249.liecashmeat.live Open in urlscan Pro
141.95.100.100 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://nitrositezero.net/
Effective URL:
https://249.liecashmeat.live/jmmdycoi/?u=pe7k605&o=3u0gcu2&f=1&sid=t1~ig1p3i52bdoefkk0bfikv3ib&fp=RrYpH3CAs0iqhjMap3eXQoc6nYc...
Submission Tags: phishingrod
Submission: On December 24 via api (December 24th 2022, 9:55:27 am UTC) from DE — Scanned from NL

Summary HTTP 29 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 4 countries across 11 domains to perform 29 HTTP transactions. The main IP is 141.95.100.100, located in and belongs to . The main domain is 249.liecashmeat.live.
TLS certificate: Issued by R3 on December 23rd 2022. Valid for: 3 months.

This is the only time 249.liecashmeat.live was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	2a06:98c1:312... 2a06:98c1:3121::c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	88.212.201.198 88.212.201.198	39134 (UNITEDNET) (UNITEDNET)
1 5	5.75.133.219 5.75.133.219	24940 (HETZNER-AS) (HETZNER-AS)
12	116.202.184.109 116.202.184.109	24940 (HETZNER-AS) (HETZNER-AS)
2	46.148.125.182 46.148.125.182	35277 (LLHOST-IN...) (LLHOST-INC-SRL)
4	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2	195.201.93.6 195.201.93.6	24940 (HETZNER-AS) (HETZNER-AS)
1	141.95.100.100 141.95.100.100	() ()
29	10

3 2a06:98c1:3121::c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

nitrositezero.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.198 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 5.75.133.219 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.219.133.75.5.clients.your-server.de

a.psh-new.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.pushssp.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
feed.cdnpsh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 116.202.184.109 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.109.184.202.116.clients.your-server.de

open.flintguard.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.148.125.182 (Haarlem, Netherlands)

ASN35277 (LLHOST-INC-SRL, RO)
PTR: har57.srv.llhost-inc.com

js.nextpsh.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 195.201.93.6 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.6.93.201.195.clients.your-server.de

mostwinhere.life	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.100.100 (None, )

ASN- ()

249.liecashmeat.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	flintguard.top open.flintguard.top — Cisco Umbrella Rank: 311827	59 KB
4	gstatic.com www.gstatic.com	35 KB
3	nitrositezero.net 1 redirects nitrositezero.net	4 KB
2	mostwinhere.life mostwinhere.life	40 KB
2	cdnpsh.com feed.cdnpsh.com	874 B
2	nextpsh.top js.nextpsh.top — Cisco Umbrella Rank: 195498	43 KB
2	pushssp.top js.pushssp.top	2 KB
2	yadro.ru 1 redirects counter.yadro.ru — Cisco Umbrella Rank: 9559	1 KB
1	liecashmeat.live 249.liecashmeat.live
1	psh-new.top 1 redirects a.psh-new.top — Cisco Umbrella Rank: 628190	337 B
1	bootstrapcdn.com stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2384	25 KB
29	11

	Domain	Requested by
12	open.flintguard.top	nitrositezero.net open.flintguard.top js.nextpsh.top
4	www.gstatic.com	js.nextpsh.top
3	nitrositezero.net	1 redirects nitrositezero.net
2	mostwinhere.life	js.nextpsh.top mostwinhere.life
2	feed.cdnpsh.com	js.nextpsh.top
2	js.nextpsh.top	js.pushssp.top
2	js.pushssp.top	open.flintguard.top
2	counter.yadro.ru	1 redirects
1	249.liecashmeat.live	mostwinhere.life
1	a.psh-new.top	1 redirects
1	stackpath.bootstrapcdn.com	nitrositezero.net
29	11

This site contains no links.

Subject Issuer	Validity	Valid
*.nitrositezero.net GTS CA 1P5	`2022-12-24` - `2023-03-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
flintguard.top R3	`2022-12-05` - `2023-03-05`	3 months	crt.sh
pushssp.top R3	`2022-12-02` - `2023-03-02`	3 months	crt.sh
js.nextpsh.top R3	`2022-12-09` - `2023-03-09`	3 months	crt.sh
cdnpsh.com R3	`2022-12-21` - `2023-03-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
mostwinhere.life R3	`2022-12-19` - `2023-03-19`	3 months	crt.sh
*.liecashmeat.live R3	`2022-12-23` - `2023-03-23`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://249.liecashmeat.live/jmmdycoi/?u=pe7k605&o=3u0gcu2&f=1&sid=t1~ig1p3i52bdoefkk0bfikv3ib&fp=RrYpH3CAs0iqhjMap3eXQoc6nYc%2Fl9zLnK7L7JO1SwdsmbutNxbOoLmhKUz3EYeX46Nx53hV9ZOGeYgX7SAkFNdxVrwhFfvv4Ttfy9dM3sToy54Wm1QR03Hw5NpuvPQPekz9WjkvCEQb0UeJGBpheOyfhfnWLGRnDHZiPiUEHtpBhUp0CGn7%2BTjB1rNB%2BlkFizKCvWxo07RAPh1o1gzKOoyV8X%2B%2B%2Bu3gxw6VYFEnMk6ftyl2JJHqtp7AG91HHYCFX7iJyIJIzUDqyAuKdLxU0nzRfwRAm2EaNWT%2BAR6om%2FFJSN2lUfiQVYvkfr4mkn3N%2BM8sn0%2FNabtIzLHcs6XMzxjJx9ad%2BjWN8TY7pUQCwWGCEf0iRiGFyTGI5Ry30exUx8UbVTtO%2BtN7jFlmQtxtRomk1v0fCAqwWc7KdD0pBOcFvCQN97btrn99H2btykVSvQttqKGo8TPl2NX0237h4JYoQlda20UCyTW%2B8NyJEZdBwmgsyWViF%2FNVIbbAYgwH1cqOylldV3r2u3YxFxV%2BaWZpTrHrYp%2B35HEUkCM%2BNF20l2fkI5NLZC7l7%2BjDir6gJ5UCsNg9kiI8sEwVh4hPoCp8tWOdsr8vnz84pBY%2BXyQjTrFV5%2BP810tpQHDppXWF0vT19proMcnGgHEeGS1dph05O39gS1bw7XLVXO%2BxtTqWRwKFA1ywYSiJ5zy6BkimZlmKiiL8ro2SJ%2FmjGTFHwcKlx2TH1JpkFg%2Fywu8eDrMOastOsGFhl7yN%2B2saj86wuvbIxgJZDSfusyfLmtzxZsF72A7ah6DY96tZeiD2lGbOt5UJvTjl7%2FzIYdGT%2Fn2YCCQ7hijKYzqc4TcFCIl%2FheZRdv3YcXEWMG27OWgLcQsc2%2FPUj5vg%2B2%2FreFeTorBg5I2FyE5HxM3vZMU2jlDjIK%2FnMMJtBSzjGs1Nce3k%2FwWkc7INYXUM17%2BhAjWOcsAhbeIZ2VK5%2BFGMQrt6yu0kzEKMjcTCrTbqhvzS83kQliqF6KDd%2Fd6l7m8m8Z6jBTiP3O8d3rw0uT%2BdXCUQEuRlvktRhTsoDZUfXg1360G4jsynR6JBGM9gVHfK%2B4Y5TQenr%2BbCniyN9xDEbUKkicH2UnxUnb9Tg%2FQQRnlY5kA2oFK08O44g5U53ohjjmcbEWzITlVFmGUZExDznU%2FaoUJdu%2FwvteXjQ%2BDLhH5xRDeAKZMVjdFBImxYTFRDDwkYBEDhs%2Fpi7E9zH4f8GxFjq%2BJcNfSusVzTil4noB4N83aUxrztZ2Lrwuslpnq7R1KnisdPjZpyjehroTMPTqFLPRD8seMWQKNiuAvi9Iyn3jSX8nSbaMJPCMA7KZdIW4YYG12NTV%2BlHnTv5mHoKOEllvqU3b1uT3uh5tgCqLfbpA6tH35sVx3ksIvf0wSTbAaZqA1LzwizGdmQocH2xqQYqalugOv9BJgKUGESxb%2BWXxknLdEUfbbfOgElbGzJ1l%2Fxi2EmHYcV50MXjQAZqsmhxV7xXl0%2FhDCJxEIyhq4QMywbz8giARFdOIPJS5%2BeGsnET9vutmBzafD97suU0OHHiBCYb2dPKUacwiUsLRgoLXIPdixPQNxo0VqUA2Oq3cu%2BNA8BMNh40MCWd9X%2FFc7XULKMGpTEjiWokhcXXWr%2FIEK%2Be4TGlK0AvSPfczEwcEQ6mu%2BDcYgv0T2wEN2ir2v8Isx0iREh6d5x29iYaLzshkx%2BPZ8W86fQUh6nQbtTj7vgVgCWH1DXp%2BiO7b6Umg2U7B6xfKFXuV4%2ByeD11CC6qMLGpsUXsGvo0WjOKNQvGMdoP3g45FHgGLXppnD8PQA%2FujBLIFOpLmrmMdjEYFzUnxNGipVM%2Fktmxpb6bdKqtdseipQ7A%2FU1eU37hZiAGTtZY75JX2D8p%2BoCVzi1dkd6%2BlshmEJxTC36DNpOaGoQ1N4pegHd4%2Bohxy56yar15bUXLVzkTGRAqENNEmC%2BWcn7CvfJDaMXBl7dj7O8%2BRuY%2B6bZKxETAVRPSUlXwpnIL13Wkp9IGEgqviyLDAx5qvsAxw9YUwY%3D
Frame ID: DF278B5022485FDD00966A1ACBC09CC1
Requests: 30 HTTP requests in this frame

Frame: https://mostwinhere.life/media/mainstream/frame.html
Frame ID: A131D4B38CBF10E5B6DB24004D0E556E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://nitrositezero.net/ Page URL
https://nitrositezero.net/ HTTP 301
https://a.psh-new.top/?pl=wyqwIiui3U-oMKNOfTV6Dg HTTP 302
https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRrag... Page URL
https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRrag... Page URL
https://mostwinhere.life/?u=pe7k605&o=3u0gcu2 Page URL
https://249.liecashmeat.live/jmmdycoi/?u=pe7k605&o=3u0gcu2&f=1&sid=t1~ig1p3i52bdoefkk0bfikv3ib&fp=RrYpH3C... Page URL

Detected technologies

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

29
Requests

97 %
HTTPS

33 %
IPv6

11
Domains

11
Subdomains

10
IPs

4
Countries

210 kB
Transfer

539 kB
Size

16
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://nitrositezero.net/ Page URL
https://nitrositezero.net/ HTTP 301
https://a.psh-new.top/?pl=wyqwIiui3U-oMKNOfTV6Dg HTTP 302
https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022 Page URL
https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022 Page URL
https://mostwinhere.life/?u=pe7k605&o=3u0gcu2 Page URL
https://249.liecashmeat.live/jmmdycoi/?u=pe7k605&o=3u0gcu2&f=1&sid=t1~ig1p3i52bdoefkk0bfikv3ib&fp=RrYpH3CAs0iqhjMap3eXQoc6nYc%2Fl9zLnK7L7JO1SwdsmbutNxbOoLmhKUz3EYeX46Nx53hV9ZOGeYgX7SAkFNdxVrwhFfvv4Ttfy9dM3sToy54Wm1QR03Hw5NpuvPQPekz9WjkvCEQb0UeJGBpheOyfhfnWLGRnDHZiPiUEHtpBhUp0CGn7%2BTjB1rNB%2BlkFizKCvWxo07RAPh1o1gzKOoyV8X%2B%2B%2Bu3gxw6VYFEnMk6ftyl2JJHqtp7AG91HHYCFX7iJyIJIzUDqyAuKdLxU0nzRfwRAm2EaNWT%2BAR6om%2FFJSN2lUfiQVYvkfr4mkn3N%2BM8sn0%2FNabtIzLHcs6XMzxjJx9ad%2BjWN8TY7pUQCwWGCEf0iRiGFyTGI5Ry30exUx8UbVTtO%2BtN7jFlmQtxtRomk1v0fCAqwWc7KdD0pBOcFvCQN97btrn99H2btykVSvQttqKGo8TPl2NX0237h4JYoQlda20UCyTW%2B8NyJEZdBwmgsyWViF%2FNVIbbAYgwH1cqOylldV3r2u3YxFxV%2BaWZpTrHrYp%2B35HEUkCM%2BNF20l2fkI5NLZC7l7%2BjDir6gJ5UCsNg9kiI8sEwVh4hPoCp8tWOdsr8vnz84pBY%2BXyQjTrFV5%2BP810tpQHDppXWF0vT19proMcnGgHEeGS1dph05O39gS1bw7XLVXO%2BxtTqWRwKFA1ywYSiJ5zy6BkimZlmKiiL8ro2SJ%2FmjGTFHwcKlx2TH1JpkFg%2Fywu8eDrMOastOsGFhl7yN%2B2saj86wuvbIxgJZDSfusyfLmtzxZsF72A7ah6DY96tZeiD2lGbOt5UJvTjl7%2FzIYdGT%2Fn2YCCQ7hijKYzqc4TcFCIl%2FheZRdv3YcXEWMG27OWgLcQsc2%2FPUj5vg%2B2%2FreFeTorBg5I2FyE5HxM3vZMU2jlDjIK%2FnMMJtBSzjGs1Nce3k%2FwWkc7INYXUM17%2BhAjWOcsAhbeIZ2VK5%2BFGMQrt6yu0kzEKMjcTCrTbqhvzS83kQliqF6KDd%2Fd6l7m8m8Z6jBTiP3O8d3rw0uT%2BdXCUQEuRlvktRhTsoDZUfXg1360G4jsynR6JBGM9gVHfK%2B4Y5TQenr%2BbCniyN9xDEbUKkicH2UnxUnb9Tg%2FQQRnlY5kA2oFK08O44g5U53ohjjmcbEWzITlVFmGUZExDznU%2FaoUJdu%2FwvteXjQ%2BDLhH5xRDeAKZMVjdFBImxYTFRDDwkYBEDhs%2Fpi7E9zH4f8GxFjq%2BJcNfSusVzTil4noB4N83aUxrztZ2Lrwuslpnq7R1KnisdPjZpyjehroTMPTqFLPRD8seMWQKNiuAvi9Iyn3jSX8nSbaMJPCMA7KZdIW4YYG12NTV%2BlHnTv5mHoKOEllvqU3b1uT3uh5tgCqLfbpA6tH35sVx3ksIvf0wSTbAaZqA1LzwizGdmQocH2xqQYqalugOv9BJgKUGESxb%2BWXxknLdEUfbbfOgElbGzJ1l%2Fxi2EmHYcV50MXjQAZqsmhxV7xXl0%2FhDCJxEIyhq4QMywbz8giARFdOIPJS5%2BeGsnET9vutmBzafD97suU0OHHiBCYb2dPKUacwiUsLRgoLXIPdixPQNxo0VqUA2Oq3cu%2BNA8BMNh40MCWd9X%2FFc7XULKMGpTEjiWokhcXXWr%2FIEK%2Be4TGlK0AvSPfczEwcEQ6mu%2BDcYgv0T2wEN2ir2v8Isx0iREh6d5x29iYaLzshkx%2BPZ8W86fQUh6nQbtTj7vgVgCWH1DXp%2BiO7b6Umg2U7B6xfKFXuV4%2ByeD11CC6qMLGpsUXsGvo0WjOKNQvGMdoP3g45FHgGLXppnD8PQA%2FujBLIFOpLmrmMdjEYFzUnxNGipVM%2Fktmxpb6bdKqtdseipQ7A%2FU1eU37hZiAGTtZY75JX2D8p%2BoCVzi1dkd6%2BlshmEJxTC36DNpOaGoQ1N4pegHd4%2Bohxy56yar15bUXLVzkTGRAqENNEmC%2BWcn7CvfJDaMXBl7dj7O8%2BRuY%2B6bZKxETAVRPSUlXwpnIL13Wkp9IGEgqviyLDAx5qvsAxw9YUwY%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://counter.yadro.ru/hit;lootraffer2?r;s1600*1200*24;uhttps%3A//nitrositezero.net/;hWacht.;0.3472739724271181 HTTP 302
https://counter.yadro.ru/hit;lootraffer2?q;r;s1600*1200*24;uhttps%3A//nitrositezero.net/;hWacht.;0.3472739724271181

Request Chain 4

https://nitrositezero.net/ HTTP 301
https://a.psh-new.top/?pl=wyqwIiui3U-oMKNOfTV6Dg HTTP 302
https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

29 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
nitrositezero.net/ 5 KB
3 KB 367ms
133ms Document
text/html 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nitrositezero.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5aaae803e64982e772bfe2232801046dfd6907601969cdcf24fd64e2ef4b9865

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 77e875ffc938b8bb-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 24 Dec 2022 09:55:22 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=giClqQbwzEpL%2BjR%2Bb0Sto5s2F19qYNWGMJHM%2BFPCCwAYYaqgvyylQPGs07kTtYwAtz57%2BIEv5b9yX5cihTTCJAD8em2bf8%2BAD158XRKXgADML8ed5zKnzzG3X8yeT1pXpYeNxiCO1zS%2Bv7AmGRRlxw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-cms: AntiBot.Cloud (See: https://antibot.cloud/)

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/ 156 KB
25 KB 114ms
40ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css

Requested by

Host: nitrositezero.net
URL: https://nitrositezero.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://nitrositezero.net/
Origin: https://nitrositezero.net
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 883
cdn-cachedat: 08/08/2022 17:59:11
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:09 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"7cc40c199d128af6b01e74a28c5900b0"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: f5ffa146e3159ad67f759df704672a9f
timing-allow-origin: *
cdn-requestcountrycode: NL
cdn-status: 200
cf-ray: 77e876012c7d1cd2-AMS
cdn-requestpullsuccess: True

GET
H/1.1

200
OK

hit;lootraffer2
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit;lootraffer2?r;s1600*1200*24;uhttps%3A//nitrositezero.net/;hWacht.;0.3472739724271181
https://counter.yadro.ru/hit;lootraffer2?q;r;s1600*1200*24;uhttps%3A//nitrositezero.net/;hWacht.;0.3472739724271181

43 B
528 B

67ms
66ms

Image
image/gif

88.212.201.198
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit;lootraffer2?q;r;s1600*1200*24;uhttps%3A//nitrositezero.net/;hWacht.;0.3472739724271181

Protocol

HTTP/1.1

Server

88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host198.rax.ru

Software

nginx/1.17.9 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://nitrositezero.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 24 Dec 2022 09:55:22 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Thu, 23 Dec 2021 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 24 Dec 2022 09:55:22 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: text/html
Location: https://counter.yadro.ru/hit;lootraffer2?q;r;s1600*1200*24;uhttps%3A//nitrositezero.net/;hWacht.;0.3472739724271181
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Length: 32
Expires: Thu, 23 Dec 2021 21:00:00 GMT

POST
H2 200 ab.php
nitrositezero.net/antibot777/ 72 B
428 B 39ms
38ms XHR
text/html 2a06:98c1:3121::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nitrositezero.net/antibot777/ab.php
Requested by: Host: nitrositezero.net
URL: https://nitrositezero.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://nitrositezero.net/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-type: application/x-www-form-urlencoded;

Response headers

date: Sat, 24 Dec 2022 09:55:22 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-cms: AntiBot.Cloud (See: https://antibot.cloud/)
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OJno%2BmxCTl%2Fg4HF1oHQAe1Iqk%2FCxEw9LMPx6u2I604jSgDhvIqEjoRSBHASTHdTU7uqnI9B6OyyzIaATwQj12VC67jwJ81n%2F9E50HzgaTW8ojYe40rSQ1OXycPw%2FqUEmFui1cCJxFiTz9IpCBh%2FhmA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
x-robots-tag: noindex
access-control-allow-headers: *
cf-ray: 77e87601bbc9b8bb-AMS
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

/ Show response
open.flintguard.top/eyes-robot/
Redirect Chain

https://nitrositezero.net/
https://a.psh-new.top/?pl=wyqwIiui3U-oMKNOfTV6Dg
https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

1 KB
710 B

223ms
68ms

Document
text/html

116.202.184.109
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

Requested by

Host: nitrositezero.net
URL: https://nitrositezero.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.184.109 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.109.184.202.116.clients.your-server.de

Software

nginx /

Resource Hash

227d91eb11ee7c53542aba223aea1138aea3113d606c18c21da850a38ba30bba

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://nitrositezero.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Sat, 24 Dec 2022 09:55:22 GMT
etag: W/"63a427eb-535"
last-modified: Thu, 22 Dec 2022 09:48:27 GMT
server: nginx
strict-transport-security: max-age=63072000
vary: Accept-Encoding

Redirect headers

cache-control: max-age=0, no-cache, no-store, must-revalidate
content-length: 0
date: Sat, 24 Dec 2022 09:55:22 GMT
location: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
server: nginx

GET
H2 200 trls.js Show response
open.flintguard.top/eyes-robot/assets/ 13 KB
3 KB 45ms
44ms Script
application/javascript 116.202.184.109
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://open.flintguard.top/eyes-robot/assets/trls.js

Requested by

Host: open.flintguard.top
URL: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.184.109 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.109.184.202.116.clients.your-server.de

Software

nginx /

Resource Hash

12c03fed9dccd38f88fefd11dfacfa1c96532eb64257ec0245e333d63633e4e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:23 GMT
strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
server: nginx
etag: W/"62d11a1d-3474"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 fnr.js Show response
open.flintguard.top/shared-js/assets/ 6 KB
2 KB 88ms
88ms Script
application/javascript 116.202.184.109
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://open.flintguard.top/shared-js/assets/fnr.js

Requested by

Host: open.flintguard.top
URL: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.184.109 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.109.184.202.116.clients.your-server.de

Software

nginx /

Resource Hash

71e79f46be6883cb94673cb02041031b186ef525e8d4a15ae86dc4f11cdfb206

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:23 GMT
strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
server: nginx
etag: W/"62d11a1d-165c"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 style.css
open.flintguard.top/eyes-robot/assets/ 18 KB
12 KB 87ms
87ms Stylesheet
text/css 116.202.184.109
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://open.flintguard.top/eyes-robot/assets/style.css

Requested by

Host: open.flintguard.top
URL: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.184.109 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.109.184.202.116.clients.your-server.de

Software

nginx /

Resource Hash

794abc29a7074ba2b37f00f63a4c028c000c8dbb996736d4f322dbdbf2995c7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:23 GMT
strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
server: nginx
etag: W/"62d11a1d-4685"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 1.png
open.flintguard.top/eyes-robot/assets/ 10 KB
11 KB 56ms
55ms Image
image/png 116.202.184.109
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://open.flintguard.top/eyes-robot/assets/1.png

Requested by

Host: open.flintguard.top
URL: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.184.109 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.109.184.202.116.clients.your-server.de

Software

nginx /

Resource Hash

967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:23 GMT
strict-transport-security: max-age=63072000
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
server: nginx
etag: "62d11a1d-295f"
content-type: image/png
accept-ranges: bytes
content-length: 10591

GET
H2 200 2.png
open.flintguard.top/eyes-robot/assets/ 1 KB
1 KB 55ms
55ms Image
image/png 116.202.184.109
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://open.flintguard.top/eyes-robot/assets/2.png

Requested by

Host: open.flintguard.top
URL: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.184.109 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.109.184.202.116.clients.your-server.de

Software

nginx /

Resource Hash

09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:23 GMT
strict-transport-security: max-age=63072000
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
server: nginx
etag: "62d11a1d-425"
content-type: image/png
accept-ranges: bytes
content-length: 1061

GET
H2 200 pl.js Show response
js.pushssp.top/ps/ 2 KB
1 KB 209ms
45ms Script
application/javascript 5.75.133.219
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.pushssp.top/ps/pl.js
Requested by: Host: open.flintguard.top
URL: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.75.133.219 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.219.133.75.5.clients.your-server.de
Software: nginx /
Resource Hash: 2fe4af427bd85f1934a685583b055f2d3879158886cb2e14a6f65c84a809c389

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:23 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/javascript

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f0434a1fc8ffba3a47bbb9f1fa5a2f789651a020e7b86e507ff300b7c367057f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ps.js Show response
js.nextpsh.top/ps/ 21 KB
22 KB 105ms
37ms Script
application/javascript 46.148.125.182
LLHOST-INC-SRL

General

Check archive.org

Show headers Download Go to

Full URL: https://js.nextpsh.top/ps/ps.js?pl=true&id=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&click_id=&sub_id=
Requested by: Host: js.pushssp.top
URL: https://js.pushssp.top/ps/pl.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 46.148.125.182 Haarlem, Netherlands, ASN35277 (LLHOST-INC-SRL, RO),
Reverse DNS: har57.srv.llhost-inc.com
Software: nginx /
Resource Hash: bbc343a1d9ecb99900bce433358dfba3ad372e0707287e1f54887b1663107d88

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:23 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
server: nginx
content-length: 21833
content-type: application/javascript

GET
H2 200 config.js Show response
feed.cdnpsh.com/ps/ 356 B
483 B 229ms
43ms Script
application/javascript 5.75.133.219
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://feed.cdnpsh.com/ps/config.js?id=wyqwIiui3U-oMKNOfTV6Dg
Requested by: Host: js.nextpsh.top
URL: https://js.nextpsh.top/ps/ps.js?pl=true&id=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&click_id=&sub_id=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.75.133.219 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.219.133.75.5.clients.your-server.de
Software: nginx /
Resource Hash: 9bd55a2b4d4726c08c72d29255063b3b5e1737b538e3266024ee0cd0b10d7c52

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:23 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/8.4.1/ 21 KB
7 KB 113ms
33ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.4.1/firebase-app.js

Requested by

Host: js.nextpsh.top
URL: https://js.nextpsh.top/ps/ps.js?pl=true&id=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&click_id=&sub_id=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 12:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163820
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6763
x-xss-protection: 0
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 22 Dec 2023 12:25:03 GMT

GET
H3 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/8.4.1/ 40 KB
11 KB 97ms
32ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

Requested by

Host: js.nextpsh.top
URL: https://js.nextpsh.top/ps/ps.js?pl=true&id=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&click_id=&sub_id=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 12:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163820
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10908
x-xss-protection: 0
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 22 Dec 2023 12:25:03 GMT

GET
H2 200 / Show response
open.flintguard.top/eyes-robot/ 1 KB
709 B 43ms
43ms Document
text/html 116.202.184.109
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

Requested by

Host: js.nextpsh.top
URL: https://js.nextpsh.top/ps/ps.js?pl=true&id=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&click_id=&sub_id=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.184.109 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.109.184.202.116.clients.your-server.de

Software

nginx /

Resource Hash

227d91eb11ee7c53542aba223aea1138aea3113d606c18c21da850a38ba30bba

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Sat, 24 Dec 2022 09:55:24 GMT
etag: W/"63a427eb-535"
last-modified: Thu, 22 Dec 2022 09:48:27 GMT
server: nginx
strict-transport-security: max-age=63072000
vary: Accept-Encoding

GET
H2 200 trls.js Show response
open.flintguard.top/eyes-robot/assets/ 13 KB
3 KB 44ms
43ms Script
application/javascript 116.202.184.109
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://open.flintguard.top/eyes-robot/assets/trls.js

Requested by

Host: open.flintguard.top
URL: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.184.109 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.109.184.202.116.clients.your-server.de

Software

nginx /

Resource Hash

12c03fed9dccd38f88fefd11dfacfa1c96532eb64257ec0245e333d63633e4e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:24 GMT
strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
server: nginx
etag: W/"62d11a1d-3474"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 fnr.js Show response
open.flintguard.top/shared-js/assets/ 6 KB
2 KB 89ms
89ms Script
application/javascript 116.202.184.109
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://open.flintguard.top/shared-js/assets/fnr.js

Requested by

Host: open.flintguard.top
URL: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.184.109 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.109.184.202.116.clients.your-server.de

Software

nginx /

Resource Hash

71e79f46be6883cb94673cb02041031b186ef525e8d4a15ae86dc4f11cdfb206

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:24 GMT
strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
server: nginx
etag: W/"62d11a1d-165c"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 style.css
open.flintguard.top/eyes-robot/assets/ 18 KB
12 KB 86ms
86ms Stylesheet
text/css 116.202.184.109
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://open.flintguard.top/eyes-robot/assets/style.css

Requested by

Host: open.flintguard.top
URL: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.184.109 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.109.184.202.116.clients.your-server.de

Software

nginx /

Resource Hash

794abc29a7074ba2b37f00f63a4c028c000c8dbb996736d4f322dbdbf2995c7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:24 GMT
strict-transport-security: max-age=63072000
content-encoding: gzip
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
server: nginx
etag: W/"62d11a1d-4685"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 1.png
open.flintguard.top/eyes-robot/assets/ 10 KB
11 KB 45ms
43ms Image
image/png 116.202.184.109
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://open.flintguard.top/eyes-robot/assets/1.png

Requested by

Host: open.flintguard.top
URL: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.184.109 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.109.184.202.116.clients.your-server.de

Software

nginx /

Resource Hash

967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:24 GMT
strict-transport-security: max-age=63072000
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
server: nginx
etag: "62d11a1d-295f"
content-type: image/png
accept-ranges: bytes
content-length: 10591

GET
H2 200 2.png
open.flintguard.top/eyes-robot/assets/ 1 KB
1 KB 44ms
43ms Image
image/png 116.202.184.109
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://open.flintguard.top/eyes-robot/assets/2.png

Requested by

Host: open.flintguard.top
URL: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

116.202.184.109 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.109.184.202.116.clients.your-server.de

Software

nginx /

Resource Hash

09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:24 GMT
strict-transport-security: max-age=63072000
last-modified: Fri, 15 Jul 2022 07:41:17 GMT
server: nginx
etag: "62d11a1d-425"
content-type: image/png
accept-ranges: bytes
content-length: 1061

GET
H2 200 pl.js Show response
js.pushssp.top/ps/ 2 KB
1 KB 45ms
43ms Script
application/javascript 5.75.133.219
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js.pushssp.top/ps/pl.js
Requested by: Host: open.flintguard.top
URL: https://open.flintguard.top/eyes-robot/?pl=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&hash=SPNqzidXMLYI-RDRragiqg&exp=1671876022
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.75.133.219 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.219.133.75.5.clients.your-server.de
Software: nginx /
Resource Hash: 2fe4af427bd85f1934a685583b055f2d3879158886cb2e14a6f65c84a809c389

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:24 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/javascript

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f0434a1fc8ffba3a47bbb9f1fa5a2f789651a020e7b86e507ff300b7c367057f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ps.js Show response
js.nextpsh.top/ps/ 21 KB
21 KB 36ms
36ms Script
application/javascript 46.148.125.182
LLHOST-INC-SRL

General

Check archive.org

Show headers Download Go to

Full URL: https://js.nextpsh.top/ps/ps.js?pl=true&id=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&click_id=&sub_id=
Requested by: Host: js.pushssp.top
URL: https://js.pushssp.top/ps/pl.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 46.148.125.182 Haarlem, Netherlands, ASN35277 (LLHOST-INC-SRL, RO),
Reverse DNS: har57.srv.llhost-inc.com
Software: nginx /
Resource Hash: bbc343a1d9ecb99900bce433358dfba3ad372e0707287e1f54887b1663107d88

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:24 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
server: nginx
content-length: 21833
content-type: application/javascript

GET
H2 200 config.js Show response
feed.cdnpsh.com/ps/ 356 B
391 B 45ms
44ms Script
application/javascript 5.75.133.219
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://feed.cdnpsh.com/ps/config.js?id=wyqwIiui3U-oMKNOfTV6Dg
Requested by: Host: js.nextpsh.top
URL: https://js.nextpsh.top/ps/ps.js?pl=true&id=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&click_id=&sub_id=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.75.133.219 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.219.133.75.5.clients.your-server.de
Software: nginx /
Resource Hash: 9bd55a2b4d4726c08c72d29255063b3b5e1737b538e3266024ee0cd0b10d7c52

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Sat, 24 Dec 2022 09:55:24 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/javascript

GET
H3 200 firebase-app.js Show response
www.gstatic.com/firebasejs/8.4.1/ 21 KB
7 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.4.1/firebase-app.js

Requested by

Host: js.nextpsh.top
URL: https://js.nextpsh.top/ps/ps.js?pl=true&id=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&click_id=&sub_id=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 12:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163821
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6763
x-xss-protection: 0
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 22 Dec 2023 12:25:03 GMT

GET
H3 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/8.4.1/ 40 KB
11 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

Requested by

Host: js.nextpsh.top
URL: https://js.nextpsh.top/ps/ps.js?pl=true&id=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&click_id=&sub_id=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://open.flintguard.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 12:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 163821
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10908
x-xss-protection: 0
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 22 Dec 2023 12:25:03 GMT

GET
H/1.1 200
OK / Show response
mostwinhere.life/ 87 KB
40 KB 883ms
149ms Document
text/html 195.201.93.6
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mostwinhere.life/?u=pe7k605&o=3u0gcu2
Requested by: Host: js.nextpsh.top
URL: https://js.nextpsh.top/ps/ps.js?pl=true&id=wyqwIiui3U-oMKNOfTV6Dg&sm=eyes-robot&click_id=&sub_id=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 195.201.93.6 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.6.93.201.195.clients.your-server.de
Software: nginx /
Resource Hash: f8a483f88b1ed8657ad9d9da6842b4bf28c20750edb5f967f16dc16c6f7cc354

Request headers

Referer: https://open.flintguard.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 40205
Content-Type: text/html
Date: Sat, 24 Dec 2022 09:55:25 GMT
Server: nginx
cache-control: private
content-encoding: gzip
vary: Accept-Encoding

GET
H/1.1 200
OK frame.html Show response
mostwinhere.life/media/mainstream/ Frame A131 39 B
320 B 112ms
43ms Document
text/html 195.201.93.6
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://mostwinhere.life/media/mainstream/frame.html
Requested by: Host: mostwinhere.life
URL: https://mostwinhere.life/?u=pe7k605&o=3u0gcu2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 195.201.93.6 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.6.93.201.195.clients.your-server.de
Software: nginx /
Resource Hash: a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e

Request headers

Referer: https://mostwinhere.life/?u=pe7k605&o=3u0gcu2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-transform
Connection: keep-alive
Content-Length: 39
Content-Type: text/html
Date: Sat, 24 Dec 2022 09:55:25 GMT
ETag: "60a50ff7-27"
Last-Modified: Wed, 19 May 2021 13:17:43 GMT
Server: nginx
Vary: Accept-Encoding

GET
H/1.1 200
OK Primary Request /
249.liecashmeat.live/jmmdycoi/ 2 KB
0 1256ms
102ms Document
text/html 141.95.100.100

General

Check archive.org

Show headers Download Go to

Full URL: https://249.liecashmeat.live/jmmdycoi/?u=pe7k605&o=3u0gcu2&f=1&sid=t1~ig1p3i52bdoefkk0bfikv3ib&fp=RrYpH3CAs0iqhjMap3eXQoc6nYc%2Fl9zLnK7L7JO1SwdsmbutNxbOoLmhKUz3EYeX46Nx53hV9ZOGeYgX7SAkFNdxVrwhFfvv4Ttfy9dM3sToy54Wm1QR03Hw5NpuvPQPekz9WjkvCEQb0UeJGBpheOyfhfnWLGRnDHZiPiUEHtpBhUp0CGn7%2BTjB1rNB%2BlkFizKCvWxo07RAPh1o1gzKOoyV8X%2B%2B%2Bu3gxw6VYFEnMk6ftyl2JJHqtp7AG91HHYCFX7iJyIJIzUDqyAuKdLxU0nzRfwRAm2EaNWT%2BAR6om%2FFJSN2lUfiQVYvkfr4mkn3N%2BM8sn0%2FNabtIzLHcs6XMzxjJx9ad%2BjWN8TY7pUQCwWGCEf0iRiGFyTGI5Ry30exUx8UbVTtO%2BtN7jFlmQtxtRomk1v0fCAqwWc7KdD0pBOcFvCQN97btrn99H2btykVSvQttqKGo8TPl2NX0237h4JYoQlda20UCyTW%2B8NyJEZdBwmgsyWViF%2FNVIbbAYgwH1cqOylldV3r2u3YxFxV%2BaWZpTrHrYp%2B35HEUkCM%2BNF20l2fkI5NLZC7l7%2BjDir6gJ5UCsNg9kiI8sEwVh4hPoCp8tWOdsr8vnz84pBY%2BXyQjTrFV5%2BP810tpQHDppXWF0vT19proMcnGgHEeGS1dph05O39gS1bw7XLVXO%2BxtTqWRwKFA1ywYSiJ5zy6BkimZlmKiiL8ro2SJ%2FmjGTFHwcKlx2TH1JpkFg%2Fywu8eDrMOastOsGFhl7yN%2B2saj86wuvbIxgJZDSfusyfLmtzxZsF72A7ah6DY96tZeiD2lGbOt5UJvTjl7%2FzIYdGT%2Fn2YCCQ7hijKYzqc4TcFCIl%2FheZRdv3YcXEWMG27OWgLcQsc2%2FPUj5vg%2B2%2FreFeTorBg5I2FyE5HxM3vZMU2jlDjIK%2FnMMJtBSzjGs1Nce3k%2FwWkc7INYXUM17%2BhAjWOcsAhbeIZ2VK5%2BFGMQrt6yu0kzEKMjcTCrTbqhvzS83kQliqF6KDd%2Fd6l7m8m8Z6jBTiP3O8d3rw0uT%2BdXCUQEuRlvktRhTsoDZUfXg1360G4jsynR6JBGM9gVHfK%2B4Y5TQenr%2BbCniyN9xDEbUKkicH2UnxUnb9Tg%2FQQRnlY5kA2oFK08O44g5U53ohjjmcbEWzITlVFmGUZExDznU%2FaoUJdu%2FwvteXjQ%2BDLhH5xRDeAKZMVjdFBImxYTFRDDwkYBEDhs%2Fpi7E9zH4f8GxFjq%2BJcNfSusVzTil4noB4N83aUxrztZ2Lrwuslpnq7R1KnisdPjZpyjehroTMPTqFLPRD8seMWQKNiuAvi9Iyn3jSX8nSbaMJPCMA7KZdIW4YYG12NTV%2BlHnTv5mHoKOEllvqU3b1uT3uh5tgCqLfbpA6tH35sVx3ksIvf0wSTbAaZqA1LzwizGdmQocH2xqQYqalugOv9BJgKUGESxb%2BWXxknLdEUfbbfOgElbGzJ1l%2Fxi2EmHYcV50MXjQAZqsmhxV7xXl0%2FhDCJxEIyhq4QMywbz8giARFdOIPJS5%2BeGsnET9vutmBzafD97suU0OHHiBCYb2dPKUacwiUsLRgoLXIPdixPQNxo0VqUA2Oq3cu%2BNA8BMNh40MCWd9X%2FFc7XULKMGpTEjiWokhcXXWr%2FIEK%2Be4TGlK0AvSPfczEwcEQ6mu%2BDcYgv0T2wEN2ir2v8Isx0iREh6d5x29iYaLzshkx%2BPZ8W86fQUh6nQbtTj7vgVgCWH1DXp%2BiO7b6Umg2U7B6xfKFXuV4%2ByeD11CC6qMLGpsUXsGvo0WjOKNQvGMdoP3g45FHgGLXppnD8PQA%2FujBLIFOpLmrmMdjEYFzUnxNGipVM%2Fktmxpb6bdKqtdseipQ7A%2FU1eU37hZiAGTtZY75JX2D8p%2BoCVzi1dkd6%2BlshmEJxTC36DNpOaGoQ1N4pegHd4%2Bohxy56yar15bUXLVzkTGRAqENNEmC%2BWcn7CvfJDaMXBl7dj7O8%2BRuY%2B6bZKxETAVRPSUlXwpnIL13Wkp9IGEgqviyLDAx5qvsAxw9YUwY%3D
Requested by: Host: mostwinhere.life
URL: https://mostwinhere.life/?u=pe7k605&o=3u0gcu2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.95.100.100 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://mostwinhere.life/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

Cache-Control: no-transform
Connection: keep-alive
Content-Length: 1154
Content-Type: text/html
Date: Sat, 24 Dec 2022 09:55:26 GMT
Server: nginx
cache-control: private
content-encoding: gzip
vary: Accept-Encoding

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
nitrositezero.net/	1970-01-20 17:10:11	Name: antibot_uid Value: 3f23af719a2453efce4b657c91283f30
.nitrositezero.net/	1970-01-20 08:26:02	Name: antibot_country Value: NL
.nitrositezero.net/	1970-01-20 08:26:02	Name: antibot_lang Value: nl
.nitrositezero.net/	1970-01-20 08:26:02	Name: antibot_ptr Value: 2a00%3A1630%3A0002%3A1c02%3A0000%3A0000%3A0000%3A0008
nitrositezero.net/	1970-01-20 08:34:40	Name: antibot_34e7011b79a86270500045251cb165fa Value: 2c828fc171cf8838ee171b61574bc5c9
nitrositezero.net/	1970-01-20 09:50:59	Name: antibot_referer Value: https%3A%2F%2Fnitrositezero.net%2F
.nitrositezero.net/	1970-01-20 08:26:02	Name: antibot_unique_20221224 Value: 1
.yadro.ru/	1970-01-20 17:09:25	Name: FTID Value: 1ZfioA00M3eT1ZfioA0013su
.yadro.ru/	1970-01-20 17:09:25	Name: VID Value: 0CV8D02HLHeT1ZfioA001IMj
a.psh-new.top/	1970-01-20 08:30:21	Name: wyqwIiui3U-oMKNOfTV6Dg Value: 5
a.psh-new.top/	1970-01-20 18:00:35	Name: __pl Value: 7564fb91-3c14-4805-8de3-c09d59fde1bc
js.nextpsh.top/	1970-01-20 18:00:35	Name: __psu Value: 2a0a204a-08ab-42ff-a046-123c90017fa2
feed.cdnpsh.com/	1970-01-20 18:00:35	Name: __psu Value: e114f0ec-c96e-4ae2-889c-6046c2d257ef
mostwinhere.life/	1969-12-31 23:59:59	Name: sid Value: t1~ig1p3i52bdoefkk0bfikv3ib
mostwinhere.life/	1969-12-31 23:59:59	Name: p1 Value: https://liecashmeat.live/jmmdycoi/
mostwinhere.life/	1969-12-31 23:59:59	Name: s1 Value: mntc7zcky41srewt

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

249.liecashmeat.live
a.psh-new.top
counter.yadro.ru
feed.cdnpsh.com
js.nextpsh.top
js.pushssp.top
mostwinhere.life
nitrositezero.net
open.flintguard.top
stackpath.bootstrapcdn.com
www.gstatic.com
116.202.184.109
141.95.100.100
195.201.93.6
2606:4700::6812:bcf
2a00:1450:4001:82b::2003
2a06:98c1:3121::c
46.148.125.182
5.75.133.219
88.212.201.198
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5
12c03fed9dccd38f88fefd11dfacfa1c96532eb64257ec0245e333d63633e4e4
227d91eb11ee7c53542aba223aea1138aea3113d606c18c21da850a38ba30bba
2fe4af427bd85f1934a685583b055f2d3879158886cb2e14a6f65c84a809c389
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
5aaae803e64982e772bfe2232801046dfd6907601969cdcf24fd64e2ef4b9865
71e79f46be6883cb94673cb02041031b186ef525e8d4a15ae86dc4f11cdfb206
794abc29a7074ba2b37f00f63a4c028c000c8dbb996736d4f322dbdbf2995c7e
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837
9bd55a2b4d4726c08c72d29255063b3b5e1737b538e3266024ee0cd0b10d7c52
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7
bbc343a1d9ecb99900bce433358dfba3ad372e0707287e1f54887b1663107d88
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2
f0434a1fc8ffba3a47bbb9f1fa5a2f789651a020e7b86e507ff300b7c367057f
f8a483f88b1ed8657ad9d9da6842b4bf28c20750edb5f967f16dc16c6f7cc354

249.liecashmeat.live Open in urlscan Pro 141.95.100.100 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

29 Requests

97 %HTTPS

33 %IPv6

11 Domains

11 Subdomains

10 IPs

4 Countries

210 kBTransfer

539 kBSize

16 Cookies

0 Outgoing links

Page URL History

Redirected requests

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

249.liecashmeat.live Open in urlscan Pro
141.95.100.100 Public Scan

Screenshot
Live screenshot

Full Image

29
Requests

97 %
HTTPS

33 %
IPv6

11
Domains

11
Subdomains

10
IPs

4
Countries

210 kB
Transfer

539 kB
Size

16
Cookies

29 HTTP transactions
2 data transactions