www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109
185.53.179.170 1.4 kB URL www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109
IP 185.53.179.170:0
ASN #61969 Team Internet AG
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (385)
Hash 71ff0955f7c35fa9e39f5ef844405eb7
ec0ca35c09d647cac94c646e7e22fba8b8db9095
ae757b5965686d052d079baf99791c3c233b36b0cbceff3827dc5e0e8354cba6
GET /search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109 HTTP/1.1
Host: www2.megawebdeals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Apr 2023 06:08:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Redirect: zeropark_zeroclick
X-Buckets: bucket011
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_C0eDv+v0hZ2tGqj0dVliuUefk9wBXSDfoYilMsjeKKxcwKNBRJK7XB3ckzdiQZiXqywzCwEY9Cva7p3/hc66jw==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Domain: megawebdeals.com
X-Subdomain: www2
Content-Encoding: gzip
d38psrni17bvxu.cloudfront.net/scripts/js3.js
54.230.245.22 1.1 kB URL d38psrni17bvxu.cloudfront.net/scripts/js3.js
IP 54.230.245.22:0
File type ASCII text, with very long lines (468)
Hash a66b149a7ebc798955373415d683f32a
15ceaba8cfae8368600620ae97aa26ae7331d626
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9
GET /scripts/js3.js HTTP/1.1
Host: d38psrni17bvxu.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www2.megawebdeals.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1096
Connection: keep-alive
Server: nginx
Date: Sun, 09 Apr 2023 04:13:01 GMT
Last-Modified: Mon, 23 Jan 2023 11:12:07 GMT
Accept-Ranges: bytes
ETag: "63ce6b87-448"
X-Cache: Hit from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: T0IBA3iiWlCA0YhI2lqI2iht4vj1e4EyLSgZstzp1fO3A-Tbuibldw==
Age: 6918
www2.megawebdeals.com/track.php?domain=megawebdeals.com&toggle=browserjs&uid=MTY4MTAyMDQ5OC44NDc3OjMyNGM3NmFlZWFkOGY4ZTkzY2Q0ZmYxOWE2YmQ0NDZlMjY4YzIwMmVlNzcxZDE0ZTVmMzU5MGJmYjhjODhkNTI6NjQzMjU2NTJjZWY1NA%3D%3D
185.53.179.170 20 B URL www2.megawebdeals.com/track.php?domain=megawebdeals.com&toggle=browserjs&uid=MTY4MTAyMDQ5OC44NDc3OjMyNGM3NmFlZWFkOGY4ZTkzY2Q0ZmYxOWE2YmQ0NDZlMjY4YzIwMmVlNzcxZDE0ZTVmMzU5MGJmYjhjODhkNTI6NjQzMjU2NTJjZWY1NA%3D%3D
IP 185.53.179.170:0
ASN #61969 Team Internet AG
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=megawebdeals.com&toggle=browserjs&uid=MTY4MTAyMDQ5OC44NDc3OjMyNGM3NmFlZWFkOGY4ZTkzY2Q0ZmYxOWE2YmQ0NDZlMjY4YzIwMmVlNzcxZDE0ZTVmMzU5MGJmYjhjODhkNTI6NjQzMjU2NTJjZWY1NA%3D%3D HTTP/1.1
Host: www2.megawebdeals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Apr 2023 06:08:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www2.megawebdeals.com/ls.php?t=64325653&token=1e66279a05e1b12d2cf6dd01612fc49ab927bbac
185.53.179.170 16 B URL www2.megawebdeals.com/ls.php?t=64325653&token=1e66279a05e1b12d2cf6dd01612fc49ab927bbac
IP 185.53.179.170:0
ASN #61969 Team Internet AG
File type JSON data\012- , ASCII text, with no line terminators
Hash 7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
GET /ls.php?t=64325653&token=1e66279a05e1b12d2cf6dd01612fc49ab927bbac HTTP/1.1
Host: www2.megawebdeals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 201 Created
Server: nginx
Date: Sun, 09 Apr 2023 06:08:20 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 64325654597e1406b810d02d
Charset: utf-8
Access-Control-Allow-Origin:
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_YzkoQaxSwmOoL8dE8H2+Sb6JxXakIvAMS9VDHdtJ5tNwHvV4JJRFK8hX7dwR5Rh3xW7py2Mjpvvo1GovZxh5CQ==
www2.megawebdeals.com/favicon.ico
185.53.179.170 0 B URL www2.megawebdeals.com/favicon.ico
IP 185.53.179.170:0
ASN #61969 Team Internet AG
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www2.megawebdeals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Apr 2023 06:08:20 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
www2.megawebdeals.com/track.php?click=7d905f613654ea9b70e255b7bdd643a73d525fe6&domain=megawebdeals.com&uid=MTY4MTAyMDQ5OC44NDc3OjMyNGM3NmFlZWFkOGY4ZTkzY2Q0ZmYxOWE2YmQ0NDZlMjY4YzIwMmVlNzcxZDE0ZTVmMzU5MGJmYjhjODhkNTI6NjQzMjU2NTJjZWY1NA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NDMyNTY1MmNlZjNhfHx8MTY4MTAyMDQ5OS4xNjk3fDRjZmFjMzk1OTQ1YjJhOGMzNDBjYWRkZjZiYjBiYjhjMTllYjE0MzR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXwxZTY2Mjc5YTA1ZTFiMTJkMmNmNmRkMDE2MTJmYzQ5YWI5MjdiYmFjfDB8ZHAtdGVhbWludGVybmV0MDdfM3BofDB8MA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
185.53.179.170 20 B URL www2.megawebdeals.com/track.php?click=7d905f613654ea9b70e255b7bdd643a73d525fe6&domain=megawebdeals.com&uid=MTY4MTAyMDQ5OC44NDc3OjMyNGM3NmFlZWFkOGY4ZTkzY2Q0ZmYxOWE2YmQ0NDZlMjY4YzIwMmVlNzcxZDE0ZTVmMzU5MGJmYjhjODhkNTI6NjQzMjU2NTJjZWY1NA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NDMyNTY1MmNlZjNhfHx8MTY4MTAyMDQ5OS4xNjk3fDRjZmFjMzk1OTQ1YjJhOGMzNDBjYWRkZjZiYjBiYjhjMTllYjE0MzR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXwxZTY2Mjc5YTA1ZTFiMTJkMmNmNmRkMDE2MTJmYzQ5YWI5MjdiYmFjfDB8ZHAtdGVhbWludGVybmV0MDdfM3BofDB8MA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
IP 185.53.179.170:0
ASN #61969 Team Internet AG
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?click=7d905f613654ea9b70e255b7bdd643a73d525fe6&domain=megawebdeals.com&uid=MTY4MTAyMDQ5OC44NDc3OjMyNGM3NmFlZWFkOGY4ZTkzY2Q0ZmYxOWE2YmQ0NDZlMjY4YzIwMmVlNzcxZDE0ZTVmMzU5MGJmYjhjODhkNTI6NjQzMjU2NTJjZWY1NA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NDMyNTY1MmNlZjNhfHx8MTY4MTAyMDQ5OS4xNjk3fDRjZmFjMzk1OTQ1YjJhOGMzNDBjYWRkZjZiYjBiYjhjMTllYjE0MzR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXwxZTY2Mjc5YTA1ZTFiMTJkMmNmNmRkMDE2MTJmYzQ5YWI5MjdiYmFjfDB8ZHAtdGVhbWludGVybmV0MDdfM3BofDB8MA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off HTTP/1.1
Host: www2.megawebdeals.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 09 Apr 2023 06:08:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-View-Match: true
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ishku-wbq.com/zcvisitor/ec8a4402-d69c-11ed-be0e-12ec9d2994b7/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97
54.204.83.105 1.1 kB URL ishku-wbq.com/zcvisitor/ec8a4402-d69c-11ed-be0e-12ec9d2994b7/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97
IP 54.204.83.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 08a027475716bb901ada9fcddefc34c3
25127405218ca9375421f440b4940695dd3b9c66
e6169b421572032977295f19752b1a8716748e0617b294ce2d75b6817eb18520
GET /zcvisitor/ec8a4402-d69c-11ed-be0e-12ec9d2994b7/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97 HTTP/1.1
Host: ishku-wbq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www2.megawebdeals.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Sun, 09 Apr 2023 06:08:20 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: XolaYZjt
ishku-wbq.com/zcredirect?visitid=ec8a4402-d69c-11ed-be0e-12ec9d2994b7&type=js&browserWidth=1152&browserHeight=901&iframeDetected=false&webdriverDetected=false
54.204.83.105 464 B URL ishku-wbq.com/zcredirect?visitid=ec8a4402-d69c-11ed-be0e-12ec9d2994b7&type=js&browserWidth=1152&browserHeight=901&iframeDetected=false&webdriverDetected=false
IP 54.204.83.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e1dafd8c17ae37be2806e4a7ebebfc17
5cdbbbc7d2607e46e34a42462b985467ae6bd8aa
1ab4cb777b57bbd3f1c5eac5138103c2271464ec3a44bed723deac8418a781ec
GET /zcredirect?visitid=ec8a4402-d69c-11ed-be0e-12ec9d2994b7&type=js&browserWidth=1152&browserHeight=901&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: ishku-wbq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ishku-wbq.com/zcvisitor/ec8a4402-d69c-11ed-be0e-12ec9d2994b7/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Date: Sun, 09 Apr 2023 06:08:20 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: VRFNOpii
ishku-wbq.com/favicon.ico
54.204.83.105 653 B URL ishku-wbq.com/favicon.ico
IP 54.204.83.105:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: ishku-wbq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ishku-wbq.com/zcredirect?visitid=ec8a4402-d69c-11ed-be0e-12ec9d2994b7&type=js&browserWidth=1152&browserHeight=901&iframeDetected=false&webdriverDetected=false
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404
Date: Sun, 09 Apr 2023 06:08:20 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: pTZyLxuj
go.proffering.xyz/15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=delta-ads-k8e57xm7d9&cost=0.001200&external_id=NON-ADULT
20.113.67.50 304 B URL go.proffering.xyz/15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=delta-ads-k8e57xm7d9&cost=0.001200&external_id=NON-ADULT
IP 20.113.67.50:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document, ASCII text, with very long lines (304), with no line terminators
Hash 5aeb9bd69a17fee5e0ea1ab0b47d3e0c
92a95b27e334fb34d03bf3a9d10880857f3078da
7397747b8c4b41e3a7a926c631cb833c227542ccce25e2e663b6fbac4fc7ef3c
GET /15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=delta-ads-k8e57xm7d9&cost=0.001200&external_id=NON-ADULT HTTP/1.1
Host: go.proffering.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ishku-wbq.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Sun, 09 Apr 2023 06:08:21 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 304
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15GUILo=20230409091681020636248; domain=.go.proffering.xyz; path=/;expires=Mon, 10 Apr 2023 06:08:20 GMT; httpOnly=true;SameSite=None; Secure;
_pc_lc_id=15GUIL; domain=.go.proffering.xyz; path=/;expires=Mon, 10 Apr 2023 06:08:20 GMT; httpOnly=true;SameSite=None; Secure;
peerclickcid=717ff48ca52422e1df0fa9a24991667f-11246-0409; domain=.go.proffering.xyz; path=/;expires=Mon, 10 Apr 2023 06:08:21 GMT; httpOnly=true;SameSite=None; Secure;
_norg=1; domain=.go.proffering.xyz; path=/;expires=Mon, 10 Apr 2023 06:08:21 GMT; httpOnly=true;SameSite=None; Secure;
Location: https://qwfuu.chainbelt.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409
Vary: Accept
qwfuu.chainbelt.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409
5.75.133.219 0 B URL qwfuu.chainbelt.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409
IP 5.75.133.219:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409 HTTP/1.1
Host: qwfuu.chainbelt.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ishku-wbq.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Sun, 09 Apr 2023 06:08:21 GMT
content-length: 0
location: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
set-cookie: W7-lkuObDEWXzHM4LgqUhA=19; max-age=345600; path=/; samesite=lax
__pl=c99ac462-05ac-4557-86fd-1814028d143e; expires=Wed, 09 Apr 2025 06:08:21 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/thumb-big.jpg
116.202.184.109200 OK 83 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/thumb-big.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Hash cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788
GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-142bf"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/favicon.ico
116.202.184.109204 No Content 0 B URL GET HTTP/2 fly.windguard.top/favicon.ico
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-1.jpg
116.202.184.109200 OK 14 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-1.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47
GET /ph-new/assets/rec-1.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-3844"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-2.jpg
116.202.184.109200 OK 11 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-2.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash dbe1dba764a2ef20cf6760ad30539988
e14dca406d4f5932a9a4683635bbdf87def79eba
b0fe8ace388ec8556bcdd46cd30a03ddaadcf80d124e9052f2a19a27061829f7
GET /ph-new/assets/rec-2.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: image/jpeg
content-length: 10890
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-2a8a"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-3.jpg
116.202.184.109200 OK 15 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-3.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 4d58cecaa4f40c979917c8e4d907033f
f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c
9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996
GET /ph-new/assets/rec-3.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: image/jpeg
content-length: 15217
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-3b71"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-4.jpg
116.202.184.109200 OK 8.9 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-4.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 8375f2a1249ce00f118c5b616ab71492
4e2d3bc095c01632578b0b39afbfc03f43e3fa42
f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483
GET /ph-new/assets/rec-4.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: image/jpeg
content-length: 8900
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-22c4"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-5.jpg
116.202.184.109200 OK 13 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-5.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash f9ec603fbe19b12e8a8c1874eea3e5f2
0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9
a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02
GET /ph-new/assets/rec-5.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: image/jpeg
content-length: 13149
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-335d"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-6.jpg
116.202.184.109200 OK 16 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-6.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 4887925f773d2ba9caea39686f764c7f
98c9abb09854fee425dbd78ad623af053cec6721
6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773
GET /ph-new/assets/rec-6.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: image/jpeg
content-length: 15988
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-3e74"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-7.jpg
116.202.184.109200 OK 14 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-7.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash f8af6bb4bdbbf2788da61a614e2f214e
d4a22a315356fcbc5f4a6af2d8a15e96721abddc
edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc
GET /ph-new/assets/rec-7.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: image/jpeg
content-length: 13963
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-368b"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-8.jpg
116.202.184.109200 OK 13 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-8.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash eb826882457e1589d8a7d3b3499c4556
91284882dec199a9cc02ffa3ef3c86505159ce12
4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940
GET /ph-new/assets/rec-8.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: image/jpeg
content-length: 12992
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-32c0"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
feed.cdnpsh.com/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA
5.75.133.219200 OK 15 kB URL GET HTTP/2 feed.cdnpsh.com/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA
IP 5.75.133.219:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectcdnpsh.com
Fingerprint70:66:F3:14:EA:86:02:81:C9:F7:5B:AF:B7:58:FE:69:7C:F4:E2:51
ValidityMon, 20 Feb 2023 09:54:43 GMT - Sun, 21 May 2023 09:54:42 GMT
Hash 10621f80356683e82adef4d5b0d4c5e5
3a0e8b5a6afca79bfc392c739d2f26e3ca5f3b2f
18ddb7ebfc03aebafee25ee96ef0530b6e8ee13c651b11195f5374cc205151d7
GET /ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA HTTP/1.1
Host: feed.cdnpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: __psu=e43c05bb-0262-4a4e-92d5-c510794ee7e6; expires=Wed, 09 Apr 2025 06:08:22 GMT; path=/; secure; samesite=none
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/2.jpg
116.202.184.109200 OK 21 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/2.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash c3f3eb5d00c73ac19828309a4cde4e96
be66f4e10a00d90a0f8fdc0a5a4dbd19c143d97d
626b570f2ffdf83add77f51246ccb195fec4c15e4289173b8183cd47e7cfd763
GET /ph-new/assets/2.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: image/jpeg
content-length: 21253
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-5305"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/3.jpg
116.202.184.109200 OK 11 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/3.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 3f9b232e4a112a89dedcae34ff319dda
5c633886ceeaf3b1185e24253df6be39378c8e85
55fddecdb3ed8e536018523555d995f39f85304bbc00f65ab96472236b57a49a
GET /ph-new/assets/3.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: image/jpeg
content-length: 11094
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-2b56"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/4.jpg
116.202.184.109200 OK 14 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/4.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash a4bef91e21afc13fed7f0bebcc6c4495
5dd2288d13e016a66fbe1f5605b2ed0fc3ad6326
44d3bf237a20f5d36a663aedd4a909a6118e6e35d6fe84971861f5638c070ecd
GET /ph-new/assets/4.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: image/jpeg
content-length: 13611
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-352b"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/5.jpg
116.202.184.109200 OK 12 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/5.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 113d196991f086fe21f82ee35286eddc
093b74a20c8902f13be1ee735f90a93e397227f9
34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1
GET /ph-new/assets/5.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: image/jpeg
content-length: 11713
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-2dc1"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 0c3b0b20c5a2c7b818da43e38478e8f9
d4f4312a880db2ed8a860d539c97f048f8577203
b1d4370b03059fea7e74e1b4539c68422291ffb6bfccc018bbe4fa3d0576f76d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 09 Apr 2023 06:08:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
216.58.211.3200 OK 6.8 kB URL GET HTTP/3 www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP 216.58.211.3:443
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22
ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT
File type ASCII text, with very long lines (21158)
Hash cc9770d1cd023f5acf160f83840856fe
3b9c4a75943e3101e25a612ff975d03e9ef6f5ab
6b37f2d363f4b788f0b1473c7f51522bd85fe319ac39e7fb1c70aceaf35fe42e
GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 07 Apr 2023 18:05:17 GMT
expires: Sat, 06 Apr 2024 18:05:17 GMT
cache-control: public, max-age=31536000
age: 129785
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 0c3b0b20c5a2c7b818da43e38478e8f9
d4f4312a880db2ed8a860d539c97f048f8577203
b1d4370b03059fea7e74e1b4539c68422291ffb6bfccc018bbe4fa3d0576f76d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 09 Apr 2023 06:08:22 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
216.58.211.3200 OK 11 kB URL GET HTTP/3 www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP 216.58.211.3:443
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22
ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT
File type ASCII text, with very long lines (40976)
Hash 65fc850cb32508517dcbc63b09aa7909
b6a0811a047ac43a061b326c424e57e3b125eaee
cb0497203016e7af18b3989110eaca26fed09c7c2e1ae0fda9a159b6784f69d5
GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 08 Apr 2023 18:19:30 GMT
expires: Sun, 07 Apr 2024 18:19:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 42532
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/thumb-big.jpg
116.202.184.109200 OK 83 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/thumb-big.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data
Hash cb5cedbae6d67e62dc9fde274b7f7dbe
f31d7811c4b6e50ae053f315152366501a8b6002
deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788
GET /ph-new/assets/thumb-big.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 82623
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-142bf"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/favicon.ico
116.202.184.109204 No Content 0 B URL GET HTTP/2 fly.windguard.top/favicon.ico
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2
fly.windguard.top/sw-cd58b1ff42f27c13b4b3a3385217f176.js
116.202.184.109 7.7 kB URL fly.windguard.top/sw-cd58b1ff42f27c13b4b3a3385217f176.js
IP 116.202.184.109:0
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type ASCII text, with very long lines (21160)
Hash 1602a84083e1da740c3e49f4fcba12cc
48f7b76ca70a968d2dce3df950432bdb37b93793
b9a2f87d2ee2a9d6f951962b36704abd9d9ceb02f20d81fcf4a16051322bd984
GET /sw-cd58b1ff42f27c13b4b3a3385217f176.js HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:22 GMT
content-type: application/javascript
last-modified: Thu, 17 Feb 2022 13:24:13 GMT
vary: Accept-Encoding
etag: W/"620e4c7d-954"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
216.58.211.3200 OK 11 kB URL GET HTTP/3 www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP 216.58.211.3:443
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22
ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT
File type ASCII text, with very long lines (40976)
Hash 65fc850cb32508517dcbc63b09aa7909
b6a0811a047ac43a061b326c424e57e3b125eaee
cb0497203016e7af18b3989110eaca26fed09c7c2e1ae0fda9a159b6784f69d5
GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: www.gstatic.com
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 08 Apr 2023 18:19:30 GMT
expires: Sun, 07 Apr 2024 18:19:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 42533
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fly.windguard.top/ph-new/assets/rec-1.jpg
116.202.184.109200 OK 14 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-1.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47
GET /ph-new/assets/rec-1.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-3844"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-2.jpg
116.202.184.109200 OK 11 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-2.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash dbe1dba764a2ef20cf6760ad30539988
e14dca406d4f5932a9a4683635bbdf87def79eba
b0fe8ace388ec8556bcdd46cd30a03ddaadcf80d124e9052f2a19a27061829f7
GET /ph-new/assets/rec-2.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 10890
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-2a8a"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-3.jpg
116.202.184.109200 OK 15 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-3.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 4d58cecaa4f40c979917c8e4d907033f
f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c
9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996
GET /ph-new/assets/rec-3.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 15217
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-3b71"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-4.jpg
116.202.184.109200 OK 8.9 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-4.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 8375f2a1249ce00f118c5b616ab71492
4e2d3bc095c01632578b0b39afbfc03f43e3fa42
f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483
GET /ph-new/assets/rec-4.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 8900
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-22c4"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-5.jpg
116.202.184.109200 OK 13 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-5.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash f9ec603fbe19b12e8a8c1874eea3e5f2
0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9
a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02
GET /ph-new/assets/rec-5.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 13149
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-335d"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-6.jpg
116.202.184.109200 OK 16 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-6.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 4887925f773d2ba9caea39686f764c7f
98c9abb09854fee425dbd78ad623af053cec6721
6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773
GET /ph-new/assets/rec-6.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 15988
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-3e74"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-7.jpg
116.202.184.109200 OK 14 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-7.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash f8af6bb4bdbbf2788da61a614e2f214e
d4a22a315356fcbc5f4a6af2d8a15e96721abddc
edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc
GET /ph-new/assets/rec-7.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 13963
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-368b"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/rec-8.jpg
116.202.184.109200 OK 13 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-8.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash eb826882457e1589d8a7d3b3499c4556
91284882dec199a9cc02ffa3ef3c86505159ce12
4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940
GET /ph-new/assets/rec-8.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 12992
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-32c0"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/1.jpg
116.202.184.109200 OK 14 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/1.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash b2abcc52b7bf315893f6751d5fc7875e
5997c599c5e6c408b9019159f4608026a78223cf
098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47
GET /ph-new/assets/1.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 14404
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-3844"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/2.jpg
116.202.184.109200 OK 21 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/2.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash c3f3eb5d00c73ac19828309a4cde4e96
be66f4e10a00d90a0f8fdc0a5a4dbd19c143d97d
626b570f2ffdf83add77f51246ccb195fec4c15e4289173b8183cd47e7cfd763
GET /ph-new/assets/2.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 21253
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-5305"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/3.jpg
116.202.184.109200 OK 11 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/3.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 3f9b232e4a112a89dedcae34ff319dda
5c633886ceeaf3b1185e24253df6be39378c8e85
55fddecdb3ed8e536018523555d995f39f85304bbc00f65ab96472236b57a49a
GET /ph-new/assets/3.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 11094
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-2b56"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/4.jpg
116.202.184.109200 OK 14 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/4.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash a4bef91e21afc13fed7f0bebcc6c4495
5dd2288d13e016a66fbe1f5605b2ed0fc3ad6326
44d3bf237a20f5d36a663aedd4a909a6118e6e35d6fe84971861f5638c070ecd
GET /ph-new/assets/4.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 13611
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-352b"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/5.jpg
116.202.184.109200 OK 12 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/5.jpg
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data
Hash 113d196991f086fe21f82ee35286eddc
093b74a20c8902f13be1ee735f90a93e397227f9
34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1
GET /ph-new/assets/5.jpg HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: image/jpeg
content-length: 11713
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
etag: "63b80e80-2dc1"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
116.202.184.109200 OK 62 kB URL User Request GET HTTP/2 fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: text/html
last-modified: Mon, 13 Mar 2023 13:25:22 GMT
vary: Accept-Encoding
etag: W/"640f2442-f3ae"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/style.css
116.202.184.109200 OK 24 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/style.css
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type ASCII text, with CRLF line terminators
Hash 807d696b86114245f8eda3dce43f61ff
6d65ffaf8ec2107db8f1d29c410f152a8b809a56
7524af6d5f36df3e5d5c8148bc63e3956de050fa262fc0589e2a58dc606977bc
GET /ph-new/assets/style.css HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: text/css
last-modified: Fri, 06 Jan 2023 12:05:20 GMT
vary: Accept-Encoding
etag: W/"63b80e80-5f33"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2
js.pushssp.top/ps/pl.js
5.75.133.219200 OK 2.4 kB IP 5.75.133.219:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectpushssp.top
FingerprintFC:E2:D3:C9:58:A6:E4:EA:D7:55:9A:AA:E0:6D:12:C2:E7:50:CF:4F
ValidityTue, 31 Jan 2023 11:56:20 GMT - Mon, 01 May 2023 11:56:19 GMT
File type ASCII text, with very long lines (2444), with no line terminators
Hash c72537d9055f921830cc916387a2b9b3
bcb348af5af8c2136f47dc8ccc9b592cc5bad9e1
95ce4369286d610f5d1d889ed685dc58e494ceebbf894074585ac88a42cdb3dc
GET /ps/pl.js HTTP/1.1
Host: js.pushssp.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
116.202.184.109200 OK 62 kB URL GET HTTP/2 fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: text/html
last-modified: Mon, 13 Mar 2023 13:25:22 GMT
vary: Accept-Encoding
etag: W/"640f2442-f3ae"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2
fly.windguard.top/ph-new/assets/trls.js
116.202.184.109200 OK 7.7 kB URL GET HTTP/2 fly.windguard.top/ph-new/assets/trls.js
IP 116.202.184.109:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectwindguard.top
FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C
ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT
File type Unicode text, UTF-8 text, with very long lines (7721), with no line terminators
Hash 7a2a905a3bd420ff4f6ec8936830a2fb
ab1e02c75845b02fc3214994f9cc044d83157e29
1cbbf7dd560f4213eb015f342387b0108b97af683b2e5ca46d1d1af4f1d60e5c
GET /ph-new/assets/trls.js HTTP/1.1
Host: fly.windguard.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: application/javascript
last-modified: Mon, 13 Mar 2023 13:25:22 GMT
vary: Accept-Encoding
etag: W/"640f2442-1e3f"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2
js.cdnpsh.com/ps/ps.js?&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom
5.75.133.219200 OK 23 kB URL GET HTTP/2 js.cdnpsh.com/ps/ps.js?&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom
IP 5.75.133.219:443
ASN #24940 Hetzner Online GmbH
Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#
Certificate IssuerLet's Encrypt
Subjectcdnpsh.com
Fingerprint70:66:F3:14:EA:86:02:81:C9:F7:5B:AF:B7:58:FE:69:7C:F4:E2:51
ValidityMon, 20 Feb 2023 09:54:43 GMT - Sun, 21 May 2023 09:54:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ps/ps.js?&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom HTTP/1.1
Host: js.cdnpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fly.windguard.top/
Cookie: __psu=c08a221d-110f-49d0-8064-e62176a3c4e6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 09 Apr 2023 06:08:23 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2