Report - qr.ingrossogomme.veneto.it/zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0

Report Overview

Submitted URL
qr.ingrossogomme.veneto.it/zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0
IP
172.67.187.51
ASN
#13335 CLOUDFLARENET
Submitted
2023-04-08 21:47:31
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp2.globalsign.com	1544	2012-05-23	2023-04-07	347 B	1.9 kB	104.18.20.226
fly.windguard.top	unknown	2023-03-31	2023-04-02	4.9 kB	81 kB	116.202.184.109
www.gstatic.com	unknown	2016-07-26	2023-04-07	1.3 kB	31 kB	216.58.211.3
js.pushssp.top	unknown	2022-12-22	2023-04-08	395 B	2.7 kB	5.75.133.219
qr.38052-ambiguous.edu.pl	unknown	No data	No data	754 B	14 kB	188.114.97.1
feed.cdnpsh.com	unknown	2022-12-21	2023-04-08	478 B	591 B	5.75.133.219
js.cdnpsh.com	unknown	2023-02-09	2023-04-08	514 B	23 kB	5.75.133.219
qr.ingrossogomme.veneto.it	unknown	No data	No data	427 B	787 B	104.21.64.174
counter.yadro.ru	7275	2014-09-09	2023-04-07	581 B	433 B	88.212.201.198
vcpkp.cloudpsh.top	unknown	2023-03-09	2023-04-04	1.1 kB	1.1 kB	5.75.133.219
code.jquery.com	634	2012-05-21	2023-04-08	824 B	60 kB	69.16.175.42
ocsp.pki.goog	175	2018-07-01	2023-04-07	666 B	1.4 kB	142.250.74.131
fonts.gstatic.com	unknown	2014-09-09	2023-04-07	1.0 kB	33 kB	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-04-08 21:47:17	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-04-08	medium	qr.ingrossogomme.veneto.it/zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0
2023-04-08	medium	vcpkp.cloudpsh.top/?pl=Rb6RftRizUO8EtK7b3ElNQ
2023-04-08	medium	vcpkp.cloudpsh.top/?pl=Rb6RftRizUO8EtK7b3ElNQ

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	Size	First Seen	Last Seen
	code.jquery.com/jquery-2.1.4.min.js	84 kB	2023-03-07	2024-07-26
Pretty URL code.jquery.com/jquery-2.1.4.min.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:48 Last Seen2024-07-26 23:44:43 Times Seen8824 Hash f9c7afd05729f10f55b689f36bb20172 43dc554608df885a59ddeece1598c6ace434d747 f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c Loading...

	fly.windguard.top/space-robot/assets/main.js	1.9 kB	2023-04-08	2023-04-10
Pretty URL fly.windguard.top/space-robot/assets/main.js IP 116.202.184.109 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-08 09:37:43 Last Seen2023-04-10 06:42:48 Times Seen4 Hash 9472819a186041e6d5a28ecc36bbf117 f615a7328bdc18d3fa4b5120742dc6fbc2def55f e461d9caf0c66ddebf4fd92844b71ff4ca9f73f786098ba4d50e81b7977aa69d Loading...

	www.gstatic.com/firebasejs/8.4.1/firebase-app.js	21 kB	2023-03-07	2024-07-25
Pretty URL www.gstatic.com/firebasejs/8.4.1/firebase-app.js IP 216.58.211.3 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-07-25 14:14:34 Times Seen5558 Hash e20da9cfaabf0b23d89c2335c06e2b03 b1af5616825acaba44bd714bd2685327abe896fd d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2 Loading...

	js.pushssp.top/ps/pl.js	2.4 kB	2023-04-06	2023-04-10
Pretty URL js.pushssp.top/ps/pl.js IP 5.75.133.219 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 13:20:35 Last Seen2023-04-10 06:42:48 Times Seen21 Hash d0e9b5107b5c75462de346fd49d591d1 ae731f4cecc538805b373cf7ba506c9ae9dcf8e5 7f38e37fca40f75b6d16f9387355b6cf816711b0ceab1358181d8e6ac98cf65b Loading...

