r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12746
Expires: Fri, 09 Dec 2022 13:20:29 GMT
Date: Fri, 09 Dec 2022 09:48:03 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3622
Expires: Fri, 09 Dec 2022 10:48:25 GMT
Date: Fri, 09 Dec 2022 09:48:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 09:08:17 GMT
content-type: application/json
age: 2386
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3059
Expires: Fri, 09 Dec 2022 10:39:02 GMT
Date: Fri, 09 Dec 2022 09:48:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: N1ZofQzo5KP98rGIjYwBjL8DH46V2n3GnogNwzh/dMmkeYOHQ7bUCie2xujqJ1VDuMTcSoWAcj5semcM+bSF3Q==
x-amz-request-id: PRT7N3F5FPN9YTKB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 08:48:16 GMT
age: 3587
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 09:48:03 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 09:07:55 GMT
age: 2408
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5158
Cache-Control: max-age=89086
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:04 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:32:50 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
www.payaftercure.com/fast-natural-cure-groin-strain/
193.201.82.174302 Found 21 B URL HTTP/1.1 www.payaftercure.com/fast-natural-cure-groin-strain/
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type very short file (no magic)
Hash d09653f3cd2c8475255535aee1fa6f6a
d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9
Analyzer Verdict Alert fortinet Malware
GET /fast-natural-cure-groin-strain/ HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Connection: Keep-Alive
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: /fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
Content-Type: text/html; charset=UTF-8
X-Litespeed-Cache: miss
Content-Length: 21
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 09:48:04 GMT
Server: LiteSpeed
push.services.mozilla.com/
52.42.74.230101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.74.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QWkgv3HCJ9FPfyslQdFCXQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wgPJgxl/POvtYFH7J2ciYpOVDzY=
www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
193.201.82.174200 OK 17 kB URL HTTP/1.1 www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9421)
Hash 7555ab5fec6489f30628418e3fc47cdf
31bc532e4d680547cafae03bd7d435d5763130eb
01c16584680de7945a1adcf7dbb3c5e75e56a4cad66a6cf8798ee77dd617313c
Analyzer Verdict Alert fortinet Malware
GET /fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache
X-LiteSpeed-Vary: cookie=np_wc_currency,cookie=np_wc_currency_language,cookie=_icl_current_language, value=nitrodesktop
X-LiteSpeed-Cache-Control: public,max-age=3600
X-LiteSpeed-Tag: uri=0a00ad0de20e8367ba28192529444e92
Content-Type: text/html; charset=UTF-8
X-Nitro-Cache: MISS
Link: <https://www.payaftercure.com/?p=5656>; rel=shortlink
Etag: "5773-1670579285;gz"
X-Litespeed-Cache: miss
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-includes/css/classic-themes.min.css?ver=1
193.201.82.174200 OK 188 B URL HTTP/1.1 www.payaftercure.com/wp-includes/css/classic-themes.min.css?ver=1
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
Hash 8ac085745a5bcc97c54f8088973df029
4e065566e82d4623d0f5b4d9275d3ee29e15acd1
a0b69c3418ce7d86bcd33d370dec1ba31f2d9c143d932f52de7c4f98427a813f
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Tue, 25 Oct 2022 16:15:16 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 188
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-includes/css/dist/block-library/style.min.css?ver=446bfccc7439111d3608ac79b8218ddc
193.201.82.174200 OK 12 kB URL HTTP/1.1 www.payaftercure.com/wp-includes/css/dist/block-library/style.min.css?ver=446bfccc7439111d3608ac79b8218ddc
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type ASCII text, with very long lines (47826)
Hash 45b3843596f3eda24398e2c1f68ee268
4ad9a0e6ed85ca57c5d134aa5ca546e19910640d
f2784720bca9efcc4c4c3ab35d5fa3b523eb1915acc04a53273559907d352e36
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/css/dist/block-library/style.min.css?ver=446bfccc7439111d3608ac79b8218ddc HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Tue, 15 Nov 2022 22:38:28 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 12489
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.payaftercure.com/wp-content/fonts/fb5ba11ef2cc48f38b7399618d89f92e.css
193.201.82.174200 OK 1.3 kB URL HTTP/1.1 www.payaftercure.com/wp-content/fonts/fb5ba11ef2cc48f38b7399618d89f92e.css
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
Hash a70b94947588e91afa6bc040c5938b55
f30e85b3140bba53325ee9f14324cb73ed72e817
c0ea53712fe6e0bcf5a66df90b06569a6c67391f9d17ae68bb9c3d0ef8216ef4
GET /wp-content/fonts/fb5ba11ef2cc48f38b7399618d89f92e.css HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Wed, 09 Nov 2022 17:07:01 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 1327
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-content/themes/veggie-lite-child/style.css?ver=446bfccc7439111d3608ac79b8218ddc
193.201.82.174200 OK 5.0 kB URL HTTP/1.1 www.payaftercure.com/wp-content/themes/veggie-lite-child/style.css?ver=446bfccc7439111d3608ac79b8218ddc
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type ASCII text, with very long lines (617)
Hash 614e4783b10ee0438b4d71815ad5f4dc
fc28b3f3de70d564addddd702708a8cb7db83c03
b069d71c0e4e9fdeb0164ec9bcce14e51c2647e928122091a6bbd0d5c34c584b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/veggie-lite-child/style.css?ver=446bfccc7439111d3608ac79b8218ddc HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Sat, 18 Dec 2021 16:22:41 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 4993
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-content/themes/veggie-lite/js/search.js?ver=1.0
193.201.82.174200 OK 350 B URL HTTP/1.1 www.payaftercure.com/wp-content/themes/veggie-lite/js/search.js?ver=1.0
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
Hash c3623a421012b4bc3b5e3ca7d6c575fb
449c307ffba2e0bb0671c3fb741579f55c48ff73
605a4695d6aa9c417e8e529726053b9add3880fb262ddde2671126a69f212a8b
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/veggie-lite/js/search.js?ver=1.0 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Tue, 12 Jul 2022 17:02:18 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 350
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
193.201.82.174200 OK 4.2 kB URL HTTP/1.1 www.payaftercure.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type ASCII text, with very long lines (11126)
Hash c41f3a82e911de81a1817131069bc7d2
1e883290a0b794916cead41e5f0705716fd77b89
e9791f24770f098ea30bb4d25e2e10bdedb97132d0bbf7d2bd79eedac22efa27
Analyzer Verdict Alert fortinet Malware
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Wed, 18 Nov 2020 12:36:06 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 4168
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-includes/js/wp-emoji-release.min.js?ver=446bfccc7439111d3608ac79b8218ddc
193.201.82.174200 OK 5.0 kB URL HTTP/1.1 www.payaftercure.com/wp-includes/js/wp-emoji-release.min.js?ver=446bfccc7439111d3608ac79b8218ddc
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type ASCII text, with very long lines (15660)
Hash 848f9aadf194f3d024a2a90dbd11e3b5
aecd4b03b5a7829c6ca015d926798dc95e4fa912
36ff79b2f6827e46be1df95ff739e536718c0ee4fc09462678b32d7abd60fc6c
GET /wp-includes/js/wp-emoji-release.min.js?ver=446bfccc7439111d3608ac79b8218ddc HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Tue, 12 Apr 2022 08:26:22 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 5021
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-content/plugins/wp-polls/polls-js.js?ver=2.77.0
193.201.82.174200 OK 648 B URL HTTP/1.1 www.payaftercure.com/wp-content/plugins/wp-polls/polls-js.js?ver=2.77.0
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type ASCII text, with very long lines (3242), with no line terminators
Hash d96ce374bc0c7d48b1867f4f5147f137
436a19ec96884f3bb3a1875f5d49a74c282957f8
dce82df98c8329089475f855383486e86bf565d6a9c94ab6e8ac4da38133cfc6
Analyzer Verdict Alert fortinet Malware
GET /wp-content/plugins/wp-polls/polls-js.js?ver=2.77.0 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Tue, 04 Oct 2022 22:37:38 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 648
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.googletagmanager.com/gtag/js?id=UA-49634712-1
142.250.74.8200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-49634712-1
IP 142.250.74.8:0
File type ASCII text, with very long lines (1921)
Hash c339007e81c21b4f2f728736fd7612a3
a2e100e83e2dfada18cb312d514a061a59b2fd94
329858776f45d72c038deddd840d95c6fec6f7395db16ea3e4c06be34ed69683
GET /gtag/js?id=UA-49634712-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 09:48:05 GMT
expires: Fri, 09 Dec 2022 09:48:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44714
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.payaftercure.com/wp-content/themes/veggie-lite/js/navigation.js?ver=20120206
193.201.82.174200 OK 869 B URL HTTP/1.1 www.payaftercure.com/wp-content/themes/veggie-lite/js/navigation.js?ver=20120206
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
Hash 9e8c6d201bcf6ec4472a238617411df1
09cf8e13a5e6b482d4f8d17021eab493e4b2ff28
1d05281585518c54ef76af25891254412965e92772ff5ca213d899458d32bee9
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/veggie-lite/js/navigation.js?ver=20120206 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Tue, 12 Jul 2022 17:02:18 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 869
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.payaftercure.com/wp-content/themes/veggie-lite/js/skip-link-focus-fix.js?ver=20130115
193.201.82.174200 OK 379 B URL HTTP/1.1 www.payaftercure.com/wp-content/themes/veggie-lite/js/skip-link-focus-fix.js?ver=20130115
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
Hash 8459e15d80cd9eede63179bb825c0ce0
6292bb5a6924a9385eaacf279f936aff2211e9c2
5771c10ac0c0943a7fe6c71064edb3408d4f4f8e1c5dd8d1a9b3e829eab1a7b2
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/veggie-lite/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Tue, 12 Jul 2022 17:02:18 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 379
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-content/plugins/wp-polls/polls-css.css?ver=2.77.0
193.201.82.174200 OK 729 B URL HTTP/1.1 www.payaftercure.com/wp-content/plugins/wp-polls/polls-css.css?ver=2.77.0
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
Hash 9bda17729d21dce80fa2ae03edd2eb91
2d5f11891f28e68d85fa1009df925159d3e186c4
361bbbef454ca794cf52ab6e09616f4486b741d667d566b9a207d1f008fafdc0
GET /wp-content/plugins/wp-polls/polls-css.css?ver=2.77.0 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Tue, 04 Oct 2022 22:37:38 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 729
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-content/themes/veggie-lite/style.css?ver=446bfccc7439111d3608ac79b8218ddc
193.201.82.174200 OK 12 kB URL HTTP/1.1 www.payaftercure.com/wp-content/themes/veggie-lite/style.css?ver=446bfccc7439111d3608ac79b8218ddc
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type ASCII text, with very long lines (613)
Hash 312032f9ff0381e1c70064a935a56c7a
0ec5b2f133e7e29ad37623d2fe1efbb44b9d5d22
f3a5513e3cc6f2d71797e667455b711b492ea8c5221910e658d2ed82005b6810
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/veggie-lite/style.css?ver=446bfccc7439111d3608ac79b8218ddc HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Tue, 12 Jul 2022 17:02:18 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 11874
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-content/uploads/2015/04/logo1.png
193.201.82.174200 OK 3.7 kB URL HTTP/2 www.payaftercure.com/wp-content/uploads/2015/04/logo1.png
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type PNG image data, 70 x 70, 8-bit colormap, non-interlaced\012- data
Hash d60d102808c1b2ce150b468b18c2e8d9
023e7e6d220cd78f9f1f6753aa84d98ce29b65d8
b2dac46045333dc7a12a49a714e8f53b66197272695393600ba440ce4d2b531c
GET /wp-content/uploads/2015/04/logo1.png HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 09:48:05 GMT
content-type: image/png
last-modified: Tue, 03 Aug 2021 21:35:22 GMT
accept-ranges: bytes
content-length: 3726
date: Fri, 09 Dec 2022 09:48:05 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-24=":443"; ma=2592000, h3-25=":443"; ma=2592000
X-Firefox-Spdy: h2
www.payaftercure.com/wp-content/themes/veggie-lite/genericons/genericons.css?ver=3.2
193.201.82.174200 OK 16 kB URL HTTP/1.1 www.payaftercure.com/wp-content/themes/veggie-lite/genericons/genericons.css?ver=3.2
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type ASCII text, with very long lines (19226)
Hash ff5580d5b659648ef1293f63a8ecb131
c213c7aa5eaf0232ca68d6da3acd0c2ca91e26fd
b754b1abd3097553dc3bb5d03f2069c8301642e48f2f52fb28170eeb457d246f
Analyzer Verdict Alert fortinet Malware
GET /wp-content/themes/veggie-lite/genericons/genericons.css?ver=3.2 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Tue, 12 Jul 2022 17:02:18 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 16413
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
193.201.82.174200 OK 31 kB URL HTTP/1.1 www.payaftercure.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type ASCII text, with very long lines (65447)
Hash cc5a8bfbf7d31fbc3022dc05e964a95c
81edda48c2c2c97bf79dea1ec91b89105e4ba00b
651c822702a9ac476c260fd37dccab6c3da8306ff6dd922e9d68cfa7863bfe42
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Mon, 19 Sep 2022 16:46:24 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 31046
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-content/uploads/2017/08/Groin-Strain.jpg
193.201.82.174200 OK 12 kB URL HTTP/2 www.payaftercure.com/wp-content/uploads/2017/08/Groin-Strain.jpg
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x217, components 3\012- data
Hash 64f55d268f75a2ba1a1b69c430a8876b
0f9e8749d72bb5b9445016c73104890415ab7993
d1b18ffcad425f6d4f4e57685c4c1a620f5e2879937da09ebb2144077502feb6
GET /wp-content/uploads/2017/08/Groin-Strain.jpg HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 09:48:05 GMT
content-type: image/jpeg
last-modified: Tue, 03 Aug 2021 21:39:44 GMT
accept-ranges: bytes
content-length: 11923
date: Fri, 09 Dec 2022 09:48:05 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
www.payaftercure.com/wp-content/uploads/2020/05/cropped-Homeopathy-3-min-scaled.jpg
193.201.82.174200 OK 68 kB URL HTTP/1.1 www.payaftercure.com/wp-content/uploads/2020/05/cropped-Homeopathy-3-min-scaled.jpg
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2560x412, components 3\012- data
Hash 5f3836524a6f1a7fbae00b7138088236
211348c987aee5a4a71bc015866c71bddc7b74bb
acb6c7e0d33a181d7ad92aafe9f7317747a71081e0d20fa05ac7b974a0b9582a
GET /wp-content/uploads/2020/05/cropped-Homeopathy-3-min-scaled.jpg HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: image/jpeg
Last-Modified: Tue, 03 Aug 2021 21:40:28 GMT
Accept-Ranges: bytes
Content-Length: 67938
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-content/fonts/josefin-sans/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2
193.201.82.174200 OK 27 kB URL HTTP/1.1 www.payaftercure.com/wp-content/fonts/josefin-sans/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type Web Open Font Format (Version 2), TrueType, length 26592, version 1.0\012- data
Hash c2d66029cf6ae68a19e1398fc02feda6
c37e5907e49d2ed5b11f59841a3d16c911da7a5c
3701f4ae604d8fccb4ddca393e076a456aebfb06c1a9d94c1c13089293f55716
Analyzer Verdict Alert fortinet Malware
GET /wp-content/fonts/josefin-sans/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.payaftercure.com/wp-content/fonts/fb5ba11ef2cc48f38b7399618d89f92e.css
Cookie: nitroCachedPage=0
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: font/woff2
Last-Modified: Wed, 09 Nov 2022 17:06:59 GMT
Accept-Ranges: bytes
Content-Length: 26592
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/wp-content/fonts/open-sans/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
193.201.82.174200 OK 45 kB URL HTTP/1.1 www.payaftercure.com/wp-content/fonts/open-sans/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
Analyzer Verdict Alert fortinet Malware
GET /wp-content/fonts/open-sans/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.payaftercure.com/wp-content/fonts/fb5ba11ef2cc48f38b7399618d89f92e.css
Cookie: nitroCachedPage=0
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: font/woff2
Last-Modified: Wed, 09 Nov 2022 17:07:01 GMT
Accept-Ranges: bytes
Content-Length: 44856
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7053
Expires: Fri, 09 Dec 2022 11:45:38 GMT
Date: Fri, 09 Dec 2022 09:48:05 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7053
Expires: Fri, 09 Dec 2022 11:45:38 GMT
Date: Fri, 09 Dec 2022 09:48:05 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8ff35a0-24dc-4158-b67e-a5f03f5a9022.jpeg
34.120.237.76200 OK 1.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8ff35a0-24dc-4158-b67e-a5f03f5a9022.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4f6cfc43170be4dd0264f2b0b6bcc329
9ad22ea868f3b72832243fd11315c68117c7542b
f5cc67d46241c2f5aebc2515bf8828889f8ceda8112b78cdf925a260b82fd833
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8ff35a0-24dc-4158-b67e-a5f03f5a9022.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 1584
x-amzn-requestid: 7743c8a6-118c-4c69-b833-a9e2f5561a54
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw5VEGV8IAMFcOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903c20-41fdf6d004b388f51fa70833;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:09:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: whmRQYshKD6d2Pz3Z0ZCCFr_MEPR1rEek7nVZqf5XeiWpt1LIcjvBQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:28:14 GMT
age: 22791
etag: "9ad22ea868f3b72832243fd11315c68117c7542b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dGxzuQ6zj6wXQbkBuKBnOKxwKJDHUyGoi7PgcugcpdX4QYruNiFxsQ==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:24 GMT
age: 43001
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nXaZ1pazAGWMI9GFYZjGlvVVIb8wX6feD0O8VpzjsL8F8l3mFmydAw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:59 GMT
age: 9246
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oV7bB5Tek01MFi9x2tr_Wix13-UGlQPIt042XM0ALNUvVFYnu5DRcg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:38:26 GMT
age: 22179
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47563cf2-d887-4c1d-a3b9-0b5151226171.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47563cf2-d887-4c1d-a3b9-0b5151226171.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0321199622f614202a646f925521ace7
cac4e03ae9857def8b094e005647c3e49c34d686
042494598add540a49650d5556d33bf53f647d77e64fbf13f3d881ebf251a525
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47563cf2-d887-4c1d-a3b9-0b5151226171.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8709
x-amzn-requestid: 8c5094d3-3286-44db-bd3f-9369cd8220eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c2LYGGm6oAMFn1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63925900-2ea563bc1b5aa87a0ebd6251;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 21:37:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OMn8ZLXg7eImX9gfKGhJMvxHVcfTuutGJjuZk9JU6iGBkXso6v8FuQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:15 GMT
etag: "cac4e03ae9857def8b094e005647c3e49c34d686"
content-type: image/jpeg
age: 43010
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 18:34:32 GMT
age: 54813
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.payaftercure.com/wp-content/fonts/open-sans/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
193.201.82.174200 OK 48 kB URL HTTP/1.1 www.payaftercure.com/wp-content/fonts/open-sans/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type Web Open Font Format (Version 2), TrueType, length 47952, version 1.0\012- data
Hash 17b406b7b8caa297435fa358e194f5a1
e2132f0e97781af56fa966c0fabb49132f2af203
84161c46238fff2c6920ebc28f02cddd7b710cf3d1107853f540b084320f6afd
Analyzer Verdict Alert fortinet Malware
GET /wp-content/fonts/open-sans/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.payaftercure.com/wp-content/fonts/fb5ba11ef2cc48f38b7399618d89f92e.css
Cookie: nitroCachedPage=0
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: font/woff2
Last-Modified: Wed, 09 Nov 2022 17:07:00 GMT
Accept-Ranges: bytes
Content-Length: 47952
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
193.201.82.174200 OK 0 B URL HTTP/1.1 www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST /fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
Content-Type: multipart/form-data; boundary=---------------------------431789863430755951779962386
Origin: http://www.payaftercure.com
Content-Length: 178
Connection: keep-alive
HTTP/1.1 200 OK
Connection: Keep-Alive
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache
X-LiteSpeed-Vary: cookie=np_wc_currency,cookie=np_wc_currency_language,cookie=_icl_current_language, value=nitrodesktop
X-LiteSpeed-Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 09 Dec 2022 08:46:55 GMT
expires: Fri, 09 Dec 2022 10:46:55 GMT
cache-control: public, max-age=7200
age: 3670
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 48487c86e61361cb1055f9ab315d3b4e
8bb6ce1c9bbd0315b9bf8173ba6d2c21f2c120ef
9899e720c3cf6f0b777190c161de072637351830d45236355ae08db668a98eba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QSDY7CEECH&cid=1576716719.1670579285>m=2oebu0&aip=1&z=481841363
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QSDY7CEECH&cid=1576716719.1670579285>m=2oebu0&aip=1&z=481841363
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QSDY7CEECH&cid=1576716719.1670579285>m=2oebu0&aip=1&z=481841363 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 09:48:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 48487c86e61361cb1055f9ab315d3b4e
8bb6ce1c9bbd0315b9bf8173ba6d2c21f2c120ef
9899e720c3cf6f0b777190c161de072637351830d45236355ae08db668a98eba
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-49634712-1&cid=1576716719.1670579285&jid=844100716&gjid=2025512507&_gid=1680930127.1670579285&_u=aCDACUACRAAAACAAI~&z=273246275
108.177.14.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-49634712-1&cid=1576716719.1670579285&jid=844100716&gjid=2025512507&_gid=1680930127.1670579285&_u=aCDACUACRAAAACAAI~&z=273246275
IP 108.177.14.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-49634712-1&cid=1576716719.1670579285&jid=844100716&gjid=2025512507&_gid=1680930127.1670579285&_u=aCDACUACRAAAACAAI~&z=273246275 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.payaftercure.com
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://www.payaftercure.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 09 Dec 2022 09:48:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9f4317fcea88eaa5df326f97582b0db5
6aefff3562d7fb1008dd16e27cf8f6dcaca9126d
e6ad8cb43b12edd45086dc62aa80d31ce41818d7bfc662761ffc7ba0809f4251
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3893
Cache-Control: max-age=125650
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:06 GMT
Etag: "63923cf3-1d7"
Expires: Sat, 10 Dec 2022 20:42:16 GMT
Last-Modified: Thu, 08 Dec 2022 19:37:23 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-49634712-1&cid=1576716719.1670579285&jid=844100716&_u=aCDACUACRAAAACAAI~&z=416946112
142.250.74.164200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-49634712-1&cid=1576716719.1670579285&jid=844100716&_u=aCDACUACRAAAACAAI~&z=416946112
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-49634712-1&cid=1576716719.1670579285&jid=844100716&_u=aCDACUACRAAAACAAI~&z=416946112 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 09:48:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
to.getnitropack.com/
194.242.11.186200 OK 20 B IP 194.242.11.186:0
ASN #34989 ServeTheWorld AS
File type ASCII text, with no line terminators
Hash c23d32bc84330ad96c990858c2eb1235
3e5b07d19cb12ba27e5777030db284a0abe5209e
a4d2b5c10747a9a02c401ece039329ec75c8a8f1dc4de0c7fb53a4ebde5555e4
POST / HTTP/1.1
Host: to.getnitropack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------18071720383345777504256034129
Content-Length: 559
Origin: http://www.payaftercure.com
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 09:48:06 GMT
content-type: text/html; charset=UTF-8
content-length: 20
server: BunnyCDN-NO1-830
cdn-pullzone: 234442
cdn-uid: b7e07321-6c82-48dc-b332-ec6b5d5d2a32
cdn-requestcountrycode: NO
access-control-allow-origin: *
cache-control: public, max-age=0
content-encoding: none
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15724800; includeSubDomains
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 12/09/2022 09:48:06
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: a4d0bb7f8ac523af94ed5dd4028a0ed4
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.analytics.google.com/g/collect?v=2&tid=G-QSDY7CEECH>m=2oebu0&_p=1386745795&_gaz=1&cid=1576716719.1670579285&ul=en-us&sr=1280x1024&_s=1&sid=1670579284&sct=1&seg=0&dl=http%3A%2F%2Fwww.payaftercure.com%2Ffast-natural-cure-groin-strain%2F%3Fdoing_wp_cron%3D1670579284.2643170356750488281250&dt=Fast%20natural%20cure%20for%20groin%20strain%20-%20huge%20relief%20in%2024%20hrs%2C%20cure%20in%207-10%20days&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.analytics.google.com/g/collect?v=2&tid=G-QSDY7CEECH>m=2oebu0&_p=1386745795&_gaz=1&cid=1576716719.1670579285&ul=en-us&sr=1280x1024&_s=1&sid=1670579284&sct=1&seg=0&dl=http%3A%2F%2Fwww.payaftercure.com%2Ffast-natural-cure-groin-strain%2F%3Fdoing_wp_cron%3D1670579284.2643170356750488281250&dt=Fast%20natural%20cure%20for%20groin%20strain%20-%20huge%20relief%20in%2024%20hrs%2C%20cure%20in%207-10%20days&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-QSDY7CEECH>m=2oebu0&_p=1386745795&_gaz=1&cid=1576716719.1670579285&ul=en-us&sr=1280x1024&_s=1&sid=1670579284&sct=1&seg=0&dl=http%3A%2F%2Fwww.payaftercure.com%2Ffast-natural-cure-groin-strain%2F%3Fdoing_wp_cron%3D1670579284.2643170356750488281250&dt=Fast%20natural%20cure%20for%20groin%20strain%20-%20huge%20relief%20in%2024%20hrs%2C%20cure%20in%207-10%20days&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.payaftercure.com
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://www.payaftercure.com
date: Fri, 09 Dec 2022 09:48:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
193.201.82.174200 OK 35 B URL HTTP/1.1 www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
IP 193.201.82.174:0
ASN #51177 THC Projects SRL
File type ASCII text, with no line terminators
Hash af24f206c243435cd6854926767bd8e3
fba05d2416b9ee5e45683a50986fe6525a1ee002
637814b8a8eb99a040d64f8c94ae499ed65b1085d8908eee1c7ed4136a4c65c3
Analyzer Verdict Alert fortinet Malware
POST /fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------421964436707331922999632201
Content-Length: 922
Origin: http://www.payaftercure.com
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
Cookie: nitroCachedPage=0
HTTP/1.1 200 OK
Connection: Keep-Alive
X-Powered-By: PHP/7.4.33
X-Nitro-Beacon: FORWARD
Cache-Control: no-cache
X-LiteSpeed-Vary: cookie=np_wc_currency,cookie=np_wc_currency_language,cookie=_icl_current_language, value=nitrodesktop
X-LiteSpeed-Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 35
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 09:48:06 GMT
Server: LiteSpeed
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955c6ac69b89f6cbd497df53fcb2ae1b
2506152cdd1056533116feb9350124356e570e54
fca1b303a554aa9cdd13c4769a1088e1905ef888ed703de17864fe76ff880abe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7217
x-amzn-requestid: be9196fc-3d43-49db-8522-8781cbf5a247
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUEDEWpIAMFqUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66e6-04b24220213872ba378d3538;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4QlJZW4ZiPNVhOJbcRldanR8veym3l0sIBGa1Ym-4FOTT_utMQeZQg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 10:15:09 GMT
age: 84783
etag: "2506152cdd1056533116feb9350124356e570e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2