| qr.ingrossogomme.veneto.it/zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0 | 104.21.64.174 | | 0 B |
URL qr.ingrossogomme.veneto.it/zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0 IP 104.21.64.174:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | fortinet | Malware | |
GET /zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0 HTTP/1.1
Host: qr.ingrossogomme.veneto.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Date: Sat, 08 Apr 2023 21:47:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Location: https://qr.38052-ambiguous.edu.pl/zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kRIaJ319WEtMES2OBubbeAdAkjAaWNBgq2mUZr6%2BCtNEXNfvgoI8GxQQOzDQ3y8fqJvV6qctFlD8npo%2BQFPiMMS1Bgqmq8hOmhruj10%2BBZP2HpyEs54CutoVpA2VbhJ1AsUmK3n%2BznJOo5O34A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b4db5356facb503-OSL
alt-svc: h2=":443"; ma=60
|
|
| ocsp2.globalsign.com/gsalphasha2g2 | 104.18.20.226 | | 1.4 kB |
URL ocsp2.globalsign.com/gsalphasha2g2 IP 104.18.20.226:0
Hash02c1709cee33676d7e29dd4b13677bbc 33b67c3ff4fe4cd229580d484260ddd5beb76d6c e67b7bdeb72aa5346f43b74b965490202328419c50fd5793599ab3683fcc1fd1
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 08 Apr 2023 21:47:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 12 Apr 2023 19:04:26 GMT
ETag: "33b67c3ff4fe4cd229580d484260ddd5beb76d6c"
Last-Modified: Sat, 08 Apr 2023 19:04:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 458
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b4db53a0b24b4ed-OSL
|
|
| counter.yadro.ru/hit;Korea?t39.8;r;s1280*1024*24;uhttps%3A//qr.38052-ambiguous.edu.pl/zd/canon-%25ED%2594%2584%25EB%25A6%25B0%25ED%2584%25B0;hJust%20a%20moment...;0.09521111473708666 | 88.212.201.198 | | 130 B |
URL counter.yadro.ru/hit;Korea?t39.8;r;s1280*1024*24;uhttps%3A//qr.38052-ambiguous.edu.pl/zd/canon-%25ED%2594%2584%25EB%25A6%25B0%25ED%2584%25B0;hJust%20a%20moment...;0.09521111473708666 IP 88.212.201.198:0
ASN#39134 United Network LLC
File typeGIF image data, version 87a, 31 x 31\012- data Hash37d40582c43ce723e6cfd676d1bfe391 9368ef39958e9152cbfe97c3763a08447b0d0cdc 97da286ce2ce72d0c8d611c00bd886aecd19459aca337ea1e62435cb4ff5da55
GET /hit;Korea?t39.8;r;s1280*1024*24;uhttps%3A//qr.38052-ambiguous.edu.pl/zd/canon-%25ED%2594%2584%25EB%25A6%25B0%25ED%2584%25B0;hJust%20a%20moment...;0.09521111473708666 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qr.38052-ambiguous.edu.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 08 Apr 2023 21:47:17 GMT
Content-Type: image/gif
Content-Length: 130
Connection: keep-alive
Expires: Fri, 08 Apr 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400
|
|
| vcpkp.cloudpsh.top/?pl=Rb6RftRizUO8EtK7b3ElNQ | 5.75.133.219 | 302 Found | 0 B |
URL User Request GET HTTP/2vcpkp.cloudpsh.top/?pl=Rb6RftRizUO8EtK7b3ElNQ IP 5.75.133.219:443
ASN#24940 Hetzner Online GmbH
CertificateIssuerLet's Encrypt Subjectcloudpsh.top Fingerprint7E:43:11:3C:E5:BA:4D:CA:B3:48:58:DF:CC:AC:EA:DE:C8:D8:20:E9 ValidityMon, 20 Mar 2023 11:53:08 GMT - Sun, 18 Jun 2023 11:53:07 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | fortinet | Malware | |
GET /?pl=Rb6RftRizUO8EtK7b3ElNQ HTTP/1.1
Host: vcpkp.cloudpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Sat, 08 Apr 2023 21:47:18 GMT
content-length: 0
location: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=IOPlp1-qkHFSbpVaFBT1ZQ&exp=1680990738
set-cookie: Rb6RftRizUO8EtK7b3ElNQ=1; max-age=345600; path=/; samesite=lax
__pl=cd75d7ef-e78f-42de-ae1d-ae6af8561209; expires=Tue, 08 Apr 2025 21:47:18 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
|
|
| fly.windguard.top/space-robot/assets/corner.png | 116.202.184.109 | 200 OK | 300 B |
URL GET HTTP/2fly.windguard.top/space-robot/assets/corner.png IP 116.202.184.109:443
ASN#24940 Hetzner Online GmbH
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File typePNG image data, 44 x 44, 8-bit colormap, non-interlaced\012- data Hashf66c38fa2cd7c50bd1989d41da28fb80 e1de333eca72647f3c1831083fe678cfa8fe9eab 3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2
GET /space-robot/assets/corner.png HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=IOPlp1-qkHFSbpVaFBT1ZQ&exp=1680990738
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:18 GMT
content-type: image/png
content-length: 300
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-12c"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-2.1.4.min.js | 69.16.175.42 | 200 OK | 30 kB |
URL GET HTTP/2code.jquery.com/jquery-2.1.4.min.js IP 69.16.175.42:443
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerSectigo Limited Subject*.jquery.com Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83 ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT
File typeASCII text, with very long lines (32025) Hasha7f7dc66f5ba563bdbd4077fa667016e c98fd169e356a997daf790dac6ead0c49e8c1eda 5315acee8e8c38e3fe62cff3b7a50cfb46a1130b0abb61bf119340e6b73934ac
GET /jquery-2.1.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sat, 08 Apr 2023 21:47:18 GMT
content-encoding: gzip
content-length: 29519
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
accept-ranges: bytes
server: nginx
etag: W/"28feccc0-14979"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1680990438.dop223.sk1.t,1680990438.cds018.sk1.hn,1680990438.cds017.sk1.c
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 471 B |
IP 142.250.74.131:0
Hash0c3b0b20c5a2c7b818da43e38478e8f9 d4f4312a880db2ed8a860d539c97f048f8577203 b1d4370b03059fea7e74e1b4539c68422291ffb6bfccc018bbe4fa3d0576f76d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Apr 2023 21:47:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 | 142.250.74.35 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 IP 142.250.74.35:443
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22 ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data Hash285467176f7fe6bb6a9c6873b3dad2cc ea04e4ff5142ddd69307c183def721a160e0a64e 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fly.windguard.top
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 10:31:03 GMT
expires: Wed, 03 Apr 2024 10:31:03 GMT
cache-control: public, max-age=31536000
age: 386175
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | | 471 B |
IP 142.250.74.131:0
Hash0c3b0b20c5a2c7b818da43e38478e8f9 d4f4312a880db2ed8a860d539c97f048f8577203 b1d4370b03059fea7e74e1b4539c68422291ffb6bfccc018bbe4fa3d0576f76d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Apr 2023 21:47:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fly.windguard.top/space-robot/assets/apple-touch-icon.png | 116.202.184.109 | 200 OK | 23 kB |
URL GET HTTP/2fly.windguard.top/space-robot/assets/apple-touch-icon.png IP 116.202.184.109:443
ASN#24940 Hetzner Online GmbH
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File typePNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data Hashf500ba7eee0ae7d1ceb44236ac253165 0614de220ecadb48038ed894d91120ba102c8367 ba5a3083c38d71a2191ee7e614a96812d1f9d88bbfb360d3b61dbb1ffcd51de5
GET /space-robot/assets/apple-touch-icon.png HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=IOPlp1-qkHFSbpVaFBT1ZQ&exp=1680990738
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:19 GMT
content-type: image/png
content-length: 23177
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-5a89"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fly.windguard.top/space-robot/assets/favicon-16x16.png | 116.202.184.109 | 200 OK | 1.2 kB |
URL GET HTTP/2fly.windguard.top/space-robot/assets/favicon-16x16.png IP 116.202.184.109:443
ASN#24940 Hetzner Online GmbH
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data Hash9d35b617fd258f648c37812252297dd3 7e32fd007f1c6fe1466d15439173082c0fbe82da e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a
GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=IOPlp1-qkHFSbpVaFBT1ZQ&exp=1680990738
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:19 GMT
content-type: image/png
content-length: 1163
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-48b"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/firebasejs/8.4.1/firebase-app.js | 216.58.211.3 | 200 OK | 6.8 kB |
URL GET HTTP/3www.gstatic.com/firebasejs/8.4.1/firebase-app.js IP 216.58.211.3:443
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22 ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT
File typeASCII text, with very long lines (21158) Hashcc9770d1cd023f5acf160f83840856fe 3b9c4a75943e3101e25a612ff975d03e9ef6f5ab 6b37f2d363f4b788f0b1473c7f51522bd85fe319ac39e7fb1c70aceaf35fe42e
GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 07 Apr 2023 18:05:17 GMT
expires: Sat, 06 Apr 2024 18:05:17 GMT
cache-control: public, max-age=31536000
age: 99722
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js | 216.58.211.3 | 200 OK | 11 kB |
URL GET HTTP/3www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js IP 216.58.211.3:443
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22 ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT
File typeASCII text, with very long lines (40976) Hash65fc850cb32508517dcbc63b09aa7909 b6a0811a047ac43a061b326c424e57e3b125eaee cb0497203016e7af18b3989110eaca26fed09c7c2e1ae0fda9a159b6784f69d5
GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 08 Apr 2023 18:19:30 GMT
expires: Sun, 07 Apr 2024 18:19:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 12469
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| vcpkp.cloudpsh.top/?pl=Rb6RftRizUO8EtK7b3ElNQ | 5.75.133.219 | 302 Found | 0 B |
URL User Request GET HTTP/2vcpkp.cloudpsh.top/?pl=Rb6RftRizUO8EtK7b3ElNQ IP 5.75.133.219:443
ASN#24940 Hetzner Online GmbH
CertificateIssuerLet's Encrypt Subjectcloudpsh.top Fingerprint7E:43:11:3C:E5:BA:4D:CA:B3:48:58:DF:CC:AC:EA:DE:C8:D8:20:E9 ValidityMon, 20 Mar 2023 11:53:08 GMT - Sun, 18 Jun 2023 11:53:07 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | fortinet | Malware | |
GET /?pl=Rb6RftRizUO8EtK7b3ElNQ HTTP/1.1
Host: vcpkp.cloudpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: Rb6RftRizUO8EtK7b3ElNQ=1; __pl=cd75d7ef-e78f-42de-ae1d-ae6af8561209; __cap=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-length: 0
location: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
set-cookie: Rb6RftRizUO8EtK7b3ElNQ=1; max-age=345600; path=/; samesite=lax
__pl=cd75d7ef-e78f-42de-ae1d-ae6af8561209; expires=Tue, 08 Apr 2025 21:47:20 GMT; path=/; samesite=lax
__cap=2; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-2.1.4.min.js | 69.16.175.42 | 200 OK | 30 kB |
URL GET HTTP/2code.jquery.com/jquery-2.1.4.min.js IP 69.16.175.42:443
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerSectigo Limited Subject*.jquery.com Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83 ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT
File typeASCII text, with very long lines (32025) Hasha7f7dc66f5ba563bdbd4077fa667016e c98fd169e356a997daf790dac6ead0c49e8c1eda 5315acee8e8c38e3fe62cff3b7a50cfb46a1130b0abb61bf119340e6b73934ac
GET /jquery-2.1.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sat, 08 Apr 2023 21:47:20 GMT
content-encoding: gzip
content-length: 29519
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
accept-ranges: bytes
server: nginx
etag: W/"28feccc0-14979"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1680990440.dop223.sk1.t,1680990440.cds018.sk1.hn,1680990440.cds017.sk1.c
X-Firefox-Spdy: h2
|
|
| fly.windguard.top/space-robot/assets/corner.png | 116.202.184.109 | 200 OK | 300 B |
URL GET HTTP/2fly.windguard.top/space-robot/assets/corner.png IP 116.202.184.109:443
ASN#24940 Hetzner Online GmbH
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File typePNG image data, 44 x 44, 8-bit colormap, non-interlaced\012- data Hashf66c38fa2cd7c50bd1989d41da28fb80 e1de333eca72647f3c1831083fe678cfa8fe9eab 3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2
GET /space-robot/assets/corner.png HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: image/png
content-length: 300
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-12c"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 | 142.250.74.35 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 IP 142.250.74.35:443
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22 ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data Hash285467176f7fe6bb6a9c6873b3dad2cc ea04e4ff5142ddd69307c183def721a160e0a64e 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fly.windguard.top
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 10:31:03 GMT
expires: Wed, 03 Apr 2024 10:31:03 GMT
cache-control: public, max-age=31536000
age: 386177
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| fly.windguard.top/space-robot/assets/main.js | 116.202.184.109 | 200 OK | 7.3 kB |
URL GET HTTP/2fly.windguard.top/space-robot/assets/main.js IP 116.202.184.109:443
ASN#24940 Hetzner Online GmbH
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File typeASCII text, with very long lines (22952) Hashb02ee61ac36c2007f1711665d2fd31dc 1ccbb247da9bd8fd347c7324ebc8fd47f8b713cc f0e855066c0787ce0219423e31f08e4a9f0aff97de40c1ff57402435c916d3a4
GET /space-robot/assets/main.js HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: application/javascript
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
vary: Accept-Encoding
etag: W/"62d11a1d-702"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js | 216.58.211.3 | 200 OK | 11 kB |
URL GET HTTP/3www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js IP 216.58.211.3:443
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22 ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT
File typeASCII text, with very long lines (40976) Hash65fc850cb32508517dcbc63b09aa7909 b6a0811a047ac43a061b326c424e57e3b125eaee cb0497203016e7af18b3989110eaca26fed09c7c2e1ae0fda9a159b6784f69d5
GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: www.gstatic.com
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 08 Apr 2023 18:19:30 GMT
expires: Sun, 07 Apr 2024 18:19:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 12470
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 | 116.202.184.109 | 200 OK | 35 kB |
URL User Request GET HTTP/2fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 IP 116.202.184.109:443
ASN#24940 Hetzner Online GmbH
CertificateIssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
Hash8402b24a0e3ff03d506553f19fc2c3f1 b4704466e82aec76161c9950cab5ae6abc524398 75fa87f87570110f68fbf3f4e2cf879ca507d08207b0fa3efeb3f4a7549f5657
GET /space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: text/html
last-modified: Mon, 13 Mar 2023 13:25:22 GMT
vary: Accept-Encoding
etag: W/"640f2442-3456"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fly.windguard.top/space-robot/assets/style.css | 116.202.184.109 | 200 OK | 3.2 kB |
URL GET HTTP/2fly.windguard.top/space-robot/assets/style.css IP 116.202.184.109:443
ASN#24940 Hetzner Online GmbH
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
Hash1d058cf4a8152bcc643b3f7aa220823f 7350507ac3574f9a8b3ba6e32a16e8771b62e236 142044cd9ed216146c2e77022fa80758726f0d3efd3f9a1bac42d9497e1a79d3
GET /space-robot/assets/style.css HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: text/css
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
vary: Accept-Encoding
etag: W/"62d11a1d-251e"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| fly.windguard.top/sw-cc9427041f85b66927b72d4c03f6eda4.js | 116.202.184.109 | | 0 B |
URL fly.windguard.top/sw-cc9427041f85b66927b72d4c03f6eda4.js IP 116.202.184.109:0
ASN#24940 Hetzner Online GmbH
CertificateIssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sw-cc9427041f85b66927b72d4c03f6eda4.js HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Thu, 17 Feb 2022 13:24:13 GMT
If-None-Match: W/"620e4c7d-954"
Cache-Control: max-age=0
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Sat, 08 Apr 2023 21:47:21 GMT
last-modified: Thu, 17 Feb 2022 13:24:13 GMT
etag: "620e4c7d-954"
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2
|
|
| fly.windguard.top/space-robot/assets/trls.js | 116.202.184.109 | 200 OK | 7.8 kB |
URL GET HTTP/2fly.windguard.top/space-robot/assets/trls.js IP 116.202.184.109:443
ASN#24940 Hetzner Online GmbH
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File typeUnicode text, UTF-8 text, with very long lines (7365), with no line terminators Hash4e526b8d355fbe2295b3d2de2b38809a 9175019b7f8d012b755ab70fe1c9ffdab3b414c9 5ee479b1b1dd4bb9a22ce2c7036a4c2532c568b13e98e1dec83b4ebe5b8a4b5a
GET /space-robot/assets/trls.js HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: application/javascript
