Report - waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586

Report Overview

Visited public
2024-02-24 13:35:59
Tags
URL
waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Finishing URL
waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
IP / ASN
185.174.173.22
#21100 ITL LLC
Title
Recover your Power

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
show.revopush.com	11949	2019-06-25	2019-09-09 17:44:08	2024-02-24 08:17:31	537 B	11 kB	95.216.66.235
nxt-psh.com	unknown	2022-11-02	2022-11-02 08:21:02	2024-02-24 08:59:56	429 B	1.1 kB	104.21.20.211
waityourchoise.com	unknown	2024-02-10	2024-02-10 11:10:07	2024-02-23 20:10:49	4.3 kB	655 kB	185.174.173.22
kyats.nxt-psh.com	unknown	2022-11-02	2024-01-26 22:20:35	2024-02-21 22:44:53	429 B	32 kB	104.21.20.211
kyats.ujscdn.com	unknown	2023-04-26	2024-02-11 20:20:01	2024-02-21 22:44:53	434 B	23 kB	172.67.189.44
fonts.cdnfonts.com	26261	2018-10-03	2020-06-10 11:02:17	2024-02-24 08:05:23	1.5 kB	318 kB	104.21.72.124
news-roluli.cc	unknown	2024-02-19	2024-02-19 10:50:25	2024-02-20 00:06:36	448 B	28 kB	23.158.56.123
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2024-02-24 08:46:08	874 B	49 kB	142.250.74.99
zerossl.ocsp.sectigo.com	4049	2018-08-16	2020-05-09 21:05:29	2024-02-24 05:10:06	336 B	808 B	172.64.149.23
news-zacine.com	unknown	2023-10-03	2023-10-04 09:12:11	2024-02-23 15:02:50	485 B	9.3 kB	149.7.16.92
img.cdn.house	7653	2019-08-13	2020-01-05 04:30:57	2024-02-24 08:20:34	616 B	4.4 kB	178.63.48.167

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-02-24	medium	news-roluli.cc	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js	ScriptElement	29 kB	2023-09-16	2025-05-09
Pretty URL www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js IP 142.250.74.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-16 15:58 Last Seen2025-05-09 17:39 Times Seen7590 Hash 9900403b65514fad7df39a4e788a6e45 75f9ba061ef4e72bb23528c700f2a11c56d637e9 a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5 Loading...

	www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js	ScriptElement	38 kB	2023-05-26	2025-06-01
Pretty URL www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js IP 142.250.74.99 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-26 20:56 Last Seen2025-06-01 18:23 Times Seen9034 Hash 0541b823dfaf39162ef84cf075c9951b e0934726455558cc1a59823efada9651e33aafaa 21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522 Loading...

	waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586	ScriptElement	0 B	0001-01-01	2025-06-02
Pretty URL waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586 IP 185.174.173.22 ASN #21100 ITL LLC Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-02 13:50 Times Seen4827913 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	kyats.nxt-psh.com/ps/ps.js?id=z1QmBetohEGGEmi3TOGAQw	ScriptElement	34 kB	2024-08-20	2024-08-20
Pretty URL kyats.nxt-psh.com/ps/ps.js?id=z1QmBetohEGGEmi3TOGAQw IP 104.21.20.211 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 09:00 Last Seen2024-08-20 09:00 Times Seen1 Hash 8ff0999a60945c51de5c275cc2d4e763 81cc72ee80e668a80b52883a4596abb5d71c6556 0cebb2529851a3439c821bbdf635ce43fdac8c73cf9710dbebe630c1c6b218bd Loading...

	kyats.ujscdn.com/ipp.js?id=nWZbxN70CU2rXZGtToSsjw&sub_id=	ScriptElement	14 kB	2024-08-20	2024-08-20
Pretty URL kyats.ujscdn.com/ipp.js?id=nWZbxN70CU2rXZGtToSsjw&sub_id= IP 172.67.189.44 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 09:00 Last Seen2024-08-20 09:00 Times Seen1 Hash df6ae145a39c79f34b8ac668cc0be88b 9ae07b0e21a9f6c12611e5a9698e47825271c0f5 c97c2573dd692104d097d1ab35103665beb6447431f4b3f6ed1e117864f49c62 Loading...

	news-zacine.com/code/https-v2.js?uid=178031&site=1221186472&banadu=0&sub1=sub1&sub2=sub2&sub3=sub3&sub4=sub4	ScriptElement	9.0 kB	2024-02-20	2024-08-20
Pretty URL news-zacine.com/code/https-v2.js?uid=178031&site=1221186472&banadu=0&sub1=sub1&sub2=sub2&sub3=sub3&sub4=sub4 IP 149.7.16.92 ASN #63023 AS-GLOBALTELEHOST Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-20 23:15 Last Seen2024-08-20 09:17 Times Seen15 Hash b36f452d8a1930d50a599b30096870f6 953be6bcc833f0ac6b715d2911220345b4709928 04c659f68279c0cd072df97b69b806e46e31e9cd0e757e6e9c80cb108eee9d10 Loading...

	nxt-psh.com/ps/config.js?id=z1QmBetohEGGEmi3TOGAQw	ScriptElement	340 B	2024-02-21	2024-08-20
Pretty URL nxt-psh.com/ps/config.js?id=z1QmBetohEGGEmi3TOGAQw IP 104.21.20.211 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-21 20:25 Last Seen2024-08-20 09:13 Times Seen518 Hash ed9e3e7fcb651937515bbbb4cee25fc7 94c0d29bd29e9ca12b8cd4095adad543f162f51c fbd44a847c9cbfb1d254b2f62b11c9a7a9da3a0d7fd41ec69433c15130fe5f15 Loading...

	news-roluli.cc/process.js?id=1221186472&p1=sub1&p2=sub2&p3=sub3&p4=sub4	ScriptElement	27 kB	2024-08-20	2024-08-20
Pretty URL news-roluli.cc/process.js?id=1221186472&p1=sub1&p2=sub2&p3=sub3&p4=sub4 IP 23.158.56.123 ASN #63023 AS-GLOBALTELEHOST Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-20 09:00 Last Seen2024-08-20 09:00 Times Seen1 Hash 6e12e58c6b273214b1533df20655d849 7599b017171e7a365b4e12babf028cab5e27b8aa 894b875cb6c1f6162ba7682fc91576a9d00194a0b3840e2b1b5fb3fd47caec71 Loading...

HTTP Transactions (21)

URL IP Response Size

waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586

185.174.173.22

200 OK

1.1 kB

URL User Request GET HTTP/2
waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
IP
185.174.173.22:443
ASN
#21100 ITL LLC

Certificate
IssuerLet's Encrypt
Subjectwaityourchoise.com
Fingerprint34:B6:DB:1F:F4:31:63:F3:59:08:B2:08:7C:A1:EF:A0:60:5D:D7:BF
ValiditySat, 10 Feb 2024 09:09:48 GMT - Fri, 10 May 2024 09:09:47 GMT

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
1.1 kB (1089 bytes)
Hash
894469298698cf874e8cff7c32941eaa
29dec341b80be6d68c371894d2cab0184ff12cf0
676186a53008a8117a7972db6490a1a016288ffd022615566ece21cb452789fe

HTTP Headers

GET /?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586 HTTP/1.1
Host: waityourchoise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html
last-modified: Sat, 24 Feb 2024 10:35:06 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1089
date: Sat, 24 Feb 2024 13:35:33 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

waityourchoise.com/style.css

185.174.173.22

200 OK

1.2 kB

URL GET HTTP/3
waityourchoise.com/style.css
IP
185.174.173.22:443
ASN
#21100 ITL LLC

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerLet's Encrypt
Subjectwaityourchoise.com
Fingerprint34:B6:DB:1F:F4:31:63:F3:59:08:B2:08:7C:A1:EF:A0:60:5D:D7:BF
ValiditySat, 10 Feb 2024 09:09:48 GMT - Fri, 10 May 2024 09:09:47 GMT

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
1.2 kB (1205 bytes)
Hash
8536532e80c73dddfc8d42756d1a4d4e
a5b71facf4b40af03e8431a8901980066234e3c6
7c9b78b52b6537c12c7870ffab7fc51f016e53b49391d785c749b3f227c93089

HTTP Headers

GET /style.css HTTP/1.1
Host: waityourchoise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Mar 2024 13:35:34 GMT
content-type: text/css
last-modified: Sat, 24 Feb 2024 06:02:34 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 1205
date: Sat, 24 Feb 2024 13:35:34 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

waityourchoise.com/fonts/Gagalin-Regular.otf

185.174.173.22

404 Not Found

1.2 kB

URL GET HTTP/3
waityourchoise.com/fonts/Gagalin-Regular.otf
IP
185.174.173.22:443
ASN
#21100 ITL LLC

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerLet's Encrypt
Subjectwaityourchoise.com
Fingerprint34:B6:DB:1F:F4:31:63:F3:59:08:B2:08:7C:A1:EF:A0:60:5D:D7:BF
ValiditySat, 10 Feb 2024 09:09:48 GMT - Fri, 10 May 2024 09:09:47 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

HTTP Headers

GET /fonts/Gagalin-Regular.otf HTTP/1.1
Host: waityourchoise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Sat, 24 Feb 2024 13:35:34 GMT
server: LiteSpeed

waityourchoise.com/i/111.png

185.174.173.22

200 OK

195 kB

URL GET HTTP/3
waityourchoise.com/i/111.png
IP
185.174.173.22:443
ASN
#21100 ITL LLC

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerLet's Encrypt
Subjectwaityourchoise.com
Fingerprint34:B6:DB:1F:F4:31:63:F3:59:08:B2:08:7C:A1:EF:A0:60:5D:D7:BF
ValiditySat, 10 Feb 2024 09:09:48 GMT - Fri, 10 May 2024 09:09:47 GMT

File type
PNG image data, 465 x 360, 8-bit/color RGBA, non-interlaced
Size
195 kB (194843 bytes)
Hash
bf55262dd529b34159b0ee0547831124
0ec8b63126dfa5ba897530f5461efa7f88e9d97b
ad92f61f5f7fcedd4e551bf5246e496fe04a7d9e89cc4bb7d59a6ba76b31f929

HTTP Headers

GET /i/111.png HTTP/1.1
Host: waityourchoise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Mar 2024 13:35:34 GMT
content-type: image/png
last-modified: Thu, 22 Feb 2024 08:56:14 GMT
accept-ranges: bytes
content-length: 194843
date: Sat, 24 Feb 2024 13:35:34 GMT
server: LiteSpeed

zerossl.ocsp.sectigo.com/

172.64.149.23

316 B

URL
zerossl.ocsp.sectigo.com/
IP
172.64.149.23:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
316 B (316 bytes)
Hash
a3a2c81f44e916164c9c113568d36e1e
eacbe359a3787cced29b3f33e0630cd76c9df577
8e0ad7bf6893300d225f9edfef665022130ccc6939becc48dac2ee295a5d1695

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 24 Feb 2024 13:35:34 GMT
Content-Type: application/ocsp-response
Content-Length: 316
Connection: keep-alive
Last-Modified: Fri, 23 Feb 2024 18:00:53 GMT
Expires: Fri, 01 Mar 2024 18:00:52 GMT
Etag: "eacbe359a3787cced29b3f33e0630cd76c9df577"
Cache-Control: max-age=534959,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 85a817af7e877128-OSL

news-zacine.com/code/https-v2.js?uid=178031&site=1221186472&banadu=0&sub1=sub1&sub2=sub2&sub3=sub3&sub4=sub4

149.7.16.92

200 OK

9.0 kB

URL GET HTTP/2
news-zacine.com/code/https-v2.js?uid=178031&site=1221186472&banadu=0&sub1=sub1&sub2=sub2&sub3=sub3&sub4=sub4
IP
149.7.16.92:443
ASN
#63023 AS-GLOBALTELEHOST

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerZeroSSL
Subjectnews-zacine.com
Fingerprint01:5F:96:40:20:60:10:F6:70:D1:D5:0F:83:8E:31:23:04:65:0F:43
ValidityFri, 02 Feb 2024 00:00:00 GMT - Thu, 02 May 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8975), with no line terminators
Size
9.0 kB (8975 bytes)
Hash
b36f452d8a1930d50a599b30096870f6
953be6bcc833f0ac6b715d2911220345b4709928
04c659f68279c0cd072df97b69b806e46e31e9cd0e757e6e9c80cb108eee9d10

HTTP Headers

GET /code/https-v2.js?uid=178031&site=1221186472&banadu=0&sub1=sub1&sub2=sub2&sub3=sub3&sub4=sub4 HTTP/1.1
Host: news-zacine.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 24 Feb 2024 13:35:34 GMT
content-type: application/javascript
content-length: 8975
last-modified: Mon, 19 Feb 2024 08:40:23 GMT
etag: "65d313f7-230f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

kyats.nxt-psh.com/ps/ps.js?id=z1QmBetohEGGEmi3TOGAQw

104.21.20.211

200 OK

31 kB

URL GET HTTP/2
kyats.nxt-psh.com/ps/ps.js?id=z1QmBetohEGGEmi3TOGAQw
IP
104.21.20.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerGoogle Trust Services LLC
Subjectnxt-psh.com
Fingerprint73:AA:06:FB:41:D5:EA:D4:0F:93:34:D0:3F:1C:D1:55:46:AF:6B:B1
ValiditySat, 17 Feb 2024 12:54:17 GMT - Fri, 17 May 2024 12:54:16 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (30932), with no line terminators
Size
31 kB (31201 bytes)
Hash
8ff0999a60945c51de5c275cc2d4e763
81cc72ee80e668a80b52883a4596abb5d71c6556
0cebb2529851a3439c821bbdf635ce43fdac8c73cf9710dbebe630c1c6b218bd

HTTP Headers

GET /ps/ps.js?id=z1QmBetohEGGEmi3TOGAQw HTTP/1.1
Host: kyats.nxt-psh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 24 Feb 2024 13:35:34 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
set-cookie: __psu=43756d5b-6449-48d0-afff-ef7e70a3d6a7; expires=Tue, 24 Feb 2026 13:35:34 GMT; path=/; secure; samesite=none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QVw%2F1MQGoE5JpavG8FwJQwaN6x3VUM9Q21%2FEn8SKnm9KpTBuuiwUBdcBTAePidaX5qgSEuMDkFVw8Dth3NFVEyqOA9WAHrYjc4dhTIGEz%2FFHqU55R8uockDZpHcUADsAwpVUVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85a817af2c7956ba-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

kyats.ujscdn.com/ipp.js?id=nWZbxN70CU2rXZGtToSsjw&sub_id=

172.67.189.44

200 OK

22 kB

URL GET HTTP/2
kyats.ujscdn.com/ipp.js?id=nWZbxN70CU2rXZGtToSsjw&sub_id=
IP
172.67.189.44:443
ASN
#13335 CLOUDFLARENET

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerGoogle Trust Services LLC
Subjectujscdn.com
Fingerprint1B:2E:B7:2E:6F:66:68:6F:A3:F1:96:7B:60:4C:BB:E5:24:FD:11:54
ValidityThu, 15 Feb 2024 19:43:19 GMT - Wed, 15 May 2024 19:43:18 GMT

File type
JavaScript source, ASCII text, with very long lines (14204), with no line terminators
Size
22 kB (21969 bytes)
Hash
df6ae145a39c79f34b8ac668cc0be88b
9ae07b0e21a9f6c12611e5a9698e47825271c0f5
c97c2573dd692104d097d1ab35103665beb6447431f4b3f6ed1e117864f49c62

HTTP Headers

GET /ipp.js?id=nWZbxN70CU2rXZGtToSsjw&sub_id= HTTP/1.1
Host: kyats.ujscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 24 Feb 2024 13:35:34 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
set-cookie: __inppu=6b253ab5-b634-4dc6-b407-35917e9c8aea; expires=Tue, 24 Feb 2026 13:35:34 GMT; path=/; secure; samesite=none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bqvzuFjchWxfU6%2BZ%2FEr5H%2BHHKHGN3lHBnZmQjQWX8IQEUlBl6WdN2AgK3ydFoCEeqCDWzrSpfriycoRg0qFK%2BnB3VLk36BCzr1UvwNM7Qz3lHnKJ7QmxnCLbd7Ci0FWv1Qwr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85a817af2d1cb4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

waityourchoise.com/i/21.png

185.174.173.22

200 OK

416 kB

URL GET HTTP/3
waityourchoise.com/i/21.png
IP
185.174.173.22:443
ASN
#21100 ITL LLC

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerLet's Encrypt
Subjectwaityourchoise.com
Fingerprint34:B6:DB:1F:F4:31:63:F3:59:08:B2:08:7C:A1:EF:A0:60:5D:D7:BF
ValiditySat, 10 Feb 2024 09:09:48 GMT - Fri, 10 May 2024 09:09:47 GMT

File type
PNG image data, 379 x 640, 8-bit/color RGBA, non-interlaced
Size
416 kB (416071 bytes)
Hash
e23eca9926785977922be094a379efe1
e63674d0555440b274fe796cf45e2141ff547ccc
6b1e451a90e3bb1f8fda84b2de89e8a5f2c6a05dfbd58c8f1dcb064a0f2a2c23

HTTP Headers

GET /i/21.png HTTP/1.1
Host: waityourchoise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/style.css
Cookie: __inppu=6b253ab5-b634-4dc6-b407-35917e9c8aea
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Mar 2024 13:35:34 GMT
content-type: image/png
last-modified: Thu, 22 Feb 2024 08:56:12 GMT
accept-ranges: bytes
content-length: 416071
date: Sat, 24 Feb 2024 13:35:34 GMT
server: LiteSpeed

fonts.cdnfonts.com/s/57473/Gagalin-Regular.woff

104.21.72.124

200 OK

150 kB

URL GET HTTP/3
fonts.cdnfonts.com/s/57473/Gagalin-Regular.woff
IP
104.21.72.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerGoogle Trust Services LLC
Subjectcdnfonts.com
FingerprintFE:40:0A:06:B4:29:BE:E7:90:7C:D0:0D:E8:2A:CC:CD:5D:AC:67:8C
ValiditySun, 28 Jan 2024 09:42:46 GMT - Sat, 27 Apr 2024 09:42:45 GMT

File type
Web Open Font Format, CFF, length 150336, version 0.0
Size
150 kB (150336 bytes)
Hash
61c5103f827cf9ce1918f7015423eeba
28890203c63b936d2949f4f5fba5344b108bedf5
00c7237e0882fc718ad5a78988bd246f7adf4f63b0b3d509c41f408d28209e69

HTTP Headers

GET /s/57473/Gagalin-Regular.woff HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://waityourchoise.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.cdnfonts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 24 Feb 2024 13:35:34 GMT
content-type: font/woff
content-length: 150336
last-modified: Sat, 05 Feb 2022 02:00:53 GMT
etag: "24b40-5d73bbcc7eb93"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 177502
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8mkKI3oSg2X%2BZt076BXn4940pZCIJeyhQ9jl5vRwJLiHmR9EskjGCk8BTEX5RkpFJguzBtlUacsYQHLivH%2FJ9D8gfbROL3EXi%2BqWahtkdOJW8OsIVOCOH62iSRgk%2BnG%2BrpriR5o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 85a817b1083c56a5-OSL
alt-svc: h3=":443"; ma=86400

waityourchoise.com/i/b1.png

185.174.173.22

200 OK

2.5 kB

URL GET HTTP/3
waityourchoise.com/i/b1.png
IP
185.174.173.22:443
ASN
#21100 ITL LLC

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerLet's Encrypt
Subjectwaityourchoise.com
Fingerprint34:B6:DB:1F:F4:31:63:F3:59:08:B2:08:7C:A1:EF:A0:60:5D:D7:BF
ValiditySat, 10 Feb 2024 09:09:48 GMT - Fri, 10 May 2024 09:09:47 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Size
2.5 kB (2451 bytes)
Hash
a710f0f8413d399a6c44713f0e84c0d8
310f1c5136dfc8c018d08abe32ad13dcd56aa105
a5fbdc6f2597eb18899548c1bdbbb41abc6c6db7d8a639c82c88926660116e91

HTTP Headers

GET /i/b1.png HTTP/1.1
Host: waityourchoise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Cookie: __inppu=6b253ab5-b634-4dc6-b407-35917e9c8aea
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Mar 2024 13:35:34 GMT
content-type: image/png
last-modified: Thu, 22 Feb 2024 08:56:16 GMT
accept-ranges: bytes
content-length: 2451
date: Sat, 24 Feb 2024 13:35:34 GMT
server: LiteSpeed

news-roluli.cc/process.js?id=1221186472&p1=sub1&p2=sub2&p3=sub3&p4=sub4

23.158.56.123

200 OK

27 kB

URL GET HTTP/2
news-roluli.cc/process.js?id=1221186472&p1=sub1&p2=sub2&p3=sub3&p4=sub4
IP
23.158.56.123:443
ASN
#63023 AS-GLOBALTELEHOST

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerLet's Encrypt
Subject*.news-roluli.cc
Fingerprint7F:08:4F:5A:11:A0:D8:05:B2:E7:47:C6:84:04:9D:7C:F4:B9:DB:E5
ValidityMon, 19 Feb 2024 08:49:20 GMT - Sun, 19 May 2024 08:49:19 GMT

File type
data
Size
27 kB (27403 bytes)
Hash
992b44e1aaa85b42e31f41cc983f9b42
9d3cd359b0448eaafdbd4edc0b84440f359ae47d
16e9ea9c680357f14f560c441bb1d1790dbda46ef95064908eabbd3dcf771659

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /process.js?id=1221186472&p1=sub1&p2=sub2&p3=sub3&p4=sub4 HTTP/1.1
Host: news-roluli.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 24 Feb 2024 13:35:34 GMT
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
vary: Origin
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.99

200 OK

9.3 kB

URL GET HTTP/2
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55
ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

File type
JavaScript source, ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Feb 2024 01:19:02 GMT
expires: Sat, 22 Feb 2025 01:19:02 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 130592
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

show.revopush.com/api/v1/inpage/show/?uid=178031&subacc=1221186472&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=mainstream

95.216.66.235

200 OK

10 kB

URL GET HTTP/2
show.revopush.com/api/v1/inpage/show/?uid=178031&subacc=1221186472&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=mainstream
IP
95.216.66.235:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerLet's Encrypt
Subjectshow.revopush.com
Fingerprint0B:41:84:DF:B3:D0:F2:B2:73:8B:D7:F7:7F:FE:B5:AF:56:76:5D:21
ValidityMon, 25 Dec 2023 08:05:49 GMT - Sun, 24 Mar 2024 08:05:48 GMT

File type
JSON text data
Size
10 kB (10547 bytes)
Hash
4cf524a0a0e4e65103b4098ce26480d4
498a3257cf58669d20bfa94900ebe19732cbb32c
51bb6c294cd107498375b87dfff3e8c37b80960a704dd4ebdf8a6f9b5e94e373

HTTP Headers

GET /api/v1/inpage/show/?uid=178031&subacc=1221186472&sub1=&sub2=&sub3=&sub4=&adult=true&limit=1&traffic=mainstream HTTP/1.1
Host: show.revopush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://waityourchoise.com/
Origin: https://waityourchoise.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 24 Feb 2024 13:35:34 GMT
content-type: application/json
accept-ch: Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Wow64
access-control-allow-origin: https://waityourchoise.com
vary: Origin
content-encoding: br
X-Firefox-Spdy: h2

fonts.cdnfonts.com/css/gagalin

104.21.72.124

200 OK

15 kB

URL GET HTTP/2
fonts.cdnfonts.com/css/gagalin
IP
104.21.72.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerGoogle Trust Services LLC
Subjectcdnfonts.com
FingerprintFE:40:0A:06:B4:29:BE:E7:90:7C:D0:0D:E8:2A:CC:CD:5D:AC:67:8C
ValiditySun, 28 Jan 2024 09:42:46 GMT - Sat, 27 Apr 2024 09:42:45 GMT

File type
ASCII text, with no line terminators
Size
15 kB (15281 bytes)
Hash
6c656453a6ef44655c56bedf7b01de68
b9bcbab7216c2f99fbf77dd1ba6dbf846d410bb7
3cc39cde7d1c47c08c42a518533e19b354be14fd38b69d05a71fe1fafc2b0da2

HTTP Headers

GET /css/gagalin HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 24 Feb 2024 13:35:34 GMT
content-type: text/css;charset=UTF-8
cf-bgj: minify
cf-polished: origSize=197
vary: Accept-Encoding
cache-control: max-age=2678400
cf-cache-status: HIT
age: 8138377
last-modified: Wed, 22 Nov 2023 08:55:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=37xemRoQAA8o21dBQkDW0pt194Ahx4a0r4Q7MtU6iwfIuiPpe1QoYI1JtEVQgkEVYDgO9%2BKmLEgq5sJkZAzZHnKWRJbB4Cp2itJw6ydw%2BUmYfFYimWJOR8GBFOnXPR4Jz%2BUwLzs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
access-control-allow-origin: *
server: cloudflare
cf-ray: 85a817af4a3456a4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.cdnfonts.com/s/57473/Gagalin-Regular.woff

104.21.72.124

200 OK

150 kB

URL GET HTTP/3
fonts.cdnfonts.com/s/57473/Gagalin-Regular.woff
IP
104.21.72.124:443
ASN
#13335 CLOUDFLARENET

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerGoogle Trust Services LLC
Subjectcdnfonts.com
FingerprintFE:40:0A:06:B4:29:BE:E7:90:7C:D0:0D:E8:2A:CC:CD:5D:AC:67:8C
ValiditySun, 28 Jan 2024 09:42:46 GMT - Sat, 27 Apr 2024 09:42:45 GMT

File type
Web Open Font Format, CFF, length 150336, version 0.0
Size
150 kB (150336 bytes)
Hash
61c5103f827cf9ce1918f7015423eeba
28890203c63b936d2949f4f5fba5344b108bedf5
00c7237e0882fc718ad5a78988bd246f7adf4f63b0b3d509c41f408d28209e69

HTTP Headers

GET /s/57473/Gagalin-Regular.woff HTTP/1.1
Host: fonts.cdnfonts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://waityourchoise.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.cdnfonts.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 24 Feb 2024 13:35:39 GMT
content-type: font/woff
content-length: 150336
last-modified: Sat, 05 Feb 2022 02:00:53 GMT
etag: "24b40-5d73bbcc7eb93"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 177507
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BDt1xoz%2BFsiKi9AwXFSQgpXjDFah367AHjoY0nmZ9Kj9JgQPLILd4fe2pNk58Zf8cJ1No4szRapkjD0Stnow2zCw%2BaU3SwWZ7SiCbbTmx%2FhnWp6plFMGxcH45h4aS1sfnbMDFMM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
access-control-allow-origin: *
server: cloudflare
cf-ray: 85a817cdc87f56a5-OSL
alt-svc: h3=":443"; ma=86400

img.cdn.house/i/1/uGk6ijr4RfFUU2j8pTRc1t1QERZZNu3_Him9dvH9T_lqSwFFgXXj4cjI32Ttx7BtaOwVPgpsIAMNqZM-SrtnHTOY6rhX873_jmXNniFXapfUoPJAxSPurx9-tpKsAFBt4phbpjeME9Fmrr-q2pyD7zL5E7bqaUm1jh_IbrU_NONzYRJtsPdmALSPEQgenfQKfl7uTdIB

178.63.48.167

200 OK

4.2 kB

URL GET HTTP/2
img.cdn.house/i/1/uGk6ijr4RfFUU2j8pTRc1t1QERZZNu3_Him9dvH9T_lqSwFFgXXj4cjI32Ttx7BtaOwVPgpsIAMNqZM-SrtnHTOY6rhX873_jmXNniFXapfUoPJAxSPurx9-tpKsAFBt4phbpjeME9Fmrr-q2pyD7zL5E7bqaUm1jh_IbrU_NONzYRJtsPdmALSPEQgenfQKfl7uTdIB
IP
178.63.48.167:443
ASN
#24940 Hetzner Online GmbH

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerLet's Encrypt
Subjectimg.cdn.house
Fingerprint3F:69:A6:81:02:24:61:CD:92:AF:94:82:B4:AB:47:74:86:E8:6B:19
ValidityMon, 25 Dec 2023 10:55:44 GMT - Sun, 24 Mar 2024 10:55:43 GMT

File type
RIFF (little-endian) data, Web/P image
Size
4.2 kB (4150 bytes)
Hash
aca41d0e01f328901226b55091dd1ea2
96281ed9dd8828aa46a5c1397c27a1adc6987752
abf6dc2986be814856fb8b45320b3be13c365cec2df6ccb2a74b3a234657c86c

HTTP Headers

GET /i/1/uGk6ijr4RfFUU2j8pTRc1t1QERZZNu3_Him9dvH9T_lqSwFFgXXj4cjI32Ttx7BtaOwVPgpsIAMNqZM-SrtnHTOY6rhX873_jmXNniFXapfUoPJAxSPurx9-tpKsAFBt4phbpjeME9Fmrr-q2pyD7zL5E7bqaUm1jh_IbrU_NONzYRJtsPdmALSPEQgenfQKfl7uTdIB HTTP/1.1
Host: img.cdn.house
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 24 Feb 2024 13:35:39 GMT
content-type: image/webp
content-length: 4150
last-modified: Sun, 21 Jan 2024 10:30:08 GMT
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
accept-ranges: bytes
X-Firefox-Spdy: h2

waityourchoise.com/i/red.png

185.174.173.22

200 OK

17 kB

URL GET HTTP/3
waityourchoise.com/i/red.png
IP
185.174.173.22:443
ASN
#21100 ITL LLC

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerLet's Encrypt
Subjectwaityourchoise.com
Fingerprint34:B6:DB:1F:F4:31:63:F3:59:08:B2:08:7C:A1:EF:A0:60:5D:D7:BF
ValiditySat, 10 Feb 2024 09:09:48 GMT - Fri, 10 May 2024 09:09:47 GMT

File type
PNG image data, 125 x 120, 8-bit/color RGBA, non-interlaced
Size
17 kB (17060 bytes)
Hash
6dfd85ca59e1b520f1cc71ef96a1ebc1
be9dd7f5a74b3d501529da9384ec0548353adde9
0210ac277a78b3ccd382b1f1d7eaba63aeeda4c782ce69e08f23a25bb15f01e8

HTTP Headers

GET /i/red.png HTTP/1.1
Host: waityourchoise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/style.css
Cookie: __inppu=6b253ab5-b634-4dc6-b407-35917e9c8aea
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Mar 2024 13:35:34 GMT
content-type: image/png
last-modified: Thu, 22 Feb 2024 08:56:20 GMT
accept-ranges: bytes
content-length: 17060
date: Sat, 24 Feb 2024 13:35:34 GMT
server: LiteSpeed

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.99

200 OK

38 kB

URL GET HTTP/3
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.99:443
ASN
#15169 GOOGLE

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint7E:D8:A3:26:76:2A:70:11:A5:C6:42:20:61:35:14:1C:03:F2:35:55
ValidityMon, 05 Feb 2024 08:19:14 GMT - Mon, 29 Apr 2024 08:19:13 GMT

File type
JavaScript source, ASCII text, with very long lines (38231)
Size
38 kB (38286 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 23 Feb 2024 01:10:57 GMT
expires: Sat, 22 Feb 2025 01:10:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 131078
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

nxt-psh.com/ps/config.js?id=z1QmBetohEGGEmi3TOGAQw

104.21.20.211

200 OK

340 B

URL GET HTTP/3
nxt-psh.com/ps/config.js?id=z1QmBetohEGGEmi3TOGAQw
IP
104.21.20.211:443
ASN
#13335 CLOUDFLARENET

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerGoogle Trust Services LLC
Subjectnxt-psh.com
Fingerprint73:AA:06:FB:41:D5:EA:D4:0F:93:34:D0:3F:1C:D1:55:46:AF:6B:B1
ValiditySat, 17 Feb 2024 12:54:17 GMT - Fri, 17 May 2024 12:54:16 GMT

File type
ASCII text, with very long lines (356), with no line terminators
Size
340 B (340 bytes)
Hash
5f78bc74f0c764798bb6fe7c9f401007
6ca29de36af224124669312e5292d933dfd87a6d
0248c40ba60e3ebd964eb09578ddee3d3432bdc956cbfa2799672b5df76c9569

HTTP Headers

GET /ps/config.js?id=z1QmBetohEGGEmi3TOGAQw HTTP/1.1
Host: nxt-psh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 24 Feb 2024 13:35:34 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
set-cookie: __psu=aff14c66-29b7-4e42-aada-d47dfa2aa1a5; expires=Tue, 24 Feb 2026 13:35:34 GMT; path=/; secure; samesite=none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pkYz%2FiSTR%2BM2ekwuJDWkSyHE0gnpLqZFSgjEVnNj1GILX9TLIWzAFo2SPiwqXOWMSUgTSG9GWTrCB3lr1cSBkzWueliacmHVTUfdxsw39%2F%2F5oGSQ0UzJ3gEn6IUFkA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85a817b04f547128-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

waityourchoise.com/i/green.png

185.174.173.22

200 OK

18 kB

URL GET HTTP/3
waityourchoise.com/i/green.png
IP
185.174.173.22:443
ASN
#21100 ITL LLC

Requested by
https://waityourchoise.com/?aref=https://kpkqyr.abadit5rckb.com/site/redirectpage?sid=286738&hv=zeiwu65d9f08f000513ef&hid=768586
Certificate
IssuerLet's Encrypt
Subjectwaityourchoise.com
Fingerprint34:B6:DB:1F:F4:31:63:F3:59:08:B2:08:7C:A1:EF:A0:60:5D:D7:BF
ValiditySat, 10 Feb 2024 09:09:48 GMT - Fri, 10 May 2024 09:09:47 GMT

File type
PNG image data, 125 x 120, 8-bit/color RGBA, non-interlaced
Size
18 kB (18362 bytes)
Hash
c840347aa99c88f89eca79f55f119d5b
997e7ab68f7d201e40bb6ce566b1341378141fac
9b252245948961178c276094d1e1d324f800691f438d26a7a8bf21cc3e47555e

HTTP Headers

GET /i/green.png HTTP/1.1
Host: waityourchoise.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://waityourchoise.com/style.css
Cookie: __inppu=6b253ab5-b634-4dc6-b407-35917e9c8aea
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
cache-control: public, max-age=604800
expires: Sat, 02 Mar 2024 13:35:34 GMT
content-type: image/png
last-modified: Thu, 22 Feb 2024 08:56:18 GMT
accept-ranges: bytes
content-length: 18362
date: Sat, 24 Feb 2024 13:35:34 GMT
server: LiteSpeed

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/3

IP