Report - www.payaftercure.com/fast-natural-cure-groin-strain/

Report Overview

Submitted URL
www.payaftercure.com/fast-natural-cure-groin-strain/
IP
193.201.82.174
ASN
#51177 THC Projects SRL
Submitted
2022-12-09 09:48:14
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
32

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
status.thawte.com	5123	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	797 B	93.184.220.29
region1.analytics.google.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	836 B	566 B	216.239.34.36
www.payaftercure.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	11 kB	319 kB	193.201.82.174
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.42.74.230
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	6.3 kB	216.58.211.3
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388 B	45 kB	142.250.74.8
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	57 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.4 kB	95.101.11.115
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	613 B	714 B	108.177.14.156
to.getnitropack.com	17316	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	519 B	656 B	194.242.11.186
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	796 B	93.184.220.29
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	376 B	21 kB	142.250.74.14
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	485 B	694 B	142.250.74.35
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	519 B	694 B	142.250.74.164

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-09	medium	www.payaftercure.com/fast-natural-cure-groin-strain/	Malware
2022-12-09	medium	www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250	Malware
2022-12-09	medium	www.payaftercure.com/wp-includes/css/dist/block-library/style.min.css?ver=446bfccc7439111d3608ac79b8218ddc	Malware
2022-12-09	medium	www.payaftercure.com/wp-content/themes/veggie-lite-child/style.css?ver=446bfccc7439111d3608ac79b8218ddc	Malware
2022-12-09	medium	www.payaftercure.com/wp-content/themes/veggie-lite/js/search.js?ver=1.0	Malware
2022-12-09	medium	www.payaftercure.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	Malware
2022-12-09	medium	www.payaftercure.com/wp-content/plugins/wp-polls/polls-js.js?ver=2.77.0	Malware
2022-12-09	medium	www.payaftercure.com/wp-content/themes/veggie-lite/js/navigation.js?ver=20120206	Malware
2022-12-09	medium	www.payaftercure.com/wp-content/themes/veggie-lite/js/skip-link-focus-fix.js?ver=20130115	Malware
2022-12-09	medium	www.payaftercure.com/wp-content/themes/veggie-lite/style.css?ver=446bfccc7439111d3608ac79b8218ddc	Malware
2022-12-09	medium	www.payaftercure.com/wp-content/themes/veggie-lite/genericons/genericons.css?ver=3.2	Malware
2022-12-09	medium	www.payaftercure.com/wp-content/fonts/josefin-sans/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2	Malware
2022-12-09	medium	www.payaftercure.com/wp-content/fonts/open-sans/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2	Malware
2022-12-09	medium	www.payaftercure.com/wp-content/fonts/open-sans/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2	Malware
2022-12-09	medium	www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250	Malware
2022-12-09	medium	www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (21)

	URL	Size	First Seen	Last Seen
	www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250	440 B	2023-03-08	2023-03-11
Pretty URL www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:49:55 Last Seen2023-03-11 09:06:23 Times Seen1 Hash 1ef6cb2200f803df6767956f52f50174 14e611a047bc1bf559aa0968cb67175a2cbf2842 7de87360054826b7f3219f51556322645262bac0dc6e6fba5f896e8be020000d Loading...

	www.payaftercure.com/wp-content/plugins/wp-polls/polls-js.js?ver=2.77.0	3.2 kB	2023-03-07	2024-04-23
Pretty URL www.payaftercure.com/wp-content/plugins/wp-polls/polls-js.js?ver=2.77.0 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:28 Last Seen2024-04-23 16:16:44 Times Seen936 Hash 92a77854e7be2f0cf4350123adf6e4d2 8ac459501bf94deb660ddd844ac0b825f169b9ae 03d87f337bb68d971d9fdb8ed746c0ab6f4008e6060e63ed67057f444a05a6a6 Loading...

	www.payaftercure.com/wp-content/themes/veggie-lite/js/skip-link-focus-fix.js?ver=20130115	751 B	2023-03-07	2024-04-25
Pretty URL www.payaftercure.com/wp-content/themes/veggie-lite/js/skip-link-focus-fix.js?ver=20130115 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:28 Last Seen2024-04-25 13:52:49 Times Seen583 Hash caaada24c36ed88a759bf4289b0c6ba8 53276b225e3aee862666004696658819e0282895 5a1a3a3f0ef52a304cde50940ee607a2ebb008b76fa4cf49721b6e5cc07c350a Loading...

	www.googletagmanager.com/gtag/js?id=UA-49634712-1	115 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=UA-49634712-1 IP 142.250.74.8 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:44:54 Last Seen2023-03-08 23:44:54 Times Seen1 Hash 6aa29a3d7fb4560741fc972e9c73dd2b b3ff22fdaee1df23871f5d08c31768372efb372a 646bcf19548ee038969d8293d32bd1777a23aa384a13ec7e3d68d2dcf83af2c1 Loading...

	www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250	112 B	2023-03-08	2024-01-05
Pretty URL www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:44:54 Last Seen2024-01-05 13:04:58 Times Seen29 Hash d7800107f5027379ec9644da5b42e6a7 15e6b2dd47047dc63eab0bbd586b90e7e31e0c12 0de0a763c1b5458f3eff437598e48cf90d869e0362d7ed9c494ef1fe188229cb Loading...

	www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250	300 B	2023-03-08	2023-03-11
Pretty URL www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:49:55 Last Seen2023-03-11 09:06:23 Times Seen1 Hash bea197a0fa775564117c2a261d326934 48a1b99c1aca40fabf2562bd798030dfaf926365 20eb89177745b64f6fb9e91869f496cda2810860ff4b82e71068830387bf003f Loading...

	www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250	1.3 kB	2023-03-08	2023-03-08
Pretty URL www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:44:54 Last Seen2023-03-08 23:44:54 Times Seen1 Hash 3e12cd744ea03b24e7701b6f83e49800 ba51e7bdc86bc72e32e33e69d0e96f0481f2ab1d ba2493b15fbe1eaf98fb10b3d6d31279b926016fe1be6f37540f30a025dd3201 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-N5RCXC2	98 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-N5RCXC2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:44:54 Last Seen2023-03-08 23:44:54 Times Seen1 Hash 065e007b650b001df629c64c59897b0b 1d9df7a9d43bcc9a4349a0982c9e33d962235129 e7340d5f7e71c9e66aff47682de9eb82d0ccac2115aa7ee1b857d6fe6e2ddd76 Loading...

	www.googletagmanager.com/gtag/js?id=G-QSDY7CEECH&l=dataLayer&cx=c	218 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtag/js?id=G-QSDY7CEECH&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:44:54 Last Seen2023-03-08 23:44:54 Times Seen1 Hash c89b172d0e745bfb52d0bdd5299e33f1 9911b5c0f4cab4675bb62d20f1cfbcca2af6fa22 7ebbc68b0c7d3dd0f2cec70203624910df81afa977fb8b02421d8fbe06ed733d Loading...

	www.payaftercure.com/wp-includes/js/wp-emoji-release.min.js?ver=446bfccc7439111d3608ac79b8218ddc	19 kB	2023-03-07	2024-04-26
Pretty URL www.payaftercure.com/wp-includes/js/wp-emoji-release.min.js?ver=446bfccc7439111d3608ac79b8218ddc IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-26 01:56:03 Times Seen38055 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250	339 B	2023-03-08	2023-03-11
Pretty URL www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:49:55 Last Seen2023-03-11 09:06:23 Times Seen1 Hash 50d7f981f60fe3167c9bd7426d7b91b8 9d26c53dbc30197d9f65067904a8b742f6bd45ec bb2548d6ba87594fd3e7255ebf04476af60970c6bdb2431af2333e632ae54323 Loading...

	www.payaftercure.com/wp-content/themes/veggie-lite/js/search.js?ver=1.0	677 B	2023-03-08	2023-03-11
Pretty URL www.payaftercure.com/wp-content/themes/veggie-lite/js/search.js?ver=1.0 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:49:55 Last Seen2023-03-11 09:06:23 Times Seen1 Hash c3d80a7be20eecf050e4447536123741 7db6f12f312472e73934836a9f0a3722d65a4934 edf23a9c2fe1fd705890839fe8c94d5dd6224c3f26874aea62f53ab40985f46c Loading...

	www.payaftercure.com/wp-content/themes/veggie-lite/js/navigation.js?ver=20120206	2.3 kB	2023-03-07	2024-04-17
Pretty URL www.payaftercure.com/wp-content/themes/veggie-lite/js/navigation.js?ver=20120206 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:39:41 Last Seen2024-04-17 14:52:08 Times Seen310 Hash c3a5b08af3e63049707797efe65eab86 f66ed251ef8c24614ff24376d472f2f394f7b93f d79752e33e156b5cb219ab45103fe0ed7d80f111533dd8eec42c57546b4da500 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-26
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-26 05:50:27 Times Seen1534 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250	9.3 kB	2023-03-08	2023-03-08
Pretty URL www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:49:56 Last Seen2023-03-08 23:44:54 Times Seen1 Hash e1b1e8525f7fa858afb03a61c059e5a1 8ad52e814cd36c158aa639d458486a28cc69f6d7 6794c43e287d97945c1ce8a888ed12d0c7fbe9213599748ada0cfbf292ce51ff Loading...

	www.payaftercure.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2	11 kB	2023-03-07	2024-04-26
Pretty URL www.payaftercure.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-04-26 10:10:59 Times Seen68662 Hash 79b4956b7ec478ec10244b5e2d33ac7d a46025b9d05e3df30d610a8aef14f392c7058dc9 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300 Loading...

	www.payaftercure.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1	90 kB	2023-03-08	2024-04-26
Pretty URL www.payaftercure.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:21:46 Last Seen2024-04-26 04:19:36 Times Seen31827 Hash 17738318d61d394f1de8890d589afaec f6d0c4dc1399cf02d53f5753ad46573a8bbc2ac3 cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981 Loading...

	www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250	172 B	2023-03-07	2024-04-19
Pretty URL www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:08 Last Seen2024-04-19 11:29:25 Times Seen208 Hash 580d0fbaa1741cbfc935755d66c8cf33 f9aa91adec6a5261eea677b760f194dc505798d2 6b0150c8a13541f621df6ad2511dc1c4c13d06796fc4dcc84ca26b65a68ddd11 Loading...

	www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250	96 B	2023-03-07	2024-03-01
Pretty URL www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:57 Last Seen2024-03-01 03:22:18 Times Seen170 Hash 903d99d7dd539feefd196de5edf7b92e 8122327012a619c618bc7733df2f6b32aeeb5c95 a03b4b62f6811c457c558fa553b32530e452fc508112370db9804d10f08bdda1 Loading...

	www.google-analytics.com/gtm/js?id=OPT-WZDJJPK&t=gtag_UA_49634712_1&cid=1576716719.1670579285&aip=true	112 kB	2023-03-08	2023-03-08
Pretty URL www.google-analytics.com/gtm/js?id=OPT-WZDJJPK&t=gtag_UA_49634712_1&cid=1576716719.1670579285&aip=true IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 23:44:55 Last Seen2023-03-08 23:44:55 Times Seen1 Hash 1fb6a5a69fb25a638eb3dc6ad1ed778d 9b4626414c9bf3531111940d007d00d6b3b5aa02 bb96effc1f6962911cacdeb80d695b1fa835429c154ef8c14b3cf630633616cd Loading...

	www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250	2.2 kB	2023-03-08	2023-03-08
Pretty URL www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 IP 193.201.82.174 ASN #51177 THC Projects SRL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 22:49:55 Last Seen2023-03-08 23:44:55 Times Seen1 Hash 98f9c83b128a1b1f9098607ea52e2ffa 96a49bdbed8eb347c6e4c48ddd9ae7185ebe3000 c9389b16cb25a9facd6e814a2d81ab2ff17b8b9a6a67cb0d9b02971829d447f0 Loading...

HTTP Transactions (59)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12746
Expires: Fri, 09 Dec 2022 13:20:29 GMT
Date: Fri, 09 Dec 2022 09:48:03 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3622
Expires: Fri, 09 Dec 2022 10:48:25 GMT
Date: Fri, 09 Dec 2022 09:48:03 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 09:08:17 GMT
content-type: application/json
age: 2386
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3059
Expires: Fri, 09 Dec 2022 10:39:02 GMT
Date: Fri, 09 Dec 2022 09:48:03 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: N1ZofQzo5KP98rGIjYwBjL8DH46V2n3GnogNwzh/dMmkeYOHQ7bUCie2xujqJ1VDuMTcSoWAcj5semcM+bSF3Q==
x-amz-request-id: PRT7N3F5FPN9YTKB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 08:48:16 GMT
age: 3587
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 09:48:03 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 09:07:55 GMT
age: 2408
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5158
Cache-Control: max-age=89086
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:04 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:32:50 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

www.payaftercure.com/fast-natural-cure-groin-strain/

193.201.82.174

302 Found

21 B

URL HTTP/1.1
www.payaftercure.com/fast-natural-cure-groin-strain/
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
d09653f3cd2c8475255535aee1fa6f6a
d0911d41eef8167c7adfc30f96d2046f3bf1bdb4
560e7e6603e98f268c30b08c81635323c2bce9a2a8c584aae5d9dfc2068da6c9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /fast-natural-cure-groin-strain/ HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Connection: Keep-Alive
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: /fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
Content-Type: text/html; charset=UTF-8
X-Litespeed-Cache: miss
Content-Length: 21
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 09:48:04 GMT
Server: LiteSpeed

push.services.mozilla.com/

52.42.74.230

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.42.74.230:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: QWkgv3HCJ9FPfyslQdFCXQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wgPJgxl/POvtYFH7J2ciYpOVDzY=

www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

193.201.82.174

200 OK

17 kB

URL HTTP/1.1
www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9421)
Size
17 kB (16622 bytes)
Hash
7555ab5fec6489f30628418e3fc47cdf
31bc532e4d680547cafae03bd7d435d5763130eb
01c16584680de7945a1adcf7dbb3c5e75e56a4cad66a6cf8798ee77dd617313c

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Connection: Keep-Alive
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache
X-LiteSpeed-Vary: cookie=np_wc_currency,cookie=np_wc_currency_language,cookie=_icl_current_language, value=nitrodesktop
X-LiteSpeed-Cache-Control: public,max-age=3600
X-LiteSpeed-Tag: uri=0a00ad0de20e8367ba28192529444e92
Content-Type: text/html; charset=UTF-8
X-Nitro-Cache: MISS
Link: <https://www.payaftercure.com/?p=5656>; rel=shortlink
Etag: "5773-1670579285;gz"
X-Litespeed-Cache: miss
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-includes/css/classic-themes.min.css?ver=1

193.201.82.174

200 OK

188 B

URL HTTP/1.1
www.payaftercure.com/wp-includes/css/classic-themes.min.css?ver=1
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text
Size
188 B (188 bytes)
Hash
8ac085745a5bcc97c54f8088973df029
4e065566e82d4623d0f5b4d9275d3ee29e15acd1
a0b69c3418ce7d86bcd33d370dec1ba31f2d9c143d932f52de7c4f98427a813f

HTTP Headers

GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Tue, 25 Oct 2022 16:15:16 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 188
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-includes/css/dist/block-library/style.min.css?ver=446bfccc7439111d3608ac79b8218ddc

193.201.82.174

200 OK

12 kB

URL HTTP/1.1
www.payaftercure.com/wp-includes/css/dist/block-library/style.min.css?ver=446bfccc7439111d3608ac79b8218ddc
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text, with very long lines (47826)
Size
12 kB (12489 bytes)
Hash
45b3843596f3eda24398e2c1f68ee268
4ad9a0e6ed85ca57c5d134aa5ca546e19910640d
f2784720bca9efcc4c4c3ab35d5fa3b523eb1915acc04a53273559907d352e36

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=446bfccc7439111d3608ac79b8218ddc HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Tue, 15 Nov 2022 22:38:28 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 12489
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.payaftercure.com/wp-content/fonts/fb5ba11ef2cc48f38b7399618d89f92e.css

193.201.82.174

200 OK

1.3 kB

URL HTTP/1.1
www.payaftercure.com/wp-content/fonts/fb5ba11ef2cc48f38b7399618d89f92e.css
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text
Size
1.3 kB (1327 bytes)
Hash
a70b94947588e91afa6bc040c5938b55
f30e85b3140bba53325ee9f14324cb73ed72e817
c0ea53712fe6e0bcf5a66df90b06569a6c67391f9d17ae68bb9c3d0ef8216ef4

HTTP Headers

GET /wp-content/fonts/fb5ba11ef2cc48f38b7399618d89f92e.css HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Wed, 09 Nov 2022 17:07:01 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 1327
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-content/themes/veggie-lite-child/style.css?ver=446bfccc7439111d3608ac79b8218ddc

193.201.82.174

200 OK

5.0 kB

URL HTTP/1.1
www.payaftercure.com/wp-content/themes/veggie-lite-child/style.css?ver=446bfccc7439111d3608ac79b8218ddc
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text, with very long lines (617)
Size
5.0 kB (4993 bytes)
Hash
614e4783b10ee0438b4d71815ad5f4dc
fc28b3f3de70d564addddd702708a8cb7db83c03
b069d71c0e4e9fdeb0164ec9bcce14e51c2647e928122091a6bbd0d5c34c584b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/veggie-lite-child/style.css?ver=446bfccc7439111d3608ac79b8218ddc HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Sat, 18 Dec 2021 16:22:41 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 4993
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-content/themes/veggie-lite/js/search.js?ver=1.0

193.201.82.174

200 OK

350 B

URL HTTP/1.1
www.payaftercure.com/wp-content/themes/veggie-lite/js/search.js?ver=1.0
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text
Size
350 B (350 bytes)
Hash
c3623a421012b4bc3b5e3ca7d6c575fb
449c307ffba2e0bb0671c3fb741579f55c48ff73
605a4695d6aa9c417e8e529726053b9add3880fb262ddde2671126a69f212a8b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/veggie-lite/js/search.js?ver=1.0 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Tue, 12 Jul 2022 17:02:18 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 350
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

193.201.82.174

200 OK

4.2 kB

URL HTTP/1.1
www.payaftercure.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text, with very long lines (11126)
Size
4.2 kB (4168 bytes)
Hash
c41f3a82e911de81a1817131069bc7d2
1e883290a0b794916cead41e5f0705716fd77b89
e9791f24770f098ea30bb4d25e2e10bdedb97132d0bbf7d2bd79eedac22efa27

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Wed, 18 Nov 2020 12:36:06 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 4168
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-includes/js/wp-emoji-release.min.js?ver=446bfccc7439111d3608ac79b8218ddc

193.201.82.174

200 OK

5.0 kB

URL HTTP/1.1
www.payaftercure.com/wp-includes/js/wp-emoji-release.min.js?ver=446bfccc7439111d3608ac79b8218ddc
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text, with very long lines (15660)
Size
5.0 kB (5021 bytes)
Hash
848f9aadf194f3d024a2a90dbd11e3b5
aecd4b03b5a7829c6ca015d926798dc95e4fa912
36ff79b2f6827e46be1df95ff739e536718c0ee4fc09462678b32d7abd60fc6c

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=446bfccc7439111d3608ac79b8218ddc HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Tue, 12 Apr 2022 08:26:22 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 5021
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-content/plugins/wp-polls/polls-js.js?ver=2.77.0

193.201.82.174

200 OK

648 B

URL HTTP/1.1
www.payaftercure.com/wp-content/plugins/wp-polls/polls-js.js?ver=2.77.0
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text, with very long lines (3242), with no line terminators
Size
648 B (648 bytes)
Hash
d96ce374bc0c7d48b1867f4f5147f137
436a19ec96884f3bb3a1875f5d49a74c282957f8
dce82df98c8329089475f855383486e86bf565d6a9c94ab6e8ac4da38133cfc6

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/plugins/wp-polls/polls-js.js?ver=2.77.0 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Tue, 04 Oct 2022 22:37:38 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 648
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.googletagmanager.com/gtag/js?id=UA-49634712-1

142.250.74.8

200 OK

45 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=UA-49634712-1
IP
142.250.74.8:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1921)
Size
45 kB (44714 bytes)
Hash
c339007e81c21b4f2f728736fd7612a3
a2e100e83e2dfada18cb312d514a061a59b2fd94
329858776f45d72c038deddd840d95c6fec6f7395db16ea3e4c06be34ed69683

HTTP Headers

GET /gtag/js?id=UA-49634712-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 09:48:05 GMT
expires: Fri, 09 Dec 2022 09:48:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44714
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.payaftercure.com/wp-content/themes/veggie-lite/js/navigation.js?ver=20120206

193.201.82.174

200 OK

869 B

URL HTTP/1.1
www.payaftercure.com/wp-content/themes/veggie-lite/js/navigation.js?ver=20120206
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text
Size
869 B (869 bytes)
Hash
9e8c6d201bcf6ec4472a238617411df1
09cf8e13a5e6b482d4f8d17021eab493e4b2ff28
1d05281585518c54ef76af25891254412965e92772ff5ca213d899458d32bee9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/veggie-lite/js/navigation.js?ver=20120206 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Tue, 12 Jul 2022 17:02:18 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 869
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.payaftercure.com/wp-content/themes/veggie-lite/js/skip-link-focus-fix.js?ver=20130115

193.201.82.174

200 OK

379 B

URL HTTP/1.1
www.payaftercure.com/wp-content/themes/veggie-lite/js/skip-link-focus-fix.js?ver=20130115
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text
Size
379 B (379 bytes)
Hash
8459e15d80cd9eede63179bb825c0ce0
6292bb5a6924a9385eaacf279f936aff2211e9c2
5771c10ac0c0943a7fe6c71064edb3408d4f4f8e1c5dd8d1a9b3e829eab1a7b2

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/veggie-lite/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Tue, 12 Jul 2022 17:02:18 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 379
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-content/plugins/wp-polls/polls-css.css?ver=2.77.0

193.201.82.174

200 OK

729 B

URL HTTP/1.1
www.payaftercure.com/wp-content/plugins/wp-polls/polls-css.css?ver=2.77.0
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text
Size
729 B (729 bytes)
Hash
9bda17729d21dce80fa2ae03edd2eb91
2d5f11891f28e68d85fa1009df925159d3e186c4
361bbbef454ca794cf52ab6e09616f4486b741d667d566b9a207d1f008fafdc0

HTTP Headers

GET /wp-content/plugins/wp-polls/polls-css.css?ver=2.77.0 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Tue, 04 Oct 2022 22:37:38 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 729
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-content/themes/veggie-lite/style.css?ver=446bfccc7439111d3608ac79b8218ddc

193.201.82.174

200 OK

12 kB

URL HTTP/1.1
www.payaftercure.com/wp-content/themes/veggie-lite/style.css?ver=446bfccc7439111d3608ac79b8218ddc
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text, with very long lines (613)
Size
12 kB (11874 bytes)
Hash
312032f9ff0381e1c70064a935a56c7a
0ec5b2f133e7e29ad37623d2fe1efbb44b9d5d22
f3a5513e3cc6f2d71797e667455b711b492ea8c5221910e658d2ed82005b6810

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/veggie-lite/style.css?ver=446bfccc7439111d3608ac79b8218ddc HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Tue, 12 Jul 2022 17:02:18 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 11874
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-content/uploads/2015/04/logo1.png

193.201.82.174

200 OK

3.7 kB

URL HTTP/2
www.payaftercure.com/wp-content/uploads/2015/04/logo1.png
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
PNG image data, 70 x 70, 8-bit colormap, non-interlaced\012- data
Size
3.7 kB (3726 bytes)
Hash
d60d102808c1b2ce150b468b18c2e8d9
023e7e6d220cd78f9f1f6753aa84d98ce29b65d8
b2dac46045333dc7a12a49a714e8f53b66197272695393600ba440ce4d2b531c

HTTP Headers

GET /wp-content/uploads/2015/04/logo1.png HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 09:48:05 GMT
content-type: image/png
last-modified: Tue, 03 Aug 2021 21:35:22 GMT
accept-ranges: bytes
content-length: 3726
date: Fri, 09 Dec 2022 09:48:05 GMT
server: LiteSpeed
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-24=":443"; ma=2592000, h3-25=":443"; ma=2592000
X-Firefox-Spdy: h2

www.payaftercure.com/wp-content/themes/veggie-lite/genericons/genericons.css?ver=3.2

193.201.82.174

200 OK

16 kB

URL HTTP/1.1
www.payaftercure.com/wp-content/themes/veggie-lite/genericons/genericons.css?ver=3.2
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text, with very long lines (19226)
Size
16 kB (16413 bytes)
Hash
ff5580d5b659648ef1293f63a8ecb131
c213c7aa5eaf0232ca68d6da3acd0c2ca91e26fd
b754b1abd3097553dc3bb5d03f2069c8301642e48f2f52fb28170eeb457d246f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/themes/veggie-lite/genericons/genericons.css?ver=3.2 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: text/css
Last-Modified: Tue, 12 Jul 2022 17:02:18 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 16413
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1

193.201.82.174

200 OK

31 kB

URL HTTP/1.1
www.payaftercure.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text, with very long lines (65447)
Size
31 kB (31046 bytes)
Hash
cc5a8bfbf7d31fbc3022dc05e964a95c
81edda48c2c2c97bf79dea1ec91b89105e4ba00b
651c822702a9ac476c260fd37dccab6c3da8306ff6dd922e9d68cfa7863bfe42

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: application/javascript
Last-Modified: Mon, 19 Sep 2022 16:46:24 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 31046
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-content/uploads/2017/08/Groin-Strain.jpg

193.201.82.174

200 OK

12 kB

URL HTTP/2
www.payaftercure.com/wp-content/uploads/2017/08/Groin-Strain.jpg
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x217, components 3\012- data
Size
12 kB (11923 bytes)
Hash
64f55d268f75a2ba1a1b69c430a8876b
0f9e8749d72bb5b9445016c73104890415ab7993
d1b18ffcad425f6d4f4e57685c4c1a620f5e2879937da09ebb2144077502feb6

HTTP Headers

GET /wp-content/uploads/2017/08/Groin-Strain.jpg HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 16 Dec 2022 09:48:05 GMT
content-type: image/jpeg
last-modified: Tue, 03 Aug 2021 21:39:44 GMT
accept-ranges: bytes
content-length: 11923
date: Fri, 09 Dec 2022 09:48:05 GMT
server: LiteSpeed
X-Firefox-Spdy: h2

www.payaftercure.com/wp-content/uploads/2020/05/cropped-Homeopathy-3-min-scaled.jpg

193.201.82.174

200 OK

68 kB

URL HTTP/1.1
www.payaftercure.com/wp-content/uploads/2020/05/cropped-Homeopathy-3-min-scaled.jpg
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2560x412, components 3\012- data
Size
68 kB (67938 bytes)
Hash
5f3836524a6f1a7fbae00b7138088236
211348c987aee5a4a71bc015866c71bddc7b74bb
acb6c7e0d33a181d7ad92aafe9f7317747a71081e0d20fa05ac7b974a0b9582a

HTTP Headers

GET /wp-content/uploads/2020/05/cropped-Homeopathy-3-min-scaled.jpg HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: image/jpeg
Last-Modified: Tue, 03 Aug 2021 21:40:28 GMT
Accept-Ranges: bytes
Content-Length: 67938
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-content/fonts/josefin-sans/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2

193.201.82.174

200 OK

27 kB

URL HTTP/1.1
www.payaftercure.com/wp-content/fonts/josefin-sans/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
Web Open Font Format (Version 2), TrueType, length 26592, version 1.0\012- data
Size
27 kB (26592 bytes)
Hash
c2d66029cf6ae68a19e1398fc02feda6
c37e5907e49d2ed5b11f59841a3d16c911da7a5c
3701f4ae604d8fccb4ddca393e076a456aebfb06c1a9d94c1c13089293f55716

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/fonts/josefin-sans/Qw3aZQNVED7rKGKxtqIqX5EUDXx4.woff2 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.payaftercure.com/wp-content/fonts/fb5ba11ef2cc48f38b7399618d89f92e.css
Cookie: nitroCachedPage=0

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: font/woff2
Last-Modified: Wed, 09 Nov 2022 17:06:59 GMT
Accept-Ranges: bytes
Content-Length: 26592
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/wp-content/fonts/open-sans/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

193.201.82.174

200 OK

45 kB

URL HTTP/1.1
www.payaftercure.com/wp-content/fonts/open-sans/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/fonts/open-sans/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.payaftercure.com/wp-content/fonts/fb5ba11ef2cc48f38b7399618d89f92e.css
Cookie: nitroCachedPage=0

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: font/woff2
Last-Modified: Wed, 09 Nov 2022 17:07:01 GMT
Accept-Ranges: bytes
Content-Length: 44856
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7053
Expires: Fri, 09 Dec 2022 11:45:38 GMT
Date: Fri, 09 Dec 2022 09:48:05 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7053
Expires: Fri, 09 Dec 2022 11:45:38 GMT
Date: Fri, 09 Dec 2022 09:48:05 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8ff35a0-24dc-4158-b67e-a5f03f5a9022.jpeg

34.120.237.76

200 OK

1.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8ff35a0-24dc-4158-b67e-a5f03f5a9022.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
1.6 kB (1584 bytes)
Hash
4f6cfc43170be4dd0264f2b0b6bcc329
9ad22ea868f3b72832243fd11315c68117c7542b
f5cc67d46241c2f5aebc2515bf8828889f8ceda8112b78cdf925a260b82fd833

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8ff35a0-24dc-4158-b67e-a5f03f5a9022.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 1584
x-amzn-requestid: 7743c8a6-118c-4c69-b833-a9e2f5561a54
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw5VEGV8IAMFcOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903c20-41fdf6d004b388f51fa70833;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:09:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: whmRQYshKD6d2Pz3Z0ZCCFr_MEPR1rEek7nVZqf5XeiWpt1LIcjvBQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 1a53057db389e96b4ef1bfbc925dde1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:28:14 GMT
age: 22791
etag: "9ad22ea868f3b72832243fd11315c68117c7542b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5188 bytes)
Hash
fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dGxzuQ6zj6wXQbkBuKBnOKxwKJDHUyGoi7PgcugcpdX4QYruNiFxsQ==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:24 GMT
age: 43001
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6578 bytes)
Hash
8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: nXaZ1pazAGWMI9GFYZjGlvVVIb8wX6feD0O8VpzjsL8F8l3mFmydAw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:59 GMT
age: 9246
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7897 bytes)
Hash
8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oV7bB5Tek01MFi9x2tr_Wix13-UGlQPIt042XM0ALNUvVFYnu5DRcg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:38:26 GMT
age: 22179
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47563cf2-d887-4c1d-a3b9-0b5151226171.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8709 bytes)
Hash
0321199622f614202a646f925521ace7
cac4e03ae9857def8b094e005647c3e49c34d686
042494598add540a49650d5556d33bf53f647d77e64fbf13f3d881ebf251a525