last-modified: Mon, 13 Mar 2023 13:25:22 GMT
vary: Accept-Encoding
etag: W/"640f2442-1e7e"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| js.pushssp.top/ps/pl.js | 5.75.133.219 | 200 OK | 2.4 kB |
IP 5.75.133.219:443
ASN#24940 Hetzner Online GmbH
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerLet's Encrypt Subjectpushssp.top FingerprintFC:E2:D3:C9:58:A6:E4:EA:D7:55:9A:AA:E0:6D:12:C2:E7:50:CF:4F ValidityTue, 31 Jan 2023 11:56:20 GMT - Mon, 01 May 2023 11:56:19 GMT
File typeASCII text, with very long lines (2444), with no line terminators Hashc72537d9055f921830cc916387a2b9b3 bcb348af5af8c2136f47dc8ccc9b592cc5bad9e1 95ce4369286d610f5d1d889ed685dc58e494ceebbf894074585ac88a42cdb3dc
GET /ps/pl.js HTTP/1.1
Host: js.pushssp.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| js.cdnpsh.com/ps/ps.js?&pl=true&id=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&click_id=&sub_id= | 5.75.133.219 | 200 OK | 23 kB |
URL GET HTTP/2js.cdnpsh.com/ps/ps.js?&pl=true&id=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&click_id=&sub_id= IP 5.75.133.219:443
ASN#24940 Hetzner Online GmbH
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerLet's Encrypt Subjectcdnpsh.com Fingerprint70:66:F3:14:EA:86:02:81:C9:F7:5B:AF:B7:58:FE:69:7C:F4:E2:51 ValidityMon, 20 Feb 2023 09:54:43 GMT - Sun, 21 May 2023 09:54:42 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ps/ps.js?&pl=true&id=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&click_id=&sub_id= HTTP/1.1
Host: js.cdnpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Cookie: __psu=46cd250a-ab77-4e98-b724-e8d9f4d1d78b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2
|
|
| qr.38052-ambiguous.edu.pl/zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0 | 188.114.97.1 | 301 Moved Permanently | 13 kB |
URL User Request GET HTTP/2qr.38052-ambiguous.edu.pl/zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0 IP 188.114.97.1:443
CertificateIssuerGoogle Trust Services LLC Subject*.38052-ambiguous.edu.pl FingerprintC6:53:85:77:10:97:69:1A:08:9D:3A:DA:F9:52:6D:D8:3D:BA:CE:A9 ValiditySat, 25 Mar 2023 08:20:30 GMT - Fri, 23 Jun 2023 08:20:29 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0 HTTP/1.1
Host: qr.38052-ambiguous.edu.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: antibot_uid=7c488d85daecc2bf18f4f49ac0fc0392; antibot_country=NO; antibot_lang=en; antibot_ptr=s919042154.blix.com; antibot_163ac4fc3a3625a95c52ec80d38ff925=cc0838680c8907531ef8307c567ee7c8; antibot_hits=2; antibot_unique_20230409=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Sat, 08 Apr 2023 21:47:19 GMT
content-type: text/html; charset=UTF-8
location: https://vcpkp.cloudpsh.top/?pl=Rb6RftRizUO8EtK7b3ElNQ
set-cookie: antibot_hits=3; expires=Sun, 09-Apr-2023 21:47:19 GMT; Max-Age=86400; path=/
expires: Tue, 18 Apr 2023 21:47:19 GMT
last-modified: Sat, 08 Apr 2023 21:47:19 GMT
cache-control: public, max-age=864000
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dE2b8eLhx093X8oKhAvW6406O5k66nb4G3vpvOIusDLQg2gjqCztBH3JiQkusdSbD9uxJvgWbkzpDU%2FLezQHj6kyRh%2ByJkl5gDrvoSzClHSUJLT2yvOxxeyEdMV5Ui3IiBg0ljFblDzoW8Jt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b4db5490fa6b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| feed.cdnpsh.com/ps/config.js?id=Rb6RftRizUO8EtK7b3ElNQ | 5.75.133.219 | 200 OK | 354 B |
URL GET HTTP/2feed.cdnpsh.com/ps/config.js?id=Rb6RftRizUO8EtK7b3ElNQ IP 5.75.133.219:443
ASN#24940 Hetzner Online GmbH
Requested byhttps://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 CertificateIssuerLet's Encrypt Subjectcdnpsh.com Fingerprint70:66:F3:14:EA:86:02:81:C9:F7:5B:AF:B7:58:FE:69:7C:F4:E2:51 ValidityMon, 20 Feb 2023 09:54:43 GMT - Sun, 21 May 2023 09:54:42 GMT
File typeASCII text, with very long lines (370), with no line terminators Hashb99079f55970c9f6378b5b33fc13478e a76227b32d8970e35d2d958acdfc976a21cc1bd3 8dd1ae0d1dd770416ec27b420d3ad667bac4de137078aad3815dabcd32e6927d
GET /ps/config.js?id=Rb6RftRizUO8EtK7b3ElNQ HTTP/1.1
Host: feed.cdnpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Cookie: __psu=73e2a0f8-0a45-4d59-9ff2-dc528e106882
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2
|
|