	js.cdnpsh.com/ps/ps.js?&pl=true&id=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&click_id=&sub_id=	23 kB	2023-04-08	2023-04-08
Pretty URL js.cdnpsh.com/ps/ps.js?&pl=true&id=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&click_id=&sub_id= IP 5.75.133.219 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-08 23:47:32 Last Seen2023-04-08 23:47:32 Times Seen1 Hash d1c4918ab1af8986ade30c384ff53e30 d9d7be247c3227a9fc95ad81d7b02f717e1caadf 1f05240b426dff2042d569c90d57229b11a29be098339be8d5e47b65fb0995ed Loading...

	feed.cdnpsh.com/ps/config.js?id=Rb6RftRizUO8EtK7b3ElNQ	372 B	2023-04-05	2023-04-10
Pretty URL feed.cdnpsh.com/ps/config.js?id=Rb6RftRizUO8EtK7b3ElNQ IP 5.75.133.219 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 06:42:19 Last Seen2023-04-10 14:07:54 Times Seen30 Hash 0d8bb9468ccd0b8f1990cb60dc0f998c d2f3a8c4ad1230f67888f50bf9f43680d29e3a27 3d40180c72c2a9e9e50b9224eca106bde9f52c8268a56b926f7fad06bc10522c Loading...

	fly.windguard.top/space-robot/assets/trls.js	8.4 kB	2023-04-08	2023-04-10
Pretty URL fly.windguard.top/space-robot/assets/trls.js IP 116.202.184.109 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-08 09:37:43 Last Seen2023-04-10 06:42:48 Times Seen4 Hash d4ba9d41ba1ab537172b859b985c1503 179ce091d537cc9322d6c4ccd6081b71c3da4cd0 309f2dc180dc2237bfacedd18f8c2b6b1167a2c1ace83ce6f09b9e76edc042f7 Loading...

	www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js	41 kB	2023-03-07	2024-07-25
Pretty URL www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js IP 216.58.211.3 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:55 Last Seen2024-07-25 14:14:34 Times Seen7468 Hash a498cb0f91ef52cc08969e1737b34638 c0e12b338ca7adea31b105546fde021edecbfc3c a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7 Loading...

HTTP Transactions (27)

URL IP Response Size

qr.ingrossogomme.veneto.it/zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0

104.21.64.174

0 B

URL
qr.ingrossogomme.veneto.it/zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0
IP
104.21.64.174:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0 HTTP/1.1
Host: qr.ingrossogomme.veneto.it
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Moved Temporarily
Date: Sat, 08 Apr 2023 21:47:16 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Location: https://qr.38052-ambiguous.edu.pl/zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kRIaJ319WEtMES2OBubbeAdAkjAaWNBgq2mUZr6%2BCtNEXNfvgoI8GxQQOzDQ3y8fqJvV6qctFlD8npo%2BQFPiMMS1Bgqmq8hOmhruj10%2BBZP2HpyEs54CutoVpA2VbhJ1AsUmK3n%2BznJOo5O34A%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b4db5356facb503-OSL
alt-svc: h2=":443"; ma=60

ocsp2.globalsign.com/gsalphasha2g2

104.18.20.226

1.4 kB

URL
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
02c1709cee33676d7e29dd4b13677bbc
33b67c3ff4fe4cd229580d484260ddd5beb76d6c
e67b7bdeb72aa5346f43b74b965490202328419c50fd5793599ab3683fcc1fd1