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47563cf2-d887-4c1d-a3b9-0b5151226171.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8709
x-amzn-requestid: 8c5094d3-3286-44db-bd3f-9369cd8220eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c2LYGGm6oAMFn1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63925900-2ea563bc1b5aa87a0ebd6251;Sampled=0
x-amzn-remapped-date: Thu, 08 Dec 2022 21:37:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: OMn8ZLXg7eImX9gfKGhJMvxHVcfTuutGJjuZk9JU6iGBkXso6v8FuQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:15 GMT
etag: "cac4e03ae9857def8b094e005647c3e49c34d686"
content-type: image/jpeg
age: 43010
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12748 bytes)
Hash
730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 18:34:32 GMT
age: 54813
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.payaftercure.com/wp-content/fonts/open-sans/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

193.201.82.174

200 OK

48 kB

URL HTTP/1.1
www.payaftercure.com/wp-content/fonts/open-sans/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
Web Open Font Format (Version 2), TrueType, length 47952, version 1.0\012- data
Size
48 kB (47952 bytes)
Hash
17b406b7b8caa297435fa358e194f5a1
e2132f0e97781af56fa966c0fabb49132f2af203
84161c46238fff2c6920ebc28f02cddd7b710cf3d1107853f540b084320f6afd

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /wp-content/fonts/open-sans/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.payaftercure.com/wp-content/fonts/fb5ba11ef2cc48f38b7399618d89f92e.css
Cookie: nitroCachedPage=0

HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Fri, 16 Dec 2022 09:48:05 GMT
Content-Type: font/woff2
Last-Modified: Wed, 09 Nov 2022 17:07:00 GMT
Accept-Ranges: bytes
Content-Length: 47952
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

193.201.82.174

200 OK

0 B

URL HTTP/1.1
www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
Content-Type: multipart/form-data; boundary=---------------------------431789863430755951779962386
Origin: http://www.payaftercure.com
Content-Length: 178
Connection: keep-alive

HTTP/1.1 200 OK
Connection: Keep-Alive
X-Powered-By: PHP/7.4.33
Cache-Control: no-cache
X-LiteSpeed-Vary: cookie=np_wc_currency,cookie=np_wc_currency_language,cookie=_icl_current_language, value=nitrodesktop
X-LiteSpeed-Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Date: Fri, 09 Dec 2022 09:48:05 GMT
Server: LiteSpeed

www.google-analytics.com/analytics.js

142.250.74.14

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.14:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 09 Dec 2022 08:46:55 GMT
expires: Fri, 09 Dec 2022 10:46:55 GMT
cache-control: public, max-age=7200
age: 3670
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
48487c86e61361cb1055f9ab315d3b4e
8bb6ce1c9bbd0315b9bf8173ba6d2c21f2c120ef
9899e720c3cf6f0b777190c161de072637351830d45236355ae08db668a98eba

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QSDY7CEECH&cid=1576716719.1670579285&gtm=2oebu0&aip=1&z=481841363

142.250.74.35

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QSDY7CEECH&cid=1576716719.1670579285&gtm=2oebu0&aip=1&z=481841363
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QSDY7CEECH&cid=1576716719.1670579285&gtm=2oebu0&aip=1&z=481841363 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 09:48:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
48487c86e61361cb1055f9ab315d3b4e
8bb6ce1c9bbd0315b9bf8173ba6d2c21f2c120ef
9899e720c3cf6f0b777190c161de072637351830d45236355ae08db668a98eba

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-49634712-1&cid=1576716719.1670579285&jid=844100716&gjid=2025512507&_gid=1680930127.1670579285&_u=aCDACUACRAAAACAAI~&z=273246275

108.177.14.156

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-49634712-1&cid=1576716719.1670579285&jid=844100716&gjid=2025512507&_gid=1680930127.1670579285&_u=aCDACUACRAAAACAAI~&z=273246275
IP
108.177.14.156:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-49634712-1&cid=1576716719.1670579285&jid=844100716&gjid=2025512507&_gid=1680930127.1670579285&_u=aCDACUACRAAAACAAI~&z=273246275 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://www.payaftercure.com
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: http://www.payaftercure.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 09 Dec 2022 09:48:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

status.thawte.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
status.thawte.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
9f4317fcea88eaa5df326f97582b0db5
6aefff3562d7fb1008dd16e27cf8f6dcaca9126d
e6ad8cb43b12edd45086dc62aa80d31ce41818d7bfc662761ffc7ba0809f4251

HTTP Headers

POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3893
Cache-Control: max-age=125650
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:06 GMT
Etag: "63923cf3-1d7"
Expires: Sat, 10 Dec 2022 20:42:16 GMT
Last-Modified: Thu, 08 Dec 2022 19:37:23 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-49634712-1&cid=1576716719.1670579285&jid=844100716&_u=aCDACUACRAAAACAAI~&z=416946112

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-49634712-1&cid=1576716719.1670579285&jid=844100716&_u=aCDACUACRAAAACAAI~&z=416946112
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-49634712-1&cid=1576716719.1670579285&jid=844100716&_u=aCDACUACRAAAACAAI~&z=416946112 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 09:48:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

to.getnitropack.com/

194.242.11.186

200 OK

20 B

URL HTTP/2
to.getnitropack.com/
IP
194.242.11.186:0
ASN
#34989 ServeTheWorld AS

File type
ASCII text, with no line terminators
Size
20 B (20 bytes)
Hash
c23d32bc84330ad96c990858c2eb1235
3e5b07d19cb12ba27e5777030db284a0abe5209e
a4d2b5c10747a9a02c401ece039329ec75c8a8f1dc4de0c7fb53a4ebde5555e4

HTTP Headers

POST / HTTP/1.1
Host: to.getnitropack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------18071720383345777504256034129
Content-Length: 559
Origin: http://www.payaftercure.com
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 09:48:06 GMT
content-type: text/html; charset=UTF-8
content-length: 20
server: BunnyCDN-NO1-830
cdn-pullzone: 234442
cdn-uid: b7e07321-6c82-48dc-b332-ec6b5d5d2a32
cdn-requestcountrycode: NO
access-control-allow-origin: *
cache-control: public, max-age=0
content-encoding: none
x-powered-by: PHP/7.3.33
strict-transport-security: max-age=15724800; includeSubDomains
cdn-proxyver: 1.03
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 12/09/2022 09:48:06
cdn-edgestorageid: 830
cdn-status: 200
cdn-requestid: a4d0bb7f8ac523af94ed5dd4028a0ed4
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.211.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
216.58.211.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 09:48:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

region1.analytics.google.com/g/collect?v=2&tid=G-QSDY7CEECH&gtm=2oebu0&_p=1386745795&_gaz=1&cid=1576716719.1670579285&ul=en-us&sr=1280x1024&_s=1&sid=1670579284&sct=1&seg=0&dl=http%3A%2F%2Fwww.payaftercure.com%2Ffast-natural-cure-groin-strain%2F%3Fdoing_wp_cron%3D1670579284.2643170356750488281250&dt=Fast%20natural%20cure%20for%20groin%20strain%20-%20huge%20relief%20in%2024%20hrs%2C%20cure%20in%207-10%20days&en=page_view&_fv=1&_nsi=1&_ss=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-QSDY7CEECH&gtm=2oebu0&_p=1386745795&_gaz=1&cid=1576716719.1670579285&ul=en-us&sr=1280x1024&_s=1&sid=1670579284&sct=1&seg=0&dl=http%3A%2F%2Fwww.payaftercure.com%2Ffast-natural-cure-groin-strain%2F%3Fdoing_wp_cron%3D1670579284.2643170356750488281250&dt=Fast%20natural%20cure%20for%20groin%20strain%20-%20huge%20relief%20in%2024%20hrs%2C%20cure%20in%207-10%20days&en=page_view&_fv=1&_nsi=1&_ss=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-QSDY7CEECH&gtm=2oebu0&_p=1386745795&_gaz=1&cid=1576716719.1670579285&ul=en-us&sr=1280x1024&_s=1&sid=1670579284&sct=1&seg=0&dl=http%3A%2F%2Fwww.payaftercure.com%2Ffast-natural-cure-groin-strain%2F%3Fdoing_wp_cron%3D1670579284.2643170356750488281250&dt=Fast%20natural%20cure%20for%20groin%20strain%20-%20huge%20relief%20in%2024%20hrs%2C%20cure%20in%207-10%20days&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.payaftercure.com
Connection: keep-alive
Referer: http://www.payaftercure.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: http://www.payaftercure.com
date: Fri, 09 Dec 2022 09:48:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250

193.201.82.174

200 OK

35 B

URL HTTP/1.1
www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
IP
193.201.82.174:0
ASN
#51177 THC Projects SRL

File type
ASCII text, with no line terminators
Size
35 B (35 bytes)
Hash
af24f206c243435cd6854926767bd8e3
fba05d2416b9ee5e45683a50986fe6525a1ee002
637814b8a8eb99a040d64f8c94ae499ed65b1085d8908eee1c7ed4136a4c65c3

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

POST /fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250 HTTP/1.1
Host: www.payaftercure.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------421964436707331922999632201
Content-Length: 922
Origin: http://www.payaftercure.com
Connection: keep-alive
Referer: http://www.payaftercure.com/fast-natural-cure-groin-strain/?doing_wp_cron=1670579284.2643170356750488281250
Cookie: nitroCachedPage=0

HTTP/1.1 200 OK
Connection: Keep-Alive
X-Powered-By: PHP/7.4.33
X-Nitro-Beacon: FORWARD
Cache-Control: no-cache
X-LiteSpeed-Vary: cookie=np_wc_currency,cookie=np_wc_currency_language,cookie=_icl_current_language, value=nitrodesktop
X-LiteSpeed-Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 35
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Fri, 09 Dec 2022 09:48:06 GMT
Server: LiteSpeed

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7217 bytes)
Hash
955c6ac69b89f6cbd497df53fcb2ae1b
2506152cdd1056533116feb9350124356e570e54
fca1b303a554aa9cdd13c4769a1088e1905ef888ed703de17864fe76ff880abe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 7217
x-amzn-requestid: be9196fc-3d43-49db-8522-8781cbf5a247
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUEDEWpIAMFqUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66e6-04b24220213872ba378d3538;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4QlJZW4ZiPNVhOJbcRldanR8veym3l0sIBGa1Ym-4FOTT_utMQeZQg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 10:15:09 GMT
age: 84783
etag: "2506152cdd1056533116feb9350124356e570e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations