| |  192.185.102.194 | 200 OK | 506 B |
URL User Request GET HTTP/2IP192.185.102.194:443 ASN#19871 NETWORK-SOLUTIONS-HOSTING
CertificateIssuerLet's Encrypt Subject*.fcl.sa Fingerprint54:39:3E:77:4B:F3:A3:F9:FE:03:83:5D:A5:8C:62:5F:5E:3E:49:22 ValidityMon, 01 Apr 2024 22:14:45 GMT - Sun, 30 Jun 2024 22:14:44 GMT
File typeHTML document, ASCII text, with very long lines (1167), with no line terminators Hash12d6601b2fde1889763d26e5fe301e46 a3ba27ad75268cee2fd7244f977a01d6d20cf868 30a89e8151ba5d9aff6217a16d2f07571c62adc7dd5b39d3b0c602cf3d37b52b
GET / HTTP/1.1
Host: fcl.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 506
content-type: text/html; charset=UTF-8
date: Wed, 08 May 2024 16:30:47 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| fcl.sa/favicon.ico | 192.185.102.194 | 200 OK | 506 B |
IP192.185.102.194:443 ASN#19871 NETWORK-SOLUTIONS-HOSTING
CertificateIssuerLet's Encrypt Subject*.fcl.sa Fingerprint54:39:3E:77:4B:F3:A3:F9:FE:03:83:5D:A5:8C:62:5F:5E:3E:49:22 ValidityMon, 01 Apr 2024 22:14:45 GMT - Sun, 30 Jun 2024 22:14:44 GMT
File typeHTML document, ASCII text, with very long lines (1167), with no line terminators Hash12d6601b2fde1889763d26e5fe301e46 a3ba27ad75268cee2fd7244f977a01d6d20cf868 30a89e8151ba5d9aff6217a16d2f07571c62adc7dd5b39d3b0c602cf3d37b52b
GET /favicon.ico HTTP/1.1
Host: fcl.sa
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fcl.sa/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 506
content-type: text/html; charset=UTF-8
date: Wed, 08 May 2024 16:30:48 GMT
server: Apache
X-Firefox-Spdy: h2
|
|
| done.restartyourchoices.com/stepone | 172.67.185.53 | 200 OK | 0 B |
URL GET HTTP/3done.restartyourchoices.com/stepone IP172.67.185.53:443
CertificateIssuerLet's Encrypt Subjectrestartyourchoices.com Fingerprint1E:64:C0:EA:CA:57:4F:66:CB:2A:33:CF:E5:2D:8D:F5:B1:21:CE:D6 ValidityThu, 02 May 2024 15:04:04 GMT - Wed, 31 Jul 2024 15:04:03 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stepone HTTP/1.1
Host: done.restartyourchoices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fcl.sa/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 16:30:48 GMT
content-type: application/javascript
content-length: 0
cache-control: no-cache, no-store, must-revalidate
expires: Wed, 08 May 2024 16:30:48 GMT
set-cookie: _subid=376l60jimu1q0; expires=Sat, 08 Jun 2024 16:30:48 GMT; path=/
a4fba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjUxXCI6MTcxNTE4NTg0OH0sXCJjYW1wYWlnbnNcIjp7XCIxNVwiOjE3MTUxODU4NDh9LFwidGltZVwiOjE3MTUxODU4NDh9In0.xbNt9PGIzIJfuyz9mTLNvCtV8TW_31msIHeWFoiQ93E; expires=Wed, 14 Sep 2078 17:01:36 GMT; path=/
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5nQvHuLNJX3%2FAkqirpUb046V6aQaRgybJCuFCVWg7nk3m%2FHcc7RtnImlZqlJsDa2FjjqUAhol1MGwDNpCNj7WRH5g3JfMGDxw%2FnXICZiVUh3rm8jsMSiGglOqFA5jD%2F%2FP7QnkmqoUVVE%2BOvtqOo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ad623996956bf-OSL
alt-svc: h3=":443"; ma=86400
|
|
| chest.cdntoswitchspirit.com/scripts/connections.js |  104.21.93.126 | 200 OK | 10 kB |
URL GET HTTP/2chest.cdntoswitchspirit.com/scripts/connections.js IP104.21.93.126:443
CertificateIssuerLet's Encrypt Subjectcdntoswitchspirit.com FingerprintDF:DB:EE:70:5A:39:BB:E7:A9:C6:4B:5C:24:04:56:6B:D0:D3:C0:AD ValidityMon, 29 Apr 2024 10:49:03 GMT - Sun, 28 Jul 2024 10:49:02 GMT
File typeJavaScript source, ASCII text, with very long lines (10458), with no line terminators Hash2f55ce25abc861b92352d8d02a680307 57941c0f50200a0a6b8b9fdc8c72cd19db9a1392 833458a6c0f1e53614fa5cde6e3dacd63186bf18d12f8665828c1c031543df46
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /scripts/connections.js HTTP/1.1
Host: chest.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fcl.sa/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:30:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 08 May 2024 09:16:52 GMT
vary: Accept-Encoding
etag: W/"663b4304-28da"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
cf-cache-status: HIT
age: 25448
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9YARfkdAthW9d4fodqWa129CSX09l2t7%2B%2FpRtbgIu9D0Spy4ZYw5CJlZsMIcTcAADDaNjAPPjBHoeedrdNpHEIiX6Sif7q4CUH813%2BdmQnNJkpR68el9At8e6ylVDr%2BrgOLAf2jV61O0Zpq8LU0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ad6213b8e5689-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| js.cdntoswitchspirit.com/source/split.js | 104.21.93.126 | 200 OK | 36 kB |
URL GET HTTP/3js.cdntoswitchspirit.com/source/split.js IP104.21.93.126:443
CertificateIssuerLet's Encrypt Subjectcdntoswitchspirit.com FingerprintDF:DB:EE:70:5A:39:BB:E7:A9:C6:4B:5C:24:04:56:6B:D0:D3:C0:AD ValidityMon, 29 Apr 2024 10:49:03 GMT - Sun, 28 Jul 2024 10:49:02 GMT
File typeJavaScript source, ASCII text, with very long lines (36341), with no line terminators Hashfe59aea1c787d361c69c43c46a747767 2cc61a29d05db4814718cc60450876419afc5d24 9763b6045876ff0f6ddf7f20e19d631346a2f132e675ff1601896b3625fd9816
| Analyzer | Verdict | Alert |
|---|
| Quad9 DNS | malicious | Sinkholed |
GET /source/split.js HTTP/1.1
Host: js.cdntoswitchspirit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fcl.sa/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 16:30:48 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 30 Apr 2024 15:35:14 GMT
vary: Accept-Encoding
etag: W/"66310fb2-8df5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 25446
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nqqdU%2FsEpZsInWWb3g17D9%2FfQSMTkZ7uTIoJ1XbMejZjcp6GlUgEbpxlhI6EziLvm4vudc%2FKVlLj3i3Y8HO4G8HE6g1tzuNFjYVLpqTGoaV81zx9nFanjA744rQmDo8j9Ap7sUtx8zMlxhk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ad621cba7b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| jquery.restartyourchoices.com/cdncollect?r1=fcl.sa | 172.67.185.53 | 200 OK | 10 kB |
URL GET HTTP/2jquery.restartyourchoices.com/cdncollect?r1=fcl.sa IP172.67.185.53:443
CertificateIssuerLet's Encrypt Subjectrestartyourchoices.com Fingerprint1E:64:C0:EA:CA:57:4F:66:CB:2A:33:CF:E5:2D:8D:F5:B1:21:CE:D6 ValidityThu, 02 May 2024 15:04:04 GMT - Wed, 31 Jul 2024 15:04:03 GMT
File typeJavaScript source, ASCII text, with very long lines (10370) Hasha670ec3dd6fa757de5d5aab7abddfe59 07efb08354a342ae821e52b60728a31945c95759 a9aa76d5655c965f1feceec22619fa26acb1c4832f76ea25a79201bbc2b2c2f0
GET /cdncollect?r1=fcl.sa HTTP/1.1
Host: jquery.restartyourchoices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fcl.sa/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 08 May 2024 16:30:48 GMT
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
expires: Wed, 08 May 2024 16:30:48 GMT
set-cookie: _subid=376l60jimu1pd; expires=Sat, 08 Jun 2024 16:30:48 GMT; path=/
a4fba=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjQxXCI6MTcxNTE4NTg0OH0sXCJjYW1wYWlnbnNcIjp7XCIxM1wiOjE3MTUxODU4NDh9LFwidGltZVwiOjE3MTUxODU4NDh9In0.yNvld6O0Fk48coYkBKHyWPvurcDYNnlzkxEUiv-xgB0; expires=Thu, 15 Sep 2078 09:01:36 GMT; path=/
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lfedE5ZPXsY8SW7QmEmNnnHSDdP%2BowY1E42sr6QrJjOaPPUhpQDNR31TQ8%2B7T2LWfEuoacQua0teVcdXb5kpOlduLEkCDjXPHg8LG1fmRGlBDsEMyOnS%2BcFPR5FcMC6jqQks1P44mOMrcXozr4KXxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880ad6229e0eb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|