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 08 Apr 2023 21:47:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 12 Apr 2023 19:04:26 GMT
ETag: "33b67c3ff4fe4cd229580d484260ddd5beb76d6c"
Last-Modified: Sat, 08 Apr 2023 19:04:27 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 458
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b4db53a0b24b4ed-OSL

counter.yadro.ru/hit;Korea?t39.8;r;s1280*1024*24;uhttps%3A//qr.38052-ambiguous.edu.pl/zd/canon-%25ED%2594%2584%25EB%25A6%25B0%25ED%2584%25B0;hJust%20a%20moment...;0.09521111473708666

88.212.201.198

130 B

URL
counter.yadro.ru/hit;Korea?t39.8;r;s1280*1024*24;uhttps%3A//qr.38052-ambiguous.edu.pl/zd/canon-%25ED%2594%2584%25EB%25A6%25B0%25ED%2584%25B0;hJust%20a%20moment...;0.09521111473708666
IP
88.212.201.198:0
ASN
#39134 United Network LLC

File type
GIF image data, version 87a, 31 x 31\012- data
Size
130 B (130 bytes)
Hash
37d40582c43ce723e6cfd676d1bfe391
9368ef39958e9152cbfe97c3763a08447b0d0cdc
97da286ce2ce72d0c8d611c00bd886aecd19459aca337ea1e62435cb4ff5da55

HTTP Headers

GET /hit;Korea?t39.8;r;s1280*1024*24;uhttps%3A//qr.38052-ambiguous.edu.pl/zd/canon-%25ED%2594%2584%25EB%25A6%25B0%25ED%2584%25B0;hJust%20a%20moment...;0.09521111473708666 HTTP/1.1
Host: counter.yadro.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qr.38052-ambiguous.edu.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sat, 08 Apr 2023 21:47:17 GMT
Content-Type: image/gif
Content-Length: 130
Connection: keep-alive
Expires: Fri, 08 Apr 2022 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400

vcpkp.cloudpsh.top/?pl=Rb6RftRizUO8EtK7b3ElNQ

5.75.133.219

302 Found

0 B

URL User Request GET HTTP/2
vcpkp.cloudpsh.top/?pl=Rb6RftRizUO8EtK7b3ElNQ
IP
5.75.133.219:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectcloudpsh.top
Fingerprint7E:43:11:3C:E5:BA:4D:CA:B3:48:58:DF:CC:AC:EA:DE:C8:D8:20:E9
ValidityMon, 20 Mar 2023 11:53:08 GMT - Sun, 18 Jun 2023 11:53:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /?pl=Rb6RftRizUO8EtK7b3ElNQ HTTP/1.1
Host: vcpkp.cloudpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sat, 08 Apr 2023 21:47:18 GMT
content-length: 0
location: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=IOPlp1-qkHFSbpVaFBT1ZQ&exp=1680990738
set-cookie: Rb6RftRizUO8EtK7b3ElNQ=1; max-age=345600; path=/; samesite=lax
__pl=cd75d7ef-e78f-42de-ae1d-ae6af8561209; expires=Tue, 08 Apr 2025 21:47:18 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2

fly.windguard.top/space-robot/assets/corner.png

116.202.184.109

200 OK

300 B

URL GET HTTP/2
fly.windguard.top/space-robot/assets/corner.png
IP
116.202.184.109:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced\012- data
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=IOPlp1-qkHFSbpVaFBT1ZQ&exp=1680990738
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:18 GMT
content-type: image/png
content-length: 300
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-12c"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

code.jquery.com/jquery-2.1.4.min.js

69.16.175.42

200 OK

30 kB

URL GET HTTP/2
code.jquery.com/jquery-2.1.4.min.js
IP
69.16.175.42:443
ASN
#20446 STACKPATH-CDN

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerSectigo Limited
Subject*.jquery.com
Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83
ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32025)
Size
30 kB (29519 bytes)
Hash
a7f7dc66f5ba563bdbd4077fa667016e
c98fd169e356a997daf790dac6ead0c49e8c1eda
5315acee8e8c38e3fe62cff3b7a50cfb46a1130b0abb61bf119340e6b73934ac

