| js.cdntoswitchspirit.com/source/split.js | 172.67.209.227 | 200 OK | 22 kB |
URL GET HTTP/3js.cdntoswitchspirit.com/source/split.js IP172.67.209.227:443
Requested byhttps://146.19.213.178/kabhi-lvd-n-khn-2006-7/10800/ CertificateIssuerLet's Encrypt Subjectcdntoswitchspirit.com FingerprintDF:DB:EE:70:5A:39:BB:E7:A9:C6:4B:5C:24:04:56:6B:D0:D3:C0:AD ValidityMon, 29 Apr 2024 10:49:03 GMT - Sun, 28 Jul 2024 10:49:02 GMT
File typeJavaScript source, ASCII text, with very long lines (36341), with no line terminators Hashfe59aea1c787d361c69c43c46a747767 2cc61a29d05db4814718cc60450876419afc5d24 9763b6045876ff0f6ddf7f20e19d631346a2f132e675ff1601896b3625fd9816
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /source/split.js HTTP/1.1
Host: js.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://146.19.213.178/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 17:31:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 30 Apr 2024 15:35:14 GMT
vary: Accept-Encoding
etag: W/"66310fb2-8df5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 29113
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ommLAj4i1mf634ewnjhaD3ePGKbCak7%2BYLOj1ZhMBvugYO%2FkKzSBf5ADbvgbmUEQVWehYawiva6a4O0tCTRvLR%2BYyPIP8WNiEOFbm%2BCuf%2FG4nxvS%2FklrNwJ1RisZeFDsooeirh%2Fj9dI8fgM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b2faa193d568e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| done.restartyourchoices.com/stepone | 188.114.97.1 | 200 OK | 0 B |
URL GET HTTP/3done.restartyourchoices.com/stepone IP188.114.97.1:443
Requested byhttps://146.19.213.178/kabhi-lvd-n-khn-2006-7/10800/ CertificateIssuerLet's Encrypt Subjectrestartyourchoices.com Fingerprint1E:64:C0:EA:CA:57:4F:66:CB:2A:33:CF:E5:2D:8D:F5:B1:21:CE:D6 ValidityThu, 02 May 2024 15:04:04 GMT - Wed, 31 Jul 2024 15:04:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stepone HTTP/1.1
Host: done.restartyourchoices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://146.19.213.178/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 17:31:56 GMT
content-type: application/javascript
content-length: 0
cache-control: no-cache, no-store, must-revalidate
expires: Wed, 08 May 2024 17:31:56 GMT
set-cookie: _subid=376l60jina44g; expires=Sat, 08 Jun 2024 17:31:56 GMT; path=/
a4fba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjUxXCI6MTcxNTE4OTUxNn0sXCJjYW1wYWlnbnNcIjp7XCIxNVwiOjE3MTUxODk1MTZ9LFwidGltZVwiOjE3MTUxODk1MTZ9In0.uSxVa9WszIEWECUZTxu9S53pcjU0cpdKFKdF6Ep1zDQ; expires=Wed, 14 Sep 2078 19:03:52 GMT; path=/
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q76sYrG9RLnxtY7veWryb%2B2netsHsoxc%2FwS5BsUKUhCfGHAGPHhiIxyJMeu9%2BUUYYmeviR8zFb%2B1Me8GLGmfX%2FNCxnc1c8XU65rdlDZt9YQoigRgy9qmQP1qlaa9rJTZqKJsCRPpno6%2FOqgbNg4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b2fac5a187130-OSL
alt-svc: h3=":443"; ma=86400
|
|
| chest.cdntoswitchspirit.com/scripts/connections.js | 172.67.209.227 | 200 OK | 10 kB |
URL GET HTTP/2chest.cdntoswitchspirit.com/scripts/connections.js IP172.67.209.227:443
Requested byhttps://146.19.213.178/kabhi-lvd-n-khn-2006-7/10800/ CertificateIssuerLet's Encrypt Subjectcdntoswitchspirit.com FingerprintDF:DB:EE:70:5A:39:BB:E7:A9:C6:4B:5C:24:04:56:6B:D0:D3:C0:AD ValidityMon, 29 Apr 2024 10:49:03 GMT - Sun, 28 Jul 2024 10:49:02 GMT
File typeJavaScript source, ASCII text, with very long lines (10458), with no line terminators Hash2f55ce25abc861b92352d8d02a680307 57941c0f50200a0a6b8b9fdc8c72cd19db9a1392 833458a6c0f1e53614fa5cde6e3dacd63186bf18d12f8665828c1c031543df46
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /scripts/connections.js HTTP/1.1
Host: chest.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://146.19.213.178/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:31:55 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 09:16:52 GMT
vary: Accept-Encoding
etag: W/"663b4304-28da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 29115
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=slfaREVRs559dQj6heoibO8Y4eAD67niXi5zYm9YZiaKxxulUlifqhjkfmR%2FvscGm2b2uSvTdKrfXLh11u0UQzCrG3KdMPNf6WrRzTnyKEPoCjgZP4ovldgfUdGd0PgkuhL5taSZ7xoTb5wUgsI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b2fa95883b4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 146.19.213.178/favicon.ico | 146.19.213.178 | 302 Found | 2.9 kB |
URL GET HTTP/3146.19.213.178/favicon.ico IP146.19.213.178:443
Requested byhttps://146.19.213.178/kabhi-lvd-n-khn-2006-7/10800/ CertificateIssuerZeroSSL Subject146.19.213.178 Fingerprint7B:F9:C0:B7:75:32:DE:A9:A8:3E:31:45:0C:A8:C7:4D:C7:4A:7D:C9 ValidityThu, 18 Apr 2024 00:00:00 GMT - Wed, 17 Jul 2024 23:59:59 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: 146.19.213.178
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://146.19.213.178/kabhi-lvd-n-khn-2006-7/10800/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
cf-ray: 880b2fa9f80fc24c-VIE
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-redirect-by: WordPress
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xX71yejEEsQzssSsDbpVUgyxeYVuEIpKB1WJkJeDEjMgkWmrjJEtnMfVzQivcAyauRRDkf2Cz%2Fy0sr9B2rUv4XnXVfnbG4DKr%2Fk00bXm6ixIvSFxsX7UPcfiNAgut%2BwK19oj3PI3WycR"}],"group":"cf-nel","max_age":604800}
server: Caddy, cloudflare
date: Wed, 08 May 2024 17:31:55 GMT
location: https://146.19.213.178/wp-content/uploads/2019/04/BK21-60x60.png
link: <https://146.19.213.178/wp-json/>; rel="https://api.w.org/"
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
|
|
| jquery.restartyourchoices.com/cdncollect?r1=146.19.213.178 | 188.114.97.1 | 200 OK | 10 kB |
URL GET HTTP/2jquery.restartyourchoices.com/cdncollect?r1=146.19.213.178 IP188.114.97.1:443
Requested byhttps://146.19.213.178/kabhi-lvd-n-khn-2006-7/10800/ CertificateIssuerLet's Encrypt Subjectrestartyourchoices.com Fingerprint1E:64:C0:EA:CA:57:4F:66:CB:2A:33:CF:E5:2D:8D:F5:B1:21:CE:D6 ValidityThu, 02 May 2024 15:04:04 GMT - Wed, 31 Jul 2024 15:04:03 GMT
File typeJavaScript source, ASCII text, with very long lines (10370) Hasha670ec3dd6fa757de5d5aab7abddfe59 07efb08354a342ae821e52b60728a31945c95759 a9aa76d5655c965f1feceec22619fa26acb1c4832f76ea25a79201bbc2b2c2f0
GET /cdncollect?r1=146.19.213.178 HTTP/1.1
Host: jquery.restartyourchoices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://146.19.213.178/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 17:31:56 GMT
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
expires: Wed, 08 May 2024 17:31:56 GMT
set-cookie: _subid=376l60jina441; expires=Sat, 08 Jun 2024 17:31:56 GMT; path=/
a4fba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQxXCI6MTcxNTE4OTUxNn0sXCJjYW1wYWlnbnNcIjp7XCIxM1wiOjE3MTUxODk1MTZ9LFwidGltZVwiOjE3MTUxODk1MTZ9In0.3Q3HYk2zJiw8V_UDehnzD9lYq_AgUgBVepsFnlsOWIg; expires=Thu, 15 Sep 2078 11:03:52 GMT; path=/
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n%2Bp5grXKNvouE1NUGdCgbYjG%2FVmC1BLt1UpvoMHDpRpNBXGdsKHPSxiUzkIHASVpHLXgTXqMalP5mvwpxly%2B8hi9vn27Vkuy%2FpwsgoK8TLPWZfu24C3AzX2BK27RVcY4y2VfMOyVKiYAaJ%2Bhw3V3ng%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880b2fab2c6e712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| 146.19.213.178/wp-content/uploads/2019/04/BK21-60x60.png | 146.19.213.178 | 200 OK | 2.9 kB |
URL GET HTTP/3146.19.213.178/wp-content/uploads/2019/04/BK21-60x60.png IP146.19.213.178:443
Requested byhttps://146.19.213.178/kabhi-lvd-n-khn-2006-7/10800/ CertificateIssuerZeroSSL Subject146.19.213.178 Fingerprint7B:F9:C0:B7:75:32:DE:A9:A8:3E:31:45:0C:A8:C7:4D:C7:4A:7D:C9 ValidityThu, 18 Apr 2024 00:00:00 GMT - Wed, 17 Jul 2024 23:59:59 GMT
File typePNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced Hash4459b1fe9631745ae91d584a91e8cabc cf267bdaa61616492f0e57cee986b28999469b62 39facbee41eed695a90fa48f9b3326824eba7f3ac4571831f5a254b92d9e7586
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /wp-content/uploads/2019/04/BK21-60x60.png HTTP/1.1
Host: 146.19.213.178
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://146.19.213.178/kabhi-lvd-n-khn-2006-7/10800/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
age: 1501
cf-ray: 880b2fac39dac24c-VIE
cache-control: public, max-age=604800
cf-cache-status: HIT
server: Caddy, cloudflare
date: Wed, 08 May 2024 17:31:56 GMT
content-length: 2881
last-modified: Sat, 07 Aug 2021 16:39:23 GMT
etag: "b41-610eb73b-792fd3;;;"
expires: Fri, 03 May 2024 04:34:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hVqZDKdvUU7ecC4lW2ihB1RfxvCCgCuKspslq5NvxEszr5veFWxDK4%2FkI%2F2Elf3%2FcDO0HN5ypKjCNZtCVAjnk%2BwXfwkQRai2%2BWQ2ZwGHWHV6ZBqcbEH8yn3Kp5EA%2FYSCK20k7ZvtpkLE"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
|
|
| 146.19.213.178/kabhi-lvd-n-khn-2006-7/10800/ | 146.19.213.178 | 200 OK | 1.2 kB |
URL User Request GET HTTP/2146.19.213.178/kabhi-lvd-n-khn-2006-7/10800/ IP146.19.213.178:443
CertificateIssuerZeroSSL Subject146.19.213.178 Fingerprint7B:F9:C0:B7:75:32:DE:A9:A8:3E:31:45:0C:A8:C7:4D:C7:4A:7D:C9 ValidityThu, 18 Apr 2024 00:00:00 GMT - Wed, 17 Jul 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (1169), with no line terminators Hash6566aa0c70e25d68ca1c5311834bc047 d17a62394c81d0f3c2237e25e1df920a79e99040 bf23be3bcf964a15c6e9b9da5a0739f77254b446b6247097ce146eeb4b38e4e5
Analyzer | Verdict | Alert | Quad9 DNS | malicious | Sinkholed |
GET /kabhi-lvd-n-khn-2006-7/10800/ HTTP/1.1
Host: 146.19.213.178
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
alt-svc: h3=":443"; ma=2592000
cache-control: no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 880b2fa70d66c24c-VIE
content-type: text/html; charset=UTF-8
date: Wed, 08 May 2024 17:31:55 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
location: https://146.19.213.178
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=77gLfXUvkJO34P7%2BDbR03RF1t0d5f%2Bisz3B3WvGte8L69P%2BywrDyiDFxAqPgshkr2K8R8U6VhZwATb7CsTdkPXlo1vndDkgN%2BYlipHUGrA%2B6zHVqIabuBtj5STtRS%2BF7dDA44Z64CYs7"}],"group":"cf-nel","max_age":604800}
server: Caddy, cloudflare
vary: Accept-Encoding
X-Firefox-Spdy: h2
|
|