Report - nxtpsh.com/?pl=H0anArg2BE-Tm1mXvpGzUw&click

Report Overview

Submitted URL
nxtpsh.com/?pl=H0anArg2BE-Tm1mXvpGzUw&click_id=71a7ahente2whbl035
IP
46.148.125.182
ASN
#35277 Llhost Inc. Srl
Submitted
2022-12-24 14:35:43
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
feed.cdnpsh.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	852 B	15 kB	5.75.133.219
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	407 B	12 kB	142.250.74.35
nxtpsh.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	890 B	972 B	46.148.125.182
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
js.pushssp.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	738 B	470 B	5.75.133.219
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	797 B	93.184.220.29
js.nextpsh.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	970 B	44 kB	46.148.125.182
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	343 B	699 B	142.250.74.131
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	49 kB	34.120.237.76
open.flintguard.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.3 kB	44 kB	116.202.184.109
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.41.252.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2022-12-24 14:35:31	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-24	medium	nextpsh.top	Sinkholed
2022-12-24	medium	nextpsh.top	Sinkholed

JavaScript (7)

	URL	Size	First Seen	Last Seen
	js.nextpsh.top/ps/ps.js?pl=true&id=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&sub_id=	22 kB	2023-03-12	2023-03-12
Pretty URL js.nextpsh.top/ps/ps.js?pl=true&id=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&sub_id= IP 46.148.125.182 ASN #35277 Llhost Inc. Srl Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 06:37:01 Last Seen2023-03-12 06:37:01 Times Seen1 Hash e727df77495da235880dd4188f92de75 8de1da2767667b1e14a56998fde7dde401bf41f0 0752bf78496a7fa9764290d365e9945cda4c1d906f336bebf57522a1b53ada5e Loading...

	feed.cdnpsh.com/ps/config.js?id=H0anArg2BE-Tm1mXvpGzUw	356 B	2023-03-08	2023-07-23
Pretty URL feed.cdnpsh.com/ps/config.js?id=H0anArg2BE-Tm1mXvpGzUw IP 5.75.133.219 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:40:46 Last Seen2023-07-23 07:05:10 Times Seen3 Hash 0bba2ca7f0180b1ecac227209f65d779 9a7a0029e1676be96355adb369c28be52bdb8e3f 9bd55a2b4d4726c08c72d29255063b3b5e1737b538e3266024ee0cd0b10d7c52 Loading...

	www.gstatic.com/firebasejs/8.4.1/firebase-app.js	21 kB	2023-03-07	2024-04-19
Pretty URL www.gstatic.com/firebasejs/8.4.1/firebase-app.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-19 10:37:15 Times Seen5535 Hash e20da9cfaabf0b23d89c2335c06e2b03 b1af5616825acaba44bd714bd2685327abe896fd d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2 Loading...

	www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js	41 kB	2023-03-07	2024-01-25
Pretty URL www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:55 Last Seen2024-01-25 19:24:22 Times Seen7448 Hash a498cb0f91ef52cc08969e1737b34638 c0e12b338ca7adea31b105546fde021edecbfc3c a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7 Loading...

	open.flintguard.top/play-music-video/assets/trls.js	7.7 kB	2023-03-07	2023-03-17
Pretty URL open.flintguard.top/play-music-video/assets/trls.js IP 116.202.184.109 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:15 Last Seen2023-03-17 12:45:16 Times Seen1 Hash 61d51f7a5e65d22510db57f054747db0 30ce346ad75b4b5aa75d272a3f417ff7f6147882 17bd75614de947eee2f76d7deed15fdb3c0831cf729e0d0144ad8668501de6cd Loading...

	open.flintguard.top/shared-js/assets/fnr.js	5.7 kB	2023-03-07	2023-03-26
Pretty URL open.flintguard.top/shared-js/assets/fnr.js IP 116.202.184.109 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:55 Last Seen2023-03-26 05:05:40 Times Seen38 Hash 22ef8ba3eec577f8af9b4c4d1e9e4614 d2705ecb00404029c746fd5032d6c6edaf4158a1 71e79f46be6883cb94673cb02041031b186ef525e8d4a15ae86dc4f11cdfb206 Loading...