HTTP Headers

GET /jquery-2.1.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 08 Apr 2023 21:47:18 GMT
content-encoding: gzip
content-length: 29519
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
accept-ranges: bytes
server: nginx
etag: W/"28feccc0-14979"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1680990438.dop223.sk1.t,1680990438.cds018.sk1.hn,1680990438.cds017.sk1.c
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0c3b0b20c5a2c7b818da43e38478e8f9
d4f4312a880db2ed8a860d539c97f048f8577203
b1d4370b03059fea7e74e1b4539c68422291ffb6bfccc018bbe4fa3d0576f76d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Apr 2023 21:47:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.35

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22
ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fly.windguard.top
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 10:31:03 GMT
expires: Wed, 03 Apr 2024 10:31:03 GMT
cache-control: public, max-age=31536000
age: 386175
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0c3b0b20c5a2c7b818da43e38478e8f9
d4f4312a880db2ed8a860d539c97f048f8577203
b1d4370b03059fea7e74e1b4539c68422291ffb6bfccc018bbe4fa3d0576f76d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 08 Apr 2023 21:47:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fly.windguard.top/space-robot/assets/apple-touch-icon.png

116.202.184.109

200 OK

23 kB

URL GET HTTP/2
fly.windguard.top/space-robot/assets/apple-touch-icon.png
IP
116.202.184.109:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (23177 bytes)
Hash
f500ba7eee0ae7d1ceb44236ac253165
0614de220ecadb48038ed894d91120ba102c8367
ba5a3083c38d71a2191ee7e614a96812d1f9d88bbfb360d3b61dbb1ffcd51de5

HTTP Headers

GET /space-robot/assets/apple-touch-icon.png HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=IOPlp1-qkHFSbpVaFBT1ZQ&exp=1680990738
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:19 GMT
content-type: image/png
content-length: 23177
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-5a89"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

fly.windguard.top/space-robot/assets/favicon-16x16.png

116.202.184.109

200 OK

1.2 kB

URL GET HTTP/2
fly.windguard.top/space-robot/assets/favicon-16x16.png
IP
116.202.184.109:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
1.2 kB (1163 bytes)
Hash
9d35b617fd258f648c37812252297dd3
7e32fd007f1c6fe1466d15439173082c0fbe82da
e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a

HTTP Headers

GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=IOPlp1-qkHFSbpVaFBT1ZQ&exp=1680990738
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:19 GMT
content-type: image/png
content-length: 1163
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-48b"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

216.58.211.3

200 OK

6.8 kB

URL GET HTTP/3
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22
ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
cc9770d1cd023f5acf160f83840856fe
3b9c4a75943e3101e25a612ff975d03e9ef6f5ab
6b37f2d363f4b788f0b1473c7f51522bd85fe319ac39e7fb1c70aceaf35fe42e

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 07 Apr 2023 18:05:17 GMT
expires: Sat, 06 Apr 2024 18:05:17 GMT
cache-control: public, max-age=31536000
age: 99722
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

216.58.211.3

200 OK

11 kB

URL GET HTTP/3
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22
ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
65fc850cb32508517dcbc63b09aa7909
b6a0811a047ac43a061b326c424e57e3b125eaee
cb0497203016e7af18b3989110eaca26fed09c7c2e1ae0fda9a159b6784f69d5

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 08 Apr 2023 18:19:30 GMT
expires: Sun, 07 Apr 2024 18:19:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 12469
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

vcpkp.cloudpsh.top/?pl=Rb6RftRizUO8EtK7b3ElNQ

5.75.133.219

302 Found

0 B

URL User Request GET HTTP/2
vcpkp.cloudpsh.top/?pl=Rb6RftRizUO8EtK7b3ElNQ
IP
5.75.133.219:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectcloudpsh.top
Fingerprint7E:43:11:3C:E5:BA:4D:CA:B3:48:58:DF:CC:AC:EA:DE:C8:D8:20:E9
ValidityMon, 20 Mar 2023 11:53:08 GMT - Sun, 18 Jun 2023 11:53:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /?pl=Rb6RftRizUO8EtK7b3ElNQ HTTP/1.1
Host: vcpkp.cloudpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: Rb6RftRizUO8EtK7b3ElNQ=1; __pl=cd75d7ef-e78f-42de-ae1d-ae6af8561209; __cap=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-length: 0
location: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
set-cookie: Rb6RftRizUO8EtK7b3ElNQ=1; max-age=345600; path=/; samesite=lax
__pl=cd75d7ef-e78f-42de-ae1d-ae6af8561209; expires=Tue, 08 Apr 2025 21:47:20 GMT; path=/; samesite=lax
__cap=2; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2

code.jquery.com/jquery-2.1.4.min.js

69.16.175.42

200 OK

30 kB

URL GET HTTP/2
code.jquery.com/jquery-2.1.4.min.js
IP
69.16.175.42:443
ASN
#20446 STACKPATH-CDN

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerSectigo Limited
Subject*.jquery.com
Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83
ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32025)
Size
30 kB (29519 bytes)
Hash
a7f7dc66f5ba563bdbd4077fa667016e
c98fd169e356a997daf790dac6ead0c49e8c1eda
5315acee8e8c38e3fe62cff3b7a50cfb46a1130b0abb61bf119340e6b73934ac

HTTP Headers

GET /jquery-2.1.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 08 Apr 2023 21:47:20 GMT
content-encoding: gzip
content-length: 29519
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
accept-ranges: bytes
server: nginx
etag: W/"28feccc0-14979"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1680990440.dop223.sk1.t,1680990440.cds018.sk1.hn,1680990440.cds017.sk1.c
X-Firefox-Spdy: h2

fly.windguard.top/space-robot/assets/corner.png

116.202.184.109

200 OK

300 B

URL GET HTTP/2
fly.windguard.top/space-robot/assets/corner.png
IP
116.202.184.109:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced\012- data
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: image/png
content-length: 300
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-12c"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.35

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22
ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://fly.windguard.top
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 04 Apr 2023 10:31:03 GMT
expires: Wed, 03 Apr 2024 10:31:03 GMT
cache-control: public, max-age=31536000
age: 386177
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fly.windguard.top/space-robot/assets/main.js

116.202.184.109

200 OK

7.3 kB

URL GET HTTP/2
fly.windguard.top/space-robot/assets/main.js
IP
116.202.184.109:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT

File type
ASCII text, with very long lines (22952)
Size
7.3 kB (7283 bytes)
Hash
b02ee61ac36c2007f1711665d2fd31dc
1ccbb247da9bd8fd347c7324ebc8fd47f8b713cc
f0e855066c0787ce0219423e31f08e4a9f0aff97de40c1ff57402435c916d3a4

HTTP Headers

GET /space-robot/assets/main.js HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: application/javascript
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
vary: Accept-Encoding
etag: W/"62d11a1d-702"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

216.58.211.3

200 OK

11 kB

URL GET HTTP/3
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22
ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
65fc850cb32508517dcbc63b09aa7909
b6a0811a047ac43a061b326c424e57e3b125eaee
cb0497203016e7af18b3989110eaca26fed09c7c2e1ae0fda9a159b6784f69d5

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: www.gstatic.com
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 08 Apr 2023 18:19:30 GMT
expires: Sun, 07 Apr 2024 18:19:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 12470
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740

116.202.184.109

200 OK

35 kB

URL User Request GET HTTP/2
fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
IP
116.202.184.109:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT

File type
data
Size
35 kB (35236 bytes)
Hash
8402b24a0e3ff03d506553f19fc2c3f1
b4704466e82aec76161c9950cab5ae6abc524398
75fa87f87570110f68fbf3f4e2cf879ca507d08207b0fa3efeb3f4a7549f5657

HTTP Headers

GET /space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740 HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: text/html
last-modified: Mon, 13 Mar 2023 13:25:22 GMT
vary: Accept-Encoding
etag: W/"640f2442-3456"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

fly.windguard.top/space-robot/assets/style.css

116.202.184.109

200 OK

3.2 kB

URL GET HTTP/2
fly.windguard.top/space-robot/assets/style.css
IP
116.202.184.109:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT

File type
data
Size
3.2 kB (3208 bytes)
Hash
1d058cf4a8152bcc643b3f7aa220823f
7350507ac3574f9a8b3ba6e32a16e8771b62e236
142044cd9ed216146c2e77022fa80758726f0d3efd3f9a1bac42d9497e1a79d3

HTTP Headers

GET /space-robot/assets/style.css HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: text/css
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
vary: Accept-Encoding
etag: W/"62d11a1d-251e"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

fly.windguard.top/sw-cc9427041f85b66927b72d4c03f6eda4.js

116.202.184.109

0 B

URL
fly.windguard.top/sw-cc9427041f85b66927b72d4c03f6eda4.js
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sw-cc9427041f85b66927b72d4c03f6eda4.js HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Thu, 17 Feb 2022 13:24:13 GMT
If-None-Match: W/"620e4c7d-954"
Cache-Control: max-age=0
TE: trailers

HTTP/2 304 Not Modified
server: nginx
date: Sat, 08 Apr 2023 21:47:21 GMT
last-modified: Thu, 17 Feb 2022 13:24:13 GMT
etag: "620e4c7d-954"
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2

fly.windguard.top/space-robot/assets/trls.js

116.202.184.109

200 OK

7.8 kB

URL GET HTTP/2
fly.windguard.top/space-robot/assets/trls.js
IP
116.202.184.109:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT

File type
Unicode text, UTF-8 text, with very long lines (7365), with no line terminators
Size
7.8 kB (7806 bytes)
Hash
4e526b8d355fbe2295b3d2de2b38809a
9175019b7f8d012b755ab70fe1c9ffdab3b414c9
5ee479b1b1dd4bb9a22ce2c7036a4c2532c568b13e98e1dec83b4ebe5b8a4b5a

HTTP Headers

GET /space-robot/assets/trls.js HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: application/javascript
last-modified: Mon, 13 Mar 2023 13:25:22 GMT
vary: Accept-Encoding
etag: W/"640f2442-1e7e"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

js.pushssp.top/ps/pl.js

5.75.133.219

200 OK

2.4 kB

URL GET HTTP/2
js.pushssp.top/ps/pl.js
IP
5.75.133.219:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerLet's Encrypt
Subjectpushssp.top
FingerprintFC:E2:D3:C9:58:A6:E4:EA:D7:55:9A:AA:E0:6D:12:C2:E7:50:CF:4F
ValidityTue, 31 Jan 2023 11:56:20 GMT - Mon, 01 May 2023 11:56:19 GMT

File type
ASCII text, with very long lines (2444), with no line terminators
Size
2.4 kB (2439 bytes)
Hash
c72537d9055f921830cc916387a2b9b3
bcb348af5af8c2136f47dc8ccc9b592cc5bad9e1
95ce4369286d610f5d1d889ed685dc58e494ceebbf894074585ac88a42cdb3dc

HTTP Headers

GET /ps/pl.js HTTP/1.1
Host: js.pushssp.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2

js.cdnpsh.com/ps/ps.js?&pl=true&id=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&click_id=&sub_id=

5.75.133.219

200 OK

23 kB

URL GET HTTP/2
js.cdnpsh.com/ps/ps.js?&pl=true&id=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&click_id=&sub_id=
IP
5.75.133.219:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerLet's Encrypt
Subjectcdnpsh.com
Fingerprint70:66:F3:14:EA:86:02:81:C9:F7:5B:AF:B7:58:FE:69:7C:F4:E2:51
ValidityMon, 20 Feb 2023 09:54:43 GMT - Sun, 21 May 2023 09:54:42 GMT

File type

Size
23 kB (23034 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ps/ps.js?&pl=true&id=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&click_id=&sub_id= HTTP/1.1
Host: js.cdnpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Cookie: __psu=46cd250a-ab77-4e98-b724-e8d9f4d1d78b
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2

qr.38052-ambiguous.edu.pl/zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0

188.114.97.1

301 Moved Permanently

13 kB

URL User Request GET HTTP/2
qr.38052-ambiguous.edu.pl/zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subject*.38052-ambiguous.edu.pl
FingerprintC6:53:85:77:10:97:69:1A:08:9D:3A:DA:F9:52:6D:D8:3D:BA:CE:A9
ValiditySat, 25 Mar 2023 08:20:30 GMT - Fri, 23 Jun 2023 08:20:29 GMT

File type

Size
13 kB (13398 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zd/canon-%ED%94%84%EB%A6%B0%ED%84%B0 HTTP/1.1
Host: qr.38052-ambiguous.edu.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: antibot_uid=7c488d85daecc2bf18f4f49ac0fc0392; antibot_country=NO; antibot_lang=en; antibot_ptr=s919042154.blix.com; antibot_163ac4fc3a3625a95c52ec80d38ff925=cc0838680c8907531ef8307c567ee7c8; antibot_hits=2; antibot_unique_20230409=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Sat, 08 Apr 2023 21:47:19 GMT
content-type: text/html; charset=UTF-8
location: https://vcpkp.cloudpsh.top/?pl=Rb6RftRizUO8EtK7b3ElNQ
set-cookie: antibot_hits=3; expires=Sun, 09-Apr-2023 21:47:19 GMT; Max-Age=86400; path=/
expires: Tue, 18 Apr 2023 21:47:19 GMT
last-modified: Sat, 08 Apr 2023 21:47:19 GMT
cache-control: public, max-age=864000
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dE2b8eLhx093X8oKhAvW6406O5k66nb4G3vpvOIusDLQg2gjqCztBH3JiQkusdSbD9uxJvgWbkzpDU%2FLezQHj6kyRh%2ByJkl5gDrvoSzClHSUJLT2yvOxxeyEdMV5Ui3IiBg0ljFblDzoW8Jt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b4db5490fa6b509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

feed.cdnpsh.com/ps/config.js?id=Rb6RftRizUO8EtK7b3ElNQ

5.75.133.219

200 OK

354 B

URL GET HTTP/2
feed.cdnpsh.com/ps/config.js?id=Rb6RftRizUO8EtK7b3ElNQ
IP
5.75.133.219:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://fly.windguard.top/space-robot/?pl=Rb6RftRizUO8EtK7b3ElNQ&sm=space-robot&hash=FbS3LkxPYcsJrZZcuLQRJQ&exp=1680990740
Certificate
IssuerLet's Encrypt
Subjectcdnpsh.com
Fingerprint70:66:F3:14:EA:86:02:81:C9:F7:5B:AF:B7:58:FE:69:7C:F4:E2:51
ValidityMon, 20 Feb 2023 09:54:43 GMT - Sun, 21 May 2023 09:54:42 GMT

File type
ASCII text, with very long lines (370), with no line terminators
Size
354 B (354 bytes)
Hash
b99079f55970c9f6378b5b33fc13478e
a76227b32d8970e35d2d958acdfc976a21cc1bd3
8dd1ae0d1dd770416ec27b420d3ad667bac4de137078aad3815dabcd32e6927d

HTTP Headers

GET /ps/config.js?id=Rb6RftRizUO8EtK7b3ElNQ HTTP/1.1
Host: feed.cdnpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Cookie: __psu=73e2a0f8-0a45-4d59-9ff2-dc528e106882
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 08 Apr 2023 21:47:20 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML