
expires: Tue, 11 Apr 2023 10:41:14 GMT
last-modified: Sat, 01 Apr 2023 10:41:14 GMT
cache-control: public, max-age=864000
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mE9gdSxe5CwMQWlEKqx0mkGQHQsFYhZE6EW9zZEFcZZtEqaWFJ9jbBVeAx5Jza%2BCiZQMtev10WLh9xwkQ0kvs%2F9t%2B48H2y5ixAVzK%2FrRhcplo6qW884Bgz6q2ZOLHLl0OqmGTMxzcl3Z8NqTBlGmg1ja"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b1037eecc9fb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fly.windguard.top/space-robot/assets/corner.png

116.202.184.109

200 OK

300 B

URL HTTP/2
fly.windguard.top/space-robot/assets/corner.png
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced\012- data
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=9uE5ZaK761NEWeOnpURm0Q&exp=1680345974
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 10:41:14 GMT
content-type: image/png
content-length: 300
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-12c"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

code.jquery.com/jquery-2.1.4.min.js

69.16.175.42

200 OK

30 kB

URL HTTP/2
code.jquery.com/jquery-2.1.4.min.js
IP
69.16.175.42:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (32025)
Size
30 kB (29519 bytes)
Hash
a7f7dc66f5ba563bdbd4077fa667016e
c98fd169e356a997daf790dac6ead0c49e8c1eda
5315acee8e8c38e3fe62cff3b7a50cfb46a1130b0abb61bf119340e6b73934ac

HTTP Headers

GET /jquery-2.1.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 01 Apr 2023 10:41:14 GMT
content-encoding: gzip
content-length: 29519
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
accept-ranges: bytes
server: nginx
etag: W/"28feccc0-14979"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1680345674.dop069.sk1.t,1680345674.cds222.sk1.hn,1680345674.cds017.sk1.c
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 10:41:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

antibotcloud.com/antibot7.php

188.114.97.1

200 OK

19 kB

URL HTTP/2
antibotcloud.com/antibot7.php
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with no line terminators
Size
19 kB (18962 bytes)
Hash
4881dab73e969e391289400b2010285c
78584d116ab1deb7a31c19a76ec4226a71aeb1f5
a6933c5f25b2de7edf3788feece3c20d998330e6a2edd51d29fa576a4780aeb1

HTTP Headers

POST /antibot7.php HTTP/1.1
Host: antibotcloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded;
Content-Length: 316
Origin: https://xc.veteransbenefitsinfopro.site
Connection: keep-alive
Referer: https://xc.veteransbenefitsinfopro.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 01 Apr 2023 10:41:13 GMT
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate
vary: Accept-Encoding
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-allow-headers: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BtN8zt3LS7lzO%2Fm1UZhwTZMB1Fw%2BOBsSjANi4NVdcbK9vt%2FBcsAqUYQAaje2uxYs8mAv46PCgzUjs1d2ePBXtFDRbMiZveXdLuWOUXY7bJPN9%2FnFLCt%2BjH0EBKTsAkdK%2Bzf4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b1037edcdc2b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 10:41:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fly.windguard.top/space-robot/assets/apple-touch-icon.png

116.202.184.109

200 OK

23 kB

URL HTTP/2
fly.windguard.top/space-robot/assets/apple-touch-icon.png
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (23177 bytes)
Hash
f500ba7eee0ae7d1ceb44236ac253165
0614de220ecadb48038ed894d91120ba102c8367
ba5a3083c38d71a2191ee7e614a96812d1f9d88bbfb360d3b61dbb1ffcd51de5

HTTP Headers

GET /space-robot/assets/apple-touch-icon.png HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=9uE5ZaK761NEWeOnpURm0Q&exp=1680345974
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 10:41:15 GMT
content-type: image/png
content-length: 23177
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-5a89"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

fly.windguard.top/space-robot/assets/favicon-16x16.png

116.202.184.109

200 OK

1.2 kB

URL HTTP/2
fly.windguard.top/space-robot/assets/favicon-16x16.png
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
1.2 kB (1163 bytes)
Hash
9d35b617fd258f648c37812252297dd3
7e32fd007f1c6fe1466d15439173082c0fbe82da
e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a

HTTP Headers

GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=9uE5ZaK761NEWeOnpURm0Q&exp=1680345974
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 10:41:15 GMT
content-type: image/png
content-length: 1163
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-48b"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

js.pushssp.top/ps/pl.js

5.75.133.219

200 OK

16 kB

URL HTTP/2
js.pushssp.top/ps/pl.js
IP
5.75.133.219:0
ASN
#24940 Hetzner Online GmbH

File type
Unicode text, UTF-8 text, with very long lines (23938), with CRLF, LF line terminators
Size
16 kB (16123 bytes)
Hash
9c43174ca1240ec0ee179666d6ab05f2
a899f84f4719e22842678329f0dff46aa656f1c3
01b08d9cd1f728e71c7cbffc666e85134f2595e7b19b256f37a547624588a61b

HTTP Headers

GET /ps/pl.js HTTP/1.1
Host: js.pushssp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 10:41:14 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2

fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=9uE5ZaK761NEWeOnpURm0Q&exp=1680345974

116.202.184.109

304 Not Modified

0 B

URL HTTP/2
fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=9uE5ZaK761NEWeOnpURm0Q&exp=1680345974
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=9uE5ZaK761NEWeOnpURm0Q&exp=1680345974 HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
If-Modified-Since: Mon, 13 Mar 2023 13:25:22 GMT
If-None-Match: W/"640f2442-3456"
TE: trailers

HTTP/2 304 Not Modified
server: nginx
date: Sat, 01 Apr 2023 10:41:15 GMT
last-modified: Mon, 13 Mar 2023 13:25:22 GMT
etag: "640f2442-3456"
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ff1d01e68831d80a4f75d7db3970972
1a9e1f3fa7389cccb0e91cff2616767e1616113e
fd74cb98e8809df139d3f187b78b0513a394231cb2660663ee250bc11b8e3e24

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD74CB98E8809DF139D3F187B78B0513A394231CB2660663EE250BC11B8E3E24"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10272
Expires: Sat, 01 Apr 2023 13:32:27 GMT
Date: Sat, 01 Apr 2023 10:41:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ff1d01e68831d80a4f75d7db3970972
1a9e1f3fa7389cccb0e91cff2616767e1616113e
fd74cb98e8809df139d3f187b78b0513a394231cb2660663ee250bc11b8e3e24

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD74CB98E8809DF139D3F187B78B0513A394231CB2660663EE250BC11B8E3E24"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10272
Expires: Sat, 01 Apr 2023 13:32:27 GMT
Date: Sat, 01 Apr 2023 10:41:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ff1d01e68831d80a4f75d7db3970972
1a9e1f3fa7389cccb0e91cff2616767e1616113e
fd74cb98e8809df139d3f187b78b0513a394231cb2660663ee250bc11b8e3e24

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD74CB98E8809DF139D3F187B78B0513A394231CB2660663EE250BC11B8E3E24"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10272
Expires: Sat, 01 Apr 2023 13:32:27 GMT
Date: Sat, 01 Apr 2023 10:41:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ff1d01e68831d80a4f75d7db3970972
1a9e1f3fa7389cccb0e91cff2616767e1616113e
fd74cb98e8809df139d3f187b78b0513a394231cb2660663ee250bc11b8e3e24

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD74CB98E8809DF139D3F187B78B0513A394231CB2660663EE250BC11B8E3E24"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10272
Expires: Sat, 01 Apr 2023 13:32:27 GMT
Date: Sat, 01 Apr 2023 10:41:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ff1d01e68831d80a4f75d7db3970972
1a9e1f3fa7389cccb0e91cff2616767e1616113e
fd74cb98e8809df139d3f187b78b0513a394231cb2660663ee250bc11b8e3e24

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD74CB98E8809DF139D3F187B78B0513A394231CB2660663EE250BC11B8E3E24"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10272
Expires: Sat, 01 Apr 2023 13:32:27 GMT
Date: Sat, 01 Apr 2023 10:41:15 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg

34.120.237.76

200 OK

3.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.8 kB (3800 bytes)
Hash
ddcef2c96778d9fdee670e187a43ab32
e8c98891a1ffdbb6d30cf8746e067d56fe65d964
4e6fb506079b1daab0b1913a31c6252452f133af9276e18d25fe6fb622ce54ec

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3800
x-amzn-requestid: a182fb32-649a-4228-a591-080aae8c053a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm9VEY2oAMFf5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751ee-3a1abb584aa61a954dbd52c1;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 8_m0xs9JUsoheDqkfPQdh3kzcE3zhX2Io1kl_Y4sDqLr2_03TiK2eA==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:50:35 GMT
etag: "e8c98891a1ffdbb6d30cf8746e067d56fe65d964"
content-type: image/jpeg
age: 46240
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95196399-f417-4284-9902-cf35b1e83360.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.8 kB (5830 bytes)
Hash
deb930830ac86ec8ace6a232f67810ba
d084bf4331446c35236019010b2bcf82d45dad1c
bb81782bf590d601110ec8fb891f701e0f5084bda46370d30345bd81403a33ab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95196399-f417-4284-9902-cf35b1e83360.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5830
x-amzn-requestid: 0897bf26-6156-48d3-ba67-596cc326dddc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CqnHHG0JoAMF87w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6427522d-6f380d901d9d6b737ec19d6d;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:35:41 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Bn3MbOV7qxTzTjDiOpS3qgs61KZJTe8bY6sHQa_68HPqyLaL-ZsI3Q==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 ef6538ee7be7b17c84d06edb0f4c0a1a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:50:38 GMT
age: 46237
etag: "d084bf4331446c35236019010b2bcf82d45dad1c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabf52f1a-4364-4b49-adea-7bf4d36f11d4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.9 kB (4911 bytes)
Hash
04734b0c35626d752b7dddcbaa0fa4e1
ee66c3533a104626998925bb5beca3db458ddbf6
f780348104af10e94cec57e8d8f22609a00f978316893edd8d111e34f19fea4a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fabf52f1a-4364-4b49-adea-7bf4d36f11d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4911
x-amzn-requestid: 911b4c5f-1de9-472a-a0e2-d532d50ee210
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm7NFmFIAMFZ_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751e1-76cbfa4d0e30bbc22f913058;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:25 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: VMVm-JdJ_fHWp7H5FZYtlmRAFnOZy_uNRWKklXn1xRldnC7-BwN2Vg==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 b838ef1ff22a4a994af82d5178c30e1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:38:48 GMT
age: 46947
etag: "ee66c3533a104626998925bb5beca3db458ddbf6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1e5dbb1-cba2-4500-9086-8f86460069ae.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (5035 bytes)
Hash
cfbc0c97bcd9123d224a861041b4bf8b
3703d612c4cd2eba9bf0d1ff51f18b82b0b56f2e
f20466a2a79c2ca459f0bc81ba3172b4ec299afd9238740f63974230e8d6bba3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff1e5dbb1-cba2-4500-9086-8f86460069ae.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5035
x-amzn-requestid: 51fdff0b-5db9-4cc2-a09d-83ef5c9ce4dc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm8FHMqoAMFRmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751e6-3ebcdf7878b4481f599fac7f;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:30 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: vT-j6Lv1SCYsEt9tTY3mw2piKpxCbQw92GlDjBYBqrCmye0_sl2MiA==
via: 1.1 fb2e3e161147dc940086f9545b8e0e4a.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:55:10 GMT
age: 45965
etag: "3703d612c4cd2eba9bf0d1ff51f18b82b0b56f2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24171d10-56ac-40e7-9d10-77b9e948da6e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10128 bytes)
Hash
c193cd4520e8ee5d17cd1f3faadc1c73
b46effcb93e0ad066474ec1f67bcd54020615caf
bc824341b884278e7e69ae3bb87484ad914e5909544959ebc8f8661a545cb929

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24171d10-56ac-40e7-9d10-77b9e948da6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10128
x-amzn-requestid: bdd46a1d-4b43-4450-be32-3e3947d2fcd7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm9VELdIAMFmmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751ee-346e92d143f6fcf46db741c8;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: TzZpij5xeF-mrrMvpNNPJQA62GcNd0qPNAh_7IAme7SI3WwmZ4itcg==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:47:54 GMT
etag: "b46effcb93e0ad066474ec1f67bcd54020615caf"
content-type: image/jpeg
age: 46401
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fly.windguard.top/space-robot/assets/style.css

116.202.184.109

200 OK

9.5 kB

URL HTTP/2
fly.windguard.top/space-robot/assets/style.css
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
9.5 kB (9522 bytes)
Hash
047b6a9b99c64dca6292463eb42a7fbb
d4ccf691c805ee4660e3a261585973f17a35eeb3
23822420f425ed385816d090b6a54022a9afe5b84e28a1e040700be66fd9bd34

HTTP Headers

GET /space-robot/assets/style.css HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=9uE5ZaK761NEWeOnpURm0Q&exp=1680345974
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 10:41:14 GMT
content-type: text/css
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
vary: Accept-Encoding
etag: W/"62d11a1d-251e"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

fly.windguard.top/sw-b7b4e27f51f228c20b85cf691189e9d0.js

116.202.184.109

304 Not Modified

0 B

URL HTTP/2
fly.windguard.top/sw-b7b4e27f51f228c20b85cf691189e9d0.js
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sw-b7b4e27f51f228c20b85cf691189e9d0.js HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Thu, 17 Feb 2022 13:24:13 GMT
If-None-Match: W/"620e4c7d-954"
Cache-Control: max-age=0
TE: trailers

HTTP/2 304 Not Modified
server: nginx
date: Sat, 01 Apr 2023 10:41:16 GMT
last-modified: Thu, 17 Feb 2022 13:24:13 GMT
etag: "620e4c7d-954"
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2

fly.windguard.top/sw-b7b4e27f51f228c20b85cf691189e9d0.js

116.202.184.109

200 OK

0 B

URL HTTP/2
fly.windguard.top/sw-b7b4e27f51f228c20b85cf691189e9d0.js
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw-b7b4e27f51f228c20b85cf691189e9d0.js HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 10:41:15 GMT
content-type: application/javascript
last-modified: Thu, 17 Feb 2022 13:24:13 GMT
vary: Accept-Encoding
etag: W/"620e4c7d-954"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=9uE5ZaK761NEWeOnpURm0Q&exp=1680345974

116.202.184.109

200 OK

0 B

URL HTTP/2
fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=9uE5ZaK761NEWeOnpURm0Q&exp=1680345974
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=9uE5ZaK761NEWeOnpURm0Q&exp=1680345974 HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 10:41:14 GMT
content-type: text/html
last-modified: Mon, 13 Mar 2023 13:25:22 GMT
vary: Accept-Encoding
etag: W/"640f2442-3456"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

js.pushssp.top/ps/pl.js

5.75.133.219

200 OK

0 B

URL HTTP/2
js.pushssp.top/ps/pl.js
IP
5.75.133.219:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ps/pl.js HTTP/1.1
Host: js.pushssp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 10:41:15 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2

fly.windguard.top/space-robot/assets/main.js

116.202.184.109

200 OK

0 B

URL HTTP/2
fly.windguard.top/space-robot/assets/main.js
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /space-robot/assets/main.js HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=9uE5ZaK761NEWeOnpURm0Q&exp=1680345974
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 10:41:14 GMT
content-type: application/javascript
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
vary: Accept-Encoding
etag: W/"62d11a1d-702"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

js.cdnpsh.com/ps/ps.js?pl=true&id=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&click_id=&sub_id=

5.75.133.219

200 OK

0 B

URL HTTP/2
js.cdnpsh.com/ps/ps.js?pl=true&id=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&click_id=&sub_id=
IP
5.75.133.219:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ps/ps.js?pl=true&id=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&click_id=&sub_id= HTTP/1.1
Host: js.cdnpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Cookie: __psu=0ef00c93-e2e3-499b-bded-501aa2f265a3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 10:41:15 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2

xc.veteransbenefitsinfopro.site/

104.21.11.171

200 OK

0 B

URL HTTP/2
xc.veteransbenefitsinfopro.site/
IP
104.21.11.171:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: xc.veteransbenefitsinfopro.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Sat, 01 Apr 2023 10:41:13 GMT
content-type: text/html; charset=UTF-8
set-cookie: antibot_uid=a59f007fbf3384ccc33cc586d5d348f0; expires=Sun, 31-Mar-2024 10:41:13 GMT; Max-Age=31536000; path=/
antibot_country=NO; expires=Tue, 11-Apr-2023 10:41:13 GMT; Max-Age=864000; path=/
antibot_lang=en; expires=Tue, 11-Apr-2023 10:41:13 GMT; Max-Age=864000; path=/
antibot_ptr=s919042154.blix.com; expires=Tue, 11-Apr-2023 10:41:13 GMT; Max-Age=864000; path=/
x-robots-tag: noindex
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate
link: <https://antibotcloud.com/antibot7.php>; rel=dns-prefetch
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZOkWXuhXDJUQsCRYi9tI8WCSmrJrl3kFBbll4MhEex8PJura5rlVUX%2FNP1eGuv7LUBMKjadieXkE9Xx7bH9ztgPCNLAt%2BK9w%2Buzb6IuzXWoTfjHnJ32RMeGQ56DMlnfbmKMC16TdtIsN%2B5RTbAzf4LL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b1037ec5f151bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML