Report - www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109

Report Overview

Submitted URL
www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109
IP
185.53.179.170
ASN
#61969 Team Internet AG
Submitted
2023-04-09 06:08:34
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www2.megawebdeals.com	unknown	2012-06-24	2023-04-08	3.1 kB	4.1 kB	185.53.179.170
ishku-wbq.com	unknown	2023-03-24	2023-04-08	1.7 kB	4.0 kB	54.204.83.105
go.proffering.xyz	unknown	2022-06-08	2023-04-08	613 B	1.2 kB	20.113.67.50
fly.windguard.top	unknown	2023-03-31	2023-04-08	20 kB	680 kB	116.202.184.109
ocsp.pki.goog	175	2018-07-01	2023-04-08	666 B	1.4 kB	142.250.74.131
js.pushssp.top	unknown	2022-12-22	2023-04-08	395 B	2.7 kB	5.75.133.219
d38psrni17bvxu.cloudfront.net	unknown	2022-09-22	2023-04-08	336 B	1.5 kB	54.230.245.22
qwfuu.chainbelt.top	unknown	2023-02-27	2023-04-08	594 B	588 B	5.75.133.219
feed.cdnpsh.com	unknown	2022-12-21	2023-04-08	438 B	15 kB	5.75.133.219
www.gstatic.com	unknown	2016-07-26	2023-04-08	1.3 kB	31 kB	216.58.211.3
js.cdnpsh.com	unknown	2023-02-09	2023-04-08	559 B	23 kB	5.75.133.219

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-04-09 06:08:20	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	Size	First Seen	Last Seen
	www.gstatic.com/firebasejs/8.4.1/firebase-app.js	21 kB	2023-03-07	2024-07-25
Pretty URL www.gstatic.com/firebasejs/8.4.1/firebase-app.js IP 216.58.211.3 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-07-25 14:14:34 Times Seen5558 Hash e20da9cfaabf0b23d89c2335c06e2b03 b1af5616825acaba44bd714bd2685327abe896fd d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2 Loading...

	fly.windguard.top/ph-new/assets/trls.js	8.4 kB	2023-04-05	2023-04-10
Pretty URL fly.windguard.top/ph-new/assets/trls.js IP 116.202.184.109 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 06:42:19 Last Seen2023-04-10 01:47:41 Times Seen12 Hash c0e905f4af0e12b998844495d377df03 755bd8a94cc6f196e6f88dbcf8fd638ec3105f41 75f40ee079c83aca4f99ce3b792005ad7ca75394847bce87a353135ca03a45dd Loading...

	js.pushssp.top/ps/pl.js	2.4 kB	2023-04-06	2023-04-10
Pretty URL js.pushssp.top/ps/pl.js IP 5.75.133.219 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 13:20:35 Last Seen2023-04-10 06:42:48 Times Seen21 Hash d0e9b5107b5c75462de346fd49d591d1 ae731f4cecc538805b373cf7ba506c9ae9dcf8e5 7f38e37fca40f75b6d16f9387355b6cf816711b0ceab1358181d8e6ac98cf65b Loading...

	fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801#	729 B	2023-03-14	2023-09-24
Pretty URL fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 02:26:35 Last Seen2023-09-24 16:14:57 Times Seen104 Hash 66048a9b7642020b7a52f06548b99790 3a332204f52a78a05655777f60019a1a22238ed5 87be877ea413ae120b374bf18bb2780c1d48b5d1b6753177de0cab30c3af7aa9 Loading...

	js.cdnpsh.com/ps/ps.js?&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom	23 kB	2023-04-09	2023-04-09
Pretty URL js.cdnpsh.com/ps/ps.js?&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom IP 5.75.133.219 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-09 08:08:34 Last Seen2023-04-09 08:08:34 Times Seen1 Hash 3efb2ef37b06fe402eaf30b08fe5690c e35ca014b8311173de125e9dd13c78fba5eb1934 ae00b94374505e055df9a5c2d2cceebb3be79eb6367ee9ea25c5e068e0440053 Loading...

	feed.cdnpsh.com/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA	372 B	2023-04-05	2023-04-10
Pretty URL feed.cdnpsh.com/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA IP 5.75.133.219 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 06:42:19 Last Seen2023-04-10 14:07:54 Times Seen30 Hash 0d8bb9468ccd0b8f1990cb60dc0f998c d2f3a8c4ad1230f67888f50bf9f43680d29e3a27 3d40180c72c2a9e9e50b9224eca106bde9f52c8268a56b926f7fad06bc10522c Loading...

	www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js	41 kB	2023-03-07	2024-07-25
Pretty URL www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js IP 216.58.211.3 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:55 Last Seen2024-07-25 14:14:34 Times Seen7468 Hash a498cb0f91ef52cc08969e1737b34638 c0e12b338ca7adea31b105546fde021edecbfc3c a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7 Loading...

HTTP Transactions (53)

	URL	IP	Response	Size
	www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109	185.53.179.170		1.4 kB
URL www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109 IP 185.53.179.170:0 ASN #61969 Team Internet AG File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (385) Size 1.4 kB (1369 bytes) Hash 71ff0955f7c35fa9e39f5ef844405eb7 ec0ca35c09d647cac94c646e7e22fba8b8db9095 ae757b5965686d052d079baf99791c3c233b36b0cbceff3827dc5e0e8354cba6 HTTP Headers `GET /search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109 HTTP/1.1 Host: www2.megawebdeals.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 200 OK Server: nginx Date: Sun, 09 Apr 2023 06:08:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Redirect: zeropark_zeroclick X-Buckets: bucket011 X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_C0eDv+v0hZ2tGqj0dVliuUefk9wBXSDfoYilMsjeKKxcwKNBRJK7XB3ckzdiQZiXqywzCwEY9Cva7p3/hc66jw== X-Template: tpl_CleanPeppermintBlack_twoclick X-Language: norwegian Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 X-Domain: megawebdeals.com X-Subdomain: www2 Content-Encoding: gzip

	d38psrni17bvxu.cloudfront.net/scripts/js3.js	54.230.245.22		1.1 kB
URL d38psrni17bvxu.cloudfront.net/scripts/js3.js IP 54.230.245.22:0 ASN #16509 AMAZON-02 File type ASCII text, with very long lines (468) Size 1.1 kB (1096 bytes) Hash a66b149a7ebc798955373415d683f32a 15ceaba8cfae8368600620ae97aa26ae7331d626 036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9 HTTP Headers `GET /scripts/js3.js HTTP/1.1 Host: d38psrni17bvxu.cloudfront.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www2.megawebdeals.com/ Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/javascript Content-Length: 1096 Connection: keep-alive Server: nginx Date: Sun, 09 Apr 2023 04:13:01 GMT Last-Modified: Mon, 23 Jan 2023 11:12:07 GMT Accept-Ranges: bytes ETag: "63ce6b87-448" X-Cache: Hit from cloudfront Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront) X-Amz-Cf-Pop: OSL50-P1 X-Amz-Cf-Id: T0IBA3iiWlCA0YhI2lqI2iht4vj1e4EyLSgZstzp1fO3A-Tbuibldw== Age: 6918`

	www2.megawebdeals.com/track.php?domain=megawebdeals.com&toggle=browserjs&uid=MTY4MTAyMDQ5OC44NDc3OjMyNGM3NmFlZWFkOGY4ZTkzY2Q0ZmYxOWE2YmQ0NDZlMjY4YzIwMmVlNzcxZDE0ZTVmMzU5MGJmYjhjODhkNTI6NjQzMjU2NTJjZWY1NA%3D%3D	185.53.179.170		20 B
URL www2.megawebdeals.com/track.php?domain=megawebdeals.com&toggle=browserjs&uid=MTY4MTAyMDQ5OC44NDc3OjMyNGM3NmFlZWFkOGY4ZTkzY2Q0ZmYxOWE2YmQ0NDZlMjY4YzIwMmVlNzcxZDE0ZTVmMzU5MGJmYjhjODhkNTI6NjQzMjU2NTJjZWY1NA%3D%3D IP 185.53.179.170:0 ASN #61969 Team Internet AG File type data Size 20 B (20 bytes) Hash a4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf HTTP Headers GET /track.php?domain=megawebdeals.com&toggle=browserjs&uid=MTY4MTAyMDQ5OC44NDc3OjMyNGM3NmFlZWFkOGY4ZTkzY2Q0ZmYxOWE2YmQ0NDZlMjY4YzIwMmVlNzcxZDE0ZTVmMzU5MGJmYjhjODhkNTI6NjQzMjU2NTJjZWY1NA%3D%3D HTTP/1.1 Host: www2.megawebdeals.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109 Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Server: nginx Date: Sun, 09 Apr 2023 06:08:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Custom-Track: browserjs Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 Access-Control-Allow-Origin: * Content-Encoding: gzip`

	www2.megawebdeals.com/ls.php?t=64325653&token=1e66279a05e1b12d2cf6dd01612fc49ab927bbac	185.53.179.170		16 B
URL www2.megawebdeals.com/ls.php?t=64325653&token=1e66279a05e1b12d2cf6dd01612fc49ab927bbac IP 185.53.179.170:0 ASN #61969 Team Internet AG File type JSON data\012- , ASCII text, with no line terminators Size 16 B (16 bytes) Hash 7363e85fe9edee6f053a4b319588c086 a15e2127145548437173fc17f3e980e3f3dee2d0 c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97 HTTP Headers `GET /ls.php?t=64325653&token=1e66279a05e1b12d2cf6dd01612fc49ab927bbac HTTP/1.1 Host: www2.megawebdeals.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109 Pragma: no-cache Cache-Control: no-cache` HTTP/1.1 201 Created Server: nginx Date: Sun, 09 Apr 2023 06:08:20 GMT Content-Type: text/javascript;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 X-Log-Success: 64325654597e1406b810d02d Charset: utf-8 Access-Control-Allow-Origin: Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Max-Age: 86400 X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_YzkoQaxSwmOoL8dE8H2+Sb6JxXakIvAMS9VDHdtJ5tNwHvV4JJRFK8hX7dwR5Rh3xW7py2Mjpvvo1GovZxh5CQ==

	www2.megawebdeals.com/favicon.ico	185.53.179.170		0 B
URL www2.megawebdeals.com/favicon.ico IP 185.53.179.170:0 ASN #61969 Team Internet AG File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: www2.megawebdeals.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Date: Sun, 09 Apr 2023 06:08:20 GMT Content-Type: image/x-icon Content-Length: 0 Connection: keep-alive Last-Modified: Tue, 12 May 2020 14:25:52 GMT ETag: "5ebab1f0-0" Accept-Ranges: bytes`

	www2.megawebdeals.com/track.php?click=7d905f613654ea9b70e255b7bdd643a73d525fe6&domain=megawebdeals.com&uid=MTY4MTAyMDQ5OC44NDc3OjMyNGM3NmFlZWFkOGY4ZTkzY2Q0ZmYxOWE2YmQ0NDZlMjY4YzIwMmVlNzcxZDE0ZTVmMzU5MGJmYjhjODhkNTI6NjQzMjU2NTJjZWY1NA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NDMyNTY1MmNlZjNhfHx8MTY4MTAyMDQ5OS4xNjk3fDRjZmFjMzk1OTQ1YjJhOGMzNDBjYWRkZjZiYjBiYjhjMTllYjE0MzR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXwxZTY2Mjc5YTA1ZTFiMTJkMmNmNmRkMDE2MTJmYzQ5YWI5MjdiYmFjfDB8ZHAtdGVhbWludGVybmV0MDdfM3BofDB8MA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off	185.53.179.170		20 B
URL www2.megawebdeals.com/track.php?click=7d905f613654ea9b70e255b7bdd643a73d525fe6&domain=megawebdeals.com&uid=MTY4MTAyMDQ5OC44NDc3OjMyNGM3NmFlZWFkOGY4ZTkzY2Q0ZmYxOWE2YmQ0NDZlMjY4YzIwMmVlNzcxZDE0ZTVmMzU5MGJmYjhjODhkNTI6NjQzMjU2NTJjZWY1NA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NDMyNTY1MmNlZjNhfHx8MTY4MTAyMDQ5OS4xNjk3fDRjZmFjMzk1OTQ1YjJhOGMzNDBjYWRkZjZiYjBiYjhjMTllYjE0MzR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXwxZTY2Mjc5YTA1ZTFiMTJkMmNmNmRkMDE2MTJmYzQ5YWI5MjdiYmFjfDB8ZHAtdGVhbWludGVybmV0MDdfM3BofDB8MA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off IP 185.53.179.170:0 ASN #61969 Team Internet AG File type data Size 20 B (20 bytes) Hash a4745abc5e7fdb89cc6df3069f3c6e69 74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf HTTP Headers GET /track.php?click=7d905f613654ea9b70e255b7bdd643a73d525fe6&domain=megawebdeals.com&uid=MTY4MTAyMDQ5OC44NDc3OjMyNGM3NmFlZWFkOGY4ZTkzY2Q0ZmYxOWE2YmQ0NDZlMjY4YzIwMmVlNzcxZDE0ZTVmMzU5MGJmYjhjODhkNTI6NjQzMjU2NTJjZWY1NA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NDMyNTY1MmNlZjNhfHx8MTY4MTAyMDQ5OS4xNjk3fDRjZmFjMzk1OTQ1YjJhOGMzNDBjYWRkZjZiYjBiYjhjMTllYjE0MzR8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXwxZTY2Mjc5YTA1ZTFiMTJkMmNmNmRkMDE2MTJmYzQ5YWI5MjdiYmFjfDB8ZHAtdGVhbWludGVybmV0MDdfM3BofDB8MA%3D%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off HTTP/1.1 Host: www2.megawebdeals.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www2.megawebdeals.com/search.php?q=1234.1027.280.4096.0.0cba80d800ff59421fdcc78d2d589a16ff66da063b1a830451ce5339f4efb8e9.1.47380109 Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Server: nginx Date: Sun, 09 Apr 2023 06:08:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-View-Match: true Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile Accept-CH-Lifetime: 30 Access-Control-Allow-Origin: * Content-Encoding: gzip`

	ishku-wbq.com/zcvisitor/ec8a4402-d69c-11ed-be0e-12ec9d2994b7/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97	54.204.83.105		1.1 kB
URL ishku-wbq.com/zcvisitor/ec8a4402-d69c-11ed-be0e-12ec9d2994b7/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97 IP 54.204.83.105:0 ASN #14618 AMAZON-AES File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size 1.1 kB (1098 bytes) Hash 08a027475716bb901ada9fcddefc34c3 25127405218ca9375421f440b4940695dd3b9c66 e6169b421572032977295f19752b1a8716748e0617b294ce2d75b6817eb18520 HTTP Headers GET /zcvisitor/ec8a4402-d69c-11ed-be0e-12ec9d2994b7/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97 HTTP/1.1 Host: ishku-wbq.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://www2.megawebdeals.com/ Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 Date: Sun, 09 Apr 2023 06:08:20 GMT Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Cache-Control: no-store, no-cache, pre-check=0, post-check=0 content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,POST,OPTIONS Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag Server: XolaYZjt

	ishku-wbq.com/zcredirect?visitid=ec8a4402-d69c-11ed-be0e-12ec9d2994b7&type=js&browserWidth=1152&browserHeight=901&iframeDetected=false&webdriverDetected=false	54.204.83.105		464 B
URL ishku-wbq.com/zcredirect?visitid=ec8a4402-d69c-11ed-be0e-12ec9d2994b7&type=js&browserWidth=1152&browserHeight=901&iframeDetected=false&webdriverDetected=false IP 54.204.83.105:0 ASN #14618 AMAZON-AES File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text Size 464 B (464 bytes) Hash e1dafd8c17ae37be2806e4a7ebebfc17 5cdbbbc7d2607e46e34a42462b985467ae6bd8aa 1ab4cb777b57bbd3f1c5eac5138103c2271464ec3a44bed723deac8418a781ec HTTP Headers GET /zcredirect?visitid=ec8a4402-d69c-11ed-be0e-12ec9d2994b7&type=js&browserWidth=1152&browserHeight=901&iframeDetected=false&webdriverDetected=false HTTP/1.1 Host: ishku-wbq.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://ishku-wbq.com/zcvisitor/ec8a4402-d69c-11ed-be0e-12ec9d2994b7/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=e1920750-cd68-11ed-857c-0a918cbcbb97 Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 Date: Sun, 09 Apr 2023 06:08:20 GMT Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Cache-Control: no-store, no-cache, pre-check=0, post-check=0 content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,POST,OPTIONS Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag redirected: JS Server: VRFNOpii

	ishku-wbq.com/favicon.ico	54.204.83.105		653 B
URL ishku-wbq.com/favicon.ico IP 54.204.83.105:0 ASN #14618 AMAZON-AES File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators Size 653 B (653 bytes) Hash ba2732b1b2fa2626ffaa15f62f9e7d66 203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe 879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: ishku-wbq.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://ishku-wbq.com/zcredirect?visitid=ec8a4402-d69c-11ed-be0e-12ec9d2994b7&type=js&browserWidth=1152&browserHeight=901&iframeDetected=false&webdriverDetected=false Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 404 Date: Sun, 09 Apr 2023 06:08:20 GMT Content-Type: text/html;charset=utf-8 Content-Length: 653 Connection: keep-alive Cache-Control: no-store, no-cache, pre-check=0, post-check=0 content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' Content-Language: en Server: pTZyLxuj`

	go.proffering.xyz/15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=delta-ads-k8e57xm7d9&cost=0.001200&external_id=NON-ADULT	20.113.67.50		304 B
URL go.proffering.xyz/15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=delta-ads-k8e57xm7d9&cost=0.001200&external_id=NON-ADULT IP 20.113.67.50:0 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK File type HTML document, ASCII text, with very long lines (304), with no line terminators Size 304 B (304 bytes) Hash 5aeb9bd69a17fee5e0ea1ab0b47d3e0c 92a95b27e334fb34d03bf3a9d10880857f3078da 7397747b8c4b41e3a7a926c631cb833c227542ccce25e2e663b6fbac4fc7ef3c HTTP Headers GET /15GUIL?zoneid=lateritious-falcon&campaignid=2069719&target=delta-ads-k8e57xm7d9&cost=0.001200&external_id=NON-ADULT HTTP/1.1 Host: go.proffering.xyz User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: http://ishku-wbq.com/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 302 Found Server: nginx/1.23.0 Date: Sun, 09 Apr 2023 06:08:21 GMT Content-Type: text/html; charset=utf-8 Content-Length: 304 Connection: keep-alive X-Powered-By: Express Set-Cookie: 15GUILo=20230409091681020636248; domain=.go.proffering.xyz; path=/;expires=Mon, 10 Apr 2023 06:08:20 GMT; httpOnly=true;SameSite=None; Secure; _pc_lc_id=15GUIL; domain=.go.proffering.xyz; path=/;expires=Mon, 10 Apr 2023 06:08:20 GMT; httpOnly=true;SameSite=None; Secure; peerclickcid=717ff48ca52422e1df0fa9a24991667f-11246-0409; domain=.go.proffering.xyz; path=/;expires=Mon, 10 Apr 2023 06:08:21 GMT; httpOnly=true;SameSite=None; Secure; _norg=1; domain=.go.proffering.xyz; path=/;expires=Mon, 10 Apr 2023 06:08:21 GMT; httpOnly=true;SameSite=None; Secure; Location: https://qwfuu.chainbelt.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409 Vary: Accept

	qwfuu.chainbelt.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409	5.75.133.219		0 B
URL qwfuu.chainbelt.top/?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409 IP 5.75.133.219:0 ASN #24940 Hetzner Online GmbH File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /?pl=W7-lkuObDEWXzHM4LgqUhA&sub_id=parkdom&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409 HTTP/1.1 Host: qwfuu.chainbelt.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://ishku-wbq.com/ Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found server: nginx date: Sun, 09 Apr 2023 06:08:21 GMT content-length: 0 location: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 set-cookie: W7-lkuObDEWXzHM4LgqUhA=19; max-age=345600; path=/; samesite=lax __pl=c99ac462-05ac-4557-86fd-1814028d143e; expires=Wed, 09 Apr 2025 06:08:21 GMT; path=/; samesite=lax __cap=1; max-age=3600; path=/; samesite=lax cache-control: max-age=0, no-cache, no-store, must-revalidate X-Firefox-Spdy: h2

	fly.windguard.top/ph-new/assets/thumb-big.jpg	116.202.184.109	200 OK	83 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/thumb-big.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data Size 83 kB (82623 bytes) Hash cb5cedbae6d67e62dc9fde274b7f7dbe f31d7811c4b6e50ae053f315152366501a8b6002 deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788 HTTP Headers GET /ph-new/assets/thumb-big.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: image/jpeg content-length: 82623 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-142bf" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/favicon.ico	116.202.184.109	204 No Content	0 B
URL GET HTTP/2 fly.windguard.top/favicon.ico IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /favicon.ico HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 204 No Content server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT strict-transport-security: max-age=63072000 X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-1.jpg	116.202.184.109	200 OK	14 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-1.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 14 kB (14404 bytes) Hash b2abcc52b7bf315893f6751d5fc7875e 5997c599c5e6c408b9019159f4608026a78223cf 098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47 HTTP Headers GET /ph-new/assets/rec-1.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: image/jpeg content-length: 14404 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-3844" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-2.jpg	116.202.184.109	200 OK	11 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-2.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 11 kB (10890 bytes) Hash dbe1dba764a2ef20cf6760ad30539988 e14dca406d4f5932a9a4683635bbdf87def79eba b0fe8ace388ec8556bcdd46cd30a03ddaadcf80d124e9052f2a19a27061829f7 HTTP Headers GET /ph-new/assets/rec-2.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: image/jpeg content-length: 10890 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-2a8a" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-3.jpg	116.202.184.109	200 OK	15 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-3.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 15 kB (15217 bytes) Hash 4d58cecaa4f40c979917c8e4d907033f f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c 9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996 HTTP Headers GET /ph-new/assets/rec-3.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: image/jpeg content-length: 15217 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-3b71" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-4.jpg	116.202.184.109	200 OK	8.9 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-4.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 8.9 kB (8900 bytes) Hash 8375f2a1249ce00f118c5b616ab71492 4e2d3bc095c01632578b0b39afbfc03f43e3fa42 f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483 HTTP Headers GET /ph-new/assets/rec-4.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: image/jpeg content-length: 8900 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-22c4" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-5.jpg	116.202.184.109	200 OK	13 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-5.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 13 kB (13149 bytes) Hash f9ec603fbe19b12e8a8c1874eea3e5f2 0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9 a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02 HTTP Headers GET /ph-new/assets/rec-5.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: image/jpeg content-length: 13149 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-335d" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-6.jpg	116.202.184.109	200 OK	16 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-6.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 16 kB (15988 bytes) Hash 4887925f773d2ba9caea39686f764c7f 98c9abb09854fee425dbd78ad623af053cec6721 6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773 HTTP Headers GET /ph-new/assets/rec-6.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: image/jpeg content-length: 15988 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-3e74" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-7.jpg	116.202.184.109	200 OK	14 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-7.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 14 kB (13963 bytes) Hash f8af6bb4bdbbf2788da61a614e2f214e d4a22a315356fcbc5f4a6af2d8a15e96721abddc edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc HTTP Headers GET /ph-new/assets/rec-7.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: image/jpeg content-length: 13963 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-368b" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-8.jpg	116.202.184.109	200 OK	13 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-8.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 13 kB (12992 bytes) Hash eb826882457e1589d8a7d3b3499c4556 91284882dec199a9cc02ffa3ef3c86505159ce12 4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940 HTTP Headers GET /ph-new/assets/rec-8.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: image/jpeg content-length: 12992 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-32c0" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	feed.cdnpsh.com/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA	5.75.133.219	200 OK	15 kB
URL GET HTTP/2 feed.cdnpsh.com/ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA IP 5.75.133.219:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectcdnpsh.com Fingerprint70:66:F3:14:EA:86:02:81:C9:F7:5B:AF:B7:58:FE:69:7C:F4:E2:51 ValidityMon, 20 Feb 2023 09:54:43 GMT - Sun, 21 May 2023 09:54:42 GMT File type data Size 15 kB (14653 bytes) Hash 10621f80356683e82adef4d5b0d4c5e5 3a0e8b5a6afca79bfc392c739d2f26e3ca5f3b2f 18ddb7ebfc03aebafee25ee96ef0530b6e8ee13c651b11195f5374cc205151d7 HTTP Headers `GET /ps/config.js?id=W7-lkuObDEWXzHM4LgqUhA HTTP/1.1 Host: feed.cdnpsh.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: application/javascript vary: Accept-Encoding set-cookie: __psu=e43c05bb-0262-4a4e-92d5-c510794ee7e6; expires=Wed, 09 Apr 2025 06:08:22 GMT; path=/; secure; samesite=none cache-control: max-age=0, no-cache, no-store, must-revalidate content-encoding: gzip X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/2.jpg	116.202.184.109	200 OK	21 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/2.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 21 kB (21253 bytes) Hash c3f3eb5d00c73ac19828309a4cde4e96 be66f4e10a00d90a0f8fdc0a5a4dbd19c143d97d 626b570f2ffdf83add77f51246ccb195fec4c15e4289173b8183cd47e7cfd763 HTTP Headers GET /ph-new/assets/2.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: image/jpeg content-length: 21253 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-5305" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/3.jpg	116.202.184.109	200 OK	11 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/3.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 11 kB (11094 bytes) Hash 3f9b232e4a112a89dedcae34ff319dda 5c633886ceeaf3b1185e24253df6be39378c8e85 55fddecdb3ed8e536018523555d995f39f85304bbc00f65ab96472236b57a49a HTTP Headers GET /ph-new/assets/3.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: image/jpeg content-length: 11094 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-2b56" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/4.jpg	116.202.184.109	200 OK	14 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/4.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 14 kB (13611 bytes) Hash a4bef91e21afc13fed7f0bebcc6c4495 5dd2288d13e016a66fbe1f5605b2ed0fc3ad6326 44d3bf237a20f5d36a663aedd4a909a6118e6e35d6fe84971861f5638c070ecd HTTP Headers GET /ph-new/assets/4.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: image/jpeg content-length: 13611 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-352b" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/5.jpg	116.202.184.109	200 OK	12 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/5.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 12 kB (11713 bytes) Hash 113d196991f086fe21f82ee35286eddc 093b74a20c8902f13be1ee735f90a93e397227f9 34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1 HTTP Headers GET /ph-new/assets/5.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: image/jpeg content-length: 11713 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-2dc1" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	ocsp.pki.goog/gts1c3	142.250.74.131		471 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash 0c3b0b20c5a2c7b818da43e38478e8f9 d4f4312a880db2ed8a860d539c97f048f8577203 b1d4370b03059fea7e74e1b4539c68422291ffb6bfccc018bbe4fa3d0576f76d HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sun, 09 Apr 2023 06:08:22 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	www.gstatic.com/firebasejs/8.4.1/firebase-app.js	216.58.211.3	200 OK	6.8 kB
URL GET HTTP/3 www.gstatic.com/firebasejs/8.4.1/firebase-app.js IP 216.58.211.3:443 ASN #15169 GOOGLE Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22 ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT File type ASCII text, with very long lines (21158) Size 6.8 kB (6763 bytes) Hash cc9770d1cd023f5acf160f83840856fe 3b9c4a75943e3101e25a612ff975d03e9ef6f5ab 6b37f2d363f4b788f0b1473c7f51522bd85fe319ac39e7fb1c70aceaf35fe42e HTTP Headers `GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1 Host: www.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js" report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]} content-length: 6763 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Fri, 07 Apr 2023 18:05:17 GMT expires: Sat, 06 Apr 2024 18:05:17 GMT cache-control: public, max-age=31536000 age: 129785 last-modified: Tue, 13 Apr 2021 06:56:11 GMT content-type: text/javascript; charset=UTF-8 vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	142.250.74.131		471 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash 0c3b0b20c5a2c7b818da43e38478e8f9 d4f4312a880db2ed8a860d539c97f048f8577203 b1d4370b03059fea7e74e1b4539c68422291ffb6bfccc018bbe4fa3d0576f76d HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sun, 09 Apr 2023 06:08:22 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js	216.58.211.3	200 OK	11 kB
URL GET HTTP/3 www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js IP 216.58.211.3:443 ASN #15169 GOOGLE Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22 ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT File type ASCII text, with very long lines (40976) Size 11 kB (10908 bytes) Hash 65fc850cb32508517dcbc63b09aa7909 b6a0811a047ac43a061b326c424e57e3b125eaee cb0497203016e7af18b3989110eaca26fed09c7c2e1ae0fda9a159b6784f69d5 HTTP Headers `GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1 Host: www.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js" report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]} content-length: 10908 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Sat, 08 Apr 2023 18:19:30 GMT expires: Sun, 07 Apr 2024 18:19:30 GMT cache-control: public, max-age=31536000 last-modified: Tue, 13 Apr 2021 06:56:17 GMT content-type: text/javascript; charset=UTF-8 vary: Accept-Encoding age: 42532 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fly.windguard.top/ph-new/assets/thumb-big.jpg	116.202.184.109	200 OK	83 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/thumb-big.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1237x691, components 3\012- data Size 83 kB (82623 bytes) Hash cb5cedbae6d67e62dc9fde274b7f7dbe f31d7811c4b6e50ae053f315152366501a8b6002 deaddba93625d2c7610076927fcd37afadad9324ca3210a2bb12784d313dd788 HTTP Headers GET /ph-new/assets/thumb-big.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 82623 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-142bf" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/favicon.ico	116.202.184.109	204 No Content	0 B
URL GET HTTP/2 fly.windguard.top/favicon.ico IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /favicon.ico HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 204 No Content server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT strict-transport-security: max-age=63072000 X-Firefox-Spdy: h2`

	fly.windguard.top/sw-cd58b1ff42f27c13b4b3a3385217f176.js	116.202.184.109		7.7 kB
URL fly.windguard.top/sw-cd58b1ff42f27c13b4b3a3385217f176.js IP 116.202.184.109:0 ASN #24940 Hetzner Online GmbH Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type ASCII text, with very long lines (21160) Size 7.7 kB (7697 bytes) Hash 1602a84083e1da740c3e49f4fcba12cc 48f7b76ca70a968d2dce3df950432bdb37b93793 b9a2f87d2ee2a9d6f951962b36704abd9d9ceb02f20d81fcf4a16051322bd984 HTTP Headers `GET /sw-cd58b1ff42f27c13b4b3a3385217f176.js HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Service-Worker: script Connection: keep-alive Sec-Fetch-Dest: serviceworker Sec-Fetch-Mode: same-origin Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:22 GMT content-type: application/javascript last-modified: Thu, 17 Feb 2022 13:24:13 GMT vary: Accept-Encoding etag: W/"620e4c7d-954" strict-transport-security: max-age=63072000 content-encoding: gzip X-Firefox-Spdy: h2`

	www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js	216.58.211.3	200 OK	11 kB
URL GET HTTP/3 www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js IP 216.58.211.3:443 ASN #15169 GOOGLE Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com Fingerprint76:06:6A:AA:FB:72:F8:BA:90:67:2F:91:97:14:FB:68:D0:65:E9:22 ValidityMon, 20 Mar 2023 08:25:51 GMT - Mon, 12 Jun 2023 08:25:50 GMT File type ASCII text, with very long lines (40976) Size 11 kB (10908 bytes) Hash 65fc850cb32508517dcbc63b09aa7909 b6a0811a047ac43a061b326c424e57e3b125eaee cb0497203016e7af18b3989110eaca26fed09c7c2e1ae0fda9a159b6784f69d5 HTTP Headers `GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1 Host: www.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Alt-Used: www.gstatic.com Connection: keep-alive Referer: https://fly.windguard.top/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK accept-ranges: bytes content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js" report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]} content-length: 10908 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Sat, 08 Apr 2023 18:19:30 GMT expires: Sun, 07 Apr 2024 18:19:30 GMT cache-control: public, max-age=31536000 last-modified: Tue, 13 Apr 2021 06:56:17 GMT content-type: text/javascript; charset=UTF-8 vary: Accept-Encoding age: 42533 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	fly.windguard.top/ph-new/assets/rec-1.jpg	116.202.184.109	200 OK	14 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-1.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 14 kB (14404 bytes) Hash b2abcc52b7bf315893f6751d5fc7875e 5997c599c5e6c408b9019159f4608026a78223cf 098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47 HTTP Headers GET /ph-new/assets/rec-1.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 14404 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-3844" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-2.jpg	116.202.184.109	200 OK	11 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-2.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 11 kB (10890 bytes) Hash dbe1dba764a2ef20cf6760ad30539988 e14dca406d4f5932a9a4683635bbdf87def79eba b0fe8ace388ec8556bcdd46cd30a03ddaadcf80d124e9052f2a19a27061829f7 HTTP Headers GET /ph-new/assets/rec-2.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 10890 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-2a8a" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-3.jpg	116.202.184.109	200 OK	15 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-3.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 15 kB (15217 bytes) Hash 4d58cecaa4f40c979917c8e4d907033f f0c6d616bcc3f4bd5a1dadbca8254d9f34f2921c 9ee7f1aecdeb64f4ce54c5d0b7ea3d92b2e9d06a7f9cb7b793e39262cda05996 HTTP Headers GET /ph-new/assets/rec-3.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 15217 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-3b71" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-4.jpg	116.202.184.109	200 OK	8.9 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-4.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 8.9 kB (8900 bytes) Hash 8375f2a1249ce00f118c5b616ab71492 4e2d3bc095c01632578b0b39afbfc03f43e3fa42 f71320d61eb339fdb7b5d20249d4f6aa6e37e22e618dc83e8459da1db3f79483 HTTP Headers GET /ph-new/assets/rec-4.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 8900 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-22c4" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-5.jpg	116.202.184.109	200 OK	13 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-5.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 13 kB (13149 bytes) Hash f9ec603fbe19b12e8a8c1874eea3e5f2 0e24410f618ffa17dc6a9380a5b9a4c06dfba4a9 a77b6918c2799981aa1a09fc5f787ff109883093f2efd28beaf79031f5a8ac02 HTTP Headers GET /ph-new/assets/rec-5.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 13149 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-335d" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-6.jpg	116.202.184.109	200 OK	16 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-6.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 16 kB (15988 bytes) Hash 4887925f773d2ba9caea39686f764c7f 98c9abb09854fee425dbd78ad623af053cec6721 6e1e474a8fc326cd06593e0c1a55d0e73126ada3bf169713b847e82d28646773 HTTP Headers GET /ph-new/assets/rec-6.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 15988 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-3e74" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-7.jpg	116.202.184.109	200 OK	14 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-7.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 14 kB (13963 bytes) Hash f8af6bb4bdbbf2788da61a614e2f214e d4a22a315356fcbc5f4a6af2d8a15e96721abddc edb8c2bdc0f5612a5bf789af233ccaa63dd3751fbfaffb01be48e6e43e78b0bc HTTP Headers GET /ph-new/assets/rec-7.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 13963 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-368b" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/rec-8.jpg	116.202.184.109	200 OK	13 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/rec-8.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 13 kB (12992 bytes) Hash eb826882457e1589d8a7d3b3499c4556 91284882dec199a9cc02ffa3ef3c86505159ce12 4fad6c5d1cd5bdb7eea1b216774e831a6e59a11ddcc8b0881747a4d278d86940 HTTP Headers GET /ph-new/assets/rec-8.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 12992 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-32c0" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/1.jpg	116.202.184.109	200 OK	14 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/1.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 14 kB (14404 bytes) Hash b2abcc52b7bf315893f6751d5fc7875e 5997c599c5e6c408b9019159f4608026a78223cf 098b2a4c2b05fc238c6eae8654ea2a3bc9d5fac7c59cb420242d405fcc83ed47 HTTP Headers GET /ph-new/assets/1.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 14404 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-3844" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/2.jpg	116.202.184.109	200 OK	21 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/2.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 21 kB (21253 bytes) Hash c3f3eb5d00c73ac19828309a4cde4e96 be66f4e10a00d90a0f8fdc0a5a4dbd19c143d97d 626b570f2ffdf83add77f51246ccb195fec4c15e4289173b8183cd47e7cfd763 HTTP Headers GET /ph-new/assets/2.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 21253 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-5305" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/3.jpg	116.202.184.109	200 OK	11 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/3.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 11 kB (11094 bytes) Hash 3f9b232e4a112a89dedcae34ff319dda 5c633886ceeaf3b1185e24253df6be39378c8e85 55fddecdb3ed8e536018523555d995f39f85304bbc00f65ab96472236b57a49a HTTP Headers GET /ph-new/assets/3.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 11094 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-2b56" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/4.jpg	116.202.184.109	200 OK	14 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/4.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 14 kB (13611 bytes) Hash a4bef91e21afc13fed7f0bebcc6c4495 5dd2288d13e016a66fbe1f5605b2ed0fc3ad6326 44d3bf237a20f5d36a663aedd4a909a6118e6e35d6fe84971861f5638c070ecd HTTP Headers GET /ph-new/assets/4.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 13611 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-352b" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/5.jpg	116.202.184.109	200 OK	12 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/5.jpg IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x180, components 3\012- data Size 12 kB (11713 bytes) Hash 113d196991f086fe21f82ee35286eddc 093b74a20c8902f13be1ee735f90a93e397227f9 34a3bc9a7aee67e35d57d4bb0bdccf08c3639da85d2421c58f6c4a92f5eee5e1 HTTP Headers GET /ph-new/assets/5.jpg HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: image/jpeg content-length: 11713 last-modified: Fri, 06 Jan 2023 12:05:20 GMT etag: "63b80e80-2dc1" strict-transport-security: max-age=63072000 accept-ranges: bytes X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801	116.202.184.109	200 OK	62 kB
URL User Request GET HTTP/2 fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type Size 62 kB (62382 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: text/html last-modified: Mon, 13 Mar 2023 13:25:22 GMT vary: Accept-Encoding etag: W/"640f2442-f3ae" strict-transport-security: max-age=63072000 content-encoding: gzip X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/style.css	116.202.184.109	200 OK	24 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/style.css IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type ASCII text, with CRLF line terminators Size 24 kB (24371 bytes) Hash 807d696b86114245f8eda3dce43f61ff 6d65ffaf8ec2107db8f1d29c410f152a8b809a56 7524af6d5f36df3e5d5c8148bc63e3956de050fa262fc0589e2a58dc606977bc HTTP Headers GET /ph-new/assets/style.css HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: text/css last-modified: Fri, 06 Jan 2023 12:05:20 GMT vary: Accept-Encoding etag: W/"63b80e80-5f33" strict-transport-security: max-age=63072000 content-encoding: gzip X-Firefox-Spdy: h2`

	js.pushssp.top/ps/pl.js	5.75.133.219	200 OK	2.4 kB
URL GET HTTP/2 js.pushssp.top/ps/pl.js IP 5.75.133.219:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectpushssp.top FingerprintFC:E2:D3:C9:58:A6:E4:EA:D7:55:9A:AA:E0:6D:12:C2:E7:50:CF:4F ValidityTue, 31 Jan 2023 11:56:20 GMT - Mon, 01 May 2023 11:56:19 GMT File type ASCII text, with very long lines (2444), with no line terminators Size 2.4 kB (2439 bytes) Hash c72537d9055f921830cc916387a2b9b3 bcb348af5af8c2136f47dc8ccc9b592cc5bad9e1 95ce4369286d610f5d1d889ed685dc58e494ceebbf894074585ac88a42cdb3dc HTTP Headers `GET /ps/pl.js HTTP/1.1 Host: js.pushssp.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: application/javascript vary: Accept-Encoding cache-control: max-age=0, no-cache, no-store, must-revalidate content-encoding: gzip X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801	116.202.184.109	200 OK	62 kB
URL GET HTTP/2 fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type Size 62 kB (62382 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: text/html last-modified: Mon, 13 Mar 2023 13:25:22 GMT vary: Accept-Encoding etag: W/"640f2442-f3ae" strict-transport-security: max-age=63072000 content-encoding: gzip X-Firefox-Spdy: h2`

	fly.windguard.top/ph-new/assets/trls.js	116.202.184.109	200 OK	7.7 kB
URL GET HTTP/2 fly.windguard.top/ph-new/assets/trls.js IP 116.202.184.109:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectwindguard.top FingerprintFE:D3:F1:5C:49:92:61:6E:6B:53:B3:21:39:E8:8B:84:2A:13:36:9C ValidityWed, 15 Mar 2023 11:56:59 GMT - Tue, 13 Jun 2023 11:56:58 GMT File type Unicode text, UTF-8 text, with very long lines (7721), with no line terminators Size 7.7 kB (7743 bytes) Hash 7a2a905a3bd420ff4f6ec8936830a2fb ab1e02c75845b02fc3214994f9cc044d83157e29 1cbbf7dd560f4213eb015f342387b0108b97af683b2e5ca46d1d1af4f1d60e5c HTTP Headers GET /ph-new/assets/trls.js HTTP/1.1 Host: fly.windguard.top User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: application/javascript last-modified: Mon, 13 Mar 2023 13:25:22 GMT vary: Accept-Encoding etag: W/"640f2442-1e3f" strict-transport-security: max-age=63072000 content-encoding: gzip X-Firefox-Spdy: h2`

	js.cdnpsh.com/ps/ps.js?&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom	5.75.133.219	200 OK	23 kB
URL GET HTTP/2 js.cdnpsh.com/ps/ps.js?&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom IP 5.75.133.219:443 ASN #24940 Hetzner Online GmbH Requested by https://fly.windguard.top/ph-new/?pl=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom&hash=11SOb48eCGn3gR36bpCm7Q&exp=1681020801# Certificate IssuerLet's Encrypt Subjectcdnpsh.com Fingerprint70:66:F3:14:EA:86:02:81:C9:F7:5B:AF:B7:58:FE:69:7C:F4:E2:51 ValidityMon, 20 Feb 2023 09:54:43 GMT - Sun, 21 May 2023 09:54:42 GMT File type Size 23 kB (23159 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /ps/ps.js?&pl=true&id=W7-lkuObDEWXzHM4LgqUhA&sm=ph-new&click_id=717ff48ca52422e1df0fa9a24991667f-11246-0409&sub_id=parkdom HTTP/1.1 Host: js.cdnpsh.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Referer: https://fly.windguard.top/ Cookie: __psu=c08a221d-110f-49d0-8064-e62176a3c4e6 Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK server: nginx date: Sun, 09 Apr 2023 06:08:23 GMT content-type: application/javascript vary: Accept-Encoding cache-control: max-age=0, no-cache, no-store, must-revalidate content-encoding: gzip X-Firefox-Spdy: h2`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (53)

URL

IP

ASN

File type