	js.pushssp.top/ps/pl.js	2.5 kB	2023-03-09	2023-03-12
Pretty URL js.pushssp.top/ps/pl.js IP 5.75.133.219 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 07:35:28 Last Seen2023-03-12 09:49:15 Times Seen1 Hash cab6e91576cd92f022ccaaed013935e7 9801bae710b8101e7f43c17d68584a20c7b0854b 2fe4af427bd85f1934a685583b055f2d3879158886cb2e14a6f65c84a809c389 Loading...

HTTP Transactions (42)

URL IP Response Size

nxtpsh.com/?pl=H0anArg2BE-Tm1mXvpGzUw&click_id=71a7ahente2whbl035

46.148.125.182

301 Moved Permanently

162 B

URL HTTP/1.1
nxtpsh.com/?pl=H0anArg2BE-Tm1mXvpGzUw&click_id=71a7ahente2whbl035
IP
46.148.125.182:0
ASN
#35277 Llhost Inc. Srl

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /?pl=H0anArg2BE-Tm1mXvpGzUw&click_id=71a7ahente2whbl035 HTTP/1.1
Host: nxtpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 24 Dec 2022 14:35:32 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://nxtpsh.com/?pl=H0anArg2BE-Tm1mXvpGzUw&click_id=71a7ahente2whbl035
Strict-Transport-Security: max-age=15768000

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ad598540c6639aaaa344fb3ce4f3162f
b0b9f86d50de7dc23bdc7aee2f45d79a06165afc
4e9aaff330ce0c9c11f6bb8502fe21296b1845151bace75f73908a3194d5d0a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4E9AAFF330CE0C9C11F6BB8502FE21296B1845151BACE75F73908A3194D5D0A1"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2892
Expires: Sat, 24 Dec 2022 15:23:45 GMT
Date: Sat, 24 Dec 2022 14:35:33 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7e300ca7d2d586dd1ca0c185ef6b0da5
3914cfd3b7aa6e1d1117bf509319479e489ed2a4
91c8810ad137faf4393f7d15f9c619c06d124a7aaebfa21290dca614db2c7757

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91C8810AD137FAF4393F7D15F9C619C06D124A7AAEBFA21290DCA614DB2C7757"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2160
Expires: Sat, 24 Dec 2022 15:11:33 GMT
Date: Sat, 24 Dec 2022 14:35:33 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 24 Dec 2022 13:46:15 GMT
content-type: application/json
age: 2958
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f7f0ad5c2841a345f98197c2f1e86f4d
84cbfd91934a8715baba4a2da46451f35597c99c
be30540f2e06a3565c9b38bdbb9691f707d692b196bdcef5d671708aa9609795

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE30540F2E06A3565C9B38BDBB9691F707D692B196BDCEF5D671708AA9609795"
Last-Modified: Thu, 22 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9310
Expires: Sat, 24 Dec 2022 17:10:43 GMT
Date: Sat, 24 Dec 2022 14:35:33 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: WNhpnfmUw6FMnIcJsR7BRMqNSgZFYcw4U0ZgWl+RKJCml2qQbe0ZFEFvtXhWpg9Dch+f7x1E3fA=
x-amz-request-id: 85EBKBZYYM436T0A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 24 Dec 2022 13:56:37 GMT
age: 2336
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:33 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

nxtpsh.com/?pl=H0anArg2BE-Tm1mXvpGzUw&click_id=71a7ahente2whbl035

46.148.125.182

302 Found

0 B

URL HTTP/2
nxtpsh.com/?pl=H0anArg2BE-Tm1mXvpGzUw&click_id=71a7ahente2whbl035
IP
46.148.125.182:0
ASN
#35277 Llhost Inc. Srl

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=H0anArg2BE-Tm1mXvpGzUw&click_id=71a7ahente2whbl035 HTTP/1.1
Host: nxtpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
server: nginx
date: Sat, 24 Dec 2022 14:35:33 GMT
content-length: 0
location: https://open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
set-cookie: H0anArg2BE-Tm1mXvpGzUw=14; max-age=345600; path=/; samesite=lax
__pl=adb86dad-2dcb-4ad1-b832-38a272b3e07c; expires=Tue, 24 Dec 2024 14:35:33 GMT; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 24 Dec 2022 14:33:26 GMT
age: 127
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

open.flintguard.top/play-music-video/assets/icon1.png

116.202.184.109

200 OK

7.3 kB

URL HTTP/2
open.flintguard.top/play-music-video/assets/icon1.png
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
7.3 kB (7252 bytes)
Hash
3d0ab5834c8bf7134e4d21fa3288317f
c31d1a6b9df206f67ea194f4c424cdc372a423c2
0515ddd9185d263874e7b66bb6d521fcd63b857aac5fed51c08df98026dafe27

HTTP Headers

GET /play-music-video/assets/icon1.png HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:33 GMT
content-type: image/png
content-length: 7252
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-1c54"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

open.flintguard.top/play-music-video/assets/icon2.png

116.202.184.109

200 OK

4.6 kB

URL HTTP/2
open.flintguard.top/play-music-video/assets/icon2.png
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
4.6 kB (4576 bytes)
Hash
c947d439eb93367f1af5b2a3d222f057
5b4c10820d39e624bc6df72a113679da80a8e44e
aab564e67c47df65ddcb9c4eaa62cd798a51624a3fded9f9b3a1197b460a79c2

HTTP Headers

GET /play-music-video/assets/icon2.png HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:33 GMT
content-type: image/png
content-length: 4576
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-11e0"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

open.flintguard.top/play-music-video/assets/icon3.png

116.202.184.109

200 OK

7.8 kB

URL HTTP/2
open.flintguard.top/play-music-video/assets/icon3.png
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
7.8 kB (7847 bytes)
Hash
8f3cc830da0b1fdf66bda7d1d734747b
94588f041eec3a78a8780c8124c56a1434a89277
ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba

HTTP Headers

GET /play-music-video/assets/icon3.png HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:33 GMT
content-type: image/png
content-length: 7847
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-1ea7"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

open.flintguard.top/play-music-video/assets/icon4.png

116.202.184.109

200 OK

7.0 kB

URL HTTP/2
open.flintguard.top/play-music-video/assets/icon4.png
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
7.0 kB (7032 bytes)
Hash
7ad7f32c1c0df7b4975cc41bda4ac435
81d57e996ee6cd9e122592e68ffa3d55c1ba10ff
c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f

HTTP Headers

GET /play-music-video/assets/icon4.png HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:33 GMT
content-type: image/png
content-length: 7032
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-1b78"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

open.flintguard.top/play-music-video/assets/icon5.png

116.202.184.109

200 OK

3.3 kB

URL HTTP/2
open.flintguard.top/play-music-video/assets/icon5.png
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3264 bytes)
Hash
1e1a7582b5da63e10485d63f97abc9a0
ca3ee3067f96c732f455bc7c99ec5100194f13f6
196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503

HTTP Headers

GET /play-music-video/assets/icon5.png HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:33 GMT
content-type: image/png
content-length: 3264
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-cc0"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d7938ab2263405a708c44813f3e16cb8
3ba9f4363ecc2834ea1211f761ce2d04e0077ab3
8a8ef4218bcd8ecb1f12ecdb74f3f453a7093be8dd3c233615577dcc9b40fa92

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4950
Cache-Control: max-age=158026
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 14:35:33 GMT
Etag: "63a6c129-1d7"
Expires: Mon, 26 Dec 2022 10:29:19 GMT
Last-Modified: Sat, 24 Dec 2022 09:06:49 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

open.flintguard.top/play-music-video/assets/icon7.png

116.202.184.109

200 OK

3.3 kB

URL HTTP/2
open.flintguard.top/play-music-video/assets/icon7.png
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3283 bytes)
Hash
b512735542cb07b3b2dcf153a7dfe456
93bde8875412ce266600e2af1c37123483a50376
e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718

HTTP Headers

GET /play-music-video/assets/icon7.png HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:33 GMT
content-type: image/png
content-length: 3283
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-cd3"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

open.flintguard.top/play-music-video/assets/icon8.png

116.202.184.109

200 OK

4.1 kB

URL HTTP/2
open.flintguard.top/play-music-video/assets/icon8.png
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4064 bytes)
Hash
f92d6474ebc6a3a0b576749cfb4afe98
0f4ce3dcf04873b8098c01d20c44967fb9fce0cc
3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1

HTTP Headers

GET /play-music-video/assets/icon8.png HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:33 GMT
content-type: image/png
content-length: 4064
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
etag: "62d11a1d-fe0"
strict-transport-security: max-age=63072000
accept-ranges: bytes
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.41.252.32

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.41.252.32:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: bxOxg9NdigO8UvVL2YZgrw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Vou/k5YWiZrbuVOO8msKb0VERk8=

open.flintguard.top/favicon.ico

116.202.184.109

204 No Content

0 B

URL HTTP/2
open.flintguard.top/favicon.ico
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 24 Dec 2022 14:35:34 GMT
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2

js.nextpsh.top/ps/ps.js?pl=true&id=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&sub_id=

46.148.125.182

200 OK

22 kB

URL HTTP/2
js.nextpsh.top/ps/ps.js?pl=true&id=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&sub_id=
IP
46.148.125.182:0
ASN
#35277 Llhost Inc. Srl

File type
Unicode text, UTF-8 text, with very long lines (21637), with no line terminators
Size
22 kB (21878 bytes)
Hash
e727df77495da235880dd4188f92de75
8de1da2767667b1e14a56998fde7dde401bf41f0
0752bf78496a7fa9764290d365e9945cda4c1d906f336bebf57522a1b53ada5e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ps/ps.js?pl=true&id=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&sub_id= HTTP/1.1
Host: js.nextpsh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:34 GMT
content-type: application/javascript
content-length: 21878
set-cookie: __psu=e68f3c15-fbc2-4e6e-883c-7373c6a38713; expires=Tue, 24 Dec 2024 14:35:34 GMT; path=/; secure; samesite=none
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b9643a377daeefa9e867de25d84d90a4
7ab8aade6752606edfa9a6e68248fdbdca76dae8
0265378147b5eaa4ad2c4f570790b2b71b1abe8386e674c565bf0885396c04d0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 24 Dec 2022 14:35:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

feed.cdnpsh.com/ps/config.js?id=H0anArg2BE-Tm1mXvpGzUw

5.75.133.219

200 OK

7.0 kB

URL HTTP/2
feed.cdnpsh.com/ps/config.js?id=H0anArg2BE-Tm1mXvpGzUw
IP
5.75.133.219:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (21160), with CRLF, LF line terminators
Size
7.0 kB (7012 bytes)
Hash
55c9a4dc7626532992a338bb2d5de149
d2933a9286372891b65e2b155581af5c37473598
f82f12527a0de2abd44c047cb99618014ee4494c1410d890262342eee1308427

HTTP Headers

GET /ps/config.js?id=H0anArg2BE-Tm1mXvpGzUw HTTP/1.1
Host: feed.cdnpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:34 GMT
content-type: application/javascript
vary: Accept-Encoding
set-cookie: __psu=460f3468-a358-4eae-839e-45c0ce3ba70f; expires=Tue, 24 Dec 2024 14:35:34 GMT; path=/; secure; samesite=none
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

200 OK

11 kB

URL HTTP/2
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
65fc850cb32508517dcbc63b09aa7909
b6a0811a047ac43a061b326c424e57e3b125eaee
cb0497203016e7af18b3989110eaca26fed09c7c2e1ae0fda9a159b6784f69d5

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Dec 2022 13:37:31 GMT
expires: Thu, 21 Dec 2023 13:37:31 GMT
cache-control: public, max-age=31536000
age: 262683
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

open.flintguard.top/shared-js/assets/fnr.js

116.202.184.109

200 OK

2.7 kB

URL HTTP/2
open.flintguard.top/shared-js/assets/fnr.js
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
2.7 kB (2725 bytes)
Hash
d56a26fa29e4679d1d78c34d37d50bbe
22b616fbb918b0220783bbf1c5ab4ce14660591e
791c94635c2e9846cbb28373dd09b827bda9fa29f30fe9c2f844b8b02ba93496

HTTP Headers

GET /shared-js/assets/fnr.js HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:33 GMT
content-type: application/javascript
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
vary: Accept-Encoding
etag: W/"62d11a1d-165c"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833

116.202.184.109

304 Not Modified

0 B

URL HTTP/2
open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833 HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 22 Dec 2022 09:48:27 GMT
If-None-Match: W/"63a427eb-471"
TE: trailers

HTTP/2 304 Not Modified
server: nginx
date: Sat, 24 Dec 2022 14:35:35 GMT
last-modified: Thu, 22 Dec 2022 09:48:27 GMT
etag: "63a427eb-471"
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2

js.nextpsh.top/ps/ps.js?pl=true&id=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&sub_id=

46.148.125.182

200 OK

22 kB

URL HTTP/2
js.nextpsh.top/ps/ps.js?pl=true&id=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&sub_id=
IP
46.148.125.182:0
ASN
#35277 Llhost Inc. Srl

File type
Unicode text, UTF-8 text, with very long lines (21637), with no line terminators
Size
22 kB (21878 bytes)
Hash
e727df77495da235880dd4188f92de75
8de1da2767667b1e14a56998fde7dde401bf41f0
0752bf78496a7fa9764290d365e9945cda4c1d906f336bebf57522a1b53ada5e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ps/ps.js?pl=true&id=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&sub_id= HTTP/1.1
Host: js.nextpsh.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/
Cookie: __psu=e68f3c15-fbc2-4e6e-883c-7373c6a38713
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:35 GMT
content-type: application/javascript
content-length: 21878
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15114
Expires: Sat, 24 Dec 2022 18:47:29 GMT
Date: Sat, 24 Dec 2022 14:35:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15114
Expires: Sat, 24 Dec 2022 18:47:29 GMT
Date: Sat, 24 Dec 2022 14:35:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc328f2e44d4ac962c03be665dbf6436
7ac1bb5dd0d42c9cb2e6a67b06b55934190691fe
7d7ced4a7da10564449ddec77f05d85557a2b2f7e8fe2a7d15541c7b52aee928

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7CED4A7DA10564449DDEC77F05D85557A2B2F7E8FE2A7D15541C7B52AEE928"
Last-Modified: Thu, 22 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15114
Expires: Sat, 24 Dec 2022 18:47:29 GMT
Date: Sat, 24 Dec 2022 14:35:35 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d8a813d-10ee-4216-bb6b-8bcd1d8141e4.jpeg

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d8a813d-10ee-4216-bb6b-8bcd1d8141e4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7669 bytes)
Hash
6d90b80ebad103c48c3043c8d5e4c3ca
ab36c9309ce13b2a3d075461c2445f76bfc582aa
2287a6db0a6a58c570930c1f94c3b36d7acf383b26cdfa42261eb254598fa7c2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2d8a813d-10ee-4216-bb6b-8bcd1d8141e4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7669
x-amzn-requestid: 4b35e79d-21c8-48d7-b11b-44bd820e29d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnnROG4UoAMFZdA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f3a-765739ad7e9063781ccb12b2;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:35:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lhQA2yVBNtJ04goTms0KXhX6Q4v86TEe4EUioQs3eJzzMsCxbVmykw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:39:58 GMT
age: 60937
etag: "ab36c9309ce13b2a3d075461c2445f76bfc582aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46c838f6-5365-43bb-981e-8ddefc5f3f14.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5659 bytes)
Hash
2d4cf077d410b94f1326e942304f9e9b
98fb13feecfada3cc8b467aa48d7cdf1ed8ab001
ec82cd83bfd4da849888b0535c9764cd4d462ef9e12c5934512858375908dfe4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46c838f6-5365-43bb-981e-8ddefc5f3f14.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5659
x-amzn-requestid: bc225a93-868b-42d4-aa94-c8fa16ef2c64
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dk33gHUqIAMFg1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a50696-7710727f0f086a791a0e7939;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 01:38:30 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Es7YaIRVfiybyKGY41ZE5UYSN0bfn6LmOUqcYZASi9QsXQqR9NSwTA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Dec 2022 05:20:54 GMT
age: 33281
etag: "98fb13feecfada3cc8b467aa48d7cdf1ed8ab001"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b8b6b6f-05a3-4eb5-804c-574c03992933.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8078 bytes)
Hash
8a63236113546a7bfb369d741c2b76e2
737f6730f63deff51a39ef094fa1a263b91db89b
b811838126a7d3e814415c3b869f9f224361ef468c08c4c7d5e385371149263a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9b8b6b6f-05a3-4eb5-804c-574c03992933.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8078
x-amzn-requestid: 0fa11c0d-584a-4790-83fe-d10780dd6df9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnncXGjDIAMFvfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a61f82-452f8acd148122756a8f0230;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ZsYREhlLzv_oHiB1qgGuelsC8t99SUMILEGgU42tKWeugQUU5iFgBA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:47:42 GMT
age: 60473
etag: "737f6730f63deff51a39ef094fa1a263b91db89b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e532075-b8a0-41ff-8f08-8512cbb1b3d4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10356 bytes)
Hash
3071a834e874a992c3b14f7a3f91b30f
559014c7e6e5019097b7da8b3a820a80a1f55b6c
4f8e29303936b4168f0ad765d8a2773a7247f249396147f68f6f9639b1ad1208

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e532075-b8a0-41ff-8f08-8512cbb1b3d4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10356
x-amzn-requestid: 32dbf731-a18f-4150-b3cd-f30d2ab3c6a1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dnoi1GY2oAMFesg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a62145-55a5f14a6ea6e7dc3754a8be;Sampled=0
x-amzn-remapped-date: Fri, 23 Dec 2022 21:44:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: I-X2fEUZq8ogVCK-SeYSAgdEupzhzeBxgZv0WaVunieB4pgXxjqn2w==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:48:16 GMT
age: 60439
etag: "559014c7e6e5019097b7da8b3a820a80a1f55b6c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

feed.cdnpsh.com/ps/config.js?id=H0anArg2BE-Tm1mXvpGzUw

5.75.133.219

200 OK

7.7 kB

URL HTTP/2
feed.cdnpsh.com/ps/config.js?id=H0anArg2BE-Tm1mXvpGzUw
IP
5.75.133.219:0
ASN
#24940 Hetzner Online GmbH

File type
data
Size
7.7 kB (7727 bytes)
Hash
7b46f43881805dd23acc5e692501ff9b
907c5828dbd698f67d82ef3fbe8951042fee63f5
460096be9a813da4ba42d2a8c3a51bcf10bcc2af165d7543fc7c120cece37034

HTTP Headers

GET /ps/config.js?id=H0anArg2BE-Tm1mXvpGzUw HTTP/1.1
Host: feed.cdnpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/
Cookie: __psu=460f3468-a358-4eae-839e-45c0ce3ba70f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:35 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdce5468-cf1b-4a55-968b-1aaa101e60d6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11939 bytes)
Hash
38cc82b5e5d8c2fee6f51021e156ec81
eafb4e029313caabcdbdc1002abcab95f66e91b1
b8cad011e1a98ee4e896f00263495aab7f9cab986736a7a5b4187b8e94c46493

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcdce5468-cf1b-4a55-968b-1aaa101e60d6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11939
x-amzn-requestid: a00e5ab5-ad16-4576-b046-381e36456998
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dkUhqE94oAMFu5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a4ce0a-28687ad51eea1f6f3ce8cc86;Sampled=0
x-amzn-remapped-date: Thu, 22 Dec 2022 21:37:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: GZ4CbztfUpuPUplTacPrTbsufySu214BVAvkmxZe_PA2t89nsTFCdw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Dec 2022 21:37:34 GMT
age: 61081
etag: "eafb4e029313caabcdbdc1002abcab95f66e91b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

open.flintguard.top/sw-361182a29ff75afad0e75ed53d8daf8b.js

116.202.184.109

304 Not Modified

0 B

URL HTTP/2
open.flintguard.top/sw-361182a29ff75afad0e75ed53d8daf8b.js
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sw-361182a29ff75afad0e75ed53d8daf8b.js HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Thu, 17 Feb 2022 13:24:13 GMT
If-None-Match: W/"620e4c7d-954"
Cache-Control: max-age=0
TE: trailers

HTTP/2 304 Not Modified
server: nginx
date: Sat, 24 Dec 2022 14:35:36 GMT
last-modified: Thu, 17 Feb 2022 13:24:13 GMT
etag: "620e4c7d-954"
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2

open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833

116.202.184.109

200 OK

0 B

URL HTTP/2
open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833 HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:33 GMT
content-type: text/html
last-modified: Thu, 22 Dec 2022 09:48:27 GMT
vary: Accept-Encoding
etag: W/"63a427eb-471"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

open.flintguard.top/play-music-video/assets/trls.js

116.202.184.109

200 OK

0 B

URL HTTP/2
open.flintguard.top/play-music-video/assets/trls.js
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /play-music-video/assets/trls.js HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:33 GMT
content-type: application/javascript
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
vary: Accept-Encoding
etag: W/"62d11a1d-1de3"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

open.flintguard.top/sw-361182a29ff75afad0e75ed53d8daf8b.js

116.202.184.109

200 OK

0 B

URL HTTP/2
open.flintguard.top/sw-361182a29ff75afad0e75ed53d8daf8b.js
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sw-361182a29ff75afad0e75ed53d8daf8b.js HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:34 GMT
content-type: application/javascript
last-modified: Thu, 17 Feb 2022 13:24:13 GMT
vary: Accept-Encoding
etag: W/"620e4c7d-954"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

open.flintguard.top/play-music-video/assets/style.css

116.202.184.109

200 OK

0 B

URL HTTP/2
open.flintguard.top/play-music-video/assets/style.css
IP
116.202.184.109:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /play-music-video/assets/style.css HTTP/1.1
Host: open.flintguard.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/play-music-video/?pl=H0anArg2BE-Tm1mXvpGzUw&sm=play-music-video&click_id=71a7ahente2whbl035&hash=OKLv8SrME6fcKYaCkwiMpA&exp=1671892833
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:33 GMT
content-type: text/css
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
vary: Accept-Encoding
etag: W/"62d11a1d-702"
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

js.pushssp.top/ps/pl.js

5.75.133.219

200 OK

0 B

URL HTTP/2
js.pushssp.top/ps/pl.js
IP
5.75.133.219:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ps/pl.js HTTP/1.1
Host: js.pushssp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:34 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2

js.pushssp.top/ps/pl.js

5.75.133.219

200 OK

0 B

URL HTTP/2
js.pushssp.top/ps/pl.js
IP
5.75.133.219:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ps/pl.js HTTP/1.1
Host: js.pushssp.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://open.flintguard.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 24 Dec 2022 14:35:35 GMT
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (42)

URL HTTP/1.1

IP

ASN

File type

Size